Bump Version to v0.0.35

Optionally disable secret checking

.version

@@ -1 +1 @@
-v0.0.24
+v0.0.35

README.md

@@ -95,7 +95,9 @@ spec:
 ```
 
 ### NOTES
-- `reloader.stakater.com/auto: "true"` will always override when use with either `secret.reloader.stakater.com/reload` or `configmap.reloader.stakater.com/reload` annotation.
+- Reloader also supports [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets). [Here](docs/Reloader-with-Sealed-Secrets.md) are the steps to use sealed-secrets with reloader.
+- `reloader.stakater.com/auto: "true"` will only reload the pod, if the configmap or secret is used (as a volume mount or as an env) in `Deployment/Daemonsets/Statefulsets`
+- `secret.reloader.stakater.com/reload` or `configmap.reloader.stakater.com/reload` annotation will reload the pod upon changes in specified configmap or secret, irrespective of the usage of configmap or secret.
 - you may override the auto annotation with the `--auto-annotation` flag
 - you may override the configmap annotation with the `--configmap-annotation` flag
 - you may override the secret annotation with the `--secret-annotation` flag
@@ -114,6 +116,30 @@ kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/depl
 
 By default Reloader gets deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
 
+### Vanilla kustomize
+
+You can also apply the vanilla manifests by running the following command
+```bash
+kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes
+```
+Similarly to vanilla manifests get deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
+
+### Kustomize
+
+You can write your own `kustomization.yaml` using ours as a 'base' and write patches to tweak the configuration.
+
+```yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namePrefix: reloader-
+
+bases:
+  - https://github.com/stakater/Reloader/deployments/kubernetes
+
+namespace: reloader
+```
+
 ### Helm Charts
 
 Alternatively if you have configured helm on your cluster, you can add reloader to helm from our public chart repository and deploy it via helm using below mentioned commands

build/package/Dockerfile.run

@@ -1,4 +1,4 @@
-FROM alpine:3.4
+FROM alpine:3.9
 MAINTAINER "Stakater Team"
 
 RUN apk add --update ca-certificates

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.24
-appVersion: v0.0.24
+version: v0.0.35
+appVersion: v0.0.35
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -25,7 +25,7 @@ heritage: {{ .Release.Service | quote }}
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "serviceAccountName" -}}
+{{- define "reloader-serviceAccountName" -}}
 {{- if .Values.reloader.serviceAccount.create -}}
     {{ default (include "reloader-fullname" .) .Values.reloader.serviceAccount.name }}
 {{- else -}}

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -15,15 +15,18 @@ metadata:
 rules:
   - apiGroups:
       - ""
-    resources:      
+    resources:
+{{- if .Values.reloader.ignoreSecrets }}{{- else }}
       - secrets
+{{- end }}
+{{- if .Values.reloader.ignoreConfigMaps }}{{- else }}
       - configmaps
+{{- end }}
     verbs:
       - list
       - get
       - watch
   - apiGroups:
-      - "extensions"
       - "apps"
     resources:
       - deployments
@@ -34,4 +37,14 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
 {{- end }}

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -18,6 +18,6 @@ roleRef:
   name: {{ template "reloader-name" . }}-role
 subjects:
   - kind: ServiceAccount
-    name: {{ template "serviceAccountName" . }}
+    name: {{ template "reloader-serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
 {{- if .Values.reloader.deployment.annotations }}
@@ -35,6 +35,18 @@ spec:
 {{ toYaml .Values.reloader.matchLabels | indent 8 }}
 {{- end }}
     spec:
+      {{- if .Values.reloader.deployment.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.reloader.deployment.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.affinity }}
+      affinity:
+{{ toYaml .Values.reloader.deployment.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.deployment.tolerations }}
+      tolerations:
+{{ toYaml .Values.reloader.deployment.tolerations | indent 8 }}
+      {{- end }}
       containers:
       - env:
       {{- range $name, $value := .Values.reloader.deployment.env.open }}
@@ -70,6 +82,11 @@ spec:
         image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
         imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
         name: {{ template "reloader-name" . }}
+      {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
+        volumeMounts:
+          - mountPath: /tmp/
+            name: tmp-volume
+      {{- end }}
       {{- if .Values.reloader.custom_annotations }}
         args:
           {{- if .Values.reloader.custom_annotations.configmap }}
@@ -84,5 +101,20 @@ spec:
           - "--auto-annotation"
           - "{{ .Values.reloader.custom_annotations.auto }}"
           {{- end }}
+          {{- if eq .Values.reloader.ignoreSecrets true }}
+          - "--resources-to-ignore=secrets"
+          {{- end }}
+          {{- if eq .Values.reloader.ignoreConfigMaps true }}
+          - "--resources-to-ignore=configMaps"
+          {{- end }}
       {{- end }}
-      serviceAccountName: {{ template "serviceAccountName" . }}
+      {{- if .Values.reloader.deployment.resources }}
+        resources:
+{{ toYaml .Values.reloader.deployment.resources | indent 10 }}
+      {{- end }}
+      serviceAccountName: {{ template "reloader-serviceAccountName" . }}
+    {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
+      volumes:
+        - emptyDir: {}
+          name: tmp-volume
+    {{- end }}

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -15,15 +15,18 @@ metadata:
 rules:
   - apiGroups:
       - ""
-    resources:      
+    resources:
+{{- if .Values.reloader.ignoreSecrets }}{{- else }}
       - secrets
+{{- end }}
+{{- if .Values.reloader.ignoreConfigMaps }}{{- else }}
       - configmaps
+{{- end }}
     verbs:
       - list
       - get
       - watch
   - apiGroups:
-      - "extensions"
       - "apps"
     resources:
       - deployments
@@ -34,4 +37,14 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
 {{- end }}

deployments/kubernetes/chart/reloader/templates/rolebinding.yaml

@@ -18,6 +18,6 @@ roleRef:
   name: {{ template "reloader-name" . }}-role
 subjects:
   - kind: ServiceAccount
-    name: {{ template "serviceAccountName" . }}
+    name: {{ template "reloader-serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -10,5 +10,5 @@ metadata:
 {{- if .Values.reloader.matchLabels }}
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
-  name: {{ template "serviceAccountName" . }}
+  name: {{ template "reloader-serviceAccountName" . }}
 {{- end }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -4,17 +4,43 @@ kubernetes:
   host: https://kubernetes.default
 
 reloader:
+  ignoreSecrets: false
+  ignoreConfigMaps: false
   watchGlobally: true
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
   matchLabels: {}
   deployment:
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    # A list of tolerations to be applied to the Deployment.
