diff --git a/roles/installer/tasks/resources_configuration.yml b/roles/installer/tasks/resources_configuration.yml
index 438af396..0d56eb1c 100644
--- a/roles/installer/tasks/resources_configuration.yml
+++ b/roles/installer/tasks/resources_configuration.yml
@@ -40,13 +40,13 @@
     kind: Secret
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-receptor-ca'
-  register: _receptor_ca
+  register: receptor_ca
   no_log: "{{ no_log }}"
 
 - name: Migrate Receptor CA Secret
   when:
-    - _receptor_ca['resources'] | default([]) | length
-    - _receptor_ca['resources'][0]['type'] != "kubernetes.io/tls"
+    - receptor_ca['resources'] | default([]) | length
+    - receptor_ca['resources'][0]['type'] != "kubernetes.io/tls"
   block:
     - name: Delete old Receptor CA Secret
       k8s:
@@ -61,7 +61,7 @@
       register: _receptor_ca_key_file
     - name: Copy Receptor CA key from old secret to tempfile
       copy:
-        content: "{{ _receptor_ca['resources'][0]['data']['receptor-ca.key'] | b64decode }}"
+        content: "{{ receptor_ca['resources'][0]['data']['receptor-ca.key'] | b64decode }}"
         dest: "{{ _receptor_ca_key_file.path }}"
       no_log: "{{ no_log }}"
     - name: Create tempfile for receptor-ca.crt
@@ -71,7 +71,7 @@
       register: _receptor_ca_crt_file
     - name: Copy Receptor CA cert from old secret to tempfile
       copy:
-        content: "{{ _receptor_ca['resources'][0]['data']['receptor-ca.crt'] | b64decode }}"
+        content: "{{ receptor_ca['resources'][0]['data']['receptor-ca.crt'] | b64decode }}"
         dest: "{{ _receptor_ca_crt_file.path }}"
       no_log: "{{ no_log }}"
     - name: Create New Receptor CA secret
@@ -79,6 +79,17 @@
         apply: true
         definition: "{{ lookup('template', 'secrets/receptor_ca_secret.yaml.j2') }}"
       no_log: "{{ no_log }}"
+    - name: Read New Receptor CA Secret
+      k8s_info:
+        kind: Secret
+        namespace: '{{ ansible_operator_meta.namespace }}'
+        name: '{{ ansible_operator_meta.name }}-receptor-ca'
+      register: _receptor_ca
+      no_log: "{{ no_log }}"
+    - name: Set receptor_ca variable
+      set_fact:
+        receptor_ca: '{{ _receptor_ca }}'
+      no_log: "{{ no_log }}"
     - name: Remove tempfiles
       file:
         path: "{{ item }}"
@@ -114,6 +125,17 @@
         apply: true
         definition: "{{ lookup('template', 'secrets/receptor_ca_secret.yaml.j2') }}"
       no_log: "{{ no_log }}"
+    - name: Read Receptor CA secret
+      k8s_info:
+        kind: Secret
+        namespace: '{{ ansible_operator_meta.namespace }}'
+        name: '{{ ansible_operator_meta.name }}-receptor-ca'
+      register: _receptor_ca
+      no_log: "{{ no_log }}"
+    - name: Set receptor_ca variable
+      set_fact:
+        receptor_ca: '{{ _receptor_ca }}'
+      no_log: "{{ no_log }}"
     - name: Remove tempfiles
       file:
         path: "{{ item }}"
@@ -121,14 +143,14 @@
       loop:
         - "{{ _receptor_ca_key_file.path }}"
         - "{{ _receptor_ca_crt_file.path }}"
-  when: not _receptor_ca['resources'] | default([]) | length
+  when: not receptor_ca['resources'] | default([]) | length
 
 - name: Check for Receptor work signing Secret
   k8s_info:
     kind: Secret
     namespace: '{{ ansible_operator_meta.namespace }}'
     name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
-  register: _receptor_work_signing
+  register: receptor_work_signing
   no_log: "{{ no_log }}"
 
