Merge pull request #956 from stakater/msafwankarim-patch-1

Update Workflow to not push the image

.github/workflows/pull_request_docs.yaml

@@ -22,10 +22,11 @@ jobs:
       DOC_SRC: docs
       MD_LINT_CONFIG: .markdownlint.yaml
   build:
-    uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.131
+    uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.132
     with:
       DOCKER_FILE_PATH: Dockerfile-docs
       CONTAINER_REGISTRY_URL: ghcr.io/stakater
+      PUSH_IMAGE: false
     secrets:
       CONTAINER_REGISTRY_USERNAME: ${{ github.actor }}
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }}

.github/workflows/push-helm-chart.yaml

@@ -1,6 +1,6 @@
 name: Push Helm Chart
 
-# TODO: fix: workflows have a problem where only code owners' PRs get the actions running 
+# TODO: fix: workflows have a problem where only code owners' PRs get the actions running
 
 on:
   pull_request:
@@ -11,6 +11,7 @@ on:
     paths:
       - 'deployments/kubernetes/chart/reloader/**'
       - '.github/workflows/push-helm-chart.yaml'
+      - '.github/workflows/release-helm-chart.yaml'
 
 env:
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
@@ -72,7 +73,7 @@ jobs:
           exit 1
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.8.1
+        uses: sigstore/cosign-installer@v3.8.2
 
       - name: Login to GHCR Registry
         uses: docker/login-action@v3
@@ -104,6 +105,13 @@ jobs:
           commit_username: stakater-user
           commit_email: stakater@gmail.com
 
+      - name: Push new chart tag
+        uses: anothrNick/github-tag-action@1.71.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          WITH_V: false
+          CUSTOM_TAG: chart-v${{ steps.new_chart_version.outputs.result }}
+
       - name: Notify Slack
         uses: 8398a7/action-slack@v3
         if: always() # Pick up events even if the job fails or is canceled.

.github/workflows/release-helm-chart.yaml

@@ -0,0 +1,39 @@
+name: Release Helm chart
+
+on:
+  push:
+    tags:
+      - "chart-v*"
+
+permissions:
+  contents: write
+
+jobs:
+  release-helm-chart:
+    name: Release Helm chart
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+        run: |
+          gh release create "$tag" \
+              --repo="$GITHUB_REPOSITORY" \
+              --title="Helm chart ${tag#chart-}" \
+              --generate-notes
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always()
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}

.github/workflows/release.yaml

@@ -1,8 +1,9 @@
 name: Release Go project
 
 on:
-  release:
-    types: [published]
+  push:
+    tags:
+      - "v*"
 
 env:
   DOCKER_FILE_PATH: Dockerfile
@@ -12,7 +13,7 @@ env:
   REGISTRY: ghcr.io
 
 jobs:
-  build:
+  release:
 
     permissions:
       contents: read
@@ -193,22 +194,6 @@ jobs:
       ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
       ##############################
 
-      # # Generate tag for operator without "v"
-      # - name: Generate Operator Tag
-      #   id: generate_operator_tag
-      #   uses: anothrNick/github-tag-action@1.70.0
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-      #     WITH_V: false
-      #     DEFAULT_BUMP: patch
-      #     DRY_RUN: true
-
-      # # Update chart tag to the latest semver tag
-      # - name: Update Chart Version
-      #   env:
-      #     VERSION: ${{ steps.generate_operator_tag.outputs.RELEASE_VERSION }}
-      #   run: make bump-chart
-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@master
         with:

.goreleaser.yml

@@ -18,10 +18,7 @@ snapshot:
 checksum:
   name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt"
 changelog:
-  sort: asc
-  filters:
-    exclude:
-    - '^docs:'
-    - '^test:'
+  # It will be generated manually as part of making a new GitHub release
+  disable: true
 env_files:
   github_token: /home/jenkins/.apitoken/hub

.markdownlint.yaml

@@ -3,4 +3,6 @@
   "MD013": false,
   "MD024": false,
   "MD029": { "style": one },
+  "MD033": false,
+  "MD041": false,
 }

.vale.ini

@@ -1,7 +1,7 @@
 StylesPath = styles
 MinAlertLevel = warning
 
-Packages = https://github.com/stakater/vale-package/releases/download/v0.0.58/Stakater.zip
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.77/Stakater.zip
 Vocab = Stakater
 
 # Only check MarkDown files

Dockerfile

@@ -2,7 +2,7 @@ ARG BUILDER_IMAGE
 ARG BASE_IMAGE
 
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.24.1} AS builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.24.4} AS builder
 
 ARG TARGETOS
 ARG TARGETARCH

Makefile

@@ -46,7 +46,6 @@ GOLANGCI_LINT_VERSION ?= v1.57.2
 YQ_VERSION ?= v4.27.5
 YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(OS)_$(ARCH)"
 
-
 .PHONY: yq
 yq: $(YQ) ## Download YQ locally if needed
 $(YQ):
@@ -58,7 +57,6 @@ $(YQ):
 	@chmod +x $(YQ)
 	@echo "yq downloaded successfully to $(YQ)."
 
-
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
@@ -157,12 +155,6 @@ k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'mani
 update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder
 	sed -i 's/image:.*/image: \"ghcr.io\/stakater\/reloader:v$(VERSION)"/g' deployments/kubernetes/manifests/deployment.yaml
 
-# Bump Chart
-bump-chart: 
-	sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml
-	sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
-	sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
-
 YQ_VERSION = v4.42.1
 YQ_BIN = $(shell pwd)/yq
 CURRENT_ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')

README.md

@@ -1,4 +1,6 @@
-# ![Reloader-logo](assets/web/reloader-round-100px.png) Reloader
+<p align="center">
+  <img src="assets/web/reloader.jpg" alt="Reloader" width="40%"/>
+</p>
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/stakater/reloader?style=flat-square)](https://goreportcard.com/report/github.com/stakater/reloader)
 [![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](https://godoc.org/github.com/stakater/reloader)
@@ -7,270 +9,233 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
 [![Docker Stars](https://img.shields.io/docker/stars/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
 [![license](https://img.shields.io/github/license/stakater/reloader.svg?style=flat-square)](LICENSE)
-[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](https://stakater.com/?utm_source=Reloader&utm_medium=github)
 
-## Problem
+## 🔁 What is Reloader?
 
-We would like to watch if some change happens in `ConfigMap` and/or `Secret`; then perform a rolling upgrade on relevant `DeploymentConfig`, `Deployment`, `Daemonset`, `Statefulset` and `Rollout`
+Reloader is a Kubernetes controller that automatically triggers rollouts of workloads (like Deployments, StatefulSets, and more) whenever referenced `Secrets` or `ConfigMaps` are updated.
 
-## Solution
+In a traditional Kubernetes setup, updating a `Secret` or `ConfigMap` does not automatically restart or redeploy your workloads. This can lead to stale configurations running in production, especially when dealing with dynamic values like credentials, feature flags, or environment configs.
 
-Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `DeploymentConfigs`, `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts`.
+Reloader bridges that gap by ensuring your workloads stay in sync with configuration changes — automatically and safely.
 
-## Enterprise Version
+## 🚀 Why Reloader?
 
-Reloader is available in two different versions:
+- ✅ **Zero manual restarts**: No need to manually rollout workloads after config/secret changes.
+- 🔒 **Secure by design**: Ensure your apps always use the most up-to-date credentials or tokens.
+- 🛠️ **Flexible**: Works with all major workload types — Deployment, StatefulSet, Daemonset, ArgoRollout, and more.
+- ⚡ **Fast feedback loop**: Ideal for CI/CD pipelines where secrets/configs change frequently.
+- 🔄 **Out-of-the-box integration**: Just label your workloads and let Reloader do the rest.
 
-1. Open Source Version
-1. Enterprise Version, which includes:
-   - SLA (Service Level Agreement) for support and unique requests
-   - Slack support
-   - Certified images
+## 🔧 How It Works?
 
-Contact [`sales@stakater.com`](mailto:sales@stakater.com) for info about Reloader Enterprise.
+```mermaid
+flowchart LR
+  ExternalSecret -->|Creates| Secret
+  SealedSecret -->|Creates| Secret
+  Certificate -->|Creates| Secret
+  Secret -->|Watched by| Reloader
+  ConfigMap -->|Watched by| Reloader
 
-## Compatibility
+  Reloader -->|Triggers Rollout| Deployment
+  Reloader -->|Triggers Rollout| DeploymentConfig
+  Reloader -->|Triggers Rollout| Daemonset
+  Reloader -->|Triggers Rollout| Statefulset
+  Reloader -->|Triggers Rollout| ArgoRollout
+  Reloader -->|Triggers Job| CronJob
+  Reloader -->|Sends Notification| Slack,Teams,Webhook
+```
 
-Reloader is compatible with Kubernetes >= 1.19
+- Sources like `ExternalSecret`, `SealedSecret`, or `Certificate` from `cert-manager` can create or manage Kubernetes `Secrets` — but they can also be created manually or delivered through GitOps workflows.
+- `Secrets` and `ConfigMaps` are watched by Reloader.
+- When changes are detected, Reloader automatically triggers a rollout of the associated workloads, ensuring your app always runs with the latest configuration.
 
-## How to use Reloader
+## ⚡ Quick Start
 
-You have a `Deployment` called `foo` and a `ConfigMap` and/or a `Secret` either mounted as a volume or defined as a environment variable. The `ConfigMap` and `Secret` can be named whatever, but for the sake of this example, lets refer to the `ConfigMap` as `foo-configmap` and the secret as `foo-secret`.
+### 1. Install Reloader
 
-Add the annotation to the main metadata of your `Deployment`. By default this would be `reloader.stakater.com/auto`.
+Follow any of this [installation options](#-installation).
+
+### 2. Annotate Your Workload
+
+To enable automatic reload for a Deployment:
 
 ```yaml
+apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: foo
+  name: my-app
   annotations:
     reloader.stakater.com/auto: "true"
 spec:
   template:
     metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: app
+          image: your-image
+          envFrom:
+            - configMapRef:
+                name: my-config
+            - secretRef:
+                name: my-secret
 ```
 
-This will discover deploymentconfigs/deployments/daemonsets/statefulset/rollouts/cronjobs/jobs automatically where `foo-configmap` or `foo-secret` is being used either via environment variable or from volume mount. And it will perform rolling upgrade on related pods when `foo-configmap` or `foo-secret`are updated.
+This tells Reloader to watch the `ConfigMap` and `Secret` referenced in this deployment. When either is updated, it will trigger a rollout.
 
-You can filter it by the type of monitored resource and use typed versions of `auto` annotation. If you want to discover changes only in mounted `Secret`s and ignore changes in `ConfigMap`s, add `secret.reloader.stakater.com/auto` annotation instead. Analogously, you can use `configmap.reloader.stakater.com/auto` annotation to look for changes in mounted `ConfigMap`, changes in any of mounted `Secret`s will not trigger a rolling upgrade on related pods.
+## 🏢 Enterprise Version
 
-You can also restrict this discovery to only `ConfigMap` or `Secret` objects that
-are tagged with a special annotation. To take advantage of that, annotate
-your deploymentconfigs/deployments/daemonsets/statefulset/rollouts/cronjobs/jobs like this:
+Stakater offers an enterprise-grade version of Reloader with:
+
+1. SLA-backed support
+1. Certified images
+1. Private Slack support
+
+Contact [`sales@stakater.com`](mailto:sales@stakater.com) for info about Reloader Enterprise.
+
+## 🧩 Usage
+
+Reloader supports multiple annotation-based controls to let you **customize when and how your Kubernetes workloads are reloaded** upon changes in `Secrets` or `ConfigMaps`.
+
+Kubernetes does not trigger pod restarts when a referenced `Secret` or `ConfigMap` is updated. Reloader bridges this gap by watching for changes and automatically performing rollouts — but it gives you full control via annotations, so you can:
+
+- Reload **all** resources by default
+- Restrict reloads to only **Secrets** or only **ConfigMaps**
+- Watch only **specific resources**
+- Use **opt-in via tagging** (`search` + `match`)
+- Exclude workloads you don’t want to reload
+
+### 1. 🔁 Automatic Reload (Default)
+
+Use these annotations to automatically restart the workload when referenced `Secrets` or `ConfigMaps` change.
+
+| Annotation                                 | Description                                                          |
+|--------------------------------------------|----------------------------------------------------------------------|
+| `reloader.stakater.com/auto: "true"`       | Reloads workload when any referenced ConfigMap or Secret changes     |
+| `secret.reloader.stakater.com/auto: "true"`| Reloads only when referenced Secret(s) change                        |
+| `configmap.reloader.stakater.com/auto: "true"`| Reloads only when referenced ConfigMap(s) change                  |
+
+### 2. 📛 Named Resource Reload (Specific Resource Annotations)
+
+These annotations allow you to manually define which ConfigMaps or Secrets should trigger a reload, regardless of whether they're used in the pod spec.
+
+| Annotation                                          | Description                                                                          |
+|-----------------------------------------------------|--------------------------------------------------------------------------------------|
+| `secret.reloader.stakater.com/reload: "my-secret"`  | Reloads when specific Secret(s) change, regardless of how they're used              |
+| `configmap.reloader.stakater.com/reload: "my-config"`| Reloads when specific ConfigMap(s) change, regardless of how they're used         |
+
+#### Use when
+
+1. ✅ This is useful in tightly scoped scenarios where config is shared but reloads are only relevant in certain cases.
+1. ✅ Use this when you know exactly which resource(s) matter and want to avoid auto-discovery or searching altogether.
+
+### 3. 🎯 Targeted Reload (Match + Search Annotations)
+
+This pattern allows fine-grained reload control — workloads only restart if the Secret/ConfigMap is both:
+
+1. Referenced by the workload
+1. Explicitly annotated with `match: true`
+
+| Annotation                                | Applies To   | Description                                                                 |
+|-------------------------------------------|--------------|-----------------------------------------------------------------------------|
+| `reloader.stakater.com/search: "true"`    | Workload     | Enables search mode (only reloads if matching secrets/configMaps are found) |
+| `reloader.stakater.com/match: "true"`     | ConfigMap/Secret | Marks the config/secret as eligible for reload in search mode              |
+
+#### How it works
+
+1. The workload must have: `reloader.stakater.com/search: "true"`
+1. The ConfigMap or Secret must have: `reloader.stakater.com/match: "true"`
+1. The resource (ConfigMap or Secret) must also be referenced in the workload (via env, `volumeMount`, etc.)
+
+#### Use when
+
+1. ✅ You want to reload a workload only if it references a ConfigMap or Secret that has been explicitly tagged with `reloader.stakater.com/match: "true"`.
+1. ✅ Use this when you want full control over which shared or system-wide resources trigger reloads. Great in multi-tenant clusters or shared configs.
+
+### 4. ⚙️ Workload-Specific Rollout Strategy
+
+By default, Reloader uses the **rollout** strategy — it updates the pod template to trigger a new rollout. This works well in most cases, but it can cause problems if you're using GitOps tools like ArgoCD, which detect this as configuration drift.
+
+To avoid that, you can switch to the **restart** strategy, which simply restarts the pod without changing the pod template.
 
 ```yaml
-kind: Deployment
 metadata:
   annotations:
-    reloader.stakater.com/search: "true"
-spec:
-  template:
+    reloader.stakater.com/rollout-strategy: "restart"
 ```
 
-and Reloader will trigger the rolling upgrade upon modification of any
-`ConfigMap` or `Secret` annotated like this:
+| Value              | Behavior                                                        |
+|--------------------|-----------------------------------------------------------------|
+| `rollout` (default) | Updates pod template metadata to trigger a rollout             |
+| `restart`           | Deletes the pod to restart it without patching the template    |
+
+✅ Use `restart` if:
+
+1. You're using GitOps and want to avoid drift
+1. You want a quick restart without changing the workload spec
+1. Your platform restricts metadata changes
+
+### 5. ❗ Annotation Behavior Rules & Compatibility
+
+- `reloader.stakater.com/auto` and `reloader.stakater.com/search` **cannot be used together** — the `auto` annotation takes precedence.
+- If both `auto` and its typed versions (`secret.reloader.stakater.com/auto`, `configmap.reloader.stakater.com/auto`) are used, **only one needs to be true** to trigger a reload.
+- Setting `reloader.stakater.com/auto: "false"` explicitly disables reload for that workload.
+- If `--auto-reload-all` is enabled on the controller:
+    - All workloads are treated as if they have `auto: "true"` unless they explicitly set it to `"false"`.
+    - Missing or unrecognized annotation values are treated as `"false"`.
+
+### 6. 🔔 Alerting on Reload
+
+Reloader can optionally **send alerts** whenever it triggers a rolling upgrade for a workload (e.g., `Deployment`, `StatefulSet`, etc.).
+
+These alerts are sent to a configured **webhook endpoint**, which can be a generic receiver or services like Slack or Microsoft Teams.
+
+To enable this feature, update the `reloader.env.secret` section in your `values.yaml` (when installing via Helm):
 
 ```yaml
-kind: ConfigMap
-metadata:
-  annotations:
-    reloader.stakater.com/match: "true"
-data:
-  key: value
+reloader:
+  env:
+    secret:
+      ALERT_ON_RELOAD: "true"                    # Enable alerting (default: false)
+      ALERT_SINK: "slack"                        # Options: slack, teams, webhook (default: webhook)
+      ALERT_WEBHOOK_URL: "<your-webhook-url>"    # Required if ALERT_ON_RELOAD is true
+      ALERT_ADDITIONAL_INFO: "Triggered by Reloader in staging environment"
 ```
 