+    # Example:
+    #   tolerations:
+    #   - key: "node-role.kubernetes.io/infra-worker"
+    #     operator: "Exists"
+    #     effect: "NoSchedule"
+    tolerations: []
+
     annotations: {}
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v0.0.24
+      version: v0.0.35
     image:
       name: stakater/reloader
-      tag: "v0.0.24"
+      tag: "v0.0.35"
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -24,6 +50,18 @@ reloader:
       secret:
       # field supports Key value pair as environment variables. It gets the values from other fields of pod.
       field:
+
+    # Specify resource requests/limits for the deployment.
+    # Example:
+    # resources:
+    #   limits:
+    #     cpu: "100m"
+    #     memory: "512Mi"
+    #   requests:
+    #     cpu: "10m"
+    #     memory: "128Mi"
+    resources: {}
+
   rbac:
     enabled: true
     labels: {}
@@ -40,4 +78,4 @@ reloader:
   #   custom_annotations:
   #     configmap: "my.company.com/configmap"
   #     secret: "my.company.com/secret"
-  custom_annotations: {} 
+  custom_annotations: {}

deployments/kubernetes/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - manifests/clusterrole.yaml
+  - manifests/clusterrolebinding.yaml
+  - manifests/role.yaml
+  - manifests/rolebinding.yaml
+  - manifests/serviceaccount.yaml
+  - manifests/deployment.yaml

deployments/kubernetes/manifests/clusterrole.yaml

@@ -6,7 +6,7 @@ kind: ClusterRole
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader-role
@@ -14,7 +14,7 @@ metadata:
 rules:
   - apiGroups:
       - ""
-    resources:      
+    resources:
       - secrets
       - configmaps
     verbs:
@@ -22,7 +22,6 @@ rules:
       - get
       - watch
   - apiGroups:
-      - "extensions"
       - "apps"
     resources:
       - deployments
@@ -33,4 +32,14 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
 

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -6,7 +6,7 @@ kind: ClusterRoleBinding
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader-role-binding

deployments/kubernetes/manifests/deployment.yaml

@@ -1,16 +1,16 @@
 ---
 # Source: reloader/templates/deployment.yaml
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.24
+    version: v0.0.35
     
   name: reloader
 spec:
@@ -24,17 +24,17 @@ spec:
     metadata:
       labels:
         app: reloader
-        chart: "reloader-v0.0.24"
+        chart: "reloader-v0.0.35"
         release: "RELEASE-NAME"
         heritage: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.24
+        version: v0.0.35
         
     spec:
       containers:
       - env:
-        image: "stakater/reloader:v0.0.24"
+        image: "stakater/reloader:v0.0.35"
         imagePullPolicy: IfNotPresent
         name: reloader
       serviceAccountName: reloader

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -6,7 +6,7 @@ kind: ServiceAccount
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader

deployments/kubernetes/reloader.yaml

@@ -4,17 +4,17 @@
 
 ---
 # Source: reloader/templates/deployment.yaml
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.24
+    version: v0.0.35
     
   name: reloader
 spec:
@@ -28,17 +28,17 @@ spec:
     metadata:
       labels:
         app: reloader
-        chart: "reloader-v0.0.24"
+        chart: "reloader-v0.0.35"
         release: "RELEASE-NAME"
         heritage: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.24
+        version: v0.0.35
         
     spec:
       containers:
       - env:
-        image: "stakater/reloader:v0.0.24"
+        image: "stakater/reloader:v0.0.35"
         imagePullPolicy: IfNotPresent
         name: reloader
       serviceAccountName: reloader
@@ -51,7 +51,7 @@ kind: ClusterRole
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader-role
@@ -59,7 +59,7 @@ metadata:
 rules:
   - apiGroups:
       - ""
-    resources:      
+    resources:
       - secrets
       - configmaps
     verbs:
@@ -67,7 +67,6 @@ rules:
       - get
       - watch
   - apiGroups:
-      - "extensions"
       - "apps"
     resources:
       - deployments
@@ -78,6 +77,16 @@ rules:
       - get
       - update
       - patch
+  - apiGroups:
+      - "extensions"
+    resources:
+      - deployments
+      - daemonsets
+    verbs:
+      - list
+      - get
+      - update
+      - patch
 
 ---
 # Source: reloader/templates/rolebinding.yaml
@@ -91,7 +100,7 @@ kind: ClusterRoleBinding
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader-role-binding
@@ -113,7 +122,7 @@ kind: ServiceAccount
 metadata:
   labels:
     app: reloader
-    chart: "reloader-v0.0.24"
+    chart: "reloader-v0.0.35"
     release: "RELEASE-NAME"
     heritage: "Tiller"
   name: reloader

deployments/kubernetes/templates/chart/values.yaml.tmpl

@@ -4,9 +4,35 @@ kubernetes:
   host: https://kubernetes.default
 
 reloader:
+  ignoreSecrets: false
+  ignoreConfigMaps: false
   watchGlobally: true
+  # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
+  readOnlyRootFileSystem: false
   matchLabels: {}
   deployment:
+    nodeSelector:
+    # cloud.google.com/gke-nodepool: default-pool
+
+    # An affinity stanza to be applied to the Deployment.
+    # Example:
+    #   affinity:
+    #     nodeAffinity:
+    #       requiredDuringSchedulingIgnoredDuringExecution:
+    #         nodeSelectorTerms:
+    #         - matchExpressions:
+    #           - key: "node-role.kubernetes.io/infra-worker"
+    #             operator: "Exists"
+    affinity: {}
+
+    # A list of tolerations to be applied to the Deployment.
+    # Example:
+    #   tolerations:
+    #   - key: "node-role.kubernetes.io/infra-worker"
+    #     operator: "Exists"
+    #     effect: "NoSchedule"
+    tolerations: []
+
     annotations: {}
     labels:
       provider: stakater
@@ -24,6 +50,18 @@ reloader:
       secret:
       # field supports Key value pair as environment variables. It gets the values from other fields of pod.
       field:
+
+    # Specify resource requests/limits for the deployment.
+    # Example:
+    # resources:
+    #   limits:
+    #     cpu: "100m"
+    #     memory: "512Mi"
+    #   requests:
+    #     cpu: "10m"
+    #     memory: "128Mi"
+    resources: {}
+
   rbac:
     enabled: true
     labels: {}
@@ -40,4 +78,4 @@ reloader:
   #   custom_annotations:
   #     configmap: "my.company.com/configmap"
   #     secret: "my.company.com/secret"
-  custom_annotations: {} 
+  custom_annotations: {}

docs/Reloader-with-Sealed-Secrets.md

@@ -0,0 +1,11 @@
+Below are the steps to use reloader with Sealed Secrets.