 - name: Generate Receptor work signing RSA key pair
@@ -159,6 +181,17 @@
         apply: true
         definition: "{{ lookup('template', 'secrets/receptor_work_signing_secret.yaml.j2') }}"
       no_log: "{{ no_log }}"
+    - name: Read Receptor work signing Secret
+      k8s_info:
+        kind: Secret
+        namespace: '{{ ansible_operator_meta.namespace }}'
+        name: '{{ ansible_operator_meta.name }}-receptor-work-signing'
+      register: _receptor_work_signing
+      no_log: "{{ no_log }}"
+    - name: Set receptor_work_signing variable
+      set_fact:
+        receptor_work_signing: '{{ _receptor_work_signing }}'
+      no_log: "{{ no_log }}"
     - name: Remove tempfiles
       file:
         path: "{{ item }}"
@@ -166,14 +199,13 @@
       loop:
         - "{{ _receptor_work_signing_private_key_file.path }}"
         - "{{ _receptor_work_signing_public_key_file.path }}"
-  when: not _receptor_work_signing['resources'] | default([]) | length
+  when: not receptor_work_signing['resources'] | default([]) | length
 
 - name: Apply Resources
   k8s:
     apply: yes
     definition: "{{ lookup('template', item + '.yaml.j2') }}"
     wait: yes
-  register: tower_resources_result
   loop:
     - 'configmaps/config'
     - 'secrets/app_credentials'
@@ -222,18 +254,6 @@
   register: this_deployment_result
 
 - block:
-    - name: Delete pod to reload a resource configuration
-      k8s:
-        api_version: v1
-        state: absent
-        kind: Pod
-        namespace: '{{ ansible_operator_meta.namespace }}'
-        name: '{{ tower_pod_name }}'
-        wait: yes
-      when:
-        - tower_resources_result.changed
-        - tower_pod_name | length
-
     - name: Get the new resource pod information after updating resource.
       k8s_info:
         kind: Pod
@@ -258,7 +278,7 @@
       set_fact:
         tower_pod_name: '{{ tower_pod["metadata"]["name"] | default("")}}'
   when:
-    - tower_resources_result.changed or this_deployment_result.changed
+    - this_deployment_result.changed
 
 - name: Verify the resource pod name is populated.
   assert:
diff --git a/roles/installer/tasks/secret_key_configuration.yml b/roles/installer/tasks/secret_key_configuration.yml
index 00b64255..e7d022f5 100644
--- a/roles/installer/tasks/secret_key_configuration.yml
+++ b/roles/installer/tasks/secret_key_configuration.yml
@@ -40,10 +40,10 @@
 
 - name: Set secret key secret
   set_fact:
-    __secret_key_secret: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret)  }}'
+    secret_key: '{{ _generated_secret_key["resources"] | default([]) | length | ternary(_generated_secret_key, _secret_key_secret)  }}'
   no_log: "{{ no_log }}"
 
 - name: Store secret key secret name
   set_fact:
-    secret_key_secret_name: "{{ __secret_key_secret['resources'][0]['metadata']['name'] }}"
+    secret_key_secret_name: "{{ secret_key['resources'][0]['metadata']['name'] }}"
   no_log: "{{ no_log }}"
diff --git a/roles/installer/templates/deployments/deployment.yaml.j2 b/roles/installer/templates/deployments/deployment.yaml.j2
index 5135b713..81e0a519 100644
--- a/roles/installer/templates/deployments/deployment.yaml.j2
+++ b/roles/installer/templates/deployments/deployment.yaml.j2
@@ -20,8 +20,25 @@ spec:
       labels:
         {{ lookup("template", "../common/templates/labels/common.yaml.j2")  | indent(width=8) | trim }}
         {{ lookup("template", "../common/templates/labels/version.yaml.j2") | indent(width=8) | trim }}
-{% if annotations %}
       annotations:
+{% for template in [
+    "configmaps/config",
+    "secrets/app_credentials",
+    "storage/persistent",
+  ] %}
+        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | md5 }}"
+{% endfor %}
+{% for secret in [
+    "bundle_cacert",
+    "route_tls",
+    "ldap_cacert",
+    "secret_key",
+    "receptor_ca",
+    "receptor_work_signing",
+  ] %}
+        checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | md5 }}"
+{% endfor %}
+{% if annotations %}
         {{ annotations | indent(width=8) }}
 {% endif %}
     spec: