[skip-ci] Update artifacts

Add .Release.Namespace

.github/workflows/pull_request.yaml

@@ -36,10 +36,12 @@ jobs:
       run: |
         make install
 
-    - name: Lint
-      run: |
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.26.0
-        golangci-lint run --timeout=10m ./...
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v2.3.0
+      with:
+        version: v1.33
+        only-new-issues: false
+        args: --timeout 10m
 
     - name: Helm Lint
       run: |

.github/workflows/push.yaml

@@ -39,11 +39,13 @@ jobs:
         run: |
           make install
 
-      - name: Lint
-        run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.26.0
-          golangci-lint run --timeout=10m ./...
-
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v2.3.0
+        with:
+          version: v1.33
+          only-new-issues: false
+          args: --timeout 10m
+          
       - name: Install kubectl
         run: |
           curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
@@ -129,7 +131,8 @@ jobs:
 
       - name: Helm Template
         run: |
-          helm template stakater deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
+          helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
+          helm template reloader deployments/kubernetes/chart/reloader/  --output-dir deployments/kubernetes/manifests/ && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
 
       # Publish helm chart
       - name: Publish Helm chart

.gitignore

@@ -8,4 +8,5 @@ _gopath/
 .DS_Store
 .vscode
 vendor
-dist
+dist
+Reloader

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} golang:1.15.2 as builder
+FROM --platform=${BUILDPLATFORM} golang:1.16 as builder
 
 ARG TARGETOS
 ARG TARGETARCH
@@ -26,7 +26,7 @@ RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+USER 65532:65532
 
 # Port for metrics and probes
 EXPOSE 9090

Makefile

@@ -1,6 +1,6 @@
 # note: call scripts from /scripts
 
-.PHONY: default build builder-image binary-image test stop clean-images clean push apply deploy release release-all manifest push clean-image
+.PHONY: default build build-image test stop push apply deploy release release-all manifest push
 
 OS ?= linux
 ARCH ?= ???
@@ -9,12 +9,12 @@ ALL_ARCH ?= arm64 arm amd64
 BUILDER ?= reloader-builder-${ARCH}
 BINARY ?= Reloader
 DOCKER_IMAGE ?= stakater/reloader
-# Default value "dev"
-TAG ?= v0.0.75.0
-REPOSITORY_GENERIC = ${DOCKER_IMAGE}:${TAG}
-REPOSITORY_ARCH = ${DOCKER_IMAGE}:${TAG}-${ARCH}
 
+# Default value "dev"
 VERSION ?= 0.0.1
+
+REPOSITORY_GENERIC = ${DOCKER_IMAGE}:${VERSION}
+REPOSITORY_ARCH = ${DOCKER_IMAGE}:v${VERSION}-${ARCH}
 BUILD=
 
 GOCMD = go
@@ -26,23 +26,19 @@ default: build test
 install:
 	"$(GOCMD)" mod download
 
+run:
+	go run ./main.go
+
 build:
 	"$(GOCMD)" build ${GOFLAGS} ${LDFLAGS} -o "${BINARY}"
 
-builder-image:
-	docker buildx build --platform ${OS}/${ARCH} --build-arg GOARCH=$(ARCH) -t "${BUILDER}" --load -f build/package/Dockerfile.build .
-
-reloader-${ARCH}.tar:
-	docker buildx build --platform ${OS}/${ARCH} --build-arg GOARCH=$(ARCH) -t "${BUILDER}" --load -f build/package/Dockerfile.build .
-	docker run --platform ${OS}/${ARCH} --rm "${BUILDER}" > reloader-${ARCH}.tar
-
-binary-image: builder-image
-	cat reloader-${ARCH}.tar | docker buildx build --platform ${OS}/${ARCH} -t "${REPOSITORY_ARCH}"  --load -f Dockerfile.run -
+build-image:
+	docker buildx build --platform ${OS}/${ARCH} --build-arg GOARCH=$(ARCH) -t "${REPOSITORY_ARCH}" --load -f Dockerfile .
 
 push:
 	docker push ${REPOSITORY_ARCH}
 
-release:  binary-image push manifest
+release: build-image push manifest
 
 release-all:
 	-rm -rf ~/.docker/manifests/*
@@ -66,23 +62,6 @@ test:
 stop:
 	@docker stop "${BINARY}"
 
