Bump Version to v0.0.74

add metrics endpoints to kubernetes specs

.VERSION

@@ -1 +1 @@
-version: v0.0.60
+version: v0.0.74

.stignore

@@ -0,0 +1,3 @@
+.git
+Reloader
+__debug_bin

README.md

@@ -22,6 +22,7 @@ Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades o
 ## Compatibility
 
 Reloader is compatible with kubernetes >= 1.9
+The `apiVersion: rbac.authorization.k8s.io/v1beta1` is depreciated since kubernetes = 1.17. To run it with older versions, please use the chart parameter `reloader.legacy.rbac=true`
 
 ## How to use Reloader
 
@@ -191,20 +192,26 @@ namespace: reloader
 
 ### Helm Charts
 
-Alternatively if you have configured helm on your cluster, you can add reloader to helm from our public chart repository and deploy it via helm using below mentioned commands
+Alternatively if you have configured helm on your cluster, you can add reloader to helm from our public chart repository and deploy it via helm using below mentioned commands. Follow [this](docs/Helm2-to-Helm3.md) guide, in case you have trouble migrating reloader from Helm2 to Helm3
 
 ```bash
 helm repo add stakater https://stakater.github.io/stakater-charts
 
 helm repo update
 
-helm install stakater/reloader
+helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+```
+
+**Note:** The latest verion of reloader is using `apiVersion: rbac.authorization.k8s.io/v1` for rbac. The `apiVersion: rbac.authorization.k8s.io/v1beta1` is depreciated since kubernetes = 1.17. To run it with older versions, please use below command.
+
+```bash
+helm install stakater/reloader --set reloader.legacy.rbac=true # For helm3 add --generate-name flag or set the release name
 ```
 
 **Note:** By default reloader watches in all namespaces. To watch in single namespace, please run following command. It will install reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` and `Statefulsets` in `test` namespace.
 
 ```bash
-helm install stakater/reloader --set reloader.watchGlobally=false --namespace test
+helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name
 ```
 
 Reloader can be configured to ignore the resources `secrets` and `configmaps` by using the following parameters of `values.yaml` file:
@@ -232,8 +239,8 @@ File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us a
 
 Join and talk to us on Slack for discussing Reloader
 
-[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater-slack.herokuapp.com/)
-[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater.slack.com/messages/CC5S05S12)
+[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
+[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
 
 ## Contributing
 
@@ -243,6 +250,11 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r
 
 ### Developing
 
+1. Deploy Reloader.
+2. Run `okteto up` to activate your development container.
+3. `make build`.
+4. `./Reloader`
+
 PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
 
 1.  **Fork** the repo on GitHub

build/package/Dockerfile.run

@@ -5,4 +5,10 @@ RUN apk add --update --no-cache ca-certificates
 
 COPY Reloader /bin/Reloader
 
+# On alpine 'nobody' has uid 65534
+USER 65534
+
+# Port for metrics and probes
+EXPOSE 9090
+
 ENTRYPOINT ["/bin/Reloader"]

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.60
-appVersion: v0.0.60
+version: v0.0.74
+appVersion: v0.0.74
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -12,15 +12,20 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "reloader-fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+{{- end -}}
 
 {{- define "reloader-labels.chart" -}}
 app: {{ template "reloader-fullname" . }}
 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
 release: {{ .Release.Name | quote }}
 heritage: {{ .Release.Service | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 {{- end -}}
 
 {{/*
@@ -33,3 +38,11 @@ Create the name of the service account to use
     {{ default "default" .Values.reloader.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create the annotations to support helm3
+*/}}
+{{- define "reloader-helm3.annotations" -}}
+meta.helm.sh/release-namespace: {{ .Release.Namespace | quote }}
+meta.helm.sh/release-name: {{ .Release.Name | quote }}
+{{- end -}}

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -1,7 +1,13 @@
 {{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }}
+{{- if and .Values.reloader.legacy.rbac }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- end }}
 kind: ClusterRole
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -1,7 +1,13 @@
 {{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }}
+{{- if and .Values.reloader.legacy.rbac }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- end }}
 kind: ClusterRoleBinding
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -1,8 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-{{- if .Values.reloader.deployment.annotations }}
   annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+{{- if .Values.reloader.deployment.annotations }}
 {{ toYaml .Values.reloader.deployment.annotations | indent 4 }}
 {{- end }}
   labels:
@@ -52,7 +53,11 @@ spec:
 {{ toYaml .Values.reloader.deployment.tolerations | indent 8 }}
       {{- end }}
       containers:
-      - env:
+      - image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
+        imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
+        name: {{ template "reloader-fullname" . }}
+      {{- if or (.Values.reloader.deployment.env.open) (.Values.reloader.deployment.env.secret) (.Values.reloader.deployment.env.field) (eq .Values.reloader.watchGlobally false) }}
+        env:
       {{- range $name, $value := .Values.reloader.deployment.env.open }}
       {{- if not (empty $value) }}
         - name: {{ $name | quote }}
@@ -83,14 +88,26 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
       {{- end }}
-        image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
-        imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
-        name: {{ template "reloader-fullname" . }}
+      {{- end }}
+
+        ports:
+        - name: http
+          containerPort: 9090
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+
       {{- if eq .Values.reloader.readOnlyRootFileSystem true }}
         volumeMounts:
           - mountPath: /tmp/
             name: tmp-volume
       {{- end }}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) }}
         args:
           {{- if .Values.reloader.logFormat }}
           - "--log-format={{ .Values.reloader.logFormat }}"
@@ -98,9 +115,12 @@ spec:
           {{- if .Values.reloader.ignoreSecrets }}
           - "--resources-to-ignore=secrets"
           {{- end }}
-          {{- if eq .Values.reloader.ignoreConfigMaps true }}
+          {{- if .Values.reloader.ignoreConfigMaps }}
           - "--resources-to-ignore=configMaps"
           {{- end }}
+          {{- if .Values.reloader.ignoreNamespaces }}
+          - "--namespaces-to-ignore={{ .Values.reloader.ignoreNamespaces }}"
+          {{- end }}
 
           {{- if .Values.reloader.custom_annotations }}
             {{- if .Values.reloader.custom_annotations.configmap }}
@@ -116,7 +136,7 @@ spec:
             - "{{ .Values.reloader.custom_annotations.auto }}"
             {{- end }}
           {{- end }}
-
+      {{- end }}
       {{- if .Values.reloader.deployment.resources }}
         resources:
 {{ toYaml .Values.reloader.deployment.resources | indent 10 }}

deployments/kubernetes/chart/reloader/templates/role.yaml

@@ -1,7 +1,13 @@
 {{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
+{{- if and .Values.reloader.legacy.rbac }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- end }}
 kind: Role
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}

deployments/kubernetes/chart/reloader/templates/rolebinding.yaml

@@ -1,7 +1,13 @@
 {{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }}
+{{- if and .Values.reloader.legacy.rbac }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
+{{ else }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- end }}
 kind: RoleBinding
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
   labels: 
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.rbac.labels }}

deployments/kubernetes/chart/reloader/templates/service.yaml

@@ -2,8 +2,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-{{- if .Values.reloader.service.annotations }}
   annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
+{{- if .Values.reloader.service.annotations }}
 {{ toYaml .Values.reloader.service.annotations | indent 4 }}
 {{- end }}
   labels:
@@ -21,5 +22,8 @@ spec:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   ports:
-{{ toYaml .Values.reloader.service.ports | indent 4 }}
-{{- end }}
+  - port: {{ .Values.reloader.service.port }}
+    name: http
+    protocol: TCP
+    targetPort: http
+{{- end }}

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -5,6 +5,8 @@ kind: ServiceAccount
 imagePullSecrets: {{ toYaml .Values.global.imagePullSecrets | nindent 2 }}
 {{- end }}
 metadata:
+  annotations:
+{{ include "reloader-helm3.annotations" . | indent 4 }}
   labels:
 {{ include "reloader-labels.chart" . | indent 4 }}
 {{- if .Values.reloader.serviceAccount.labels }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -12,10 +12,13 @@ reloader:
   isOpenshift: false
   ignoreSecrets: false
   ignoreConfigMaps: false
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
   logFormat: "" #json
   watchGlobally: true
   # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
   readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
   matchLabels: {}
   deployment:
     nodeSelector:
@@ -32,6 +35,10 @@ reloader:
     #             operator: "Exists"
     affinity: {}
 
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
     # A list of tolerations to be applied to the Deployment.
     # Example:
     #   tolerations:
@@ -44,10 +51,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v0.0.60
+      version: v0.0.74
     image:
       name: stakater/reloader
-      tag: "v0.0.60"
+      tag: "v0.0.74"
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:

deployments/kubernetes/manifests/clusterrole.yaml

@@ -1,14 +1,18 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader-role
   namespace: default
 rules:

