[skip-ci] Update artifacts

Signed-off-by: faizanahmad055 <faizan.ahmad55@outlook.com>

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/pull_request.yaml

@@ -7,7 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
-  GOLANG_VERSION: 1.18.2
+  GOLANG_VERSION: 1.20.2
   KUBERNETES_VERSION: "1.18.0"
   KIND_VERSION: "0.10.0"
 
@@ -18,17 +18,17 @@ jobs:
     if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"    
     steps:
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
       with:
         ref: ${{github.event.pull_request.head.sha}}
         
     # Setting up helm binary
     - name: Set up Helm
-      uses: azure/setup-helm@v1
+      uses: azure/setup-helm@v3.4
 
     - name: Set up Go
       id: go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v3
       with:
         go-version: ${{ env.GOLANG_VERSION }}
 
@@ -37,9 +37,9 @@ jobs:
         make install
 
     - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@v2.3.0
+      uses: golangci/golangci-lint-action@v3
       with:
-        version: v1.45.2
+        version: v1.51.1
         only-new-issues: false
         args: --timeout 10m
 

.github/workflows/push.yaml

@@ -7,7 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
-  GOLANG_VERSION: 1.18.2
+  GOLANG_VERSION: 1.20.2
   KUBERNETES_VERSION: "1.18.0"
   KIND_VERSION: "0.10.0"
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
@@ -20,18 +20,18 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
 
       # Setting up helm binary
       - name: Set up Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@v3.4
 
       - name: Set up Go
         id: go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GOLANG_VERSION }}
 
@@ -40,12 +40,12 @@ jobs:
           make install
 
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2.3.0
+        uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.45.2
+          version: v1.51.1
           only-new-issues: false
           args: --timeout 10m
-          
+
       - name: Install kubectl
         run: |
           curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
@@ -108,7 +108,7 @@ jobs:
             org.opencontainers.image.source=${{ github.event.repository.clone_url }}
             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
             org.opencontainers.image.revision=${{ github.sha }}
-            
+
       ##############################
       ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
       ##############################
@@ -132,7 +132,7 @@ jobs:
       - name: Helm Template
         run: |
           helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
-          helm template reloader deployments/kubernetes/chart/reloader/  --output-dir deployments/kubernetes/manifests/ && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
+          helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
 
       # Publish helm chart
       - name: Publish Helm chart
@@ -148,16 +148,16 @@ jobs:
           linting: on
           commit_username: stakater-user
           commit_email: stakater@gmail.com
-          
+
       # Commit back changes
       - name: Commit files
         run: |
           git config --local user.email "stakater@gmail.com"
           git config --local user.name "stakater-user"
-          git status 
+          git status
           git add .
           git commit -m "[skip-ci] Update artifacts" -a
-          
+
       - name: Push changes
         uses: ad-m/github-push-action@master
         with:

.github/workflows/release.yaml

@@ -6,7 +6,7 @@ on:
       - "v*"
 
 env:
-  GOLANG_VERSION: 1.18.2
+  GOLANG_VERSION: 1.20.2
 
 jobs:
   build:
@@ -15,12 +15,12 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0 # See: https://goreleaser.com/ci/actions/
 
       - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GOLANG_VERSION }}
         id: go

Dockerfile

@@ -2,7 +2,7 @@ ARG BUILDER_IMAGE
 ARG BASE_IMAGE
 
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.18.2} as builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.20.2} as builder
 
 ARG TARGETOS
 ARG TARGETARCH

README.md

@@ -143,6 +143,7 @@ spec:
 - you may override the configmap annotation with the `--configmap-annotation` flag
 - you may override the secret annotation with the `--secret-annotation` flag
 - you may want to prevent watching certain namespaces with the `--namespaces-to-ignore` flag
+- you may want to watch only a set of namespaces with certain labels by using the `--namespace-selector` flag
 - you may want to prevent watching certain resources with the `--resources-to-ignore` flag
 - you can configure logging in JSON format with the `--log-format=json` option
 - you can configure the "reload strategy" with the `--reload-strategy=<strategy-name>` option (details below)
@@ -182,6 +183,25 @@ Reloader can be configured to ignore the resources `secrets` and `configmaps` by
 
 `Note`: At one time only one of these resource can be ignored, trying to do it will cause error in Reloader. Workaround for ignoring both resources is by scaling down the reloader pods to `0`.
 
+Reloader can be configured to watch only namespaces labeled with (one or more) labels of your choosing by using the `--namespace-selector` parameter, for example:
+```
+--namespace-selector=reloder:enabled,test:true
+```
+
+Only namespaces labeled like the following namespace YAML will be watched:
+```yaml
+kind: Namespace
+apiVersion: v1
+metadata:
+  ...
+  labels:
+    reloder: enabled
+    test: true
+  ...
+```
+If you want to select namespace only by the key of the label use ```*``` as the value.
+For example, for ```--namespace-selector=select-this:*``` all namespaces with label-key "select-this" will be selected regardless of the labels value
+
 ### Vanilla kustomize
 
 You can also apply the vanilla manifests by running the following command
@@ -233,17 +253,24 @@ Reloader can be configured to ignore the resources `secrets` and `configmaps` by
 
 `Note`: At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.
 
+Reloader can be configured to watch only namespaces labeled with (one or more) labels of your choosing by using the `namespaceSelector` parameter
+
+| Parameter            | Description                                                    | Type    |
+| ----------------     | -------------------------------------------------------------- | ------- |
+| namespaceSelector    | list of comma separated key:value namespace                    | string  |
+
 You can also set the log format of Reloader to json by setting `logFormat` to `json` in values.yaml and apply the chart
 
 You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonitor.enabled` or `podMonitor.enabled`  to `true` in values.yaml file. Service monitor will be removed in future releases of reloader in favour of Pod monitor.
 
 **Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo Rollouts has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:
 
-| Parameter        | Description                                                                  | Type    |
-| ---------------- |------------------------------------------------------------------------------| ------- |
-| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false` | boolean |
-| isArgoRollouts   | Enable Argo Rollouts. Valid value are either `true` or `false`               | boolean |
-| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`     | boolean |
+| Parameter        | Description                                                                                                                              | Type    |
+|------------------|------------------------------------------------------------------------------------------------------------------------------------------| ------- |
+| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                             | boolean |
+| isArgoRollouts   | Enable Argo Rollouts. Valid value are either `true` or `false`                                                                           | boolean |
+| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`                                                                 | boolean |
+| syncAfterRestart | Enable sync after reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean |
 
 **ReloadOnCreate** reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:
 * Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload. 

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.124
-appVersion: v0.0.124
+version: v1.0.16
+appVersion: v1.0.16
 keywords:
   - Reloader
   - kubernetes
@@ -16,16 +16,6 @@ maintainers:
   - name: Stakater
     email: hello@stakater.com
   - name: rasheedamir
-    email: rasheed@aurorasolutions.io
-  - name: waseem-h
-    email: waseemhassan@stakater.com
+    email: rasheed@stakater.com
   - name: faizanahmad055
     email: faizan.ahmad55@outlook.com
-  - name: kahootali
-    email: ali.kahoot@aurorasolutions.io
-  - name: ahmadiq
-    email: ahmad@aurorasolutions.io
-  - name: ahsan-storm
-    email: ahsanmuhammad1@outlook.com
-  - name: ahmedwaleedmalik
-    email: waleed@stakater.com

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -17,7 +17,6 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role
-  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups:
       - ""
@@ -32,6 +31,14 @@ rules:
       - list
       - get
       - watch
+{{- if .Values.reloader.namespaceSelector }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+{{- end }}
 {{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }}
   - apiGroups:
       - "apps.openshift.io"

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -17,7 +17,6 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role-binding
-  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -25,5 +24,5 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "reloader-serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -15,7 +15,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
 {{- if not (.Values.reloader.enableHA) }}
   replicas: 1
@@ -45,6 +45,10 @@ spec:
 {{ toYaml .Values.reloader.matchLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- with .Values.reloader.deployment.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.reloader.deployment.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.reloader.deployment.nodeSelector | indent 8 }}
@@ -67,7 +71,7 @@ spec:
       - image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
         imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
         name: {{ template "reloader-fullname" . }}
-      {{- if or (.Values.reloader.deployment.env.open) (.Values.reloader.deployment.env.secret) (.Values.reloader.deployment.env.field) (eq .Values.reloader.watchGlobally false) (.Values.reloader.enableHA)}}
+      {{- if or (.Values.reloader.deployment.env.open) (.Values.reloader.deployment.env.secret) (.Values.reloader.deployment.env.field) (.Values.reloader.deployment.env.existing) (eq .Values.reloader.watchGlobally false) (.Values.reloader.enableHA)}}
         env:
       {{- range $name, $value := .Values.reloader.deployment.env.open }}
       {{- if not (empty $value) }}
@@ -85,6 +89,17 @@ spec:
               key: {{ $name | quote }}
       {{- end }}
       {{- end }}
+      {{- range $secret, $values := .Values.reloader.deployment.env.existing }}
+      {{- range $name, $key := $values }}
+      {{- if not ( empty $name) }}
+        - name: {{ $name | quote }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ $secret | quote }}
+              key: {{ $key | quote }}
+      {{- end }}
+      {{- end }}
+      {{- end }}
       {{- range $name, $value := .Values.reloader.deployment.env.field }}
       {{- if not ( empty $value) }}
         - name: {{ $name | quote }}
@@ -113,8 +128,6 @@ spec:
 
         ports:
         - name: http
-          containerPort: 9091
-        - name: metrics 
           containerPort: 9090
         livenessProbe:
           httpGet:
@@ -127,22 +140,26 @@ spec:
         readinessProbe:
           httpGet:
             path: /metrics
-            port: metrics
+            port: http
           timeoutSeconds: {{ .Values.reloader.deployment.readinessProbe.timeoutSeconds | default "5" }}
           failureThreshold: {{ .Values.reloader.deployment.readinessProbe.failureThreshold | default "5" }}
           periodSeconds: {{ .Values.reloader.deployment.readinessProbe.periodSeconds | default "10" }}
           successThreshold: {{ .Values.reloader.deployment.readinessProbe.successThreshold | default "1" }}
 
-      {{- with .Values.reloader.deployment.containerSecurityContext }}
-        securityContext: {{ toYaml . | nindent 10 }}
-      {{- end }}
+        {{- $containerSecurityContext := .Values.reloader.deployment.containerSecurityContext | default dict }}
+        {{- if .Values.reloader.readOnlyRootFileSystem }}
+          {{- $_ := set $containerSecurityContext "readOnlyRootFilesystem" true }}
+        {{- end }}
+
+        securityContext:
+          {{- toYaml $containerSecurityContext | nindent 10 }}
 
       {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
         volumeMounts:
           - mountPath: /tmp/
             name: tmp-volume
       {{- end }}
-      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA)}}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.namespaceSelector) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA)}}
         args:
           {{- if .Values.reloader.logFormat }}
           - "--log-format={{ .Values.reloader.logFormat }}"
@@ -156,7 +173,9 @@ spec:
           {{- if .Values.reloader.ignoreNamespaces }}
           - "--namespaces-to-ignore={{ .Values.reloader.ignoreNamespaces }}"
           {{- end }}
-
+          {{- if .Values.reloader.namespaceSelector }}
+          - "--namespace-selector={{ .Values.reloader.namespaceSelector }}"
+          {{- end }}          
           {{- if .Values.reloader.custom_annotations }}
             {{- if .Values.reloader.custom_annotations.configmap }}
           - "--configmap-annotation"
@@ -185,10 +204,13 @@ spec:
           {{- if eq .Values.reloader.reloadOnCreate true }}
           - "--reload-on-create={{ .Values.reloader.reloadOnCreate }}"
           {{- end }}
+          {{- if eq .Values.reloader.syncAfterRestart true }}
+          - "--sync-after-restart={{ .Values.reloader.syncAfterRestart }}"
+          {{- end }}
           {{- if ne .Values.reloader.reloadStrategy "default" }}
           - "--reload-strategy={{ .Values.reloader.reloadStrategy }}"
           {{- end }}
-          {{- if or (gt .Values.reloader.deployment.replicas 1.0) (.Values.reloader.enableHA) }}
+          {{- if or (gt (int .Values.reloader.deployment.replicas) 1) (.Values.reloader.enableHA) }}
           - "--enable-ha=true"
           {{- end}}
       {{- end }}

