Bump Version to v0.0.70

Add okteto manifest to develop Reloader directly on Kubernetes

.VERSION

@@ -1 +1 @@
-version: v0.0.60
+version: v0.0.70

.stignore

@@ -0,0 +1,3 @@
+.git
+Reloader
+__debug_bin

README.md

@@ -232,8 +232,8 @@ File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us a
 
 Join and talk to us on Slack for discussing Reloader
 
-[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater-slack.herokuapp.com/)
-[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater.slack.com/messages/CC5S05S12)
+[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
+[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
 
 ## Contributing
 
@@ -243,6 +243,11 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r
 
 ### Developing
 
+1. Deploy Reloader.
+2. Run `okteto up` to activate your development container.
+3. `make build`.
+4. `./Reloader`
+
 PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
 
 1.  **Fork** the repo on GitHub

build/package/Dockerfile.run

@@ -5,4 +5,7 @@ RUN apk add --update --no-cache ca-certificates
 
 COPY Reloader /bin/Reloader
 
+# On alpine 'nobody' has uid 65534
+USER 65534
+
 ENTRYPOINT ["/bin/Reloader"]

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.60
-appVersion: v0.0.60
+version: v0.0.70
+appVersion: v0.0.70
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -12,9 +12,13 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "reloader-fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+{{- end -}}
 
 {{- define "reloader-labels.chart" -}}
 app: {{ template "reloader-fullname" . }}

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -52,7 +52,11 @@ spec:
 {{ toYaml .Values.reloader.deployment.tolerations | indent 8 }}
       {{- end }}
       containers:
-      - env:
+      - image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
+        imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
+        name: {{ template "reloader-fullname" . }}
+      {{- if or (.Values.reloader.deployment.env.open) (.Values.reloader.deployment.env.secret) (.Values.reloader.deployment.env.field) (eq .Values.reloader.watchGlobally false) }}
+        env:
       {{- range $name, $value := .Values.reloader.deployment.env.open }}
       {{- if not (empty $value) }}
         - name: {{ $name | quote }}
@@ -83,14 +87,13 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
       {{- end }}
-        image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
-        imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
-        name: {{ template "reloader-fullname" . }}
+      {{- end }}
       {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
         volumeMounts:
           - mountPath: /tmp/
             name: tmp-volume
       {{- end }}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (eq .Values.reloader.ignoreConfigMaps true) (.Values.reloader.custom_annotations) }}
         args:
           {{- if .Values.reloader.logFormat }}
           - "--log-format={{ .Values.reloader.logFormat }}"
@@ -116,7 +119,7 @@ spec:
             - "{{ .Values.reloader.custom_annotations.auto }}"
             {{- end }}
           {{- end }}
-
+      {{- end }}
       {{- if .Values.reloader.deployment.resources }}
         resources:
 {{ toYaml .Values.reloader.deployment.resources | indent 10 }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -32,6 +32,10 @@ reloader:
     #             operator: "Exists"
     affinity: {}
 
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
     # A list of tolerations to be applied to the Deployment.
     # Example:
     #   tolerations:
@@ -44,10 +48,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v0.0.60
+      version: v0.0.70
     image:
       name: stakater/reloader
-      tag: "v0.0.60"
+      tag: "v0.0.70"
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:

deployments/kubernetes/manifests/clusterrole.yaml

@@ -6,7 +6,7 @@ kind: ClusterRole
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader-role

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -6,7 +6,7 @@ kind: ClusterRoleBinding
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader-role-binding

deployments/kubernetes/manifests/deployment.yaml

@@ -5,12 +5,12 @@ kind: Deployment
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.60
+    version: v0.0.70
     
   name: reloader-reloader
 spec:
@@ -24,19 +24,21 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.60"
+        chart: "reloader-v0.0.70"
         release: "reloader"
         heritage: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.60
+        version: v0.0.70
         
     spec:
       containers:
-      - env:
-        image: "stakater/reloader:v0.0.60"
+      - image: "stakater/reloader:v0.0.70"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
-        args:
+      securityContext: 
+        runAsNonRoot: true
+        runAsUser: 65534
+        
       serviceAccountName: reloader-reloader
 

