Bump version to 1.4.6 (#985)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: msafwankarim <66724151+msafwankarim@users.noreply.github.com>

.dockerignore

@@ -0,0 +1 @@
+vendor

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: kind/bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Environment**
+ - Operator Version:
+ - Kubernetes/OpenShift Version:
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea/enhancement for this project
+title: "[ENHANCE]"
+labels: kind/enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/md_config.json

@@ -0,0 +1,7 @@
+{
+  "ignorePatterns": [
+    {
+      "pattern": "^(?!http).+"
+    }
+  ]
+}

.github/workflows/init-branch-release.yaml

@@ -0,0 +1,68 @@
+name: Init Release
+on:
+  workflow_dispatch:
+    inputs:
+      TARGET_BRANCH:
+        description: 'TARGET_BRANCH on which release will be based'
+        required: true
+        type: string
+
+      TARGET_VERSION:
+        description: 'TARGET_VERSION to build kubernetes manifests with using Kustomize'
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  prepare-release:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
+    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ref: ${{ inputs.TARGET_BRANCH }}
+
+      - name: Check if TARGET_VERSION is well formed.
+        run: |
+          set -xue
+          # Target version must not contain 'v' prefix
+          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
+            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
+            exit 1
+          fi
+
+      - name: Create VERSION information
+        run: |
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
+          echo "${{ inputs.TARGET_VERSION }}" > VERSION
+
+      - name: Replace latest tag with version from input
+        run: |
+          set -ue
+          VERSION=${{ inputs.TARGET_VERSION }} make update-manifests-version
+          git diff
+
+      - name: Generate new set of manifests
+        run: |
+          set -ue
+          make k8s-manifests
+          git diff
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@v7.0.6
+        with:
+          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
+          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
+          body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }}
+          branch: update-version
+          branch-suffix: random
+          signoff: true
+          labels: release

.github/workflows/pull_request-helm.yaml

@@ -0,0 +1,90 @@
+name: Pull Request Workflow for Helm Chart changes
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'deployments/kubernetes/chart/reloader/**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
+jobs:
+
+  helm-chart-validation:
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Helm Chart Validation
+
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    # Setting up helm binary
+    - name: Set up Helm
+      uses: azure/setup-helm@v4
+      with:
+        version: v3.11.3
+
+    - name: Helm chart unit tests
+      uses: d3adb5/helm-unittest-action@v2
+      with:
+        charts: deployments/kubernetes/chart/reloader
+
+  helm-version-validation:
+    needs: helm-chart-validation
+
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Helm Version Validation
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'release/helm-chart') }}
+
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    - name: Add Stakater Helm Repo
+      run: |
+        helm repo add stakater https://stakater.github.io/stakater-charts
+
+    - name: Get version for chart from helm repo
+      id: chart_eval
+      run: |
+        current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}')
+        echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT
+
+    - name: Get Updated Chart version from Chart.yaml
+      uses: mikefarah/yq@master
+      id: new_chart_version
+      with:
+        cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml
+
+    - name: Check Version
+      uses: aleoyakas/check-semver-increased-action@v1
+      id: check-version
+      with:
+        current-version: ${{ steps.new_chart_version.outputs.result }}
+        previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }}
+
+    - name: Fail if Helm Chart version isnt updated
+      if: steps.check-version.outputs.is-version-increased != 'true'
+      run: |
+        echo "Helm Chart Version wasnt updated"
+        exit 1

.github/workflows/pull_request.yaml

@@ -0,0 +1,176 @@
+name: Pull Request Workflow for Code changes
+
+on:
+  pull_request:
+    branches:
+      - master
+      - 'v**'
+    paths:
+      - '**'
+      - '!.markdownlint.yaml'
+      - '!.vale.ini'
+      - '!Dockerfile-docs'
+      - '!docs-nginx.conf'
+      - '!docs/**'
+      - '!theme_common'
+      - '!theme_override'
+      - '!deployments/kubernetes/chart/reloader/**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
+jobs:
+  qa:
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.131
+    with:
+      MD_CONFIG: .github/md_config.json
+      DOC_SRC: README.md
+      MD_LINT_CONFIG: .markdownlint.yaml
+
+  build:
+
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Build
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    # Setting up helm binary
+    - name: Set up Helm
+      uses: azure/setup-helm@v4
+      with:
+        version: v3.11.3
+
+    - name: Helm chart unit tests
+      uses: d3adb5/helm-unittest-action@v2
+      with:
+        charts: deployments/kubernetes/chart/reloader
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        check-latest: true
+        cache: true
+
+    - name: Create timestamp
+      id: prep
+      run: echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
+
+    # Get highest tag and remove any suffixes with '-'
+    - name: Get Highest tag
+      id: highest_tag
+      run: |
+        highest=$(git tag -l --sort -version:refname | head -n 1)
+        echo "tag=${highest%%-*}" >> $GITHUB_OUTPUT
+
+    - name: Install Dependencies
+      run: |
+        make install
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        version: latest
+        only-new-issues: false
+        args: --timeout 10m
+
+    - name: Helm Lint
+      run: |
+        cd deployments/kubernetes/chart/reloader
+        helm lint
+
+    - name: Install kubectl
+      run: |
+        curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+        sudo install ./kubectl /usr/local/bin/ && rm kubectl
+        kubectl version --client=true
+
+    - name: Install Kind
+      run: |
+        curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
+        sudo install ./kind /usr/local/bin && rm kind
+        kind version
+        kind version | grep -q ${KIND_VERSION}
+
+    - name: Create Kind Cluster
+      run: |
+        kind create cluster
+        kubectl cluster-info
+
+
+    - name: Test
+      run: make test
+
+    - name: Generate Tags
+      id: generate_tag
+      run: |
+        sha=${{ github.event.pull_request.head.sha }}
+        tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}"
+        ubi_tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-UBI-${sha:0:8}"
+        echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT
+        echo "GIT_UBI_TAG=$(echo ${ubi_tag})" >> $GITHUB_OUTPUT
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Generate image repository path for ghcr registry
+      run: |
+        echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+    # To identify any broken changes in dockerfiles or dependencies
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ env.DOCKER_FILE_PATH  }}
+        pull: true
+        push: false
+        build-args: |
+          VERSION=merge-${{ steps.generate_tag.outputs.GIT_TAG }}
+          COMMIT=${{github.event.pull_request.head.sha}}
+          BUILD_DATE=${{ steps.prep.outputs.created }}
+          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+        
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}
+
+    - name: Build Docker UBI Image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+        pull: true
+        push: false
+        build-args: |
+          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.highest_tag.outputs.tag }}
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}

.github/workflows/pull_request_docs.yaml

@@ -0,0 +1,33 @@
+name: Pull Request for Documentation Changes
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - '.markdownlint.yaml'
+      - '.vale.ini'
+      - 'Dockerfile-docs'
+      - 'docs-nginx.conf'
+      - 'docs/**'
+      - 'theme_common'
+      - 'theme_override'
+      - 'deployments/kubernetes/chart/reloader/README.md'
+
+jobs:
+  qa:
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.134
+    with:
+      MD_CONFIG: .github/md_config.json
+      DOC_SRC: docs
+      MD_LINT_CONFIG: .markdownlint.yaml
+  build:
+    uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.134
+    with:
+      DOCKER_FILE_PATH: Dockerfile-docs
+      CONTAINER_REGISTRY_URL: ghcr.io/stakater
+      PUSH_IMAGE: false
+    secrets:
+      CONTAINER_REGISTRY_USERNAME: ${{ github.actor }}
+      CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }}
+      SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/push-helm-chart.yaml

@@ -0,0 +1,123 @@
+name: Push Helm Chart
+
+# TODO: fix: workflows have a problem where only code owners' PRs get the actions running
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - master
+    paths:
+      - 'deployments/kubernetes/chart/reloader/**'
+      - '.github/workflows/push-helm-chart.yaml'
+      - '.github/workflows/release-helm-chart.yaml'
+
+env:
+  HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
+  REGISTRY: ghcr.io # container registry
+
+jobs:
+  verify-and-push-helm-chart:
+
+    permissions:
+      contents: read
+      id-token: write # needed for signing the images with GitHub OIDC Token
+      packages: write # for pushing and signing container images
+
+    name: Verify and Push Helm Chart
+    if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'release/helm-chart')) }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PUBLISH_TOKEN }}
+          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive
+
+      # Setting up helm binary
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.11.3
+
+      - name: Add Stakater Helm Repo
+        run: |
+          helm repo add stakater https://stakater.github.io/stakater-charts
+
+      - name: Get version for chart from helm repo
+        id: chart_eval
+        run: |
+          current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}')
+          echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT
+
+      - name: Get Updated Chart version from Chart.yaml
+        uses: mikefarah/yq@master
+        id: new_chart_version
+        with:
+          cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml
+
+      - name: Check Version
+        uses: aleoyakas/check-semver-increased-action@v1
+        id: check-version
+        with:
+          current-version: ${{ steps.new_chart_version.outputs.result }}
+          previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }}
+
+      - name: Fail if Helm Chart version isnt updated
+        if: steps.check-version.outputs.is-version-increased != 'true'
+        run: |
+          echo "Helm Chart Version wasnt updated"
+          exit 1
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.2
+
+      - name: Login to GHCR Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: stakater-user
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Helm chart to ghcr.io
+        run: |
+          helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart
+          helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts
+          rm -rf ./packaged-chart
+
+      - name: Sign artifacts with Cosign
+        run: cosign sign --yes ghcr.io/stakater/charts/reloader:${{ steps.new_chart_version.outputs.result }}
+
+      - name: Publish Helm chart to gh-pages
+        uses: stefanprodan/helm-gh-pages@master
+        with:
+          branch: master
+          repository: stakater-charts
+          target_dir: docs
+          token: ${{ secrets.GHCR_TOKEN }}
+          charts_dir: deployments/kubernetes/chart/
+          charts_url: ${{ env.HELM_REGISTRY_URL }}
+          owner: stakater
+          linting: on
+          commit_username: stakater-user
+          commit_email: stakater@gmail.com
+
+      - name: Push new chart tag
+        uses: anothrNick/github-tag-action@1.71.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          WITH_V: false
+          CUSTOM_TAG: chart-v${{ steps.new_chart_version.outputs.result }}
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always() # Pick up events even if the job fails or is canceled.
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/push-pr-image.yaml

@@ -0,0 +1,95 @@
+name: Push PR Image on Label
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [ labeled ]
+    paths:
+      - '!.markdownlint.yaml'
+      - '!.vale.ini'
+      - '!Dockerfile-docs'
+      - '!docs-nginx.conf'
+      - '!docs/**'
+      - '!theme_common'
+      - '!theme_override'
+      - '!deployments/kubernetes/chart/reloader/**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  REGISTRY: ghcr.io
+
+jobs:
+
+  build-and-push-pr-image:
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Build and Push PR Image
+    if: ${{ github.event.label.name == 'build-and-push-pr-image' }}
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        check-latest: true
+        cache: true
+
+    - name: Install Dependencies
+      run: |
+        make install
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        version: latest
+        only-new-issues: false
+        args: --timeout 10m
+
+    - name: Generate Tags
+      id: generate_tag
+      run: |
+        sha=${{ github.event.pull_request.head.sha }}
+        tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}"
+        echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Generate image repository path for ghcr registry
+      run: |
+        echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+    - name: Login to ghcr registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{env.REGISTRY}}
+        username: stakater-user
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ env.DOCKER_FILE_PATH  }}
+        pull: true
+        push: true
+        build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}

.github/workflows/push.yaml

@@ -0,0 +1,232 @@
+name: Push
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - master
+      - 'v**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
+  REGISTRY: ghcr.io
+
+jobs:
+  build:
+
+    permissions:
+      contents: read
+      packages: write # to push artifacts to `ghcr.io`
+
+    name: Build
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PUBLISH_TOKEN }}
+          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive
+
+      # Setting up helm binary
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.11.3
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+          cache: true
+
+      - name: Install Dependencies
+        run: |
+          make install
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          only-new-issues: false
+          args: --timeout 10m
+
+      - name: Install kubectl
+        run: |
+          curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+          sudo install ./kubectl /usr/local/bin/ && rm kubectl
+          kubectl version --client=true
+
+      - name: Install Kind
+        run: |
+          curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
+          sudo install ./kind /usr/local/bin && rm kind
+          kind version
+          kind version | grep -q ${KIND_VERSION}
+
+      - name: Create Kind Cluster
+        run: |
+          kind create cluster
+          kubectl cluster-info
+
+      - name: Test
+        run: make test
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.STAKATER_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.STAKATER_DOCKERHUB_PASSWORD }}
+      
+      - name: Create timestamp
+        id: prep
+        run: echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
+      - name: Generate image repository path for Docker registry
+        run: |
+          echo DOCKER_IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      - name: Build and Push Docker Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Login to ghcr registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{env.REGISTRY}}
+          username: stakater-user
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Generate image repository path for ghcr registry
+        run: |
+          echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      - name: Build and Push Docker Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            VERSION=merge-${{ github.event.number }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ steps.prep.outputs.created }}
+            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+            BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: |
+            docs:
+              - '.markdownlint.yaml'
+              - '.vale.ini'
+              - 'Dockerfile-docs'
+              - 'docs-nginx.conf'
+              - 'docs/**'
+              - 'README.md'
+              - 'theme_common'
+              - 'theme_override'
+
+      # run only if 'docs' files were changed
+      - name: Build and Push Docker Image for Docs to ghcr registry
+        if: steps.filter.outputs.docs == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile-docs
+          pull: true
+          push: true
+          build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          cache-to: type=inline
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}/docs:merge-${{ github.event.number }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Push Latest Tag
+        uses: anothrNick/github-tag-action@1.71.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          WITH_V: false
+          CUSTOM_TAG: merge-${{ github.event.number }}
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always() # Pick up events even if the job fails or is canceled.
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/release-helm-chart.yaml

@@ -0,0 +1,39 @@
+name: Release Helm chart
+
+on:
+  push:
+    tags:
+      - "chart-v*"
+
+permissions:
+  contents: write
+
+jobs:
+  release-helm-chart:
+    name: Release Helm chart
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+        run: |
+          gh release create "$tag" \
+              --repo="$GITHUB_REPOSITORY" \
+              --title="Helm chart ${tag#chart-}" \
+              --generate-notes
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always()
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/release.yaml

@@ -0,0 +1,225 @@
+name: Release Go project
+
+on:
+  push:
+    tags:
+      - "v*"
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
+jobs:
+  release:
+
+    permissions:
+      contents: read
+      packages: write # to push artifacts to `ghcr.io`
+
+    name: GoReleaser build
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PUBLISH_TOKEN }}
+          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive
+
+      # Setting up helm binary
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.11.3
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+          cache: true
+
+      - name: Install Dependencies
+        run: |
+          make install
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          only-new-issues: false
+          args: --timeout 10m
+
+      - name: Install kubectl
+        run: |
+          curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+          sudo install ./kubectl /usr/local/bin/ && rm kubectl
+          kubectl version --client=true
+
+      - name: Install Kind
+        run: |
+          curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
+          sudo install ./kind /usr/local/bin && rm kind
+          kind version
+          kind version | grep -q ${KIND_VERSION}
+
+      - name: Create Kind Cluster
+        run: |
+          kind create cluster
+          kubectl cluster-info
+
+      - name: Test
+        run: make test
+
+      - name: Get Tag from Github Ref
+        id: generate_tag
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+
+      - name: Create timestamp
+        id: prep
+        run: echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.STAKATER_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.STAKATER_DOCKERHUB_PASSWORD }}
+
+      - name: Generate image repository path for Docker registry
+        run: |
+          echo DOCKER_IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      - name: Build and Push Docker Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          build-args: |
+            VERSION=${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ steps.prep.outputs.created }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Login to ghcr registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{env.REGISTRY}}
+          username: stakater-user
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Generate image repository path for ghcr registry
+        run: |
+          echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      # tag this image as latest as it will be used in plain manifests
+      - name: Build and Push Docker Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }},${{ env.GHCR_IMAGE_REPOSITORY }}:latest
+          build-args: |
+            VERSION=${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ steps.prep.outputs.created }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker Image for Docs to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile-docs
+          pull: true
+          push: true
+          cache-to: type=inline
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}/docs:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      ##############################
+      ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
+      ##############################
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@master
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always() # Pick up events even if the job fails or is canceled.
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/reloader-enterprise-published.yml

@@ -0,0 +1,17 @@
+name: Dispatch event for published release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger target repository workflow
+        run: |
+          curl -X POST \
+          -H "Accept: application/vnd.github.v3+json" \
+          -H "Authorization: token ${{ secrets.STAKATER_AB_TOKEN_FOR_RLDR }}" \
+          https://api.github.com/repos/stakater-ab/reloader-enterprise/dispatches \
+          -d '{"event_type":"release-published","client_payload":{"tag":"${{ github.event.release.tag_name }}"}}'

.github/workflows/reloader-enterprise-unpublished.yml

@@ -0,0 +1,17 @@
+name: Dispatch event for unpublished release
+
+on:
+  release:
+    types: [unpublished ]
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger target repository workflow
+        run: |
+          curl -X POST \
+          -H "Accept: application/vnd.github.v3+json" \
+          -H "Authorization: token ${{ secrets.STAKATER_AB_TOKEN_FOR_RLDR }}" \
+          https://api.github.com/repos/stakater-ab/reloader-enterprise/dispatches \
+          -d '{"event_type":"release-unpublished","client_payload":{"tag":"${{ github.event.release.tag_name }}"}}'

.gitignore

@@ -7,4 +7,13 @@ out/
 _gopath/
 .DS_Store
 .vscode
-vendor
+vendor
+dist
+Reloader
+!**/chart/reloader
+*.tgz
+styles/
+site/
+/mkdocs.yml
+yq
+bin

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "theme_common"]
+	path = theme_common
+	url = https://github.com/stakater/stakater-docs-mkdocs-theme.git 

.goreleaser.yml

@@ -0,0 +1,24 @@
+builds:
+- env:
+  - CGO_ENABLED=0
+  goos:
+  - windows
+  - darwin
+  - linux
+  goarch:
+  - 386
+  - amd64
+  - arm
+  - arm64
+  - ppc64le
+archives:
+- name_template: "{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+snapshot:
+  name_template: "{{ .Tag }}-next"
+checksum:
+  name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt"
+changelog:
+  # It will be generated manually as part of making a new GitHub release
+  disable: true
+env_files:
+  github_token: /home/jenkins/.apitoken/hub

.markdownlint.yaml

@@ -0,0 +1,8 @@
+{
+  "MD007": { "indent": 4 },
+  "MD013": false,
+  "MD024": false,
+  "MD029": { "style": one },
+  "MD033": false,
+  "MD041": false,
+}

.stignore

@@ -0,0 +1,3 @@
+.git
+Reloader
+__debug_bin

.vale.ini

@@ -0,0 +1,10 @@
+StylesPath = styles
+MinAlertLevel = warning
+
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.77/Stakater.zip
+Vocab = Stakater
+
+# Only check MarkDown files
+[*.md]
+
+BasedOnStyles = Vale

.version

@@ -1 +0,0 @@
-0.0.11

CODE_OF_CONDUCT.md

@@ -0,0 +1,3 @@
+# Code of Conduct
+
+Reloader follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

Dockerfile

@@ -0,0 +1,52 @@
+ARG BUILDER_IMAGE
+ARG BASE_IMAGE
+
+# Build the manager binary
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.24.4} AS builder
+
+ARG TARGETOS
+ARG TARGETARCH
+ARG GOPROXY
+ARG GOPRIVATE
+
+ARG COMMIT
+ARG VERSION
+ARG BUILD_DATE
+
+WORKDIR /workspace
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY internal/ internal/
+COPY pkg/ pkg/
+
+# Build
+RUN CGO_ENABLED=0 \
+    GOOS=${TARGETOS} \
+    GOARCH=${TARGETARCH} \
+    GOPROXY=${GOPROXY} \
+    GOPRIVATE=${GOPRIVATE} \
+    GO111MODULE=on \
+    go build -ldflags="-s -w -X github.com/stakater/Reloader/pkg/common.Version=${VERSION} \
+         -X github.com/stakater/Reloader/pkg/common.Commit=${COMMIT} \
+         -X github.com/stakater/Reloader/pkg/common.BuildDate=${BUILD_DATE}" \
+        -installsuffix 'static' -mod=mod -a -o manager ./
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM ${BASE_IMAGE:-gcr.io/distroless/static:nonroot}
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+# Port for metrics and probes
+EXPOSE 9090
+
+ENTRYPOINT ["/manager"]

Dockerfile-docs

@@ -0,0 +1,35 @@
+FROM python:3.13-alpine as builder
+
+# set workdir
+RUN mkdir -p $HOME/application
+WORKDIR $HOME/application
+
+# copy the entire application
+COPY --chown=1001:root . .
+
+RUN pip3 install -r theme_common/requirements.txt
+
+# Combine Theme Resources
+RUN python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme
+# Produce mkdocs file
+RUN python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml
+
+# build the docs
+RUN mkdocs build
+
+FROM nginxinc/nginx-unprivileged:1.27-alpine as deploy
+COPY --from=builder $HOME/application/site/ /usr/share/nginx/html/reloader/
+COPY docs-nginx.conf /etc/nginx/conf.d/default.conf
+
+# set non-root user
+USER 1001
+
+LABEL name="Stakater Reloader Documentation" \
+      maintainer="Stakater <hello@stakater.com>" \
+      vendor="Stakater" \
+      release="1" \
+      summary="Documentation for Stakater Reloader"
+
+EXPOSE 8080:8080/tcp
+
+CMD ["nginx", "-g", "daemon off;"]

Dockerfile.ubi

@@ -0,0 +1,39 @@
+ARG BUILDER_IMAGE
+ARG BASE_IMAGE
+
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} AS SRC
+
+FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi9/ubi:latest} AS ubi
+ARG TARGETARCH
+
+
+RUN dnf update -y && dnf install -y binutils
+# prep target rootfs for scratch container
+WORKDIR /
+RUN mkdir /image && \
+    ln -s usr/bin /image/bin && \
+	ln -s usr/sbin /image/sbin && \
+	ln -s usr/lib64 /image/lib64 && \
+	ln -s usr/lib /image/lib && \
+	mkdir -p /image/{usr/bin,usr/lib64,usr/lib,root,home,proc,etc,sys,var,dev}
+
+COPY ubi-build-files-${TARGETARCH}.txt /tmp
+# Copy all the required files from the base UBI image into the image directory
+# As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files
+RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/
+
+# Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt
+RUN rpm --root /image --initdb \
+  && PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \
+  && echo dnf install -y 'dnf-command(download)' \
+  && dnf download --destdir / ${PACKAGES} \
+  && rpm --root /image -ivh --justdb --nodeps `for i in ${PACKAGES}; do echo $i.rpm; done`
+
+FROM scratch
+COPY --from=ubi /image/ /
+COPY --from=SRC /manager .
+USER 65532:65532
+# Port for metrics and probes
+EXPOSE 9090
+
+ENTRYPOINT ["/manager"]

Jenkinsfile

@@ -1,8 +0,0 @@
-#!/usr/bin/groovy
-@Library('github.com/stakater/fabric8-pipeline-library@v2.5.3')
-
-def dummy
-
-goBuildAndRelease {
-
-}

LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

MAINTAINERS

@@ -0,0 +1,5 @@
+Bharath Nallapeta <bharath.nallapeta@stakater.com> (@bnallapeta)
+Karl Johan Grahn <karl.johan@stakater.com> (@karl-johan-grahn)
+Muhammad Sheryar Butt <sheryar@stakater.com> (@SheryarButt)
+Muneeb Aijaz <muneeb@stakater.com> (@MuneebAijaz)
+Tanveer Alam <tanveer.alam@stakater.com> (@tanalam2411)

Makefile

@@ -1,35 +1,140 @@
 # note: call scripts from /scripts
 
-.PHONY: default build builder-image binary-image test stop clean-images clean push apply deploy
+.PHONY: default build build-image test stop push apply deploy release release-all manifest push
 
-BUILDER ?= reloader-builder
+OS ?= linux
+ARCH ?= ???
+ALL_ARCH ?= arm64 arm amd64
+
+BUILDER_IMAGE ?=
+BASE_IMAGE    ?=
 BINARY ?= Reloader
-DOCKER_IMAGE ?= stakater/reloader
-# Default value "dev"
-DOCKER_TAG ?= 1.0.0
-REPOSITORY = ${DOCKER_IMAGE}:${DOCKER_TAG}
+DOCKER_IMAGE ?= ghcr.io/stakater/reloader
 
-VERSION=$(shell cat .version)
+# Default value "dev"
+VERSION ?= 0.0.1
+
+REPOSITORY_GENERIC = ${DOCKER_IMAGE}:${VERSION}
+REPOSITORY_ARCH = ${DOCKER_IMAGE}:v${VERSION}-${ARCH}
 BUILD=
 
 GOCMD = go
-GLIDECMD = glide
 GOFLAGS ?= $(GOFLAGS:)
 LDFLAGS =
+GOPROXY   ?=
+GOPRIVATE ?=
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUBECTL ?= kubectl
+KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION)
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION)
+ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
+GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
+YQ ?= $(LOCALBIN)/yq
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v5.3.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
+ENVTEST_VERSION ?= release-0.17
+GOLANGCI_LINT_VERSION ?= v1.57.2
+
+YQ_VERSION ?= v4.27.5
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(OS)_$(ARCH)"
+
+.PHONY: yq
+yq: $(YQ) ## Download YQ locally if needed
+$(YQ):
+	@test -d $(LOCALBIN) || mkdir -p $(LOCALBIN)
+	@curl --retry 3 -fsSL $(YQ_DOWNLOAD_URL) -o $(YQ) || { \
+		echo "Failed to download yq from $(YQ_DOWNLOAD_URL). Please check the URL and your network connection."; \
+		exit 1; \
+	}
+	@chmod +x $(YQ)
+	@echo "yq downloaded successfully to $(YQ)."
+
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	$(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION))
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION})
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary (ideally with version)
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
+}
+endef
 
 default: build test
 
 install:
-	"$(GLIDECMD)" install
+	"$(GOCMD)" mod download
+
+run:
+	go run ./main.go
 
 build:
 	"$(GOCMD)" build ${GOFLAGS} ${LDFLAGS} -o "${BINARY}"
 
-builder-image:
-	@docker build --network host -t "${BUILDER}" -f build/package/Dockerfile.build .
+build-image:
+	docker buildx build \
+		--platform ${OS}/${ARCH} \
+		--build-arg GOARCH=$(ARCH) \
+		--build-arg BUILDER_IMAGE=$(BUILDER_IMAGE) \
+		--build-arg BASE_IMAGE=${BASE_IMAGE} \
+		--build-arg GOPROXY=${GOPROXY} \
+		--build-arg GOPRIVATE=${GOPRIVATE} \
+		-t "${REPOSITORY_ARCH}" \
+		--load \
+		-f Dockerfile \
+		.
 
-binary-image: builder-image
-	@docker run --network host --rm "${BUILDER}" | docker build --network host -t "${REPOSITORY}" -f Dockerfile.run -
+push:
+	docker push ${REPOSITORY_ARCH}
+
+release: build-image push manifest
+
+release-all:
+	-rm -rf ~/.docker/manifests/*
+	# Make arch-specific release
+	@for arch in $(ALL_ARCH) ; do \
+		echo Make release: $$arch ; \
+		make release ARCH=$$arch ; \
+	done
+
+	set -e
+	docker manifest push --purge $(REPOSITORY_GENERIC)
+
+manifest:
+	set -e
+	docker manifest create -a $(REPOSITORY_GENERIC) $(REPOSITORY_ARCH)
+	docker manifest annotate --arch $(ARCH) $(REPOSITORY_GENERIC)  $(REPOSITORY_ARCH)
 
 test:
 	"$(GOCMD)" test -timeout 1800s -v ./...
@@ -37,16 +142,27 @@ test:
 stop:
 	@docker stop "${BINARY}"
 
-clean-images: stop
-	@docker rmi "${BUILDER}" "${BINARY}"
-
-clean:
-	"$(GOCMD)" clean -i
-
-push: ## push the latest Docker image to DockerHub
-	docker push $(REPOSITORY)
-
 apply:
 	kubectl apply -f deployments/manifests/ -n temp-reloader
 
 deploy: binary-image push apply
+
+.PHONY: k8s-manifests
+k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'manifests' folder
+	$(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml
+
+.PHONY: update-manifests-version
+update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder
+	sed -i 's/image:.*/image: \"ghcr.io\/stakater\/reloader:v$(VERSION)"/g' deployments/kubernetes/manifests/deployment.yaml
+
+YQ_VERSION = v4.42.1
+YQ_BIN = $(shell pwd)/yq
+CURRENT_ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
+
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_$(CURRENT_ARCH)"
+
+yq-install:
+	@echo "Downloading yq $(YQ_VERSION) for linux/$(CURRENT_ARCH)"
+	@curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN)
+	@chmod +x $(YQ_BIN)
+	@echo "yq $(YQ_VERSION) installed at $(YQ_BIN)"

README.md

@@ -1,72 +1,390 @@
-# RELOADER
+<p align="center">
+  <img src="assets/web/reloader.jpg" alt="Reloader" width="40%"/>
+</p>
 
-## Problem
+[![Go Report Card](https://goreportcard.com/badge/github.com/stakater/reloader?style=flat-square)](https://goreportcard.com/report/github.com/stakater/reloader)
+[![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](https://godoc.org/github.com/stakater/reloader)
+[![Release](https://img.shields.io/github/release/stakater/reloader.svg?style=flat-square)](https://github.com/stakater/reloader/releases/latest)
+[![GitHub tag](https://img.shields.io/github/tag/stakater/reloader.svg?style=flat-square)](https://github.com/stakater/reloader/releases/latest)
+[![Docker Pulls](https://img.shields.io/docker/pulls/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
+[![Docker Stars](https://img.shields.io/docker/stars/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
+[![license](https://img.shields.io/github/license/stakater/reloader.svg?style=flat-square)](LICENSE)
 
-We would like to watch if some change happens in `ConfigMap` and `Secret` objects and then perform rolling upgrade on relevant `Deployment`, `Deamonset` and `Statefulset`
+## 🔁 What is Reloader?
 
-## Solution
+Reloader is a Kubernetes controller that automatically triggers rollouts of workloads (like Deployments, StatefulSets, and more) whenever referenced `Secrets` or `ConfigMaps` are updated.
 
-Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `Deployments`, `Deamonsets` and `Statefulsets`.
+In a traditional Kubernetes setup, updating a `Secret` or `ConfigMap` does not automatically restart or redeploy your workloads. This can lead to stale configurations running in production, especially when dealing with dynamic values like credentials, feature flags, or environment configs.
 
-**NOTE:** This controller has been inspired from [configmapController](https://github.com/fabric8io/configmapcontroller)
+Reloader bridges that gap by ensuring your workloads stay in sync with configuration changes — automatically and safely.
 
-## How to use Reloader
+## 🚀 Why Reloader?
 