+1. Download and install the kubeseal client from [here](https://github.com/bitnami-labs/sealed-secrets).
+2. Install the controller for sealed secrets
+3. Fetch the encryption certificate
+4. Encrypt the secret.
+5. Apply the secret.
+7. Install the tool which uses that sealed secret.
+8. Install Reloader.
+9. Once everything is setup, update the original secret at client and encrypt it with kubeseal to see reloader working.
+10. Apply the updated sealed secret.
+11. Reloader will resatart the pod to use that updated secret.

glide.yaml

@@ -1,11 +1,11 @@
 package: github.com/stakater/Reloader
 import:
 - package: k8s.io/api
-  version: kubernetes-1.8.0
+  version: kubernetes-1.10.0
 - package: k8s.io/apimachinery
-  version: kubernetes-1.8.0
+  version: kubernetes-1.10.0
 - package: k8s.io/client-go
-  version: 5.0.0
+  version: 6.0.0
 - package: github.com/spf13/cobra
   version: 0.0.3
 - package: github.com/spf13/pflag

internal/pkg/callbacks/rolling_upgrade.go

@@ -4,7 +4,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/stakater/Reloader/internal/pkg/util"
 	apps_v1beta1 "k8s.io/api/apps/v1beta1"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/api/extensions/v1beta1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -16,6 +16,9 @@ type ItemsFunc func(kubernetes.Interface, string) []interface{}
 //ContainersFunc is a generic func to return containers
 type ContainersFunc func(interface{}) []v1.Container
 
+//InitContainersFunc is a generic func to return containers
+type InitContainersFunc func(interface{}) []v1.Container
+
 //VolumesFunc is a generic func to return volumes
 type VolumesFunc func(interface{}) []v1.Volume
 
@@ -24,11 +27,12 @@ type UpdateFunc func(kubernetes.Interface, string, interface{}) error
 
 //RollingUpgradeFuncs contains generic functions to perform rolling upgrade
 type RollingUpgradeFuncs struct {
-	ItemsFunc      ItemsFunc
-	ContainersFunc ContainersFunc
-	UpdateFunc     UpdateFunc
-	VolumesFunc    VolumesFunc
-	ResourceType   string
+	ItemsFunc          ItemsFunc
+	ContainersFunc     ContainersFunc
+	InitContainersFunc InitContainersFunc
+	UpdateFunc         UpdateFunc
+	VolumesFunc        VolumesFunc
+	ResourceType       string
 }
 
 // GetDeploymentItems returns the deployments in given namespace
@@ -73,6 +77,21 @@ func GetStatefulsetContainers(item interface{}) []v1.Container {
 	return item.(apps_v1beta1.StatefulSet).Spec.Template.Spec.Containers
 }
 
+// GetDeploymentInitContainers returns the containers of given deployment
+func GetDeploymentInitContainers(item interface{}) []v1.Container {
+	return item.(v1beta1.Deployment).Spec.Template.Spec.InitContainers
+}
+
+// GetDaemonSetInitContainers returns the containers of given daemonset
+func GetDaemonSetInitContainers(item interface{}) []v1.Container {
+	return item.(v1beta1.DaemonSet).Spec.Template.Spec.InitContainers
+}
+
+// GetStatefulsetInitContainers returns the containers of given statefulSet
+func GetStatefulsetInitContainers(item interface{}) []v1.Container {
+	return item.(apps_v1beta1.StatefulSet).Spec.Template.Spec.InitContainers
+}
+
 // UpdateDeployment performs rolling upgrade on deployment
 func UpdateDeployment(client kubernetes.Interface, namespace string, resource interface{}) error {
 	deployment := resource.(v1beta1.Deployment)

internal/pkg/cmd/reloader.go

@@ -7,6 +7,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/stakater/Reloader/internal/pkg/controller"
 	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
 	"k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -23,11 +24,15 @@ func NewReloaderCommand() *cobra.Command {
 	cmd.PersistentFlags().StringVar(&options.ConfigmapUpdateOnChangeAnnotation, "configmap-annotation", "configmap.reloader.stakater.com/reload", "annotation to detect changes in configmaps")
 	cmd.PersistentFlags().StringVar(&options.SecretUpdateOnChangeAnnotation, "secret-annotation", "secret.reloader.stakater.com/reload", "annotation to detect changes in secrets")
 	cmd.PersistentFlags().StringVar(&options.ReloaderAutoAnnotation, "auto-annotation", "reloader.stakater.com/auto", "annotation to detect changes in secrets")
+	cmd.PersistentFlags().StringSlice("resources-to-ignore", []string{}, "list of resources to ignore (valid options 'configMaps' or 'secrets')")
 
 	return cmd
 }
 
 func startReloader(cmd *cobra.Command, args []string) {
+	var ignoreList util.List
+	var err error
+
 	logrus.Info("Starting Reloader")
 	currentNamespace := os.Getenv("KUBERNETES_NAMESPACE")
 	if len(currentNamespace) == 0 {
@@ -41,7 +46,26 @@ func startReloader(cmd *cobra.Command, args []string) {
 		logrus.Fatal(err)
 	}
 
+	ignoreList, err = cmd.Flags().GetStringSlice("resources-to-ignore")
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	for _, v := range ignoreList {
+		if v != "configMaps" && v != "secrets" {
+			logrus.Fatalf("'resources-to-ignore' only accepts 'configMaps' or 'secrets', not '%s'", v)
+		}
+	}
+
+	if len(ignoreList) > 1 {
+		logrus.Fatal("'resources-to-ignore' only accepts 'configMaps' or 'secrets', not both")
+	}
+
 	for k := range kube.ResourceMap {
+		if ignoreList.Contains(k) {
+			continue
+		}
+
 		c, err := controller.NewController(clientset, k, currentNamespace)
 		if err != nil {
 			logrus.Fatalf("%s", err)

internal/pkg/handler/create.go

@@ -17,7 +17,6 @@ func (r ResourceCreatedHandler) Handle() error {
 		logrus.Errorf("Resource creation handler received nil resource")
 	} else {
 		config, _ := r.GetConfig()
-		logrus.Infof("Resource '%s' of type '%s' in namespace '%s' has been created", config.ResourceName, config.Type, config.Namespace)
 		// process resource based on its type
 		doRollingUpgrade(config)
 	}

internal/pkg/handler/update.go

@@ -3,7 +3,7 @@ package handler
 import (
 	"github.com/sirupsen/logrus"
 	"github.com/stakater/Reloader/internal/pkg/util"
-	"k8s.io/api/core/v1"