-provided the secret/configmap is being used in an environment variable, or a
-volume mount.
+## 🚀 Installation
 
-Please note that `reloader.stakater.com/search` and
-`reloader.stakater.com/auto` do not work together. If you have the
-`reloader.stakater.com/auto: "true"` annotation on your deployment, then it
-will always restart upon a change in configmaps or secrets it uses, regardless
-of whether they have the `reloader.stakater.com/match: "true"` annotation or
-not.
+### 1. 📦 Helm
 
-Similarly, `reloader.stakater.com/auto` and its typed version (`secret.reloader.stakater.com/auto` or `configmap.reloader.stakater.com/auto`) do not work together. If you have both annotations in your deployment, then only one of them needs to be true to trigger the restart. For example, having both `reloader.stakater.com/auto: "true"` and `secret.reloader.stakater.com/auto: "false"` or both `reloader.stakater.com/auto: "false"` and `secret.reloader.stakater.com/auto: "true"` will restart upon a change in a secret it uses.
+Reloader can be installed in multiple ways depending on your Kubernetes setup and preference. Below are the supported methods:
 
-We can also specify a specific configmap or secret which would trigger rolling upgrade only upon change in our specified configmap or secret, this way, it will not trigger rolling upgrade upon changes in all configmaps or secrets used in a `deploymentconfig`, `deployment`, `daemonset`, `statefulset`, `rollout`, `cronJob` or `job`.
-To do this either set the auto annotation to `"false"` (`reloader.stakater.com/auto: "false"`) or remove it altogether, and use annotations for [Configmap](.#Configmap) or [Secret](.#Secret).
-
-It's also possible to enable auto reloading for all resources, by setting the `--auto-reload-all` flag.
-In this case, all resources that do not have the auto annotation (or its typed version) set to `"false"`, will be reloaded automatically when their Configmaps or Secrets are updated.
-Notice that setting the auto annotation to an undefined value counts as false as-well.
-
-### Configmap
-
-To perform rolling upgrade when change happens only on specific configmaps use below annotation.
-
-For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment`
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    configmap.reloader.stakater.com/reload: "foo-configmap"
-spec:
-  template:
-    metadata:
+```bash
+helm repo add stakater https://stakater.github.io/stakater-charts
+helm repo update
+helm install reloader stakater/reloader
 ```
 
-Use comma separated list to define multiple configmaps.
+➡️ See full Helm configuration in the [chart README](./deployments/kubernetes/chart/reloader/README.md).
 
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap"
-spec:
-  template:
-    metadata:
-```
+### 2. 📄 Vanilla Manifests
 
-### Secret
-
-To perform rolling upgrade when change happens only on specific secrets use below annotation.
-
-For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment`
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    secret.reloader.stakater.com/reload: "foo-secret"
-spec:
-  template:
-    metadata:
-```
-
-Use comma separated list to define multiple secrets.
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    secret.reloader.stakater.com/reload: "foo-secret,bar-secret,baz-secret"
-spec:
-  template:
-    metadata:
-```
-
-### NOTES
-
-- Reloader also supports [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets). [Here](docs/Reloader-with-Sealed-Secrets.md) are the steps to use sealed-secrets with Reloader.
-- For [`rollouts`](https://github.com/argoproj/argo-rollouts/) Reloader simply triggers a change is up to you how you configure the `rollout` strategy.
-- `reloader.stakater.com/auto: "true"` will only reload the pod, if the configmap or secret is used (as a volume mount or as an env) in `DeploymentConfigs/Deployment/Daemonsets/Statefulsets/CronJobs/Jobs`
-- `secret.reloader.stakater.com/reload` or `configmap.reloader.stakater.com/reload` annotation will reload the pod upon changes in specified configmap or secret, irrespective of the usage of configmap or secret.
-- you may override the auto annotation with the `--auto-annotation` flag
-- you may override the secret typed auto annotation with the `--secret-auto-annotation` flag
-- you may override the configmap typed auto annotation with the `--configmap-auto-annotation` flag
-- you may override the search annotation with the `--auto-search-annotation` flag
-  and the match annotation with the `--search-match-annotation` flag
-- you may override the configmap annotation with the `--configmap-annotation` flag
-- you may override the secret annotation with the `--secret-annotation` flag
-- you may want to prevent watching certain namespaces with the `--namespaces-to-ignore` flag
-- you may want to watch only a set of namespaces with certain labels by using the `--namespace-selector` flag
-- you may want to watch only a set of secrets/configmaps with certain labels by using the `--resource-label-selector` flag
-- you may want to prevent watching certain resources with the `--resources-to-ignore` flag
-- you can configure logging in JSON format with the `--log-format=json` option
-- you can configure the "reload strategy" with the `--reload-strategy=<strategy-name>` option (details below)
-- you can configure rollout reload strategy with `reloader.stakater.com/rollout-strategy` annotation, `restart` or `rollout` values are available (defaults to `rollout`)
-
-## Reload Strategies
-
-Reloader supports multiple "reload" strategies for performing rolling upgrades to resources. The following list describes them:
-
-- **env-vars**: When a tracked `configMap`/`secret` is updated, this strategy attaches a Reloader specific environment variable to any containers referencing the changed `configMap` or `secret` on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.). This strategy can be specified with the `--reload-strategy=env-vars` argument. Note: This is the default reload strategy.
-- **annotations**: When a tracked `configMap`/`secret` is updated, this strategy attaches a `reloader.stakater.com/last-reloaded-from` pod template annotation on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.). This strategy is useful when using resource syncing tools like ArgoCD, since it will not cause these tools to detect configuration drift after a resource is reloaded. Note: Since the attached pod template annotation only tracks the last reload source, this strategy will reload any tracked resource should its `configMap` or `secret` be deleted and recreated. This strategy can be specified with the `--reload-strategy=annotations` argument.
-
-## Deploying to Kubernetes
-
-You can deploy Reloader by following methods:
-
-### Vanilla Manifests
-
-You can apply vanilla manifests by changing `RELEASE-NAME` placeholder provided in manifest with a proper value and apply it by running the command given below:
+Apply raw Kubernetes manifests directly:
 
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
 ```
 
-By default, Reloader gets deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces. Additionally, in the default Reloader deployment, the following resource limits and requests are set:
+### 3. 🧱 Vanilla Kustomize
 
-```yaml
-resources:
-  limits:
-    cpu: 150m
-    memory: 512Mi
-  requests:
-    cpu: 10m
-    memory: 128Mi
-```
-
-Reloader can be configured to ignore the resources `secrets` and `configmaps` by passing the following arguments (`spec.template.spec.containers.args`) to its container:
-
-| Argument                           | Description          |
-| ---------------------------------- | -------------------- |
-| `--resources-to-ignore=configMaps` | To ignore configmaps |
-| `--resources-to-ignore=secrets`    | To ignore secrets    |
-
-**Note:** At one time only one of these resource can be ignored, trying to do it will cause error in Reloader. Workaround for ignoring both resources is by scaling down the Reloader pods to `0`.
-
-Reloader can be configured to only watch secrets/configmaps with one or more labels using the `--resource-label-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
-
-**Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
-
-These selectors can be combined, for example with:
-
-```yaml
---resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3)
-```
-
-Only configmaps or secrets labeled like the following will be watched:
-
-```yaml
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  labels:
-    reloader: enabled
-    key-exists: yes
-    another-label: value1
-```
-
-Reloader can be configured to only watch namespaces labeled with one or more labels using the `--namespace-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
-
-**Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
-
-These selectors can be combined, for example with:
-
-```yaml
---namespace-selector=reloader=enabled,test=true
-```
-
-Only namespaces labeled as below would be watched and eligible for reloads:
-
-```yaml
-kind: Namespace
-apiVersion: v1
-metadata:
-  labels:
-    reloader: enabled
-    test: true
-```
-
-### Vanilla Kustomize
-
-You can also apply the vanilla manifests by running the following command
+Use the built-in Kustomize support:
 
 ```bash
 kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes
 ```
 
-Similarly to vanilla manifests get deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
+### 4. 🛠️ Custom Kustomize Setup
 
-### Kustomize
-
-You can write your own `kustomization.yaml` using ours as a 'base' and write patches to tweak the configuration.
+You can create your own `kustomization.yaml` and use Reloader’s as a base:
 
 ```yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
@@ -282,29 +247,84 @@ resources:
 namespace: reloader
 ```
 
-### Helm Chart
+### 5. ⚖️ Default Resource Requests and Limits
 
-The Reloader Helm chart is documented in the [chart README](./deployments/kubernetes/chart/reloader/README.md).
+By default, Reloader is deployed with the following resource requests and limits:
 
-#### Additional Remarks
+```yaml
+resources:
+  limits:
+    cpu: 150m
+    memory: 512Mi
+  requests:
+    cpu: 10m
+    memory: 128Mi
+```
 
-- Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configmap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
-- At one time only one of the resources `ignoreConfigMaps` or `ignoreSecrets` can be ignored, trying to do both will cause error in helm template compilation
-- Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions
-- `isOpenShift` Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via `deployment.securityContext.runAsUser=null` and let OpenShift assign it at install
-- `reloadOnCreate` controls how Reloader handles secrets being added to the cache for the first time. If `reloadOnCreate` is set to true:
-  1. Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload
-  1. When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload
-  1. If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected
-- `reloadOnDelete` controls how Reloader handles secrets being deleted. If `reloadOnDelete` is set to true:
-  1. Configmaps/secrets being deleted will cause Reloader to perform a rolling update of the associated workload
-- `serviceMonitor` will be removed in future releases of Reloader in favour of Pod monitor
-- If `reloadOnCreate` is set to false:
-  1. Updates to configmaps/secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs
-  1. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration
-- If `reloadOnDelete` is set to false:
-  1. Deleting of configmaps/secrets has no effect to pods that references these resources.
-- By default, `reloadOnCreate`, `reloadOnDelete` and `syncAfterRestart` are all set to false. All need to be enabled explicitly
+### 6. ⚙️ Optional runtime configurations
+
+These flags let you customize Reloader's behavior globally, at the Reloader controller level.
+
+#### 1. 🔁 Reload Behavior
+
+| Flag | Description |
+|------|-------------|
+| `--reload-on-create=true` | Reload workloads when a watched ConfigMap or Secret is created |
+| `--reload-on-delete=true` | Reload workloads when a watched ConfigMap or Secret is deleted |
+| `--auto-reload-all=true` | Automatically reload all workloads unless opted out (`auto: "false"`) |
+| `--reload-strategy=env-vars` | Strategy to use for triggering reload (`env-vars` or `annotations`) |
+| `--log-format=json` | Enable JSON-formatted logs for better machine readability |
+
+##### Reload Strategies
+
+Reloader supports multiple strategies for triggering rolling updates when a watched `ConfigMap` or `Secret` changes. You can configure the strategy using the `--reload-strategy` flag.
+
+| Strategy     | Description |
+|--------------|-------------|
+| `env-vars` (default) | Adds a dummy environment variable to any container referencing the changed resource (e.g., `Deployment`, `StatefulSet`, etc.). This forces Kubernetes to perform a rolling update. |
+| `annotations` | Adds a `reloader.stakater.com/last-reloaded-from` annotation to the pod template metadata. Ideal for GitOps tools like ArgoCD, as it avoids triggering unwanted sync diffs. |
+
+- The `env-vars` strategy is the default and works in most setups.
+- The `annotations` strategy is preferred in **GitOps environments** to prevent config drift in tools like ArgoCD or Flux.
+- In `annotations` mode, a `ConfigMap` or `Secret` that is deleted and re-created will still trigger a reload (since previous state is not tracked).
+
+#### 2. 🚫 Resource Filtering
+
+| Flag | Description |
+|------|-------------|
+| `--resources-to-ignore=configmaps` | Ignore ConfigMaps (only one type can be ignored at a time) |
+| `--resources-to-ignore=secrets` | Ignore Secrets (cannot combine with configMaps) |
+| `--resource-label-selector=key=value` | Only watch ConfigMaps/Secrets with matching labels |
+
+> **⚠️ Note:**  
+> Only **one** resource type can be ignored at a time.  
+> Trying to ignore **both `configmaps` and `secrets`** will cause an error in Reloader.  
+> ✅ **Workaround:** Scale the Reloader deployment to `0` replicas if you want to disable it completely.
+
+#### 3. 🧩 Namespace Filtering
+
+| Flag | Description |
+|------|-------------|
+| `--namespace-selector='key=value'` <br /> <br />`--namespace-selector='key1=value1,key2=value2'` <br /> <br />`--namespace-selector='key in (value1,value2)'`| Watch only namespaces with matching labels. See [LIST and WATCH filtering](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering) for more details on label selectors |
+| `--namespaces-to-ignore=ns1,ns2` | Skip specific namespaces from being watched |
+
+#### 4. 📝 Annotation Key Overrides
+
+These flags allow you to redefine annotation keys used in your workloads or resources:
+
+| Flag | Overrides |
+|------|-----------|
+| `--auto-annotation` | Overrides `reloader.stakater.com/auto` |
+| `--secret-auto-annotation` | Overrides `secret.reloader.stakater.com/auto` |
+| `--configmap-auto-annotation` | Overrides `configmap.reloader.stakater.com/auto` |
+| `--auto-search-annotation` | Overrides `reloader.stakater.com/search` |
+| `--search-match-annotation` | Overrides `reloader.stakater.com/match` |
+| `--secret-annotation` | Overrides `secret.reloader.stakater.com/reload` |
+| `--configmap-annotation` | Overrides `configmap.reloader.stakater.com/reload` |
+
+## Compatibility
+
+Reloader is compatible with Kubernetes >= 1.19
 
 ## Help
 
@@ -368,15 +388,12 @@ View the [releases page](https://github.com/stakater/Reloader/releases) to see w
 
 Apache2 © [Stakater][website]
 
-## About
+## About Stakater
+
+[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](https://stakater.com/?utm_source=Reloader&utm_medium=github)
 
 `Reloader` is maintained by [Stakater][website]. Like it? Please let us know at [hello@stakater.com](hello@stakater.com)
 
-See [our other projects](https://github.com/stakater)
-or contact us in case of professional services and queries on [hello@stakater.com](hello@stakater.com)
+See [our other projects](https://github.com/stakater) or contact us in case of professional services and queries on [hello@stakater.com](hello@stakater.com)
 
 [website]: https://stakater.com
-
-## Acknowledgements
-
-- [ConfigmapController](https://github.com/fabric8io/configmapcontroller); We documented [here](docs/Reloader-vs-ConfigmapController.md) why we re-created Reloader

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 2.0.0
-appVersion: v1.3.0
+version: 2.1.4
+appVersion: v1.4.4
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/README.md

@@ -52,7 +52,7 @@ helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
 | `reloader.syncAfterRestart`         | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false`          | boolean     | `false`   |
 | `reloader.reloadStrategy`           | Strategy to trigger resource restart, set to either `default`, `env-vars` or `annotations`                                                          | enumeration | `default` |
 | `reloader.ignoreNamespaces`         | List of comma separated namespaces to ignore, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
-| `reloader.namespaceSelector`        | List of comma separated namespaces to select, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.namespaceSelector`        | List of comma separated k8s label selectors for namespaces selection. See [LIST and WATCH filtering](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#list-and-watch-filtering) for more details on label-selector                                  | string      | `""`      |
 | `reloader.resourceLabelSelector`    | List of comma separated label selectors, if multiple are provided they are combined with the AND operator                                           | string      | `""`      |
 | `reloader.logFormat`                | Set type of log format. Value could be either `json` or `""`                                                                                        | string      | `""`      |
 | `reloader.watchGlobally`            | Allow Reloader to watch in all namespaces (`true`) or just in a single namespace (`false`)                                                          | boolean     | `true`    |
@@ -99,6 +99,56 @@ helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
 | `reloader.volumes`                     | Add volume to a pod                                             | array   | `[]`    |
 | `reloader.webhookUrl`                  | Add webhook to Reloader                                         | string  | `""`    |
 