-For a `Deployment` called `foo` have a `ConfigMap` called `foo`. Then add this annotation to your `Deployment`
+- ✅ **Zero manual restarts**: No need to manually rollout workloads after config/secret changes.
+- 🔒 **Secure by design**: Ensure your apps always use the most up-to-date credentials or tokens.
+- 🛠️ **Flexible**: Works with all major workload types — Deployment, StatefulSet, Daemonset, ArgoRollout, and more.
+- ⚡ **Fast feedback loop**: Ideal for CI/CD pipelines where secrets/configs change frequently.
+- 🔄 **Out-of-the-box integration**: Just label your workloads and let Reloader do the rest.
+
+## 🔧 How It Works?
+
+```mermaid
+flowchart LR
+  ExternalSecret -->|Creates| Secret
+  SealedSecret -->|Creates| Secret
+  Certificate -->|Creates| Secret
+  Secret -->|Watched by| Reloader
+  ConfigMap -->|Watched by| Reloader
+
+  Reloader -->|Triggers Rollout| Deployment
+  Reloader -->|Triggers Rollout| DeploymentConfig
+  Reloader -->|Triggers Rollout| Daemonset
+  Reloader -->|Triggers Rollout| Statefulset
+  Reloader -->|Triggers Rollout| ArgoRollout
+  Reloader -->|Triggers Job| CronJob
+  Reloader -->|Sends Notification| Slack,Teams,Webhook
+```
+
+- Sources like `ExternalSecret`, `SealedSecret`, or `Certificate` from `cert-manager` can create or manage Kubernetes `Secrets` — but they can also be created manually or delivered through GitOps workflows.
+- `Secrets` and `ConfigMaps` are watched by Reloader.
+- When changes are detected, Reloader automatically triggers a rollout of the associated workloads, ensuring your app always runs with the latest configuration.
+
+## ⚡ Quick Start
+
+### 1. Install Reloader
+
+Follow any of this [installation options](#-installation).
+
+### 2. Annotate Your Workload
+
+To enable automatic reload for a Deployment:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-app
+  annotations:
+    reloader.stakater.com/auto: "true"
+spec:
+  template:
+    metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: app
+          image: your-image
+          envFrom:
+            - configMapRef:
+                name: my-config
+            - secretRef:
+                name: my-secret
+```
+
+This tells Reloader to watch the `ConfigMap` and `Secret` referenced in this deployment. When either is updated, it will trigger a rollout.
+
+## 🏢 Enterprise Version
+
+Stakater offers an enterprise-grade version of Reloader with:
+
+1. SLA-backed support
+1. Certified images
+1. Private Slack support
+
+Contact [`sales@stakater.com`](mailto:sales@stakater.com) for info about Reloader Enterprise.
+
+## 🧩 Usage
+
+Reloader supports multiple annotation-based controls to let you **customize when and how your Kubernetes workloads are reloaded** upon changes in `Secrets` or `ConfigMaps`.
+
+Kubernetes does not trigger pod restarts when a referenced `Secret` or `ConfigMap` is updated. Reloader bridges this gap by watching for changes and automatically performing rollouts — but it gives you full control via annotations, so you can:
+
+- Reload **all** resources by default
+- Restrict reloads to only **Secrets** or only **ConfigMaps**
+- Watch only **specific resources**
+- Use **opt-in via tagging** (`search` + `match`)
+- Exclude workloads you don’t want to reload
+
+### 1. 🔁 Automatic Reload (Default)
+
+Use these annotations to automatically restart the workload when referenced `Secrets` or `ConfigMaps` change.
+
+| Annotation                                 | Description                                                          |
+|--------------------------------------------|----------------------------------------------------------------------|
+| `reloader.stakater.com/auto: "true"`       | Reloads workload when any referenced ConfigMap or Secret changes     |
+| `secret.reloader.stakater.com/auto: "true"`| Reloads only when referenced Secret(s) change                        |
+| `configmap.reloader.stakater.com/auto: "true"`| Reloads only when referenced ConfigMap(s) change                  |
+
+### 2. 📛 Named Resource Reload (Specific Resource Annotations)
+
+These annotations allow you to manually define which ConfigMaps or Secrets should trigger a reload, regardless of whether they're used in the pod spec.
+
+| Annotation                                          | Description                                                                          |
+|-----------------------------------------------------|--------------------------------------------------------------------------------------|
+| `secret.reloader.stakater.com/reload: "my-secret"`  | Reloads when specific Secret(s) change, regardless of how they're used              |
+| `configmap.reloader.stakater.com/reload: "my-config"`| Reloads when specific ConfigMap(s) change, regardless of how they're used         |
+
+#### Use when
+
+1. ✅ This is useful in tightly scoped scenarios where config is shared but reloads are only relevant in certain cases.
+1. ✅ Use this when you know exactly which resource(s) matter and want to avoid auto-discovery or searching altogether.
+
+### 3. 🎯 Targeted Reload (Match + Search Annotations)
+
+This pattern allows fine-grained reload control — workloads only restart if the Secret/ConfigMap is both:
+
+1. Referenced by the workload
+1. Explicitly annotated with `match: true`
+
+| Annotation                                | Applies To   | Description                                                                 |
+|-------------------------------------------|--------------|-----------------------------------------------------------------------------|
+| `reloader.stakater.com/search: "true"`    | Workload     | Enables search mode (only reloads if matching secrets/configMaps are found) |
+| `reloader.stakater.com/match: "true"`     | ConfigMap/Secret | Marks the config/secret as eligible for reload in search mode              |
+
+#### How it works
+
+1. The workload must have: `reloader.stakater.com/search: "true"`
+1. The ConfigMap or Secret must have: `reloader.stakater.com/match: "true"`
+1. The resource (ConfigMap or Secret) must also be referenced in the workload (via env, `volumeMount`, etc.)
+
+#### Use when
+
+1. ✅ You want to reload a workload only if it references a ConfigMap or Secret that has been explicitly tagged with `reloader.stakater.com/match: "true"`.
+1. ✅ Use this when you want full control over which shared or system-wide resources trigger reloads. Great in multi-tenant clusters or shared configs.
+
+### ⛔ Resource-Level Ignore Annotation
+
+When you need to prevent specific ConfigMaps or Secrets from triggering any reloads, use the ignore annotation on the resource itself:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap  # or Secret
+metadata:
+  name: my-config
+  annotations:
+    reloader.stakater.com/ignore: "true"
+```
+
+This instructs Reloader to skip all reload logic for that resource across all workloads.
+
+### 4. ⚙️ Workload-Specific Rollout Strategy
+
+By default, Reloader uses the **rollout** strategy — it updates the pod template to trigger a new rollout. This works well in most cases, but it can cause problems if you're using GitOps tools like ArgoCD, which detect this as configuration drift.
+
+To avoid that, you can switch to the **restart** strategy, which simply restarts the pod without changing the pod template.
 
 ```yaml
 metadata:
   annotations:
-    configmap.reloader.stakater.com/reload: "foo"
+    reloader.stakater.com/rollout-strategy: "restart"
 ```
 
-OR
+| Value              | Behavior                                                        |
+|--------------------|-----------------------------------------------------------------|
+| `rollout` (default) | Updates pod template metadata to trigger a rollout             |
+| `restart`           | Deletes the pod to restart it without patching the template    |
 
-For a `Deployment` called `foo` have a `Secret` called `foo`. Then add this annotation to your `Deployment`
+✅ Use `restart` if:
+
+1. You're using GitOps and want to avoid drift
+1. You want a quick restart without changing the workload spec
+1. Your platform restricts metadata changes
+
+### 5. ❗ Annotation Behavior Rules & Compatibility
+
+- `reloader.stakater.com/auto` and `reloader.stakater.com/search` **cannot be used together** — the `auto` annotation takes precedence.
+- If both `auto` and its typed versions (`secret.reloader.stakater.com/auto`, `configmap.reloader.stakater.com/auto`) are used, **only one needs to be true** to trigger a reload.
+- Setting `reloader.stakater.com/auto: "false"` explicitly disables reload for that workload.
+- If `--auto-reload-all` is enabled on the controller:
+    - All workloads are treated as if they have `auto: "true"` unless they explicitly set it to `"false"`.
+    - Missing or unrecognized annotation values are treated as `"false"`.
+
+### 6. 🔔 Alerting on Reload
+
+Reloader can optionally **send alerts** whenever it triggers a rolling upgrade for a workload (e.g., `Deployment`, `StatefulSet`, etc.).
+
+These alerts are sent to a configured **webhook endpoint**, which can be a generic receiver or services like Slack, Microsoft Teams or Google Chat.
+
+To enable this feature, update the `reloader.env.secret` section in your `values.yaml` (when installing via Helm):
 
 ```yaml
-metadata:
-  annotations:
-    secret.reloader.stakater.com/reload: "foo"
+reloader:
+  env:
+    secret:
+      ALERT_ON_RELOAD: "true"                    # Enable alerting (default: false)
+      ALERT_SINK: "slack"                        # Options: slack, teams, gchat or webhook (default: webhook)
+      ALERT_WEBHOOK_URL: "<your-webhook-url>"    # Required if ALERT_ON_RELOAD is true
+      ALERT_ADDITIONAL_INFO: "Triggered by Reloader in staging environment"
 ```
 
-## Deploying to Kubernetes
+### 7. ⏸️ Pause Deployments
 
-You can deploy Reloader by following methods:
+This feature allows you to pause rollouts for a deployment for a specified duration, helping to prevent multiple restarts when several ConfigMaps or Secrets are updated in quick succession.
 
-### Vanilla Manifests
+| Annotation                                              | Applies To   | Description                                                                 |
+|---------------------------------------------------------|--------------|-----------------------------------------------------------------------------|
+| `deployment.reloader.stakater.com/pause-period: "5m"`   | Deployment   | Pauses reloads for the specified period (e.g., `5m`, `1h`)                  |
 
-You can apply vanilla manifests by running the following command
+#### How it works
+
+1. Add the `deployment.reloader.stakater.com/pause-period` annotation to your Deployment, specifying the pause duration (e.g., `"5m"` for five minutes).
+1. When a watched ConfigMap or Secret changes, Reloader will still trigger a reload event, but if the deployment is paused, the rollout will have no effect until the pause period has elapsed.
+1. This avoids repeated restarts if multiple resources are updated close together.
+
+#### Use when
+
+1. ✅ Your deployment references multiple ConfigMaps or Secrets that may be updated at the same time.
+1. ✅ You want to minimize unnecessary rollouts and reduce downtime caused by back-to-back configuration changes.
+
+## 🚀 Installation
+
+### 1. 📦 Helm
+
+Reloader can be installed in multiple ways depending on your Kubernetes setup and preference. Below are the supported methods:
+
+```bash
+helm repo add stakater https://stakater.github.io/stakater-charts
+helm repo update
+helm install reloader stakater/reloader
+```
+
+➡️ See full Helm configuration in the [chart README](./deployments/kubernetes/chart/reloader/README.md).
+
+### 2. 📄 Vanilla Manifests
+
+Apply raw Kubernetes manifests directly:
 