+    "k8s.io/api/core/v1"
 )
 
 // ResourceUpdatedHandler contains updated objects
@@ -19,7 +19,6 @@ func (r ResourceUpdatedHandler) Handle() error {
 	} else {
 		config, oldSHAData := r.GetConfig()
 		if config.SHAValue != oldSHAData {
-			logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
 			// process resource based on its type
 			doRollingUpgrade(config)
 		}

internal/pkg/handler/upgrade.go

@@ -17,33 +17,36 @@ import (
 // GetDeploymentRollingUpgradeFuncs returns all callback funcs for a deployment
 func GetDeploymentRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDeploymentItems,
-		ContainersFunc: callbacks.GetDeploymentContainers,
-		UpdateFunc:     callbacks.UpdateDeployment,
-		VolumesFunc:    callbacks.GetDeploymentVolumes,
-		ResourceType:   "Deployment",
+		ItemsFunc:          callbacks.GetDeploymentItems,
+		ContainersFunc:     callbacks.GetDeploymentContainers,
+		InitContainersFunc: callbacks.GetDeploymentInitContainers,
+		UpdateFunc:         callbacks.UpdateDeployment,
+		VolumesFunc:        callbacks.GetDeploymentVolumes,
+		ResourceType:       "Deployment",
 	}
 }
 
 // GetDaemonSetRollingUpgradeFuncs returns all callback funcs for a daemonset
 func GetDaemonSetRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetDaemonSetItems,
-		ContainersFunc: callbacks.GetDaemonSetContainers,
-		UpdateFunc:     callbacks.UpdateDaemonSet,
-		VolumesFunc:    callbacks.GetDaemonSetVolumes,
-		ResourceType:   "DaemonSet",
+		ItemsFunc:          callbacks.GetDaemonSetItems,
+		ContainersFunc:     callbacks.GetDaemonSetContainers,
+		InitContainersFunc: callbacks.GetDaemonSetInitContainers,
+		UpdateFunc:         callbacks.UpdateDaemonSet,
+		VolumesFunc:        callbacks.GetDaemonSetVolumes,
+		ResourceType:       "DaemonSet",
 	}
 }
 
 // GetStatefulSetRollingUpgradeFuncs returns all callback funcs for a statefulSet
 func GetStatefulSetRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
-		ItemsFunc:      callbacks.GetStatefulSetItems,
-		ContainersFunc: callbacks.GetStatefulsetContainers,
-		UpdateFunc:     callbacks.UpdateStatefulset,
-		VolumesFunc:    callbacks.GetStatefulsetVolumes,
-		ResourceType:   "StatefulSet",
+		ItemsFunc:          callbacks.GetStatefulSetItems,
+		ContainersFunc:     callbacks.GetStatefulsetContainers,
+		InitContainersFunc: callbacks.GetStatefulsetInitContainers,
+		UpdateFunc:         callbacks.UpdateStatefulset,
+		VolumesFunc:        callbacks.GetStatefulsetVolumes,
+		ResourceType:       "StatefulSet",
 	}
 }
 
@@ -70,35 +73,35 @@ func PerformRollingUpgrade(client kubernetes.Interface, config util.Config, upgr
 	items := upgradeFuncs.ItemsFunc(client, config.Namespace)
 	var err error
 	for _, i := range items {
-		containers := upgradeFuncs.ContainersFunc(i)
-		volumes := upgradeFuncs.VolumesFunc(i)
 		// find correct annotation and update the resource
 		annotationValue := util.ToObjectMeta(i).Annotations[config.Annotation]
 		reloaderEnabledValue := util.ToObjectMeta(i).Annotations[options.ReloaderAutoAnnotation]
-		if len(containers) > 0 {
-			resourceName := util.ToObjectMeta(i).Name
-			result := constants.NotUpdated
-			reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
-			if err == nil && reloaderEnabled {
-				result = updateContainers(volumes, containers, config.ResourceName, config)
-			} else if annotationValue != "" {
-				values := strings.Split(annotationValue, ",")
-				for _, value := range values {
-					if value == config.ResourceName {
-						result = updateContainers(volumes, containers, value, config)
-						if result == constants.Updated {
-							break
-						}
+		result := constants.NotUpdated
+		reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
+		if err == nil && reloaderEnabled {
+			result = updateContainers(upgradeFuncs, i, config, true)
+		}
+
+		if result != constants.Updated && annotationValue != "" {
+			values := strings.Split(annotationValue, ",")
+			for _, value := range values {
+				if value == config.ResourceName {
+					result = updateContainers(upgradeFuncs, i, config, false)
+					if result == constants.Updated {
+						break
 					}
 				}
 			}
-			if result == constants.Updated {
-				err = upgradeFuncs.UpdateFunc(client, config.Namespace, i)
-				if err != nil {
-					logrus.Errorf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
-				} else {
-					logrus.Infof("Updated '%s' of type '%s' in namespace '%s'", resourceName, upgradeFuncs.ResourceType, config.Namespace)
-				}
+		}
+
+		if result == constants.Updated {
+			err = upgradeFuncs.UpdateFunc(client, config.Namespace, i)
+			resourceName := util.ToObjectMeta(i).Name
+			if err != nil {
+				logrus.Errorf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
+			} else {
+				logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
+				logrus.Infof("Updated '%s' of type '%s' in namespace '%s'", resourceName, upgradeFuncs.ResourceType, config.Namespace)
 			}
 		}
 	}
@@ -116,42 +119,11 @@ func getVolumeMountName(volumes []v1.Volume, mountType string, volumeName string
 	return ""
 }
 
-func getContainerToUpdate(volumes []v1.Volume, containers []v1.Container, envarPostfix string, volumeName string) *v1.Container {
-	// Get the volumeMountName to find volumeMount in container
-	if len(volumes) > 0 {
-		volumeMountName := getVolumeMountName(volumes, envarPostfix, volumeName)
-		// Get the container with mounted configmap/secret
-		if volumeMountName != "" {
-			for i := range containers {
-				volumeMounts := containers[i].VolumeMounts
-				for j := range volumeMounts {
-					if volumeMounts[j].Name == volumeMountName {
-						return &containers[i]
-					}
-				}
-			}
-		}
-	}
-
-	// Get the container with referenced secret or configmap as env var
+func getContainerWithVolumeMount(containers []v1.Container, volumeMountName string) *v1.Container {
 	for i := range containers {
-		envs := containers[i].Env