+## ⚙️ Helm Chart Configuration Notes
+
+### Selector Behavior
+- Both `namespaceSelector` & `resourceLabelSelector` can be used together
+- **Both conditions must be met** for a ConfigMap/Secret to trigger reloads
+  - Example: If a ConfigMap matches `resourceLabelSelector` but not `namespaceSelector`, it will be ignored
+
+### Important Limitations
+- Only one of these resources can be ignored at a time:
+  - `ignoreConfigMaps` **or** `ignoreSecrets`
+  - Trying to ignore both will cause Helm template compilation errors
+
+### Special Integrations
+- OpenShift (`DeploymentConfig`) and Argo Rollouts support must be **explicitly enabled**
+  - Required due to potential permission restrictions on clusters
+
+### OpenShift Considerations
+- Recent OpenShift versions (tested on 4.13.3) require:
+  - Users to be in a dynamically assigned UID range
+  - **Solution**: Unset `runAsUser` via `deployment.securityContext.runAsUser=null`
+  - Let OpenShift assign UID automatically during installation
+
+### Core Functionality Flags
+
+#### 🔄 `reloadOnCreate` Behavior
+**When true:**
+✅ New ConfigMaps/Secrets trigger rolling updates
+✅ New deployments referencing existing resources reload
+✅ In HA mode, new leader reloads all tracked workloads
+
+**When false:**
+❌ Updates during leader downtime are missed
+⏳ Potential 15s delay window (default `LeaseDuration`)
+
+#### 🗑️ `reloadOnDelete` Behavior
+**When true:**
+✅ Deleted resources trigger rolling updates of referencing workloads
+
+**When false:**
+❌ Deletions have no effect on referencing pods
+
+#### Default Settings
+⚠️ All flags default to `false` (must be enabled explicitly):
+- `reloadOnCreate`
+- `reloadOnDelete`
+- `syncAfterRestart`
+
+### Deprecation Notice
+- `serviceMonitor` will be removed in future releases in favor of `PodMonitor`
+
 ## Release Process
 
 _Helm chart versioning_: The Reloader Helm chart is maintained in this repository. The Helm chart has its own semantic versioning. Helm charts and code releases are separate artifacts and separately versioned. Manifest making strategy relies on Kustomize. The Reloader Helm chart manages the two artifacts with these two fields:
@@ -108,4 +158,8 @@ _Helm chart versioning_: The Reloader Helm chart is maintained in this repositor
 
 Helm chart will be released to the chart registry whenever files in `deployments/kubernetes/chart/reloader/**` change on the main branch.
 
-Helm Chart will be released by the maintainers, on labelling a PR with `release/helm-chart` and pre-maturely updating the `version` field in `Chart.yaml` file.
+### To release the Helm chart
+
+1. Create a new branch and update the Helm chart `appVersion` and `version`, example pull-request: [PR-846](https://github.com/stakater/Reloader/pull/846)
+1. Label the PR with `release/helm-chart`
+1. After approval and just before squash, make sure the squash commit message represents all changes, because it will be used to autogenerate the changelog message

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -28,12 +28,10 @@ Create chart name and version as used by the chart label.
 {{- end }}
 
 {{- define "reloader-labels.chart" -}}
-app.kubernetes.io/name: {{ include "reloader-name" . }}
-helm.sh/chart: {{ include "reloader-chart" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end}}
-app.kubernetes.io/instance: {{ .Release.Name | quote }}
+app: {{ template "reloader-fullname" . }}
+chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+release: {{ .Release.Name | quote }}
+heritage: {{ .Release.Service | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 {{- end -}}
 

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -11,10 +11,10 @@ metadata:
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}
-{{ toYaml .Values.reloader.rbac.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role
 rules:

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -11,10 +11,10 @@ metadata:
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}
-{{ toYaml .Values.reloader.rbac.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role-binding
 roleRef:

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -4,15 +4,15 @@ metadata:
   annotations:
 {{ include "reloader-helm3.annotations" . | indent 4 }}
 {{- if .Values.reloader.deployment.annotations }}
-{{ toYaml .Values.reloader.deployment.annotations | indent 4 }}
+{{ tpl (toYaml .Values.reloader.deployment.annotations) . | indent 4 }}
 {{- end }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.deployment.labels }}
-{{ toYaml .Values.reloader.deployment.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
   namespace: {{ .Values.namespace | default .Release.Namespace }}
@@ -28,21 +28,21 @@ spec:
       app: {{ template "reloader-fullname" . }}
       release: {{ .Release.Name | quote }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 6 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 6 }}
 {{- end }}
   template:
     metadata:
 {{- if .Values.reloader.deployment.pod.annotations }}
       annotations:
-{{ toYaml .Values.reloader.deployment.pod.annotations | indent 8 }}
+{{ tpl (toYaml .Values.reloader.deployment.pod.annotations) . | indent 8 }}
 {{- end }}
       labels:
 {{ include "reloader-labels.chart" . | indent 8 }}
 {{- if .Values.reloader.deployment.labels }}
-{{ toYaml .Values.reloader.deployment.labels | indent 8 }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 8 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 8 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 8 }}
 {{- end }}
     spec:
       {{- with .Values.global.imagePullSecrets }}

deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml

@@ -7,7 +7,7 @@ metadata:
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
   namespace: {{ .Values.namespace | default .Release.Namespace }}
@@ -17,7 +17,7 @@ spec:
       app: {{ template "reloader-fullname" . }}
       release: {{ .Release.Name | quote }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 6 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 6 }}
 {{- end }}
   policyTypes:
   - Ingress

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -11,10 +11,10 @@ metadata:
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}
-{{ toYaml .Values.reloader.rbac.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role
   namespace: {{ .Values.namespace | default .Release.Namespace }}

deployments/kubernetes/chart/reloader/templates/rolebinding.yaml

@@ -11,10 +11,10 @@ metadata:
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}
-{{ toYaml .Values.reloader.rbac.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.rbac.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role-binding
   namespace: {{ .Values.namespace | default .Release.Namespace }}

deployments/kubernetes/chart/reloader/templates/service.yaml

@@ -5,22 +5,22 @@ metadata:
   annotations:
 {{ include "reloader-helm3.annotations" . | indent 4 }}
 {{- if .Values.reloader.service.annotations }}
-{{ toYaml .Values.reloader.service.annotations | indent 4 }}
+{{ tpl (toYaml .Values.reloader.service.annotations) . | indent 4 }}
 {{- end }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.service.labels }}
-{{ toYaml .Values.reloader.service.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.service.labels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
   namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   selector:
 {{- if .Values.reloader.deployment.labels }}
-{{ toYaml .Values.reloader.deployment.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.deployment.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   ports:
   - port: {{ .Values.reloader.service.port }}

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -11,15 +11,15 @@ metadata:
   annotations:
 {{ include "reloader-helm3.annotations" . | indent 4 }}
 {{- if .Values.reloader.serviceAccount.annotations }}
-{{ toYaml .Values.reloader.serviceAccount.annotations | indent 4 }}
+{{ tpl (toYaml .Values.reloader.serviceAccount.annotations) . | indent 4 }}
 {{- end }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.serviceAccount.labels }}
-{{ toYaml .Values.reloader.serviceAccount.labels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.serviceAccount.labels) . | indent 4 }}
 {{- end }}
 {{- if .Values.reloader.matchLabels }}
-{{ toYaml .Values.reloader.matchLabels | indent 4 }}
+{{ tpl (toYaml .Values.reloader.matchLabels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-serviceAccountName" . }}
   namespace: {{ .Values.namespace | default .Release.Namespace }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -17,7 +17,7 @@ fullnameOverride: ""
 image:
   name: stakater/reloader
   repository: ghcr.io/stakater/reloader
-  tag: v1.3.0
+  tag: v1.4.4
   # digest: sha256:1234567
   pullPolicy: IfNotPresent
 
@@ -106,7 +106,7 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v1.3.0
+      version: v1.4.4
     # Support for extra environment variables.
     env:
       # Open supports Key value pair as environment variables.

docs/How-it-works.md

@@ -15,18 +15,18 @@ flowchart LR
 
 ## How Does Change Detection Work?
 
-Reloader watches changes in `configmaps` and `secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
+Reloader watches changes in `ConfigMaps` and `Secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
 
 ## Requirements for Rolling Upgrade
 
 To perform rolling upgrade a `deployment`, `daemonset` or `statefulset` must have
 
 - support for rolling upgrade strategy
-- specific annotation for `configmaps` or `secrets`
+- specific annotation for `ConfigMaps` or `Secrets`
 
-The annotation value is comma separated list of `configmaps` or `secrets`. If a change is detected in data of these `configmaps` or `secrets`, Reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.
+The annotation value is comma separated list of `ConfigMaps` or `Secrets`. If a change is detected in data of these `ConfigMaps` or `Secrets`, Reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.
 
-### Annotation for Configmap
+### Annotation for ConfigMap
 
 For a `Deployment` called `foo` have a `ConfigMap` called `foo`. Then add this annotation* to your `Deployment`, where the default annotation can be changed with the `--configmap-annotation` flag:
 
@@ -50,13 +50,13 @@ Above mentioned annotation are also work for `Daemonsets` `Statefulsets` and `Ro
 
 ## How Does Rolling Upgrade Work?
 
-When Reloader detects changes in configmap. It gets two objects of configmap. First object is an old configmap object which has a state before the latest change. Second object is new configmap object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If Reloader finds any change in new configmap object, only then, it moves forward with rolling upgrade.
+When Reloader detects changes in `ConfigMap`. It gets two objects of `ConfigMap`. First object is an old `ConfigMap` object which has a state before the latest change. Second object is new `ConfigMap` object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If Reloader finds any change in new `ConfigMap` object, only then, it moves forward with rolling upgrade.
 
-After that, Reloader gets the list of all `deployments`, `daemonsets` and `statefulset` and looks for above mentioned annotation for configmap. If the annotation value contains the configmap name, it then looks for an environment variable which can contain the configmap or secret data change hash.
+After that, Reloader gets the list of all `deployments`, `daemonsets` and `statefulset` and looks for above mentioned annotation for `ConfigMap`. If the annotation value contains the `ConfigMap` name, it then looks for an environment variable which can contain the `ConfigMap` or secret data change hash.
 
-### Environment Variable for Configmap
+### Environment Variable for ConfigMap
 
-If configmap name is foo then
+If `ConfigMap` name is foo then
 
 ```yaml
 STAKATER_FOO_CONFIGMAP
@@ -70,7 +70,7 @@ If Secret name is foo then
 STAKATER_FOO_SECRET
 ```
 
-If the environment variable is found then it gets its value and compares it with new configmap hash value. If old value in environment variable is different from new hash value then Reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from configmap and updates the relevant `deployment`, `daemonset` or `statefulset`
+If the environment variable is found then it gets its value and compares it with new `ConfigMap` hash value. If old value in environment variable is different from new hash value then Reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from `ConfigMap` and updates the relevant `deployment`, `daemonset` or `statefulset`
 
 Note: Rolling upgrade also works in the same way for secrets.
 
@@ -90,4 +90,4 @@ The output file can then be used to deploy Reloader in specific namespace.
 
 ## Compatibility With Helm Install and Upgrade
 
-Reloader has no impact on helm deployment cycle. Reloader only injects an environment variable in  `deployment`, `daemonset` or `statefulset`. The environment variable contains the SHA1 value of configmap's or secret's data. So  if a deployment is created using Helm and Reloader updates the deployment, then next time you upgrade the helm release, Reloader will do nothing except changing that environment variable value in `deployment` , `daemonset` or `statefulset`.
+Reloader has no impact on helm deployment cycle. Reloader only injects an environment variable in  `deployment`, `daemonset` or `statefulset`. The environment variable contains the SHA1 value of `ConfigMaps` or `Secrets` data. So  if a deployment is created using Helm and Reloader updates the deployment, then next time you upgrade the helm release, Reloader will do nothing except changing that environment variable value in `deployment` , `daemonset` or `statefulset`.

docs/Reloader-vs-ConfigmapController.md

@@ -1,11 +1,11 @@
 # Reloader vs ConfigmapController
 
-Reloader is inspired from [`Configmapcontroller`](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from `configmapController`. Below is the small comparison between these two controllers.
+Reloader is inspired from [`configmapcontroller`](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from `configmapcontroller`. Below is the small comparison between these two controllers.
 
-| Reloader                                                                                                                                                                                                                                                                                                                 | Configmap                                                                                                                                                                                                                                                          |
+| Reloader                                                                                                                                                                                                                                                                                                                 | ConfigMap                                                                                                                                                                                                                                                          |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Reloader can watch both `secrets` and `configmaps`.                                                                                                                                                                                                                                                    | ConfigmapController can only watch changes in `configmaps`. It cannot detect changes in other resources like `secrets`.                                                                                                                                        |
-| Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | ConfigmapController can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
-| Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in configmap controller. It add difficulties for any additional updates in configmap controller and one can not know for sure whether new changes breaks any old functionality or not. |
-| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
-| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |
+| Reloader can watch both `Secrets` and `ConfigMaps`.                                                                                                                                                                                                                                                    | `configmapcontroller` can only watch changes in `ConfigMaps`. It cannot detect changes in other resources like `Secrets`.                                                                                                                                        |
+| Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | `configmapcontroller` can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
+| Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in `configmap-controller`. It add difficulties for any additional updates in `configmap-controller` and one can not know for sure whether new changes breaks any old functionality or not. |
+| Reloader uses SHA1 to encode the change in `ConfigMap` or `Secret`. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. |  `configmap-controller` uses `FABRICB_FOO_REVISION` environment variable to store any change in `ConfigMap` controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
+| Reloader allows you to customize your own annotation (for both `Secrets` and `ConfigMaps`) using command line flags | `configmap-controller` restricts you to only their provided annotation |

docs/Reloader-vs-k8s-trigger-controller.md

@@ -4,7 +4,7 @@ Reloader and k8s-trigger-controller are both built for same purpose. So there ar
 
 ## Similarities
 
-- Both controllers support change detection in configmap and secrets
+- Both controllers support change detection in `ConfigMaps` and `Secrets`
 - Both controllers support deployment `rollout`
 - Both controllers use SHA1 for hashing
 - Both controllers have end to end as well as unit test cases.

docs/index.md

@@ -4,9 +4,9 @@ Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades o
 
 These are the key features of Reloader:
 
-1. Restart pod in a `deployment` on change in linked/related configmap's or secret's
-1. Restart pod in a `daemonset` on change in linked/related configmap's or secret's
-1. Restart pod in a `statefulset` on change in linked/related configmap's or secret's
-1. Restart pod in a `rollout` on change in linked/related configmap's or secret's
+1. Restart pod in a `deployment` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `daemonset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `statefulset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `rollout` on change in linked/related `ConfigMaps` or `Secrets`
 
 This site contains more details on how Reloader works. For an overview, please see the repository's [README file](https://github.com/stakater/Reloader/blob/master/README.md).

go.mod

@@ -1,13 +1,13 @@
 module github.com/stakater/Reloader
 
-go 1.24.1
+go 1.24.4
 
 require (
 	github.com/argoproj/argo-rollouts v1.8.2
-	github.com/openshift/api v0.0.0-20250331192611-6179881b782d
-	github.com/openshift/client-go v0.0.0-20250330132942-bc2e3c2af6e1
+	github.com/openshift/api v0.0.0-20250411135543-10a8fa583797
+	github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2
 	github.com/parnurzeal/gorequest v0.3.0
-	github.com/prometheus/client_golang v1.21.1
+	github.com/prometheus/client_golang v1.22.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
@@ -38,7 +38,6 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -47,17 +46,17 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.63.0 // indirect
 	github.com/prometheus/procfs v0.16.0 // indirect
 	github.com/smartystreets/goconvey v1.7.2 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.28.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect

go.sum

@@ -76,10 +76,10 @@ github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM
 github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
 github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/openshift/api v0.0.0-20250331192611-6179881b782d h1:Vadr+xFmNi6RzWRTJtqMQJv1hiUe7as1rV2svKQffoY=
-github.com/openshift/api v0.0.0-20250331192611-6179881b782d/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
-github.com/openshift/client-go v0.0.0-20250330132942-bc2e3c2af6e1 h1:9SaT0p5FsRDvz4STV1VnxMyfXXzAXv1PubZ0nczzDYk=
-github.com/openshift/client-go v0.0.0-20250330132942-bc2e3c2af6e1/go.mod h1:6a0Hj32FrkokKMeTck1uStmNV0wHYv46dHWAWER5iis=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797 h1:8x3G8QOZqo2bRAL8JFlPz/odqQECI/XmlZeRwnFxJ8I=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2 h1:bPXR0R8zp1o12nSUphN26hSM+OKYq5pMorbDCpApzDQ=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2/go.mod h1:dT1cJyVTperQ53GvVRa+GZ27r02fDZy2k5j+9QoQsCo=
 github.com/parnurzeal/gorequest v0.3.0 h1:SoFyqCDC9COr1xuS6VA8fC8RU7XyrJZN2ona1kEX7FI=
 github.com/parnurzeal/gorequest v0.3.0/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -87,10 +87,10 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
-github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
-github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
-github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
 github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=
 github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=
 github.com/prometheus/procfs v0.16.0 h1:xh6oHhKwnOJKMYiYBDWmkHqQPyiY40sny36Cmx2bbsM=
@@ -129,10 +129,10 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -140,14 +140,14 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

internal/pkg/callbacks/rolling_upgrade.go

@@ -2,6 +2,7 @@ package callbacks
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
@@ -16,9 +17,11 @@ import (
 	patchtypes "k8s.io/apimachinery/pkg/types"
 