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -6,7 +6,7 @@ kind: ServiceAccount
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader

deployments/kubernetes/reloader.yaml

@@ -6,7 +6,7 @@ kind: ClusterRole
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader-role
@@ -51,7 +51,7 @@ kind: ClusterRoleBinding
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader-role-binding
@@ -72,12 +72,12 @@ kind: Deployment
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.60
+    version: v0.0.70
     
   name: reloader-reloader
 spec:
@@ -91,20 +91,22 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.60"
+        chart: "reloader-v0.0.70"
         release: "reloader"
         heritage: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.60
+        version: v0.0.70
         
     spec:
       containers:
-      - env:
-        image: "stakater/reloader:v0.0.60"
+      - image: "stakater/reloader:v0.0.70"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
-        args:
+      securityContext: 
+        runAsNonRoot: true
+        runAsUser: 65534
+        
       serviceAccountName: reloader-reloader
 
 ---
@@ -126,7 +128,7 @@ kind: ServiceAccount
 metadata:
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.70"
     release: "reloader"
     heritage: "Tiller"
   name: reloader-reloader

deployments/kubernetes/templates/chart/values.yaml.tmpl

@@ -32,6 +32,10 @@ reloader:
     #             operator: "Exists"
     affinity: {}
 
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
     # A list of tolerations to be applied to the Deployment.
     # Example:
     #   tolerations:

docs/Reloader-vs-ConfigmapController.md

@@ -8,5 +8,5 @@ Reloader is inspired from [Configmapcontroller](https://github.com/fabric8io/con
 | Reloader can watch both `secrets` and `configmaps`.                                                                                                                                                                                                                                                    | ConfigmapController can only watch changes in `configmaps`. It cannot detect changes in other resources like `secrets`.                                                                                                                                        |
 | Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | ConfigmapController can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
 | Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in configmap controller. It add difficulties for any additional updates in configmap controller and one can not know for sure whether new changes breaks any old functionality or not. |
-| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less pron to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
-| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |
+| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
+| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |

docs/Reloader-with-Sealed-Secrets.md

@@ -8,4 +8,4 @@ Below are the steps to use reloader with Sealed Secrets.
 8. Install Reloader.
 9. Once everything is setup, update the original secret at client and encrypt it with kubeseal to see reloader working.
 10. Apply the updated sealed secret.
-11. Reloader will resatart the pod to use that updated secret.
+11. Reloader will restart the pod to use that updated secret.

docs/features.md

@@ -2,6 +2,6 @@
 
 These are the key features of Reloader:
 
-1. Restart pod in a depoloyment on change in linked/related configmap's or secret's
+1. Restart pod in a deployment on change in linked/related configmap's or secret's
 2. Restart pod in a daemonset on change in linked/related configmap's or secret's
 3. Restart pod in a statefulset on change in linked/related configmap's or secret's

internal/pkg/controller/controller_test.go

@@ -336,7 +336,7 @@ func TestControllerForUpdatingConfigmapShouldUpdateDeployment(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on deployment and create env var upon updating the labels configmap
-func TestControllerUpdatingConfigmapLabelsShouldNotCreateorUpdateEnvInDeployment(t *testing.T) {
+func TestControllerUpdatingConfigmapLabelsShouldNotCreateOrUpdateEnvInDeployment(t *testing.T) {
 	// Creating configmap
 	configmapName := configmapNamePrefix + "-update-" + testutil.RandSeq(5)
 	configmapClient, err := testutil.CreateConfigMap(clients.KubernetesClient, namespace, configmapName, "www.google.com")
@@ -552,7 +552,7 @@ func TestControllerUpdatingSecretShouldUpdateEnvInDeployment(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on pod and create or update a env var upon updating the label in secret
-func TestControllerUpdatingSecretLabelsShouldNotCreateorUpdateEnvInDeployment(t *testing.T) {
+func TestControllerUpdatingSecretLabelsShouldNotCreateOrUpdateEnvInDeployment(t *testing.T) {
 	// Creating secret
 	secretName := secretNamePrefix + "-update-" + testutil.RandSeq(5)
 	secretClient, err := testutil.CreateSecret(clients.KubernetesClient, namespace, secretName, data)
@@ -820,7 +820,7 @@ func TestControllerUpdatingSecretShouldUpdateEnvInDaemonSet(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on pod and create or update a env var upon updating the label in secret
-func TestControllerUpdatingSecretLabelsShouldNotCreateorUpdateEnvInDaemonSet(t *testing.T) {
+func TestControllerUpdatingSecretLabelsShouldNotCreateOrUpdateEnvInDaemonSet(t *testing.T) {
 	// Creating secret
 	secretName := secretNamePrefix + "-update-" + testutil.RandSeq(5)
 	secretClient, err := testutil.CreateSecret(clients.KubernetesClient, namespace, secretName, data)