-		for j := range envs {
-			envVarSource := envs[j].ValueFrom
-			if envVarSource != nil {
-				if envVarSource.SecretKeyRef != nil && envVarSource.SecretKeyRef.LocalObjectReference.Name == volumeName {
-					return &containers[i]
-				} else if envVarSource.ConfigMapKeyRef != nil && envVarSource.ConfigMapKeyRef.LocalObjectReference.Name == volumeName {
-					return &containers[i]
-				}
-			}
-		}
-
-		envsFrom := containers[i].EnvFrom
-		for j := range envsFrom {
-			if envsFrom[j].SecretRef != nil && envsFrom[j].SecretRef.LocalObjectReference.Name == volumeName {
-				return &containers[i]
-			} else if envsFrom[j].ConfigMapRef != nil && envsFrom[j].ConfigMapRef.LocalObjectReference.Name == volumeName {
+		volumeMounts := containers[i].VolumeMounts
+		for j := range volumeMounts {
+			if volumeMounts[j].Name == volumeMountName {
 				return &containers[i]
 			}
 		}
@@ -160,17 +132,82 @@ func getContainerToUpdate(volumes []v1.Volume, containers []v1.Container, envarP
 	return nil
 }
 
-func updateContainers(volumes []v1.Volume, containers []v1.Container, annotationValue string, config util.Config) constants.Result {
+func getContainerWithEnvReference(containers []v1.Container, resourceName string, resourceType string) *v1.Container {
+	for i := range containers {
+		envs := containers[i].Env
+		for j := range envs {
+			envVarSource := envs[j].ValueFrom
+			if envVarSource != nil {
+				if resourceType == constants.SecretEnvVarPostfix && envVarSource.SecretKeyRef != nil && envVarSource.SecretKeyRef.LocalObjectReference.Name == resourceName {
+					return &containers[i]
+				} else if resourceType == constants.ConfigmapEnvVarPostfix && envVarSource.ConfigMapKeyRef != nil && envVarSource.ConfigMapKeyRef.LocalObjectReference.Name == resourceName {
+					return &containers[i]
+				}
+			}
+		}
+
+		envsFrom := containers[i].EnvFrom
+		for j := range envsFrom {
+			if resourceType == constants.SecretEnvVarPostfix && envsFrom[j].SecretRef != nil && envsFrom[j].SecretRef.LocalObjectReference.Name == resourceName {
+				return &containers[i]
+			} else if resourceType == constants.ConfigmapEnvVarPostfix && envsFrom[j].ConfigMapRef != nil && envsFrom[j].ConfigMapRef.LocalObjectReference.Name == resourceName {
+				return &containers[i]
+			}
+		}
+	}
+	return nil
+}
+
+func getContainerToUpdate(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) *v1.Container {
+	volumes := upgradeFuncs.VolumesFunc(item)
+	containers := upgradeFuncs.ContainersFunc(item)
+	initContainers := upgradeFuncs.InitContainersFunc(item)
+	var container *v1.Container
+	// Get the volumeMountName to find volumeMount in container
+	volumeMountName := getVolumeMountName(volumes, config.Type, config.ResourceName)
+	// Get the container with mounted configmap/secret
+	if volumeMountName != "" {
+		container = getContainerWithVolumeMount(containers, volumeMountName)
+		if container == nil && len(initContainers) > 0 {
+			container = getContainerWithVolumeMount(initContainers, volumeMountName)
+			if container != nil {
+				// if configmap/secret is being used in init container then return the first Pod container to save reloader env
+				return &containers[0]
+			}
+		} else if container != nil {
+			return container
+		}
+	}
+
+	// Get the container with referenced secret or configmap as env var
+	container = getContainerWithEnvReference(containers, config.ResourceName, config.Type)
+	if container == nil && len(initContainers) > 0 {
+		container = getContainerWithEnvReference(initContainers, config.ResourceName, config.Type)
+		if container != nil {
+			// if configmap/secret is being used in init container then return the first Pod container to save reloader env
+			return &containers[0]
+		}
+	}
+
+	// Get the first container if the annotation is related to specified configmap or secret i.e. configmap.reloader.stakater.com/reload
+	if container == nil && !autoReload {
+		return &containers[0]
+	}
+
+	return container
+}
+
+func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
 	var result constants.Result
-	envar := constants.EnvVarPrefix + util.ConvertToEnvVarName(annotationValue) + "_" + config.Type
-	container := getContainerToUpdate(volumes, containers, config.Type, config.ResourceName)
+	envar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
+	container := getContainerToUpdate(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
 		return constants.NoContainerFound
 	}
 
 	//update if env var exists
-	result = updateEnvVar(containers, envar, config.SHAValue)
+	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envar, config.SHAValue)
 
 	// if no existing env var exists lets create one
 	if result == constants.NoEnvVarFound {

internal/pkg/handler/upgrade_test.go

@@ -14,14 +14,18 @@ import (
 )
 
 var (
-	client                   = testclient.NewSimpleClientset()
-	namespace                = "test-handler-" + testutil.RandSeq(5)
-	configmapName            = "testconfigmap-handler-" + testutil.RandSeq(5)
-	secretName               = "testsecret-handler-" + testutil.RandSeq(5)
-	configmapWithEnvName     = "testconfigmapWithEnv-handler-" + testutil.RandSeq(3)
-	configmapWithEnvFromName = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(3)
-	secretWithEnvName        = "testsecretWithEnv-handler-" + testutil.RandSeq(5)
-	secretWithEnvFromName    = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5)
+	client                     = testclient.NewSimpleClientset()
+	namespace                  = "test-handler-" + testutil.RandSeq(5)
+	configmapName              = "testconfigmap-handler-" + testutil.RandSeq(5)
+	secretName                 = "testsecret-handler-" + testutil.RandSeq(5)
+	configmapWithInitContainer = "testconfigmapInitContainerhandler-" + testutil.RandSeq(3)
+	secretWithInitContainer    = "testsecretWithInitContainer-handler-" + testutil.RandSeq(3)