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -1,14 +1,18 @@
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader-role-binding
   namespace: default
 roleRef:

deployments/kubernetes/manifests/deployment.yaml

@@ -3,14 +3,18 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.60
+    version: v0.0.74
     
   name: reloader-reloader
 spec:
@@ -24,19 +28,34 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.60"
+        chart: "reloader-v0.0.74"
         release: "reloader"
         heritage: "Tiller"
+        app.kubernetes.io/managed-by: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.60
+        version: v0.0.74
         
     spec:
       containers:
-      - env:
-        image: "stakater/reloader:v0.0.60"
+      - image: "stakater/reloader:v0.0.74"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
-        args:
+
+        ports:
+        - name: http
+          containerPort: 9090
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+      securityContext: 
+        runAsNonRoot: true
+        runAsUser: 65534
+        
       serviceAccountName: reloader-reloader
 

deployments/kubernetes/manifests/service.yaml

@@ -1,3 +1,4 @@
 ---
 # Source: reloader/templates/service.yaml
 
+

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -4,10 +4,14 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader
 

deployments/kubernetes/reloader.yaml

@@ -1,14 +1,18 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader-role
   namespace: default
 rules:
@@ -46,14 +50,18 @@ rules:
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader-role-binding
   namespace: default
 roleRef:
@@ -70,14 +78,18 @@ subjects:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.60
+    version: v0.0.74
     
   name: reloader-reloader
 spec:
@@ -91,20 +103,35 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.60"
+        chart: "reloader-v0.0.74"
         release: "reloader"
         heritage: "Tiller"
+        app.kubernetes.io/managed-by: "Tiller"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.60
+        version: v0.0.74
         
     spec:
       containers:
-      - env:
-        image: "stakater/reloader:v0.0.60"
+      - image: "stakater/reloader:v0.0.74"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
-        args:
+
+        ports:
+        - name: http
+          containerPort: 9090
+        livenessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+        readinessProbe:
+          httpGet:
+            path: /metrics
+            port: http
+      securityContext: 
+        runAsNonRoot: true
+        runAsUser: 65534
+        
       serviceAccountName: reloader-reloader
 
 ---
@@ -118,16 +145,21 @@ spec:
 ---
 # Source: reloader/templates/service.yaml
 
+
 ---
 # Source: reloader/templates/serviceaccount.yaml
 
 apiVersion: v1
 kind: ServiceAccount
 metadata:
+  annotations:
+    meta.helm.sh/release-namespace: "default"
+    meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.60"
+    chart: "reloader-v0.0.74"
     release: "reloader"
     heritage: "Tiller"
+    app.kubernetes.io/managed-by: "Tiller"
   name: reloader-reloader
 

deployments/kubernetes/templates/chart/values.yaml.tmpl

@@ -12,10 +12,13 @@ reloader:
   isOpenshift: false
   ignoreSecrets: false
   ignoreConfigMaps: false
+  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
   logFormat: "" #json
   watchGlobally: true
   # Set to true if you have a pod security policy that enforces readOnlyRootFilesystem
   readOnlyRootFileSystem: false
+  legacy:
+    rbac: false
   matchLabels: {}
   deployment:
     nodeSelector:
@@ -32,6 +35,10 @@ reloader:
     #             operator: "Exists"
     affinity: {}
 
+    securityContext:
+      runAsNonRoot: true
+      runAsUser: 65534
+
     # A list of tolerations to be applied to the Deployment.
     # Example:
     #   tolerations:

docs/Helm2-to-Helm3.md

@@ -0,0 +1,62 @@
+# Helm2 to Helm3 Migration
+
+Follow below mentioned instructions to migrate reloader from Helm2 to Helm3
+
+## Instrcutions:
+
+There are 3 steps involved in migrating the reloader from Helm2 to Helm3.
+
+### Step 1:
+Install the helm-2to3 plugin
+
+```bash
+helm3 plugin install https://github.com/helm/helm-2to3
+
+helm3 2to3 convert <release-name>
+
+helm3 2to3 cleanup --release-cleanup --skip-confirmation
+```
+
+### Step 2:
+Add the following Helm3 labels and annotations on reloader resources.
+
+Label:
+
+```yaml
+app.kubernetes.io/managed-by=Helm
+```
+Annotations:
+```yaml
+meta.helm.sh/release-name=<release-name>
+meta.helm.sh/release-namespace=<namespace>
+```
+
+For example, to label and annotate the ClusterRoleBinding and ClusterRole:
+
+```bash
+KIND=ClusterRoleBinding
+NAME=reloader-reloader-role-binding
+RELEASE=reloader
+NAMESPACE=kube-system
+kubectl annotate $KIND $NAME meta.helm.sh/release-name=$RELEASE
+kubectl annotate $KIND $NAME meta.helm.sh/release-namespace=$NAMESPACE
+kubectl label $KIND $NAME app.kubernetes.io/managed-by=Helm
+
+KIND=ClusterRole
+NAME=reloader-reloader-role
+RELEASE=reloader
+NAMESPACE=kube-system
+kubectl annotate $KIND $NAME meta.helm.sh/release-name=$RELEASE
+kubectl annotate $KIND $NAME meta.helm.sh/release-namespace=$NAMESPACE
+kubectl label $KIND $NAME app.kubernetes.io/managed-by=Helm
+```
+
+### Step 3:
+Upgrade to desired version
+```bash
+helm3 repo add stakater https://stakater.github.io/stakater-charts
+
+helm3 repo update
+
+helm3 upgrade <release-name> stakater/reloader --version=v0.0.72
+```

docs/Reloader-vs-ConfigmapController.md

@@ -8,5 +8,5 @@ Reloader is inspired from [Configmapcontroller](https://github.com/fabric8io/con
 | Reloader can watch both `secrets` and `configmaps`.                                                                                                                                                                                                                                                    | ConfigmapController can only watch changes in `configmaps`. It cannot detect changes in other resources like `secrets`.                                                                                                                                        |
 | Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | ConfigmapController can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
 | Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in configmap controller. It add difficulties for any additional updates in configmap controller and one can not know for sure whether new changes breaks any old functionality or not. |
-| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less pron to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
-| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |
+| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
+| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |

docs/Reloader-with-Sealed-Secrets.md

@@ -8,4 +8,4 @@ Below are the steps to use reloader with Sealed Secrets.
 8. Install Reloader.
 9. Once everything is setup, update the original secret at client and encrypt it with kubeseal to see reloader working.
 10. Apply the updated sealed secret.
-11. Reloader will resatart the pod to use that updated secret.
+11. Reloader will restart the pod to use that updated secret.

docs/features.md

@@ -2,6 +2,6 @@
 
 These are the key features of Reloader:
 
-1. Restart pod in a depoloyment on change in linked/related configmap's or secret's
+1. Restart pod in a deployment on change in linked/related configmap's or secret's
 2. Restart pod in a daemonset on change in linked/related configmap's or secret's
 3. Restart pod in a statefulset on change in linked/related configmap's or secret's

internal/pkg/controller/controller_test.go

@@ -336,7 +336,7 @@ func TestControllerForUpdatingConfigmapShouldUpdateDeployment(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on deployment and create env var upon updating the labels configmap
-func TestControllerUpdatingConfigmapLabelsShouldNotCreateorUpdateEnvInDeployment(t *testing.T) {
+func TestControllerUpdatingConfigmapLabelsShouldNotCreateOrUpdateEnvInDeployment(t *testing.T) {
 	// Creating configmap
 	configmapName := configmapNamePrefix + "-update-" + testutil.RandSeq(5)
 	configmapClient, err := testutil.CreateConfigMap(clients.KubernetesClient, namespace, configmapName, "www.google.com")
@@ -552,7 +552,7 @@ func TestControllerUpdatingSecretShouldUpdateEnvInDeployment(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on pod and create or update a env var upon updating the label in secret
-func TestControllerUpdatingSecretLabelsShouldNotCreateorUpdateEnvInDeployment(t *testing.T) {
+func TestControllerUpdatingSecretLabelsShouldNotCreateOrUpdateEnvInDeployment(t *testing.T) {
 	// Creating secret
 	secretName := secretNamePrefix + "-update-" + testutil.RandSeq(5)
 	secretClient, err := testutil.CreateSecret(clients.KubernetesClient, namespace, secretName, data)
@@ -820,7 +820,7 @@ func TestControllerUpdatingSecretShouldUpdateEnvInDaemonSet(t *testing.T) {
 }
 