 	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
-	openshiftv1 "github.com/openshift/api/apps/v1"
 )
 
+// ItemFunc is a generic function to return a specific resource in given namespace
+type ItemFunc func(kube.Clients, string, string) (runtime.Object, error)
+
 // ItemsFunc is a generic function to return a specific resource array in given namespace
 type ItemsFunc func(kube.Clients, string) []runtime.Object
 
@@ -34,6 +37,12 @@ type VolumesFunc func(runtime.Object) []v1.Volume
 // UpdateFunc performs the resource update
 type UpdateFunc func(kube.Clients, string, runtime.Object) error
 
+// PatchFunc performs the resource patch
+type PatchFunc func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error
+
+// PatchTemplateFunc is a generic func to return strategic merge JSON patch template
+type PatchTemplatesFunc func() PatchTemplates
+
 // AnnotationsFunc is a generic func to return annotations
 type AnnotationsFunc func(runtime.Object) map[string]string
 
@@ -42,14 +51,42 @@ type PodAnnotationsFunc func(runtime.Object) map[string]string
 
 // RollingUpgradeFuncs contains generic functions to perform rolling upgrade
 type RollingUpgradeFuncs struct {
-	ItemsFunc          ItemsFunc
-	AnnotationsFunc    AnnotationsFunc
-	PodAnnotationsFunc PodAnnotationsFunc
-	ContainersFunc     ContainersFunc
-	InitContainersFunc InitContainersFunc
-	UpdateFunc         UpdateFunc
-	VolumesFunc        VolumesFunc
-	ResourceType       string
+	ItemFunc               ItemFunc
+	ItemsFunc              ItemsFunc
+	AnnotationsFunc        AnnotationsFunc
+	PodAnnotationsFunc     PodAnnotationsFunc
+	ContainersFunc         ContainersFunc
+	ContainerPatchPathFunc ContainersFunc
+	InitContainersFunc     InitContainersFunc
+	UpdateFunc             UpdateFunc
+	PatchFunc              PatchFunc
+	PatchTemplatesFunc     PatchTemplatesFunc
+	VolumesFunc            VolumesFunc
+	ResourceType           string
+	SupportsPatch          bool
+}
+
+// PatchTemplates contains merge JSON patch templates
+type PatchTemplates struct {
+	AnnotationTemplate   string
+	EnvVarTemplate       string
+	DeleteEnvVarTemplate string
+}
+
+// GetDeploymentItem returns the deployment in given namespace
+func GetDeploymentItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	deployment, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get deployment %v", err)
+		return nil, err
+	}
+
+	if deployment.Spec.Template.ObjectMeta.Annotations == nil {
+		annotations := make(map[string]string)
+		deployment.Spec.Template.ObjectMeta.Annotations = annotations
+	}
+
+	return deployment, nil
 }
 
 // GetDeploymentItems returns the deployments in given namespace
@@ -72,6 +109,17 @@ func GetDeploymentItems(clients kube.Clients, namespace string) []runtime.Object
 	return items
 }
 
+// GetCronJobItem returns the job in given namespace
+func GetCronJobItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	cronjob, err := clients.KubernetesClient.BatchV1().CronJobs(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get cronjob %v", err)
+		return nil, err
+	}
+
+	return cronjob, nil
+}
+
 // GetCronJobItems returns the jobs in given namespace
 func GetCronJobItems(clients kube.Clients, namespace string) []runtime.Object {
 	cronjobs, err := clients.KubernetesClient.BatchV1().CronJobs(namespace).List(context.TODO(), meta_v1.ListOptions{})
@@ -92,6 +140,17 @@ func GetCronJobItems(clients kube.Clients, namespace string) []runtime.Object {
 	return items
 }
 
+// GetJobItem returns the job in given namespace
+func GetJobItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	job, err := clients.KubernetesClient.BatchV1().Jobs(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get job %v", err)
+		return nil, err
+	}
+
+	return job, nil
+}
+
 // GetJobItems returns the jobs in given namespace
 func GetJobItems(clients kube.Clients, namespace string) []runtime.Object {
 	jobs, err := clients.KubernetesClient.BatchV1().Jobs(namespace).List(context.TODO(), meta_v1.ListOptions{})
@@ -112,6 +171,17 @@ func GetJobItems(clients kube.Clients, namespace string) []runtime.Object {
 	return items
 }
 
+// GetDaemonSetItem returns the daemonSet in given namespace
+func GetDaemonSetItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	daemonSet, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get daemonSet %v", err)
+		return nil, err
+	}
+
+	return daemonSet, nil
+}
+
 // GetDaemonSetItems returns the daemonSets in given namespace
 func GetDaemonSetItems(clients kube.Clients, namespace string) []runtime.Object {
 	daemonSets, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).List(context.TODO(), meta_v1.ListOptions{})
@@ -131,6 +201,17 @@ func GetDaemonSetItems(clients kube.Clients, namespace string) []runtime.Object
 	return items
 }
 
+// GetStatefulSetItem returns the statefulSet in given namespace
+func GetStatefulSetItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	statefulSet, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to get statefulSet %v", err)
+		return nil, err
+	}
+
+	return statefulSet, nil
+}
+
 // GetStatefulSetItems returns the statefulSets in given namespace
 func GetStatefulSetItems(clients kube.Clients, namespace string) []runtime.Object {
 	statefulSets, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).List(context.TODO(), meta_v1.ListOptions{})
@@ -150,23 +231,15 @@ func GetStatefulSetItems(clients kube.Clients, namespace string) []runtime.Objec
 	return items
 }
 
-// GetDeploymentConfigItems returns the deploymentConfigs in given namespace
-func GetDeploymentConfigItems(clients kube.Clients, namespace string) []runtime.Object {
-	deploymentConfigs, err := clients.OpenshiftAppsClient.AppsV1().DeploymentConfigs(namespace).List(context.TODO(), meta_v1.ListOptions{})
+// GetRolloutItem returns the rollout in given namespace
+func GetRolloutItem(clients kube.Clients, name string, namespace string) (runtime.Object, error) {
+	rollout, err := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Get(context.TODO(), name, meta_v1.GetOptions{})
 	if err != nil {
-		logrus.Errorf("Failed to list deploymentConfigs %v", err)
+		logrus.Errorf("Failed to get Rollout %v", err)
+		return nil, err
 	}
 
-	items := make([]runtime.Object, len(deploymentConfigs.Items))
-	// Ensure we always have pod annotations to add to
-	for i, v := range deploymentConfigs.Items {
-		if v.Spec.Template.ObjectMeta.Annotations == nil {
-			deploymentConfigs.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
-		}
-		items[i] = &deploymentConfigs.Items[i]
-	}
-
-	return items
+	return rollout, nil
 }
 
 // GetRolloutItems returns the rollouts in given namespace
@@ -190,71 +263,97 @@ func GetRolloutItems(clients kube.Clients, namespace string) []runtime.Object {
 
 // GetDeploymentAnnotations returns the annotations of given deployment
 func GetDeploymentAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.Deployment).ObjectMeta.Annotations == nil {
+		item.(*appsv1.Deployment).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.Deployment).ObjectMeta.Annotations
 }
 
 // GetCronJobAnnotations returns the annotations of given cronjob
 func GetCronJobAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.CronJob).ObjectMeta.Annotations == nil {
+		item.(*batchv1.CronJob).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*batchv1.CronJob).ObjectMeta.Annotations
 }
 
 // GetJobAnnotations returns the annotations of given job
 func GetJobAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.Job).ObjectMeta.Annotations == nil {
+		item.(*batchv1.Job).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*batchv1.Job).ObjectMeta.Annotations
 }
 
 // GetDaemonSetAnnotations returns the annotations of given daemonSet
 func GetDaemonSetAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.DaemonSet).ObjectMeta.Annotations == nil {
+		item.(*appsv1.DaemonSet).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.DaemonSet).ObjectMeta.Annotations
 }
 
 // GetStatefulSetAnnotations returns the annotations of given statefulSet
 func GetStatefulSetAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.StatefulSet).ObjectMeta.Annotations == nil {
+		item.(*appsv1.StatefulSet).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.StatefulSet).ObjectMeta.Annotations
 }
 
-// GetDeploymentConfigAnnotations returns the annotations of given deploymentConfig
-func GetDeploymentConfigAnnotations(item runtime.Object) map[string]string {
-	return item.(*openshiftv1.DeploymentConfig).ObjectMeta.Annotations
-}
-
 // GetRolloutAnnotations returns the annotations of given rollout
 func GetRolloutAnnotations(item runtime.Object) map[string]string {
+	if item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations == nil {
+		item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*argorolloutv1alpha1.Rollout).ObjectMeta.Annotations
 }
 
 // GetDeploymentPodAnnotations returns the pod's annotations of given deployment
 func GetDeploymentPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.Deployment).Spec.Template.ObjectMeta.Annotations
 }
 
 // GetCronJobPodAnnotations returns the pod's annotations of given cronjob
 func GetCronJobPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations
 }
 
 // GetJobPodAnnotations returns the pod's annotations of given job
 func GetJobPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations
 }
 
 // GetDaemonSetPodAnnotations returns the pod's annotations of given daemonSet
 func GetDaemonSetPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations
 }
 
 // GetStatefulSetPodAnnotations returns the pod's annotations of given statefulSet
 func GetStatefulSetPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*appsv1.StatefulSet).Spec.Template.ObjectMeta.Annotations
 }
 
-// GetDeploymentConfigPodAnnotations returns the pod's annotations of given deploymentConfig
-func GetDeploymentConfigPodAnnotations(item runtime.Object) map[string]string {
-	return item.(*openshiftv1.DeploymentConfig).Spec.Template.ObjectMeta.Annotations
-}
-
 // GetRolloutPodAnnotations returns the pod's annotations of given rollout
 func GetRolloutPodAnnotations(item runtime.Object) map[string]string {
+	if item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations == nil {
+		item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+	}
 	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.ObjectMeta.Annotations
 }
 
@@ -283,11 +382,6 @@ func GetStatefulSetContainers(item runtime.Object) []v1.Container {
 	return item.(*appsv1.StatefulSet).Spec.Template.Spec.Containers
 }
 
-// GetDeploymentConfigContainers returns the containers of given deploymentConfig
-func GetDeploymentConfigContainers(item runtime.Object) []v1.Container {
-	return item.(*openshiftv1.DeploymentConfig).Spec.Template.Spec.Containers
-}
-
 // GetRolloutContainers returns the containers of given rollout
 func GetRolloutContainers(item runtime.Object) []v1.Container {
 	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.Containers
@@ -318,16 +412,20 @@ func GetStatefulSetInitContainers(item runtime.Object) []v1.Container {
 	return item.(*appsv1.StatefulSet).Spec.Template.Spec.InitContainers
 }
 
-// GetDeploymentConfigInitContainers returns the containers of given deploymentConfig
-func GetDeploymentConfigInitContainers(item runtime.Object) []v1.Container {
-	return item.(*openshiftv1.DeploymentConfig).Spec.Template.Spec.InitContainers
-}
-
 // GetRolloutInitContainers returns the containers of given rollout
 func GetRolloutInitContainers(item runtime.Object) []v1.Container {
 	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.InitContainers
 }
 
+// GetPatchTemplates returns patch templates
+func GetPatchTemplates() PatchTemplates {
+	return PatchTemplates{
+		AnnotationTemplate:   `{"spec":{"template":{"metadata":{"annotations":{"%s":"%s"}}}}}`,                                   // strategic merge patch
+		EnvVarTemplate:       `{"spec":{"template":{"spec":{"containers":[{"name":"%s","env":[{"name":"%s","value":"%s"}]}]}}}}`, // strategic merge patch
+		DeleteEnvVarTemplate: `[{"op":"remove","path":"/spec/template/spec/containers/%d/env/%d"}]`,                              // JSON patch
+	}
+}
+
 // UpdateDeployment performs rolling upgrade on deployment
 func UpdateDeployment(clients kube.Clients, namespace string, resource runtime.Object) error {
 	deployment := resource.(*appsv1.Deployment)
@@ -335,6 +433,13 @@ func UpdateDeployment(clients kube.Clients, namespace string, resource runtime.O
 	return err
 }
 
+// PatchDeployment performs rolling upgrade on deployment
+func PatchDeployment(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	deployment := resource.(*appsv1.Deployment)
+	_, err := clients.KubernetesClient.AppsV1().Deployments(namespace).Patch(context.TODO(), deployment.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
+	return err
+}
+
 // CreateJobFromCronjob performs rolling upgrade on cronjob
 func CreateJobFromCronjob(clients kube.Clients, namespace string, resource runtime.Object) error {
 	cronJob := resource.(*batchv1.CronJob)
@@ -347,6 +452,10 @@ func CreateJobFromCronjob(clients kube.Clients, namespace string, resource runti
 	return err
 }
 
+func PatchCronJob(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: CronJob")
+}
+
 // ReCreateJobFromjob performs rolling upgrade on job
 func ReCreateJobFromjob(clients kube.Clients, namespace string, resource runtime.Object) error {
 	oldJob := resource.(*batchv1.Job)
@@ -379,6 +488,10 @@ func ReCreateJobFromjob(clients kube.Clients, namespace string, resource runtime
 	return err
 }
 
+func PatchJob(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: Job")
+}
+
 // UpdateDaemonSet performs rolling upgrade on daemonSet
 func UpdateDaemonSet(clients kube.Clients, namespace string, resource runtime.Object) error {
 	daemonSet := resource.(*appsv1.DaemonSet)
@@ -386,6 +499,12 @@ func UpdateDaemonSet(clients kube.Clients, namespace string, resource runtime.Ob
 	return err
 }
 
+func PatchDaemonSet(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	daemonSet := resource.(*appsv1.DaemonSet)
+	_, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).Patch(context.TODO(), daemonSet.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
+	return err
+}
+
 // UpdateStatefulSet performs rolling upgrade on statefulSet
 func UpdateStatefulSet(clients kube.Clients, namespace string, resource runtime.Object) error {
 	statefulSet := resource.(*appsv1.StatefulSet)
@@ -393,18 +512,17 @@ func UpdateStatefulSet(clients kube.Clients, namespace string, resource runtime.
 	return err
 }
 
-// UpdateDeploymentConfig performs rolling upgrade on deploymentConfig
-func UpdateDeploymentConfig(clients kube.Clients, namespace string, resource runtime.Object) error {
-	deploymentConfig := resource.(*openshiftv1.DeploymentConfig)
-	_, err := clients.OpenshiftAppsClient.AppsV1().DeploymentConfigs(namespace).Update(context.TODO(), deploymentConfig, meta_v1.UpdateOptions{FieldManager: "Reloader"})
+func PatchStatefulSet(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	statefulSet := resource.(*appsv1.StatefulSet)
+	_, err := clients.KubernetesClient.AppsV1().StatefulSets(namespace).Patch(context.TODO(), statefulSet.Name, patchType, bytes, meta_v1.PatchOptions{FieldManager: "Reloader"})
 	return err
 }
 
 // UpdateRollout performs rolling upgrade on rollout
 func UpdateRollout(clients kube.Clients, namespace string, resource runtime.Object) error {
-	var err error
 	rollout := resource.(*argorolloutv1alpha1.Rollout)
 	strategy := rollout.GetAnnotations()[options.RolloutStrategyAnnotation]
+	var err error
 	switch options.ToArgoRolloutStrategy(strategy) {
 	case options.RestartStrategy:
 		_, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Patch(context.TODO(), rollout.Name, patchtypes.MergePatchType, []byte(fmt.Sprintf(`{"spec": {"restartAt": "%s"}}`, time.Now().Format(time.RFC3339))), meta_v1.PatchOptions{FieldManager: "Reloader"})
@@ -414,6 +532,10 @@ func UpdateRollout(clients kube.Clients, namespace string, resource runtime.Obje
 	return err
 }
 