+	configmapWithInitEnv       = "configmapWithInitEnv-" + testutil.RandSeq(3)
+	secretWithInitEnv          = "secretWithInitEnv-handler-" + testutil.RandSeq(3)
+	configmapWithEnvName       = "testconfigmapWithEnv-handler-" + testutil.RandSeq(3)
+	configmapWithEnvFromName   = "testconfigmapWithEnvFrom-handler-" + testutil.RandSeq(3)
+	secretWithEnvName          = "testsecretWithEnv-handler-" + testutil.RandSeq(5)
+	secretWithEnvFromName      = "testsecretWithEnvFrom-handler-" + testutil.RandSeq(5)
 )
 
 func TestMain(m *testing.M) {
@@ -71,18 +75,64 @@ func setup() {
 		logrus.Errorf("Error in configmap creation: %v", err)
 	}
 
+	// Creating secret
+	_, err = testutil.CreateSecret(client, namespace, secretWithInitEnv, data)
+	if err != nil {
+		logrus.Errorf("Error in secret creation: %v", err)
+	}
+
+	_, err = testutil.CreateConfigMap(client, namespace, configmapWithInitContainer, "www.google.com")
+	if err != nil {
+		logrus.Errorf("Error in configmap creation: %v", err)
+	}
+
 	// Creating secret
 	_, err = testutil.CreateSecret(client, namespace, secretWithEnvFromName, data)
 	if err != nil {
 		logrus.Errorf("Error in secret creation: %v", err)
 	}
 
+	_, err = testutil.CreateConfigMap(client, namespace, configmapWithInitContainer, "www.google.com")
+	if err != nil {
+		logrus.Errorf("Error in configmap creation: %v", err)
+	}
+
+	// Creating secret
+	_, err = testutil.CreateSecret(client, namespace, secretWithInitContainer, data)
+	if err != nil {
+		logrus.Errorf("Error in secret creation: %v", err)
+	}
+
 	// Creating Deployment with configmap
 	_, err = testutil.CreateDeployment(client, configmapName, namespace, true)
 	if err != nil {
 		logrus.Errorf("Error in Deployment with configmap creation: %v", err)
 	}
 
+	// Creating Deployment with configmap mounted in init container
+	_, err = testutil.CreateDeploymentWithInitContainer(client, configmapWithInitContainer, namespace, true)
+	if err != nil {
+		logrus.Errorf("Error in Deployment with configmap creation: %v", err)
+	}
+
+	// Creating Deployment with secret mounted in init container
+	_, err = testutil.CreateDeploymentWithInitContainer(client, secretWithInitContainer, namespace, true)
+	if err != nil {
+		logrus.Errorf("Error in Deployment with secret creation: %v", err)
+	}
+
+	// Creating Deployment with configmap mounted as Env in init container
+	_, err = testutil.CreateDeploymentWithInitContainer(client, configmapWithInitEnv, namespace, false)
+	if err != nil {
+		logrus.Errorf("Error in Deployment with configmap creation: %v", err)
+	}
+
+	// Creating Deployment with secret mounted as Env in init container
+	_, err = testutil.CreateDeploymentWithInitContainer(client, secretWithInitEnv, namespace, false)
+	if err != nil {
+		logrus.Errorf("Error in Deployment with secret creation: %v", err)
+	}
+
 	// Creating Deployment with secret
 	_, err = testutil.CreateDeployment(client, secretName, namespace, true)
 	if err != nil {
@@ -188,6 +238,30 @@ func teardown() {
 		logrus.Errorf("Error while deleting deployment with secret as env var source %v", deploymentError)
 	}
 
+	// Deleting Deployment with configmap mounted in init container
+	deploymentError = testutil.DeleteDeployment(client, namespace, configmapWithInitContainer)
+	if deploymentError != nil {
+		logrus.Errorf("Error while deleting deployment with configmap mounted in init container %v", deploymentError)
+	}
+
+	// Deleting Deployment with secret mounted in init container
+	deploymentError = testutil.DeleteDeployment(client, namespace, secretWithInitContainer)
+	if deploymentError != nil {
+		logrus.Errorf("Error while deleting deployment with secret mounted in init container %v", deploymentError)
+	}
+
+	// Deleting Deployment with configmap mounted as env in init container
+	deploymentError = testutil.DeleteDeployment(client, namespace, configmapWithInitEnv)
+	if deploymentError != nil {
+		logrus.Errorf("Error while deleting deployment with configmap mounted as env in init container %v", deploymentError)
+	}
+
+	// Deleting Deployment with secret mounted as env in init container
+	deploymentError = testutil.DeleteDeployment(client, namespace, secretWithInitEnv)
+	if deploymentError != nil {
+		logrus.Errorf("Error while deleting deployment with secret mounted as env in init container %v", deploymentError)
+	}
+
 	// Deleting Deployment with configmap as envFrom source
 	deploymentError = testutil.DeleteDeployment(client, namespace, configmapWithEnvFromName)
 	if deploymentError != nil {
@@ -272,6 +346,18 @@ func teardown() {
 		logrus.Errorf("Error while deleting the secret used as env var source %v", err)
 	}
 
+	// Deleting Configmap used in init container
+	err = testutil.DeleteConfigMap(client, namespace, configmapWithInitContainer)
+	if err != nil {
+		logrus.Errorf("Error while deleting the configmap used in init container %v", err)
+	}
+
+	// Deleting Secret used in init container
+	err = testutil.DeleteSecret(client, namespace, secretWithInitContainer)
+	if err != nil {
+		logrus.Errorf("Error while deleting the secret used in init container %v", err)
+	}
+
 	// Deleting Configmap used as env var source
 	err = testutil.DeleteConfigMap(client, namespace, configmapWithEnvFromName)
 	if err != nil {
@@ -284,6 +370,18 @@ func teardown() {
 		logrus.Errorf("Error while deleting the secret used as env var source %v", err)
 	}
 
+	// Deleting Configmap used as env var source
+	err = testutil.DeleteConfigMap(client, namespace, configmapWithInitEnv)
+	if err != nil {
+		logrus.Errorf("Error while deleting the configmap used as env var source in init container %v", err)
+	}
+
+	// Deleting Secret used as env var source
+	err = testutil.DeleteSecret(client, namespace, secretWithInitEnv)
+	if err != nil {
+		logrus.Errorf("Error while deleting the secret used as env var source in init container %v", err)
+	}
+
 	// Deleting namespace
 	testutil.DeleteNamespace(namespace, client)
 