deployments/kubernetes/chart/reloader/templates/podmonitor.yaml

@@ -2,25 +2,52 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
 metadata:
+{{- if .Values.reloader.podMonitor.annotations }}
+  annotations:
+{{ tpl (toYaml .Values.reloader.podMonitor.annotations) . | indent 4 }}
+{{- end }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.podMonitor.labels }}
-{{ toYaml .Values.reloader.podMonitor.labels | indent 4}}
+{{ tpl (toYaml .Values.reloader.podMonitor.labels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.podMonitor.namespace }}
-  namespace: {{ .Values.reloader.podMonitor.namespace }}
+  namespace: {{ tpl .Values.reloader.podMonitor.namespace . }}
 {{- end }}
 spec:
   podMetricsEndpoints:
   - port: http
     path: "/metrics"
-{{- if .Values.reloader.podMonitor.interval }}
-    interval: {{ .Values.reloader.podMonitor.interval }}
-{{- end }}
-{{- if .Values.reloader.podMonitor.timeout }}
-    scrapeTimeout: {{ .Values.reloader.podMonitor.timeout }}
-{{- end }}
+    {{- with .Values.reloader.podMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.bearerTokenSecret }}
+    bearerTokenSecret: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 6 }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.timeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    honorLabels: {{ .Values.reloader.podMonitor.honorLabels }}
+    {{- with .Values.reloader.podMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- tpl (toYaml . | nindent 6) $ }}
+    {{- end }}
+    {{- with .Values.reloader.podMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- with .Values.reloader.podMonitor.podTargetLabels }}
+  podTargetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   jobLabel: {{ template "reloader-fullname" . }}
   namespaceSelector:
     matchNames:

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -17,7 +17,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 rules:
   - apiGroups:
       - ""

deployments/kubernetes/chart/reloader/templates/rolebinding.yaml

@@ -17,7 +17,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role-binding
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -25,5 +25,5 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: {{ template "reloader-serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/secret.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "reloader-fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 type: Opaque
 data:
   {{ if .Values.reloader.deployment.env.secret.ALERT_ON_RELOAD -}}
@@ -18,4 +18,4 @@ data:
   {{- if .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO -}}
   ALERT_ADDITIONAL_INFO: {{ .Values.reloader.deployment.env.secret.ALERT_ADDITIONAL_INFO | b64enc | quote }}
   {{ end }}
-{{ end }}
+{{ end }}

deployments/kubernetes/chart/reloader/templates/service.yaml

@@ -13,7 +13,7 @@ metadata:
 {{ toYaml .Values.reloader.service.labels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   selector:
 {{- if .Values.reloader.deployment.labels }}

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -22,5 +22,5 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml

@@ -2,25 +2,52 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
+{{- if .Values.reloader.serviceMonitor.annotations }}
+  annotations:
+{{ tpl (toYaml .Values.reloader.serviceMonitor.annotations) . | indent 4 }}
+{{- end }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.serviceMonitor.labels }}
-{{ toYaml .Values.reloader.serviceMonitor.labels | indent 4}}
+{{ tpl (toYaml .Values.reloader.serviceMonitor.labels) . | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.serviceMonitor.namespace }}
-  namespace: {{ .Values.reloader.serviceMonitor.namespace }}
+  namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }}
 {{- end }}
 spec:
   endpoints:
   - targetPort: http
     path: "/metrics"
-{{- if .Values.reloader.serviceMonitor.interval }}
-    interval: {{ .Values.reloader.serviceMonitor.interval }}
-{{- end }}
-{{- if .Values.reloader.serviceMonitor.timeout }}
-    scrapeTimeout: {{ .Values.reloader.serviceMonitor.timeout }}
-{{- end }}
+    {{- with .Values.reloader.serviceMonitor.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.scheme }}
+    scheme: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.bearerTokenFile }}
+    bearerTokenFile: {{ . }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.tlsConfig }}
+    tlsConfig:
+      {{- toYaml .| nindent 6 }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.timeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    honorLabels: {{ .Values.reloader.serviceMonitor.honorLabels }}
+    {{- with .Values.reloader.serviceMonitor.metricRelabelings }}
+    metricRelabelings:
+      {{- tpl (toYaml . | nindent 6) $ }}
+    {{- end }}
+    {{- with .Values.reloader.serviceMonitor.relabelings }}
+    relabelings:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+  {{- with .Values.reloader.serviceMonitor.targetLabels }}
+  targetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   jobLabel: {{ template "reloader-fullname" . }}
   namespaceSelector:
     matchNames:

deployments/kubernetes/chart/reloader/tests/deployment_test.yaml

@@ -0,0 +1,50 @@
+suite: Deployment
+
+templates:
+  - deployment.yaml
+
+tests:
+  - it: sets readOnlyRootFilesystem in container securityContext when reloader.readOnlyRootFileSystem is true
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: false
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: sets readOnlyRootFilesystem in container securityContext even if reloader.deployment.containerSecurityContext is null
+    set:
+      reloader:
+        readOnlyRootFileSystem: true
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: does not override readOnlyRootFilesystem in container securityContext based on reloader.readOnlyRootFileSystem
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext:
+            readOnlyRootFilesystem: true
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
+          value: true
+
+  - it: template is still valid with no defined containerSecurityContext
+    set:
+      reloader:
+        readOnlyRootFileSystem: false
+        deployment:
+          containerSecurityContext: null
+    asserts:
+      - isEmpty:
+          path: spec.template.spec.containers[0].securityContext