+func PatchRollout(clients kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+	return errors.New("not supported patching: Rollout")
+}
+
 // GetDeploymentVolumes returns the Volumes of given deployment
 func GetDeploymentVolumes(item runtime.Object) []v1.Volume {
 	return item.(*appsv1.Deployment).Spec.Template.Spec.Volumes
@@ -439,11 +561,6 @@ func GetStatefulSetVolumes(item runtime.Object) []v1.Volume {
 	return item.(*appsv1.StatefulSet).Spec.Template.Spec.Volumes
 }
 
-// GetDeploymentConfigVolumes returns the Volumes of given deploymentConfig
-func GetDeploymentConfigVolumes(item runtime.Object) []v1.Volume {
-	return item.(*openshiftv1.DeploymentConfig).Spec.Template.Spec.Volumes
-}
-
 // GetRolloutVolumes returns the Volumes of given rollout
 func GetRolloutVolumes(item runtime.Object) []v1.Volume {
 	return item.(*argorolloutv1alpha1.Rollout).Spec.Template.Spec.Volumes

internal/pkg/callbacks/rolling_upgrade_test.go

@@ -3,6 +3,7 @@ package callbacks_test
 import (
 	"context"
 	"fmt"
+	"strings"
 	"testing"
 	"time"
 
@@ -10,7 +11,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	v1 "k8s.io/api/core/v1"
-	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	watch "k8s.io/apimachinery/pkg/watch"
@@ -18,6 +19,7 @@ import (
 
 	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	fakeargoclientset "github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned/fake"
+	patchtypes "k8s.io/apimachinery/pkg/types"
 
 	"github.com/stakater/Reloader/internal/pkg/callbacks"
 	"github.com/stakater/Reloader/internal/pkg/options"
@@ -93,7 +95,7 @@ func TestUpdateRollout(t *testing.T) {
 				t.Errorf("updating rollout: %v", err)
 			}
 			rollout, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(
-				namespace).Get(context.TODO(), rollout.Name, meta_v1.GetOptions{})
+				namespace).Get(context.TODO(), rollout.Name, metav1.GetOptions{})
 
 			if err != nil {
 				t.Errorf("getting rollout: %v", err)
@@ -111,6 +113,71 @@ func TestUpdateRollout(t *testing.T) {
 	}
 }
 
+func TestPatchRollout(t *testing.T) {
+	namespace := "test-ns"
+	rollout := testutil.GetRollout(namespace, "test", map[string]string{options.RolloutStrategyAnnotation: ""})
+	err := callbacks.PatchRollout(clients, namespace, rollout, patchtypes.StrategicMergePatchType, []byte(`{"spec": {}}`))
+	assert.EqualError(t, err, "not supported patching: Rollout")
+}
+
+func TestResourceItem(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name        string
+		createFunc  func(kube.Clients, string, string) (runtime.Object, error)
+		getItemFunc func(kube.Clients, string, string) (runtime.Object, error)
+		deleteFunc  func(kube.Clients, string, string) error
+	}{
+		{
+			name:        "Deployment",
+			createFunc:  createTestDeploymentWithAnnotations,
+			getItemFunc: callbacks.GetDeploymentItem,
+			deleteFunc:  deleteTestDeployment,
+		},
+		{
+			name:        "CronJob",
+			createFunc:  createTestCronJobWithAnnotations,
+			getItemFunc: callbacks.GetCronJobItem,
+			deleteFunc:  deleteTestCronJob,
+		},
+		{
+			name:        "Job",
+			createFunc:  createTestJobWithAnnotations,
+			getItemFunc: callbacks.GetJobItem,
+			deleteFunc:  deleteTestJob,
+		},
+		{
+			name:        "DaemonSet",
+			createFunc:  createTestDaemonSetWithAnnotations,
+			getItemFunc: callbacks.GetDaemonSetItem,
+			deleteFunc:  deleteTestDaemonSet,
+		},
+		{
+			name:        "StatefulSet",
+			createFunc:  createTestStatefulSetWithAnnotations,
+			getItemFunc: callbacks.GetStatefulSetItem,
+			deleteFunc:  deleteTestStatefulSet,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			_, err = tt.getItemFunc(clients, accessor.GetName(), fixtures.namespace)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
+		})
+	}
+}
+
 func TestResourceItems(t *testing.T) {
 	fixtures := newTestFixtures()
 
@@ -118,36 +185,42 @@ func TestResourceItems(t *testing.T) {
 		name          string
 		createFunc    func(kube.Clients, string) error
 		getItemsFunc  func(kube.Clients, string) []runtime.Object
+		deleteFunc    func(kube.Clients, string) error
 		expectedCount int
 	}{
 		{
 			name:          "Deployments",
 			createFunc:    createTestDeployments,
 			getItemsFunc:  callbacks.GetDeploymentItems,
+			deleteFunc:    deleteTestDeployments,
 			expectedCount: 2,
 		},
 		{
 			name:          "CronJobs",
 			createFunc:    createTestCronJobs,
 			getItemsFunc:  callbacks.GetCronJobItems,
+			deleteFunc:    deleteTestCronJobs,
 			expectedCount: 2,
 		},
 		{
 			name:          "Jobs",
 			createFunc:    createTestJobs,
 			getItemsFunc:  callbacks.GetJobItems,
+			deleteFunc:    deleteTestJobs,
 			expectedCount: 2,
 		},
 		{
 			name:          "DaemonSets",
 			createFunc:    createTestDaemonSets,
 			getItemsFunc:  callbacks.GetDaemonSetItems,
+			deleteFunc:    deleteTestDaemonSets,
 			expectedCount: 2,
 		},
 		{
 			name:          "StatefulSets",
 			createFunc:    createTestStatefulSets,
 			getItemsFunc:  callbacks.GetStatefulSetItems,
+			deleteFunc:    deleteTestStatefulSets,
 			expectedCount: 2,
 		},
 	}
@@ -262,10 +335,11 @@ func TestUpdateResources(t *testing.T) {
 		name       string
 		createFunc func(kube.Clients, string, string) (runtime.Object, error)
 		updateFunc func(kube.Clients, string, runtime.Object) error
+		deleteFunc func(kube.Clients, string, string) error
 	}{
-		{"Deployment", createTestDeploymentWithAnnotations, callbacks.UpdateDeployment},
-		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.UpdateDaemonSet},
-		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.UpdateStatefulSet},
+		{"Deployment", createTestDeploymentWithAnnotations, callbacks.UpdateDeployment, deleteTestDeployment},
+		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.UpdateDaemonSet, deleteTestDaemonSet},
+		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.UpdateStatefulSet, deleteTestStatefulSet},
 	}
 
 	for _, tt := range tests {
@@ -275,6 +349,65 @@ func TestUpdateResources(t *testing.T) {
 
 			err = tt.updateFunc(clients, fixtures.namespace, resource)
 			assert.NoError(t, err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestPatchResources(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name       string
+		createFunc func(kube.Clients, string, string) (runtime.Object, error)
+		patchFunc  func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error
+		deleteFunc func(kube.Clients, string, string) error
+		assertFunc func(err error)
+	}{
+		{"Deployment", createTestDeploymentWithAnnotations, callbacks.PatchDeployment, deleteTestDeployment, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetDeploymentItem(clients, "test-deployment", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.Deployment).ObjectMeta.Annotations["test"])
+		}},
+		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.PatchDaemonSet, deleteTestDaemonSet, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetDaemonSetItem(clients, "test-daemonset", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.DaemonSet).ObjectMeta.Annotations["test"])
+		}},
+		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.PatchStatefulSet, deleteTestStatefulSet, func(err error) {
+			assert.NoError(t, err)
+			patchedResource, err := callbacks.GetStatefulSetItem(clients, "test-statefulset", fixtures.namespace)
+			assert.NoError(t, err)
+			assert.Equal(t, "test", patchedResource.(*appsv1.StatefulSet).ObjectMeta.Annotations["test"])
+		}},
+		{"CronJob", createTestCronJobWithAnnotations, callbacks.PatchCronJob, deleteTestCronJob, func(err error) {
+			assert.EqualError(t, err, "not supported patching: CronJob")
+		}},
+		{"Job", createTestJobWithAnnotations, callbacks.PatchJob, deleteTestJob, func(err error) {
+			assert.EqualError(t, err, "not supported patching: Job")
+		}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			err = tt.patchFunc(clients, fixtures.namespace, resource, patchtypes.StrategicMergePatchType, []byte(`{"metadata":{"annotations":{"test":"test"}}}`))
+			tt.assertFunc(err)
+
+			accessor, err := meta.Accessor(resource)
+			assert.NoError(t, err)
+
+			err = tt.deleteFunc(clients, fixtures.namespace, accessor.GetName())
+			assert.NoError(t, err)
 		})
 	}
 }
@@ -287,6 +420,9 @@ func TestCreateJobFromCronjob(t *testing.T) {
 
 	err = callbacks.CreateJobFromCronjob(clients, fixtures.namespace, cronJob.(*batchv1.CronJob))
 	assert.NoError(t, err)
+
+	err = deleteTestCronJob(clients, fixtures.namespace, "test-cronjob")
+	assert.NoError(t, err)
 }
 
 func TestReCreateJobFromJob(t *testing.T) {
@@ -297,6 +433,9 @@ func TestReCreateJobFromJob(t *testing.T) {
 
 	err = callbacks.ReCreateJobFromjob(clients, fixtures.namespace, job.(*batchv1.Job))
 	assert.NoError(t, err)
+
+	err = deleteTestJob(clients, fixtures.namespace, "test-job")
+	assert.NoError(t, err)
 }
 
 func TestGetVolumes(t *testing.T) {
@@ -321,6 +460,24 @@ func TestGetVolumes(t *testing.T) {
 	}
 }
 
+func TesGetPatchTemplateAnnotation(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.AnnotationTemplate)
+	assert.Equal(t, 2, strings.Count(templates.AnnotationTemplate, "%s"))
+}
+
+func TestGetPatchTemplateEnvVar(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.EnvVarTemplate)
+	assert.Equal(t, 3, strings.Count(templates.EnvVarTemplate, "%s"))
+}
+
+func TestGetPatchDeleteTemplateEnvVar(t *testing.T) {
+	templates := callbacks.GetPatchTemplates()
+	assert.NotEmpty(t, templates.DeleteEnvVarTemplate)
+	assert.Equal(t, 2, strings.Count(templates.DeleteEnvVarTemplate, "%d"))
+}
+
 // Helper functions
 
 func isRestartStrategy(rollout *argorolloutv1alpha1.Rollout) bool {
@@ -330,7 +487,7 @@ func isRestartStrategy(rollout *argorolloutv1alpha1.Rollout) bool {
 func watchRollout(name, namespace string) chan interface{} {
 	timeOut := int64(1)
 	modifiedChan := make(chan interface{})
-	watcher, _ := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Watch(context.Background(), meta_v1.ListOptions{TimeoutSeconds: &timeOut})
+	watcher, _ := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Watch(context.Background(), metav1.ListOptions{TimeoutSeconds: &timeOut})
 	go watchModified(watcher, name, modifiedChan)
 	return modifiedChan
 }
@@ -358,6 +515,16 @@ func createTestDeployments(clients kube.Clients, namespace string) error {
 	return nil
 }
 
+func deleteTestDeployments(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteDeployment(clients.KubernetesClient, namespace, fmt.Sprintf("test-deployment-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func createTestCronJobs(clients kube.Clients, namespace string) error {
 	for i := 1; i <= 2; i++ {
 		_, err := testutil.CreateCronJob(clients.KubernetesClient, fmt.Sprintf("test-cron-%d", i), namespace, false)
@@ -368,6 +535,16 @@ func createTestCronJobs(clients kube.Clients, namespace string) error {
 	return nil
 }
 
+func deleteTestCronJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteCronJob(clients.KubernetesClient, namespace, fmt.Sprintf("test-cron-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func createTestJobs(clients kube.Clients, namespace string) error {
 	for i := 1; i <= 2; i++ {
 		_, err := testutil.CreateJob(clients.KubernetesClient, fmt.Sprintf("test-job-%d", i), namespace, false)
@@ -378,6 +555,16 @@ func createTestJobs(clients kube.Clients, namespace string) error {
 	return nil
 }
 
+func deleteTestJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteJob(clients.KubernetesClient, namespace, fmt.Sprintf("test-job-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func createTestDaemonSets(clients kube.Clients, namespace string) error {
 	for i := 1; i <= 2; i++ {
 		_, err := testutil.CreateDaemonSet(clients.KubernetesClient, fmt.Sprintf("test-daemonset-%d", i), namespace, false)
@@ -388,6 +575,16 @@ func createTestDaemonSets(clients kube.Clients, namespace string) error {
 	return nil
 }
 
+func deleteTestDaemonSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteDaemonSet(clients.KubernetesClient, namespace, fmt.Sprintf("test-daemonset-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func createTestStatefulSets(clients kube.Clients, namespace string) error {
 	for i := 1; i <= 2; i++ {
 		_, err := testutil.CreateStatefulSet(clients.KubernetesClient, fmt.Sprintf("test-statefulset-%d", i), namespace, false)
@@ -398,6 +595,16 @@ func createTestStatefulSets(clients kube.Clients, namespace string) error {
 	return nil
 }
 
+func deleteTestStatefulSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		err := testutil.DeleteStatefulSet(clients.KubernetesClient, namespace, fmt.Sprintf("test-statefulset-%d", i))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func createResourceWithPodAnnotations(obj runtime.Object, annotations map[string]string) runtime.Object {
 	switch v := obj.(type) {
 	case *appsv1.Deployment:
@@ -479,6 +686,10 @@ func createTestDeploymentWithAnnotations(clients kube.Clients, namespace, versio
 	return clients.KubernetesClient.AppsV1().Deployments(namespace).Create(context.TODO(), deployment, metav1.CreateOptions{})
 }
 
+func deleteTestDeployment(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().Deployments(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
 func createTestDaemonSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
 	daemonSet := &appsv1.DaemonSet{
 		ObjectMeta: metav1.ObjectMeta{
@@ -490,6 +701,10 @@ func createTestDaemonSetWithAnnotations(clients kube.Clients, namespace, version
 	return clients.KubernetesClient.AppsV1().DaemonSets(namespace).Create(context.TODO(), daemonSet, metav1.CreateOptions{})
 }
 
+func deleteTestDaemonSet(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().DaemonSets(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
 func createTestStatefulSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
 	statefulSet := &appsv1.StatefulSet{
 		ObjectMeta: metav1.ObjectMeta{
@@ -501,6 +716,10 @@ func createTestStatefulSetWithAnnotations(clients kube.Clients, namespace, versi
 	return clients.KubernetesClient.AppsV1().StatefulSets(namespace).Create(context.TODO(), statefulSet, metav1.CreateOptions{})
 }
 
+func deleteTestStatefulSet(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.AppsV1().StatefulSets(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
 func createTestCronJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
 	cronJob := &batchv1.CronJob{
 		ObjectMeta: metav1.ObjectMeta{
@@ -512,6 +731,10 @@ func createTestCronJobWithAnnotations(clients kube.Clients, namespace, version s
 	return clients.KubernetesClient.BatchV1().CronJobs(namespace).Create(context.TODO(), cronJob, metav1.CreateOptions{})
 }
 