-clean-images: stop
-	-docker rmi "${BINARY}"
-	@for arch in $(ALL_ARCH) ; do \
-		echo Clean image: $$arch ; \
-		make clean-image ARCH=$$arch ; \
-	done
-	-docker rmi "${REPOSITORY_GENERIC}"
-
-clean-image:
-	-docker rmi "${BUILDER}"
-	-docker rmi "${REPOSITORY_ARCH}"
-	-rm -rf ~/.docker/manifests/*
-
-clean:
-	"$(GOCMD)" clean -i
-	-rm -rf reloader-*.tar
-
 apply:
 	kubectl apply -f deployments/manifests/ -n temp-reloader
 

README.md

@@ -99,7 +99,8 @@ metadata:
   annotations:
     configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap"
 spec:
-  template: metadata:
+  template: 
+    metadata:
 ```
 
 ### Secret
@@ -114,7 +115,8 @@ metadata:
   annotations:
     secret.reloader.stakater.com/reload: "foo-secret"
 spec:
-  template: metadata:
+  template: 
+    metadata:
 ```
 
 Use comma separated list to define multiple secrets.
@@ -125,7 +127,8 @@ metadata:
   annotations:
     secret.reloader.stakater.com/reload: "foo-secret,bar-secret,baz-secret"
 spec:
-  template: metadata:
+  template: 
+    metadata:
 ```
 
 ### NOTES
@@ -142,6 +145,19 @@ spec:
 - you may want to prevent watching certain namespaces with the `--namespaces-to-ignore` flag
 - you may want to prevent watching certain resources with the `--resources-to-ignore` flag
 - you can configure logging in JSON format with the `--log-format=json` option
+- you can configure the "reload strategy" with the `--reload-strategy=<strategy-name>` option (details below)
+
+## Reload Strategies
+Reloader supports multiple "reload" strategies for performing rolling upgrades to resources. The following list describes them:
+- **env-vars**: When a tracked `configMap`/`secret` is updated, this strategy attaches a Reloader specific environment variable to any containers 
+  referencing the changed `configMap` or `secret` on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.).
+  This strategy can be specified with the `--reload-strategy=env-vars` argument. Note: This is the default reload strategy.
+- **annotations**: When a tracked `configMap`/`secret` is updated, this strategy attaches a `reloader.stakater.com/last-reloaded-from` pod template annotation
+  on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.). This strategy is useful when using resource syncing tools like ArgoCD, since it will not cause these tools
+  to detect configuration drift after a resource is reloaded. Note: Since the attached pod template annotation only tracks the last reload source, this strategy will reload any tracked resource should its 
+  `configMap` or `secret` be deleted and recreated.
+  This strategy can be specified with the `--reload-strategy=annotations` argument.
+  
 
 ## Deploying to Kubernetes
 

build/package/Dockerfile.build

@@ -1,26 +0,0 @@
-FROM golang:1.15.2-alpine
-LABEL maintainer "Stakater Team"
-
-ARG GOARCH=amd64
-
-RUN apk -v --update \
-    --no-cache \
-    add git build-base
-
-WORKDIR "$GOPATH/src/github.com/stakater/Reloader"
-
-COPY go.mod go.sum ./
-
-RUN go mod download
-
-COPY . .
-
-ENV CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH
-
-RUN go build -a --installsuffix cgo --ldflags="-s" -o /Reloader
-
-COPY build/package/Dockerfile.run /
-
-# Running this image produces a tarball suitable to be piped into another
-# Docker build command.
-CMD tar -cf - -C / Dockerfile.run Reloader

build/package/Dockerfile.run

@@ -1,14 +0,0 @@
-FROM alpine:3.11
-LABEL maintainer "Stakater Team"
-
-RUN apk add --update --no-cache ca-certificates
-
-COPY Reloader /bin/Reloader
-
-# On alpine 'nobody' has uid 65534
-USER 65534
-
-# Port for metrics and probes
-EXPOSE 9090
-
-ENTRYPOINT ["/bin/Reloader"]

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.97
-appVersion: v0.0.97
+version: v0.0.104
+appVersion: v0.0.104
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/NOTES.txt

@@ -1,7 +1,7 @@
 - For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment`
-  configmap.reloader.stakater.com/reload: "foo-configmap"
+  {{ .Values.reloader.custom_annotations.configmap | default "configmap.reloader.stakater.com/reload" }}: "foo-configmap"
 
-- For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of  your `Deployment`
-  secret.reloader.stakater.com/reload: "foo-secret"
+- For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment`
+  {{ .Values.reloader.custom_annotations.secret | default "secret.reloader.stakater.com/reload" }}: "foo-secret"
 
 - After successful installation, your pods will get rolling updates when a change in data of configmap or secret will happen.