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
 ```
 
-By default Reloader gets deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
+### 3. 🧱 Vanilla Kustomize
 
-### Helm Charts
+Use the built-in Kustomize support:
 
-Alternatively if you have configured helm on your cluster, you can add reloader to helm from our public chart repository and deploy it via helm using below mentioned commands
-
- ```bash
-helm repo add stakater https://stakater.github.io/stakater-charts
-
-helm repo update
-
-helm install stakater/reloader
+```bash
+kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes
 ```
 
+### 4. 🛠️ Custom Kustomize Setup
+
+You can create your own `kustomization.yaml` and use Reloader’s as a base:
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - https://github.com/stakater/Reloader/deployments/kubernetes
+
+namespace: reloader
+```
+
+### 5. ⚖️ Default Resource Requests and Limits
+
+By default, Reloader is deployed with the following resource requests and limits:
+
+```yaml
+resources:
+  limits:
+    cpu: 150m
+    memory: 512Mi
+  requests:
+    cpu: 10m
+    memory: 128Mi
+```
+
+### 6. ⚙️ Optional runtime configurations
+
+These flags let you customize Reloader's behavior globally, at the Reloader controller level.
+
+#### 1. 🔁 Reload Behavior
+
+| Flag | Description |
+|------|-------------|
+| `--reload-on-create=true` | Reload workloads when a watched ConfigMap or Secret is created |
+| `--reload-on-delete=true` | Reload workloads when a watched ConfigMap or Secret is deleted |
+| `--auto-reload-all=true` | Automatically reload all workloads unless opted out (`auto: "false"`) |
+| `--reload-strategy=env-vars` | Strategy to use for triggering reload (`env-vars` or `annotations`) |
+| `--log-format=json` | Enable JSON-formatted logs for better machine readability |
+
+##### Reload Strategies
+
+Reloader supports multiple strategies for triggering rolling updates when a watched `ConfigMap` or `Secret` changes. You can configure the strategy using the `--reload-strategy` flag.
+
+| Strategy     | Description |
+|--------------|-------------|
+| `env-vars` (default) | Adds a dummy environment variable to any container referencing the changed resource (e.g., `Deployment`, `StatefulSet`, etc.). This forces Kubernetes to perform a rolling update. |
+| `annotations` | Adds a `reloader.stakater.com/last-reloaded-from` annotation to the pod template metadata. Ideal for GitOps tools like ArgoCD, as it avoids triggering unwanted sync diffs. |
+
+- The `env-vars` strategy is the default and works in most setups.
+- The `annotations` strategy is preferred in **GitOps environments** to prevent config drift in tools like ArgoCD or Flux.
+- In `annotations` mode, a `ConfigMap` or `Secret` that is deleted and re-created will still trigger a reload (since previous state is not tracked).
+
+#### 2. 🚫 Resource Filtering
+
+| Flag | Description |
+|------|-------------|
+| `--resources-to-ignore=configmaps` | Ignore ConfigMaps (only one type can be ignored at a time) |
+| `--resources-to-ignore=secrets` | Ignore Secrets (cannot combine with configMaps) |
+| `--resource-label-selector=key=value` | Only watch ConfigMaps/Secrets with matching labels |
+
+> **⚠️ Note:**  
+> Only **one** resource type can be ignored at a time.  
+> Trying to ignore **both `configmaps` and `secrets`** will cause an error in Reloader.  
+> ✅ **Workaround:** Scale the Reloader deployment to `0` replicas if you want to disable it completely.
+
+#### 3. 🧩 Namespace Filtering
+
+| Flag | Description |
+|------|-------------|
+| `--namespace-selector='key=value'` <br /> <br />`--namespace-selector='key1=value1,key2=value2'` <br /> <br />`--namespace-selector='key in (value1,value2)'`| Watch only namespaces with matching labels. See [LIST and WATCH filtering](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering) for more details on label selectors |
+| `--namespaces-to-ignore=ns1,ns2` | Skip specific namespaces from being watched |
+
+#### 4. 📝 Annotation Key Overrides
+
+These flags allow you to redefine annotation keys used in your workloads or resources:
+
+| Flag | Overrides |
+|------|-----------|
+| `--auto-annotation` | Overrides `reloader.stakater.com/auto` |
+| `--secret-auto-annotation` | Overrides `secret.reloader.stakater.com/auto` |
+| `--configmap-auto-annotation` | Overrides `configmap.reloader.stakater.com/auto` |
+| `--auto-search-annotation` | Overrides `reloader.stakater.com/search` |
+| `--search-match-annotation` | Overrides `reloader.stakater.com/match` |
+| `--secret-annotation` | Overrides `secret.reloader.stakater.com/reload` |
+| `--configmap-annotation` | Overrides `configmap.reloader.stakater.com/reload` |
+| `--pause-deployment-annotation` | Overrides `deployment.reloader.stakater.com/pause-period` |
+| `--pause-deployment-time-annotation` | Overrides `deployment.reloader.stakater.com/paused-at` |
+
+### 5. 🕷️ Debugging
+
+| Flag | Description |
+|---  |-------------|
+| `--enable-pprof` | Enables `pprof` for profiling |
+| `--pprof-addr` | Address to start `pprof` server on. Default is `:6060` |
+
+## Compatibility
+
+Reloader is compatible with Kubernetes >= 1.19
+
 ## Help
 
-**Got a question?**
-File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us an [email](mailto:stakater@gmail.com).
+### Documentation
+
+The Reloader documentation can be viewed from [the doc site](https://docs.stakater.com/reloader/). The doc source is in the [docs](./docs/) folder.
+
+### Have a question?
+
+File a GitHub [issue](https://github.com/stakater/Reloader/issues).
 
 ### Talk to us on Slack
 
-Join and talk to us on Slack for discussing Reloader
+Join and talk to us on Slack for discussing Reloader:
 
-[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater-slack.herokuapp.com/)
-[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater.slack.com/)
+[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
+[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
 
 ## Contributing
 
@@ -76,30 +394,49 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r
 
 ### Developing
 
-PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
+1. Deploy Reloader
+1. Run `okteto up` to activate your development container
+1. `make build`
+1. `./Reloader`
 
- 1. **Fork** the repo on GitHub
- 2. **Clone** the project to your own machine
- 3. **Commit** changes to your own branch
- 4. **Push** your work back up to your fork
- 5. Submit a **Pull request** so that we can review your changes
+PRs are welcome. In general, we follow the "fork-and-pull" Git workflow:
 
-NOTE: Be sure to merge the latest from "upstream" before making a pull request!
+1. **Fork** the repo on GitHub
+1. **Clone** the project to your own machine
+1. **Commit** changes to your own branch
+1. **Push** your work back up to your fork
+1. Submit a **Pull request** so that we can review your changes
+
+**NOTE:** Be sure to merge the latest from "upstream" before making a pull request!
+
+## Release Processes
+
+_Repository GitHub releases_: As requested by the community in [issue 685](https://github.com/stakater/Reloader/issues/685), Reloader is now based on a manual release process. Releases are no longer done on every merged PR to the main branch, but manually on request.
+
+To make a GitHub release:
+
+1. Code owners create a release branch `release-vX.Y.Z`
+1. Code owners run a dispatch mode workflow to automatically generate version and manifests on the release branch
+1. A PR is created to bump the image version on the release branch, example: [PR-798](https://github.com/stakater/Reloader/pull/798)
+1. Code owners create a GitHub release with tag `vX.Y.Z` and target branch `release-vX.Y.Z`, which triggers creation of images
+1. Code owners create a PR to update the Helm chart version, example: [PR-846](https://github.com/stakater/Reloader/pull/846)
+
+_Repository git tagging_: Push to the main branch will create a merge-image and merge-tag named `merge-${{ github.event.number }}`, for example `merge-800` when pull request number 800 is merged.
 
 ## Changelog
 
-View our closed [Pull Requests](https://github.com/stakater/Reloader/pulls?q=is%3Apr+is%3Aclosed).
+View the [releases page](https://github.com/stakater/Reloader/releases) to see what has changed in each release.
 
 ## License
 
-Apache2 © [Stakater](http://stakater.com)
+Apache2 © [Stakater][website]
 
-## About
+## About Stakater
 
-`Reloader` is maintained by [Stakater][website]. Like it? Please let us know at <hello@stakater.com>
+[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](https://stakater.com/?utm_source=Reloader&utm_medium=github)
 
-See [our other projects][community]
-or contact us in case of professional services and queries on <hello@stakater.com>
+`Reloader` is maintained by [Stakater][website]. Like it? Please let us know at [hello@stakater.com](hello@stakater.com)
 
-  [website]: http://stakater.com/
-  [community]: https://github.com/stakater/
+See [our other projects](https://github.com/stakater) or contact us in case of professional services and queries on [hello@stakater.com](hello@stakater.com)
+
+[website]: https://stakater.com

VERSION

@@ -0,0 +1 @@
+1.4.6

build/package/Dockerfile.build

@@ -1,21 +0,0 @@
-FROM stakater/go-glide:1.9.3
-MAINTAINER "Stakater Team"
-
-RUN apk update
-
-RUN apk -v --update \
-    add git build-base && \
-    rm -rf /var/cache/apk/* && \
-    mkdir -p "$GOPATH/src/github.com/stakater/Reloader"
-
-ADD . "$GOPATH/src/github.com/stakater/Reloader"
-
-RUN cd "$GOPATH/src/github.com/stakater/Reloader" && \
-    glide update && \
-    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a --installsuffix cgo --ldflags="-s" -o /Reloader
-
-COPY build/package/Dockerfile.run /
-
-# Running this image produces a tarball suitable to be piped into another
-# Docker build command.
-CMD tar -cf - -C / Dockerfile.run Reloader

build/package/Dockerfile.run

@@ -1,8 +0,0 @@
-FROM alpine:3.4
-MAINTAINER "Stakater Team"
-
-RUN apk add --update ca-certificates
-
-COPY Reloader /bin/Reloader
-
-ENTRYPOINT ["/bin/Reloader"]

deployments/kubernetes/chart/reloader/.helmignore

@@ -0,0 +1,2 @@
+# OWNERS file for Kubernetes
+OWNERS

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -1,13 +1,19 @@
-# Generated from deployments/kubernetes/templates/chart/Chart.yaml.tmpl
-
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 0.0.11
+version: 2.2.0
+appVersion: v1.4.5
 keywords:
   - Reloader
   - kubernetes
 home: https://github.com/stakater/Reloader
+sources:
+  - https://github.com/stakater/Reloader
+icon: https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png
 maintainers:
-- name: Stakater
-  email: hello@stakater.com
+  - name: Stakater
+    email: hello@stakater.com
+  - name: rasheedamir
+    email: rasheed@stakater.com
+  - name: faizanahmad055
+    email: faizan@stakater.com

deployments/kubernetes/chart/reloader/OWNERS

@@ -0,0 +1,16 @@
+approvers:
+- faizanahmad055
+- kahootali
+- ahmadiq
+- waseem-h
+- rasheedamir
+- ahsan-storm
+- ahmedwaleedmalik
+reviewers:
+- faizanahmad055
+- kahootali
+- ahmadiq
+- waseem-h
+- rasheedamir
+- ahsan-storm
+- ahmedwaleedmalik

deployments/kubernetes/chart/reloader/README.md

@@ -0,0 +1,167 @@
+# Reloader Helm Chart
+
+If you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow the [Helm2 to Helm3 guide](../../../../docs/Helm2-to-Helm3.md), in case you have trouble migrating Reloader from Helm2 to Helm3.
+
+## Installation
+
+```bash
+helm repo add stakater https://stakater.github.io/stakater-charts
+
+helm repo update
+
+helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+
+helm install {{RELEASE_NAME}} stakater/reloader -n {{NAMESPACE}} --set reloader.watchGlobally=false # By default, Reloader watches in all namespaces. To watch in single namespace, set watchGlobally=false
+
+helm install stakater/reloader --set reloader.watchGlobally=false --namespace test --generate-name # Install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
+```
+
+## Uninstalling
+
+```bash
+helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
+```
+
+## Parameters
+
+### Global Parameters
+
+| Parameter                 | Description                                                     | Type  | Default |
+| ------------------------- | --------------------------------------------------------------- | ----- | ------- |
+| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | array | `[]`    |
+
+### Common Parameters
+
+| Parameter          | Description                              | Type   | Default           |
+| ------------------ | ---------------------------------------- | ------ | ----------------- |
+| `nameOverride`     | replace the name of the chart            | string | `""`              |
+| `fullnameOverride` | replace the generated name               | string | `""`              |
+| `image`            | Set container image name, tag and policy | map    | `see values.yaml` |
+
+### Core Reloader Parameters
+
+| Parameter                           | Description                                                                                                                                         | Type        | Default   |
+| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | --------- |
+| `reloader.autoReloadAll`            |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.isArgoRollouts`           | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                                    | boolean     | `false`   |
+| `reloader.isOpenshift`              | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                                        | boolean     | `false`   |
+| `reloader.ignoreSecrets`            | To ignore secrets. Valid value are either `true` or `false`. Either `ignoreSecrets` or `ignoreConfigMaps` can be ignored, not both at the same time | boolean     | `false`   |
+| `reloader.ignoreConfigMaps`         | To ignore configmaps. Valid value are either `true` or `false`                                                                                      | boolean     | `false`   |
+| `reloader.reloadOnCreate`           | Enable reload on create events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.reloadOnDelete`           | Enable reload on delete events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.syncAfterRestart`         | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false`          | boolean     | `false`   |
+| `reloader.reloadStrategy`           | Strategy to trigger resource restart, set to either `default`, `env-vars` or `annotations`                                                          | enumeration | `default` |
+| `reloader.ignoreNamespaces`         | List of comma separated namespaces to ignore, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.namespaceSelector`        | List of comma separated k8s label selectors for namespaces selection. The parameter only used when `reloader.watchGlobally` is `true`. See [LIST and WATCH filtering](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering) for more details on label-selector                                  | string      | `""`      |
+| `reloader.resourceLabelSelector`    | List of comma separated label selectors, if multiple are provided they are combined with the AND operator                                           | string      | `""`      |
+| `reloader.logFormat`                | Set type of log format. Value could be either `json` or `""`                                                                                        | string      | `""`      |
+| `reloader.watchGlobally`            | Allow Reloader to watch in all namespaces (`true`) or just in a single namespace (`false`)                                                          | boolean     | `true`    |
+| `reloader.enableHA`                 | Enable leadership election allowing you to run multiple replicas                                                                                    | boolean     | `false`   |
+| `reloader.enablePProf`              | Enables pprof for profiling | boolean | `false` |
+| `reloader.pprofAddr` | Address to start pprof server on | string | `:6060` | 
+| `reloader.readOnlyRootFileSystem`   | Enforce readOnlyRootFilesystem                                                                                                                      | boolean     | `false`   |
+| `reloader.legacy.rbac`              |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.matchLabels`              | Pod labels to match                                                                                                                                 | map         | `{}`      |
+| `reloader.enableMetricsByNamespace` | Expose an additional Prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)            | boolean     | `false`   |
+
+### Deployment Reloader Parameters
+
+| Parameter                                       | Description                                                                                                                                                 | Type   | Default           |
+| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----------------- |
+| `reloader.deployment.replicas`                  | Number of replicas, if you wish to run multiple replicas set `reloader.enableHA = true`. The replicas will be limited to 1 when `reloader.enableHA = false` | int    | 1                 |
+| `reloader.deployment.revisionHistoryLimit`      | Limit the number of revisions retained in the revision history                                                                                              | int    | 2                 |
+| `reloader.deployment.nodeSelector`              | Scheduling pod to a specific node based on set labels                                                                                                       | map    | `{}`              |
+| `reloader.deployment.affinity`                  | Set affinity rules on pod                                                                                                                                   | map    | `{}`              |
+| `reloader.deployment.securityContext`           | Set pod security context                                                                                                                                    | map    | `{}`              |
+| `reloader.deployment.containerSecurityContext`  | Set container security context                                                                                                                              | map    | `{}`              |
+| `reloader.deployment.tolerations`               | A list of `tolerations` to be applied to the deployment                                                                                                     | array  | `[]`              |
+| `reloader.deployment.topologySpreadConstraints` | Topology spread constraints for pod assignment                                                                                                              | array  | `[]`              |
+| `reloader.deployment.annotations`               | Set deployment annotations                                                                                                                                  | map    | `{}`              |
+| `reloader.deployment.labels`                    | Set deployment labels, default to Stakater settings                                                                                                         | array  | `see values.yaml` |
+| `reloader.deployment.env`                       | Support for extra environment variables                                                                                                                     | array  | `[]`              |
+| `reloader.deployment.livenessProbe`             | Set liveness probe timeout values                                                                                                                           | map    | `{}`              |
+| `reloader.deployment.readinessProbe`            | Set readiness probe timeout values                                                                                                                          | map    | `{}`              |
+| `reloader.deployment.resources`                 | Set container requests and limits (e.g. CPU or memory)                                                                                                      | map    | `{}`              |
+| `reloader.deployment.pod.annotations`           | Set annotations for pod                                                                                                                                     | map    | `{}`              |
+| `reloader.deployment.priorityClassName`         | Set priority class for pod in cluster                                                                                                                       | string | `""`              |
+
+### Other Reloader Parameters
+
+| Parameter                              | Description                                                     | Type    | Default |
+| -------------------------------------- | --------------------------------------------------------------- | ------- | ------- |
+| `reloader.service`                     |                                                                 | map     | `{}`    |
+| `reloader.rbac.enabled`                | Specifies whether a role based access control should be created | boolean | `true`  |
+| `reloader.serviceAccount.create`       | Specifies whether a ServiceAccount should be created            | boolean | `true`  |
+| `reloader.custom_annotations`          | Add custom annotations                                          | map     | `{}`    |
+| `reloader.serviceMonitor.enabled`      | Enable to scrape Reloader's Prometheus metrics (legacy)         | boolean | `false` |
+| `reloader.podMonitor.enabled`          | Enable to scrape Reloader's Prometheus metrics                  | boolean | `false` |
+| `reloader.podDisruptionBudget.enabled` | Limit the number of pods of a replicated application            | boolean | `false` |
+| `reloader.netpol.enabled`              |                                                                 | boolean | `false` |
+| `reloader.volumeMounts`                | Mount volume                                                    | array   | `[]`    |
+| `reloader.volumes`                     | Add volume to a pod                                             | array   | `[]`    |
+| `reloader.webhookUrl`                  | Add webhook to Reloader                                         | string  | `""`    |
+
+## ⚙️ Helm Chart Configuration Notes
+
+### Selector Behavior
+- Both `namespaceSelector` & `resourceLabelSelector` can be used together
+- **Both conditions must be met** for a ConfigMap/Secret to trigger reloads
+  - Example: If a ConfigMap matches `resourceLabelSelector` but not `namespaceSelector`, it will be ignored
+
+### Important Limitations
+- Only one of these resources can be ignored at a time:
+  - `ignoreConfigMaps` **or** `ignoreSecrets`
+  - Trying to ignore both will cause Helm template compilation errors
+
+### Special Integrations
+- OpenShift (`DeploymentConfig`) and Argo Rollouts support must be **explicitly enabled**
+  - Required due to potential permission restrictions on clusters
+
+### OpenShift Considerations
+- Recent OpenShift versions (tested on 4.13.3) require:
+  - Users to be in a dynamically assigned UID range
+  - **Solution**: Unset `runAsUser` via `deployment.securityContext.runAsUser=null`
+  - Let OpenShift assign UID automatically during installation
+
+### Core Functionality Flags
+
+#### 🔄 `reloadOnCreate` Behavior
+**When true:**
+✅ New ConfigMaps/Secrets trigger rolling updates
+✅ New deployments referencing existing resources reload
+✅ In HA mode, new leader reloads all tracked workloads
+
+**When false:**
+❌ Updates during leader downtime are missed
+⏳ Potential 15s delay window (default `LeaseDuration`)
+
+#### 🗑️ `reloadOnDelete` Behavior
+**When true:**
+✅ Deleted resources trigger rolling updates of referencing workloads
+
+**When false:**
+❌ Deletions have no effect on referencing pods
+
+#### Default Settings
+⚠️ All flags default to `false` (must be enabled explicitly):
+- `reloadOnCreate`
+- `reloadOnDelete`
+- `syncAfterRestart`
+
+### Deprecation Notice
+- `serviceMonitor` will be removed in future releases in favor of `PodMonitor`
+
+## Release Process
+
+_Helm chart versioning_: The Reloader Helm chart is maintained in this repository. The Helm chart has its own semantic versioning. Helm charts and code releases are separate artifacts and separately versioned. Manifest making strategy relies on Kustomize. The Reloader Helm chart manages the two artifacts with these two fields:
+
+- [`appVersion`](Chart.yaml) points to released Reloader application image version listed on the [releases page](https://github.com/stakater/Reloader/releases)
+- [`version`](Chart.yaml) sets the Reloader Helm chart version
+
+Helm chart will be released to the chart registry whenever files in `deployments/kubernetes/chart/reloader/**` change on the main branch.
+
+### To release the Helm chart
+
+1. Create a new branch and update the Helm chart `appVersion` and `version`, example pull-request: [PR-846](https://github.com/stakater/Reloader/pull/846)
+1. Label the PR with `release/helm-chart`
+1. After approval and just before squash, make sure the squash commit message represents all changes, because it will be used to autogenerate the changelog message

deployments/kubernetes/chart/reloader/templates/NOTES.txt

@@ -0,0 +1,7 @@
+- For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment`
+  {{ .Values.reloader.custom_annotations.configmap | default "configmap.reloader.stakater.com/reload" }}: "foo-configmap"
+
+- For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment`
+  {{ .Values.reloader.custom_annotations.secret | default "secret.reloader.stakater.com/reload" }}: "foo-secret"
+
+- After successful installation, your pods will get rolling updates when a change in data of configmap or secret will happen.

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -2,6 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
+
 {{- define "reloader-name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | lower -}}
 {{- end -}}
@@ -11,23 +12,78 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "reloader-fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-
-{{- define "reloader-labels.selector" -}}
-app: {{ template "reloader-name" . }}
-group: {{ .Values.reloader.labels.group }}
-provider: {{ .Values.reloader.labels.provider }}
 {{- end -}}
 
-{{- define "reloader-labels.stakater" -}}
-{{ template "reloader-labels.selector" . }}
-version: {{ .Values.reloader.labels.version }}
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "reloader-chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "reloader-match-labels.chart" -}}
+app: {{ template "reloader-fullname" . }}
+release: {{ .Release.Name | quote }}
 {{- end -}}
 
 {{- define "reloader-labels.chart" -}}
-chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-release: {{ .Release.Name | quote }}
+{{ include "reloader-match-labels.chart" . }}
+app.kubernetes.io/name: {{ template "reloader-name" . }}
+app.kubernetes.io/instance: {{ .Release.Name | quote }}
+helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
 heritage: {{ .Release.Service | quote }}
-{{- end -}}
+app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end -}}
+
+{{/*
+Create pod anti affinity labels
+*/}}
+{{- define "reloader-podAntiAffinity" -}}
+podAntiAffinity:
+  preferredDuringSchedulingIgnoredDuringExecution:
+  - weight: 100
+    podAffinityTerm:
+      labelSelector:
+        matchExpressions:
+        - key: app.kubernetes.io/instance
+          operator: In
+          values:
+          - {{ .Release.Name | quote }}
+      topologyKey: "kubernetes.io/hostname"
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "reloader-serviceAccountName" -}}
+{{- if .Values.reloader.serviceAccount.create -}}
+    {{ default (include "reloader-fullname" .) .Values.reloader.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.reloader.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the annotations to support helm3
+*/}}
+{{- define "reloader-helm3.annotations" -}}
+meta.helm.sh/release-namespace: {{ .Release.Namespace | quote }}
+meta.helm.sh/release-name: {{ .Release.Name | quote }}
+{{- end -}}
+
+{{/*
+Create the namespace selector if it does not watch globally
+*/}}
+{{- define "reloader-namespaceSelector" -}}
+{{- if and .Values.reloader.watchGlobally .Values.reloader.namespaceSelector -}}
+    {{ .Values.reloader.namespaceSelector }}
+{{- end -}}
+{{- end -}}

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -0,0 +1,116 @@
+{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }}
+{{- if  (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRole
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+{{- if .Values.reloader.ignoreSecrets }}{{- else }}
+      - secrets
+{{- end }}
+{{- if .Values.reloader.ignoreConfigMaps }}{{- else }}
+      - configmaps
+{{- end }}
+    verbs:
+      - list
+      - get
+      - watch
+{{- if (include "reloader-namespaceSelector" .) }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+{{- end }}
+{{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }}
+  - apiGroups:
+      - "apps.openshift.io"
+      - ""
+    resources:
+      - deploymentconfigs
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+{{- end }}
+{{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }}
+  - apiGroups:
+      - "argoproj.io"
+      - ""
+    resources:
+      - rollouts
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+{{- end }}
+  - apiGroups:
+      - "apps"
+    resources:
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+{{- if .Values.reloader.ignoreCronJobs }}{{- else }}
+  - apiGroups:
+      - "batch"
+    resources:
+      - cronjobs
+    verbs:
+      - list
+      - get
+{{- end }}
+{{- if .Values.reloader.ignoreJobs }}{{- else }}
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
+      - delete
+      - list
+      - get
+{{- end}}
+{{- if .Values.reloader.enableHA }}
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - update
+{{- end}}
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+{{- end }}

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -0,0 +1,28 @@
+{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }}
+{{- if  (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "reloader-fullname" . }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "reloader-serviceAccountName" . }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -1,31 +1,322 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+{{- if .Values.reloader.deployment.annotations }}
+{{ tpl (toYaml .Values.reloader.deployment.annotations) . | indent 4 }}
+{{- end }}
   labels:
-{{ include "reloader-labels.stakater" . | indent 4 }}
 {{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}
+{{- if .Values.reloader.deployment.labels }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
-  replicas: 1
-  revisionHistoryLimit: 2
+{{- if not (.Values.reloader.enableHA) }}
+  replicas: {{ min .Values.reloader.deployment.replicas 1 }}
+{{- else }}
+  replicas: {{ .Values.reloader.deployment.replicas }}
+{{- end}}
+  revisionHistoryLimit: {{ .Values.reloader.deployment.revisionHistoryLimit }}
   selector:
     matchLabels:
-{{ include "reloader-labels.selector" . | indent 6 }}
+{{ include "reloader-match-labels.chart" . | indent 6 }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 6 }}
+{{- end }}
   template:
     metadata:
+{{- if .Values.reloader.deployment.pod.annotations }}
+      annotations:
+{{ tpl (toYaml .Values.reloader.deployment.pod.annotations) . | indent 8 }}
+{{- end }}
       labels:
-{{ include "reloader-labels.selector" . | indent 8 }}
+{{ include "reloader-labels.chart" . | indent 8 }}
+{{- if .Values.reloader.deployment.labels }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 8 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 8 }}
+{{- end }}
     spec:
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.reloader.deployment.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if or (.Values.reloader.deployment.affinity) (.Values.reloader.enableHA) }}
+      affinity:
+      {{- if .Values.reloader.deployment.affinity }}
+{{ toYaml .Values.reloader.deployment.affinity | indent 8 }}
+      {{- else }}
+{{ include "reloader-podAntiAffinity" . | indent 8 }}
+      {{- end }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.tolerations }}
+      tolerations:
+{{ toYaml .Values.reloader.deployment.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{ toYaml .Values.reloader.deployment.topologySpreadConstraints | indent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.priorityClassName }}
+      priorityClassName: {{ .Values.reloader.deployment.priorityClassName }}
+      {{- end }}
       containers:
-      - env:
+      {{- if .Values.global.imageRegistry }}
+      - image: "{{ .Values.global.imageRegistry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+      {{- else }}
+      {{- if .Values.image.digest }}
+      - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+      {{- else }}
+      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+      {{- end }}
+      {{- end }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: {{ template "reloader-fullname" . }}
+        env:
+        - name: GOMAXPROCS
+        {{- if .Values.reloader.deployment.gomaxprocsOverride }}
+          value: {{ .Values.reloader.deployment.gomaxprocsOverride | quote }}
+        {{- else }}
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.cpu
+              divisor: '1'
+        {{- end }}
+        - name: GOMEMLIMIT
+        {{- if .Values.reloader.deployment.gomemlimitOverride }}
+          value: {{ .Values.reloader.deployment.gomemlimitOverride | quote }}
+        {{- else }}
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
+              divisor: '1'
+        {{- end }}
+      {{- range $name, $value := .Values.reloader.deployment.env.open }}
+      {{- if not (empty $value) }}
+        - name: {{ $name | quote }}
+          value: {{ $value | quote }}
+      {{- end }}
+      {{- end }}
+      {{- $secret_name := include "reloader-fullname" . }}
+      {{- range $name, $value := .Values.reloader.deployment.env.secret }}
+      {{- if not ( empty $value) }}
+        - name: {{ $name | quote }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ $secret_name }}
+              key: {{ $name | quote }}
+      {{- end }}
+      {{- end }}
+      {{- range $secret, $values := .Values.reloader.deployment.env.existing }}
+      {{- range $name, $key := $values }}
+      {{- if not ( empty $name) }}
+        - name: {{ $name | quote }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ $secret | quote }}
+              key: {{ $key | quote }}
+      {{- end }}
+      {{- end }}
+      {{- end }}
+      {{- range $name, $value := .Values.reloader.deployment.env.field }}
+      {{- if not ( empty $value) }}
+        - name: {{ $name | quote }}
+          valueFrom:
+            fieldRef:
+              fieldPath: {{ $value | quote}}
+      {{- end }}
+      {{- end }}
       {{- if eq .Values.reloader.watchGlobally false }}
         - name: KUBERNETES_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
       {{- end }}
-        image: "{{ .Values.reloader.image.name }}:{{ .Values.reloader.image.tag }}"
-        imagePullPolicy: {{ .Values.reloader.image.pullPolicy }}
-        name: {{ template "reloader-name" . }}
-      serviceAccountName: {{ template "reloader-name" . }}
-              
+
+        - name: RELOADER_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+
+        - name: RELOADER_DEPLOYMENT_NAME
+          value: {{ template "reloader-fullname" . }}
+          
+      {{- if .Values.reloader.enableHA }}
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+      {{- end }}
+      {{- if .Values.reloader.enableMetricsByNamespace }}
+        - name: METRICS_COUNT_BY_NAMESPACE
+          value: enabled
+      {{- end }}
+        ports:
+        - name: http
+          containerPort: 9090
+        livenessProbe:
+          httpGet:
+            path: /live
+            port: http
+          timeoutSeconds: {{ .Values.reloader.deployment.livenessProbe.timeoutSeconds | default "5" }}
+          failureThreshold: {{ .Values.reloader.deployment.livenessProbe.failureThreshold | default "5" }}
+          periodSeconds: {{ .Values.reloader.deployment.livenessProbe.periodSeconds | default "10" }}
+          successThreshold: {{ .Values.reloader.deployment.livenessProbe.successThreshold | default "1" }}
+          initialDelaySeconds: {{ .Values.reloader.deployment.livenessProbe.initialDelaySeconds | default "10" }}
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+          timeoutSeconds: {{ .Values.reloader.deployment.readinessProbe.timeoutSeconds | default "5" }}
+          failureThreshold: {{ .Values.reloader.deployment.readinessProbe.failureThreshold | default "5" }}
+          periodSeconds: {{ .Values.reloader.deployment.readinessProbe.periodSeconds | default "10" }}
+          successThreshold: {{ .Values.reloader.deployment.readinessProbe.successThreshold | default "1" }}
+          initialDelaySeconds: {{ .Values.reloader.deployment.readinessProbe.initialDelaySeconds | default "10" }}
+
+        {{- $containerSecurityContext := .Values.reloader.deployment.containerSecurityContext | default dict }}
+        {{- if .Values.reloader.readOnlyRootFileSystem }}
+          {{- $_ := set $containerSecurityContext "readOnlyRootFilesystem" true }}
+        {{- end }}
+
+        securityContext:
+          {{- toYaml $containerSecurityContext | nindent 10 }}
+
+      {{- if (or (.Values.reloader.deployment.volumeMounts) (eq .Values.reloader.readOnlyRootFileSystem true)) }}
+        volumeMounts:
+          {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
+          - mountPath: /tmp/
+            name: tmp-volume
+          {{- end }}
+          {{- with .Values.reloader.deployment.volumeMounts }}
+          {{- . | toYaml | nindent 10 }}
+          {{- end }}
+      {{- end }}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.logLevel) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (include "reloader-namespaceSelector" .) (.Values.reloader.resourceLabelSelector) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (eq .Values.reloader.reloadOnDelete true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA) (.Values.reloader.autoReloadAll)}}
+        args:
+          {{- if .Values.reloader.logFormat }}
+          - "--log-format={{ .Values.reloader.logFormat }}"
+          {{- end }}
+          {{- if .Values.reloader.logLevel }}
+          - "--log-level={{ .Values.reloader.logLevel }}"
+          {{- end }}
+          {{- if .Values.reloader.ignoreSecrets }}
+          - "--resources-to-ignore=secrets"
+          {{- end }}
+          {{- if .Values.reloader.ignoreConfigMaps }}
+          - "--resources-to-ignore=configMaps"
+          {{- end }}
+          {{- if .Values.reloader.ignoreNamespaces }}
+          - "--namespaces-to-ignore={{ .Values.reloader.ignoreNamespaces }}"
+          {{- end }}
+          {{- if (include "reloader-namespaceSelector" .) }}
+          - "--namespace-selector=\"{{ include "reloader-namespaceSelector" . }}\""
+          {{- end }}
+          {{- if .Values.reloader.resourceLabelSelector }}
+          - "--resource-label-selector={{ .Values.reloader.resourceLabelSelector }}"
+          {{- end }}
+          {{- if .Values.reloader.enablePProf }}
+          - "--enable-pprof"
+          {{- if and .Values.reloader.pprofAddr }}
+          - "--pprof-addr={{ .Values.reloader.pprofAddr }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.reloader.custom_annotations }}
+            {{- if .Values.reloader.custom_annotations.configmap }}
+          - "--configmap-annotation"
+          - "{{ .Values.reloader.custom_annotations.configmap }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.secret }}
+          - "--secret-annotation"
+          - "{{ .Values.reloader.custom_annotations.secret }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.auto }}
+          - "--auto-annotation"
+          - "{{ .Values.reloader.custom_annotations.auto }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.secret_auto }}
+          - "--secret-auto-annotation"
+          - "{{ .Values.reloader.custom_annotations.secret_auto }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.configmap_auto }}
+          - "--configmap-auto-annotation"
+          - "{{ .Values.reloader.custom_annotations.configmap_auto }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.search }}
+          - "--auto-search-annotation"
+          - "{{ .Values.reloader.custom_annotations.search }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.match }}
+          - "--search-match-annotation"
+          - "{{ .Values.reloader.custom_annotations.match }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.pausePeriod }}
+          - "--pause-deployment-annotation"
+          - "{{ .Values.reloader.custom_annotations.pausePeriod }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.pauseTime }}
+          - "--pause-deployment-annotation"
+          - "{{ .Values.reloader.custom_annotations.pauseTime }}"
+            {{- end }}
+            {{- if .Values.reloader.webhookUrl }}
+          - "--webhook-url"
+          - "{{ .Values.reloader.webhookUrl }}"
+            {{- end }}
+          {{- end }}
+          {{- if eq .Values.reloader.isArgoRollouts true }}
+          - "--is-Argo-Rollouts={{ .Values.reloader.isArgoRollouts }}"
+          {{- end }}
+          {{- if eq .Values.reloader.reloadOnCreate true }}
+          - "--reload-on-create={{ .Values.reloader.reloadOnCreate }}"
+          {{- end }}
+          {{- if eq .Values.reloader.reloadOnDelete true }}
+          - "--reload-on-delete={{ .Values.reloader.reloadOnDelete }}"
+          {{- end }}
+          {{- if eq .Values.reloader.syncAfterRestart true }}
+          - "--sync-after-restart={{ .Values.reloader.syncAfterRestart }}"
+          {{- end }}
+          {{- if ne .Values.reloader.reloadStrategy "default" }}
+          - "--reload-strategy={{ .Values.reloader.reloadStrategy }}"
+          {{- end }}
+          {{- if or (gt (int .Values.reloader.deployment.replicas) 1) (.Values.reloader.enableHA) }}
+          - "--enable-ha=true"
+          {{- end}}
+          {{- if eq .Values.reloader.autoReloadAll true }}
+          - "--auto-reload-all=true"
+          {{- end -}}
+      {{- end }}
+      {{- if .Values.reloader.deployment.resources }}
+        resources:
+{{ toYaml .Values.reloader.deployment.resources | indent 10 }}
+      {{- end }}
+{{- if .Values.reloader.deployment.securityContext }}
+      securityContext: {{ toYaml .Values.reloader.deployment.securityContext | nindent 8 }}
+{{- end }}
+      serviceAccountName: {{ template "reloader-serviceAccountName" . }}
+{{- if hasKey .Values.reloader.deployment "automountServiceAccountToken" }}
+      automountServiceAccountToken: {{ .Values.reloader.deployment.automountServiceAccountToken }}
+{{- end }}
+    {{- if (or (.Values.reloader.deployment.volumes) (eq .Values.reloader.readOnlyRootFileSystem true)) }}
+      volumes:
+        {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
+        - emptyDir: {}
+          name: tmp-volume
+        {{- end }}
+        {{- with .Values.reloader.deployment.volumes }}
+          {{- . | toYaml | nindent 8 }}
+        {{- end }}
+    {{- end }}

deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml

@@ -0,0 +1,38 @@
+{{- if and ( .Values.reloader.netpol.enabled ) }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+{{ include "reloader-match-labels.chart" . | indent 6 }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 6 }}
+{{- end }}
+  policyTypes:
+  - Ingress
+  - Egress
+  ingress:
+    - ports:
+        - port: http
+      {{- with .Values.reloader.netpol.from}}
+      from:
+        {{- toYaml .| nindent 8 }}
+      {{- end }}
+  egress:
+    - ports:
+        - port: 443
+      {{- with .Values.reloader.netpol.to}}
+      to:
+        {{- toYaml .| nindent 8 }}
+      {{- end }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/poddisruptionbudget.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.reloader.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+spec:
+{{- if .Values.reloader.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.reloader.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+{{- if and .Values.reloader.podDisruptionBudget.minAvailable (not .Values.reloader.podDisruptionBudget.maxUnavailable)}}
+  minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }}
+{{- end }}
+  selector:
+    matchLabels:
+      {{ include "reloader-match-labels.chart" . | nindent 6 }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/podmonitor.yaml

@@ -0,0 +1,60 @@
+{{- if ( .Values.reloader.podMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+{{- if .Values.reloader.podMonitor.annotations }}
+  annotations:
+{{ tpl (toYaml .Values.reloader.podMonitor.annotations) . | indent 4 }}
+{{- end }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.podMonitor.labels }}
+{{ tpl (toYaml .Values.reloader.podMonitor.labels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}
+{{- if .Values.reloader.podMonitor.namespace }}
+  namespace: {{ tpl .Values.reloader.podMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}
+spec:
+  podMetricsEndpoints:
+  - port: http
+    path: "/metrics"
+    {{- with .Values.reloader.podMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.bearerTokenSecret }}
+    bearerTokenSecret: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 6 }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.timeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    honorLabels: {{ .Values.reloader.podMonitor.honorLabels }}
+    {{- with .Values.reloader.podMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- tpl (toYaml . | nindent 6) $ }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- with .Values.reloader.podMonitor.podTargetLabels }}
+  podTargetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  jobLabel: {{ template "reloader-fullname" . }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{ include "reloader-match-labels.chart" . | nindent 6 }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/rbac.yaml

@@ -1,107 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-{{ include "reloader-labels.stakater" . | indent 4 }}
-{{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}
----
-{{- if .Values.reloader.watchGlobally }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  labels: 
-{{ include "reloader-labels.stakater" . | indent 4 }}
-{{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}-role
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups:
-      - ""
-    resources:      
-      - secrets
-      - configmaps
-    verbs:
-      - list
-      - get
-      - watch
-  - apiGroups:
-      - ""
-      - "extensions"
-      - "apps"
-    resources:
-      - deployments
-      - daemonsets
-      - statefulsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  labels: 
-{{ include "reloader-labels.stakater" . | indent 4 }}
-{{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}-role-binding
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "reloader-name" . }}-role
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "reloader-name" . }}
-    namespace: {{ .Release.Namespace }}
-{{- else }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  labels: 
-{{ include "reloader-labels.stakater" . | indent 4 }}
-{{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}-role
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups:
-      - ""
-    resources:      
-      - secrets
-      - configmaps
-    verbs:
-      - list
-      - get
-      - watch
-  - apiGroups:
-      - ""
-      - "extensions"
-      - "apps"
-    resources:
-      - deployments
-      - daemonsets
-      - statefulsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  labels: 
-{{ include "reloader-labels.stakater" . | indent 4 }}
-{{ include "reloader-labels.chart" . | indent 4 }}
-  name: {{ template "reloader-name" . }}-role-binding
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "reloader-name" . }}-role
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "reloader-name" . }}
-    namespace: {{ .Release.Namespace }}
-{{- end }}

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -0,0 +1,134 @@
+{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
+{{- if  (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: Role
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-role
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+{{- if .Values.reloader.ignoreSecrets }}{{- else }}
+      - secrets
+{{- end }}
+{{- if .Values.reloader.ignoreConfigMaps }}{{- else }}
+      - configmaps
+{{- end }}
+    verbs:
+      - list
+      - get
+      - watch
+{{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }}
+  - apiGroups:
+      - "apps.openshift.io"
+      - ""
+    resources:
+      - deploymentconfigs
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+{{- end }}
+{{- if and (.Capabilities.APIVersions.Has "argoproj.io/v1alpha1") (.Values.reloader.isArgoRollouts) }}
+  - apiGroups:
+      - "argoproj.io"
+      - ""
+    resources:
+      - rollouts
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+{{- end }}
+  - apiGroups:
+      - "apps"
+    resources:
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "batch"
+    resources:
+      - cronjobs
+    verbs:
+      - list
+      - get
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
+      - delete
+      - list
+      - get
+{{- if .Values.reloader.enableHA }}
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - update
+{{- end}}
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+{{- end }}
+
+---
+
+{{- if .Values.reloader.rbac.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-metadata-role
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - list
+      - get
+      - watch
+      - create
+      - update
+{{- end }}

deployments/kubernetes/chart/reloader/templates/rolebinding.yaml

@@ -0,0 +1,56 @@
+{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
+{{- if  (.Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1") }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-role-binding
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "reloader-fullname" . }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "reloader-serviceAccountName" . }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}
+
+---
+{{- if .Values.reloader.rbac.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.rbac.labels }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}-metadata-role-binding
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "reloader-fullname" . }}-metadata-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "reloader-serviceAccountName" . }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.reloader.deployment.env.secret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+type: Opaque
+data:
+  {{ if .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD -}}
+  ALERT_ON_RELOAD: {{ .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD | b64enc | quote }}
+  {{ end }}
+  {{- if .Values.reloader.deployment.env.secret.ALERT_SINK -}}
+  ALERT_SINK: {{ .Values.reloader.deployment.env.secret.ALERT_SINK | b64enc | quote }}
+  {{ end }}
+  {{- if .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL -}}
+  ALERT_WEBHOOK_URL: {{ .Values.reloader.deployment.env.secret.ALERT_WEBHOOK_URL | b64enc | quote }}
+  {{ end }}
+  {{- if .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO -}}
+  ALERT_ADDITIONAL_INFO: {{ .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO | b64enc | quote }}
+  {{ end }}
+{{ end }}

deployments/kubernetes/chart/reloader/templates/service.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.reloader.service }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+{{- if .Values.reloader.service.annotations }}
+{{ tpl (toYaml .Values.reloader.service.annotations) . | indent 4 }}
+{{- end }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.service.labels }}
+{{ tpl (toYaml .Values.reloader.service.labels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+spec:
+  selector:
+{{- if .Values.reloader.deployment.labels }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  ports:
+  - port: {{ .Values.reloader.service.port }}
+    name: http
+    protocol: TCP
+    targetPort: http
+{{- end }}

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -0,0 +1,26 @@
+{{- if .Values.reloader.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }}
+{{- end }}
+{{- if hasKey .Values.reloader.serviceAccount "automountServiceAccountToken" }}
+automountServiceAccountToken: {{ .Values.reloader.serviceAccount.automountServiceAccountToken }}
+{{- end }}
+metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+{{- if .Values.reloader.serviceAccount.annotations }}
+{{ tpl (toYaml .Values.reloader.serviceAccount.annotations) . | indent 4 }}
+{{- end }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.serviceAccount.labels }}
+{{ tpl (toYaml .Values.reloader.serviceAccount.labels) . | indent 4 }}
+{{- end }}
+{{- if .Values.reloader.matchLabels }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-serviceAccountName" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml

@@ -0,0 +1,60 @@
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.reloader.serviceMonitor.enabled ) }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+{{- if .Values.reloader.serviceMonitor.annotations }}
+  annotations:
+{{ tpl (toYaml .Values.reloader.serviceMonitor.annotations) . | indent 4 }}
+{{- end }}
+  labels:
+{{ include "reloader-labels.chart" . | indent 4 }}
+{{- if .Values.reloader.serviceMonitor.labels }}
+{{ tpl (toYaml .Values.reloader.serviceMonitor.labels) . | indent 4 }}
+{{- end }}
+  name: {{ template "reloader-fullname" . }}
+{{- if .Values.reloader.serviceMonitor.namespace }}
+  namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+{{- end }}
+spec:
+  endpoints:
+  - targetPort: http
+    path: "/metrics"
+    {{- with .Values.reloader.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.bearerTokenFile }}
+    bearerTokenFile: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 6 }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.timeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    honorLabels: {{ .Values.reloader.serviceMonitor.honorLabels }}
+    {{- with .Values.reloader.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- tpl (toYaml . | nindent 6) $ }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- with .Values.reloader.serviceMonitor.targetLabels }}
+  targetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  jobLabel: {{ template "reloader-fullname" . }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{ include "reloader-match-labels.chart" . | nindent 6 }}
+{{- end }}

deployments/kubernetes/chart/reloader/templates/verticalpodautoscaler.yaml

@@ -0,0 +1,40 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+  labels:
+    {{- include "reloader-labels.chart" . | nindent 4 }}
+spec:
+  {{- with .Values.reloader.verticalPodAutoscaler.recommenders }}
+  recommenders:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  resourcePolicy:
+    containerPolicies:
+    - containerName: {{ template "reloader-fullname" . }}
+      {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }}
+      controlledResources:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }}
+      maxAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }}
+      minAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }}
+      {{- end }}
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "reloader-fullname" . }}
+  {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }}
+  updatePolicy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

deployments/kubernetes/chart/reloader/tests/deployment_test.yaml

@@ -0,0 +1,63 @@
+suite: Deployment
+
+templates:
+  - deployment.yaml
+
+tests:
+  - it: sets readOnlyRootFilesystem in container securityContext when reloader.readOnlyRootFileSystem is true
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: false
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: sets readOnlyRootFilesystem in container securityContext even if reloader.deployment.containerSecurityContext is null
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: does not override readOnlyRootFilesystem in container securityContext based on reloader.readOnlyRootFileSystem
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: true
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: template is still valid with no defined containerSecurityContext
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.containers[0].securityContext
+
+  - it: template still sets POD_NAME and POD_NAMESPACE environment variables when enableHA is true
+    set:
+      reloader:
+        enableHA: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name

deployments/kubernetes/chart/reloader/values.schema.json

@@ -0,0 +1,19 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "type": "object",
+  "properties": {
+    "reloader": {
+      "type": "object",
+      "properties": {
+        "reloadStrategy": {
+          "type": "string",
+          "enum": [
+            "default",
+            "env-vars",
+            "annotations"
+          ]
+        }
+      }
+    }
+  }
+}

deployments/kubernetes/chart/reloader/values.yaml

@@ -1,15 +1,348 @@
 # Generated from deployments/kubernetes/templates/chart/values.yaml.tmpl
+global:
+  ## Reference to one or more secrets to be used when pulling images
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  imageRegistry: ""
+  imagePullSecrets: []
+  #imagePullSecrets:
+  #  - name: my-pull-secret
 
 kubernetes:
   host: https://kubernetes.default
 
+nameOverride: ""
+fullnameOverride: ""
+
+image:
+  name: stakater/reloader
+  repository: ghcr.io/stakater/reloader
+  tag: v1.4.5
+  # digest: sha256:1234567
+  pullPolicy: IfNotPresent
+
 reloader:
-  labels:
-    provider: stakater
-    group: com.stakater.platform
-    version: 0.0.11
-  image:
-    name: stakater/reloader
-    tag: "0.0.11"
-    pullPolicy: IfNotPresent
-  watchGlobally: true
+  autoReloadAll: false
+  isArgoRollouts: false
+  isOpenshift: false
+  ignoreSecrets: false
+  ignoreConfigMaps: false
+  ignoreJobs: false
+  ignoreCronJobs: false
+  reloadOnCreate: false
+  reloadOnDelete: false
+  syncAfterRestart: false
+  reloadStrategy: default # Set to default, env-vars or annotations
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
+  namespaceSelector: "" # Comma separated list of k8s label selectors for namespaces selection
+  resourceLabelSelector: "" # Comma separated list of k8s label selectors for configmap/secret selection
+  logFormat: "" # json
+  logLevel: info # Log level to use (trace, debug, info, warning, error, fatal and panic)
+  watchGlobally: true
+  # Set to true to enable leadership election allowing you to run multiple replicas
+  enableHA: false
+  # Set to true to enable pprof for profiling
+  enablePProf: false
+  # Address to start pprof server on. Default is ":6060"
+  pprofAddr: ":6060"
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
+  matchLabels: {}
+  # Set to true to expose a prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)
+  enableMetricsByNamespace: false
+  deployment:
+    # If you wish to run multiple replicas set reloader.enableHA = true
+    replicas: 1
+
+    revisionHistoryLimit: 2
+
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
+
+    containerSecurityContext:
+      {}
+      # capabilities:
+      #   drop:
+      #     - ALL
+      # allowPrivilegeEscalation: false
+      # readOnlyRootFilesystem: true
+
+    # A list of tolerations to be applied to the Deployment.
+    # Example:
+    #   tolerations:
+    #   - key: "node-role.kubernetes.io/infra-worker"
+    #     operator: "Exists"
+    #     effect: "NoSchedule"
+    tolerations: []
+
+    # Topology spread constraints for pod assignment
+    # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+    # Example:
+    # topologySpreadConstraints:
+    #   - maxSkew: 1
+    #     topologyKey: zone
+    #     whenUnsatisfiable: DoNotSchedule
+    #     labelSelector:
+    #       matchLabels:
+    #         app.kubernetes.io/instance: my-app
+    topologySpreadConstraints: []
+
+    annotations: {}
+    labels:
+      provider: stakater
+      group: com.stakater.platform
+      version: v1.4.5
+    # Support for extra environment variables.
+    env:
+      # Open supports Key value pair as environment variables.
+      open:
+      # secret supports Key value pair as environment variables. It gets the values based on keys from default reloader secret if any.
+      secret:
+      #  ALERT_ON_RELOAD: <"true"|"false">
+      #  ALERT_SINK: <"slack"> # By default it will be a raw text based webhook
+      #  ALERT_WEBHOOK_URL: <"webhook_url">
+      #  ALERT_ADDITIONAL_INFO: <"Additional Info like Cluster Name if needed">
+      # field supports Key value pair as environment variables. It gets the values from other fields of pod.
+      field:
+      # existing secret, you can specify multiple existing secrets, for each
+      # specify the env var name followed by the key in existing secret that
+      # will be used to populate the env var
+      existing:
+      #  existing_secret_name:
+      #    ALERT_ON_RELOAD: alert_on_reload_key
+      #    ALERT_SINK: alert_sink_key
+      #    ALERT_WEBHOOK_URL: alert_webhook_key
+      #    ALERT_ADDITIONAL_INFO: alert_additional_info_key
+
+    # Liveness and readiness probe timeout values.
+    livenessProbe: {}
+    #  timeoutSeconds: 5
+    #  failureThreshold: 5
+    #  periodSeconds: 10
+    #  successThreshold: 1
+    readinessProbe: {}
+    #  timeoutSeconds: 15
+    #  failureThreshold: 5
+    #  periodSeconds: 10
+    #  successThreshold: 1
+
+    # Specify resource requests/limits for the deployment.
+    # Example:
+    # resources:
+    #   limits:
+    #     cpu: "100m"
+    #     memory: "512Mi"
+    #   requests:
+    #     cpu: "10m"
+    #     memory: "128Mi"
+    resources: {}
+    pod:
+      annotations: {}
+    priorityClassName: ""
+    # imagePullSecrets:
+    #   - name: myregistrykey
+
+    # Put "0" in either to have go runtime ignore the set value.
+    # Otherwise, see https://pkg.go.dev/runtime#hdr-Environment_Variables for GOMAXPROCS and GOMEMLIMIT
+    gomaxprocsOverride: ""
+    gomemlimitOverride: ""
+
+  service:
+    {}
+
+    # labels: {}
+    # annotations: {}
+    # port: 9090
+
+  rbac:
+    enabled: true
+    labels: {}
+  # Service account config for the agent pods
+  serviceAccount:
+    # Specifies whether a ServiceAccount should be created
+    create: true
+    labels: {}
+    annotations: {}
+    # The name of the ServiceAccount to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name:
+  # Optional flags to pass to the Reloader entrypoint
+  # Example:
+  #   custom_annotations:
+  #     configmap: "my.company.com/configmap"
+  #     secret: "my.company.com/secret"
+  custom_annotations: {}
+
+  serviceMonitor:
+    # Deprecated: Service monitor will be removed in future releases of reloader in favour of Pod monitor
+    # Enabling this requires service to be enabled as well, or no endpoints will be found
+    enabled: false
+    # Set the namespace the ServiceMonitor should be deployed
+    # namespace: monitoring
+
+    # Fallback to the prometheus default unless specified
+    # interval: 10s
+
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    # scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    # tlsConfig: {}
+
+    # bearerTokenFile:
+    # Fallback to the prometheus default unless specified
+    # timeout: 30s
+
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    labels: {}
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    # Retain the job and instance labels of the metrics pushed to the Pushgateway
+    # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
+    honorLabels: true
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
+    targetLabels: []
+
+  podMonitor:
+    enabled: false
+    # Set the namespace the podMonitor should be deployed
+    # namespace: monitoring
+
+    # Fallback to the prometheus default unless specified
+    # interval: 10s
+
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    # scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    # tlsConfig: {}
+
+    # bearerTokenSecret:
+    # Fallback to the prometheus default unless specified
+    # timeout: 30s
+
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    labels: {}
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    # Retain the job and instance labels of the metrics pushed to the Pushgateway
+    # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
+    honorLabels: true
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
+    podTargetLabels: []
+
+  podDisruptionBudget:
+    enabled: false
+    # Set the minimum available replicas
+    # minAvailable: 1
+    # OR Set the maximum unavailable replicas
+    # maxUnavailable: 1
+    # If both defined only maxUnavailable will be used
+
+  netpol:
+    enabled: false
+    from: []
+    # - podSelector:
+    #     matchLabels:
+    #       app.kubernetes.io/name: prometheus
+    to: []
+
+  # Enable vertical pod autoscaler
+  verticalPodAutoscaler:
+    enabled: false
+
+    # Recommender responsible for generating recommendation for the object.
+    # List should be empty (then the default recommender will generate the recommendation)
+    # or contain exactly one recommender.
+    # recommenders:
+    # - name: custom-recommender-performance
+
+    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+    controlledResources: []
+    # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
+    # controlledValues: RequestsAndLimits
+
+    # Define the max allowed resources for the pod
+    maxAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+    # Define the min allowed resources for the pod
+    minAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+
+    updatePolicy:
+      # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
+      # minReplicas: 1
+      # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+      # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+      updateMode: Auto
+
+  volumeMounts: []
+
+  volumes: []
+
+  webhookUrl: ""

deployments/kubernetes/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - manifests/clusterrole.yaml
+  - manifests/clusterrolebinding.yaml
+  - manifests/serviceaccount.yaml
+  - manifests/deployment.yaml
+  - manifests/role.yaml

deployments/kubernetes/manifests/clusterrole.yaml

@@ -0,0 +1,60 @@
+---
+# Source: reloader/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: reloader-reloader-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+      - configmaps
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+      - "apps"
+    resources:
+      - deployments
+      - daemonsets
+      - statefulsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "batch"
+    resources:
+      - cronjobs
+    verbs:
+      - list
+      - get
+  - apiGroups:
+      - "batch"
+    resources:
+      - jobs
+    verbs:
+      - create
+      - delete
+      - list
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+---
+# Source: reloader/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: reloader-reloader-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: reloader-reloader-role
+subjects:
+  - kind: ServiceAccount
+    name: reloader-reloader
+    namespace: default

deployments/kubernetes/manifests/deployment.yaml

@@ -1,36 +1,75 @@
 ---
 # Source: reloader/templates/deployment.yaml
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader
+  name: reloader-reloader
+  namespace: default
 spec:
   replicas: 1
   revisionHistoryLimit: 2
   selector:
     matchLabels:
-      app: reloader
-      group: com.stakater.platform
-      provider: stakater
+      app: reloader-reloader
   template:
     metadata:
       labels:
-        app: reloader
-        group: com.stakater.platform
-        provider: stakater
+        app: reloader-reloader
     spec:
       containers:
-      - env:
-        image: "stakater/reloader:0.0.11"
-        imagePullPolicy: IfNotPresent
-        name: reloader
-      serviceAccountName: reloader
-              
+        - image: "ghcr.io/stakater/reloader:v1.4.6"
+          imagePullPolicy: IfNotPresent
+          name: reloader-reloader
+          env:
+            - name: GOMAXPROCS
+              valueFrom:
+                resourceFieldRef:
+                  resource: limits.cpu
+                  divisor: '1'
+            - name: GOMEMLIMIT
+              valueFrom:
+                resourceFieldRef:
+                  resource: limits.memory
+                  divisor: '1'
+            - name: RELOADER_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+
+            - name: RELOADER_DEPLOYMENT_NAME
+              value: reloader-reloader
+          ports:
+            - name: http
+              containerPort: 9090
+          livenessProbe:
+            httpGet:
+              path: /live
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          securityContext: {}
+          resources:
+            limits:
+              cpu: "1"
+              memory: 512Mi
+            requests:
+              cpu: 10m
+              memory: 512Mi
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: reloader-reloader

deployments/kubernetes/manifests/rbac.yaml

@@ -1,73 +0,0 @@
----
-# Source: reloader/templates/rbac.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  labels: 
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader-role
-  namespace: default
-rules:
-  - apiGroups:
-      - ""
-    resources:      
-      - secrets
-      - configmaps
-    verbs:
-      - list
-      - get
-      - watch
-  - apiGroups:
-      - ""
-      - "extensions"
-      - "apps"
-    resources:
-      - deployments
-      - daemonsets
-      - statefulsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  labels: 
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader-role-binding
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: reloader-role
-subjects:
-  - kind: ServiceAccount
-    name: reloader
-    namespace: default

deployments/kubernetes/manifests/role.yaml

@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: reloader-reloader-metadata-role
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - list
+      - get
+      - watch
+      - create
+      - update
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: reloader-reloader-metadata-rolebinding
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: reloader-reloader
+    namespace: default
+roleRef:
+  kind: Role
+  name: reloader-reloader-metadata-role
+  apiGroup: rbac.authorization.k8s.io

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -0,0 +1,7 @@
+---
+# Source: reloader/templates/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: reloader-reloader
+  namespace: default

deployments/kubernetes/reloader.yaml

@@ -1,109 +1,181 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: reloader-reloader
+  namespace: default
 ---
-# Source: reloader/templates/deployment.yaml
-apiVersion: extensions/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: reloader-reloader-metadata-role
+  namespace: default
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - get
+  - watch
+  - create
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: reloader-reloader-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - statefulsets
+  verbs:
+  - list
+  - get
+  - update
+  - patch
+- apiGroups:
+  - extensions
+  resources:
+  - deployments
+  - daemonsets
+  verbs:
+  - list
+  - get
+  - update
+  - patch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - list
+  - get
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - list
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: reloader-reloader-metadata-rolebinding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: reloader-reloader-metadata-role
+subjects:
+- kind: ServiceAccount
+  name: reloader-reloader
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: reloader-reloader-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: reloader-reloader-role
+subjects:
+- kind: ServiceAccount
+  name: reloader-reloader
+  namespace: default
+---
+apiVersion: apps/v1
 kind: Deployment
 metadata:
-  labels:
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader
+  name: reloader-reloader
+  namespace: default
 spec:
   replicas: 1
   revisionHistoryLimit: 2
   selector:
     matchLabels:
-      app: reloader
-      group: com.stakater.platform
-      provider: stakater
+      app: reloader-reloader
   template:
     metadata:
       labels:
-        app: reloader
-        group: com.stakater.platform
-        provider: stakater
+        app: reloader-reloader
     spec:
       containers:
       - env:
-        image: "stakater/reloader:0.0.11"
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              divisor: "1"
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              divisor: "1"
+              resource: limits.memory
+        - name: RELOADER_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: RELOADER_DEPLOYMENT_NAME
+          value: reloader-reloader
+        image: ghcr.io/stakater/reloader:v1.4.6
         imagePullPolicy: IfNotPresent
-        name: reloader
-      serviceAccountName: reloader
-              
----
-# Source: reloader/templates/rbac.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  labels: 
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader-role
-  namespace: default
-rules:
-  - apiGroups:
-      - ""
-    resources:      
-      - secrets
-      - configmaps
-    verbs:
-      - list
-      - get
-      - watch
-  - apiGroups:
-      - ""
-      - "extensions"
-      - "apps"
-    resources:
-      - deployments
-      - daemonsets
-      - statefulsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  labels: 
-    app: reloader
-    group: com.stakater.platform
-    provider: stakater
-    version: 0.0.11
-    chart: "reloader-0.0.11"
-    release: "RELEASE-NAME"
-    heritage: "Tiller"
-  name: reloader-role-binding
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: reloader-role
-subjects:
-  - kind: ServiceAccount
-    name: reloader
-    namespace: default
+        livenessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /live
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        name: reloader-reloader
+        ports:
+        - containerPort: 9090
+          name: http
+        readinessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /metrics
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: "1"
+            memory: 512Mi
+          requests:
+            cpu: 10m
+            memory: 512Mi
+        securityContext: {}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: reloader-reloader

deployments/kubernetes/templates/chart/Chart.yaml.tmpl

@@ -4,10 +4,26 @@ apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
 version: {{ getenv "VERSION" }}
+appVersion: {{ getenv "VERSION" }}
 keywords:
   - Reloader
   - kubernetes
 home: https://github.com/stakater/Reloader
+sources:
+- https://github.com/stakater/IngressMonitorController
+icon: https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png
 maintainers:
 - name: Stakater
-  email: hello@stakater.com
+  email: hello@stakater.com
+- name: rasheedamir
+  email: rasheed@aurorasolutions.io
+- name: waseem-h
+  email: waseemhassan@stakater.com
+- name: faizanahmad055
+  email: faizan.ahmad55@outlook.com
+- name: kahootali
+  email: ali.kahoot@aurorasolutions.io
+- name: ahmadiq
+  email: ahmad@aurorasolutions.io
+- name: ahsan-storm
+  email: ahsanmuhammad1@outlook.com

deployments/kubernetes/templates/chart/values.yaml.tmpl

@@ -1,15 +1,142 @@
 # Generated from deployments/kubernetes/templates/chart/values.yaml.tmpl
+global:
+  ## Reference to one or more secrets to be used when pulling images
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  imagePullSecrets: []
 
 kubernetes:
   host: https://kubernetes.default
 
 reloader:
-  labels:
-    provider: stakater
-    group: com.stakater.platform
-    version: {{ getenv "VERSION" }}
-  image:
-    name: {{ getenv "DOCKER_IMAGE" }}
-    tag: "{{ getenv "VERSION" }}"
-    pullPolicy: IfNotPresent
-  watchGlobally: true
+  isArgoRollouts: false
+  isOpenshift: false
+  ignoreSecrets: false
+  ignoreConfigMaps: false
+  reloadOnCreate: false
+  reloadStrategy: default # Set to default, env-vars or annotations
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
+  logFormat: "" #json
+  watchGlobally: true
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
+  matchLabels: {}
+  # Set to true to expose a prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)
+  enableMetricsByNamespace: false
+  deployment:
+    replicas: 1
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
+    containerSecurityContext: {}
+      # capabilities:
+      #   drop:
+      #     - ALL
+      # allowPrivilegeEscalation: false
+      # readOnlyRootFilesystem: true
+
+    # A list of tolerations to be applied to the Deployment.
+    # Example:
+    #   tolerations:
+    #   - key: "node-role.kubernetes.io/infra-worker"
+    #     operator: "Exists"
+    #     effect: "NoSchedule"
+    tolerations: []
+
+    annotations: {}
+    labels:
+      provider: stakater
+      group: com.stakater.platform
+      version: {{ getenv "VERSION" }}
+    image:
+      name: {{ getenv "DOCKER_IMAGE" }}
+      tag: "{{ getenv "VERSION" }}"
+      pullPolicy: IfNotPresent
+    # Support for extra environment variables.
+    env:
+      # Open supports Key value pair as environment variables.
+      open:
+      # secret supports Key value pair as environment variables. It gets the values based on keys from default reloader secret if any.
+      secret:
+      # field supports Key value pair as environment variables. It gets the values from other fields of pod.
+      field:
+
+    # Specify resource requests/limits for the deployment.
+    # Example:
+    # resources:
+    #   limits:
+    #     cpu: "100m"
+    #     memory: "512Mi"
+    #   requests:
+    #     cpu: "10m"
+    #     memory: "128Mi"
+    resources: {}
+    pod:
+      annotations: {}
+
+  service: {}
+    # labels: {}
+    # annotations: {}
+    # port: 9090
+
+  rbac:
+    enabled: true
+    labels: {}
+  # Service account config for the agent pods
+  serviceAccount:
+    # Specifies whether a ServiceAccount should be created
+    create: true
+    labels: {}
+    annotations: {}
+    # The name of the ServiceAccount to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: 
+  # Optional flags to pass to the Reloader entrypoint
+  # Example:
+  #   custom_annotations:
+  #     configmap: "my.company.com/configmap"
+  #     secret: "my.company.com/secret"
+  custom_annotations: {}
+  serviceMonitor:
+    # enabling this requires service to be enabled as well, or no endpoints will be found
+    enabled: false
+    # Set the namespace the ServiceMonitor should be deployed
+    # namespace: monitoring
+    # Set how frequently Prometheus should scrape
+    # interval: 30s
+    # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
+    # labels:
+    # Set timeout for scrape
+    # timeout: 10s
+  
+
+  podMonitor:
+    # enabling this requires service to be enabled as well, or no endpoints will be found
+    enabled: false
+    # Set the namespace the podMonitor should be deployed
+    # namespace: monitoring
+    # Set how frequently Prometheus should scrape
+    # interval: 30s
+    # Set labels for the podMonitor, use this to define your scrape label for Prometheus Operator
+    # labels:
+    # Set timeout for scrape
+    # timeout: 10s
+  
+  webhookUrl: ""

docs-nginx.conf

@@ -0,0 +1,11 @@
+server {
+    listen 8080;
+    root /usr/share/nginx/html/;
+    index index.html;
+    error_page 403 404 /404.html;
+    location = /404.html {
+        internal;
+    }
+    # redirects issued by nginx will be relative
+    absolute_redirect off;
+}

docs/Alerting.md

@@ -0,0 +1,18 @@
+# Alerting on Reload
+
+Reloader can alert when it triggers a rolling upgrade on Deployments or StatefulSets. Webhook notification alert would be sent to the configured webhook server with all the required information.
+
+## Enabling
+
+In-order to enable this feature, you need to update the `reloader.env.secret` section of `values.yaml` providing the information needed for alert:
+
+```yaml
+      ALERT_ON_RELOAD: [ true/false ] Default: false
+      ALERT_SINK: [ slack/teams/gchat/webhook ] Default: webhook
+      ALERT_WEBHOOK_URL: Required if ALERT_ON_RELOAD is true
+      ALERT_ADDITIONAL_INFO: Any additional information to be added to alert
+```
+
+## Slack Incoming-Webhook Creation Docs
+
+[Sending messages using Incoming Webhooks](https://api.slack.com/messaging/webhooks)

docs/Container Build.md

@@ -0,0 +1,53 @@
+# Container Build
+
+> **WARNING:** As a user of Reloader there is no need to build containers, the open source version is available on [Docker Hub](https://hub.docker.com/r/stakater/reloader/).
+
+Multi-architecture approach is based on original work by [@mdh02038](https://github.com/mdh02038/Reloader).
+
+Images are tested on linux/arm, linux/arm64 and linux/amd64.
+
+## Install Pre-Reqs
+
+The build environment requires the following packages (tested on `Ubuntu 20.04`):
+
+* Golang
+* `make`
+* `qemu` (for arm, arm64 etc. emulation)
+* binfmt-support
+* Docker engine
+
+## Docker
+
+Follow instructions on [Install using the apt repository](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository).
+
+Once installed, enable the experimental CLI:
+
+```bash
+export DOCKER_CLI_EXPERIMENTAL=enabled
+```
+
+Login to enable publishing of packages:
+
+```bash
+sudo docker login
+```
+
+## Remaining Pre-Reqs
+
+Remaining Pre-Reqs can be installed via:
+
+```bash
+sudo apt install golang make qemu-user-static binfmt-support -y
+```
+
+## Publish Multi-Architecture Image
+
+To build/ publish multi-arch Docker images clone repository and execute from repository root:
+
+```bash
+sudo make release-all
+```
+
+## Additional Links/Info
+
+[Building Multi-Architecture Docker Images With `Buildx`](https://medium.com/@artur.klauser/building-multi-architecture-docker-images-with-buildx-27d80f7e2408)

docs/Helm2-to-Helm3.md

@@ -0,0 +1,68 @@
+# Helm2 to Helm3 Migration
+
+Follow below-mentioned instructions to migrate Reloader from Helm2 to Helm3
+
+## Instructions
+
+There are 3 steps involved in migrating the Reloader from Helm2 to Helm3.
+
+### Step 1
+
+Install the `helm-2to3` plugin
+
+```bash
+helm3 plugin install https://github.com/helm/helm-2to3
+
+helm3 2to3 convert <release-name>
+
+helm3 2to3 cleanup --release-cleanup --skip-confirmation
+```
+
+### Step 2
+
+Add the following Helm3 labels and annotations on Reloader resources.
+
+Label:
+
+```yaml
+app.kubernetes.io/managed-by=Helm
+```
+
+Annotations:
+
+```yaml
+meta.helm.sh/release-name=<release-name>
+meta.helm.sh/release-namespace=<namespace>
+```
+
+For example, to label and annotate the ClusterRoleBinding and ClusterRole:
+
+```bash
+KIND=ClusterRoleBinding
+NAME=reloader-reloader-role-binding
+RELEASE=reloader
+NAMESPACE=kube-system
+kubectl annotate $KIND $NAME meta.helm.sh/release-name=$RELEASE
+kubectl annotate $KIND $NAME meta.helm.sh/release-namespace=$NAMESPACE
+kubectl label $KIND $NAME app.kubernetes.io/managed-by=Helm
+
+KIND=ClusterRole
+NAME=reloader-reloader-role
+RELEASE=reloader
+NAMESPACE=kube-system
+kubectl annotate $KIND $NAME meta.helm.sh/release-name=$RELEASE
+kubectl annotate $KIND $NAME meta.helm.sh/release-namespace=$NAMESPACE
+kubectl label $KIND $NAME app.kubernetes.io/managed-by=Helm
+```
+
+### Step 3
+
+Upgrade to desired version
+
+```bash
+helm3 repo add stakater https://stakater.github.io/stakater-charts
+
+helm3 repo update
+
+helm3 upgrade <release-name> stakater/reloader --version=v0.0.72
+```

docs/How-it-works.md

@@ -1,23 +1,34 @@
-# How it works?
+# How Does Reloader Work?
 
-Reloader watches for `ConfigMap` and `Secret` and detects if there are changes in data of these objects. After change detection reloader performs rolling upgrade on relevant Pods via associated `Deployment`, `Deamonset` and `Statefulset`.
+Reloader watches for `ConfigMap` and `Secret` and detects if there are changes in data of these objects. After change detection Reloader performs rolling upgrade on relevant Pods via associated `Deployment`, `Daemonset` and `Statefulset`:
 
-## How change detection works
+```mermaid
+flowchart LR
+    subgraph Reloader
+    controller("Controller watches in a loop") -- "Detects a change" --> upgrade_handler("Upgrade handler checks if the change is a valid data change by comparing the change hash")
+    upgrade_handler -- "Update resource" --> update_resource("Updates the resource with computed hash of change")
+    end
+    Reloader -- "Watches" --> secret_configmaps("Secrets/ConfigMaps")
+    Reloader -- "Updates resources with Reloader environment variable" --> resources("Deployments/DaemonSets/StatefulSets resources with Reloader annotation")
+    resources -- "Restart pods based on StrategyType" --> Pods
+```
 
-Reloader watches changes in `configmaps` and `secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
+## How Does Change Detection Work?
 
-## Requirements for rolling upgrade
+Reloader watches changes in `ConfigMaps` and `Secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
+
+## Requirements for Rolling Upgrade
 
 To perform rolling upgrade a `deployment`, `daemonset` or `statefulset` must have
 
 - support for rolling upgrade strategy
-- specific annotation for `configmaps` or `secrets`
+- specific annotation for `ConfigMaps` or `Secrets`
 
-The annotation value is comma separated list of `configmaps` or `secrets`. If a change is detected in data of these `configmaps` or `secrets`, reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.
+The annotation value is comma separated list of `ConfigMaps` or `Secrets`. If a change is detected in data of these `ConfigMaps` or `Secrets`, Reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.
 
-### Annotation for Configmap
+### Annotation for ConfigMap
 
-For a `Deployment` called `foo` have a `ConfigMap` called `foo`. Then add this annotation to your `Deployment`
+For a `Deployment` called `foo` have a `ConfigMap` called `foo`. Then add this annotation* to your `Deployment`, where the default annotation can be changed with the `--configmap-annotation` flag:
 