+func deleteTestCronJob(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.BatchV1().CronJobs(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}
+
 func createTestJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
 	job := &batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
@@ -522,3 +745,7 @@ func createTestJobWithAnnotations(clients kube.Clients, namespace, version strin
 	}
 	return clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, metav1.CreateOptions{})
 }
+
+func deleteTestJob(clients kube.Clients, namespace, name string) error {
+	return clients.KubernetesClient.BatchV1().Jobs(namespace).Delete(context.TODO(), name, metav1.DeleteOptions{})
+}

internal/pkg/controller/controller_test.go

@@ -68,64 +68,6 @@ func TestMain(m *testing.M) {
 	os.Exit(retCode)
 }
 
-// Perform rolling upgrade on deploymentConfig and create pod annotation var upon updating the configmap
-func TestControllerUpdatingConfigmapShouldCreatePodAnnotationInDeploymentConfig(t *testing.T) {
-	options.ReloadStrategy = constants.AnnotationsReloadStrategy
-
-	// Don't run test on non-openshift environment
-	if !kube.IsOpenshift {
-		return
-	}
-
-	// Creating configmap
-	configmapName := configmapNamePrefix + "-update-" + testutil.RandSeq(5)
-	configmapClient, err := testutil.CreateConfigMap(clients.KubernetesClient, namespace, configmapName, "www.google.com")
-	if err != nil {
-		t.Errorf("Error while creating the configmap %v", err)
-	}
-
-	// Creating deployment
-	_, err = testutil.CreateDeploymentConfig(clients.OpenshiftAppsClient, configmapName, namespace, true)
-	if err != nil {
-		t.Errorf("Error in deploymentConfig creation: %v", err)
-	}
-
-	// Updating configmap for first time
-	updateErr := testutil.UpdateConfigMap(configmapClient, namespace, configmapName, "", "www.stakater.com")
-	if updateErr != nil {
-		t.Errorf("Configmap was not updated")
-	}
-
-	// Verifying deployment update
-	logrus.Infof("Verifying pod annotation has been created")
-	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapName, "www.stakater.com")
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: configmapName,
-		SHAValue:     shaData,
-		Annotation:   options.ConfigmapUpdateOnChangeAnnotation,
-	}
-	deploymentConfigFuncs := handler.GetDeploymentConfigRollingUpgradeFuncs()
-	updated := testutil.VerifyResourceAnnotationUpdate(clients, config, deploymentConfigFuncs)
-	if !updated {
-		t.Errorf("DeploymentConfig was not updated")
-	}
-	time.Sleep(sleepDuration)
-
-	// Deleting deployment
-	err = testutil.DeleteDeploymentConfig(clients.OpenshiftAppsClient, namespace, configmapName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the deploymentConfig %v", err)
-	}
-
-	// Deleting configmap
-	err = testutil.DeleteConfigMap(clients.KubernetesClient, namespace, configmapName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the configmap %v", err)
-	}
-	time.Sleep(sleepDuration)
-}
-
 // Perform rolling upgrade on deployment and create pod annotation var upon updating the configmap
 func TestControllerUpdatingConfigmapShouldCreatePodAnnotationInDeployment(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
@@ -1078,64 +1020,6 @@ func TestControllerUpdatingSecretShouldCreatePodAnnotationInStatefulSet(t *testi
 	time.Sleep(sleepDuration)
 }
 
-// Perform rolling upgrade on deploymentConfig and create env var upon updating the configmap
-func TestControllerUpdatingConfigmapShouldCreateEnvInDeploymentConfig(t *testing.T) {
-	options.ReloadStrategy = constants.EnvVarsReloadStrategy
-
-	// Don't run test on non-openshift environment
-	if !kube.IsOpenshift {
-		return
-	}
-
-	// Creating configmap
-	configmapName := configmapNamePrefix + "-update-" + testutil.RandSeq(5)
-	configmapClient, err := testutil.CreateConfigMap(clients.KubernetesClient, namespace, configmapName, "www.google.com")
-	if err != nil {
-		t.Errorf("Error while creating the configmap %v", err)
-	}
-
-	// Creating deployment
-	_, err = testutil.CreateDeploymentConfig(clients.OpenshiftAppsClient, configmapName, namespace, true)
-	if err != nil {
-		t.Errorf("Error in deploymentConfig creation: %v", err)
-	}
-
-	// Updating configmap for first time
-	updateErr := testutil.UpdateConfigMap(configmapClient, namespace, configmapName, "", "www.stakater.com")
-	if updateErr != nil {
-		t.Errorf("Configmap was not updated")
-	}
-
-	// Verifying deployment update
-	logrus.Infof("Verifying env var has been created")
-	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapName, "www.stakater.com")
-	config := util.Config{
-		Namespace:    namespace,
-		ResourceName: configmapName,
-		SHAValue:     shaData,
-		Annotation:   options.ConfigmapUpdateOnChangeAnnotation,
-	}
-	deploymentConfigFuncs := handler.GetDeploymentConfigRollingUpgradeFuncs()
-	updated := testutil.VerifyResourceEnvVarUpdate(clients, config, constants.ConfigmapEnvVarPostfix, deploymentConfigFuncs)
-	if !updated {
-		t.Errorf("DeploymentConfig was not updated")
-	}
-	time.Sleep(sleepDuration)
-
-	// Deleting deployment
-	err = testutil.DeleteDeploymentConfig(clients.OpenshiftAppsClient, namespace, configmapName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the deploymentConfig %v", err)
-	}
-
-	// Deleting configmap
-	err = testutil.DeleteConfigMap(clients.KubernetesClient, namespace, configmapName)
-	if err != nil {
-		logrus.Errorf("Error while deleting the configmap %v", err)
-	}
-	time.Sleep(sleepDuration)
-}
-
 // Perform rolling upgrade on deployment and create env var upon updating the configmap
 func TestControllerUpdatingConfigmapShouldCreateEnvInDeployment(t *testing.T) {
 	options.ReloadStrategy = constants.EnvVarsReloadStrategy

internal/pkg/handler/delete.go

@@ -1,6 +1,9 @@
 package handler
 
 import (
+	"fmt"
+	"slices"
+
 	"github.com/sirupsen/logrus"
 	"github.com/stakater/Reloader/internal/pkg/callbacks"
 	"github.com/stakater/Reloader/internal/pkg/constants"
@@ -8,8 +11,10 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/options"
 	"github.com/stakater/Reloader/internal/pkg/testutil"
 	"github.com/stakater/Reloader/internal/pkg/util"
+
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/record"
 )
 
@@ -50,7 +55,7 @@ func (r ResourceDeleteHandler) GetConfig() (util.Config, string) {
 	return config, oldSHAData
 }
 
-func invokeDeleteStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+func invokeDeleteStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
 		return removePodAnnotations(upgradeFuncs, item, config, autoReload)
 	}
@@ -58,35 +63,38 @@ func invokeDeleteStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runti
 	return removeContainerEnvVars(upgradeFuncs, item, config, autoReload)
 }
 
-func removePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+func removePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	config.SHAValue = testutil.GetSHAfromEmptyData()
 	return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
 }
 
-func removeContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+func removeContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	envVar := getEnvVarName(config.ResourceName, config.Type)
 	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
-		return constants.NoContainerFound
+		return InvokeStrategyResult{constants.NoContainerFound, nil}
 	}
 
 	//remove if env var exists
-	containers := upgradeFuncs.ContainersFunc(item)
-	for i := range containers {
-		envs := containers[i].Env
-		index := -1
-		for j := range envs {
-			if envs[j].Name == envVar {
-				index = j
-				break
-			}
-		}
+	if len(container.Env) > 0 {
+		index := slices.IndexFunc(container.Env, func(envVariable v1.EnvVar) bool {
+			return envVariable.Name == envVar
+		})
 		if index != -1 {
-			containers[i].Env = append(containers[i].Env[:index], containers[i].Env[index+1:]...)
-			return constants.Updated
+			var patch []byte
+			if upgradeFuncs.SupportsPatch {
+				containers := upgradeFuncs.ContainersFunc(item)
+				containerIndex := slices.IndexFunc(containers, func(c v1.Container) bool {
+					return c.Name == container.Name
+				})
+				patch = fmt.Appendf(nil, upgradeFuncs.PatchTemplatesFunc().DeleteEnvVarTemplate, containerIndex, index)
+			}
+
+			container.Env = append(container.Env[:index], container.Env[index+1:]...)
+			return InvokeStrategyResult{constants.Updated, &Patch{Type: patchtypes.JSONPatchType, Bytes: patch}}
 		}
 	}
 
-	return constants.NotUpdated
+	return InvokeStrategyResult{constants.NotUpdated, nil}
 }

internal/pkg/handler/upgrade.go

@@ -22,106 +22,120 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
 	v1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/tools/record"
+	"k8s.io/client-go/util/retry"
 )
 
 // GetDeploymentRollingUpgradeFuncs returns all callback funcs for a deployment
 func GetDeploymentRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetDeploymentItem,
 		ItemsFunc:          callbacks.GetDeploymentItems,
 		AnnotationsFunc:    callbacks.GetDeploymentAnnotations,
 		PodAnnotationsFunc: callbacks.GetDeploymentPodAnnotations,
 		ContainersFunc:     callbacks.GetDeploymentContainers,
 		InitContainersFunc: callbacks.GetDeploymentInitContainers,
 		UpdateFunc:         callbacks.UpdateDeployment,
+		PatchFunc:          callbacks.PatchDeployment,
+		PatchTemplatesFunc: callbacks.GetPatchTemplates,
 		VolumesFunc:        callbacks.GetDeploymentVolumes,
 		ResourceType:       "Deployment",
+		SupportsPatch:      true,
 	}
 }
 
 // GetDeploymentRollingUpgradeFuncs returns all callback funcs for a cronjob
 func GetCronJobCreateJobFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetCronJobItem,
 		ItemsFunc:          callbacks.GetCronJobItems,
 		AnnotationsFunc:    callbacks.GetCronJobAnnotations,
 		PodAnnotationsFunc: callbacks.GetCronJobPodAnnotations,
 		ContainersFunc:     callbacks.GetCronJobContainers,
 		InitContainersFunc: callbacks.GetCronJobInitContainers,
 		UpdateFunc:         callbacks.CreateJobFromCronjob,
+		PatchFunc:          callbacks.PatchCronJob,
+		PatchTemplatesFunc: func() callbacks.PatchTemplates { return callbacks.PatchTemplates{} },
 		VolumesFunc:        callbacks.GetCronJobVolumes,
 		ResourceType:       "CronJob",
+		SupportsPatch:      false,
 	}
 }
 
 // GetDeploymentRollingUpgradeFuncs returns all callback funcs for a cronjob
 func GetJobCreateJobFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetJobItem,
 		ItemsFunc:          callbacks.GetJobItems,
 		AnnotationsFunc:    callbacks.GetJobAnnotations,
 		PodAnnotationsFunc: callbacks.GetJobPodAnnotations,
 		ContainersFunc:     callbacks.GetJobContainers,
 		InitContainersFunc: callbacks.GetJobInitContainers,
 		UpdateFunc:         callbacks.ReCreateJobFromjob,
+		PatchFunc:          callbacks.PatchJob,
+		PatchTemplatesFunc: func() callbacks.PatchTemplates { return callbacks.PatchTemplates{} },
 		VolumesFunc:        callbacks.GetJobVolumes,
 		ResourceType:       "Job",
+		SupportsPatch:      false,
 	}
 }
 
 // GetDaemonSetRollingUpgradeFuncs returns all callback funcs for a daemonset
 func GetDaemonSetRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetDaemonSetItem,
 		ItemsFunc:          callbacks.GetDaemonSetItems,
 		AnnotationsFunc:    callbacks.GetDaemonSetAnnotations,
 		PodAnnotationsFunc: callbacks.GetDaemonSetPodAnnotations,
 		ContainersFunc:     callbacks.GetDaemonSetContainers,
 		InitContainersFunc: callbacks.GetDaemonSetInitContainers,
 		UpdateFunc:         callbacks.UpdateDaemonSet,
+		PatchFunc:          callbacks.PatchDaemonSet,
+		PatchTemplatesFunc: callbacks.GetPatchTemplates,
 		VolumesFunc:        callbacks.GetDaemonSetVolumes,
 		ResourceType:       "DaemonSet",
+		SupportsPatch:      true,
 	}
 }
 
 // GetStatefulSetRollingUpgradeFuncs returns all callback funcs for a statefulSet
 func GetStatefulSetRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetStatefulSetItem,
 		ItemsFunc:          callbacks.GetStatefulSetItems,
 		AnnotationsFunc:    callbacks.GetStatefulSetAnnotations,
 		PodAnnotationsFunc: callbacks.GetStatefulSetPodAnnotations,
 		ContainersFunc:     callbacks.GetStatefulSetContainers,
 		InitContainersFunc: callbacks.GetStatefulSetInitContainers,
 		UpdateFunc:         callbacks.UpdateStatefulSet,
+		PatchFunc:          callbacks.PatchStatefulSet,
+		PatchTemplatesFunc: callbacks.GetPatchTemplates,
 		VolumesFunc:        callbacks.GetStatefulSetVolumes,
 		ResourceType:       "StatefulSet",
-	}
-}
-
-// GetDeploymentConfigRollingUpgradeFuncs returns all callback funcs for a deploymentConfig
-func GetDeploymentConfigRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
-	return callbacks.RollingUpgradeFuncs{
-		ItemsFunc:          callbacks.GetDeploymentConfigItems,
-		AnnotationsFunc:    callbacks.GetDeploymentConfigAnnotations,
-		PodAnnotationsFunc: callbacks.GetDeploymentConfigPodAnnotations,
-		ContainersFunc:     callbacks.GetDeploymentConfigContainers,
-		InitContainersFunc: callbacks.GetDeploymentConfigInitContainers,
-		UpdateFunc:         callbacks.UpdateDeploymentConfig,
-		VolumesFunc:        callbacks.GetDeploymentConfigVolumes,
-		ResourceType:       "DeploymentConfig",
+		SupportsPatch:      true,
 	}
 }
 
 // GetArgoRolloutRollingUpgradeFuncs returns all callback funcs for a rollout
 func GetArgoRolloutRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
+		ItemFunc:           callbacks.GetRolloutItem,
 		ItemsFunc:          callbacks.GetRolloutItems,
 		AnnotationsFunc:    callbacks.GetRolloutAnnotations,
 		PodAnnotationsFunc: callbacks.GetRolloutPodAnnotations,
 		ContainersFunc:     callbacks.GetRolloutContainers,
 		InitContainersFunc: callbacks.GetRolloutInitContainers,
 		UpdateFunc:         callbacks.UpdateRollout,
+		PatchFunc:          callbacks.PatchRollout,
+		PatchTemplatesFunc: func() callbacks.PatchTemplates { return callbacks.PatchTemplates{} },
 		VolumesFunc:        callbacks.GetRolloutVolumes,
 		ResourceType:       "Rollout",
+		SupportsPatch:      false,
 	}
 }
 
@@ -180,13 +194,6 @@ func doRollingUpgrade(config util.Config, collectors metrics.Collectors, recorde
 		return err
 	}
 
-	if kube.IsOpenshift {
-		err = rollingUpgrade(clients, config, GetDeploymentConfigRollingUpgradeFuncs(), collectors, recorder, invoke)
-		if err != nil {
-			return err
-		}
-	}
-
 	if options.IsArgoRollouts == "true" {
 		err = rollingUpgrade(clients, config, GetArgoRolloutRollingUpgradeFuncs(), collectors, recorder, invoke)
 		if err != nil {
@@ -198,7 +205,6 @@ func doRollingUpgrade(config util.Config, collectors metrics.Collectors, recorde
 }
 
 func rollingUpgrade(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder, strategy invokeStrategy) error {
-
 	err := PerformAction(clients, config, upgradeFuncs, collectors, recorder, strategy)
 	if err != nil {
 		logrus.Errorf("Rolling upgrade for '%s' failed with error = %v", config.ResourceName, err)
@@ -210,107 +216,154 @@ func rollingUpgrade(clients kube.Clients, config util.Config, upgradeFuncs callb
 func PerformAction(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder, strategy invokeStrategy) error {
 	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)
 
-	for _, i := range items {
-		// find correct annotation and update the resource
-		annotations := upgradeFuncs.AnnotationsFunc(i)
-		annotationValue, found := annotations[config.Annotation]
-		searchAnnotationValue, foundSearchAnn := annotations[options.AutoSearchAnnotation]
-		reloaderEnabledValue, foundAuto := annotations[options.ReloaderAutoAnnotation]
-		typedAutoAnnotationEnabledValue, foundTypedAuto := annotations[config.TypedAutoAnnotation]
-		excludeConfigmapAnnotationValue, foundExcludeConfigmap := annotations[options.ConfigmapExcludeReloaderAnnotation]
-		excludeSecretAnnotationValue, foundExcludeSecret := annotations[options.SecretExcludeReloaderAnnotation]
-
-		if !found && !foundAuto && !foundTypedAuto && !foundSearchAnn {
-			annotations = upgradeFuncs.PodAnnotationsFunc(i)
-			annotationValue = annotations[config.Annotation]
-			searchAnnotationValue = annotations[options.AutoSearchAnnotation]
-			reloaderEnabledValue = annotations[options.ReloaderAutoAnnotation]
-			typedAutoAnnotationEnabledValue = annotations[config.TypedAutoAnnotation]
+	for _, item := range items {
+		err := retryOnConflict(retry.DefaultRetry, func(fetchResource bool) error {
+			return upgradeResource(clients, config, upgradeFuncs, collectors, recorder, strategy, item, fetchResource)
+		})
+		if err != nil {
+			return err
 		}
+	}
 