 // Do not Perform rolling upgrade on pod and create or update a env var upon updating the label in secret
-func TestControllerUpdatingSecretLabelsShouldNotCreateorUpdateEnvInDaemonSet(t *testing.T) {
+func TestControllerUpdatingSecretLabelsShouldNotCreateOrUpdateEnvInDaemonSet(t *testing.T) {
 	// Creating secret
 	secretName := secretNamePrefix + "-update-" + testutil.RandSeq(5)
 	secretClient, err := testutil.CreateSecret(clients.KubernetesClient, namespace, secretName, data)

internal/pkg/handler/update.go

@@ -33,7 +33,7 @@ func (r ResourceUpdatedHandler) GetConfig() (util.Config, string) {
 	var oldSHAData string
 	var config util.Config
 	if _, ok := r.Resource.(*v1.ConfigMap); ok {
-		oldSHAData = util.GetSHAfromConfigmap(r.OldResource.(*v1.ConfigMap).Data)
+		oldSHAData = util.GetSHAfromConfigmap(r.OldResource.(*v1.ConfigMap))
 		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
 	} else if _, ok := r.Resource.(*v1.Secret); ok {
 		oldSHAData = util.GetSHAfromSecret(r.OldResource.(*v1.Secret).Data)

internal/pkg/handler/upgrade.go

@@ -116,6 +116,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		if result != constants.Updated && annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
 			for _, value := range values {
+				value = strings.Trim(value, " ")
 				if value == config.ResourceName {
 					result = updateContainers(upgradeFuncs, i, config, false)
 					if result == constants.Updated {
@@ -260,7 +261,7 @@ func getContainerToUpdate(upgradeFuncs callbacks.RollingUpgradeFuncs, item inter
 
 func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
 	var result constants.Result
-	envar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
+	envVar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
 	container := getContainerToUpdate(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
@@ -268,12 +269,12 @@ func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface
 	}
 
 	//update if env var exists
-	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envar, config.SHAValue)
+	result = updateEnvVar(upgradeFuncs.ContainersFunc(item), envVar, config.SHAValue)
 
 	// if no existing env var exists lets create one
 	if result == constants.NoEnvVarFound {
 		e := v1.EnvVar{
-			Name:  envar,
+			Name:  envVar,
 			Value: config.SHAValue,
 		}
 		container.Env = append(container.Env, e)
@@ -282,11 +283,11 @@ func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface
 	return result
 }
 
-func updateEnvVar(containers []v1.Container, envar string, shaData string) constants.Result {
+func updateEnvVar(containers []v1.Container, envVar string, shaData string) constants.Result {
 	for i := range containers {
 		envs := containers[i].Env
 		for j := range envs {
-			if envs[j].Name == envar {
+			if envs[j].Name == envVar {
 				if envs[j].Value != shaData {
 					envs[j].Value = shaData
 					return constants.Updated

internal/pkg/testutil/kube.go

@@ -97,7 +97,7 @@ func getVolumes(name string) []v1.Volume {
 			VolumeSource: v1.VolumeSource{
 				Projected: &v1.ProjectedVolumeSource{
 					Sources: []v1.VolumeProjection{
-						v1.VolumeProjection{
+						{
 							ConfigMap: &v1.ConfigMapProjection{
 								LocalObjectReference: v1.LocalObjectReference{
 									Name: name,
@@ -113,7 +113,7 @@ func getVolumes(name string) []v1.Volume {
 			VolumeSource: v1.VolumeSource{
 				Projected: &v1.ProjectedVolumeSource{
 					Sources: []v1.VolumeProjection{
-						v1.VolumeProjection{
+						{
 							Secret: &v1.SecretProjection{
 								LocalObjectReference: v1.LocalObjectReference{
 									Name: name,
@@ -563,11 +563,11 @@ func GetSecretWithUpdatedLabel(namespace string, secretName string, label string
 }
 
 // GetResourceSHA returns the SHA value of given environment variable
-func GetResourceSHA(containers []v1.Container, envar string) string {
+func GetResourceSHA(containers []v1.Container, envVar string) string {
 	for i := range containers {
 		envs := containers[i].Env
 		for j := range envs {
-			if envs[j].Name == envar {
+			if envs[j].Name == envVar {
 				return envs[j].Value
 			}
 		}
@@ -610,6 +610,7 @@ func CreateSecret(client kubernetes.Interface, namespace string, secretName stri
 	time.Sleep(3 * time.Second)
 	return secretClient, err
 }
+
 // CreateDeployment creates a deployment in given namespace and returns the Deployment
 func CreateDeployment(client kubernetes.Interface, deploymentName string, namespace string, volumeMount bool) (*appsv1.Deployment, error) {
 	logrus.Infof("Creating Deployment")
@@ -820,6 +821,7 @@ func VerifyResourceUpdate(clients kube.Clients, config util.Config, envVarPostfi
 		} else if annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
 			for _, value := range values {
+				value = strings.Trim(value, " ")
 				if value == config.ResourceName {
 					matches = true
 					break