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -15,6 +15,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   revisionHistoryLimit: 2
@@ -118,7 +119,7 @@ spec:
           - mountPath: /tmp/
             name: tmp-volume
       {{- end }}
-      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) }}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (ne .Values.reloader.reloadStrategy "default")}}
         args:
           {{- if .Values.reloader.logFormat }}
           - "--log-format={{ .Values.reloader.logFormat }}"
@@ -158,6 +159,9 @@ spec:
           {{- if eq .Values.reloader.isArgoRollouts true }}
           - "--is-Argo-Rollouts={{ .Values.reloader.isArgoRollouts }}"
           {{- end }}
+          {{- if ne .Values.reloader.reloadStrategy "default" }}
+          - "--reload-strategy={{ .Values.reloader.reloadStrategy }}"
+          {{- end }}
       {{- end }}
       {{- if .Values.reloader.deployment.resources }}
         resources:

deployments/kubernetes/chart/reloader/templates/serviceaccount.yaml

@@ -19,4 +19,5 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
 {{- end }}

deployments/kubernetes/chart/reloader/values.schema.json

@@ -0,0 +1,19 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "type": "object",
+  "properties": {
+    "reloader": {
+      "type": "object",
+      "properties": {
+        "reloadStrategy": {
+          "type": "string",
+          "enum": [
+            "default",
+            "env-vars",
+            "annotations"
+          ]
+        }
+      }
+    }
+  }
+}

deployments/kubernetes/chart/reloader/values.yaml

@@ -13,6 +13,7 @@ reloader:
   isOpenshift: false
   ignoreSecrets: false
   ignoreConfigMaps: false
+  reloadStrategy: default # Set to default, env-vars or annotations
   ignoreNamespaces: "" # Comma separated list of namespaces to ignore
   logFormat: "" #json
   watchGlobally: true
@@ -52,10 +53,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v0.0.97
+      version: v0.0.104
     image:
       name: stakater/reloader
-      tag: v0.0.97
+      tag: v0.0.104
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -115,8 +116,10 @@ reloader:
   #     configmap: "my.company.com/configmap"
   #     secret: "my.company.com/secret"
   custom_annotations: {}
+
   serviceMonitor:
-    # enabling this requires service to be enabled as well, or no endpoints will be found
+    # Deprecated: Service monitor will be removed in future releases of reloader in favour of Pod monitor
+    # Enabling this requires service to be enabled as well, or no endpoints will be found
     enabled: false
     # Set the namespace the ServiceMonitor should be deployed
     # namespace: monitoring
@@ -128,7 +131,6 @@ reloader:
     # timeout: 10s
 
   podMonitor:
-    # enabling this requires service to be enabled as well, or no endpoints will be found
     enabled: false
     # Set the namespace the podMonitor should be deployed
     # namespace: monitoring

deployments/kubernetes/manifests/clusterrole.yaml

@@ -1,7 +1,7 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
+apiVersion: rbac.authorization.k8s.io/v1
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
   annotations:
@@ -9,10 +9,10 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.77"
+    chart: "reloader-v0.0.104"
     release: "reloader"
-    heritage: "Tiller"
-    app.kubernetes.io/managed-by: "Tiller"
+    heritage: "Helm"
+    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role
   namespace: default
 rules:
@@ -46,4 +46,3 @@ rules:
       - get
       - update
       - patch
-

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -1,7 +1,7 @@
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
 
-apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
   annotations:
@@ -9,10 +9,10 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.77"
+    chart: "reloader-v0.0.104"
     release: "reloader"
-    heritage: "Tiller"
-    app.kubernetes.io/managed-by: "Tiller"
+    heritage: "Helm"
+    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role-binding
   namespace: default
 roleRef:
@@ -23,4 +23,3 @@ subjects:
   - kind: ServiceAccount
     name: reloader-reloader
     namespace: default
-

deployments/kubernetes/manifests/deployment.yaml

@@ -8,15 +8,15 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.77"
+    chart: "reloader-v0.0.104"
     release: "reloader"
-    heritage: "Tiller"
-    app.kubernetes.io/managed-by: "Tiller"
+    heritage: "Helm"
+    app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.77
-    
+    version: v0.0.104
   name: reloader-reloader
+  namespace: default
 spec:
   replicas: 1
   revisionHistoryLimit: 2