deployments/kubernetes/chart/reloader/values.yaml

@@ -8,14 +8,19 @@ global:
 kubernetes:
   host: https://kubernetes.default
 
+nameOverride: ""
+fullnameOverride: ""
+
 reloader:
   isArgoRollouts: false
   isOpenshift: false
   ignoreSecrets: false
   ignoreConfigMaps: false
   reloadOnCreate: false
+  syncAfterRestart: false
   reloadStrategy: default # Set to default, env-vars or annotations
   ignoreNamespaces: "" # Comma separated list of namespaces to ignore
+  namespaceSelector: "" # Comma separated list of 'key:value' labels for namespaces selection
   logFormat: "" #json
   watchGlobally: true
   # Set to true to enable leadership election allowing you to run multiple replicas
@@ -65,10 +70,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v0.0.124
+      version: v1.0.16
     image:
       name: stakater/reloader
-      tag: v0.0.124
+      tag: v1.0.16
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -82,6 +87,15 @@ reloader:
       #  ALERT_ADDITIONAL_INFO: <"Additional Info like Cluster Name if needed">
       # field supports Key value pair as environment variables. It gets the values from other fields of pod.
       field:
+      # existing secret, you can specify multiple existing secrets, for each
+      # specify the env var name followed by the key in existing secret that
+      # will be used to populate the env var
+      existing:
+      #  existing_secret_name:
+      #    ALERT_ON_RELOAD: alert_on_reload_key
+      #    ALERT_SINK: alert_sink_key
+      #    ALERT_WEBHOOK_URL: alert_webhook_key
+      #    ALERT_ADDITIONAL_INFO: alert_additional_info_key
 
     # Liveness and readiness probe timeout values.
     livenessProbe: {}
@@ -108,6 +122,8 @@ reloader:
     pod:
       annotations: {}
     priorityClassName: ""
+    # imagePullSecrets:
+    #   - name: myregistrykey
 
   service: {}
     # labels: {}
@@ -125,7 +141,7 @@ reloader:
     annotations: {}
     # The name of the ServiceAccount to use.
     # If not set and create is true, a name is generated using the fullname template
-    name: 
+    name:
   # Optional flags to pass to the Reloader entrypoint
   # Example:
   #   custom_annotations:
@@ -139,23 +155,101 @@ reloader:
     enabled: false
     # Set the namespace the ServiceMonitor should be deployed
     # namespace: monitoring
-    # Set how frequently Prometheus should scrape
-    # interval: 30s
-    # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator
-    # labels:
-    # Set timeout for scrape
-    # timeout: 10s
+
+    # Fallback to the prometheus default unless specified
+    # interval: 10s
+
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    # scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    # tlsConfig: {}
+
+    # bearerTokenFile:
+    # Fallback to the prometheus default unless specified
+    # timeout: 30s
+
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    labels: {}
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    # Retain the job and instance labels of the metrics pushed to the Pushgateway
+    # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
+    honorLabels: true
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
+    targetLabels: []
 
   podMonitor:
     enabled: false
     # Set the namespace the podMonitor should be deployed
     # namespace: monitoring
-    # Set how frequently Prometheus should scrape
-    # interval: 30s
-    # Set labels for the podMonitor, use this to define your scrape label for Prometheus Operator
-    # labels:
-    # Set timeout for scrape
-    # timeout: 10s
+
+    # Fallback to the prometheus default unless specified
+    # interval: 10s
+
+    ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+    # scheme: ""
+
+    ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+    ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+    # tlsConfig: {}
+
+    # bearerTokenSecret:
+    # Fallback to the prometheus default unless specified
+    # timeout: 30s
+
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    labels: {}
+
+    ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    annotations: {}
+
+    # Retain the job and instance labels of the metrics pushed to the Pushgateway
+    # [Scraping Pushgateway](https://github.com/prometheus/pushgateway#configure-the-pushgateway-as-a-target-to-scrape)
+    honorLabels: true
+
+    ## Metric relabel configs to apply to samples before ingestion.
+    ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+    metricRelabelings: []
+    # - action: keep
+    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+    #   sourceLabels: [__name__]
+
+    ## Relabel configs to apply to samples before ingestion.
+    ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+    relabelings: []
+    # - sourceLabels: [__meta_kubernetes_pod_node_name]
+    #   separator: ;
+    #   regex: ^(.*)$
+    #   targetLabel: nodename
+    #   replacement: $1
+    #   action: replace
+
+    podTargetLabels: []
 
   podDisruptionBudget:
     enabled: false

deployments/kubernetes/kustomization.yaml

@@ -4,7 +4,5 @@ kind: Kustomization
 resources:
   - manifests/clusterrole.yaml
   - manifests/clusterrolebinding.yaml
-  - manifests/role.yaml
-  - manifests/rolebinding.yaml
   - manifests/serviceaccount.yaml
-  - manifests/deployment.yaml
+  - manifests/deployment.yaml

deployments/kubernetes/manifests/clusterrole.yaml

@@ -9,12 +9,11 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role
-  namespace: default
 rules:
   - apiGroups:
       - ""