-		isResourceExcluded := false
+	return nil
+}
 
-		switch config.Type {
-		case constants.ConfigmapEnvVarPostfix:
-			if foundExcludeConfigmap {
-				isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeConfigmapAnnotationValue)
-			}
-		case constants.SecretEnvVarPostfix:
-			if foundExcludeSecret {
-				isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeSecretAnnotationValue)
-			}
+func retryOnConflict(backoff wait.Backoff, fn func(_ bool) error) error {
+	var lastError error
+	fetchResource := false // do not fetch resource on first attempt, already done by ItemsFunc
+	err := wait.ExponentialBackoff(backoff, func() (bool, error) {
+		err := fn(fetchResource)
+		fetchResource = true
+		switch {
+		case err == nil:
+			return true, nil
+		case apierrors.IsConflict(err):
+			lastError = err
+			return false, nil
+		default:
+			return false, err
 		}
+	})
+	if wait.Interrupted(err) {
+		err = lastError
+	}
+	return err
+}
 
-		if isResourceExcluded {
-			continue
+func upgradeResource(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder, strategy invokeStrategy, resource runtime.Object, fetchResource bool) error {
+	accessor, err := meta.Accessor(resource)
+	if err != nil {
+		return err
+	}
+
+	resourceName := accessor.GetName()
+	if fetchResource {
+		resource, err = upgradeFuncs.ItemFunc(clients, resourceName, config.Namespace)
+		if err != nil {
+			return err
 		}
+	}
 
-		result := constants.NotUpdated
-		reloaderEnabled, _ := strconv.ParseBool(reloaderEnabledValue)
-		typedAutoAnnotationEnabled, _ := strconv.ParseBool(typedAutoAnnotationEnabledValue)
-		if reloaderEnabled || typedAutoAnnotationEnabled || reloaderEnabledValue == "" && typedAutoAnnotationEnabledValue == "" && options.AutoReloadAll {
-			result = strategy(upgradeFuncs, i, config, true)
+	// find correct annotation and update the resource
+	annotations := upgradeFuncs.AnnotationsFunc(resource)
+	annotationValue, found := annotations[config.Annotation]
+	searchAnnotationValue, foundSearchAnn := annotations[options.AutoSearchAnnotation]
+	reloaderEnabledValue, foundAuto := annotations[options.ReloaderAutoAnnotation]
+	typedAutoAnnotationEnabledValue, foundTypedAuto := annotations[config.TypedAutoAnnotation]
+	excludeConfigmapAnnotationValue, foundExcludeConfigmap := annotations[options.ConfigmapExcludeReloaderAnnotation]
+	excludeSecretAnnotationValue, foundExcludeSecret := annotations[options.SecretExcludeReloaderAnnotation]
+
+	if !found && !foundAuto && !foundTypedAuto && !foundSearchAnn {
+		annotations = upgradeFuncs.PodAnnotationsFunc(resource)
+		annotationValue = annotations[config.Annotation]
+		searchAnnotationValue = annotations[options.AutoSearchAnnotation]
+		reloaderEnabledValue = annotations[options.ReloaderAutoAnnotation]
+		typedAutoAnnotationEnabledValue = annotations[config.TypedAutoAnnotation]
+	}
+
+	isResourceExcluded := false
+
+	switch config.Type {
+	case constants.ConfigmapEnvVarPostfix:
+		if foundExcludeConfigmap {
+			isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeConfigmapAnnotationValue)
 		}
-
-		if result != constants.Updated && annotationValue != "" {
-			values := strings.Split(annotationValue, ",")
-			for _, value := range values {
-				value = strings.TrimSpace(value)
-				re := regexp.MustCompile("^" + value + "$")
-				if re.Match([]byte(config.ResourceName)) {
-					result = strategy(upgradeFuncs, i, config, false)
-					if result == constants.Updated {
-						break
-					}
-				}
-			}
+	case constants.SecretEnvVarPostfix:
+		if foundExcludeSecret {
+			isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeSecretAnnotationValue)
 		}
+	}
 
-		if result != constants.Updated && searchAnnotationValue == "true" {
-			matchAnnotationValue := config.ResourceAnnotations[options.SearchMatchAnnotation]
-			if matchAnnotationValue == "true" {
-				result = strategy(upgradeFuncs, i, config, true)
-			}
-		}
+	if isResourceExcluded {
+		return nil
+	}
 
-		if result == constants.Updated {
-			accessor, err := meta.Accessor(i)
-			if err != nil {
-				return err
-			}
-			resourceName := accessor.GetName()
-			err = upgradeFuncs.UpdateFunc(clients, config.Namespace, i)
-			if err != nil {
-				message := fmt.Sprintf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
-				logrus.Errorf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
+	strategyResult := InvokeStrategyResult{constants.NotUpdated, nil}
+	reloaderEnabled, _ := strconv.ParseBool(reloaderEnabledValue)
+	typedAutoAnnotationEnabled, _ := strconv.ParseBool(typedAutoAnnotationEnabledValue)
+	if reloaderEnabled || typedAutoAnnotationEnabled || reloaderEnabledValue == "" && typedAutoAnnotationEnabledValue == "" && options.AutoReloadAll {
+		strategyResult = strategy(upgradeFuncs, resource, config, true)
+	}
 
-				collectors.Reloaded.With(prometheus.Labels{"success": "false"}).Inc()
-				collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "false", "namespace": config.Namespace}).Inc()
-				if recorder != nil {
-					recorder.Event(i, v1.EventTypeWarning, "ReloadFail", message)
-				}
-				return err
-			} else {
-				message := fmt.Sprintf("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
-				message += fmt.Sprintf(", Updated '%s' of type '%s' in namespace '%s'", resourceName, upgradeFuncs.ResourceType, config.Namespace)
-
-				logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s'; updated '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace, resourceName, upgradeFuncs.ResourceType, config.Namespace)
-
-				collectors.Reloaded.With(prometheus.Labels{"success": "true"}).Inc()
-				collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": config.Namespace}).Inc()
-				alert_on_reload, ok := os.LookupEnv("ALERT_ON_RELOAD")
-				if recorder != nil {
-					recorder.Event(i, v1.EventTypeNormal, "Reloaded", message)
-				}
-				if ok && alert_on_reload == "true" {
-					msg := fmt.Sprintf(
-						"Reloader detected changes in *%s* of type *%s* in namespace *%s*. Hence reloaded *%s* of type *%s* in namespace *%s*",
-						config.ResourceName, config.Type, config.Namespace, resourceName, upgradeFuncs.ResourceType, config.Namespace)
-					alert.SendWebhookAlert(msg)
+	if strategyResult.Result != constants.Updated && annotationValue != "" {
+		values := strings.Split(annotationValue, ",")
+		for _, value := range values {
+			value = strings.TrimSpace(value)
+			re := regexp.MustCompile("^" + value + "$")
+			if re.Match([]byte(config.ResourceName)) {
+				strategyResult = strategy(upgradeFuncs, resource, config, false)
+				if strategyResult.Result == constants.Updated {
+					break
 				}
 			}
 		}
 	}
+
+	if strategyResult.Result != constants.Updated && searchAnnotationValue == "true" {
+		matchAnnotationValue := config.ResourceAnnotations[options.SearchMatchAnnotation]
+		if matchAnnotationValue == "true" {
+			strategyResult = strategy(upgradeFuncs, resource, config, true)
+		}
+	}
+	if strategyResult.Result == constants.Updated {
+		var err error
+		if upgradeFuncs.SupportsPatch && strategyResult.Patch != nil {
+			err = upgradeFuncs.PatchFunc(clients, config.Namespace, resource, strategyResult.Patch.Type, strategyResult.Patch.Bytes)
+		} else {
+			err = upgradeFuncs.UpdateFunc(clients, config.Namespace, resource)
+		}
+
+		if err != nil {
+			message := fmt.Sprintf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
+			logrus.Errorf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
+
+			collectors.Reloaded.With(prometheus.Labels{"success": "false"}).Inc()
+			collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "false", "namespace": config.Namespace}).Inc()
+			if recorder != nil {
+				recorder.Event(resource, v1.EventTypeWarning, "ReloadFail", message)
+			}
+			return err
+		} else {
+			message := fmt.Sprintf("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
+			message += fmt.Sprintf(", Updated '%s' of type '%s' in namespace '%s'", resourceName, upgradeFuncs.ResourceType, config.Namespace)
+
+			logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s'; updated '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace, resourceName, upgradeFuncs.ResourceType, config.Namespace)
+
+			collectors.Reloaded.With(prometheus.Labels{"success": "true"}).Inc()
+			collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": config.Namespace}).Inc()
+			alert_on_reload, ok := os.LookupEnv("ALERT_ON_RELOAD")
+			if recorder != nil {
+				recorder.Event(resource, v1.EventTypeNormal, "Reloaded", message)
+			}
+			if ok && alert_on_reload == "true" {
+				msg := fmt.Sprintf(
+					"Reloader detected changes in *%s* of type *%s* in namespace *%s*. Hence reloaded *%s* of type *%s* in namespace *%s*",
+					config.ResourceName, config.Type, config.Namespace, resourceName, upgradeFuncs.ResourceType, config.Namespace)
+				alert.SendWebhookAlert(msg)
+			}
+		}
+	}
+
 	return nil
 }
 
@@ -439,42 +492,51 @@ func getContainerUsingResource(upgradeFuncs callbacks.RollingUpgradeFuncs, item
 	return container
 }
 
-type invokeStrategy func(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result
+type Patch struct {
+	Type  patchtypes.PatchType
+	Bytes []byte
+}
 
-func invokeReloadStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+type InvokeStrategyResult struct {
+	Result constants.Result
+	Patch  *Patch
+}
+
+type invokeStrategy func(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult
+
+func invokeReloadStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
 		return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
 	}
-
 	return updateContainerEnvVars(upgradeFuncs, item, config, autoReload)
 }
 
-func updatePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+func updatePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
 	if container == nil {
-		return constants.NoContainerFound
+		return InvokeStrategyResult{constants.NoContainerFound, nil}
 	}
 
 	// Generate reloaded annotations. Attaching this to the item's annotation will trigger a rollout
 	// Note: the data on this struct is purely informational and is not used for future updates
 	reloadSource := util.NewReloadSourceFromConfig(config, []string{container.Name})
-	annotations, err := createReloadedAnnotations(&reloadSource)
+	annotations, patch, err := createReloadedAnnotations(&reloadSource, upgradeFuncs)
 	if err != nil {
 		logrus.Errorf("Failed to create reloaded annotations for %s! error = %v", config.ResourceName, err)
-		return constants.NotUpdated
+		return InvokeStrategyResult{constants.NotUpdated, nil}
 	}
 
 	// Copy the all annotations to the item's annotations
 	pa := upgradeFuncs.PodAnnotationsFunc(item)
 	if pa == nil {
-		return constants.NotUpdated
+		return InvokeStrategyResult{constants.NotUpdated, nil}
 	}
 
 	for k, v := range annotations {
 		pa[k] = v
 	}
 
-	return constants.Updated
+	return InvokeStrategyResult{constants.Updated, &Patch{Type: patchtypes.StrategicMergePatchType, Bytes: patch}}
 }
 
 func getReloaderAnnotationKey() string {
@@ -484,9 +546,9 @@ func getReloaderAnnotationKey() string {
 	)
 }
 
-func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, error) {
+func createReloadedAnnotations(target *util.ReloadSource, upgradeFuncs callbacks.RollingUpgradeFuncs) (map[string]string, []byte, error) {
 	if target == nil {
-		return nil, errors.New("target is required")
+		return nil, nil, errors.New("target is required")
 	}
 
 	// Create a single "last-invokeReloadStrategy-from" annotation that stores metadata about the
@@ -498,53 +560,76 @@ func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, er
 
 	lastReloadedResource, err := json.Marshal(target)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	annotations[lastReloadedResourceName] = string(lastReloadedResource)
-	return annotations, nil
+
+	var patch []byte
+	if upgradeFuncs.SupportsPatch {
+		escapedValue, err := jsonEscape(annotations[lastReloadedResourceName])
+		if err != nil {
+			return nil, nil, err
+		}
+		patch = fmt.Appendf(nil, upgradeFuncs.PatchTemplatesFunc().AnnotationTemplate, lastReloadedResourceName, escapedValue)
+	}
+
+	return annotations, patch, nil
 }
 
 func getEnvVarName(resourceName string, typeName string) string {
 	return constants.EnvVarPrefix + util.ConvertToEnvVarName(resourceName) + "_" + typeName
 }
 
-func updateContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
-	var result constants.Result
+func updateContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) InvokeStrategyResult {
 	envVar := getEnvVarName(config.ResourceName, config.Type)
 	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
-		return constants.NoContainerFound
+		return InvokeStrategyResult{constants.NoContainerFound, nil}
 	}
 
 	//update if env var exists
-	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envVar, config.SHAValue)
+	updateResult := updateEnvVar(container, envVar, config.SHAValue)
 
 	// if no existing env var exists lets create one
-	if result == constants.NoEnvVarFound {
+	if updateResult == constants.NoEnvVarFound {
 		e := v1.EnvVar{
 			Name:  envVar,
 			Value: config.SHAValue,
 		}
 		container.Env = append(container.Env, e)
-		result = constants.Updated
+		updateResult = constants.Updated
 	}
-	return result
+
+	var patch []byte
+	if upgradeFuncs.SupportsPatch {
+		patch = fmt.Appendf(nil, upgradeFuncs.PatchTemplatesFunc().EnvVarTemplate, container.Name, envVar, config.SHAValue)
+	}
+
+	return InvokeStrategyResult{updateResult, &Patch{Type: patchtypes.StrategicMergePatchType, Bytes: patch}}
 }
 
-func updateEnvVar(containers []v1.Container, envVar string, shaData string) constants.Result {
-	for i := range containers {
-		envs := containers[i].Env
-		for j := range envs {
-			if envs[j].Name == envVar {
-				if envs[j].Value != shaData {
-					envs[j].Value = shaData
-					return constants.Updated
-				}
-				return constants.NotUpdated
+func updateEnvVar(container *v1.Container, envVar string, shaData string) constants.Result {
+	envs := container.Env
+	for j := range envs {
+		if envs[j].Name == envVar {
+			if envs[j].Value != shaData {
+				envs[j].Value = shaData
+				return constants.Updated
 			}
+			return constants.NotUpdated
 		}
 	}
+
 	return constants.NoEnvVarFound
 }
+
+func jsonEscape(toEscape string) (string, error) {
+	bytes, err := json.Marshal(toEscape)
+	if err != nil {
+		return "", err
+	}
+	escaped := string(bytes)
+	return escaped[1 : len(escaped)-1], nil
+}

internal/pkg/handler/upgrade_test.go

@@ -17,9 +17,12 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/testutil"
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"
 	testclient "k8s.io/client-go/kubernetes/fake"
 )
 
@@ -1413,6 +1416,22 @@ func testRollingUpgradeInvokeDeleteStrategyArs(t *testing.T, clients kube.Client
 	}
 }
 
+func testRollingUpgradeWithPatchAndInvokeDeleteStrategyArs(t *testing.T, clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, envVarPostfix string) {
+	err := PerformAction(clients, config, upgradeFuncs, collectors, nil, invokeDeleteStrategy)
+	upgradeFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		return nil
+	}
+	upgradeFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for %s with %s", upgradeFuncs.ResourceType, envVarPostfix)
+	}
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapUsingArs(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -1422,6 +1441,18 @@ func TestRollingUpgradeForDeploymentWithConfigmapUsingArs(t *testing.T) {
 	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
 	collectors := getCollectors()
 