@@ -28,17 +28,16 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-v0.0.77"
+        chart: "reloader-v0.0.104"
         release: "reloader"
-        heritage: "Tiller"
-        app.kubernetes.io/managed-by: "Tiller"
+        heritage: "Helm"
+        app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.77
-        
+        version: v0.0.104
     spec:
       containers:
-      - image: "stakater/reloader:v0.0.77"
+      - image: "stakater/reloader:v0.0.104"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
 
@@ -49,13 +48,19 @@ spec:
           httpGet:
             path: /metrics
             port: http
+          timeoutSeconds: 5
+          failureThreshold: 5
+          periodSeconds: 10
+          successThreshold: 1
         readinessProbe:
           httpGet:
             path: /metrics
             port: http
+          timeoutSeconds: 5
+          failureThreshold: 5
+          periodSeconds: 10
+          successThreshold: 1
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534
-        
       serviceAccountName: reloader-reloader
-

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -1,6 +1,5 @@
 ---
 # Source: reloader/templates/serviceaccount.yaml
-
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -9,9 +8,9 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-v0.0.77"
+    chart: "reloader-v0.0.104"
     release: "reloader"
-    heritage: "Tiller"
-    app.kubernetes.io/managed-by: "Tiller"
+    heritage: "Helm"
+    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader
-
+  namespace: default

deployments/kubernetes/reloader.yaml

@@ -5,14 +5,15 @@ kind: ServiceAccount
 metadata:
   annotations:
     meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "stakater"
+    meta.helm.sh/release-name: "reloader"
   labels:
-    app: stakater-reloader
-    chart: "reloader-v0.0.97"
-    release: "stakater"
+    app: reloader-reloader
+    chart: "reloader-v0.0.104"
+    release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
-  name: stakater-reloader
+  name: reloader-reloader
+  namespace: default
 ---
 # Source: reloader/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -21,14 +22,14 @@ kind: ClusterRole
 metadata:
   annotations:
     meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "stakater"
+    meta.helm.sh/release-name: "reloader"
   labels:
-    app: stakater-reloader
-    chart: "reloader-v0.0.97"
-    release: "stakater"
+    app: reloader-reloader
+    chart: "reloader-v0.0.104"
+    release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
-  name: stakater-reloader-role
+  name: reloader-reloader-role
   namespace: default
 rules:
   - apiGroups:
@@ -69,22 +70,22 @@ kind: ClusterRoleBinding
 metadata:
   annotations:
     meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "stakater"
+    meta.helm.sh/release-name: "reloader"
   labels:
-    app: stakater-reloader
-    chart: "reloader-v0.0.97"
-    release: "stakater"
+    app: reloader-reloader
+    chart: "reloader-v0.0.104"
+    release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
-  name: stakater-reloader-role-binding
+  name: reloader-reloader-role-binding
   namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: stakater-reloader-role
+  name: reloader-reloader-role
 subjects:
   - kind: ServiceAccount
-    name: stakater-reloader
+    name: reloader-reloader
     namespace: default
 ---
 # Source: reloader/templates/deployment.yaml
@@ -93,40 +94,41 @@ kind: Deployment
 metadata:
   annotations:
     meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "stakater"
+    meta.helm.sh/release-name: "reloader"
   labels:
-    app: stakater-reloader
-    chart: "reloader-v0.0.97"
-    release: "stakater"
+    app: reloader-reloader
+    chart: "reloader-v0.0.104"
+    release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v0.0.97
-  name: stakater-reloader
+    version: v0.0.104
+  name: reloader-reloader
+  namespace: default
 spec:
   replicas: 1
   revisionHistoryLimit: 2
   selector:
     matchLabels:
-      app: stakater-reloader
-      release: "stakater"
+      app: reloader-reloader
+      release: "reloader"
   template:
     metadata:
       labels:
-        app: stakater-reloader
-        chart: "reloader-v0.0.97"
-        release: "stakater"
+        app: reloader-reloader
+        chart: "reloader-v0.0.104"
+        release: "reloader"
         heritage: "Helm"
         app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v0.0.97
+        version: v0.0.104
     spec:
       containers:
-      - image: "stakater/reloader:v0.0.97"
+      - image: "stakater/reloader:v0.0.104"