@@ -297,7 +395,6 @@ func getConfigWithAnnotations(resourceType string, name string, shaData string,
 		Annotation:   annotation,
 		Type:         resourceType,
 	}
-
 }
 
 func TestRollingUpgradeForDeploymentWithConfigmap(t *testing.T) {
@@ -318,6 +415,24 @@ func TestRollingUpgradeForDeploymentWithConfigmap(t *testing.T) {
 	}
 }
 
+func TestRollingUpgradeForDeploymentWithConfigmapInInitContainer(t *testing.T) {
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapWithInitContainer, "www.stakater.com")
+	config := getConfigWithAnnotations(constants.ConfigmapEnvVarPostfix, configmapWithInitContainer, shaData, options.ConfigmapUpdateOnChangeAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	err := PerformRollingUpgrade(client, config, deploymentFuncs)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for Deployment with Configmap")
+	}
+
+	logrus.Infof("Verifying deployment update")
+	updated := testutil.VerifyResourceUpdate(client, config, constants.ConfigmapEnvVarPostfix, deploymentFuncs)
+	if !updated {
+		t.Errorf("Deployment was not updated")
+	}
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVar(t *testing.T) {
 	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapWithEnvName, "www.stakater.com")
 	config := getConfigWithAnnotations(constants.ConfigmapEnvVarPostfix, configmapWithEnvName, shaData, options.ReloaderAutoAnnotation)
@@ -336,6 +451,24 @@ func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVar(t *testing.T) {
 	}
 }
 
+func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarInInitContainer(t *testing.T) {
+	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapWithInitEnv, "www.stakater.com")
+	config := getConfigWithAnnotations(constants.ConfigmapEnvVarPostfix, configmapWithInitEnv, shaData, options.ReloaderAutoAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	err := PerformRollingUpgrade(client, config, deploymentFuncs)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for Deployment with Configmap used as env var")
+	}
+
+	logrus.Infof("Verifying deployment update")
+	updated := testutil.VerifyResourceUpdate(client, config, constants.ConfigmapEnvVarPostfix, deploymentFuncs)
+	if !updated {
+		t.Errorf("Deployment was not updated")
+	}
+}
+
 func TestRollingUpgradeForDeploymentWithConfigmapAsEnvVarFrom(t *testing.T) {
 	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapWithEnvFromName, "www.stakater.com")
 	config := getConfigWithAnnotations(constants.ConfigmapEnvVarPostfix, configmapWithEnvFromName, shaData, options.ReloaderAutoAnnotation)
@@ -372,6 +505,24 @@ func TestRollingUpgradeForDeploymentWithSecret(t *testing.T) {
 	}
 }
 
+func TestRollingUpgradeForDeploymentWithSecretinInitContainer(t *testing.T) {
+	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretWithInitContainer, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy")
+	config := getConfigWithAnnotations(constants.SecretEnvVarPostfix, secretWithInitContainer, shaData, options.SecretUpdateOnChangeAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	err := PerformRollingUpgrade(client, config, deploymentFuncs)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for Deployment with Secret")
+	}
+
+	logrus.Infof("Verifying deployment update")
+	updated := testutil.VerifyResourceUpdate(client, config, constants.SecretEnvVarPostfix, deploymentFuncs)
+	if !updated {
+		t.Errorf("Deployment was not updated")
+	}
+}
+
 func TestRollingUpgradeForDeploymentWithSecretAsEnvVar(t *testing.T) {
 	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretWithEnvName, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy")
 	config := getConfigWithAnnotations(constants.SecretEnvVarPostfix, secretWithEnvName, shaData, options.ReloaderAutoAnnotation)
@@ -408,6 +559,24 @@ func TestRollingUpgradeForDeploymentWithSecretAsEnvVarFrom(t *testing.T) {
 	}
 }
 
+func TestRollingUpgradeForDeploymentWithSecretAsEnvVarInInitContainer(t *testing.T) {
+	shaData := testutil.ConvertResourceToSHA(testutil.SecretResourceType, namespace, secretWithInitEnv, "dGVzdFVwZGF0ZWRTZWNyZXRFbmNvZGluZ0ZvclJlbG9hZGVy")
+	config := getConfigWithAnnotations(constants.SecretEnvVarPostfix, secretWithInitEnv, shaData, options.ReloaderAutoAnnotation)
+	deploymentFuncs := GetDeploymentRollingUpgradeFuncs()
+
+	err := PerformRollingUpgrade(client, config, deploymentFuncs)
+	time.Sleep(5 * time.Second)
+	if err != nil {
+		t.Errorf("Rolling upgrade failed for Deployment with Secret")
+	}
+
+	logrus.Infof("Verifying deployment update")
+	updated := testutil.VerifyResourceUpdate(client, config, constants.SecretEnvVarPostfix, deploymentFuncs)
+	if !updated {
+		t.Errorf("Deployment was not updated")
+	}
+}
+
 func TestRollingUpgradeForDaemonSetWithConfigmap(t *testing.T) {
 	shaData := testutil.ConvertResourceToSHA(testutil.ConfigmapResourceType, namespace, configmapName, "www.facebook.com")
 	config := getConfigWithAnnotations(constants.ConfigmapEnvVarPostfix, configmapName, shaData, options.ConfigmapUpdateOnChangeAnnotation)

internal/pkg/testutil/kube.go

@@ -78,6 +78,61 @@ func getAnnotations(name string, autoReload bool) map[string]string {
 		options.SecretUpdateOnChangeAnnotation:    name}
 }
 
+func getEnvVarSources(name string) []v1.EnvFromSource {
+	return []v1.EnvFromSource{
+		{
+			ConfigMapRef: &v1.ConfigMapEnvSource{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: name,
+				},
+			},
+		},
+		{
+			SecretRef: &v1.SecretEnvSource{
+				LocalObjectReference: v1.LocalObjectReference{
+					Name: name,
+				},
+			},
+		},
+	}
+}
+
+func getVolumes(name string) []v1.Volume {
+	return []v1.Volume{
+		{
+			Name: "configmap",
+			VolumeSource: v1.VolumeSource{
+				ConfigMap: &v1.ConfigMapVolumeSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: name,
+					},
+				},
+			},
+		},
+		{
+			Name: "secret",
+			VolumeSource: v1.VolumeSource{
+				Secret: &v1.SecretVolumeSource{