internal/pkg/handler/update.go

@@ -33,7 +33,7 @@ func (r ResourceUpdatedHandler) GetConfig() (util.Config, string) {
 	var oldSHAData string
 	var config util.Config
 	if _, ok := r.Resource.(*v1.ConfigMap); ok {
-		oldSHAData = util.GetSHAfromConfigmap(r.OldResource.(*v1.ConfigMap).Data)
+		oldSHAData = util.GetSHAfromConfigmap(r.OldResource.(*v1.ConfigMap))
 		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
 	} else if _, ok := r.Resource.(*v1.Secret); ok {
 		oldSHAData = util.GetSHAfromSecret(r.OldResource.(*v1.Secret).Data)

internal/pkg/handler/upgrade.go

@@ -116,6 +116,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		if result != constants.Updated && annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
 			for _, value := range values {
+				value = strings.Trim(value, " ")
 				if value == config.ResourceName {
 					result = updateContainers(upgradeFuncs, i, config, false)
 					if result == constants.Updated {
@@ -260,7 +261,7 @@ func getContainerToUpdate(upgradeFuncs callbacks.RollingUpgradeFuncs, item inter
 
 func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
 	var result constants.Result
-	envar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
+	envVar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
 	container := getContainerToUpdate(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
@@ -268,12 +269,12 @@ func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface
 	}
 
 	//update if env var exists
-	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envar, config.SHAValue)
+	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envVar, config.SHAValue)
 
 	// if no existing env var exists lets create one
 	if result == constants.NoEnvVarFound {
 		e := v1.EnvVar{
-			Name:  envar,
+			Name:  envVar,
 			Value: config.SHAValue,
 		}
 		container.Env = append(container.Env, e)
@@ -282,11 +283,11 @@ func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface
 	return result
 }
 
-func updateEnvVar(containers []v1.Container, envar string, shaData string) constants.Result {
+func updateEnvVar(containers []v1.Container, envVar string, shaData string) constants.Result {
 	for i := range containers {
 		envs := containers[i].Env
 		for j := range envs {
-			if envs[j].Name == envar {
+			if envs[j].Name == envVar {
 				if envs[j].Value != shaData {
 					envs[j].Value = shaData
 					return constants.Updated

internal/pkg/testutil/kube.go

@@ -97,7 +97,7 @@ func getVolumes(name string) []v1.Volume {
 			VolumeSource: v1.VolumeSource{
 				Projected: &v1.ProjectedVolumeSource{
 					Sources: []v1.VolumeProjection{
-						v1.VolumeProjection{
+						{
 							ConfigMap: &v1.ConfigMapProjection{
 								LocalObjectReference: v1.LocalObjectReference{
 									Name: name,
@@ -113,7 +113,7 @@ func getVolumes(name string) []v1.Volume {
 			VolumeSource: v1.VolumeSource{
 				Projected: &v1.ProjectedVolumeSource{
 					Sources: []v1.VolumeProjection{
-						v1.VolumeProjection{
+						{
 							Secret: &v1.SecretProjection{
 								LocalObjectReference: v1.LocalObjectReference{
 									Name: name,
@@ -563,11 +563,11 @@ func GetSecretWithUpdatedLabel(namespace string, secretName string, label string
 }
 
 // GetResourceSHA returns the SHA value of given environment variable
-func GetResourceSHA(containers []v1.Container, envar string) string {
+func GetResourceSHA(containers []v1.Container, envVar string) string {
 	for i := range containers {
 		envs := containers[i].Env
 		for j := range envs {
-			if envs[j].Name == envar {
+			if envs[j].Name == envVar {
 				return envs[j].Value
 			}
 		}
@@ -610,6 +610,7 @@ func CreateSecret(client kubernetes.Interface, namespace string, secretName stri
 	time.Sleep(3 * time.Second)
 	return secretClient, err
 }
+
 // CreateDeployment creates a deployment in given namespace and returns the Deployment
 func CreateDeployment(client kubernetes.Interface, deploymentName string, namespace string, volumeMount bool) (*appsv1.Deployment, error) {
 	logrus.Infof("Creating Deployment")
@@ -820,6 +821,7 @@ func VerifyResourceUpdate(clients kube.Clients, config util.Config, envVarPostfi
 		} else if annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
 			for _, value := range values {
+				value = strings.Trim(value, " ")
 				if value == config.ResourceName {
 					matches = true
 					break