         imagePullPolicy: IfNotPresent
-        name: stakater-reloader
+        name: reloader-reloader
 
         ports:
         - name: http
@@ -150,4 +152,4 @@ spec:
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534
-      serviceAccountName: stakater-reloader
+      serviceAccountName: reloader-reloader

go.mod

@@ -1,9 +1,9 @@
 module github.com/stakater/Reloader
 
-go 1.15
+go 1.16
 
 require (
-	github.com/argoproj/argo-rollouts v1.0.1
+	github.com/argoproj/argo-rollouts v1.0.2
 	github.com/onsi/ginkgo v1.15.1 // indirect
 	github.com/onsi/gomega v1.11.0 // indirect
 	github.com/openshift/api v0.0.0-20210527122704-efd9d5958e01
@@ -11,12 +11,15 @@ require (
 	github.com/prometheus/client_golang v1.10.0
 	github.com/sirupsen/logrus v1.7.0
 	github.com/spf13/cobra v1.1.3
-	k8s.io/api v0.21.1
-	k8s.io/apimachinery v0.21.1
-	k8s.io/client-go v0.21.1
+	k8s.io/api v0.21.2
+	k8s.io/apimachinery v0.21.2
+	k8s.io/client-go v0.21.2
 )
 
+// Replacements for argo-rollouts
 replace (
+	github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
+	github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
 	k8s.io/api => k8s.io/api v0.20.4
 	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.20.4
 	k8s.io/apimachinery => k8s.io/apimachinery v0.21.0-alpha.0
@@ -41,4 +44,6 @@ replace (
 	k8s.io/metrics => k8s.io/metrics v0.20.4
 	k8s.io/mount-utils => k8s.io/mount-utils v0.20.5-rc.0
 	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.20.4
-)
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.20.4
+	k8s.io/sample-controller => k8s.io/sample-controller v0.20.4
+)

internal/pkg/callbacks/rolling_upgrade.go

@@ -52,6 +52,15 @@ func GetDeploymentItems(clients kube.Clients, namespace string) []interface{} {
 	if err != nil {
 		logrus.Errorf("Failed to list deployments %v", err)
 	}
+
+	// Ensure we always have pod annotations to add to
+	for i, v := range deployments.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			annotations := make(map[string]string)
+			deployments.Items[i].Spec.Template.ObjectMeta.Annotations = annotations
+		}
+	}
+
 	return util.InterfaceSlice(deployments.Items)
 }
 
@@ -61,6 +70,14 @@ func GetDaemonSetItems(clients kube.Clients, namespace string) []interface{} {
 	if err != nil {
 		logrus.Errorf("Failed to list daemonSets %v", err)
 	}
+
+	// Ensure we always have pod annotations to add to
+	for i, v := range daemonSets.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			daemonSets.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+	}
+
 	return util.InterfaceSlice(daemonSets.Items)
 }
 
@@ -70,6 +87,14 @@ func GetStatefulSetItems(clients kube.Clients, namespace string) []interface{} {
 	if err != nil {
 		logrus.Errorf("Failed to list statefulSets %v", err)
 	}
+
+	// Ensure we always have pod annotations to add to
+	for i, v := range statefulSets.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			statefulSets.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+	}
+
 	return util.InterfaceSlice(statefulSets.Items)
 }
 
@@ -79,6 +104,14 @@ func GetDeploymentConfigItems(clients kube.Clients, namespace string) []interfac
 	if err != nil {
 		logrus.Errorf("Failed to list deploymentConfigs %v", err)
 	}
+
+	// Ensure we always have pod annotations to add to
+	for i, v := range deploymentConfigs.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			deploymentConfigs.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+	}
+
 	return util.InterfaceSlice(deploymentConfigs.Items)
 }
 
@@ -88,6 +121,14 @@ func GetRolloutItems(clients kube.Clients, namespace string) []interface{} {
 	if err != nil {
 		logrus.Errorf("Failed to list Rollouts %v", err)
 	}
+
+	// Ensure we always have pod annotations to add to
+	for i, v := range rollouts.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			rollouts.Items[i].Spec.Template.ObjectMeta.Annotations = make(map[string]string)
+		}
+	}
+
 	return util.InterfaceSlice(rollouts.Items)
 }
 

internal/pkg/cmd/reloader.go

@@ -3,7 +3,9 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"github.com/stakater/Reloader/internal/pkg/constants"
 	"os"
+	"strings"
 
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -18,9 +20,10 @@ import (
 // NewReloaderCommand starts the reloader controller
 func NewReloaderCommand() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "reloader",
-		Short: "A watcher for your Kubernetes cluster",
-		Run:   startReloader,
+		Use:     "reloader",
+		Short:   "A watcher for your Kubernetes cluster",
+		PreRunE: validateFlags,
+		Run:     startReloader,
 	}
 
 	// options