 ```yaml
 metadata:
@@ -27,7 +38,7 @@ metadata:
 
 ### Annotation for Secret
 
-For a `Deployment` called `foo` have a `Secret` called `foo`. Then add this annotation to your `Deployment`
+For a `Deployment` called `foo` have a `Secret` called `foo`. Then add this annotation to your `Deployment`, where the default annotation can be changed with the `--secret-annotation` flag:
 
 ```yaml
 metadata:
@@ -35,23 +46,23 @@ metadata:
     secret.reloader.stakater.com/reload: "foo"
 ```
 
-Above mentioned annotation are also work for `Daemonsets` and `Statefulsets`
+Above mentioned annotation are also work for `Daemonsets` `Statefulsets` and `Rollouts`
 
-## How Rolling upgrade works?
+## How Does Rolling Upgrade Work?
 
-When reloader detects changes in configmap. It gets two objects of configmap. First object is an old configmap object which has a state before the latest change. Second object is new configmap object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If reloader finds any change in new configmap object, only then, it move forward with rolling upgrade.
+When Reloader detects changes in `ConfigMap`. It gets two objects of `ConfigMap`. First object is an old `ConfigMap` object which has a state before the latest change. Second object is new `ConfigMap` object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If Reloader finds any change in new `ConfigMap` object, only then, it moves forward with rolling upgrade.
 
-After that, reloader gets the list of all deployments, daemonsets and statefulset and looks for above mentioned annotation for configmap. If the annotation value contains the configmap name, it then looks for an environment variable which can contain the configmap or secret data change hash.
+After that, Reloader gets the list of all `deployments`, `daemonsets` and `statefulset` and looks for above mentioned annotation for `ConfigMap`. If the annotation value contains the `ConfigMap` name, it then looks for an environment variable which can contain the `ConfigMap` or secret data change hash.
 
-### Environment variable for Configmap
+### Environment Variable for ConfigMap
 
-If configmap name is foo then
+If `ConfigMap` name is foo then
 
 ```yaml
 STAKATER_FOO_CONFIGMAP
 ```
 
-### Environment variable for Secret
+### Environment Variable for Secret
 
 If Secret name is foo then
 
@@ -59,19 +70,24 @@ If Secret name is foo then
 STAKATER_FOO_SECRET
 ```
 
-If the environment variable is found then it gets its value and compares it with new configmap hash value. If old value in environment variable is different from new hash value then reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from configmap and updates the relevant `deployment`, `daemonset` or `statefulset`
+If the environment variable is found then it gets its value and compares it with new `ConfigMap` hash value. If old value in environment variable is different from new hash value then Reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from `ConfigMap` and updates the relevant `deployment`, `daemonset` or `statefulset`
 
 Note: Rolling upgrade also works in the same way for secrets.
 
-### Hash value Computation
+### Hash Value Computation
 
 Reloader uses SHA1 to compute hash value. SHA1 is used because it is efficient and less prone to collision.
 
 ## Monitor All Namespaces
 
-By default reloader deploys in default namespace and monitors changes in all namespaces. To monitor changes in a specific namespace deploy the reloader in that namespace and set the `watchGlobally` flag to `false` in values file located under `deployments/kubernetes/chart/reloader`
-And render manifest file using helm command
+By default Reloader deploys in default namespace and monitors changes in all namespaces. To monitor changes in a specific namespace deploy the Reloader in that namespace and set the `watchGlobally` flag to `false` in values file located under `deployments/kubernetes/chart/reloader` and render manifest file using helm command:
+
 ```bash
 helm --namespace {replace this with namespace name} template . > reloader.yaml
 ```
-The output file can then be used to deploy reloader in specific namespace.
+
+The output file can then be used to deploy Reloader in specific namespace.
+
+## Compatibility With Helm Install and Upgrade
+
+Reloader has no impact on helm deployment cycle. Reloader only injects an environment variable in  `deployment`, `daemonset` or `statefulset`. The environment variable contains the SHA1 value of `ConfigMaps` or `Secrets` data. So  if a deployment is created using Helm and Reloader updates the deployment, then next time you upgrade the helm release, Reloader will do nothing except changing that environment variable value in `deployment` , `daemonset` or `statefulset`.

docs/Reloader-vs-ConfigmapController.md

@@ -1,10 +1,11 @@
 # Reloader vs ConfigmapController
 
-Reloader is inspired from [configmapcontroller](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from configmapController. Below is the small comparison between these two controllers.
+Reloader is inspired from [`configmapcontroller`](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from `configmapcontroller`. Below is the small comparison between these two controllers.
 
-| Configmap                                                                                                                                                                                                                                                          | Reloader                                                                                                                                                                                                                                                                                                                 |
-|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| ConfigmapController can only watch changes in `configmaps`. It cannot detect changes in other resources like `secrets`.                                                                                                                                        | Reloader on the other hand can watch and detect changes in both `secrets` and `configmaps`.                                                                                                                                                                                                                                                    |
-| ConfigmapController can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          | Reloader on the other hand can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   |
-| Currently there are no unit test cases or end to end integration test cases in configmap controller. It add difficulties for any additional updates in configmap controller and one can not know for sure if new changes break any older functionality or not. | Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any older functionality.                                                                                                                                               |
-| Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               | Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is also very less pron to collision. |
+| Reloader                                                                                                                                                                                                                                                                                                                 | ConfigMap                                                                                                                                                                                                                                                          |
+|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Reloader can watch both `Secrets` and `ConfigMaps`.                                                                                                                                                                                                                                                    | `configmapcontroller` can only watch changes in `ConfigMaps`. It cannot detect changes in other resources like `Secrets`.                                                                                                                                        |
+| Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | `configmapcontroller` can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
+| Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in `configmap-controller`. It add difficulties for any additional updates in `configmap-controller` and one can not know for sure whether new changes breaks any old functionality or not. |
+| Reloader uses SHA1 to encode the change in `ConfigMap` or `Secret`. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. |  `configmap-controller` uses `FABRICB_FOO_REVISION` environment variable to store any change in `ConfigMap` controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
+| Reloader allows you to customize your own annotation (for both `Secrets` and `ConfigMaps`) using command line flags | `configmap-controller` restricts you to only their provided annotation |

docs/Reloader-vs-k8s-trigger-controller.md

@@ -4,25 +4,43 @@ Reloader and k8s-trigger-controller are both built for same purpose. So there ar
 
 ## Similarities
 
-- Both controllers support change detection in configmap and secrets
-- Both controllers support deployment rollout
+- Both controllers support change detection in `ConfigMaps` and `Secrets`
+- Both controllers support deployment `rollout`
 - Both controllers use SHA1 for hashing
 - Both controllers have end to end as well as unit test cases.
 
 ## Differences
 
-### Support for Daemonsets and Statefulsets.
+### Support for `Daemonsets` and `Statefulsets`
 
-#### k8s-trigger-controller:
-k8s-trigger-controller only support for deployment rollout. It does not support daemonsets and statefulsets rollout.
+#### `k8s-trigger-controller`
 
-#### Reloader:
-Reloader supports deployment rollout as well as daemonsets and statefulsets rollout.
+`k8s-trigger-controller` only support for deployment `rollout`. It does not support `daemonsets` and `statefulsets` `rollout`.
 
-### Hashing usage
+#### Reloader
 
-#### k8s-trigger-controller:
-k8s-trigger-controller stores the hash value in an annotation `trigger.k8s.io/[secret|configMap]-NAME-last-hash`
+Reloader supports deployment `rollout` as well as `daemonsets` and `statefulsets` `rollout`.
 
-#### Reloader:
-Reloader stores the hash value in an environment variable `STAKATER_NAME_[SECRET|CONFIGMAP]`
+### Hashing Usage
+
+#### `k8s-trigger-controller`
+
+`k8s-trigger-controller` stores the hash value in an annotation `trigger.k8s.io/[secret|configMap]-NAME-last-hash`
+
+#### Reloader
+
+Reloader stores the hash value in an environment variable `STAKATER_NAME_[SECRET|CONFIGMAP]`
+
+### Customization
+
+#### `k8s-trigger-controller`
+
+`k8s-trigger-controller` restricts you to using the `trigger.k8s.io/[secret-configMap]-NAME-last-hash` annotation
+
+#### Reloader
+
+Reloader allows you to customize the annotation to fit your needs with command line flags:
+
+- `--auto-annotation <annotation>`
+- `--configmap-annotation <annotation>`
+- `--secret-annotation <annotation>`

docs/Reloader-with-Sealed-Secrets.md

@@ -0,0 +1,14 @@
+# Using Reloader with Sealed Secrets
+
+Below are the steps to use Reloader with Sealed Secrets:
+
+1. Download and install the kubeseal client from [here](https://github.com/bitnami-labs/sealed-secrets)
+1. Install the controller for Sealed Secrets
+1. Fetch the encryption certificate
+1. Encrypt the secret
+1. Apply the secret
+1. Install the tool which uses that Sealed Secret
+1. Install Reloader
+1. Once everything is setup, update the original secret at client and encrypt it with kubeseal to see Reloader working
+1. Apply the updated Sealed Secret
+1. Reloader will restart the pod to use that updated secret

docs/Verify-Reloader-Working.md

@@ -1,10 +1,10 @@
 # Verify Reloader's Working
 
-Reloader's working can be verified by two ways.
+Reloader's working can be verified by three ways.
 
-## Verify from logs
+## Verify From Logs
 
-Check the logs of reloader and verify that you can see logs looks like below, if you are able to find these logs then it means reloader is working.
+Check the logs of Reloader and verify that you can see logs looks like below, if you are able to find these logs then it means Reloader is working.
 
