From 8a6395b18ca5a9943920260a91927b3a82c5f9e4 Mon Sep 17 00:00:00 2001 From: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com> Date: Wed, 7 Feb 2024 10:33:55 +0100 Subject: [PATCH 1/4] Issue/600 - [BUG] Reloader don't restart pod on secret recreation (#610) * issue/600 - removed invalid child element from Vanilla Manifest section Signed-off-by: Benjamin Walterscheid * issue/600 - correct table formats + lists Signed-off-by: Benjamin Walterscheid * issue/600 - replaced deprecated bases with resources for Kustomize resources Signed-off-by: Benjamin Walterscheid * issue/600 - enhanced parameter tables with default values + add default description for syncAfterRestart/reloadOnCreate Signed-off-by: Benjamin Walterscheid * issue/600 - reverted item change due to markdownlint-cli issues Signed-off-by: Benjamin Walterscheid --------- Signed-off-by: Benjamin Walterscheid Co-authored-by: Benjamin Walterscheid --- README.md | 53 +++++++++++++++++++++++++---------------------------- 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 2e988c5..0d88607 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ By default, Reloader gets deployed in `default` namespace and watches changes `s Reloader can be configured to ignore the resources `secrets` and `configmaps` by passing the following arguments (`spec.template.spec.containers.args`) to its container : | Argument | Description | -| -------------------------------- | -------------------- | +|----------------------------------|----------------------| | --resources-to-ignore=configMaps | To ignore configMaps | | --resources-to-ignore=secrets | To ignore secrets | @@ -199,7 +199,7 @@ Reloader can be configured to only watch secrets/configmaps with one or more lab **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence. -These selectors can be combined together, for example with: +These selectors can be combined, for example with: ```yaml --resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3) @@ -211,20 +211,17 @@ Only configmaps or secrets labeled like the following will be watched: kind: ConfigMap apiVersion: v1 metadata: - ... labels: reloader: enabled key-exists: yes another-label: value1 - - ... ``` Reloader can be configured to only watch namespaces labeled with one or more labels using the `--namespace-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors). **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence. -These selectors can be combined together, for example with: +These selectors can be combined, for example with: ```yaml --namespace-selector=reloader=enabled,test=true @@ -236,11 +233,9 @@ Only namespaces labeled as below would be watched and eligible for reloads: kind: Namespace apiVersion: v1 metadata: - ... labels: reloader: enabled test: true - ... ``` ### Vanilla Kustomize @@ -261,7 +256,7 @@ You can write your own `kustomization.yaml` using ours as a 'base' and write pat apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: +resources: - https://github.com/stakater/Reloader/deployments/kubernetes namespace: reloader @@ -287,24 +282,24 @@ helm install stakater/reloader --set reloader.watchGlobally=false --namespace te Reloader can be configured to ignore the resources `secrets` and `configmaps` by using the following parameters of `values.yaml` file: -| Parameter | Description | Type | -| ---------------- | -------------------------------------------------------------- | ------- | -| ignoreSecrets | To ignore secrets. Valid value are either `true` or `false` | boolean | -| ignoreConfigMaps | To ignore configMaps. Valid value are either `true` or `false` | boolean | +| Parameter | Description | Type | Default | +|------------------|----------------------------------------------------------------|---------|---------| +| ignoreSecrets | To ignore secrets. Valid value are either `true` or `false` | boolean | false | +| ignoreConfigMaps | To ignore configMaps. Valid value are either `true` or `false` | boolean | false | **Note:** At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation. Reloader can be configured to only watch namespaces labeled with one or more labels using the `namespaceSelector` parameter -| Parameter | Description | Type | -| ---------------- | ---------------------------------------------------------------------------------- | ------- | -| namespaceSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string | +| Parameter | Description | Type | Default | +|-------------------|-----------------------------------------------------------------------------------------------------------|--------|---------| +| namespaceSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string | "" | Reloader can be configured to only watch configmaps/secrets labeled with one or more labels using the `resourceLabelSelector` parameter -| Parameter | Description | Type | -| ---------------------- | ---------------------------------------------------------------------------------- | ------- | -| resourceLabelSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string | +| Parameter | Description | Type | Default | +|-----------------------|-----------------------------------------------------------------------------------------------------------|--------|---------| +| resourceLabelSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string | "" | **Note:** Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored). @@ -314,25 +309,27 @@ You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonito **Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters: -| Parameter | Description | Type | -|------------------|------------------------------------------------------------------------------------------------------------------------------------------| ------- | -| isOpenshift | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false` | boolean | -| isArgoRollouts | Enable Argo `Rollouts`. Valid value are either `true` or `false` | boolean | -| reloadOnCreate | Enable reload on create events. Valid value are either `true` or `false` | boolean | -| syncAfterRestart | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean | +| Parameter | Description | Type | Default | +|------------------|--------------------------------------------------------------------------------------------------------------------------------------------|---------|---------| +| isOpenshift | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false` | boolean | false | +| isArgoRollouts | Enable Argo `Rollouts`. Valid value are either `true` or `false` | boolean | false | +| reloadOnCreate | Enable reload on create events. Valid value are either `true` or `false` | boolean | false | +| syncAfterRestart | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean | false | **isOpenShift** Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install. -**ReloadOnCreate** reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true: +**reloadOnCreate** controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true: - Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload. - When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload. - If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected. -If ReloadOnCreate is set to false: +If reloadOnCreate is set to false: - Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration. +**Note:** By default, **reloadOnCreate** and **syncAfterRestart** are both set to false. Both need to be enabled explicitly. + ## Help ### Documentation @@ -360,7 +357,7 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r 1. Deploy Reloader. 1. Run `okteto up` to activate your development container. -1. `make build`. +1. `make build` 1. `./Reloader` PRs are welcome. In general, we follow the "fork-and-pull" Git workflow. From c2cbca3f3c499ee606bda21afab440dbe2e190eb Mon Sep 17 00:00:00 2001 From: stakater-user Date: Wed, 7 Feb 2024 09:39:50 +0000 Subject: [PATCH 2/4] [skip-ci] Update artifacts --- deployments/kubernetes/chart/reloader/Chart.yaml | 4 ++-- .../kubernetes/chart/reloader/values.yaml | 4 ++-- .../kubernetes/manifests/clusterrole.yaml | 2 +- .../kubernetes/manifests/clusterrolebinding.yaml | 2 +- deployments/kubernetes/manifests/deployment.yaml | 10 +++++----- .../kubernetes/manifests/serviceaccount.yaml | 2 +- deployments/kubernetes/reloader.yaml | 16 ++++++++-------- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deployments/kubernetes/chart/reloader/Chart.yaml b/deployments/kubernetes/chart/reloader/Chart.yaml index 9a318f2..99ede6d 100644 --- a/deployments/kubernetes/chart/reloader/Chart.yaml +++ b/deployments/kubernetes/chart/reloader/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.0.65 -appVersion: v1.0.65 +version: 1.0.66 +appVersion: v1.0.66 keywords: - Reloader - kubernetes diff --git a/deployments/kubernetes/chart/reloader/values.yaml b/deployments/kubernetes/chart/reloader/values.yaml index 4d39b23..249448b 100644 --- a/deployments/kubernetes/chart/reloader/values.yaml +++ b/deployments/kubernetes/chart/reloader/values.yaml @@ -87,10 +87,10 @@ reloader: labels: provider: stakater group: com.stakater.platform - version: v1.0.65 + version: v1.0.66 image: name: ghcr.io/stakater/reloader - tag: v1.0.65 + tag: v1.0.66 pullPolicy: IfNotPresent # Support for extra environment variables. env: diff --git a/deployments/kubernetes/manifests/clusterrole.yaml b/deployments/kubernetes/manifests/clusterrole.yaml index e1ee37f..ac14972 100644 --- a/deployments/kubernetes/manifests/clusterrole.yaml +++ b/deployments/kubernetes/manifests/clusterrole.yaml @@ -9,7 +9,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/manifests/clusterrolebinding.yaml b/deployments/kubernetes/manifests/clusterrolebinding.yaml index f2928e1..95662d5 100644 --- a/deployments/kubernetes/manifests/clusterrolebinding.yaml +++ b/deployments/kubernetes/manifests/clusterrolebinding.yaml @@ -9,7 +9,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/manifests/deployment.yaml b/deployments/kubernetes/manifests/deployment.yaml index 1de195d..87aaa7f 100644 --- a/deployments/kubernetes/manifests/deployment.yaml +++ b/deployments/kubernetes/manifests/deployment.yaml @@ -8,13 +8,13 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.65 + version: v1.0.66 name: reloader-reloader namespace: default spec: @@ -28,16 +28,16 @@ spec: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.65 + version: v1.0.66 spec: containers: - - image: "ghcr.io/stakater/reloader:v1.0.65" + - image: "ghcr.io/stakater/reloader:v1.0.66" imagePullPolicy: IfNotPresent name: reloader-reloader diff --git a/deployments/kubernetes/manifests/serviceaccount.yaml b/deployments/kubernetes/manifests/serviceaccount.yaml index cfc66bc..905fd67 100644 --- a/deployments/kubernetes/manifests/serviceaccount.yaml +++ b/deployments/kubernetes/manifests/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/reloader.yaml b/deployments/kubernetes/reloader.yaml index d6be850..e84079d 100644 --- a/deployments/kubernetes/reloader.yaml +++ b/deployments/kubernetes/reloader.yaml @@ -8,7 +8,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -25,7 +25,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -92,7 +92,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -115,13 +115,13 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.65 + version: v1.0.66 name: reloader-reloader namespace: default spec: @@ -135,16 +135,16 @@ spec: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.65" + chart: "reloader-1.0.66" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.65 + version: v1.0.66 spec: containers: - - image: "ghcr.io/stakater/reloader:v1.0.65" + - image: "ghcr.io/stakater/reloader:v1.0.66" imagePullPolicy: IfNotPresent name: reloader-reloader From cdd9a09edc643c6b1a3358ae84ec3a3f18b7f373 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 10:49:45 +0100 Subject: [PATCH 3/4] chore(deps): update dependency stakater/vale-package to v0.0.7 (#613) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .vale.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vale.ini b/.vale.ini index a024581..e0c5c16 100644 --- a/.vale.ini +++ b/.vale.ini @@ -1,7 +1,7 @@ StylesPath = styles MinAlertLevel = warning -Packages = https://github.com/stakater/vale-package/releases/download/v0.0.6/Stakater.zip +Packages = https://github.com/stakater/vale-package/releases/download/v0.0.7/Stakater.zip Vocab = Stakater # Only check MarkDown files From 35cae84a60a51a1ba1ec4cb003ec34aa7143067e Mon Sep 17 00:00:00 2001 From: stakater-user Date: Wed, 7 Feb 2024 09:54:40 +0000 Subject: [PATCH 4/4] [skip-ci] Update artifacts --- deployments/kubernetes/chart/reloader/Chart.yaml | 4 ++-- .../kubernetes/chart/reloader/values.yaml | 4 ++-- .../kubernetes/manifests/clusterrole.yaml | 2 +- .../kubernetes/manifests/clusterrolebinding.yaml | 2 +- deployments/kubernetes/manifests/deployment.yaml | 10 +++++----- .../kubernetes/manifests/serviceaccount.yaml | 2 +- deployments/kubernetes/reloader.yaml | 16 ++++++++-------- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deployments/kubernetes/chart/reloader/Chart.yaml b/deployments/kubernetes/chart/reloader/Chart.yaml index 99ede6d..86f6f4c 100644 --- a/deployments/kubernetes/chart/reloader/Chart.yaml +++ b/deployments/kubernetes/chart/reloader/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.0.66 -appVersion: v1.0.66 +version: 1.0.67 +appVersion: v1.0.67 keywords: - Reloader - kubernetes diff --git a/deployments/kubernetes/chart/reloader/values.yaml b/deployments/kubernetes/chart/reloader/values.yaml index 249448b..cad8d59 100644 --- a/deployments/kubernetes/chart/reloader/values.yaml +++ b/deployments/kubernetes/chart/reloader/values.yaml @@ -87,10 +87,10 @@ reloader: labels: provider: stakater group: com.stakater.platform - version: v1.0.66 + version: v1.0.67 image: name: ghcr.io/stakater/reloader - tag: v1.0.66 + tag: v1.0.67 pullPolicy: IfNotPresent # Support for extra environment variables. env: diff --git a/deployments/kubernetes/manifests/clusterrole.yaml b/deployments/kubernetes/manifests/clusterrole.yaml index ac14972..5c11fc6 100644 --- a/deployments/kubernetes/manifests/clusterrole.yaml +++ b/deployments/kubernetes/manifests/clusterrole.yaml @@ -9,7 +9,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/manifests/clusterrolebinding.yaml b/deployments/kubernetes/manifests/clusterrolebinding.yaml index 95662d5..f97d07e 100644 --- a/deployments/kubernetes/manifests/clusterrolebinding.yaml +++ b/deployments/kubernetes/manifests/clusterrolebinding.yaml @@ -9,7 +9,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/manifests/deployment.yaml b/deployments/kubernetes/manifests/deployment.yaml index 87aaa7f..04169ca 100644 --- a/deployments/kubernetes/manifests/deployment.yaml +++ b/deployments/kubernetes/manifests/deployment.yaml @@ -8,13 +8,13 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.66 + version: v1.0.67 name: reloader-reloader namespace: default spec: @@ -28,16 +28,16 @@ spec: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.66 + version: v1.0.67 spec: containers: - - image: "ghcr.io/stakater/reloader:v1.0.66" + - image: "ghcr.io/stakater/reloader:v1.0.67" imagePullPolicy: IfNotPresent name: reloader-reloader diff --git a/deployments/kubernetes/manifests/serviceaccount.yaml b/deployments/kubernetes/manifests/serviceaccount.yaml index 905fd67..13f6d0e 100644 --- a/deployments/kubernetes/manifests/serviceaccount.yaml +++ b/deployments/kubernetes/manifests/serviceaccount.yaml @@ -8,7 +8,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" diff --git a/deployments/kubernetes/reloader.yaml b/deployments/kubernetes/reloader.yaml index e84079d..c36757c 100644 --- a/deployments/kubernetes/reloader.yaml +++ b/deployments/kubernetes/reloader.yaml @@ -8,7 +8,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -25,7 +25,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -92,7 +92,7 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" @@ -115,13 +115,13 @@ metadata: meta.helm.sh/release-name: "reloader" labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.66 + version: v1.0.67 name: reloader-reloader namespace: default spec: @@ -135,16 +135,16 @@ spec: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.66" + chart: "reloader-1.0.67" release: "reloader" heritage: "Helm" app.kubernetes.io/managed-by: "Helm" group: com.stakater.platform provider: stakater - version: v1.0.66 + version: v1.0.67 spec: containers: - - image: "ghcr.io/stakater/reloader:v1.0.66" + - image: "ghcr.io/stakater/reloader:v1.0.67" imagePullPolicy: IfNotPresent name: reloader-reloader