@@ -33,9 +36,24 @@ func NewReloaderCommand() *cobra.Command {
 	cmd.PersistentFlags().StringSlice("resources-to-ignore", []string{}, "list of resources to ignore (valid options 'configMaps' or 'secrets')")
 	cmd.PersistentFlags().StringSlice("namespaces-to-ignore", []string{}, "list of namespaces to ignore")
 	cmd.PersistentFlags().StringVar(&options.IsArgoRollouts, "is-Argo-Rollouts", "false", "Add support for argo rollouts")
+	cmd.PersistentFlags().StringVar(&options.ReloadStrategy, constants.ReloadStrategyFlag, constants.EnvVarsReloadStrategy, "Specifies the desired reload strategy")
+
 	return cmd
 }
 
+func validateFlags(*cobra.Command, []string) error {
+	// Ensure the reload strategy is one of the following...
+	valid := []string{constants.EnvVarsReloadStrategy, constants.AnnotationsReloadStrategy}
+	for _, s := range valid {
+		if s == options.ReloadStrategy {
+			return nil
+		}
+	}
+
+	err := fmt.Sprintf("%s must be one of: %s", constants.ReloadStrategyFlag, strings.Join(valid, ", "))
+	return errors.New(err)
+}
+
 func configureLogging(logFormat string) error {
 	switch logFormat {
 	case "json":

internal/pkg/constants/constants.go

@@ -7,4 +7,16 @@ const (
 	SecretEnvVarPostfix = "SECRET"
 	// EnvVarPrefix is a Prefix for environment variable
 	EnvVarPrefix = "STAKATER_"
+
+	// ReloaderAnnotationPrefix is a Prefix for all reloader annotations
+	ReloaderAnnotationPrefix = "reloader.stakater.com"
+	// LastReloadedFromAnnotation is an annotation used to describe the last resource that triggered a reload
+	LastReloadedFromAnnotation = "last-reloaded-from"
+
+	// 	ReloadStrategyFlag The reload strategy flag name
+	ReloadStrategyFlag = "reload-strategy"
+	// EnvVarsReloadStrategy instructs Reloader to add container environment variables to facilitate a restart
+	EnvVarsReloadStrategy = "env-vars"
+	// AnnotationsReloadStrategy instructs Reloader to add pod template annotations to facilitate a restart
+	AnnotationsReloadStrategy = "annotations"
 )

internal/pkg/controller/controller.go

@@ -30,6 +30,9 @@ type Controller struct {
 	collectors        metrics.Collectors
 }
 
+// controllerInitialized flag determines whether controlled is being initialized
+var controllerInitialized bool = false
+
 // NewController for initializing a Controller
 func NewController(
 	client kubernetes.Interface, resource string, namespace string, ignoredNamespaces []string, collectors metrics.Collectors) (*Controller, error) {
@@ -57,8 +60,12 @@ func NewController(
 
 // Add function to add a new object to the queue in case of creating a resource
 func (c *Controller) Add(obj interface{}) {
-	// Not required as reloader should update the resource in the event of any change and not in the event of any resource creation.
-	// This causes the issue where reloader reloads the pods when reloader itself gets restarted as it's queue is filled with all the k8s objects as new resources.
+	if !c.resourceInIgnoredNamespace(obj) && controllerInitialized {
+		c.queue.Add(handler.ResourceCreatedHandler{
+			Resource:   obj,
+			Collectors: c.collectors,
+		})
+	}
 }
 
 func (c *Controller) resourceInIgnoredNamespace(raw interface{}) bool {
@@ -111,6 +118,9 @@ func (c *Controller) Run(threadiness int, stopCh chan struct{}) {
 }
 
 func (c *Controller) runWorker() {
+	// At this point the controller is fully initialized and we can start processing the resources
+	controllerInitialized = true
+
 	for c.processNextItem() {
 	}
 }

internal/pkg/handler/upgrade.go

@@ -1,9 +1,9 @@
 package handler
 
 import (
-	"strconv"
-	"strings"
-
+	"encoding/json"
+	"errors"
+	"fmt"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/sirupsen/logrus"
 	"github.com/stakater/Reloader/internal/pkg/callbacks"
@@ -13,6 +13,8 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
 	v1 "k8s.io/api/core/v1"
+	"strconv"
+	"strings"
 )
 
 // GetDeploymentRollingUpgradeFuncs returns all callback funcs for a deployment
@@ -146,7 +148,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		result := constants.NotUpdated
 		reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
 		if err == nil && reloaderEnabled {
-			result = updateContainers(upgradeFuncs, i, config, true)
+			result = invokeReloadStrategy(upgradeFuncs, i, config, true)
 		}
 
 		if result != constants.Updated && annotationValue != "" {
@@ -154,7 +156,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 			for _, value := range values {
 				value = strings.Trim(value, " ")
 				if value == config.ResourceName {
-					result = updateContainers(upgradeFuncs, i, config, false)
+					result = invokeReloadStrategy(upgradeFuncs, i, config, false)