 ```text
 Changes Detected in test-object of type 'SECRET' in namespace: test-reloader
@@ -14,38 +14,62 @@ Updated test-resource of type Deployment in namespace: test-reloader
 
 Below are the details that explain these logs:
 
-### test-object
+### `test-object`
 
-`test-object` is the name of a `secret` or a `deployment` in which change has been detected.
+`test-object` is the name of a `secret` or a `configmap` in which change has been detected.
 
-### SECRET
+### `SECRET`
 
 `SECRET` is the type of `test-object`. It can either be `SECRET` or `CONFIGMAP`
 
-### test-reloader
+### `test-reloader`
 
-`test-reloader` is the name of namespace in which reloader has detected the change.
+`test-reloader` is the name of namespace in which Reloader has detected the change.
 
-### test-resource
+### `test-resource`
 
 `test-resource` is the name of resource which is going to be updated
 
-### Deployment
+### `Deployment`
 
 `Deployment` is the type of `test-resource`. It can either be a `Deployment`, `Daemonset` or `Statefulset`
 
-## Verify by checking the age of Pod
+## Verify by Checking the Age of Pod
 
-A pod's age can tell whether reloader is working correctly or not. If you know that a change in a `secret` or `configmap` has occurred, then check the relevant Pod's age immediately. It should be newly created few moments ago.
+A pod's age can tell whether Reloader is working correctly or not. If you know that a change in a `secret` or `configmap` has occurred, then check the relevant Pod's age immediately. It should be newly created few moments ago.
 
-### Verify from kubernetes Dashboard
+### Verify from Kubernetes Dashboard
 
 `kubernetes dashboard` can be used to verify the working of Reloader. After a change in `secret` or `configmap`, check the relevant Pod's age from dashboard. It should be newly created few moments ago.
 
-### Verify from command line
+### Verify from Command Line
 
-After a change in `secret` or `configmap`. Run the below mentioned command and verify that the pod is newly created.
+After a change in `secret` or `configmap`. Run the below-mentioned command and verify that the pod is newly created.
 
 ```bash
 kubectl get pods <pod name> -n <namespace name>
 ```
+
+## Verify From Metrics
+
+Some metrics are exported to Prometheus endpoint `/metrics` on port `9090`.
+
+When Reloader is unable to reload, `reloader_reload_executed_total{success="false"}` metric gets incremented and when it reloads successfully, `reloader_reload_executed_total{success="true"}` gets incremented. You will be able to see the following metrics, with some other metrics, at `/metrics` endpoint.
+
+```text
+reloader_reload_executed_total{success="false"} 15
+reloader_reload_executed_total{success="true"} 12
+```
+
+### Reloads by Namespace
+
+Reloader can also export a metric to show the number of reloads by namespace. This feature is disabled by default, as it can lead to high cardinality in clusters with many namespaces.
+
+The metric will have both `success` and `namespace` as attributes:
+
+```text
+reloader_reload_executed_total{success="false", namespace="some-namespace"} 2
+reloader_reload_executed_total{success="true", namespace="some-namespace"} 1
+```
+
+To opt in, set the environment variable `METRICS_COUNT_BY_NAMESPACE` to `enabled` or set the Helm value `reloader.enableMetricsByNamespace` to `true`.

docs/index.md

@@ -0,0 +1,12 @@
+# Introduction
+
+Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `DeploymentConfigs`, `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts`.
+
+These are the key features of Reloader:
+
+1. Restart pod in a `deployment` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `daemonset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `statefulset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `rollout` on change in linked/related `ConfigMaps` or `Secrets`
+
+This site contains more details on how Reloader works. For an overview, please see the repository's [README file](https://github.com/stakater/Reloader/blob/master/README.md).

glide.lock

@@ -1,269 +0,0 @@
-hash: b6fe060028bdb1249ba2413746476c2550b267eeab3c166c36a86e000a8dd354
-updated: 2018-07-24T21:12:43.027181463+05:00
-imports:
-- name: github.com/davecgh/go-spew
-  version: 782f4967f2dc4564575ca782fe2d04090b5faca8
-  subpackages:
-  - spew
-- name: github.com/emicklei/go-restful
-  version: ff4f55a206334ef123e4f79bbf348980da81ca46
-  subpackages:
-  - log
-- name: github.com/emicklei/go-restful-swagger12
-  version: dcef7f55730566d41eae5db10e7d6981829720f6
-- name: github.com/ghodss/yaml
-  version: 73d445a93680fa1a78ae23a5839bad48f32ba1ee
-- name: github.com/go-openapi/jsonpointer
-  version: 46af16f9f7b149af66e5d1bd010e3574dc06de98
-- name: github.com/go-openapi/jsonreference
-  version: 13c6e3589ad90f49bd3e3bbe2c2cb3d7a4142272
-- name: github.com/go-openapi/spec
-  version: 6aced65f8501fe1217321abf0749d354824ba2ff
-- name: github.com/go-openapi/swag
-  version: 1d0bd113de87027671077d3c71eb3ac5d7dbba72
-- name: github.com/gogo/protobuf
-  version: c0656edd0d9eab7c66d1eb0c568f9039345796f7
-  subpackages:
-  - proto
-  - sortkeys
-- name: github.com/golang/glog
-  version: 44145f04b68cf362d9c4df2182967c2275eaefed
-- name: github.com/golang/protobuf
-  version: 4bd1920723d7b7c925de087aa32e2187708897f7
-  subpackages:
-  - proto
-  - ptypes
-  - ptypes/any
-  - ptypes/duration
-  - ptypes/timestamp
-- name: github.com/google/btree
-  version: 7d79101e329e5a3adf994758c578dab82b90c017
-- name: github.com/google/gofuzz
-  version: 44d81051d367757e1c7c6a5a86423ece9afcf63c
-- name: github.com/googleapis/gnostic
-  version: 0c5108395e2debce0d731cf0287ddf7242066aba
-  subpackages:
-  - OpenAPIv2
-  - compiler
-  - extensions
-- name: github.com/gregjones/httpcache
-  version: 787624de3eb7bd915c329cba748687a3b22666a6
-  subpackages:
-  - diskcache
-- name: github.com/hashicorp/golang-lru
-  version: a0d98a5f288019575c6d1f4bb1573fef2d1fcdc4
-  subpackages:
-  - simplelru
-- name: github.com/howeyc/gopass
-  version: bf9dde6d0d2c004a008c27aaee91170c786f6db8
-- name: github.com/imdario/mergo
-  version: 6633656539c1639d9d78127b7d47c622b5d7b6dc
-- name: github.com/inconshreveable/mousetrap
-  version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-- name: github.com/json-iterator/go
-  version: 36b14963da70d11297d313183d7e6388c8510e1e
-- name: github.com/juju/ratelimit
-  version: 5b9ff866471762aa2ab2dced63c9fb6f53921342
-- name: github.com/mailru/easyjson
-  version: d5b7844b561a7bc640052f1b935f7b800330d7e0
-  subpackages:
-  - buffer
-  - jlexer
-  - jwriter
-- name: github.com/peterbourgon/diskv
-  version: 5f041e8faa004a95c88a202771f4cc3e991971e6
-- name: github.com/PuerkitoBio/purell
-  version: 8a290539e2e8629dbc4e6bad948158f790ec31f4
-- name: github.com/PuerkitoBio/urlesc
-  version: 5bd2802263f21d8788851d5305584c82a5c75d7e
-- name: github.com/sirupsen/logrus
-  version: c155da19408a8799da419ed3eeb0cb5db0ad5dbc
-- name: github.com/spf13/cobra
-  version: ef82de70bb3f60c65fb8eebacbb2d122ef517385
-- name: github.com/spf13/pflag
-  version: 583c0c0531f06d5278b7d917446061adc344b5cd
-- name: golang.org/x/crypto
-  version: 81e90905daefcd6fd217b62423c0908922eadb30
-  subpackages:
-  - ssh/terminal
-- name: golang.org/x/net
-  version: 1c05540f6879653db88113bc4a2b70aec4bd491f
-  subpackages:
-  - context
-  - http2
-  - http2/hpack
-  - idna
-  - lex/httplex
-- name: golang.org/x/sys
-  version: 7ddbeae9ae08c6a06a59597f0c9edbc5ff2444ce
-  subpackages:
-  - unix
-  - windows
-- name: golang.org/x/text
-  version: b19bf474d317b857955b12035d2c5acb57ce8b01
-  subpackages:
-  - cases
-  - internal
-  - internal/tag
-  - language
-  - runes
-  - secure/bidirule
-  - secure/precis
-  - transform
-  - unicode/bidi
-  - unicode/norm
-  - width
-- name: gopkg.in/inf.v0
-  version: 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
-- name: gopkg.in/yaml.v2
-  version: 53feefa2559fb8dfa8d81baad31be332c97d6c77
-- name: k8s.io/api
-  version: fe29995db37613b9c5b2a647544cf627bfa8d299
-  subpackages:
-  - admissionregistration/v1alpha1
-  - apps/v1beta1
-  - apps/v1beta2
-  - authentication/v1
-  - authentication/v1beta1
-  - authorization/v1
-  - authorization/v1beta1
-  - autoscaling/v1
-  - autoscaling/v2beta1
-  - batch/v1
-  - batch/v1beta1
-  - batch/v2alpha1
-  - certificates/v1beta1
-  - core/v1
-  - extensions/v1beta1
-  - networking/v1
-  - policy/v1beta1
-  - rbac/v1
-  - rbac/v1alpha1
-  - rbac/v1beta1
-  - scheduling/v1alpha1
-  - settings/v1alpha1
-  - storage/v1
-  - storage/v1beta1
-- name: k8s.io/apimachinery
-  version: 019ae5ada31de202164b118aee88ee2d14075c31
-  subpackages:
-  - pkg/api/equality
-  - pkg/api/errors
-  - pkg/api/meta
-  - pkg/api/resource
-  - pkg/apis/meta/internalversion
-  - pkg/apis/meta/v1
-  - pkg/apis/meta/v1/unstructured
-  - pkg/apis/meta/v1alpha1
-  - pkg/conversion
-  - pkg/conversion/queryparams
-  - pkg/conversion/unstructured
-  - pkg/fields
-  - pkg/labels
-  - pkg/runtime
-  - pkg/runtime/schema
-  - pkg/runtime/serializer
-  - pkg/runtime/serializer/json
-  - pkg/runtime/serializer/protobuf
-  - pkg/runtime/serializer/recognizer
-  - pkg/runtime/serializer/streaming
-  - pkg/runtime/serializer/versioning
-  - pkg/selection
-  - pkg/types
-  - pkg/util/cache
-  - pkg/util/clock
-  - pkg/util/diff
-  - pkg/util/errors
-  - pkg/util/framer
-  - pkg/util/intstr
-  - pkg/util/json
-  - pkg/util/net
-  - pkg/util/runtime
-  - pkg/util/sets
-  - pkg/util/validation
-  - pkg/util/validation/field
-  - pkg/util/wait
-  - pkg/util/yaml
-  - pkg/version
-  - pkg/watch
-  - third_party/forked/golang/reflect
-- name: k8s.io/client-go
-  version: 35874c597fed17ca62cd197e516d7d5ff9a2958c
-  subpackages:
-  - discovery
-  - discovery/fake
-  - kubernetes
-  - kubernetes/fake
-  - kubernetes/scheme
-  - kubernetes/typed/admissionregistration/v1alpha1
-  - kubernetes/typed/admissionregistration/v1alpha1/fake
-  - kubernetes/typed/apps/v1beta1
-  - kubernetes/typed/apps/v1beta1/fake
-  - kubernetes/typed/apps/v1beta2
-  - kubernetes/typed/apps/v1beta2/fake
-  - kubernetes/typed/authentication/v1
-  - kubernetes/typed/authentication/v1/fake
-  - kubernetes/typed/authentication/v1beta1
-  - kubernetes/typed/authentication/v1beta1/fake
-  - kubernetes/typed/authorization/v1
-  - kubernetes/typed/authorization/v1/fake
-  - kubernetes/typed/authorization/v1beta1
-  - kubernetes/typed/authorization/v1beta1/fake
-  - kubernetes/typed/autoscaling/v1
-  - kubernetes/typed/autoscaling/v1/fake
-  - kubernetes/typed/autoscaling/v2beta1
-  - kubernetes/typed/autoscaling/v2beta1/fake
-  - kubernetes/typed/batch/v1
-  - kubernetes/typed/batch/v1/fake
-  - kubernetes/typed/batch/v1beta1
-  - kubernetes/typed/batch/v1beta1/fake
-  - kubernetes/typed/batch/v2alpha1
-  - kubernetes/typed/batch/v2alpha1/fake
-  - kubernetes/typed/certificates/v1beta1
-  - kubernetes/typed/certificates/v1beta1/fake
-  - kubernetes/typed/core/v1
-  - kubernetes/typed/core/v1/fake
-  - kubernetes/typed/extensions/v1beta1
-  - kubernetes/typed/extensions/v1beta1/fake
-  - kubernetes/typed/networking/v1
-  - kubernetes/typed/networking/v1/fake
-  - kubernetes/typed/policy/v1beta1
-  - kubernetes/typed/policy/v1beta1/fake
-  - kubernetes/typed/rbac/v1
-  - kubernetes/typed/rbac/v1/fake
-  - kubernetes/typed/rbac/v1alpha1
-  - kubernetes/typed/rbac/v1alpha1/fake
-  - kubernetes/typed/rbac/v1beta1
-  - kubernetes/typed/rbac/v1beta1/fake
-  - kubernetes/typed/scheduling/v1alpha1
-  - kubernetes/typed/scheduling/v1alpha1/fake
-  - kubernetes/typed/settings/v1alpha1
-  - kubernetes/typed/settings/v1alpha1/fake
-  - kubernetes/typed/storage/v1
-  - kubernetes/typed/storage/v1/fake
-  - kubernetes/typed/storage/v1beta1
-  - kubernetes/typed/storage/v1beta1/fake
-  - pkg/version
-  - rest
-  - rest/watch
-  - testing
-  - tools/auth
-  - tools/cache
-  - tools/clientcmd
-  - tools/clientcmd/api
-  - tools/clientcmd/api/latest
-  - tools/clientcmd/api/v1
-  - tools/metrics
-  - tools/pager
-  - tools/reference
-  - transport
-  - util/cert
-  - util/flowcontrol
-  - util/homedir
-  - util/integer
-  - util/workqueue
-- name: k8s.io/kube-openapi
-  version: 868f2f29720b192240e18284659231b440f9cda5
-  subpackages:
-  - pkg/common
-testImports: []

glide.yaml

@@ -1,14 +0,0 @@
-package: github.com/stakater/Reloader
-import:
-- package: k8s.io/api
-  version: kubernetes-1.8.0
-- package: k8s.io/apimachinery
-  version: kubernetes-1.8.0
-- package: k8s.io/client-go
-  version: 5.0.0
-- package: github.com/spf13/cobra
-  version: 0.0.3
-- package: github.com/spf13/pflag
-  version: 1.0.1
-- package: github.com/sirupsen/logrus
-  version: 1.0.5

go.mod

@@ -0,0 +1,94 @@
+module github.com/stakater/Reloader
+
+go 1.24.4
+
+require (
+	github.com/argoproj/argo-rollouts v1.8.2
+	github.com/openshift/api v0.0.0-20250411135543-10a8fa583797
+	github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2
+	github.com/parnurzeal/gorequest v0.3.0
+	github.com/prometheus/client_golang v1.22.0
+	github.com/sirupsen/logrus v1.9.3
+	github.com/spf13/cobra v1.9.1
+	github.com/stretchr/testify v1.10.0
+	k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.32.3
+	k8s.io/kubectl v0.32.3
+	k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.1 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/moul/http2curl v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.63.0 // indirect
+	github.com/prometheus/procfs v0.16.0 // indirect
+	github.com/smartystreets/goconvey v1.7.2 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)
+
+// Replacements for argo-rollouts
+replace (
+	github.com/go-check/check => github.com/go-check/check v0.0.0-20201130134442-10cb98267c6c
+	k8s.io/api v0.0.0 => k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.0.0 => k8s.io/client-go v0.32.3
+	k8s.io/cloud-provider v0.0.0 => k8s.io/cloud-provider v0.24.2
+	k8s.io/controller-manager v0.0.0 => k8s.io/controller-manager v0.24.2
+	k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.20.5-rc.0
+	k8s.io/csi-translation-lib v0.0.0 => k8s.io/csi-translation-lib v0.24.2
+	k8s.io/kube-aggregator v0.0.0 => k8s.io/kube-aggregator v0.24.2
+	k8s.io/kube-controller-manager v0.0.0 => k8s.io/kube-controller-manager v0.24.2
+	k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.24.2
+	k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.24.2
+	k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.32.3
+	k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.24.2
+	k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.24.2
+	k8s.io/mount-utils v0.0.0 => k8s.io/mount-utils v0.20.5-rc.0
+	k8s.io/sample-apiserver v0.0.0 => k8s.io/sample-apiserver v0.24.2
+	k8s.io/sample-cli-plugin v0.0.0 => k8s.io/sample-cli-plugin v0.24.2
+	k8s.io/sample-controller v0.0.0 => k8s.io/sample-controller v0.24.2
+)

go.sum

@@ -0,0 +1,198 @@
+github.com/argoproj/argo-rollouts v1.8.2 h1:DBvkYvFTEH/zJ9MxJerqz/NMWEgZcHY5vxztyCBS5ak=
+github.com/argoproj/argo-rollouts v1.8.2/go.mod h1:xZIw+dg+B4IqMv5fNPenIBUiPb9xljL2st1xxkjhaC0=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 h1:1NyRx2f4W4WBRyg0Kys0ZbaNmDDzZ2R/C7DTi+bbsJ0=
+github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380/go.mod h1:thX175TtLTzLj3p7N/Q9IiKZ7NF+p72cvL91emV0hzo=
+github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
+github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
+github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
+github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
+github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797 h1:8x3G8QOZqo2bRAL8JFlPz/odqQECI/XmlZeRwnFxJ8I=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2 h1:bPXR0R8zp1o12nSUphN26hSM+OKYq5pMorbDCpApzDQ=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2/go.mod h1:dT1cJyVTperQ53GvVRa+GZ27r02fDZy2k5j+9QoQsCo=
+github.com/parnurzeal/gorequest v0.3.0 h1:SoFyqCDC9COr1xuS6VA8fC8RU7XyrJZN2ona1kEX7FI=
+github.com/parnurzeal/gorequest v0.3.0/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=
+github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=
+github.com/prometheus/procfs v0.16.0 h1:xh6oHhKwnOJKMYiYBDWmkHqQPyiY40sny36Cmx2bbsM=
+github.com/prometheus/procfs v0.16.0/go.mod h1:8veyXUu3nGP7oaCxhX6yeaM5u4stL2FeMXnCqhDthZg=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
+github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
+github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/kubectl v0.32.3 h1:VMi584rbboso+yjfv0d8uBHwwxbC438LKq+dXd5tOAI=
+k8s.io/kubectl v0.32.3/go.mod h1:6Euv2aso5GKzo/UVMacV6C7miuyevpfI91SvBvV9Zdg=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e h1:KqK5c/ghOm8xkHYhlodbp6i6+r+ChV2vuAuVRdFbLro=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

internal/pkg/alerts/alert.go

@@ -0,0 +1,144 @@
+package alert
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/parnurzeal/gorequest"
+	"github.com/sirupsen/logrus"
+)
+
+// function to send alert msg to webhook service
+func SendWebhookAlert(msg string) {
+	webhook_url, ok := os.LookupEnv("ALERT_WEBHOOK_URL")
+	if !ok {
+		logrus.Error("ALERT_WEBHOOK_URL env variable not provided")
+		return
+	}
+	webhook_url = strings.TrimSpace(webhook_url)
+	alert_sink := os.Getenv("ALERT_SINK")
+	alert_sink = strings.ToLower(strings.TrimSpace(alert_sink))
+
+	// Provision to add Proxy to reach webhook server if required
+	webhook_proxy := os.Getenv("ALERT_WEBHOOK_PROXY")
+	webhook_proxy = strings.TrimSpace(webhook_proxy)
+
+	// Provision to add Additional information in the alert. e.g ClusterName
+	alert_additional_info, ok := os.LookupEnv("ALERT_ADDITIONAL_INFO")
+	if ok {
+		alert_additional_info = strings.TrimSpace(alert_additional_info)
+		msg = fmt.Sprintf("%s : %s", alert_additional_info, msg)
+	}
+
+	if alert_sink == "slack" {
+		sendSlackAlert(webhook_url, webhook_proxy, msg)
+	} else if alert_sink == "teams" {
+		sendTeamsAlert(webhook_url, webhook_proxy, msg)
+	} else if alert_sink == "gchat" {
+		sendGoogleChatAlert(webhook_url, webhook_proxy, msg)
+	} else {
+		msg = strings.Replace(msg, "*", "", -1)
+		sendRawWebhookAlert(webhook_url, webhook_proxy, msg)
+	}
+}
+
+// function to handle server redirection
+func redirectPolicy(req gorequest.Request, via []gorequest.Request) error {
+	return fmt.Errorf("incorrect token (redirection)")
+}
+
+// function to send alert to slack
+func sendSlackAlert(webhookUrl string, proxy string, msg string) []error {
+	attachment := Attachment{
+		Text:       msg,
+		Color:      "good",
+		AuthorName: "Reloader",
+	}
+
+	payload := WebhookMessage{
+		Attachments: []Attachment{attachment},
+	}
+
+	request := gorequest.New().Proxy(proxy)
+	resp, _, err := request.
+		Post(webhookUrl).
+		RedirectPolicy(redirectPolicy).
+		Send(payload).
+		End()
+
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode >= 400 {
+		return []error{fmt.Errorf("error sending msg. status: %v", resp.Status)}
+	}
+
+	return nil
+}
+
+// function to send alert to Microsoft Teams webhook
+func sendTeamsAlert(webhookUrl string, proxy string, msg string) []error {
+	attachment := Attachment{
+		Text: msg,
+	}
+
+	request := gorequest.New().Proxy(proxy)
+	resp, _, err := request.
+		Post(webhookUrl).
+		RedirectPolicy(redirectPolicy).
+		Send(attachment).
+		End()
+
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode != 200 {
+		return []error{fmt.Errorf("error sending msg. status: %v", resp.Status)}
+	}
+
+	return nil
+}
+
+// function to send alert to Google Chat webhook
+func sendGoogleChatAlert(webhookUrl string, proxy string, msg string) []error {
+	payload := map[string]interface{}{
+		"text": msg,
+	}
+
+	request := gorequest.New().Proxy(proxy)
+	resp, _, err := request.
+		Post(webhookUrl).
+		RedirectPolicy(redirectPolicy).
+		Send(payload).
+		End()
+
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode != 200 {
+		return []error{fmt.Errorf("error sending msg. status: %v", resp.Status)}
+	}
+
+	return nil
+}
+
+// function to send alert to webhook service as text
+func sendRawWebhookAlert(webhookUrl string, proxy string, msg string) []error {
+	request := gorequest.New().Proxy(proxy)
+	resp, _, err := request.
+		Post(webhookUrl).
+		Type("text").
+		RedirectPolicy(redirectPolicy).
+		Send(msg).
+		End()
+
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode >= 400 {
+		return []error{fmt.Errorf("error sending msg. status: %v", resp.Status)}
+	}
+
+	return nil
+}

internal/pkg/alerts/slack_alert.go

@@ -0,0 +1,61 @@
+package alert
+
+type WebhookMessage struct {
+	Username        string       `json:"username,omitempty"`
+	IconEmoji       string       `json:"icon_emoji,omitempty"`
+	IconURL         string       `json:"icon_url,omitempty"`
+	Channel         string       `json:"channel,omitempty"`
+	ThreadTimestamp string       `json:"thread_ts,omitempty"`
+	Text            string       `json:"text,omitempty"`
+	Attachments     []Attachment `json:"attachments,omitempty"`
+	Parse           string       `json:"parse,omitempty"`
+	ResponseType    string       `json:"response_type,omitempty"`
+	ReplaceOriginal bool         `json:"replace_original,omitempty"`
+	DeleteOriginal  bool         `json:"delete_original,omitempty"`
+	ReplyBroadcast  bool         `json:"reply_broadcast,omitempty"`
+}
+
+type Attachment struct {
+	Color    string `json:"color,omitempty"`
+	Fallback string `json:"fallback,omitempty"`
+
+	CallbackID string `json:"callback_id,omitempty"`
+	ID         int    `json:"id,omitempty"`
+
+	AuthorID      string `json:"author_id,omitempty"`
+	AuthorName    string `json:"author_name,omitempty"`
+	AuthorSubname string `json:"author_subname,omitempty"`
+	AuthorLink    string `json:"author_link,omitempty"`
+	AuthorIcon    string `json:"author_icon,omitempty"`
+
+	Title     string `json:"title,omitempty"`
+	TitleLink string `json:"title_link,omitempty"`
+	Pretext   string `json:"pretext,omitempty"`
+	Text      string `json:"text,omitempty"`
+
+	ImageURL string `json:"image_url,omitempty"`
+	ThumbURL string `json:"thumb_url,omitempty"`
+
+	ServiceName string `json:"service_name,omitempty"`
+	ServiceIcon string `json:"service_icon,omitempty"`
+	FromURL     string `json:"from_url,omitempty"`
+	OriginalURL string `json:"original_url,omitempty"`
+
+	MarkdownIn []string `json:"mrkdwn_in,omitempty"`
+
+	Footer     string `json:"footer,omitempty"`
+	FooterIcon string `json:"footer_icon,omitempty"`
+}
+
+type Field struct {
+	Title string `json:"title"`
+	Value string `json:"value"`
+	Short bool   `json:"short"`
+}
+
+type Action struct {
+	Type  string `json:"type"`
+	Text  string `json:"text"`
+	Url   string `json:"url"`
+	Style string `json:"style"`
+}

internal/pkg/callbacks/rolling_upgrade.go

@@ -1,91 +1,579 @@
 package callbacks
 
 import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
 	"github.com/sirupsen/logrus"
-	"github.com/stakater/Reloader/internal/pkg/util"
-	apps_v1beta1 "k8s.io/api/apps/v1beta1"
-	"k8s.io/api/core/v1"
-	"k8s.io/api/extensions/v1beta1"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/pkg/kube"
+	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
+	v1 "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
+	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"
+
+	"maps"
+
+	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 )
 
-//ItemsFunc is a generic function to return a specific resource array in given namespace
-type ItemsFunc func(kubernetes.Interface, string) []interface{}
+// ItemFunc is a generic function to return a specific resource in given namespace
+type ItemFunc func(kube.Clients, string, string) (runtime.Object, error)
 
-//ContainersFunc is a generic func to return containers
-type ContainersFunc func(interface{}) []v1.Container
+// ItemsFunc is a generic function to return a specific resource array in given namespace
+type ItemsFunc func(kube.Clients, string) []runtime.Object
 
-//UpdateFunc performs the resource update
-type UpdateFunc func(kubernetes.Interface, string, interface{}) error
+// ContainersFunc is a generic func to return containers
+type ContainersFunc func(runtime.Object) []v1.Container
 
-//RollingUpgradeFuncs contains generic functions to perform rolling upgrade
+// InitContainersFunc is a generic func to return containers
+type InitContainersFunc func(runtime.Object) []v1.Container
+
+// VolumesFunc is a generic func to return volumes
+type VolumesFunc func(runtime.Object) []v1.Volume
+
+// UpdateFunc performs the resource update
+type UpdateFunc func(kube.Clients, string, runtime.Object) error
+
+// PatchFunc performs the resource patch
+type PatchFunc func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error
+
+// PatchTemplateFunc is a generic func to return strategic merge JSON patch template
+type PatchTemplatesFunc func() PatchTemplates
+
+// AnnotationsFunc is a generic func to return annotations
+type AnnotationsFunc func(runtime.Object) map[string]string
+
+// PodAnnotationsFunc is a generic func to return annotations
+type PodAnnotationsFunc func(runtime.Object) map[string]string
+
+// RollingUpgradeFuncs contains generic functions to perform rolling upgrade
 type RollingUpgradeFuncs struct {
-	ItemsFunc      ItemsFunc
-	ContainersFunc ContainersFunc
-	UpdateFunc     UpdateFunc
-	ResourceType   string
+	ItemFunc               ItemFunc
+	ItemsFunc              ItemsFunc
+	AnnotationsFunc        AnnotationsFunc
+	PodAnnotationsFunc     PodAnnotationsFunc
+	ContainersFunc         ContainersFunc
+	ContainerPatchPathFunc ContainersFunc
+	InitContainersFunc     InitContainersFunc
+	UpdateFunc             UpdateFunc
+	PatchFunc              PatchFunc
+	PatchTemplatesFunc     PatchTemplatesFunc
+	VolumesFunc            VolumesFunc
+	ResourceType           string
+	SupportsPatch          bool
+}
+
+// PatchTemplates contains merge JSON patch templates
+type PatchTemplates struct {
+	AnnotationTemplate   string
+	EnvVarTemplate       string
+	DeleteEnvVarTemplate string
+}
+
+// GetDeploymentItem returns the deployment in given namespace
+func GetDeploymentItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	deployment, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get deployment %v", err)
+		return nil, err
+	}
+
+	if deployment.Spec.Template.ObjectMeta.Annotations == nil {
+		annotations := make(map[string]string)
+		deployment.Spec.Template.ObjectMeta.Annotations = annotations
+	}
+
+	return deployment, nil
 }
 
 // GetDeploymentItems returns the deployments in given namespace
-func GetDeploymentItems(client kubernetes.Interface, namespace string) []interface{} {
-	deployments, err := client.ExtensionsV1beta1().Deployments(namespace).List(meta_v1.ListOptions{})
+func GetDeploymentItems(clients kube.Clients, namespace string) []runtime.Object {
+	deployments, err := clients.KubernetesClient.AppsV1().Deployments(namespace).List(context.TODO(), meta_v1.ListOptions{})
 	if err != nil {
 		logrus.Errorf("Failed to list deployments %v", err)
 	}
-	return util.InterfaceSlice(deployments.Items)
+
+	items := make([]runtime.Object, len(deployments.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range deployments.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			annotations := make(map[string]string)
+			deployments.Items[i].Spec.Template.ObjectMeta.Annotations = annotations
+		}
+		items[i] = &deployments.Items[i]
+	}
+
+	return items
 }
 