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -9,12 +9,11 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role-binding
-  namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

deployments/kubernetes/manifests/deployment.yaml

@@ -8,13 +8,13 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.124
+    version: v1.0.16
   name: reloader-reloader
   namespace: default
 spec:
@@ -28,23 +28,21 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.124"
+        chart: "reloader-v1.0.16"
         release: "reloader"
         heritage: "Helm"
         app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.124
+        version: v1.0.16
     spec:
       containers:
-      - image: "stakater/reloader:v0.0.124"
+      - image: "stakater/reloader:v1.0.16"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
 
         ports:
         - name: http
-          containerPort: 9091
-        - name: metrics 
           containerPort: 9090
         livenessProbe:
           httpGet:
@@ -57,11 +55,14 @@ spec:
         readinessProbe:
           httpGet:
             path: /metrics
-            port: metrics
+            port: http
           timeoutSeconds: 5
           failureThreshold: 5
           periodSeconds: 10
           successThreshold: 1
+
+        securityContext:
+          {}
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534

deployments/kubernetes/manifests/podmonitor.yaml

@@ -1,3 +0,0 @@
----
-# Source: reloader/templates/podmonitor.yaml
-

deployments/kubernetes/manifests/role.yaml

@@ -1,4 +0,0 @@
----
-# Source: reloader/templates/role.yaml
-
-

deployments/kubernetes/manifests/rolebinding.yaml

@@ -1,4 +0,0 @@
----
-# Source: reloader/templates/rolebinding.yaml
-
-

deployments/kubernetes/manifests/service.yaml

@@ -1,4 +0,0 @@
----
-# Source: reloader/templates/service.yaml
-
-

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -8,7 +8,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"

deployments/kubernetes/manifests/servicemonitor.yaml

@@ -1,4 +0,0 @@
----
-# Source: reloader/templates/servicemonitor.yaml
-
-

deployments/kubernetes/reloader.yaml

@@ -8,7 +8,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -25,12 +25,11 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role
-  namespace: default
 rules:
   - apiGroups:
       - ""
@@ -80,12 +79,11 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role-binding
-  namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -104,13 +102,13 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.124"
+    chart: "reloader-v1.0.16"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.124
+    version: v1.0.16
   name: reloader-reloader
   namespace: default
 spec:
@@ -124,23 +122,21 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.124"
+        chart: "reloader-v1.0.16"
         release: "reloader"
         heritage: "Helm"
         app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.124
+        version: v1.0.16
     spec:
       containers:
-      - image: "stakater/reloader:v0.0.124"
+      - image: "stakater/reloader:v1.0.16"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
 
         ports:
         - name: http
-          containerPort: 9091
-        - name: metrics 
           containerPort: 9090
         livenessProbe:
           httpGet:
@@ -153,11 +149,14 @@ spec:
         readinessProbe:
           httpGet:
             path: /metrics
-            port: metrics
+            port: http
           timeoutSeconds: 5
           failureThreshold: 5
           periodSeconds: 10
           successThreshold: 1
+
+        securityContext:
+          {}
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534

go.mod

@@ -1,86 +1,79 @@
 module github.com/stakater/Reloader
 
-go 1.18
+go 1.20
 
 require (
-	github.com/argoproj/argo-rollouts v1.2.1
-	github.com/openshift/api v0.0.0-20210527122704-efd9d5958e01
+	github.com/argoproj/argo-rollouts v1.4.1
+	github.com/openshift/api v3.9.0+incompatible
 	github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142
 	github.com/parnurzeal/gorequest v0.2.16
-	github.com/prometheus/client_golang v1.12.2
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.5.0
-	k8s.io/api v0.24.2
-	k8s.io/apimachinery v0.24.2
-	k8s.io/client-go v0.24.2
-	k8s.io/kubectl v0.23.1
+	github.com/prometheus/client_golang v1.14.0
+	github.com/sirupsen/logrus v1.9.0
+	github.com/spf13/cobra v1.6.1
+	k8s.io/api v0.26.3
+	k8s.io/apimachinery v0.26.3
+	k8s.io/client-go v0.26.3
+	k8s.io/kubectl v0.26.3
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/swag v0.21.1 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.36.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.39.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/smartystreets/goconvey v1.7.2 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/net v0.0.0-20220708220712-1185a9018129 // indirect
-	golang.org/x/oauth2 v0.0.0-20220630143837-2104d58473e0 // indirect
-	golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e // indirect
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
+	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog/v2 v2.60.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
-	k8s.io/utils v0.0.0-20220706174534-f6158b442e7c // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230202010329-39b3636cbaa3 // indirect
+	k8s.io/utils v0.0.0-20230202215443-34013725500c // indirect
 	moul.io/http2curl v1.0.0 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
 // Replacements for argo-rollouts
 replace (
 	github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
-	github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
-	k8s.io/api v0.0.0 => k8s.io/api v0.24.2
-	k8s.io/apiextensions-apiserver v0.0.0 => k8s.io/apiextensions-apiserver v0.24.2
-	k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.21.0-alpha.0
-	k8s.io/apiserver v0.0.0 => k8s.io/apiserver v0.24.2
-	k8s.io/cli-runtime v0.0.0 => k8s.io/cli-runtime v0.24.2
-	k8s.io/client-go v0.0.0 => k8s.io/client-go v0.24.2
+	k8s.io/api v0.0.0 => k8s.io/api v0.26.3
+	k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.26.3
+	k8s.io/client-go v0.0.0 => k8s.io/client-go v0.26.3
 	k8s.io/cloud-provider v0.0.0 => k8s.io/cloud-provider v0.24.2
-	k8s.io/cluster-bootstrap v0.0.0 => k8s.io/cluster-bootstrap v0.24.2
-	k8s.io/code-generator v0.0.0 => k8s.io/code-generator v0.20.5-rc.0
-	k8s.io/component-base v0.0.0 => k8s.io/component-base v0.24.2
-	k8s.io/component-helpers v0.0.0 => k8s.io/component-helpers v0.24.2
 	k8s.io/controller-manager v0.0.0 => k8s.io/controller-manager v0.24.2
 	k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.20.5-rc.0
 	k8s.io/csi-translation-lib v0.0.0 => k8s.io/csi-translation-lib v0.24.2
@@ -88,10 +81,9 @@ replace (
 	k8s.io/kube-controller-manager v0.0.0 => k8s.io/kube-controller-manager v0.24.2
 	k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.24.2
 	k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.24.2
-	k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.24.2
+	k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.26.1
 	k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.24.2
 	k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.24.2
-	k8s.io/metrics v0.0.0 => k8s.io/metrics v0.24.2
 	k8s.io/mount-utils v0.0.0 => k8s.io/mount-utils v0.20.5-rc.0
 	k8s.io/sample-apiserver v0.0.0 => k8s.io/sample-apiserver v0.24.2
 	k8s.io/sample-cli-plugin v0.0.0 => k8s.io/sample-cli-plugin v0.24.2

internal/pkg/cmd/reloader.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/http"
 	"os"
 	"strings"
 