 					if result == constants.Updated {
 						break
 					}
@@ -165,7 +167,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		if result != constants.Updated && searchAnnotationValue == "true" {
 			matchAnnotationValue := config.ResourceAnnotations[options.SearchMatchAnnotation]
 			if matchAnnotationValue == "true" {
-				result = updateContainers(upgradeFuncs, i, config, true)
+				result = invokeReloadStrategy(upgradeFuncs, i, config, true)
 			}
 		}
 
@@ -257,7 +259,7 @@ func getContainerWithEnvReference(containers []v1.Container, resourceName string
 	return nil
 }
 
-func getContainerToUpdate(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) *v1.Container {
+func getContainerUsingResource(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) *v1.Container {
 	volumes := upgradeFuncs.VolumesFunc(item)
 	containers := upgradeFuncs.ContainersFunc(item)
 	initContainers := upgradeFuncs.InitContainersFunc(item)
@@ -296,10 +298,70 @@ func getContainerToUpdate(upgradeFuncs callbacks.RollingUpgradeFuncs, item inter
 	return container
 }
 
-func updateContainers(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
+func invokeReloadStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
+	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
+		return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
+	}
+
+	return updateContainerEnvVars(upgradeFuncs, item, config, autoReload)
+}
+
+func updatePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
+	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
+	if container == nil {
+		return constants.NoContainerFound
+	}
+
+	// Generate reloaded annotations. Attaching this to the item's annotation will trigger a rollout
+	// Note: the data on this struct is purely informational and is not used for future updates
+	reloadSource := util.NewReloadSourceFromConfig(config, []string{container.Name})
+	annotations, err := createReloadedAnnotations(&reloadSource)
+	if err != nil {
+		logrus.Errorf("Failed to create reloaded annotations for %s! error = %v", config.ResourceName, err)
+		return constants.NotUpdated
+	}
+
+	// Copy the all annotations to the item's annotations
+	pa := upgradeFuncs.PodAnnotationsFunc(item)
+	if pa == nil {
+		return constants.NotUpdated
+	}
+
+	for k, v := range annotations {
+		pa[k] = v
+	}
+
+	return constants.Updated
+}
+
+func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, error) {
+	if target == nil {
+		return nil, errors.New("target is required")
+	}
+
+	// Create a single "last-invokeReloadStrategy-from" annotation that stores metadata about the
+	// resource that caused the last invokeReloadStrategy.
+	// Intentionally only storing the last item in order to keep
+	// the generated annotations as small as possible.
+	annotations := make(map[string]string)
+	lastReloadedResourceName := fmt.Sprintf("%s/%s",
+		constants.ReloaderAnnotationPrefix,
+		constants.LastReloadedFromAnnotation,
+	)
+
+	lastReloadedResource, err := json.Marshal(target)
+	if err != nil {
+		return nil, err
+	}
+
+	annotations[lastReloadedResourceName] = string(lastReloadedResource)
+	return annotations, nil
+}
+
+func updateContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item interface{}, config util.Config, autoReload bool) constants.Result {
 	var result constants.Result
 	envVar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
-	container := getContainerToUpdate(upgradeFuncs, item, config, autoReload)
+	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
 
 	if container == nil {
 		return constants.NoContainerFound

internal/pkg/options/flags.go

@@ -1,5 +1,7 @@
 package options
 
+import "github.com/stakater/Reloader/internal/pkg/constants"
+
 var (
 	// ConfigmapUpdateOnChangeAnnotation is an annotation to detect changes in
 	// configmaps specified by name
@@ -17,6 +19,8 @@ var (
 	SearchMatchAnnotation = "reloader.stakater.com/match"
 	// LogFormat is the log format to use (json, or empty string for default)
 	LogFormat = ""
-	// Adds support for argo rollouts
+	// IsArgoRollouts Adds support for argo rollouts
 	IsArgoRollouts = "false"
+	// ReloadStrategy Specify the update strategy
+	ReloadStrategy = constants.EnvVarsReloadStrategy
 )

internal/pkg/testutil/kube.go

@@ -2,6 +2,8 @@ package testutil
 
 import (
 	"context"
+	"encoding/json"
+	"fmt"
 	"math/rand"
 	"sort"
 	"strconv"
@@ -563,8 +565,8 @@ func GetSecretWithUpdatedLabel(namespace string, secretName string, label string
 	}
 }
 
-// GetResourceSHA returns the SHA value of given environment variable
-func GetResourceSHA(containers []v1.Container, envVar string) string {
