[skip-ci] Update artifacts

* issue/562 - enhance documentation for Reloader Chart values.yaml

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - aligned unordered list indentation

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - removed leading reloader due to QA spell check issues

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - changed from helm to bash where needed

Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>

---------

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Co-authored-by: Karl-Johan Grahn <6355577+karl-johan-grahn@users.noreply.github.com>

.github/workflows/pull_request.yaml

@@ -14,7 +14,7 @@ env:
 
 jobs:
   qa:
-    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.53
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.65
     with:
       MD_CONFIG: .github/md_config.json
       DOC_SRC: README.md docs

.github/workflows/push.yaml

@@ -205,6 +205,9 @@ jobs:
           helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
           helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
 
+      - name: Remove labels and annotations from manifests
+        run: make remove-labels-annotations
+
       # Publish helm chart
       - name: Login to ghcr via helm
         run: |

.gitignore

@@ -11,4 +11,5 @@ vendor
 dist
 Reloader
 !**/chart/reloader
-*.tgz
+*.tgz
+styles/

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "vocabulary"]
-	path = vocabulary
-	url = git@github.com:stakater/vocabulary.git

.vale.ini

@@ -1,7 +1,8 @@
-StylesPath = "vocabulary/styles"
+StylesPath = styles
 MinAlertLevel = warning
 
-Vocab = "Stakater"
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.14/Stakater.zip
+Vocab = Stakater
 
 # Only check MarkDown files
 [*.md]

Dockerfile

@@ -2,7 +2,7 @@ ARG BUILDER_IMAGE
 ARG BASE_IMAGE
 
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.21.4} as builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.21.6} as builder
 
 ARG TARGETOS
 ARG TARGETARCH

Makefile

@@ -86,3 +86,25 @@ bump-chart:
 	sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml
 	sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
 	sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
+
+YQ_VERSION = v4.42.1
+YQ_BIN = $(shell pwd)/yq
+CURRENT_ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
+
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_$(CURRENT_ARCH)"
+
+yq-install:
+	@echo "Downloading yq $(YQ_VERSION) for linux/$(CURRENT_ARCH)"
+	@curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN)
+	@chmod +x $(YQ_BIN)
+	@echo "yq $(YQ_VERSION) installed at $(YQ_BIN)"
+
+remove-labels-annotations: yq-install
+	@for file in $$(find deployments/kubernetes/manifests -type f -name '*.yaml'); do \
+		echo "Processing $$file"; \
+		$(YQ_BIN) eval 'del(.metadata.labels, .metadata.annotations)' -i "$$file"; \
+	done
+	$(YQ_BIN) eval 'del(.spec.template.metadata.labels)' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval 'del(.spec.selector.matchLabels)' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval '.spec.selector.matchLabels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval '.spec.template.metadata.labels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml

README.md

@@ -189,7 +189,7 @@ By default, Reloader gets deployed in `default` namespace and watches changes `s
 Reloader can be configured to ignore the resources `secrets` and `configmaps` by passing the following arguments (`spec.template.spec.containers.args`) to its container :
 
 | Argument                         | Description          |
-| -------------------------------- | -------------------- |
+|----------------------------------|----------------------|
 | --resources-to-ignore=configMaps | To ignore configMaps |
 | --resources-to-ignore=secrets    | To ignore secrets    |
 
@@ -199,7 +199,7 @@ Reloader can be configured to only watch secrets/configmaps with one or more lab
 
 **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
 
-These selectors can be combined together, for example with:
+These selectors can be combined, for example with:
 
 ```yaml
 --resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3)
@@ -211,20 +211,17 @@ Only configmaps or secrets labeled like the following will be watched:
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  ...
   labels:
     reloader: enabled
     key-exists: yes
     another-label: value1
-
-  ...
 ```
 
 Reloader can be configured to only watch namespaces labeled with one or more labels using the `--namespace-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
 
 **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
 
-These selectors can be combined together, for example with:
+These selectors can be combined, for example with:
 
 ```yaml
 --namespace-selector=reloader=enabled,test=true
@@ -236,11 +233,9 @@ Only namespaces labeled as below would be watched and eligible for reloads:
 kind: Namespace
 apiVersion: v1
 metadata:
-  ...
   labels:
     reloader: enabled
     test: true
-  ...
 ```
 
 ### Vanilla Kustomize
@@ -261,7 +256,7 @@ You can write your own `kustomization.yaml` using ours as a 'base' and write pat
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-bases:
+resources:
   - https://github.com/stakater/Reloader/deployments/kubernetes
 
 namespace: reloader
@@ -271,67 +266,116 @@ namespace: reloader
 
 Alternatively if you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow [this](docs/Helm2-to-Helm3.md) guide, in case you have trouble migrating Reloader from Helm2 to Helm3.
 