internal/pkg/util/config.go

@@ -23,7 +23,7 @@ func GetConfigmapConfig(configmap *v1.ConfigMap) Config {
 		ResourceName:        configmap.Name,
 		ResourceAnnotations: configmap.Annotations,
 		Annotation:          options.ConfigmapUpdateOnChangeAnnotation,
-		SHAValue:            GetSHAfromConfigmap(configmap.Data),
+		SHAValue:            GetSHAfromConfigmap(configmap),
 		Type:                constants.ConfigmapEnvVarPostfix,
 	}
 }

internal/pkg/util/util.go

@@ -2,10 +2,12 @@ package util
 
 import (
 	"bytes"
+	"encoding/base64"
 	"sort"
 	"strings"
 
 	"github.com/stakater/Reloader/internal/pkg/crypto"
+	v1 "k8s.io/api/core/v1"
 )
 
 // ConvertToEnvVarName converts the given text into a usable env var
@@ -29,11 +31,14 @@ func ConvertToEnvVarName(text string) string {
 	return buffer.String()
 }
 
-func GetSHAfromConfigmap(data map[string]string) string {
+func GetSHAfromConfigmap(configmap *v1.ConfigMap) string {
 	values := []string{}
-	for k, v := range data {
+	for k, v := range configmap.Data {
 		values = append(values, k+"="+v)
 	}
+	for k, v := range configmap.BinaryData {
+		values = append(values, k+"="+base64.StdEncoding.EncodeToString(v))
+	}
 	sort.Strings(values)
 	return crypto.GenerateSHA(strings.Join(values, ";"))
 }

internal/pkg/util/util_test.go

@@ -2,6 +2,8 @@ package util
 
 import (
 	"testing"
+
+	v1 "k8s.io/api/core/v1"
 )
 
 func TestConvertToEnvVarName(t *testing.T) {
@@ -11,3 +13,35 @@ func TestConvertToEnvVarName(t *testing.T) {
 		t.Errorf("Failed to convert data into environment variable")
 	}
 }
+
+func TestGetHashFromConfigMap(t *testing.T) {
+	data := map[*v1.ConfigMap]string{
+		{
+			Data: map[string]string{"test": "test"},
+		}: "Only Data",
+		{
+			Data:       map[string]string{"test": "test"},
+			BinaryData: map[string][]byte{"bintest": []byte("test")},
+		}: "Both Data and BinaryData",
+		{
+			BinaryData: map[string][]byte{"bintest": []byte("test")},
+		}: "Only BinaryData",
+	}
+	converted := map[string]string{}
+	for cm, cmName := range data {
+		converted[cmName] = GetSHAfromConfigmap(cm)
+	}
+
+	// Test that the has for each configmap is really unique
+	for cmName, cmHash := range converted {
+		count := 0
+		for _, cmHash2 := range converted {
+			if cmHash == cmHash2 {
+				count++
+			}
+		}
+		if count > 1 {
+			t.Errorf("Found duplicate hashes for %v", cmName)
+		}
+	}
+}

okteto.yml

@@ -0,0 +1,14 @@
+name: reloader-reloader
+image: okteto/golang:1
+command: bash
+securityContext:
+  capabilities:
+    add:
+      - SYS_PTRACE
+volumes:
+  - /go/pkg/
+  - /root/.cache/go-build/
+sync:
+  - .:/app
+forward:
+  - 2345:2345

pkg/kube/client.go

@@ -78,7 +78,6 @@ func GetKubernetesClient() (*kubernetes.Clientset, error) {
 
 func getConfig() (*rest.Config, error) {
 	var config *rest.Config
-	var err error
 	kubeconfigPath := os.Getenv("KUBECONFIG")
 	if kubeconfigPath == "" {
 		kubeconfigPath = os.Getenv("HOME") + "/.kube/config"
@@ -95,9 +94,6 @@ func getConfig() (*rest.Config, error) {
 			return nil, err
 		}
 	}
-	if err != nil {
-		return nil, err
-	}
 
 	return config, nil
 }