@@ -38,10 +39,12 @@ func NewReloaderCommand() *cobra.Command {
 	cmd.PersistentFlags().StringVar(&options.LogFormat, "log-format", "", "Log format to use (empty string for text, or JSON")
 	cmd.PersistentFlags().StringSlice("resources-to-ignore", []string{}, "list of resources to ignore (valid options 'configMaps' or 'secrets')")
 	cmd.PersistentFlags().StringSlice("namespaces-to-ignore", []string{}, "list of namespaces to ignore")
+	cmd.PersistentFlags().StringSlice("namespace-selector", []string{}, "list of key:vaule namespace labels to include")
 	cmd.PersistentFlags().StringVar(&options.IsArgoRollouts, "is-Argo-Rollouts", "false", "Add support for argo rollouts")
 	cmd.PersistentFlags().StringVar(&options.ReloadStrategy, constants.ReloadStrategyFlag, constants.EnvVarsReloadStrategy, "Specifies the desired reload strategy")
 	cmd.PersistentFlags().StringVar(&options.ReloadOnCreate, "reload-on-create", "false", "Add support to watch create events")
 	cmd.PersistentFlags().BoolVar(&options.EnableHA, "enable-ha", false, "Adds support for running multiple replicas via leadership election")
+	cmd.PersistentFlags().BoolVar(&options.SyncAfterRestart, "sync-after-restart", false, "Sync add events after reloader restarts")
 
 	return cmd
 }
@@ -132,6 +135,15 @@ func startReloader(cmd *cobra.Command, args []string) {
 		logrus.Fatal(err)
 	}
 
+	namespaceLabelSelector, err := getNamespaceLabelSelector(cmd)
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	if len(namespaceLabelSelector) > 0 {
+		logrus.Warnf("namespace-selector is set, will detect changes in namespaces with these labels: %s.", namespaceLabelSelector)
+	}
+
 	collectors := metrics.SetupPrometheusEndpoint()
 
 	var controllers []*controller.Controller
@@ -140,7 +152,7 @@ func startReloader(cmd *cobra.Command, args []string) {
 			continue
 		}
 
-		c, err := controller.NewController(clientset, k, currentNamespace, ignoredNamespacesList, collectors)
+		c, err := controller.NewController(clientset, k, currentNamespace, ignoredNamespacesList, namespaceLabelSelector, collectors)
 		if err != nil {
 			logrus.Fatalf("%s", err)
 		}
@@ -167,13 +179,29 @@ func startReloader(cmd *cobra.Command, args []string) {
 		go leadership.RunLeaderElection(lock, ctx, cancel, podName, controllers)
 	}
 
-	logrus.Fatal(leadership.Healthz())
+	leadership.SetupLivenessEndpoint()
+	logrus.Fatal(http.ListenAndServe(constants.DefaultHttpListenAddr, nil))
 }
 
 func getIgnoredNamespacesList(cmd *cobra.Command) (util.List, error) {
 	return getStringSliceFromFlags(cmd, "namespaces-to-ignore")
 }
 
+func getNamespaceLabelSelector(cmd *cobra.Command) (util.Map, error) {
+	slice, err := getStringSliceFromFlags(cmd, "namespace-selector")
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	var namespaceSelectorMap util.Map = make(util.Map)
+	for _, kv := range slice {
+		split := strings.Split(kv, ":")
+		namespaceSelectorMap[split[0]] = split[1]
+	}
+
+	return namespaceSelectorMap, nil
+}
+
 func getStringSliceFromFlags(cmd *cobra.Command, flag string) ([]string, error) {
 	slice, err := cmd.Flags().GetStringSlice(flag)
 	if err != nil {

internal/pkg/constants/constants.go

@@ -1,6 +1,9 @@
 package constants
 
 const (
+	// DefaultHttpListenAddr is the default listening address for global http server
+	DefaultHttpListenAddr = ":9090"
+
 	// ConfigmapEnvVarPostfix is a postfix for configmap envVar
 	ConfigmapEnvVarPostfix = "CONFIGMAP"
 	// SecretEnvVarPostfix is a postfix for secret envVar
@@ -23,7 +26,7 @@ const (
 
 // Leadership election related consts
 const (
-	LockName        string = "stakaer-reloader-lock"
+	LockName        string = "stakater-reloader-lock"
 	PodNameEnv      string = "POD_NAME"
 	PodNamespaceEnv string = "POD_NAMESPACE"
 )

internal/pkg/controller/controller.go

@@ -1,6 +1,7 @@
 package controller
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -11,6 +12,7 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -29,22 +31,32 @@ type Controller struct {
 	queue             workqueue.RateLimitingInterface
 	informer          cache.Controller
 	namespace         string
+	resource          string
 	ignoredNamespaces util.List
 	collectors        metrics.Collectors
 	recorder          record.EventRecorder
+	namespaceSelector map[string]string
 }
 
 // controllerInitialized flag determines whether controlled is being initialized
-var controllerInitialized bool = false
+var secretControllerInitialized bool = false
+var configmapControllerInitialized bool = false
 
 // NewController for initializing a Controller
 func NewController(
-	client kubernetes.Interface, resource string, namespace string, ignoredNamespaces []string, collectors metrics.Collectors) (*Controller, error) {
+	client kubernetes.Interface, resource string, namespace string, ignoredNamespaces []string, namespaceLabelSelector map[string]string, collectors metrics.Collectors) (*Controller, error) {
+
+	if options.SyncAfterRestart {
+		secretControllerInitialized = true
+		configmapControllerInitialized = true
+	}
 
 	c := Controller{
 		client:            client,
 		namespace:         namespace,
 		ignoredNamespaces: ignoredNamespaces,
+		namespaceSelector: namespaceLabelSelector,
+		resource:          resource,
 	}
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{
@@ -73,7 +85,7 @@ func NewController(
 // Add function to add a new object to the queue in case of creating a resource
 func (c *Controller) Add(obj interface{}) {
 	if options.ReloadOnCreate == "true" {
-		if !c.resourceInIgnoredNamespace(obj) && controllerInitialized {
+		if !c.resourceInIgnoredNamespace(obj) && c.resourceInNamespaceSelector(obj) && secretControllerInitialized && configmapControllerInitialized {
 			c.queue.Add(handler.ResourceCreatedHandler{
 				Resource:   obj,
 				Collectors: c.collectors,
@@ -93,9 +105,45 @@ func (c *Controller) resourceInIgnoredNamespace(raw interface{}) bool {
 	return false
 }
 