internal/pkg/util/config.go

@@ -23,7 +23,7 @@ func GetConfigmapConfig(configmap *v1.ConfigMap) Config {
 		ResourceName:        configmap.Name,
 		ResourceAnnotations: configmap.Annotations,
 		Annotation:          options.ConfigmapUpdateOnChangeAnnotation,
-		SHAValue:            GetSHAfromConfigmap(configmap.Data),
+		SHAValue:            GetSHAfromConfigmap(configmap),
 		Type:                constants.ConfigmapEnvVarPostfix,
 	}
 }

internal/pkg/util/util.go

@@ -2,10 +2,12 @@ package util
 
 import (
 	"bytes"
+	"encoding/base64"
 	"sort"
 	"strings"
 
 	"github.com/stakater/Reloader/internal/pkg/crypto"
+	v1 "k8s.io/api/core/v1"
 )
 
 // ConvertToEnvVarName converts the given text into a usable env var
@@ -29,11 +31,14 @@ func ConvertToEnvVarName(text string) string {
 	return buffer.String()
 }
 
-func GetSHAfromConfigmap(data map[string]string) string {
+func GetSHAfromConfigmap(configmap *v1.ConfigMap) string {
 	values := []string{}
-	for k, v := range data {
+	for k, v := range configmap.Data {
 		values = append(values, k+"="+v)
 	}
+	for k, v := range configmap.BinaryData {
+		values = append(values, k+"="+base64.StdEncoding.EncodeToString(v))
+	}
 	sort.Strings(values)
 	return crypto.GenerateSHA(strings.Join(values, ";"))
 }

internal/pkg/util/util_test.go

@@ -2,6 +2,8 @@ package util
 
 import (
 	"testing"
+
+	v1 "k8s.io/api/core/v1"
 )
 
 func TestConvertToEnvVarName(t *testing.T) {
@@ -11,3 +13,35 @@ func TestConvertToEnvVarName(t *testing.T) {
 		t.Errorf("Failed to convert data into environment variable")
 	}
 }
+
+func TestGetHashFromConfigMap(t *testing.T) {
+	data := map[*v1.ConfigMap]string{
+		{
+			Data: map[string]string{"test": "test"},
+		}: "Only Data",
+		{
+			Data:       map[string]string{"test": "test"},
+			BinaryData: map[string][]byte{"bintest": []byte("test")},
+		}: "Both Data and BinaryData",
+		{
+			BinaryData: map[string][]byte{"bintest": []byte("test")},
+		}: "Only BinaryData",
+	}
+	converted := map[string]string{}
+	for cm, cmName := range data {
+		converted[cmName] = GetSHAfromConfigmap(cm)
+	}
+
+	// Test that the has for each configmap is really unique
+	for cmName, cmHash := range converted {
+		count := 0
+		for _, cmHash2 := range converted {
+			if cmHash == cmHash2 {
+				count++
+			}
+		}
+		if count > 1 {
+			t.Errorf("Found duplicate hashes for %v", cmName)
+		}
+	}
+}

okteto.yml

@@ -0,0 +1,14 @@
+name: reloader-reloader
+image: okteto/golang:1
+command: bash
+securityContext:
+  capabilities:
+    add:
+      - SYS_PTRACE
+volumes:
+  - /go/pkg/
+  - /root/.cache/go-build/
+sync:
+  - .:/app
+forward:
+  - 2345:2345

pkg/kube/client.go

@@ -78,7 +78,6 @@ func GetKubernetesClient() (*kubernetes.Clientset, error) {
 
 func getConfig() (*rest.Config, error) {
 	var config *rest.Config
-	var err error
 	kubeconfigPath := os.Getenv("KUBECONFIG")
 	if kubeconfigPath == "" {
 		kubeconfigPath = os.Getenv("HOME") + "/.kube/config"
@@ -95,9 +94,6 @@ func getConfig() (*rest.Config, error) {
 			return nil, err
 		}
 	}
-	if err != nil {
-		return nil, err
-	}
 
 	return config, nil
 }