+					SecretName: name,
+				},
+			},
+		},
+	}
+}
+
+func getVolumeMounts(name string) []v1.VolumeMount {
+	return []v1.VolumeMount{
+		{
+			MountPath: "etc/config",
+			Name:      "configmap",
+		},
+		{
+			MountPath: "etc/sec",
+			Name:      "secret",
+		},
+	}
+}
+
 func getPodTemplateSpecWithEnvVars(name string) v1.PodTemplateSpec {
 	return v1.PodTemplateSpec{
 		ObjectMeta: metav1.ObjectMeta{
@@ -132,22 +187,7 @@ func getPodTemplateSpecWithEnvVarSources(name string) v1.PodTemplateSpec {
 				{
 					Image: "tutum/hello-world",
 					Name:  name,
-					EnvFrom: []v1.EnvFromSource{
-						{
-							ConfigMapRef: &v1.ConfigMapEnvSource{
-								LocalObjectReference: v1.LocalObjectReference{
-									Name: name,
-								},
-							},
-						},
-						{
-							SecretRef: &v1.SecretEnvSource{
-								LocalObjectReference: v1.LocalObjectReference{
-									Name: name,
-								},
-							},
-						},
-					},
+					EnvFrom: getEnvVarSources(name),
 				},
 			},
 		},
@@ -170,34 +210,65 @@ func getPodTemplateSpecWithVolumes(name string) v1.PodTemplateSpec {
 							Value: "test",
 						},
 					},
-					VolumeMounts: []v1.VolumeMount{
+					VolumeMounts: getVolumeMounts(name),
+				},
+			},
+			Volumes: getVolumes(name),
+		},
+	}
+}
+
+func getPodTemplateSpecWithInitContainer(name string) v1.PodTemplateSpec {
+	return v1.PodTemplateSpec{
+		ObjectMeta: metav1.ObjectMeta{
+			Labels: map[string]string{"secondLabel": "temp"},
+		},
+		Spec: v1.PodSpec{
+			InitContainers: []v1.Container{
+				{
+					Image: "busybox",
+					Name:  "busyBox",
+					VolumeMounts: getVolumeMounts(name),
+				},
+			},
+			Containers: []v1.Container{
+				{
+					Image: "tutum/hello-world",
+					Name:  name,
+					Env: []v1.EnvVar{
 						{
-							MountPath: "etc/config",
-							Name:      "configmap",
-						},
-						{
-							MountPath: "etc/sec",
-							Name:      "secret",
+							Name:  "BUCKET_NAME",
+							Value: "test",
 						},
 					},
 				},
 			},
-			Volumes: []v1.Volume{
+			Volumes: getVolumes(name),
+		},
+	}
+}
+
+func getPodTemplateSpecWithInitContainerAndEnv(name string) v1.PodTemplateSpec {
+	return v1.PodTemplateSpec{
+		ObjectMeta: metav1.ObjectMeta{
+			Labels: map[string]string{"secondLabel": "temp"},
+		},
+		Spec: v1.PodSpec{
+			InitContainers: []v1.Container{
 				{
-					Name: "configmap",
-					VolumeSource: v1.VolumeSource{
-						ConfigMap: &v1.ConfigMapVolumeSource{
-							LocalObjectReference: v1.LocalObjectReference{
-								Name: name,
-							},
-						},
-					},
+					Image: "busybox",
+					Name:  "busyBox",
+					EnvFrom: getEnvVarSources(name),
 				},
+			},
+			Containers: []v1.Container{
 				{
-					Name: "secret",
-					VolumeSource: v1.VolumeSource{
-						Secret: &v1.SecretVolumeSource{
-							SecretName: name,
+					Image: "tutum/hello-world",
+					Name:  name,
+					Env: []v1.EnvVar{
+						{
+							Name:  "BUCKET_NAME",
+							Value: "test",
 						},
 					},
 				},
@@ -221,6 +292,36 @@ func GetDeployment(namespace string, deploymentName string) *v1beta1.Deployment
 	}
 }
 
+// GetDeploymentWithInitContainer provides deployment with init container and volumeMounts
+func GetDeploymentWithInitContainer(namespace string, deploymentName string) *v1beta1.Deployment {
+	replicaset := int32(1)
+	return &v1beta1.Deployment{
+		ObjectMeta: getObjectMeta(namespace, deploymentName, false),
+		Spec: v1beta1.DeploymentSpec{
+			Replicas: &replicaset,
+			Strategy: v1beta1.DeploymentStrategy{
+				Type: v1beta1.RollingUpdateDeploymentStrategyType,
+			},
+			Template: getPodTemplateSpecWithInitContainer(deploymentName),
+		},
+	}
+}
+
+// GetDeploymentWithInitContainerAndEnv provides deployment with init container and EnvSource
+func GetDeploymentWithInitContainerAndEnv(namespace string, deploymentName string) *v1beta1.Deployment {
+	replicaset := int32(1)
+	return &v1beta1.Deployment{
+		ObjectMeta: getObjectMeta(namespace, deploymentName, true),
+		Spec: v1beta1.DeploymentSpec{
+			Replicas: &replicaset,
+			Strategy: v1beta1.DeploymentStrategy{
+				Type: v1beta1.RollingUpdateDeploymentStrategyType,
+			},
+			Template: getPodTemplateSpecWithInitContainerAndEnv(deploymentName),
+		},
+	}
+}
+
 func GetDeploymentWithEnvVars(namespace string, deploymentName string) *v1beta1.Deployment {
 	replicaset := int32(1)
 	return &v1beta1.Deployment{
@@ -412,6 +513,21 @@ func CreateDeployment(client kubernetes.Interface, deploymentName string, namesp
 	return deployment, err
 }
 
+// CreateDeploymentWithInitContainer creates a deployment in given namespace with init container and returns the Deployment
+func CreateDeploymentWithInitContainer(client kubernetes.Interface, deploymentName string, namespace string, volumeMount bool) (*v1beta1.Deployment, error) {
+	logrus.Infof("Creating Deployment")
+	deploymentClient := client.ExtensionsV1beta1().Deployments(namespace)
+	var deploymentObj *v1beta1.Deployment
+	if volumeMount {
+	deploymentObj = GetDeploymentWithInitContainer(namespace, deploymentName)
+	} else {
+		deploymentObj = GetDeploymentWithInitContainerAndEnv(namespace, deploymentName)
+	}
+	deployment, err := deploymentClient.Create(deploymentObj)
+	time.Sleep(10 * time.Second)
+	return deployment, err
+}
+
 // CreateDeploymentWithEnvVarSource creates a deployment in given namespace and returns the Deployment
 func CreateDeploymentWithEnvVarSource(client kubernetes.Interface, deploymentName string, namespace string) (*v1beta1.Deployment, error) {
 	logrus.Infof("Creating Deployment")

internal/pkg/util/util.go

@@ -46,3 +46,14 @@ func GetSHAfromSecret(data map[string][]byte) string {
 	sort.Strings(values)
 	return crypto.GenerateSHA(strings.Join(values, ";"))
 }
+
+type List []string
+
+func (l *List) Contains(s string) bool {
+	for _, v := range *l {
+		if v == s {
+			return true
+		}
+	}
+	return false
+}