+func (c *Controller) resourceInNamespaceSelector(raw interface{}) bool {
+	if len(c.namespaceSelector) == 0 {
+		return true
+	}
+
+	switch object := raw.(type) {
+	case *v1.ConfigMap:
+		return c.matchLabels(object.ObjectMeta.Namespace)
+	case *v1.Secret:
+		return c.matchLabels(object.ObjectMeta.Namespace)
+	}
+	return true
+}
+
+func (c *Controller) matchLabels(resourceNamespace string) bool {
+	namespace, err := c.client.CoreV1().Namespaces().Get(context.Background(), resourceNamespace, metav1.GetOptions{})
+	if err != nil {
+		logrus.Warn(err)
+		return false
+	}
+
+	for selectorKey, selectorVal := range c.namespaceSelector {
+
+		namespaceLabelVal, namespaceLabelKeyExists := namespace.ObjectMeta.Labels[selectorKey]
+
+		if namespaceLabelKeyExists && selectorVal == "*" {
+			continue
+		}
+
+		if !namespaceLabelKeyExists || selectorVal != namespaceLabelVal {
+			return false
+		}
+	}
+	return true
+}
+
 // Update function to add an old object and a new object to the queue in case of updating a resource
 func (c *Controller) Update(old interface{}, new interface{}) {
-	if !c.resourceInIgnoredNamespace(new) {
+	if !c.resourceInIgnoredNamespace(new) && c.resourceInNamespaceSelector(new) {
 		c.queue.Add(handler.ResourceUpdatedHandler{
 			Resource:    new,
 			OldResource: old,
@@ -135,7 +183,11 @@ func (c *Controller) Run(threadiness int, stopCh chan struct{}) {
 
 func (c *Controller) runWorker() {
 	// At this point the controller is fully initialized and we can start processing the resources
-	controllerInitialized = true
+	if c.resource == "secrets" {
+		secretControllerInitialized = true
+	} else if c.resource == "configMaps" {
+		configmapControllerInitialized = true
+	}
 
 	for c.processNextItem() {
 	}
@@ -182,5 +234,6 @@ func (c *Controller) handleErr(err error, key interface{}) {
 	c.queue.Forget(key)
 	// Report to an external entity that, even after several retries, we could not successfully process this key
 	runtime.HandleError(err)
-	logrus.Infof("Dropping the key %q out of the queue: %v", key, err)
+	logrus.Errorf("Dropping key out of the queue: %v", err)
+	logrus.Debugf("Dropping the key %q out of the queue: %v", key, err)
 }

internal/pkg/controller/controller_test.go

@@ -1,11 +1,13 @@
 package controller
 
 import (
-	"github.com/stakater/Reloader/internal/pkg/constants"
+	"context"
 	"os"
 	"testing"
 	"time"
 
+	"github.com/stakater/Reloader/internal/pkg/constants"
+
 	"github.com/stakater/Reloader/internal/pkg/metrics"
 
 	"github.com/sirupsen/logrus"
@@ -14,7 +16,10 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/testutil"
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/kubernetes/fake"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"
 )
@@ -40,7 +45,7 @@ func TestMain(m *testing.M) {
 
 	logrus.Infof("Creating controller")
 	for k := range kube.ResourceMap {
-		c, err := NewController(clients.KubernetesClient, k, namespace, []string{}, collectors)
+		c, err := NewController(clients.KubernetesClient, k, namespace, []string{}, map[string]string{}, collectors)
 		if err != nil {
 			logrus.Fatalf("%s", err)
 		}
@@ -2279,3 +2284,143 @@ func TestController_resourceInIgnoredNamespace(t *testing.T) {
 		})
 	}
 }
+
+func TestController_resourceInNamespaceSelector(t *testing.T) {
+	type fields struct {
+		indexer           cache.Indexer
+		queue             workqueue.RateLimitingInterface
+		informer          cache.Controller
+		namespace         v1.Namespace
+		namespaceSelector util.Map
+	}
+	type args struct {
+		raw interface{}
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   bool
+	}{
+		{
+			name: "TestConfigMapResourceInNamespaceSelector",
+			fields: fields{
+				namespaceSelector: util.Map{
+					"select":  "this",
+					"select2": "this2",
+				},
+				namespace: v1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "selected-namespace",
+						Labels: map[string]string{
+							"select":  "this",
+							"select2": "this2",
+						},
+					},
+				},
+			},
+			args: args{
+				raw: testutil.GetConfigmap("selected-namespace", "testcm", "test"),
+			},
+			want: true,
+		}, {
+			name: "TestConfigMapResourceNotInNamespaceSelector",
+			fields: fields{
+				namespaceSelector: util.Map{
+					"select":  "this",
+					"select2": "this2",
+				},
+				namespace: v1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:   "not-selected-namespace",
+						Labels: map[string]string{},
+					},
+				},
+			},
+			args: args{
+				raw: testutil.GetConfigmap("not-selected-namespace", "testcm", "test"),
+			},
+			want: false,
+		},
+		{
+			name: "TestSecretResourceInNamespaceSelector",
+			fields: fields{
+				namespaceSelector: util.Map{
+					"select":  "this",
+					"select2": "this2",
+				},
+				namespace: v1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "selected-namespace",
+						Labels: map[string]string{
+							"select":  "this",
+							"select2": "this2",
+						},
+					},
+				},
+			},
+			args: args{
+				raw: testutil.GetSecret("selected-namespace", "testsecret", "test"),
+			},
+			want: true,
+		}, {
+			name: "TestSecretResourceNotInNamespaceSelector",
+			fields: fields{
+				namespaceSelector: util.Map{
+					"select":  "this",
+					"select2": "this2",
+				},
+				namespace: v1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:   "not-selected-namespace",
+						Labels: map[string]string{},
+					},
+				},
+			},
+			args: args{
+				raw: testutil.GetSecret("not-selected-namespace", "secret", "test"),
+			},
+			want: false,
+		}, {
+			name: "TestSecretResourceInNamespaceSelectorWiledcardValue",
+			fields: fields{
+				namespaceSelector: util.Map{
+					"select": "*",
+				},
+				namespace: v1.Namespace{
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "selected-namespace",
+						Labels: map[string]string{
+							"select": "this",
+						},
+					},
+				},
+			},
+			args: args{
+				raw: testutil.GetSecret("selected-namespace", "secret", "test"),
+			},
+			want: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fakeClient := fake.NewSimpleClientset()
+			namespace, _ := fakeClient.CoreV1().Namespaces().Create(context.Background(), &tt.fields.namespace, metav1.CreateOptions{})
+			logrus.Infof("created fakeClient namesapce for testing = %s", namespace.Name)
+
+			c := &Controller{
+				client:            fakeClient,
+				indexer:           tt.fields.indexer,
+				queue:             tt.fields.queue,
+				informer:          tt.fields.informer,
+				namespace:         tt.fields.namespace.ObjectMeta.Name,
+				namespaceSelector: tt.fields.namespaceSelector,
+			}
+
+			if got := c.resourceInNamespaceSelector(tt.args.raw); got != tt.want {
+				t.Errorf("Controller.resourceInNamespaceSelector() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