-// GetDaemonSetItems returns the daemonSet in given namespace
-func GetDaemonSetItems(client kubernetes.Interface, namespace string) []interface{} {
-	daemonSets, err := client.ExtensionsV1beta1().DaemonSets(namespace).List(meta_v1.ListOptions{})
+// GetCronJobItem returns the job in given namespace
+func GetCronJobItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	cronjob, err := clients.KubernetesClient.BatchV1().CronJobs(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get cronjob %v", err)
+		return nil, err
+	}
+
+	return cronjob, nil
+}
+
+// GetCronJobItems returns the jobs in given namespace
+func GetCronJobItems(clients kube.Clients, namespace string) []runtime.Object {
+	cronjobs, err := clients.KubernetesClient.BatchV1().CronJobs(namespace).List(context.TODO(), meta_v1.ListOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to list cronjobs %v", err)
+	}
+
+	items := make([]runtime.Object, len(cronjobs.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range cronjobs.Items {
+		if v.Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations == nil {
+			annotations := make(map[string]string)
+			cronjobs.Items[i].Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations = annotations
+		}
+		items[i] = &cronjobs.Items[i]
+	}
+
+	return items
+}
+
+// GetJobItem returns the job in given namespace
+func GetJobItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	job, err := clients.KubernetesClient.BatchV1().Jobs(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get job %v", err)
+		return nil, err
+	}
+
+	return job, nil
+}
+
+// GetJobItems returns the jobs in given namespace
+func GetJobItems(clients kube.Clients, namespace string) []runtime.Object {
+	jobs, err := clients.KubernetesClient.BatchV1().Jobs(namespace).List(context.TODO(), meta_v1.ListOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to list jobs %v", err)
+	}
+
+	items := make([]runtime.Object, len(jobs.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range jobs.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			annotations := make(map[string]string)
+			jobs.Items[i].Spec.Template.ObjectMeta.Annotations = annotations
+		}
+		items[i] = &jobs.Items[i]
+	}
+
+	return items
+}
+
+// GetDaemonSetItem returns the daemonSet in given namespace
+func GetDaemonSetItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	daemonSet, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get daemonSet %v", err)
+		return nil, err
+	}
+
+	return daemonSet, nil
+}
+
+// GetDaemonSetItems returns the daemonSets in given namespace
+func GetDaemonSetItems(clients kube.Clients, namespace string) []runtime.Object {
+	daemonSets, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).List(context.TODO(), meta_v1.ListOptions{})
 	if err != nil {
 		logrus.Errorf("Failed to list daemonSets %v", err)
 	}
-	return util.InterfaceSlice(daemonSets.Items)
+
+	items := make([]runtime.Object, len(daemonSets.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range daemonSets.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			daemonSets.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+		items[i] = &daemonSets.Items[i]
+	}
+
+	return items
 }
 
-// GetStatefulSetItems returns the statefulSet in given namespace
-func GetStatefulSetItems(client kubernetes.Interface, namespace string) []interface{} {
-	statefulSets, err := client.AppsV1beta1().StatefulSets(namespace).List(meta_v1.ListOptions{})
+// GetStatefulSetItem returns the statefulSet in given namespace
+func GetStatefulSetItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	statefulSet, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get statefulSet %v", err)
+		return nil, err
+	}
+
+	return statefulSet, nil
+}
+
+// GetStatefulSetItems returns the statefulSets in given namespace
+func GetStatefulSetItems(clients kube.Clients, namespace string) []runtime.Object {
+	statefulSets, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).List(context.TODO(), meta_v1.ListOptions{})
 	if err != nil {
 		logrus.Errorf("Failed to list statefulSets %v", err)
 	}
-	return util.InterfaceSlice(statefulSets.Items)
+
+	items := make([]runtime.Object, len(statefulSets.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range statefulSets.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			statefulSets.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+		items[i] = &statefulSets.Items[i]
+	}
+
+	return items
+}
+
+// GetRolloutItem returns the rollout in given namespace
+func GetRolloutItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	rollout, err := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get Rollout %v", err)
+		return nil, err
+	}
+
+	return rollout, nil
+}
+
+// GetRolloutItems returns the rollouts in given namespace
+func GetRolloutItems(clients kube.Clients, namespace string) []runtime.Object {
+	rollouts, err := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).List(context.TODO(), meta_v1.ListOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to list Rollouts %v", err)
+	}
+
+	items := make([]runtime.Object, len(rollouts.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range rollouts.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			rollouts.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+		items[i] = &rollouts.Items[i]
+	}
+
+	return items
+}
+
+// GetDeploymentAnnotations returns the annotations of given deployment
+func GetDeploymentAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.Deployment).ObjectMeta.Annotations == nil {
+		item.(*appsv1.Deployment).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.Deployment).ObjectMeta.Annotations
+}
+
+// GetCronJobAnnotations returns the annotations of given cronjob
+func GetCronJobAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.CronJob).ObjectMeta.Annotations == nil {
+		item.(*batchv1.CronJob).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*batchv1.CronJob).ObjectMeta.Annotations
+}
+
+// GetJobAnnotations returns the annotations of given job
+func GetJobAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.Job).ObjectMeta.Annotations == nil {
+		item.(*batchv1.Job).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*batchv1.Job).ObjectMeta.Annotations
+}
+
+// GetDaemonSetAnnotations returns the annotations of given daemonSet
+func GetDaemonSetAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.DaemonSet).ObjectMeta.Annotations == nil {
+		item.(*appsv1.DaemonSet).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.DaemonSet).ObjectMeta.Annotations
+}
+
+// GetStatefulSetAnnotations returns the annotations of given statefulSet
+func GetStatefulSetAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.StatefulSet).ObjectMeta.Annotations == nil {
+		item.(*appsv1.StatefulSet).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.StatefulSet).ObjectMeta.Annotations
+}
+
+// GetRolloutAnnotations returns the annotations of given rollout
+func GetRolloutAnnotations(item runtime.Object) map[string]string {
+	if item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations == nil {
+		item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations
+}
+
+// GetDeploymentPodAnnotations returns the pod's annotations of given deployment
+func GetDeploymentPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations
+}
+
+// GetCronJobPodAnnotations returns the pod's annotations of given cronjob
+func GetCronJobPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations
+}
+
+// GetJobPodAnnotations returns the pod's annotations of given job
+func GetJobPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations
+}
+
+// GetDaemonSetPodAnnotations returns the pod's annotations of given daemonSet
+func GetDaemonSetPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations
+}
+
+// GetStatefulSetPodAnnotations returns the pod's annotations of given statefulSet
+func GetStatefulSetPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations
+}
+
+// GetRolloutPodAnnotations returns the pod's annotations of given rollout
+func GetRolloutPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
+	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations
 }
 
 // GetDeploymentContainers returns the containers of given deployment
-func GetDeploymentContainers(item interface{}) []v1.Container {
-	return item.(v1beta1.Deployment).Spec.Template.Spec.Containers
+func GetDeploymentContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.Deployment).Spec.Template.Spec.Containers
 }
 
-// GetDaemonSetContainers returns the containers of given daemonset
-func GetDaemonSetContainers(item interface{}) []v1.Container {
-	return item.(v1beta1.DaemonSet).Spec.Template.Spec.Containers
+// GetCronJobContainers returns the containers of given cronjob
+func GetCronJobContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.Containers
 }
 
-// GetStatefulsetContainers returns the containers of given statefulSet
-func GetStatefulsetContainers(item interface{}) []v1.Container {
-	return item.(apps_v1beta1.StatefulSet).Spec.Template.Spec.Containers
+// GetJobContainers returns the containers of given job
+func GetJobContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.Job).Spec.Template.Spec.Containers
+}
+
+// GetDaemonSetContainers returns the containers of given daemonSet
+func GetDaemonSetContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.DaemonSet).Spec.Template.Spec.Containers
+}
+
+// GetStatefulSetContainers returns the containers of given statefulSet
+func GetStatefulSetContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.StatefulSet).Spec.Template.Spec.Containers
+}
+
+// GetRolloutContainers returns the containers of given rollout
+func GetRolloutContainers(item runtime.Object) []v1.Container {
+	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.Containers
+}
+
+// GetDeploymentInitContainers returns the containers of given deployment
+func GetDeploymentInitContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.Deployment).Spec.Template.Spec.InitContainers
+}
+
+// GetCronJobInitContainers returns the containers of given cronjob
+func GetCronJobInitContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.InitContainers
+}
+
+// GetJobInitContainers returns the containers of given job
+func GetJobInitContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.Job).Spec.Template.Spec.InitContainers
+}
+
+// GetDaemonSetInitContainers returns the containers of given daemonSet
+func GetDaemonSetInitContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.DaemonSet).Spec.Template.Spec.InitContainers
+}
+
+// GetStatefulSetInitContainers returns the containers of given statefulSet
+func GetStatefulSetInitContainers(item runtime.Object) []v1.Container {
+	return item.(*appsv1.StatefulSet).Spec.Template.Spec.InitContainers
+}
+
+// GetRolloutInitContainers returns the containers of given rollout
+func GetRolloutInitContainers(item runtime.Object) []v1.Container {
+	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.InitContainers
+}
+
+// GetPatchTemplates returns patch templates
+func GetPatchTemplates() PatchTemplates {
+	return PatchTemplates{
+		AnnotationTemplate:   `{"spec":{"template":{"metadata":{"annotations":{"%s":"%s"}}}}}`,                                   // strategic merge patch
+		EnvVarTemplate:       `{"spec":{"template":{"spec":{"containers":[{"name":"%s","env":[{"name":"%s","value":"%s"}]}]}}}}`, // strategic merge patch
+		DeleteEnvVarTemplate: `[{"op":"remove","path":"/spec/template/spec/containers/%d/env/%d"}]`,                              // JSON patch
+	}
 }
 
 // UpdateDeployment performs rolling upgrade on deployment
-func UpdateDeployment(client kubernetes.Interface, namespace string, resource interface{}) error {
-	deployment := resource.(v1beta1.Deployment)
-	_, err := client.ExtensionsV1beta1().Deployments(namespace).Update(&deployment)
+func UpdateDeployment(clients kube.Clients, namespace string, resource runtime.Object) error {
+	deployment := resource.(*appsv1.Deployment)
+	_, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Update(context.TODO(), deployment, meta_v1.UpdateOptions{FieldManager: "Reloader"})
 	return err
 }
 
+// PatchDeployment performs rolling upgrade on deployment
+func PatchDeployment(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	deployment := resource.(*appsv1.Deployment)
+	_, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Patch(context.TODO(), deployment.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
+	return err
+}
+
+// CreateJobFromCronjob performs rolling upgrade on cronjob
+func CreateJobFromCronjob(clients kube.Clients, namespace string, resource runtime.Object) error {
+	cronJob := resource.(*batchv1.CronJob)
+
+	annotations := make(map[string]string)
+	annotations["cronjob.kubernetes.io/instantiate"] = "manual"
+	maps.Copy(annotations, cronJob.Spec.JobTemplate.Annotations)
+
+	job := &batchv1.Job{
+		ObjectMeta: meta_v1.ObjectMeta{
+			GenerateName:    cronJob.Name + "-",
+			Namespace:       cronJob.Namespace,
+			Annotations:     annotations,
+			Labels:          cronJob.Spec.JobTemplate.Labels,
+			OwnerReferences: []meta_v1.OwnerReference{*meta_v1.NewControllerRef(cronJob, batchv1.SchemeGroupVersion.WithKind("CronJob"))},
+		},
+		Spec: cronJob.Spec.JobTemplate.Spec,
+	}
+	_, err := clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, meta_v1.CreateOptions{FieldManager: "Reloader"})
+	return err
+}
+
+func PatchCronJob(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: CronJob")
+}
+
+// ReCreateJobFromjob performs rolling upgrade on job
+func ReCreateJobFromjob(clients kube.Clients, namespace string, resource runtime.Object) error {
+	oldJob := resource.(*batchv1.Job)
+	job := oldJob.DeepCopy()
+
+	// Delete the old job
+	policy := meta_v1.DeletePropagationBackground
+	err := clients.KubernetesClient.BatchV1().Jobs(namespace).Delete(context.TODO(), job.Name, meta_v1.DeleteOptions{PropagationPolicy: &policy})
+	if err != nil {
+		return err
+	}
+
+	// Remove fields that should not be specified when creating a new Job
+	job.ObjectMeta.ResourceVersion = ""
+	job.ObjectMeta.UID = ""
+	job.ObjectMeta.CreationTimestamp = meta_v1.Time{}
+	job.Status = batchv1.JobStatus{}
+
+	// Remove problematic labels
+	delete(job.Spec.Template.Labels, "controller-uid")
+	delete(job.Spec.Template.Labels, batchv1.ControllerUidLabel)
+	delete(job.Spec.Template.Labels, batchv1.JobNameLabel)
+	delete(job.Spec.Template.Labels, "job-name")
+
+	// Remove the selector to allow it to be auto-generated
+	job.Spec.Selector = nil
+
+	// Create the new job with same spec
+	_, err = clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, meta_v1.CreateOptions{FieldManager: "Reloader"})
+	return err
+}
+
+func PatchJob(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: Job")
+}
+
 // UpdateDaemonSet performs rolling upgrade on daemonSet
-func UpdateDaemonSet(client kubernetes.Interface, namespace string, resource interface{}) error {
-	daemonSet := resource.(v1beta1.DaemonSet)
-	_, err := client.ExtensionsV1beta1().DaemonSets(namespace).Update(&daemonSet)
+func UpdateDaemonSet(clients kube.Clients, namespace string, resource runtime.Object) error {
+	daemonSet := resource.(*appsv1.DaemonSet)
+	_, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).Update(context.TODO(), daemonSet, meta_v1.UpdateOptions{FieldManager: "Reloader"})
 	return err
 }
 
-// UpdateStatefulset performs rolling upgrade on statefulSet
-func UpdateStatefulset(client kubernetes.Interface, namespace string, resource interface{}) error {
-	statefulSet := resource.(apps_v1beta1.StatefulSet)
-	_, err := client.AppsV1beta1().StatefulSets(namespace).Update(&statefulSet)
+func PatchDaemonSet(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	daemonSet := resource.(*appsv1.DaemonSet)
+	_, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).Patch(context.TODO(), daemonSet.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
 	return err
 }
+
+// UpdateStatefulSet performs rolling upgrade on statefulSet
+func UpdateStatefulSet(clients kube.Clients, namespace string, resource runtime.Object) error {
+	statefulSet := resource.(*appsv1.StatefulSet)
+	_, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).Update(context.TODO(), statefulSet, meta_v1.UpdateOptions{FieldManager: "Reloader"})
+	return err
+}
+
+func PatchStatefulSet(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	statefulSet := resource.(*appsv1.StatefulSet)
+	_, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).Patch(context.TODO(), statefulSet.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
+	return err
+}
+
+// UpdateRollout performs rolling upgrade on rollout
+func UpdateRollout(clients kube.Clients, namespace string, resource runtime.Object) error {
+	rollout := resource.(*argorolloutv1alpha1.Rollout)
+	strategy := rollout.GetAnnotations()[options.RolloutStrategyAnnotation]
+	var err error
+	switch options.ToArgoRolloutStrategy(strategy) {
+	case options.RestartStrategy:
+		_, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Patch(context.TODO(), rollout.Name, patchtypes.MergePatchType, []byte(fmt.Sprintf(`{"spec": {"restartAt": "%s"}}`, time.Now().Format(time.RFC3339))), meta_v1.PatchOptions{FieldManager: "Reloader"})
+	case options.RolloutStrategy:
+		_, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Update(context.TODO(), rollout, meta_v1.UpdateOptions{FieldManager: "Reloader"})
+	}
+	return err
+}
+
+func PatchRollout(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: Rollout")
+}
+
+// GetDeploymentVolumes returns the Volumes of given deployment
+func GetDeploymentVolumes(item runtime.Object) []v1.Volume {
+	return item.(*appsv1.Deployment).Spec.Template.Spec.Volumes
+}
+
+// GetCronJobVolumes returns the Volumes of given cronjob
+func GetCronJobVolumes(item runtime.Object) []v1.Volume {
+	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.Volumes
+}
+
+// GetJobVolumes returns the Volumes of given job
+func GetJobVolumes(item runtime.Object) []v1.Volume {
+	return item.(*batchv1.Job).Spec.Template.Spec.Volumes
+}
+
+// GetDaemonSetVolumes returns the Volumes of given daemonSet
+func GetDaemonSetVolumes(item runtime.Object) []v1.Volume {
+	return item.(*appsv1.DaemonSet).Spec.Template.Spec.Volumes
+}
+
+// GetStatefulSetVolumes returns the Volumes of given statefulSet
+func GetStatefulSetVolumes(item runtime.Object) []v1.Volume {
+	return item.(*appsv1.StatefulSet).Spec.Template.Spec.Volumes
+}
+
+// GetRolloutVolumes returns the Volumes of given rollout
+func GetRolloutVolumes(item runtime.Object) []v1.Volume {
+	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.Volumes
+}

internal/pkg/callbacks/rolling_upgrade_test.go

@@ -0,0 +1,773 @@
+package callbacks_test
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	"k8s.io/client-go/kubernetes/fake"
+
+	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
+	fakeargoclientset "github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned/fake"
+	patchtypes "k8s.io/apimachinery/pkg/types"
+
+	"github.com/stakater/Reloader/internal/pkg/callbacks"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/testutil"
+	"github.com/stakater/Reloader/pkg/kube"
+)
+
+var (
+	clients = setupTestClients()
+)
+
+type testFixtures struct {
+	defaultContainers     []v1.Container
+	defaultInitContainers []v1.Container
+	defaultVolumes        []v1.Volume
+	namespace             string
+}
+
+func newTestFixtures() testFixtures {
+	return testFixtures{
+		defaultContainers:     []v1.Container{{Name: "container1"}, {Name: "container2"}},
+		defaultInitContainers: []v1.Container{{Name: "init-container1"}, {Name: "init-container2"}},
+		defaultVolumes:        []v1.Volume{{Name: "volume1"}, {Name: "volume2"}},
+		namespace:             "default",
+	}
+}
+
+func setupTestClients() kube.Clients {
+	return kube.Clients{
+		KubernetesClient:  fake.NewSimpleClientset(),
+		ArgoRolloutClient: fakeargoclientset.NewSimpleClientset(),
+	}
+}
+
+// TestUpdateRollout test update rollout strategy annotation
+func TestUpdateRollout(t *testing.T) {
+	namespace := "test-ns"
+
+	cases := map[string]struct {
+		name      string
+		strategy  string
+		isRestart bool
+	}{
+		"test-without-strategy": {
+			name:      "defaults to rollout strategy",
+			strategy:  "",
+			isRestart: false,
+		},
+		"test-with-restart-strategy": {
+			name:      "triggers a restart strategy",
+			strategy:  "restart",
+			isRestart: true,
+		},
+		"test-with-rollout-strategy": {
+			name:      "triggers a rollout strategy",
+			strategy:  "rollout",
+			isRestart: false,
+		},
+	}
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			rollout, err := testutil.CreateRollout(
+				clients.ArgoRolloutClient, name, namespace,
+				map[string]string{options.RolloutStrategyAnnotation: tc.strategy},
+			)
+			if err != nil {
+				t.Errorf("creating rollout: %v", err)
+			}
+			modifiedChan := watchRollout(rollout.Name, namespace)
+
+			err = callbacks.UpdateRollout(clients, namespace, rollout)
+			if err != nil {
+				t.Errorf("updating rollout: %v", err)
+			}
+			rollout, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(
+				namespace).Get(context.TODO(), rollout.Name, metav1.GetOptions{})
+
+			if err != nil {
+				t.Errorf("getting rollout: %v", err)
+			}
+			if isRestartStrategy(rollout) == tc.isRestart {
+				t.Errorf("Should not be a restart strategy")
+			}
+			select {
+			case <-modifiedChan:
+				// object has been modified
+			case <-time.After(1 * time.Second):
+				t.Errorf("Rollout has not been updated")
+			}
+		})
+	}
+}
+
+func TestPatchRollout(t *testing.T) {
+	namespace := "test-ns"
+	rollout := testutil.GetRollout(namespace, "test", map[string]string{options.RolloutStrategyAnnotation: ""})
+	err := callbacks.PatchRollout(clients, namespace, rollout, patchtypes.StrategicMergePatchType, []byte(`{"spec": {}}`))
+	assert.EqualError(t, err, "not supported patching: Rollout")
+}
+
+func TestResourceItem(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name        string
+		createFunc  func(kube.Clients, string, string) (runtime.Object, error)
+		getItemFunc func(kube.Clients, string, string) (runtime.Object, error)
+		deleteFunc  func(kube.Clients, string, string) error
+	}{
+		{
+			name:        "Deployment",
+			createFunc:  createTestDeploymentWithAnnotations,
+			getItemFunc: callbacks.GetDeploymentItem,
+			deleteFunc:  deleteTestDeployment,
+		},
+		{
+			name:        "CronJob",
+			createFunc:  createTestCronJobWithAnnotations,
+			getItemFunc: callbacks.GetCronJobItem,
+			deleteFunc:  deleteTestCronJob,
+		},
+		{
+			name:        "Job",
+			createFunc:  createTestJobWithAnnotations,
+			getItemFunc: callbacks.GetJobItem,
+			deleteFunc:  deleteTestJob,
+		},
+		{
+			name:        "DaemonSet",
+			createFunc:  createTestDaemonSetWithAnnotations,
+			getItemFunc: callbacks.GetDaemonSetItem,
+			deleteFunc:  deleteTestDaemonSet,
+		},
+		{
+			name:        "StatefulSet",
+			createFunc:  createTestStatefulSetWithAnnotations,
+			getItemFunc: callbacks.GetStatefulSetItem,
+			deleteFunc:  deleteTestStatefulSet,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			_, err = tt.getItemFunc(clients, accessor.GetName(), fixtures.namespace)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestResourceItems(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name          string
+		createFunc    func(kube.Clients, string) error
+		getItemsFunc  func(kube.Clients, string) []runtime.Object
+		deleteFunc    func(kube.Clients, string) error
+		expectedCount int
+	}{
+		{
+			name:          "Deployments",
+			createFunc:    createTestDeployments,
+			getItemsFunc:  callbacks.GetDeploymentItems,
+			deleteFunc:    deleteTestDeployments,
+			expectedCount: 2,
+		},
+		{
+			name:          "CronJobs",
+			createFunc:    createTestCronJobs,
+			getItemsFunc:  callbacks.GetCronJobItems,
+			deleteFunc:    deleteTestCronJobs,
+			expectedCount: 2,
+		},
+		{
+			name:          "Jobs",
+			createFunc:    createTestJobs,
+			getItemsFunc:  callbacks.GetJobItems,
+			deleteFunc:    deleteTestJobs,
+			expectedCount: 2,
+		},
+		{
+			name:          "DaemonSets",
+			createFunc:    createTestDaemonSets,
+			getItemsFunc:  callbacks.GetDaemonSetItems,
+			deleteFunc:    deleteTestDaemonSets,
+			expectedCount: 2,
+		},
+		{
+			name:          "StatefulSets",
+			createFunc:    createTestStatefulSets,
+			getItemsFunc:  callbacks.GetStatefulSetItems,
+			deleteFunc:    deleteTestStatefulSets,
+			expectedCount: 2,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.createFunc(clients, fixtures.namespace)
+			assert.NoError(t, err)
+
+			items := tt.getItemsFunc(clients, fixtures.namespace)
+			assert.Equal(t, tt.expectedCount, len(items))
+		})
+	}
+}
+
+func TestGetAnnotations(t *testing.T) {
+	testAnnotations := map[string]string{"version": "1"}
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) map[string]string
+	}{
+		{"Deployment", &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetDeploymentAnnotations},
+		{"CronJob", &batchv1.CronJob{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetCronJobAnnotations},
+		{"Job", &batchv1.Job{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetJobAnnotations},
+		{"DaemonSet", &appsv1.DaemonSet{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetDaemonSetAnnotations},
+		{"StatefulSet", &appsv1.StatefulSet{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetStatefulSetAnnotations},
+		{"Rollout", &argorolloutv1alpha1.Rollout{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetRolloutAnnotations},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, testAnnotations, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetPodAnnotations(t *testing.T) {
+	testAnnotations := map[string]string{"version": "1"}
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) map[string]string
+	}{
+		{"Deployment", createResourceWithPodAnnotations(&appsv1.Deployment{}, testAnnotations), callbacks.GetDeploymentPodAnnotations},
+		{"CronJob", createResourceWithPodAnnotations(&batchv1.CronJob{}, testAnnotations), callbacks.GetCronJobPodAnnotations},
+		{"Job", createResourceWithPodAnnotations(&batchv1.Job{}, testAnnotations), callbacks.GetJobPodAnnotations},
+		{"DaemonSet", createResourceWithPodAnnotations(&appsv1.DaemonSet{}, testAnnotations), callbacks.GetDaemonSetPodAnnotations},
+		{"StatefulSet", createResourceWithPodAnnotations(&appsv1.StatefulSet{}, testAnnotations), callbacks.GetStatefulSetPodAnnotations},
+		{"Rollout", createResourceWithPodAnnotations(&argorolloutv1alpha1.Rollout{}, testAnnotations), callbacks.GetRolloutPodAnnotations},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, testAnnotations, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetContainers(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Container
+	}{
+		{"Deployment", createResourceWithContainers(&appsv1.Deployment{}, fixtures.defaultContainers), callbacks.GetDeploymentContainers},
+		{"DaemonSet", createResourceWithContainers(&appsv1.DaemonSet{}, fixtures.defaultContainers), callbacks.GetDaemonSetContainers},
+		{"StatefulSet", createResourceWithContainers(&appsv1.StatefulSet{}, fixtures.defaultContainers), callbacks.GetStatefulSetContainers},
+		{"CronJob", createResourceWithContainers(&batchv1.CronJob{}, fixtures.defaultContainers), callbacks.GetCronJobContainers},
+		{"Job", createResourceWithContainers(&batchv1.Job{}, fixtures.defaultContainers), callbacks.GetJobContainers},
+		{"Rollout", createResourceWithContainers(&argorolloutv1alpha1.Rollout{}, fixtures.defaultContainers), callbacks.GetRolloutContainers},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultContainers, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetInitContainers(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Container
+	}{
+		{"Deployment", createResourceWithInitContainers(&appsv1.Deployment{}, fixtures.defaultInitContainers), callbacks.GetDeploymentInitContainers},
+		{"DaemonSet", createResourceWithInitContainers(&appsv1.DaemonSet{}, fixtures.defaultInitContainers), callbacks.GetDaemonSetInitContainers},
+		{"StatefulSet", createResourceWithInitContainers(&appsv1.StatefulSet{}, fixtures.defaultInitContainers), callbacks.GetStatefulSetInitContainers},
+		{"CronJob", createResourceWithInitContainers(&batchv1.CronJob{}, fixtures.defaultInitContainers), callbacks.GetCronJobInitContainers},
+		{"Job", createResourceWithInitContainers(&batchv1.Job{}, fixtures.defaultInitContainers), callbacks.GetJobInitContainers},
+		{"Rollout", createResourceWithInitContainers(&argorolloutv1alpha1.Rollout{}, fixtures.defaultInitContainers), callbacks.GetRolloutInitContainers},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultInitContainers, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestUpdateResources(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name       string
+		createFunc func(kube.Clients, string, string) (runtime.Object, error)
+		updateFunc func(kube.Clients, string, runtime.Object) error
+		deleteFunc func(kube.Clients, string, string) error
+	}{
+		{"Deployment", createTestDeploymentWithAnnotations, callbacks.UpdateDeployment, deleteTestDeployment},
+		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.UpdateDaemonSet, deleteTestDaemonSet},
+		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.UpdateStatefulSet, deleteTestStatefulSet},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			err = tt.updateFunc(clients, fixtures.namespace, resource)
+			assert.NoError(t, err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestPatchResources(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name       string
+		createFunc func(kube.Clients, string, string) (runtime.Object, error)
+		patchFunc  func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error
+		deleteFunc func(kube.Clients, string, string) error
+		assertFunc func(err error)
+	}{
+		{"Deployment", createTestDeploymentWithAnnotations, callbacks.PatchDeployment, deleteTestDeployment, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetDeploymentItem(clients, "test-deployment", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.Deployment).ObjectMeta.Annotations["test"])
+		}},
+		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.PatchDaemonSet, deleteTestDaemonSet, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetDaemonSetItem(clients, "test-daemonset", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.DaemonSet).ObjectMeta.Annotations["test"])
+		}},
+		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.PatchStatefulSet, deleteTestStatefulSet, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetStatefulSetItem(clients, "test-statefulset", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.StatefulSet).ObjectMeta.Annotations["test"])
+		}},
+		{"CronJob", createTestCronJobWithAnnotations, callbacks.PatchCronJob, deleteTestCronJob, func(err error) {
+			assert.EqualError(t, err, "not supported patching: CronJob")
+		}},
+		{"Job", createTestJobWithAnnotations, callbacks.PatchJob, deleteTestJob, func(err error) {
+			assert.EqualError(t, err, "not supported patching: Job")
+		}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			err = tt.patchFunc(clients, fixtures.namespace, resource, patchtypes.StrategicMergePatchType, []byte(`{"metadata":{"annotations":{"test":"test"}}}`))
+			tt.assertFunc(err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestCreateJobFromCronjob(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	runtimeObj, err := createTestCronJobWithAnnotations(clients, fixtures.namespace, "1")
+	assert.NoError(t, err)
+
+	cronJob := runtimeObj.(*batchv1.CronJob)
+	err = callbacks.CreateJobFromCronjob(clients, fixtures.namespace, cronJob)
+	assert.NoError(t, err)
+
+	jobList, err := clients.KubernetesClient.BatchV1().Jobs(fixtures.namespace).List(context.TODO(), metav1.ListOptions{})
+	assert.NoError(t, err)
+
+	ownerFound := false
+	for _, job := range jobList.Items {
+		if isControllerOwner("CronJob", cronJob.Name, job.OwnerReferences) {
+			ownerFound = true
+			break
+		}
+	}
+	assert.Truef(t, ownerFound, "Missing CronJob owner reference")
+
+	err = deleteTestCronJob(clients, fixtures.namespace, cronJob.Name)
+	assert.NoError(t, err)
+}
+
+func TestReCreateJobFromJob(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	job, err := createTestJobWithAnnotations(clients, fixtures.namespace, "1")
+	assert.NoError(t, err)
+
+	err = callbacks.ReCreateJobFromjob(clients, fixtures.namespace, job.(*batchv1.Job))
+	assert.NoError(t, err)
+
+	err = deleteTestJob(clients, fixtures.namespace, "test-job")
+	assert.NoError(t, err)
+}
+
+func TestGetVolumes(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Volume
+	}{
+		{"Deployment", createResourceWithVolumes(&appsv1.Deployment{}, fixtures.defaultVolumes), callbacks.GetDeploymentVolumes},
+		{"CronJob", createResourceWithVolumes(&batchv1.CronJob{}, fixtures.defaultVolumes), callbacks.GetCronJobVolumes},
+		{"Job", createResourceWithVolumes(&batchv1.Job{}, fixtures.defaultVolumes), callbacks.GetJobVolumes},
+		{"DaemonSet", createResourceWithVolumes(&appsv1.DaemonSet{}, fixtures.defaultVolumes), callbacks.GetDaemonSetVolumes},
+		{"StatefulSet", createResourceWithVolumes(&appsv1.StatefulSet{}, fixtures.defaultVolumes), callbacks.GetStatefulSetVolumes},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultVolumes, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TesGetPatchTemplateAnnotation(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.AnnotationTemplate)
+	assert.Equal(t, 2, strings.Count(templates.AnnotationTemplate, "%s"))
+}
+
+func TestGetPatchTemplateEnvVar(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.EnvVarTemplate)
+	assert.Equal(t, 3, strings.Count(templates.EnvVarTemplate, "%s"))
+}
+
+func TestGetPatchDeleteTemplateEnvVar(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.DeleteEnvVarTemplate)
+	assert.Equal(t, 2, strings.Count(templates.DeleteEnvVarTemplate, "%d"))
+}
+
+// Helper functions
+
+func isRestartStrategy(rollout *argorolloutv1alpha1.Rollout) bool {
+	return rollout.Spec.RestartAt == nil
+}
+
+func watchRollout(name, namespace string) chan interface{} {
+	timeOut := int64(1)
+	modifiedChan := make(chan interface{})
+	watcher, _ := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Watch(context.Background(), metav1.ListOptions{TimeoutSeconds: &timeOut})
+	go watchModified(watcher, name, modifiedChan)
+	return modifiedChan
+}
+
+func watchModified(watcher watch.Interface, name string, modifiedChan chan interface{}) {
+	for event := range watcher.ResultChan() {
+		item := event.Object.(*argorolloutv1alpha1.Rollout)
+		if item.Name == name {
+			switch event.Type {
+			case watch.Modified:
+				modifiedChan <- nil
+			}
+			return
+		}
+	}
+}
+
+func createTestDeployments(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateDeployment(clients.KubernetesClient, fmt.Sprintf("test-deployment-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteTestDeployments(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteDeployment(clients.KubernetesClient, namespace, fmt.Sprintf("test-deployment-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestCronJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateCronJob(clients.KubernetesClient, fmt.Sprintf("test-cron-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteTestCronJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteCronJob(clients.KubernetesClient, namespace, fmt.Sprintf("test-cron-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateJob(clients.KubernetesClient, fmt.Sprintf("test-job-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteTestJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteJob(clients.KubernetesClient, namespace, fmt.Sprintf("test-job-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestDaemonSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateDaemonSet(clients.KubernetesClient, fmt.Sprintf("test-daemonset-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteTestDaemonSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteDaemonSet(clients.KubernetesClient, namespace, fmt.Sprintf("test-daemonset-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestStatefulSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateStatefulSet(clients.KubernetesClient, fmt.Sprintf("test-statefulset-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func deleteTestStatefulSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteStatefulSet(clients.KubernetesClient, namespace, fmt.Sprintf("test-statefulset-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createResourceWithPodAnnotations(obj runtime.Object, annotations map[string]string) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *appsv1.DaemonSet:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *appsv1.StatefulSet:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations = annotations
+	case *batchv1.Job:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	}
+	return obj
+}
+
+func createResourceWithContainers(obj runtime.Object, containers []v1.Container) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.Containers = containers
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.Containers = containers
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.Containers = containers
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.Containers = containers
+	case *batchv1.Job:
+		v.Spec.Template.Spec.Containers = containers
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.Spec.Containers = containers
+	}
+	return obj
+}
+
+func createResourceWithInitContainers(obj runtime.Object, initContainers []v1.Container) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.InitContainers = initContainers
+	case *batchv1.Job:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	}
+	return obj
+}
+
+func createResourceWithVolumes(obj runtime.Object, volumes []v1.Volume) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.Volumes = volumes
+	case *batchv1.Job:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.Volumes = volumes
+	}
+	return obj
+}
+
+func createTestDeploymentWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	deployment := &appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-deployment",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().Deployments(namespace).Create(context.TODO(), deployment, metav1.CreateOptions{})
+}
+
+func deleteTestDeployment(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().Deployments(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
+func createTestDaemonSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	daemonSet := &appsv1.DaemonSet{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-daemonset",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().DaemonSets(namespace).Create(context.TODO(), daemonSet, metav1.CreateOptions{})
+}
+
+func deleteTestDaemonSet(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().DaemonSets(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
+func createTestStatefulSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	statefulSet := &appsv1.StatefulSet{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-statefulset",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().StatefulSets(namespace).Create(context.TODO(), statefulSet, metav1.CreateOptions{})
+}
+
+func deleteTestStatefulSet(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().StatefulSets(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
+func createTestCronJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	cronJob := &batchv1.CronJob{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-cronjob",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.BatchV1().CronJobs(namespace).Create(context.TODO(), cronJob, metav1.CreateOptions{})
+}
+
+func deleteTestCronJob(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.BatchV1().CronJobs(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
+func createTestJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	job := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-job",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, metav1.CreateOptions{})
+}
+
+func deleteTestJob(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.BatchV1().Jobs(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
+func isControllerOwner(kind, name string, ownerRefs []metav1.OwnerReference) bool {
+	for _, ownerRef := range ownerRefs {
+		if *ownerRef.Controller && ownerRef.Kind == kind && ownerRef.Name == name {
+			return true
+		}
+	}
+	return false
+}

internal/pkg/cmd/reloader.go

@@ -1,52 +1,209 @@
 package cmd
 
 import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	_ "net/http/pprof"
 	"os"
+	"strings"
+
+	"github.com/stakater/Reloader/internal/pkg/constants"
+	"github.com/stakater/Reloader/internal/pkg/leadership"
 