+	itemCalled := 0
+	itemsCalled := 0
+
+	deploymentFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetDeploymentItem(client, namespace, name)
+	}
+	deploymentFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetDeploymentItems(client, namespace)
+	}
+
 	err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy)
 	time.Sleep(5 * time.Second)
 	if err != nil {
@@ -1441,9 +1472,68 @@ func TestRollingUpgradeForDeploymentWithConfigmapUsingArs(t *testing.T) {
 	if promtestutil.ToFloat64(collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": arsNamespace})) != 1 {
 		t.Errorf("Counter by namespace was not increased")
 	}
+
+	assert.Equal(t, 0, itemCalled, "ItemFunc should not be called")
+	assert.Equal(t, 2, itemsCalled, "ItemsFunc should be called twice")
+
 	testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForDeploymentWithPatchAndRetryUsingArs(t *testing.T) {
+	options.ReloadStrategy = constants.AnnotationsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, arsNamespace, arsConfigmapName, "www.stakater.com")
+	config := getConfigWithAnnotations(envVarPostfix, arsConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	assert.True(t, deploymentFuncs.SupportsPatch)
+	assert.NotEmpty(t, deploymentFuncs.PatchTemplatesFunc().AnnotationTemplate)
+
+	itemCalled := 0
+	itemsCalled := 0
+
+	deploymentFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetDeploymentItem(client, namespace, name)
+	}
+	deploymentFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetDeploymentItems(client, namespace)
+	}
+
+	patchCalled := 0
+	deploymentFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"metadata":{"annotations":{"reloader.stakater.com/last-reloaded-from":`)
+		assert.Contains(t, string(bytes), `\"hash\":\"3c9a892aeaedc759abc3df9884a37b8be5680382\"`)
+		return nil
+	}
+
+	deploymentFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+	err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for Deployment with Configmap")
+	}
+
+	assert.Equal(t, 1, itemCalled, "ItemFunc should be called once")
+	assert.Equal(t, 1, itemsCalled, "ItemsFunc should be called once")
+	assert.Equal(t, 2, patchCalled, "PatchFunc should be called twice")
+
+	deploymentFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyArs(t, clients, config, deploymentFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapWithoutReloadAnnotationAndWithoutAutoReloadAllNoTriggersUsingArs(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -1616,7 +1706,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationNotMappedUsi
 		t.Errorf("Failed to create deployment with search annotation.")
 	}
 	defer func() {
-		_ = clients.KubernetesClient.AppsV1().Deployments(arsNamespace).Delete(context.TODO(), deployment.Name, v1.DeleteOptions{})
+		_ = clients.KubernetesClient.AppsV1().Deployments(arsNamespace).Delete(context.TODO(), deployment.Name, metav1.DeleteOptions{})
 	}()
 	// defer clients.KubernetesClient.AppsV1().Deployments(namespace).Delete(deployment.Name, &v1.DeleteOptions{})
 
@@ -2102,6 +2192,7 @@ func TestRollingUpgradeForDeploymentWithExcludeConfigMapAnnotationUsingArs(t *te
 		t.Errorf("Deployment which had to be excluded was updated")
 	}
 }
+
 func TestRollingUpgradeForDeploymentWithConfigMapAutoAnnotationUsingArs(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -2143,6 +2234,18 @@ func TestRollingUpgradeForDaemonSetWithConfigmapUsingArs(t *testing.T) {
 	daemonSetFuncs := GetDaemonSetRollingUpgradeFuncs()
 	collectors := getCollectors()
 
+	itemCalled := 0
+	itemsCalled := 0
+
+	daemonSetFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetDaemonSetItem(client, namespace, name)
+	}
+	daemonSetFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetDaemonSetItems(client, namespace)
+	}
+
 	err := PerformAction(clients, config, daemonSetFuncs, collectors, nil, invokeReloadStrategy)
 	time.Sleep(5 * time.Second)
 	if err != nil {
@@ -2163,9 +2266,68 @@ func TestRollingUpgradeForDaemonSetWithConfigmapUsingArs(t *testing.T) {
 		t.Errorf("Counter by namespace was not increased")
 	}
 
+	assert.Equal(t, 0, itemCalled, "ItemFunc should not be called")
+	assert.Equal(t, 2, itemsCalled, "ItemsFunc should be called twice")
+
 	testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForDaemonSetWithPatchAndRetryUsingArs(t *testing.T) {
+	options.ReloadStrategy = constants.AnnotationsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, arsNamespace, arsConfigmapName, "www.facebook.com")
+	config := getConfigWithAnnotations(envVarPostfix, arsConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	daemonSetFuncs := GetDaemonSetRollingUpgradeFuncs()
+
+	itemCalled := 0
+	itemsCalled := 0
+
+	daemonSetFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetDaemonSetItem(client, namespace, name)
+	}
+	daemonSetFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetDaemonSetItems(client, namespace)
+	}
+
+	assert.True(t, daemonSetFuncs.SupportsPatch)
+	assert.NotEmpty(t, daemonSetFuncs.PatchTemplatesFunc().AnnotationTemplate)
+
+	patchCalled := 0
+	daemonSetFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"metadata":{"annotations":{"reloader.stakater.com/last-reloaded-from":`)
+		assert.Contains(t, string(bytes), `\"hash\":\"314a2269170750a974d79f02b5b9ee517de7f280\"`)
+		return nil
+	}
+
+	daemonSetFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+
+	err := PerformAction(clients, config, daemonSetFuncs, collectors, nil, invokeReloadStrategy)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for DaemonSet with configmap")
+	}
+
+	assert.Equal(t, 1, itemCalled, "ItemFunc should be called once")
+	assert.Equal(t, 1, itemsCalled, "ItemsFunc should be called once")
+	assert.Equal(t, 2, patchCalled, "PatchFunc should be called twice")
+
+	daemonSetFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyArs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingArs(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -2303,6 +2465,18 @@ func TestRollingUpgradeForStatefulSetWithConfigmapUsingArs(t *testing.T) {
 	statefulSetFuncs := GetStatefulSetRollingUpgradeFuncs()
 	collectors := getCollectors()
 
+	itemCalled := 0
+	itemsCalled := 0
+
+	statefulSetFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetStatefulSetItem(client, namespace, name)
+	}
+	statefulSetFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetStatefulSetItems(client, namespace)
+	}
+
 	err := PerformAction(clients, config, statefulSetFuncs, collectors, nil, invokeReloadStrategy)
 	time.Sleep(5 * time.Second)
 	if err != nil {
@@ -2323,9 +2497,68 @@ func TestRollingUpgradeForStatefulSetWithConfigmapUsingArs(t *testing.T) {
 		t.Errorf("Counter by namespace was not increased")
 	}
 
+	assert.Equal(t, 0, itemCalled, "ItemFunc should not be called")
+	assert.Equal(t, 2, itemsCalled, "ItemsFunc should be called twice")
+
 	testRollingUpgradeInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForStatefulSetWithPatchAndRetryUsingArs(t *testing.T) {
+	options.ReloadStrategy = constants.AnnotationsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, arsNamespace, arsConfigmapName, "www.twitter.com")
+	config := getConfigWithAnnotations(envVarPostfix, arsConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	statefulSetFuncs := GetStatefulSetRollingUpgradeFuncs()
+
+	itemCalled := 0
+	itemsCalled := 0
+
+	statefulSetFuncs.ItemFunc = func(client kube.Clients, namespace string, name string) (runtime.Object, error) {
+		itemCalled++
+		return callbacks.GetStatefulSetItem(client, namespace, name)
+	}
+	statefulSetFuncs.ItemsFunc = func(client kube.Clients, namespace string) []runtime.Object {
+		itemsCalled++
+		return callbacks.GetStatefulSetItems(client, namespace)
+	}
+
+	assert.True(t, statefulSetFuncs.SupportsPatch)
+	assert.NotEmpty(t, statefulSetFuncs.PatchTemplatesFunc().AnnotationTemplate)
+
+	patchCalled := 0
+	statefulSetFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"metadata":{"annotations":{"reloader.stakater.com/last-reloaded-from":`)
+		assert.Contains(t, string(bytes), `\"hash\":\"f821414d40d8815fb330763f74a4ff7ab651d4fa\"`)
+		return nil
+	}
+
+	statefulSetFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+
+	err := PerformAction(clients, config, statefulSetFuncs, collectors, nil, invokeReloadStrategy)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for StatefulSet with configmap")
+	}
+
+	assert.Equal(t, 1, itemCalled, "ItemFunc should be called once")
+	assert.Equal(t, 1, itemsCalled, "ItemsFunc should be called once")
+	assert.Equal(t, 2, patchCalled, "PatchFunc should be called twice")
+
+	statefulSetFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyArs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingArs(t *testing.T) {
 	options.ReloadStrategy = constants.AnnotationsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -2488,6 +2721,9 @@ func TestFailedRollingUpgradeUsingArs(t *testing.T) {
 	deploymentFuncs.UpdateFunc = func(_ kube.Clients, _ string, _ runtime.Object) error {
 		return fmt.Errorf("error")
 	}
+	deploymentFuncs.PatchFunc = func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error {
+		return fmt.Errorf("error")
+	}
 	collectors := getCollectors()
 
 	_ = PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy)
@@ -2518,6 +2754,24 @@ func testRollingUpgradeInvokeDeleteStrategyErs(t *testing.T, clients kube.Client
 	}
 }
 
+func testRollingUpgradeWithPatchAndInvokeDeleteStrategyErs(t *testing.T, clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, envVarPostfix string) {
+	assert.NotEmpty(t, upgradeFuncs.PatchTemplatesFunc().DeleteEnvVarTemplate)
+
+	err := PerformAction(clients, config, upgradeFuncs, collectors, nil, invokeDeleteStrategy)
+	upgradeFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		assert.Equal(t, patchtypes.JSONPatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		return nil
+	}
+	upgradeFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for %s with %s", upgradeFuncs.ResourceType, envVarPostfix)
+	}
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapUsingErs(t *testing.T) {
 	options.ReloadStrategy = constants.EnvVarsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -2550,6 +2804,48 @@ func TestRollingUpgradeForDeploymentWithConfigmapUsingErs(t *testing.T) {
 	testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForDeploymentWithPatchAndRetryUsingErs(t *testing.T) {
+	options.ReloadStrategy = constants.EnvVarsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, ersNamespace, ersConfigmapName, "www.stakater.com")
+	config := getConfigWithAnnotations(envVarPostfix, ersConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	assert.True(t, deploymentFuncs.SupportsPatch)
+	assert.NotEmpty(t, deploymentFuncs.PatchTemplatesFunc().EnvVarTemplate)
+
+	patchCalled := 0
+	deploymentFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"spec":{"containers":[{"name":`)
+		assert.Contains(t, string(bytes), `"value":"3c9a892aeaedc759abc3df9884a37b8be5680382"`)
+		return nil
+	}
+
+	deploymentFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+
+	err := PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for %s with %s", deploymentFuncs.ResourceType, envVarPostfix)
+	}
+
+	assert.Equal(t, 2, patchCalled)
+
+	deploymentFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyErs(t, clients, config, deploymentFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapInProjectedVolumeUsingErs(t *testing.T) {
 	options.ReloadStrategy = constants.EnvVarsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -2658,7 +2954,7 @@ func TestRollingUpgradeForDeploymentWithConfigmapViaSearchAnnotationNotMappedUsi
 		t.Errorf("Failed to create deployment with search annotation.")
 	}
 	defer func() {
-		_ = clients.KubernetesClient.AppsV1().Deployments(ersNamespace).Delete(context.TODO(), deployment.Name, v1.DeleteOptions{})
+		_ = clients.KubernetesClient.AppsV1().Deployments(ersNamespace).Delete(context.TODO(), deployment.Name, metav1.DeleteOptions{})
 	}()
 	// defer clients.KubernetesClient.AppsV1().Deployments(namespace).Delete(deployment.Name, &v1.DeleteOptions{})
 
@@ -3212,6 +3508,49 @@ func TestRollingUpgradeForDaemonSetWithConfigmapUsingErs(t *testing.T) {
 	testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForDaemonSetWithPatchAndRetryUsingErs(t *testing.T) {
+	options.ReloadStrategy = constants.EnvVarsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, ersNamespace, ersConfigmapName, "www.facebook.com")
+	config := getConfigWithAnnotations(envVarPostfix, ersConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	daemonSetFuncs := GetDaemonSetRollingUpgradeFuncs()
+
+	assert.True(t, daemonSetFuncs.SupportsPatch)
+	assert.NotEmpty(t, daemonSetFuncs.PatchTemplatesFunc().EnvVarTemplate)
+
+	patchCalled := 0
+	daemonSetFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"spec":{"containers":[{"name":`)
+		assert.Contains(t, string(bytes), `"value":"314a2269170750a974d79f02b5b9ee517de7f280"`)
+		return nil
+	}
+
+	daemonSetFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+
+	err := PerformAction(clients, config, daemonSetFuncs, collectors, nil, invokeReloadStrategy)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for DaemonSet with configmap")
+	}
+
+	assert.Equal(t, 2, patchCalled)
+
+	daemonSetFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyErs(t, clients, config, daemonSetFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForDaemonSetWithConfigmapInProjectedVolumeUsingErs(t *testing.T) {
 	options.ReloadStrategy = constants.EnvVarsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -3372,6 +3711,49 @@ func TestRollingUpgradeForStatefulSetWithConfigmapUsingErs(t *testing.T) {
 	testRollingUpgradeInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix)
 }
 
+func TestRollingUpgradeForStatefulSetWithPatchAndRetryUsingErs(t *testing.T) {
+	options.ReloadStrategy = constants.EnvVarsReloadStrategy
+	envVarPostfix := constants.ConfigmapEnvVarPostfix
+
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, ersNamespace, ersConfigmapName, "www.twitter.com")
+	config := getConfigWithAnnotations(envVarPostfix, ersConfigmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation, options.ConfigmapReloaderAutoAnnotation)
+	statefulSetFuncs := GetStatefulSetRollingUpgradeFuncs()
+
+	assert.True(t, statefulSetFuncs.SupportsPatch)
+	assert.NotEmpty(t, statefulSetFuncs.PatchTemplatesFunc().EnvVarTemplate)
+
+	patchCalled := 0
+	statefulSetFuncs.PatchFunc = func(client kube.Clients, namespace string, resource runtime.Object, patchType patchtypes.PatchType, bytes []byte) error {
+		patchCalled++
+		if patchCalled < 2 {
+			return &errors.StatusError{ErrStatus: metav1.Status{Reason: metav1.StatusReasonConflict}} // simulate conflict
+		}
+		assert.Equal(t, patchtypes.StrategicMergePatchType, patchType)
+		assert.NotEmpty(t, bytes)
+		assert.Contains(t, string(bytes), `{"spec":{"template":{"spec":{"containers":[{"name":`)
+		assert.Contains(t, string(bytes), `"value":"f821414d40d8815fb330763f74a4ff7ab651d4fa"`)
+		return nil
+	}
+
+	statefulSetFuncs.UpdateFunc = func(kube.Clients, string, runtime.Object) error {
+		t.Errorf("Update should not be called")
+		return nil
+	}
+
+	collectors := getCollectors()
+
+	err := PerformAction(clients, config, statefulSetFuncs, collectors, nil, invokeReloadStrategy)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for StatefulSet with configmap")
+	}
+
+	assert.Equal(t, 2, patchCalled)
+
+	statefulSetFuncs = GetDeploymentRollingUpgradeFuncs()
+	testRollingUpgradeWithPatchAndInvokeDeleteStrategyErs(t, clients, config, statefulSetFuncs, collectors, envVarPostfix)
+}
+
 func TestRollingUpgradeForStatefulSetWithConfigmapInProjectedVolumeUsingErs(t *testing.T) {
 	options.ReloadStrategy = constants.EnvVarsReloadStrategy
 	envVarPostfix := constants.ConfigmapEnvVarPostfix
@@ -3536,6 +3918,9 @@ func TestFailedRollingUpgradeUsingErs(t *testing.T) {
 	deploymentFuncs.UpdateFunc = func(_ kube.Clients, _ string, _ runtime.Object) error {
 		return fmt.Errorf("error")
 	}
+	deploymentFuncs.PatchFunc = func(kube.Clients, string, runtime.Object, patchtypes.PatchType, []byte) error {
+		return fmt.Errorf("error")
+	}
 	collectors := getCollectors()
 
 	_ = PerformAction(clients, config, deploymentFuncs, collectors, nil, invokeReloadStrategy)

internal/pkg/testutil/kube.go

@@ -968,6 +968,22 @@ func DeleteStatefulSet(client kubernetes.Interface, namespace string, statefulse
 	return statefulsetError
 }
 
+// DeleteCronJob deletes a cronJob in given namespace and returns the error if any
+func DeleteCronJob(client kubernetes.Interface, namespace string, cronJobName string) error {
+	logrus.Infof("Deleting CronJob %s", cronJobName)
+	cronJobError := client.BatchV1().CronJobs(namespace).Delete(context.TODO(), cronJobName, metav1.DeleteOptions{})
+	time.Sleep(3 * time.Second)
+	return cronJobError
+}
+
+// Deleteob deletes a job in given namespace and returns the error if any
+func DeleteJob(client kubernetes.Interface, namespace string, jobName string) error {
+	logrus.Infof("Deleting Job %s", jobName)
+	jobError := client.BatchV1().Jobs(namespace).Delete(context.TODO(), jobName, metav1.DeleteOptions{})
+	time.Sleep(3 * time.Second)
+	return jobError
+}
+
 // UpdateConfigMap updates a configmap in given namespace and returns the error if any
 func UpdateConfigMap(configmapClient core_v1.ConfigMapInterface, namespace string, configmapName string, label string, data string) error {
 	logrus.Infof("Updating configmap %q.\n", configmapName)