internal/pkg/leadership/leadership.go

@@ -15,8 +15,6 @@ import (
 	coordinationv1 "k8s.io/client-go/kubernetes/typed/coordination/v1"
 )
 
-const healthPort string = ":9091"
-
 var (
 	// Used for liveness probe
 	m       sync.Mutex
@@ -88,12 +86,11 @@ func stopControllers(stopChannels []chan struct{}) {
 	}
 }
 
-// Healthz serves the liveness probe endpoint. If leadership election is
+// Healthz sets up the liveness probe endpoint. If leadership election is
 // enabled and a replica stops leading the liveness probe will fail and the
 // kubelet will restart the container.
-func Healthz() error {
+func SetupLivenessEndpoint() {
 	http.HandleFunc("/live", healthz)
-	return http.ListenAndServe(healthPort, nil)
 }
 
 func healthz(w http.ResponseWriter, req *http.Request) {

internal/pkg/leadership/leadership_test.go

@@ -119,7 +119,7 @@ func TestRunLeaderElectionWithControllers(t *testing.T) {
 	t.Logf("Creating controller")
 	var controllers []*controller.Controller
 	for k := range kube.ResourceMap {
-		c, err := controller.NewController(testutil.Clients.KubernetesClient, k, testutil.Namespace, []string{}, metrics.NewCollectors())
+		c, err := controller.NewController(testutil.Clients.KubernetesClient, k, testutil.Namespace, []string{}, map[string]string{}, metrics.NewCollectors())
 		if err != nil {
 			logrus.Fatalf("%s", err)
 		}

internal/pkg/metrics/prometheus.go

@@ -3,7 +3,6 @@ package metrics
 import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"github.com/sirupsen/logrus"
 	"net/http"
 )
 
@@ -33,11 +32,7 @@ func NewCollectors() Collectors {
 func SetupPrometheusEndpoint() Collectors {
 	collectors := NewCollectors()
 	prometheus.MustRegister(collectors.Reloaded)
-
-	go func() {
-		http.Handle("/metrics", promhttp.Handler())
-		logrus.Fatal(http.ListenAndServe(":9090", nil))
-	}()
+	http.Handle("/metrics", promhttp.Handler())
 
 	return collectors
 }

internal/pkg/options/flags.go

@@ -24,7 +24,8 @@ var (
 	// ReloadStrategy Specify the update strategy
 	ReloadStrategy = constants.EnvVarsReloadStrategy
 	// ReloadOnCreate Adds support to watch create events
-	ReloadOnCreate = "false"
+	ReloadOnCreate   = "false"
+	SyncAfterRestart = false
 	// EnableHA adds support for running multiple replicas via leadership election
 	EnableHA = false
 )

internal/pkg/testutil/kube.go

@@ -837,7 +837,6 @@ func DeleteSecret(client kubernetes.Interface, namespace string, secretName stri
 
 // RandSeq generates a random sequence
 func RandSeq(n int) string {
-	rand.Seed(time.Now().UnixNano())
 	b := make([]rune, n)
 	for i := range b {
 		b[i] = letters[rand.Intn(len(letters))]

internal/pkg/util/util.go

@@ -54,6 +54,8 @@ func GetSHAfromSecret(data map[string][]byte) string {
 
 type List []string
 
+type Map map[string]string
+
 func (l *List) Contains(s string) bool {
 	for _, v := range *l {
 		if v == s {

okteto.yml

@@ -1,14 +1,17 @@
-name: reloader-reloader
-image: okteto/golang:1
-command: bash
-securityContext:
-  capabilities:
-    add:
-      - SYS_PTRACE
-volumes:
-  - /go/pkg/
-  - /root/.cache/go-build/
-sync:
-  - .:/app
-forward:
-  - 2345:2345
+dev:
+  reloader-reloader:
+    image: okteto/golang:1
+    command: bash
+    volumes:
+      - /go/pkg/
+      - /root/.cache/go-build/
+    sync:
+      - .:/app
+    forward:
+      - 2345:2345
+    workdir: /app
+    autocreate: true
+    securityContext:
+      capabilities:
+        add:
+          - SYS_PTRACE