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
 	"github.com/stakater/Reloader/internal/pkg/controller"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/util"
+	"github.com/stakater/Reloader/pkg/common"
 	"github.com/stakater/Reloader/pkg/kube"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // NewReloaderCommand starts the reloader controller
 func NewReloaderCommand() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "reloader",
-		Short: "A watcher for your Kubernetes cluster",
-		Run:   startReloader,
+		Use:     "reloader",
+		Short:   "A watcher for your Kubernetes cluster",
+		PreRunE: validateFlags,
+		Run:     startReloader,
 	}
+
+	// options
+	util.ConfigureReloaderFlags(cmd)
+
 	return cmd
 }
 
+func validateFlags(*cobra.Command, []string) error {
+	// Ensure the reload strategy is one of the following...
+	var validReloadStrategy bool
+	valid := []string{constants.EnvVarsReloadStrategy, constants.AnnotationsReloadStrategy}
+	for _, s := range valid {
+		if s == options.ReloadStrategy {
+			validReloadStrategy = true
+		}
+	}
+
+	if !validReloadStrategy {
+		err := fmt.Sprintf("%s must be one of: %s", constants.ReloadStrategyFlag, strings.Join(valid, ", "))
+		return errors.New(err)
+	}
+
+	// Validate that HA options are correct
+	if options.EnableHA {
+		if err := validateHAEnvs(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func configureLogging(logFormat, logLevel string) error {
+	switch logFormat {
+	case "json":
+		logrus.SetFormatter(&logrus.JSONFormatter{})
+	default:
+		// just let the library use default on empty string.
+		if logFormat != "" {
+			return fmt.Errorf("unsupported logging formatter: %q", logFormat)
+		}
+	}
+	// set log level
+	level, err := logrus.ParseLevel(logLevel)
+	if err != nil {
+		return err
+	}
+	logrus.SetLevel(level)
+	return nil
+}
+
+func validateHAEnvs() error {
+	podName, podNamespace := getHAEnvs()
+
+	if podName == "" {
+		return fmt.Errorf("%s not set, cannot run in HA mode without %s set", constants.PodNameEnv, constants.PodNameEnv)
+	}
+	if podNamespace == "" {
+		return fmt.Errorf("%s not set, cannot run in HA mode without %s set", constants.PodNamespaceEnv, constants.PodNamespaceEnv)
+	}
+	return nil
+}
+
+func getHAEnvs() (string, string) {
+	podName := os.Getenv(constants.PodNameEnv)
+	podNamespace := os.Getenv(constants.PodNamespaceEnv)
+
+	return podName, podNamespace
+}
+
 func startReloader(cmd *cobra.Command, args []string) {
+	common.GetCommandLineOptions()
+	err := configureLogging(options.LogFormat, options.LogLevel)
+	if err != nil {
+		logrus.Warn(err)
+	}
+
 	logrus.Info("Starting Reloader")
+	isGlobal := false
 	currentNamespace := os.Getenv("KUBERNETES_NAMESPACE")
 	if len(currentNamespace) == 0 {
 		currentNamespace = v1.NamespaceAll
+		isGlobal = true
 		logrus.Warnf("KUBERNETES_NAMESPACE is unset, will detect changes in all namespaces.")
 	}
 
 	// create the clientset
-	clientset, err := kube.GetClient()
+	clientset, err := kube.GetKubernetesClient()
 	if err != nil {
 		logrus.Fatal(err)
 	}
 
+	ignoredResourcesList, err := util.GetIgnoredResourcesList()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	ignoredNamespacesList := options.NamespacesToIgnore
+	namespaceLabelSelector := ""
+
+	if isGlobal {
+		namespaceLabelSelector, err = util.GetNamespaceLabelSelector()
+		if err != nil {
+			logrus.Fatal(err)
+		}
+	}
+
+	resourceLabelSelector, err := util.GetResourceLabelSelector()
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	if len(namespaceLabelSelector) > 0 {
+		logrus.Warnf("namespace-selector is set, will only detect changes in namespaces with these labels: %s.", namespaceLabelSelector)
+	}
+
+	if len(resourceLabelSelector) > 0 {
+		logrus.Warnf("resource-label-selector is set, will only detect changes on resources with these labels: %s.", resourceLabelSelector)
+	}
+
+	if options.WebhookUrl != "" {
+		logrus.Warnf("webhook-url is set, will only send webhook, no resources will be reloaded")
+	}
+
+	collectors := metrics.SetupPrometheusEndpoint()
+
+	var controllers []*controller.Controller
 	for k := range kube.ResourceMap {
-		c, err := controller.NewController(clientset, k, currentNamespace)
+		if ignoredResourcesList.Contains(k) || (len(namespaceLabelSelector) == 0 && k == "namespaces") {
+			continue
+		}
+
+		c, err := controller.NewController(clientset, k, currentNamespace, ignoredNamespacesList, namespaceLabelSelector, resourceLabelSelector, collectors)
 		if err != nil {
 			logrus.Fatalf("%s", err)
 		}
 
+		controllers = append(controllers, c)
+
+		// If HA is enabled we only run the controller when
+		if options.EnableHA {
+			continue
+		}
 		// Now let's start the controller
 		stop := make(chan struct{})
 		defer close(stop)
-
+		logrus.Infof("Starting Controller to watch resource type: %s", k)
 		go c.Run(1, stop)
 	}
 
-	// Wait forever
-	select {}
+	// Run leadership election
+	if options.EnableHA {
+		podName, podNamespace := getHAEnvs()
+		lock := leadership.GetNewLock(clientset.CoordinationV1(), constants.LockName, podName, podNamespace)
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+		go leadership.RunLeaderElection(lock, ctx, cancel, podName, controllers)
+	}
+
+	common.PublishMetaInfoConfigmap(clientset)
+
+	if options.EnablePProf {
+		go startPProfServer()
+	}
+
+	leadership.SetupLivenessEndpoint()
+	logrus.Fatal(http.ListenAndServe(constants.DefaultHttpListenAddr, nil))
+}
+
+func startPProfServer() {
+	logrus.Infof("Starting pprof server on %s", options.PProfAddr)
+	if err := http.ListenAndServe(options.PProfAddr, nil); err != nil {
+		logrus.Errorf("Failed to start pprof server: %v", err)
+	}
 }

internal/pkg/constants/annotations.go

@@ -1,8 +0,0 @@
-package constants
-
-const (
-	// ConfigmapUpdateOnChangeAnnotation is an annotation to detect changes in configmaps
-	ConfigmapUpdateOnChangeAnnotation = "configmap.reloader.stakater.com/reload"
-	// SecretUpdateOnChangeAnnotation is an annotation to detect changes in secrets
-	SecretUpdateOnChangeAnnotation = "secret.reloader.stakater.com/reload"
-)

internal/pkg/constants/constants.go

@@ -1,10 +1,32 @@
 package constants
 
 const (
+	// DefaultHttpListenAddr is the default listening address for global http server
+	DefaultHttpListenAddr = ":9090"
+
 	// ConfigmapEnvVarPostfix is a postfix for configmap envVar
 	ConfigmapEnvVarPostfix = "CONFIGMAP"
 	// SecretEnvVarPostfix is a postfix for secret envVar
 	SecretEnvVarPostfix = "SECRET"
 	// EnvVarPrefix is a Prefix for environment variable
 	EnvVarPrefix = "STAKATER_"
+
+	// ReloaderAnnotationPrefix is a Prefix for all reloader annotations
+	ReloaderAnnotationPrefix = "reloader.stakater.com"
+	// LastReloadedFromAnnotation is an annotation used to describe the last resource that triggered a reload
+	LastReloadedFromAnnotation = "last-reloaded-from"
+
+	// 	ReloadStrategyFlag The reload strategy flag name
+	ReloadStrategyFlag = "reload-strategy"
+	// EnvVarsReloadStrategy instructs Reloader to add container environment variables to facilitate a restart
+	EnvVarsReloadStrategy = "env-vars"
+	// AnnotationsReloadStrategy instructs Reloader to add pod template annotations to facilitate a restart
+	AnnotationsReloadStrategy = "annotations"
+)
+
+// Leadership election related consts
+const (
+	LockName        string = "stakater-reloader-lock"
+	PodNameEnv      string = "POD_NAME"
+	PodNamespaceEnv string = "POD_NAMESPACE"
 )

internal/pkg/constants/enums.go

@@ -0,0 +1,15 @@
+package constants
+
+// Result is a status for deployment update
+type Result int
+
+const (
+	// Updated is returned when environment variable is created/updated
+	Updated Result = 1 + iota
+	// NotUpdated is returned when environment variable is found but had value equals to the new value
+	NotUpdated
+	// NoEnvVarFound is returned when no environment variable is found
+	NoEnvVarFound
+	// NoContainerFound is returned when no environment variable is found
+	NoContainerFound
+)

internal/pkg/controller/controller.go

@@ -6,71 +6,203 @@ import (
 
 	"github.com/sirupsen/logrus"
 	"github.com/stakater/Reloader/internal/pkg/handler"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
+	typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/workqueue"
+	"k8s.io/kubectl/pkg/scheme"
+	"k8s.io/utils/strings/slices"
 )
 
 // Controller for checking events
 type Controller struct {
-	client    kubernetes.Interface
-	indexer   cache.Indexer
-	queue     workqueue.RateLimitingInterface
-	informer  cache.Controller
-	namespace string
+	client            kubernetes.Interface
+	indexer           cache.Indexer
+	queue             workqueue.TypedRateLimitingInterface[any]
+	informer          cache.Controller
+	namespace         string
+	resource          string
+	ignoredNamespaces util.List
+	collectors        metrics.Collectors
+	recorder          record.EventRecorder
+	namespaceSelector string
+	resourceSelector  string
 }
 
+// controllerInitialized flag determines whether controlled is being initialized
+var secretControllerInitialized bool = false
+var configmapControllerInitialized bool = false
+var selectedNamespacesCache []string
+
 // NewController for initializing a Controller
 func NewController(
-	client kubernetes.Interface, resource string, namespace string) (*Controller, error) {
+	client kubernetes.Interface, resource string, namespace string, ignoredNamespaces []string, namespaceLabelSelector string, resourceLabelSelector string, collectors metrics.Collectors) (*Controller, error) {
 
-	c := Controller{
-		client:    client,
-		namespace: namespace,
+	if options.SyncAfterRestart {
+		secretControllerInitialized = true
+		configmapControllerInitialized = true
 	}
 
-	queue := workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter())
-	listWatcher := cache.NewListWatchFromClient(client.CoreV1().RESTClient(), resource, namespace, fields.Everything())
+	c := Controller{
+		client:            client,
+		namespace:         namespace,
+		ignoredNamespaces: ignoredNamespaces,
+		namespaceSelector: namespaceLabelSelector,
+		resourceSelector:  resourceLabelSelector,
+		resource:          resource,
+	}
+	eventBroadcaster := record.NewBroadcaster()
+	eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{
+		Interface: client.CoreV1().Events(""),
+	})
+	recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: fmt.Sprintf("reloader-%s", resource)})
 
-	indexer, informer := cache.NewIndexerInformer(listWatcher, kube.ResourceMap[resource], 0, cache.ResourceEventHandlerFuncs{
-		AddFunc:    c.Add,
-		UpdateFunc: c.Update,
-		DeleteFunc: c.Delete,
-	}, cache.Indexers{})
-	c.indexer = indexer
+	queue := workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any]())
+
+	optionsModifier := func(options *metav1.ListOptions) {
+		if resource == "namespaces" {
+			options.LabelSelector = c.namespaceSelector
+		} else if len(c.resourceSelector) > 0 {
+			options.LabelSelector = c.resourceSelector
+		} else {
+			options.FieldSelector = fields.Everything().String()
+		}
+	}
+
+	listWatcher := cache.NewFilteredListWatchFromClient(client.CoreV1().RESTClient(), resource, namespace, optionsModifier)
+
+	_, informer := cache.NewInformerWithOptions(cache.InformerOptions{
+		ListerWatcher: listWatcher,
+		ObjectType:    kube.ResourceMap[resource],
+		ResyncPeriod:  0,
+		Handler: cache.ResourceEventHandlerFuncs{
+			AddFunc:    c.Add,
+			UpdateFunc: c.Update,
+			DeleteFunc: c.Delete,
+		},
+		Indexers: cache.Indexers{},
+	})
 	c.informer = informer
 	c.queue = queue
+	c.collectors = collectors
+	c.recorder = recorder
+
+	logrus.Infof("created controller for: %s", resource)
 	return &c, nil
 }
 
 // Add function to add a new object to the queue in case of creating a resource
 func (c *Controller) Add(obj interface{}) {
-	c.queue.Add(handler.ResourceCreatedHandler{
-		Resource: obj,
-	})
+
+	switch object := obj.(type) {
+	case *v1.Namespace:
+		c.addSelectedNamespaceToCache(*object)
+		return
+	}
+
+	if options.ReloadOnCreate == "true" {
+		if !c.resourceInIgnoredNamespace(obj) && c.resourceInSelectedNamespaces(obj) && secretControllerInitialized && configmapControllerInitialized {
+			c.queue.Add(handler.ResourceCreatedHandler{
+				Resource:   obj,
+				Collectors: c.collectors,
+				Recorder:   c.recorder,
+			})
+		}
+	}
+}
+
+func (c *Controller) resourceInIgnoredNamespace(raw interface{}) bool {
+	switch object := raw.(type) {
+	case *v1.ConfigMap:
+		return c.ignoredNamespaces.Contains(object.ObjectMeta.Namespace)
+	case *v1.Secret:
+		return c.ignoredNamespaces.Contains(object.ObjectMeta.Namespace)
+	}
+	return false
+}
+
+func (c *Controller) resourceInSelectedNamespaces(raw interface{}) bool {
+	if len(c.namespaceSelector) == 0 {
+		return true
+	}
+
+	switch object := raw.(type) {
+	case *v1.ConfigMap:
+		if slices.Contains(selectedNamespacesCache, object.GetNamespace()) {
+			return true
+		}
+	case *v1.Secret:
+		if slices.Contains(selectedNamespacesCache, object.GetNamespace()) {
+			return true
+		}
+	}
+	return false
+}
+
+func (c *Controller) addSelectedNamespaceToCache(namespace v1.Namespace) {
+	selectedNamespacesCache = append(selectedNamespacesCache, namespace.GetName())
+	logrus.Infof("added namespace to be watched: %s", namespace.GetName())
+}
+
+func (c *Controller) removeSelectedNamespaceFromCache(namespace v1.Namespace) {
+	for i, v := range selectedNamespacesCache {
+		if v == namespace.GetName() {
+			selectedNamespacesCache = append(selectedNamespacesCache[:i], selectedNamespacesCache[i+1:]...)
+			logrus.Infof("removed namespace from watch: %s", namespace.GetName())
+			return
+		}
+	}
 }
 
 // Update function to add an old object and a new object to the queue in case of updating a resource
 func (c *Controller) Update(old interface{}, new interface{}) {
-	c.queue.Add(handler.ResourceUpdatedHandler{
-		Resource:    new,
-		OldResource: old,
-	})
+	switch new.(type) {
+	case *v1.Namespace:
+		return
+	}
+
+	if !c.resourceInIgnoredNamespace(new) && c.resourceInSelectedNamespaces(new) {
+		c.queue.Add(handler.ResourceUpdatedHandler{
+			Resource:    new,
+			OldResource: old,
+			Collectors:  c.collectors,
+			Recorder:    c.recorder,
+		})
+	}
 }
 
 // Delete function to add an object to the queue in case of deleting a resource
 func (c *Controller) Delete(old interface{}) {
-	logrus.Infof("Resource deletion has been detected but no further implementation found to take action")
+
+	if options.ReloadOnDelete == "true" {
+		if !c.resourceInIgnoredNamespace(old) && c.resourceInSelectedNamespaces(old) && secretControllerInitialized && configmapControllerInitialized {
+			c.queue.Add(handler.ResourceDeleteHandler{
+				Resource:   old,
+				Collectors: c.collectors,
+				Recorder:   c.recorder,
+			})
+		}
+	}
+
+	switch object := old.(type) {
+	case *v1.Namespace:
+		c.removeSelectedNamespaceFromCache(*object)
+		return
+	}
 }
 
-//Run function for controller which handles the queue
+// Run function for controller which handles the queue
 func (c *Controller) Run(threadiness int, stopCh chan struct{}) {
-
-	logrus.Infof("Starting Controller")
 	defer runtime.HandleCrash()
 
 	// Let the workers stop when we are done
@@ -93,6 +225,13 @@ func (c *Controller) Run(threadiness int, stopCh chan struct{}) {
 }
 
 func (c *Controller) runWorker() {
+	// At this point the controller is fully initialized and we can start processing the resources
+	if c.resource == "secrets" {
+		secretControllerInitialized = true
+	} else if c.resource == "configMaps" {
+		configmapControllerInitialized = true
+	}
+
 	for c.processNextItem() {
 	}
 }
@@ -127,7 +266,7 @@ func (c *Controller) handleErr(err error, key interface{}) {
 
 	// This controller retries 5 times if something goes wrong. After that, it stops trying.
 	if c.queue.NumRequeues(key) < 5 {
-		logrus.Errorf("Error syncing events %v: %v", key, err)
+		logrus.Errorf("Error syncing events: %v", err)
 
 		// Re-enqueue the key rate limited. Based on the rate limiter on the
 		// queue and the re-enqueue history, the key will be processed later again.
@@ -138,5 +277,6 @@ func (c *Controller) handleErr(err error, key interface{}) {
 	c.queue.Forget(key)
 	// Report to an external entity that, even after several retries, we could not successfully process this key
 	runtime.HandleError(err)
-	logrus.Infof("Dropping the key %q out of the queue: %v", key, err)
+	logrus.Errorf("Dropping key out of the queue: %v", err)
+	logrus.Debugf("Dropping the key %q out of the queue: %v", key, err)
 }

internal/pkg/handler/create.go

@@ -2,17 +2,46 @@ package handler
 
 import (
 	"github.com/sirupsen/logrus"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/util"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
 )
 
 // ResourceCreatedHandler contains new objects
 type ResourceCreatedHandler struct {
-	Resource interface{}
+	Resource   interface{}
+	Collectors metrics.Collectors
+	Recorder   record.EventRecorder
 }
 
 // Handle processes the newly created resource
 func (r ResourceCreatedHandler) Handle() error {
 	if r.Resource == nil {
 		logrus.Errorf("Resource creation handler received nil resource")
+	} else {
+		config, _ := r.GetConfig()
+		// Send webhook
+		if options.WebhookUrl != "" {
+			return sendUpgradeWebhook(config, options.WebhookUrl)
+		}
+		// process resource based on its type
+		return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeReloadStrategy)
 	}
 	return nil
 }
+
+// GetConfig gets configurations containing SHA, annotations, namespace and resource name
+func (r ResourceCreatedHandler) GetConfig() (util.Config, string) {
+	var oldSHAData string
+	var config util.Config
+	if _, ok := r.Resource.(*v1.ConfigMap); ok {
+		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
+	} else if _, ok := r.Resource.(*v1.Secret); ok {
+		config = util.GetSecretConfig(r.Resource.(*v1.Secret))
+	} else {
+		logrus.Warnf("Invalid resource: Resource should be 'Secret' or 'Configmap' but found, %v", r.Resource)
+	}
+	return config, oldSHAData
+}

internal/pkg/handler/delete.go

@@ -0,0 +1,100 @@
+package handler
+
+import (
+	"fmt"
+	"slices"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stakater/Reloader/internal/pkg/callbacks"
+	"github.com/stakater/Reloader/internal/pkg/constants"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/testutil"
+	"github.com/stakater/Reloader/internal/pkg/util"
+
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/tools/record"
+)
+
+// ResourceDeleteHandler contains new objects
+type ResourceDeleteHandler struct {
+	Resource   interface{}
+	Collectors metrics.Collectors
+	Recorder   record.EventRecorder
+}
+
+// Handle processes resources being deleted
+func (r ResourceDeleteHandler) Handle() error {
+	if r.Resource == nil {
+		logrus.Errorf("Resource delete handler received nil resource")
+	} else {
+		config, _ := r.GetConfig()
+		// Send webhook
+		if options.WebhookUrl != "" {
+			return sendUpgradeWebhook(config, options.WebhookUrl)
+		}
+		// process resource based on its type
+		return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeDeleteStrategy)
+	}
+	return nil
+}
+
+// GetConfig gets configurations containing SHA, annotations, namespace and resource name
+func (r ResourceDeleteHandler) GetConfig() (util.Config, string) {
+	var oldSHAData string
+	var config util.Config
+	if _, ok := r.Resource.(*v1.ConfigMap); ok {
+		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
+	} else if _, ok := r.Resource.(*v1.Secret); ok {
+		config = util.GetSecretConfig(r.Resource.(*v1.Secret))
+	} else {
+		logrus.Warnf("Invalid resource: Resource should be 'Secret' or 'Configmap' but found, %v", r.Resource)
+	}
+	return config, oldSHAData
+}
+
+func invokeDeleteStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
+	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
+		return removePodAnnotations(upgradeFuncs, item, config, autoReload)
+	}
+
+	return removeContainerEnvVars(upgradeFuncs, item, config, autoReload)
+}
+
+func removePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
+	config.SHAValue = testutil.GetSHAfromEmptyData()
+	return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
+}
+
+func removeContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
+	envVar := getEnvVarName(config.ResourceName, config.Type)
+	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
+
+	if container == nil {
+		return InvokeStrategyResult{constants.NoContainerFound, nil}
+	}
+
+	//remove if env var exists
+	if len(container.Env) > 0 {
+		index := slices.IndexFunc(container.Env, func(envVariable v1.EnvVar) bool {
+			return envVariable.Name == envVar
+		})
+		if index != -1 {
+			var patch []byte
+			if upgradeFuncs.SupportsPatch {
+				containers := upgradeFuncs.ContainersFunc(item)
+				containerIndex := slices.IndexFunc(containers, func(c v1.Container) bool {
+					return c.Name == container.Name
+				})
+				patch = fmt.Appendf(nil, upgradeFuncs.PatchTemplatesFunc().DeleteEnvVarTemplate, containerIndex, index)
+			}
+
+			container.Env = append(container.Env[:index], container.Env[index+1:]...)
+			return InvokeStrategyResult{constants.Updated, &Patch{Type: patchtypes.JSONPatchType, Bytes: patch}}
+		}
+	}
+
+	return InvokeStrategyResult{constants.NotUpdated, nil}
+}

internal/pkg/handler/handler.go

@@ -1,6 +1,11 @@
 package handler
 
+import (
+	"github.com/stakater/Reloader/internal/pkg/util"
+)
+
 // ResourceHandler handles the creation and update of resources
 type ResourceHandler interface {
 	Handle() error
+	GetConfig() (util.Config, string)
 }

internal/pkg/handler/pause_deployment.go

@@ -0,0 +1,242 @@
+package handler
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/pkg/kube"
+	app "k8s.io/api/apps/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	patchtypes "k8s.io/apimachinery/pkg/types"
+)
+
+// Keeps track of currently active timers
+var activeTimers = make(map[string]*time.Timer)
+
+// Returns unique key for the activeTimers map
+func getTimerKey(namespace, deploymentName string) string {
+	return fmt.Sprintf("%s/%s", namespace, deploymentName)
+}
+
+// Checks if a deployment is currently paused
+func IsPaused(deployment *app.Deployment) bool {
+	return deployment.Spec.Paused
+}
+
+// Deployment paused by reloader ?
+func IsPausedByReloader(deployment *app.Deployment) bool {
+	if IsPaused(deployment) {
+		pausedAtAnnotationValue := deployment.Annotations[options.PauseDeploymentTimeAnnotation]
+		return pausedAtAnnotationValue != ""
+	}
+	return false
+}
+
+// Returns the time, the deployment was paused by reloader, nil otherwise
+func GetPauseStartTime(deployment *app.Deployment) (*time.Time, error) {
+	if !IsPausedByReloader(deployment) {
+		return nil, nil
+	}
+
+	pausedAtStr := deployment.Annotations[options.PauseDeploymentTimeAnnotation]
+	parsedTime, err := time.Parse(time.RFC3339, pausedAtStr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &parsedTime, nil
+}
+
+// ParsePauseDuration parses the pause interval value and returns a time.Duration
+func ParsePauseDuration(pauseIntervalValue string) (time.Duration, error) {
+	pauseDuration, err := time.ParseDuration(pauseIntervalValue)
+	if err != nil {
+		logrus.Warnf("Failed to parse pause interval value '%s': %v", pauseIntervalValue, err)
+		return 0, err
+	}
+	return pauseDuration, nil
+}
+
+// Pauses a deployment for a specified duration and creates a timer to resume it
+// after the specified duration
+func PauseDeployment(deployment *app.Deployment, clients kube.Clients, namespace, pauseIntervalValue string) (*app.Deployment, error) {
+	deploymentName := deployment.Name
+	pauseDuration, err := ParsePauseDuration(pauseIntervalValue)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if !IsPaused(deployment) {
+		logrus.Infof("Pausing Deployment '%s' in namespace '%s' for %s", deploymentName, namespace, pauseDuration)
+
+		deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+		pausePatch, err := CreatePausePatch()
+		if err != nil {
+			logrus.Errorf("Failed to create pause patch for deployment '%s': %v", deploymentName, err)
+			return deployment, err
+		}
+
+		err = deploymentFuncs.PatchFunc(clients, namespace, deployment, patchtypes.StrategicMergePatchType, pausePatch)
+
+		if err != nil {
+			logrus.Errorf("Failed to patch deployment '%s' in namespace '%s': %v", deploymentName, namespace, err)
+			return deployment, err
+		}
+
+		updatedDeployment, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Get(context.TODO(), deploymentName, metav1.GetOptions{})
+
+		CreateResumeTimer(deployment, clients, namespace, pauseDuration)
+		return updatedDeployment, err
+	}
+
+	if !IsPausedByReloader(deployment) {
+		logrus.Infof("Deployment '%s' in namespace '%s' already paused", deploymentName, namespace)
+		return deployment, nil
+	}
+
+	// Deployment has already been paused by reloader, check for timer
+	logrus.Debugf("Deployment '%s' in namespace '%s' is already paused by reloader", deploymentName, namespace)
+
+	timerKey := getTimerKey(namespace, deploymentName)
+	_, timerExists := activeTimers[timerKey]
+
+	if !timerExists {
+		logrus.Warnf("Timer does not exist for already paused deployment '%s' in namespace '%s', creating new one",
+			deploymentName, namespace)
+		HandleMissingTimer(deployment, pauseDuration, clients, namespace)
+	}
+	return deployment, nil
+}
+
+// Handles the case where missing timers for deployments that have been paused by reloader.
+// Could occur after new leader election or reloader restart
+func HandleMissingTimer(deployment *app.Deployment, pauseDuration time.Duration, clients kube.Clients, namespace string) {
+	deploymentName := deployment.Name
+	pauseStartTime, err := GetPauseStartTime(deployment)
+	if err != nil {
+		logrus.Errorf("Error parsing pause start time for deployment '%s' in namespace '%s': %v. Resuming deployment immediately",
+			deploymentName, namespace, err)
+		ResumeDeployment(deployment, namespace, clients)
+		return
+	}
+
+	if pauseStartTime == nil {
+		return
+	}
+
+	elapsedPauseTime := time.Since(*pauseStartTime)
+	remainingPauseTime := pauseDuration - elapsedPauseTime
+
+	if remainingPauseTime <= 0 {
+		logrus.Infof("Pause period for deployment '%s' in namespace '%s' has expired. Resuming immediately",
+			deploymentName, namespace)
+		ResumeDeployment(deployment, namespace, clients)
+		return
+	}
+
+	logrus.Infof("Creating missing timer for already paused deployment '%s' in namespace '%s' with remaining time %s",
+		deploymentName, namespace, remainingPauseTime)
+	CreateResumeTimer(deployment, clients, namespace, remainingPauseTime)
+}
+
+// CreateResumeTimer creates a timer to resume the deployment after the specified duration
+func CreateResumeTimer(deployment *app.Deployment, clients kube.Clients, namespace string, pauseDuration time.Duration) {
+	deploymentName := deployment.Name
+	timerKey := getTimerKey(namespace, deployment.Name)
+
+	// Check if there's an existing timer for this deployment
+	if _, exists := activeTimers[timerKey]; exists {
+		logrus.Debugf("Timer already exists for deployment '%s' in namespace '%s', Skipping creation",
+			deploymentName, namespace)
+		return
+	}
+
+	// Create and store the new timer
+	timer := time.AfterFunc(pauseDuration, func() {
+		ResumeDeployment(deployment, namespace, clients)
+	})
+
+	// Add the new timer to the map
+	activeTimers[timerKey] = timer
+
+	logrus.Debugf("Created pause timer for deployment '%s' in namespace '%s' with duration %s",
+		deploymentName, namespace, pauseDuration)
+}
+
+// ResumeDeployment resumes a deployment that has been paused by reloader
+func ResumeDeployment(deployment *app.Deployment, namespace string, clients kube.Clients) {
+	deploymentName := deployment.Name
+
+	currentDeployment, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Get(context.TODO(), deploymentName, metav1.GetOptions{})
+
+	if err != nil {
+		logrus.Errorf("Failed to get deployment '%s' in namespace '%s': %v", deploymentName, namespace, err)
+		return
+	}
+
+	if !IsPausedByReloader(currentDeployment) {
+		logrus.Infof("Deployment '%s' in namespace '%s' not paused by Reloader. Skipping resume", deploymentName, namespace)
+		return
+	}
+
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	resumePatch, err := CreateResumePatch()
+	if err != nil {
+		logrus.Errorf("Failed to create resume patch for deployment '%s': %v", deploymentName, err)
+		return
+	}
+
+	// Remove the timer
+	timerKey := getTimerKey(namespace, deploymentName)
+	if timer, exists := activeTimers[timerKey]; exists {
+		timer.Stop()
+		delete(activeTimers, timerKey)
+		logrus.Debugf("Removed pause timer for deployment '%s' in namespace '%s'", deploymentName, namespace)
+	}
+
+	err = deploymentFuncs.PatchFunc(clients, namespace, currentDeployment, patchtypes.StrategicMergePatchType, resumePatch)
+
+	if err != nil {
+		logrus.Errorf("Failed to resume deployment '%s' in namespace '%s': %v", deploymentName, namespace, err)
+		return
+	}
+
+	logrus.Infof("Successfully resumed deployment '%s' in namespace '%s'", deploymentName, namespace)
+}
+
+func CreatePausePatch() ([]byte, error) {
+	patchData := map[string]interface{}{
+		"spec": map[string]interface{}{
+			"paused": true,
+		},
+		"metadata": map[string]interface{}{
+			"annotations": map[string]string{
+				options.PauseDeploymentTimeAnnotation: time.Now().Format(time.RFC3339),
+			},
+		},
+	}
+
+	return json.Marshal(patchData)
+}
+
+func CreateResumePatch() ([]byte, error) {
+	patchData := map[string]interface{}{
+		"spec": map[string]interface{}{
+			"paused": false,
+		},
+		"metadata": map[string]interface{}{
+			"annotations": map[string]interface{}{
+				options.PauseDeploymentTimeAnnotation: nil,
+			},
+		},
+	}
+
+	return json.Marshal(patchData)
+}