+// GetResourceSHAFromEnvVar returns the SHA value of given environment variable
+func GetResourceSHAFromEnvVar(containers []v1.Container, envVar string) string {
 	for i := range containers {
 		envs := containers[i].Env
 		for j := range envs {
@@ -576,6 +578,28 @@ func GetResourceSHA(containers []v1.Container, envVar string) string {
 	return ""
 }
 
+// GetResourceSHAFromAnnotation returns the SHA value of given environment variable
+func GetResourceSHAFromAnnotation(podAnnotations map[string]string) string {
+	lastReloadedResourceName := fmt.Sprintf("%s/%s",
+		constants.ReloaderAnnotationPrefix,
+		constants.LastReloadedFromAnnotation,
+	)
+
+	annotationJson, ok := podAnnotations[lastReloadedResourceName]
+	if !ok {
+		return ""
+	}
+
+	var last util.ReloadSource
+	bytes := []byte(annotationJson)
+	err := json.Unmarshal(bytes, &last)
+	if err != nil {
+		return ""
+	}
+
+	return last.Hash
+}
+
 //ConvertResourceToSHA generates SHA from secret or configmap data
 func ConvertResourceToSHA(resourceType string, namespace string, resourceName string, data string) string {
 	values := []string{}
@@ -806,8 +830,8 @@ func RandSeq(n int) string {
 	return string(b)
 }
 
-// VerifyResourceUpdate verifies whether the rolling upgrade happened or not
-func VerifyResourceUpdate(clients kube.Clients, config util.Config, envVarPostfix string, upgradeFuncs callbacks.RollingUpgradeFuncs) bool {
+// VerifyResourceEnvVarUpdate verifies whether the rolling upgrade happened or not
+func VerifyResourceEnvVarUpdate(clients kube.Clients, config util.Config, envVarPostfix string, upgradeFuncs callbacks.RollingUpgradeFuncs) bool {
 	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)
 	for _, i := range items {
 		containers := upgradeFuncs.ContainersFunc(i)
@@ -836,7 +860,45 @@ func VerifyResourceUpdate(clients kube.Clients, config util.Config, envVarPostfi
 
 		if matches {
 			envName := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + envVarPostfix
-			updated := GetResourceSHA(containers, envName)
+			updated := GetResourceSHAFromEnvVar(containers, envName)
+			if updated == config.SHAValue {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// VerifyResourceAnnotationUpdate verifies whether the rolling upgrade happened or not
+func VerifyResourceAnnotationUpdate(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs) bool {
+	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)
+	for _, i := range items {
+		podAnnotations := upgradeFuncs.PodAnnotationsFunc(i)
+		// match statefulsets with the correct annotation
+		annotationValue := util.ToObjectMeta(i).Annotations[config.Annotation]
+		searchAnnotationValue := util.ToObjectMeta(i).Annotations[options.AutoSearchAnnotation]
+		reloaderEnabledValue := util.ToObjectMeta(i).Annotations[options.ReloaderAutoAnnotation]
+		reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
+		matches := false
+		if err == nil && reloaderEnabled {
+			matches = true
+		} else if annotationValue != "" {
+			values := strings.Split(annotationValue, ",")
+			for _, value := range values {
+				value = strings.Trim(value, " ")
+				if value == config.ResourceName {
+					matches = true
+					break
+				}
+			}
+		} else if searchAnnotationValue == "true" {
+			if config.ResourceAnnotations[options.SearchMatchAnnotation] == "true" {
+				matches = true
+			}
+		}
+
+		if matches {
+			updated := GetResourceSHAFromAnnotation(podAnnotations)
 			if updated == config.SHAValue {
 				return true
 			}

internal/pkg/util/reload_source.go

@@ -0,0 +1,39 @@
+package util
+
+import "time"
+
+type ReloadSource struct {
+	Type          string   `json:"type"`
+	Name          string   `json:"name"`
+	Namespace     string   `json:"namespace"`
+	Hash          string   `json:"hash"`
+	ContainerRefs []string `json:"containerRefs"`
+	ObservedAt    int64    `json:"observedAt"`
+}
+
+func NewReloadSource(
+	resourceName string,
+	resourceNamespace string,
+	resourceType string,
+	resourceHash string,
+	containerRefs []string,
+) ReloadSource {
+	return ReloadSource{
+		ObservedAt:    time.Now().Unix(),
+		Name:          resourceName,
+		Namespace:     resourceNamespace,
+		Type:          resourceType,
+		Hash:          resourceHash,
+		ContainerRefs: containerRefs,
+	}
+}
+
+func NewReloadSourceFromConfig(config Config, containerRefs []string) ReloadSource {
+	return NewReloadSource(
+		config.ResourceName,
+		config.Namespace,
+		config.Type,
+		config.SHAValue,
+		containerRefs,
+	)
+}

stk.yaml

@@ -1,4 +0,0 @@
-issues:
-  kind: 1
-  url: https://aurorasolutions.atlassian.net
-  project: STK