internal/pkg/handler/pause_deployment_test.go

@@ -0,0 +1,392 @@
+package handler
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/pkg/kube"
+	"github.com/stretchr/testify/assert"
+	app "k8s.io/api/apps/v1"
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	testclient "k8s.io/client-go/kubernetes/fake"
+)
+
+func TestIsPaused(t *testing.T) {
+	tests := []struct {
+		name       string
+		deployment *appsv1.Deployment
+		paused     bool
+	}{
+		{
+			name: "paused deployment",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+			},
+			paused: true,
+		},
+		{
+			name: "unpaused deployment",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: false,
+				},
+			},
+			paused: false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			result := IsPaused(test.deployment)
+			assert.Equal(t, test.paused, result)
+		})
+	}
+}
+
+func TestIsPausedByReloader(t *testing.T) {
+	tests := []struct {
+		name             string
+		deployment       *appsv1.Deployment
+		pausedByReloader bool
+	}{
+		{
+			name: "paused by reloader",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						options.PauseDeploymentTimeAnnotation: time.Now().Format(time.RFC3339),
+					},
+				},
+			},
+			pausedByReloader: true,
+		},
+		{
+			name: "not paused by reloader",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{},
+				},
+			},
+			pausedByReloader: false,
+		},
+		{
+			name: "not paused",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: false,
+				},
+			},
+			pausedByReloader: false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			pausedByReloader := IsPausedByReloader(test.deployment)
+			assert.Equal(t, test.pausedByReloader, pausedByReloader)
+		})
+	}
+}
+
+func TestGetPauseStartTime(t *testing.T) {
+	now := time.Now()
+	nowStr := now.Format(time.RFC3339)
+
+	tests := []struct {
+		name              string
+		deployment        *appsv1.Deployment
+		pausedByReloader  bool
+		expectedStartTime time.Time
+	}{
+		{
+			name: "valid pause time",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						options.PauseDeploymentTimeAnnotation: nowStr,
+					},
+				},
+			},
+			pausedByReloader:  true,
+			expectedStartTime: now,
+		},
+		{
+			name: "not paused by reloader",
+			deployment: &appsv1.Deployment{
+				Spec: appsv1.DeploymentSpec{
+					Paused: false,
+				},
+			},
+			pausedByReloader: false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			actualStartTime, err := GetPauseStartTime(test.deployment)
+
+			assert.NoError(t, err)
+
+			if !test.pausedByReloader {
+				assert.Nil(t, actualStartTime)
+			} else {
+				assert.NotNil(t, actualStartTime)
+				assert.WithinDuration(t, test.expectedStartTime, *actualStartTime, time.Second)
+			}
+		})
+	}
+}
+
+func TestParsePauseDuration(t *testing.T) {
+	tests := []struct {
+		name               string
+		pauseIntervalValue string
+		expectedDuration   time.Duration
+		invalidDuration    bool
+	}{
+		{
+			name:               "valid duration",
+			pauseIntervalValue: "10s",
+			expectedDuration:   10 * time.Second,
+			invalidDuration:    false,
+		},
+		{
+			name:               "valid minute duration",
+			pauseIntervalValue: "2m",
+			expectedDuration:   2 * time.Minute,
+			invalidDuration:    false,
+		},
+		{
+			name:               "invalid duration",
+			pauseIntervalValue: "invalid",
+			expectedDuration:   0,
+			invalidDuration:    true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			actualDuration, err := ParsePauseDuration(test.pauseIntervalValue)
+
+			if test.invalidDuration {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+				assert.Equal(t, test.expectedDuration, actualDuration)
+			}
+		})
+	}
+}
+
+func TestHandleMissingTimerSimple(t *testing.T) {
+	tests := []struct {
+		name           string
+		deployment     *appsv1.Deployment
+		shouldBePaused bool // Should be unpaused after HandleMissingTimer ?
+	}{
+		{
+			name: "deployment paused by reloader, pause period has expired and no timer",
+			deployment: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-deployment-1",
+					Annotations: map[string]string{
+						options.PauseDeploymentTimeAnnotation: time.Now().Add(-6 * time.Minute).Format(time.RFC3339),
+						options.PauseDeploymentAnnotation:     "5m",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+			},
+			shouldBePaused: false,
+		},
+		{
+			name: "deployment paused by reloader, pause period expires in the future and no timer",
+			deployment: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-deployment-2",
+					Annotations: map[string]string{
+						options.PauseDeploymentTimeAnnotation: time.Now().Add(1 * time.Minute).Format(time.RFC3339),
+						options.PauseDeploymentAnnotation:     "5m",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+			},
+			shouldBePaused: true,
+		},
+	}
+
+	for _, test := range tests {
+		// Clean up any timers at the end of the test
+		defer func() {
+			for key, timer := range activeTimers {
+				timer.Stop()
+				delete(activeTimers, key)
+			}
+		}()
+
+		t.Run(test.name, func(t *testing.T) {
+			fakeClient := testclient.NewSimpleClientset()
+			clients := kube.Clients{
+				KubernetesClient: fakeClient,
+			}
+
+			_, err := fakeClient.AppsV1().Deployments("default").Create(
+				context.TODO(),
+				test.deployment,
+				metav1.CreateOptions{})
+			assert.NoError(t, err, "Expected no error when creating deployment")
+
+			pauseDuration, _ := ParsePauseDuration(test.deployment.Annotations[options.PauseDeploymentAnnotation])
+			HandleMissingTimer(test.deployment, pauseDuration, clients, "default")
+
+			updatedDeployment, _ := fakeClient.AppsV1().Deployments("default").Get(context.TODO(), test.deployment.Name, metav1.GetOptions{})
+
+			assert.Equal(t, test.shouldBePaused, updatedDeployment.Spec.Paused,
+				"Deployment should have correct paused state after timer expiration")
+
+			if test.shouldBePaused {
+				pausedAtAnnotationValue := updatedDeployment.Annotations[options.PauseDeploymentTimeAnnotation]
+				assert.NotEmpty(t, pausedAtAnnotationValue,
+					"Pause annotation should be present and contain a value when deployment is paused")
+			}
+		})
+	}
+}
+
+func TestPauseDeployment(t *testing.T) {
+	tests := []struct {
+		name               string
+		deployment         *appsv1.Deployment
+		expectedError      bool
+		expectedPaused     bool
+		expectedAnnotation bool // Should have pause time annotation
+		pauseInterval      string
+	}{
+		{
+			name: "deployment without pause annotation",
+			deployment: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        "test-deployment",
+					Annotations: map[string]string{},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Paused: false,
+				},
+			},
+			expectedError:      true,
+			expectedPaused:     false,
+			expectedAnnotation: false,
+			pauseInterval:      "",
+		},
+		{
+			name: "deployment already paused but not by reloader",
+			deployment: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-deployment",
+					Annotations: map[string]string{
+						options.PauseDeploymentAnnotation: "5m",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Paused: true,
+				},
+			},
+			expectedError:      false,
+			expectedPaused:     true,
+			expectedAnnotation: false,
+			pauseInterval:      "5m",
+		},
+		{
+			name: "deployment unpaused that needs to be paused by reloader",
+			deployment: &appsv1.Deployment{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-deployment-3",
+					Annotations: map[string]string{
+						options.PauseDeploymentAnnotation: "5m",
+					},
+				},
+				Spec: appsv1.DeploymentSpec{
+					Paused: false,
+				},
+			},
+			expectedError:      false,
+			expectedPaused:     true,
+			expectedAnnotation: true,
+			pauseInterval:      "5m",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			fakeClient := testclient.NewSimpleClientset()
+			clients := kube.Clients{
+				KubernetesClient: fakeClient,
+			}
+
+			_, err := fakeClient.AppsV1().Deployments("default").Create(
+				context.TODO(),
+				test.deployment,
+				metav1.CreateOptions{})
+			assert.NoError(t, err, "Expected no error when creating deployment")
+
+			updatedDeployment, err := PauseDeployment(test.deployment, clients, "default", test.pauseInterval)
+			if test.expectedError {
+				assert.Error(t, err, "Expected an error pausing the deployment")
+				return
+			} else {
+				assert.NoError(t, err, "Expected no error pausing the deployment")
+			}
+
+			assert.Equal(t, test.expectedPaused, updatedDeployment.Spec.Paused,
+				"Deployment should have correct paused state after pause")
+
+			if test.expectedAnnotation {
+				pausedAtAnnotationValue := updatedDeployment.Annotations[options.PauseDeploymentTimeAnnotation]
+				assert.NotEmpty(t, pausedAtAnnotationValue,
+					"Pause annotation should be present and contain a value when deployment is paused")
+			} else {
+				pausedAtAnnotationValue := updatedDeployment.Annotations[options.PauseDeploymentTimeAnnotation]
+				assert.Empty(t, pausedAtAnnotationValue,
+					"Pause annotation should not be present when deployment has not been paused by reloader")
+			}
+		})
+	}
+}
+
+// Simple helper function for test cases
+func FindDeploymentByName(deployments []runtime.Object, deploymentName string) (*app.Deployment, error) {
+	for _, deployment := range deployments {
+		accessor, err := meta.Accessor(deployment)
+		if err != nil {
+			return nil, fmt.Errorf("error getting accessor for item: %v", err)
+		}
+		if accessor.GetName() == deploymentName {
+			deploymentObj, ok := deployment.(*app.Deployment)
+			if !ok {
+				return nil, fmt.Errorf("failed to cast to Deployment")
+			}
+			return deploymentObj, nil
+		}
+	}
+	return nil, fmt.Errorf("deployment '%s' not found", deploymentName)
+}

internal/pkg/handler/update.go

@@ -1,23 +1,20 @@
 package handler
 
 import (
-	"sort"
-	"strings"
-
 	"github.com/sirupsen/logrus"
-	"github.com/stakater/Reloader/internal/pkg/callbacks"
-	"github.com/stakater/Reloader/internal/pkg/constants"
-	"github.com/stakater/Reloader/internal/pkg/crypto"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
 	"github.com/stakater/Reloader/internal/pkg/util"
-	"github.com/stakater/Reloader/pkg/kube"
-	"k8s.io/api/core/v1"
-	"k8s.io/client-go/kubernetes"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
 )
 
 // ResourceUpdatedHandler contains updated objects
 type ResourceUpdatedHandler struct {
 	Resource    interface{}
 	OldResource interface{}
+	Collectors  metrics.Collectors
+	Recorder    record.EventRecorder
 }
 
 // Handle processes the updated resource
@@ -25,162 +22,31 @@ func (r ResourceUpdatedHandler) Handle() error {
 	if r.Resource == nil || r.OldResource == nil {
 		logrus.Errorf("Resource update handler received nil resource")
 	} else {
-		config, envVarPostfix, oldSHAData := getConfig(r)
+		config, oldSHAData := r.GetConfig()
 		if config.SHAValue != oldSHAData {
-			logrus.Infof("Changes detected in %s of type '%s' in namespace: %s", config.ResourceName, envVarPostfix, config.Namespace)
+			// Send a webhook if update
+			if options.WebhookUrl != "" {
+				return sendUpgradeWebhook(config, options.WebhookUrl)
+			}
 			// process resource based on its type
-			rollingUpgrade(r, config, envVarPostfix, callbacks.RollingUpgradeFuncs{
-				ItemsFunc:      callbacks.GetDeploymentItems,
-				ContainersFunc: callbacks.GetDeploymentContainers,
-				UpdateFunc:     callbacks.UpdateDeployment,
-				ResourceType:   "Deployment",
-			})
-			rollingUpgrade(r, config, envVarPostfix, callbacks.RollingUpgradeFuncs{
-				ItemsFunc:      callbacks.GetDaemonSetItems,
-				ContainersFunc: callbacks.GetDaemonSetContainers,
-				UpdateFunc:     callbacks.UpdateDaemonSet,
-				ResourceType:   "DaemonSet",
-			})
-			rollingUpgrade(r, config, envVarPostfix, callbacks.RollingUpgradeFuncs{
-				ItemsFunc:      callbacks.GetStatefulSetItems,
-				ContainersFunc: callbacks.GetStatefulsetContainers,
-				UpdateFunc:     callbacks.UpdateStatefulset,
-				ResourceType:   "StatefulSet",
-			})
+			return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeReloadStrategy)
 		}
 	}
 	return nil
 }
 
-func rollingUpgrade(r ResourceUpdatedHandler, config util.Config, envarPostfix string, upgradeFuncs callbacks.RollingUpgradeFuncs) {
-	client, err := kube.GetClient()
-	if err != nil {
-		logrus.Fatalf("Unable to create Kubernetes client error = %v", err)
-	}
-
-	err = PerformRollingUpgrade(client, config, envarPostfix, upgradeFuncs)
-	if err != nil {
-		logrus.Errorf("Rolling upgrade for %s failed with error = %v", config.ResourceName, err)
-	}
-}
-
-func getConfig(r ResourceUpdatedHandler) (util.Config, string, string) {
-	var oldSHAData, envVarPostfix string
+// GetConfig gets configurations containing SHA, annotations, namespace and resource name
+func (r ResourceUpdatedHandler) GetConfig() (util.Config, string) {
+	var oldSHAData string
 	var config util.Config
 	if _, ok := r.Resource.(*v1.ConfigMap); ok {
-		oldSHAData = getSHAfromConfigmap(r.OldResource.(*v1.ConfigMap).Data)
-		config = getConfigmapConfig(r)
-		envVarPostfix = constants.ConfigmapEnvVarPostfix
+		oldSHAData = util.GetSHAfromConfigmap(r.OldResource.(*v1.ConfigMap))
+		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
 	} else if _, ok := r.Resource.(*v1.Secret); ok {
-		oldSHAData = getSHAfromSecret(r.OldResource.(*v1.Secret).Data)
-		config = getSecretConfig(r)
-		envVarPostfix = constants.SecretEnvVarPostfix
+		oldSHAData = util.GetSHAfromSecret(r.OldResource.(*v1.Secret).Data)
+		config = util.GetSecretConfig(r.Resource.(*v1.Secret))
 	} else {
 		logrus.Warnf("Invalid resource: Resource should be 'Secret' or 'Configmap' but found, %v", r.Resource)
 	}
-	return config, envVarPostfix, oldSHAData
-}
-
-func getConfigmapConfig(r ResourceUpdatedHandler) util.Config {
-	configmap := r.Resource.(*v1.ConfigMap)
-	return util.Config{
-		Namespace:    configmap.Namespace,
-		ResourceName: configmap.Name,
-		Annotation:   constants.ConfigmapUpdateOnChangeAnnotation,
-		SHAValue:     getSHAfromConfigmap(configmap.Data),
-	}
-}
-
-func getSecretConfig(r ResourceUpdatedHandler) util.Config {
-	secret := r.Resource.(*v1.Secret)
-	return util.Config{
-		Namespace:    secret.Namespace,
-		ResourceName: secret.Name,
-		Annotation:   constants.SecretUpdateOnChangeAnnotation,
-		SHAValue:     getSHAfromSecret(secret.Data),
-	}
-}
-
-// PerformRollingUpgrade upgrades the deployment if there is any change in configmap or secret data
-func PerformRollingUpgrade(client kubernetes.Interface, config util.Config, envarPostfix string, upgradeFuncs callbacks.RollingUpgradeFuncs) error {
-	items := upgradeFuncs.ItemsFunc(client, config.Namespace)
-	var err error
-	for _, i := range items {
-		containers := upgradeFuncs.ContainersFunc(i)
-		resourceName := util.ToObjectMeta(i).Name
-		// find correct annotation and update the resource
-		annotationValue := util.ToObjectMeta(i).Annotations[config.Annotation]
-		if annotationValue != "" {
-			values := strings.Split(annotationValue, ",")
-			for _, value := range values {
-				if value == config.ResourceName {
-					updated := updateContainers(containers, value, config.SHAValue, envarPostfix)
-					if !updated {
-						logrus.Warnf("Rolling upgrade failed because no container found to add environment variable in %s of type %s in namespace: %s", resourceName, upgradeFuncs.ResourceType, config.Namespace)
-					} else {
-						err = upgradeFuncs.UpdateFunc(client, config.Namespace, i)
-						if err != nil {
-							logrus.Errorf("Update for %s of type %s in namespace %s failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
-						} else {
-							logrus.Infof("Updated %s of type %s in namespace: %s ", resourceName, upgradeFuncs.ResourceType, config.Namespace)
-						}
-						break
-					}
-				}
-			}
-		}
-	}
-	return err
-}
-
-func updateContainers(containers []v1.Container, annotationValue string, shaData string, envarPostfix string) bool {
-	updated := false
-	envar := constants.EnvVarPrefix + util.ConvertToEnvVarName(annotationValue)+ "_" + envarPostfix
-	for i := range containers {
-		envs := containers[i].Env
-
-		//update if env var exists
-		updated = updateEnvVar(envs, envar, shaData)
-
-		// if no existing env var exists lets create one
-		if !updated {
-			e := v1.EnvVar{
-				Name:  envar,
-				Value: shaData,
-			}
-			containers[i].Env = append(containers[i].Env, e)
-			updated = true
-		}
-	}
-	return updated
-}
-
-func updateEnvVar(envs []v1.EnvVar, envar string, shaData string) bool {
-	for j := range envs {
-		if envs[j].Name == envar {
-			if envs[j].Value != shaData {
-				envs[j].Value = shaData
-				return true
-			}
-		}
-	}
-	return false
-}
-
-func getSHAfromConfigmap(data map[string]string) string {
-	values := []string{}
-	for k, v := range data {
-		values = append(values, k+"="+v)
-	}
-	sort.Strings(values)
-	return crypto.GenerateSHA(strings.Join(values, ";"))
-}
-
-func getSHAfromSecret(data map[string][]byte) string {
-	values := []string{}
-	for k, v := range data {
-		values = append(values, k+"="+string(v[:]))
-	}
-	sort.Strings(values)
-	return crypto.GenerateSHA(strings.Join(values, ";"))
+	return config, oldSHAData
 }

internal/pkg/handler/update_test.go

@@ -1,315 +0,0 @@
-package handler
-
-import (
-	"os"
-	"testing"
-	"time"
-
-	"github.com/sirupsen/logrus"
-	"github.com/stakater/Reloader/internal/pkg/callbacks"
-	"github.com/stakater/Reloader/internal/pkg/constants"
-	"github.com/stakater/Reloader/internal/pkg/testutil"
-	"github.com/stakater/Reloader/internal/pkg/util"
-	testclient "k8s.io/client-go/kubernetes/fake"
-)
-
-var (
-	client        = testclient.NewSimpleClientset()
-	namespace     = "test-handler-" + testutil.RandSeq(5)
-	configmapName = "testconfigmap-handler-" + testutil.RandSeq(5)
-	secretName    = "testsecret-handler-" + testutil.RandSeq(5)
-)
-
-func TestMain(m *testing.M) {
-
-	// Creating namespace
-	testutil.CreateNamespace(namespace, client)
-
-	logrus.Infof("Setting up the test resources")
-	setup()
-
-	logrus.Infof("Running Testcases")
-	retCode := m.Run()
-
-	logrus.Infof("tearing down the test resources")
-	teardown()
-
-	os.Exit(retCode)
-}
-
-func setup() {
-	// Creating configmap
-	_, err := testutil.CreateConfigMap(client, namespace, configmapName, "www.google.com")
-	if err != nil {
-		logrus.Errorf("Error in configmap creation: %v", err)
-	}
-
-	// Creating secret
-	data := "dGVzdFNlY3JldEVuY29kaW5nRm9yUmVsb2FkZXI="
-	_, err = testutil.CreateSecret(client, namespace, secretName, data)
-	if err != nil {
-		logrus.Errorf("Error in secret creation: %v", err)
-	}
-
-	// Creating Deployment with configmap
-	_, err = testutil.CreateDeployment(client, configmapName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in Deployment with configmap creation: %v", err)
-	}
-
-	// Creating Deployment with secret
-	_, err = testutil.CreateDeployment(client, secretName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in Deployment with secret creation: %v", err)
-	}
-
-	// Creating DaemonSet with configmap
-	_, err = testutil.CreateDaemonSet(client, configmapName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in DaemonSet with configmap creation: %v", err)
-	}
-
-	// Creating DaemonSet with secret
-	_, err = testutil.CreateDaemonSet(client, secretName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in DaemonSet with secret creation: %v", err)
-	}
-
-	// Creating StatefulSet with configmap
-	_, err = testutil.CreateStatefulSet(client, configmapName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in StatefulSet with configmap creation: %v", err)
-	}
-
-	// Creating StatefulSet with secret
-	_, err = testutil.CreateStatefulSet(client, secretName, namespace)
-	if err != nil {
-		logrus.Errorf("Error in StatefulSet with secret creation: %v", err)
-	}
-
-}
-
-func teardown() {
-	// Deleting Deployment with configmap
-	deploymentError := testutil.DeleteDeployment(client, namespace, configmapName)
-	if deploymentError != nil {
-		logrus.Errorf("Error while deleting deployment with configmap %v", deploymentError)
-	}
-
-	// Deleting Deployment with secret
-	deploymentError = testutil.DeleteDeployment(client, namespace, secretName)
-	if deploymentError != nil {
-		logrus.Errorf("Error while deleting deployment with secret %v", deploymentError)
-	}
-
-	// Deleting DaemonSet with configmap
-	daemonSetError := testutil.DeleteDaemonSet(client, namespace, configmapName)
-	if daemonSetError != nil {
-		logrus.Errorf("Error while deleting daemonSet with configmap %v", daemonSetError)
-	}
-
-	// Deleting Deployment with secret
-	daemonSetError = testutil.DeleteDaemonSet(client, namespace, secretName)
-	if daemonSetError != nil {
-		logrus.Errorf("Error while deleting daemonSet with secret %v", daemonSetError)
-	}
-
-	// Deleting StatefulSet with configmap
-	statefulSetError := testutil.DeleteStatefulSet(client, namespace, configmapName)
-	if statefulSetError != nil {
-		logrus.Errorf("Error while deleting statefulSet with configmap %v", statefulSetError)
-	}
-
-	// Deleting Deployment with secret
-	statefulSetError = testutil.DeleteStatefulSet(client, namespace, secretName)
-	if statefulSetError != nil {
-		logrus.Errorf("Error while deleting statefulSet with secret %v", statefulSetError)
-	}
-
-	// Deleting Configmap
-	err := testutil.DeleteConfigMap(client, namespace, configmapName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the configmap %v", err)
-	}
-
-	// Deleting Secret
-	err = testutil.DeleteSecret(client, namespace, secretName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the secret %v", err)
-	}
-
-	// Deleting namespace
-	testutil.DeleteNamespace(namespace, client)
-
-}
-
-func TestRollingUpgradeForDeploymentWithConfigmap(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, configmapName, "www.stakater.com")
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: configmapName,
-		SHAValue:     shaData,
-		Annotation:   constants.ConfigmapUpdateOnChangeAnnotation,
-	}
-	deploymentFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDeploymentItems,
-		ContainersFunc: callbacks.GetDeploymentContainers,
-		UpdateFunc:     callbacks.UpdateDeployment,
-		ResourceType:   "Deployment",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.ConfigmapEnvVarPostfix, deploymentFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for Deployment with Configmap")
-	}
-
-	logrus.Infof("Verifying deployment update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.ConfigmapEnvVarPostfix, deploymentFuncs)
-	if !updated {
-		t.Errorf("Deployment was not updated")
-	}
-}
-
-func TestRollingUpgradeForDeploymentWithSecret(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretName, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy")
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: secretName,
-		SHAValue:     shaData,
-		Annotation:   constants.SecretUpdateOnChangeAnnotation,
-	}
-	deploymentFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDeploymentItems,
-		ContainersFunc: callbacks.GetDeploymentContainers,
-		UpdateFunc:     callbacks.UpdateDeployment,
-		ResourceType:   "Deployment",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.SecretEnvVarPostfix, deploymentFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for Deployment with Secret")
-	}
-
-	logrus.Infof("Verifying deployment update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.SecretEnvVarPostfix, deploymentFuncs)
-	if !updated {
-		t.Errorf("Deployment was not updated")
-	}
-}
-
-func TestRollingUpgradeForDaemonSetWithConfigmap(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapName, "www.facebook.com")
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: configmapName,
-		SHAValue:     shaData,
-		Annotation:   constants.ConfigmapUpdateOnChangeAnnotation,
-	}
-	daemonSetFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDaemonSetItems,
-		ContainersFunc: callbacks.GetDaemonSetContainers,
-		UpdateFunc:     callbacks.UpdateDaemonSet,
-		ResourceType:   "DaemonSet",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.ConfigmapEnvVarPostfix, daemonSetFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for DaemonSet with configmap")
-	}
-
-	logrus.Infof("Verifying daemonSet update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.ConfigmapEnvVarPostfix, daemonSetFuncs)
-	if !updated {
-		t.Errorf("DaemonSet was not updated")
-	}
-}
-
-func TestRollingUpgradeForDaemonSetWithSecret(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretName, "d3d3LmZhY2Vib29rLmNvbQ==")
-
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: secretName,
-		SHAValue:     shaData,
-		Annotation:   constants.SecretUpdateOnChangeAnnotation,
-	}
-	daemonSetFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDaemonSetItems,
-		ContainersFunc: callbacks.GetDaemonSetContainers,
-		UpdateFunc:     callbacks.UpdateDaemonSet,
-		ResourceType:   "DaemonSet",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.SecretEnvVarPostfix, daemonSetFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for DaemonSet with secret")
-	}
-
-	logrus.Infof("Verifying daemonSet update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.SecretEnvVarPostfix, daemonSetFuncs)
-	if !updated {
-		t.Errorf("DaemonSet was not updated")
-	}
-}
-
-func TestRollingUpgradeForStatefulSetWithConfigmap(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapName, "www.twitter.com")
-
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: configmapName,
-		SHAValue:     shaData,
-		Annotation:   constants.ConfigmapUpdateOnChangeAnnotation,
-	}
-	statefulSetFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetStatefulSetItems,
-		ContainersFunc: callbacks.GetStatefulsetContainers,
-		UpdateFunc:     callbacks.UpdateStatefulset,
-		ResourceType:   "StatefulSet",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.ConfigmapEnvVarPostfix, statefulSetFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for StatefulSet with configmap")
-	}
-
-	logrus.Infof("Verifying statefulSet update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.ConfigmapEnvVarPostfix, statefulSetFuncs)
-	if !updated {
-		t.Errorf("StatefulSet was not updated")
-	}
-}
-
-func TestRollingUpgradeForStatefulSetWithSecret(t *testing.T) {
-	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretName, "d3d3LnR3aXR0ZXIuY29t")
-
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: secretName,
-		SHAValue:     shaData,
-		Annotation:   constants.SecretUpdateOnChangeAnnotation,
-	}
-	statefulSetFuncs := callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetStatefulSetItems,
-		ContainersFunc: callbacks.GetStatefulsetContainers,
-		UpdateFunc:     callbacks.UpdateStatefulset,
-		ResourceType:   "StatefulSet",
-	}
-
-	err := PerformRollingUpgrade(client, config, constants.SecretEnvVarPostfix, statefulSetFuncs)
-	time.Sleep(5 * time.Second)
-	if err != nil {
-		t.Errorf("Rolling upgrade failed for StatefulSet with secret")
-	}
-
-	logrus.Infof("Verifying statefulSet update")
-	updated := testutil.VerifyResourceUpdate(client, config, constants.SecretEnvVarPostfix, statefulSetFuncs)
-	if !updated {
-		t.Errorf("StatefulSet was not updated")
-	}
-}