+#### Installation
+
 ```bash
 helm repo add stakater https://stakater.github.io/stakater-charts
 
 helm repo update
 
 helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+
+helm install {{RELEASE_NAME}} stakater/reloader -n {{NAMESPACE}} --set reloader.watchGlobally=false # By default, Reloader watches in all namespaces. To watch in single namespace, set watchGlobally=false
+
+helm install stakater/reloader --set reloader.watchGlobally=false --namespace test --generate-name # Install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
 ```
 
-**Note:** By default Reloader watches in all namespaces. To watch in single namespace, please run following command. It will install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
+#### Uninstalling
 
 ```bash
-helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name
+helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
 ```
 
-Reloader can be configured to ignore the resources `secrets` and `configmaps` by using the following parameters of `values.yaml` file:
+### Parameters
 
-| Parameter        | Description                                                    | Type    |
-| ---------------- | -------------------------------------------------------------- | ------- |
-| ignoreSecrets    | To ignore secrets. Valid value are either `true` or `false`    | boolean |
-| ignoreConfigMaps | To ignore configMaps. Valid value are either `true` or `false` | boolean |
+#### Global Parameters
 
-**Note:** At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.
+| Parameter                 | Description                                                     | Type  | Default |
+|---------------------------|-----------------------------------------------------------------|-------|---------|
+| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | array | `[]`    |
 
-Reloader can be configured to only watch namespaces labeled with one or more labels using the `namespaceSelector` parameter
+#### Common Parameters
 
-| Parameter            | Description                                                                        | Type    |
-| ----------------     | ---------------------------------------------------------------------------------- | ------- |
-| namespaceSelector    | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string  |
+| Parameter          | Description                   | Type   | Default |
+|--------------------|-------------------------------|--------|---------|
+| `nameOverride`     | replace the name of the chart | string | `""`    |
+| `fullnameOverride` | replace the generated name    | string | `""`    |
 
-Reloader can be configured to only watch configmaps/secrets labeled with one or more labels using the `resourceLabelSelector` parameter
+#### Core Reloader Parameters
 
-| Parameter              | Description                                                                        | Type    |
-| ---------------------- | ---------------------------------------------------------------------------------- | ------- |
-| resourceLabelSelector  | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string  |
+| Parameter                         | Description                                                                                                                                         | Type        | Default   |
+|-----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|-------------|-----------|
+| `reloader.autoReloadAll`          |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.isArgoRollouts`         | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                                    | boolean     | `false`   |
+| `reloader.isOpenshift`            | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                                        | boolean     | `false`   |
+| `reloader.ignoreSecrets`          | To ignore secrets. Valid value are either `true` or `false`. Either `ignoreSecrets` or `ignoreConfigMaps` can be ignored, not both at the same time | boolean     | `false`   |
+| `reloader.ignoreConfigMaps`       | To ignore configMaps. Valid value are either `true` or `false`                                                                                      | boolean     | `false`   |
+| `reloader.reloadOnCreate`         | Enable reload on create events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.syncAfterRestart`       | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false`          | boolean     | `false`   |
+| `reloader.reloadStrategy`         | Strategy to trigger resource restart, set to either `default`, `env-vars` or `annotations`                                                          | enumeration | `default` |
+| `reloader.ignoreNamespaces`       | List of comma separated namespaces to ignore, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.namespaceSelector`      | List of comma separated namespaces to select, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.resourceLabelSelector`  | List of comma separated label selectors, if multiple are provided they are combined with the AND operator                                           | string      | `""`      |
+| `reloader.logFormat`              | Set type of log format. Value could be either `json` or `""`                                                                                        | string      | `""`      |
+| `reloader.watchGlobally`          | Allow Reloader to watch in all namespaces (`true`) or just in a single namespace (`false`)                                                          | boolean     | `true`    |
+| `reloader.enableHA`               | Enable leadership election allowing you to run multiple replicas                                                                                    | boolean     | `false`   |
+| `reloader.readOnlyRootFileSystem` | Enforce readOnlyRootFilesystem                                                                                                                      | boolean     | `false`   |
+| `reloader.legacy.rbac`            |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.matchLabels`            | Pod labels to match                                                                                                                                 | map         | `{}`      |
 
-**Note:** Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
+#### Deployment Reloader Parameters
 
-You can also set the log format of Reloader to json by setting `logFormat` to `json` in values.yaml and apply the chart.
+| Parameter                                       | Description                                                                             | Type   | Default           |
+|-------------------------------------------------|-----------------------------------------------------------------------------------------|--------|-------------------|
+| `reloader.deployment.replicas`                  | Number of replicas, if you wish to run multiple replicas set `reloader.enableHA = true` | int    | 1                 |
+| `reloader.deployment.revisionHistoryLimit`      | Limit the number of revisions retained in the revision history                          | int    | 2                 |
+| `reloader.deployment.nodeSelector`              | Scheduling pod to a specific node based on set labels                                   | map    | `{}`              |
+| `reloader.deployment.affinity`                  | Set affinity rules on pod                                                               | map    | `{}`              |
+| `reloader.deployment.securityContext`           | Set pod security context                                                                | map    | `{}`              |
+| `reloader.deployment.containerSecurityContext`  | Set container security context                                                          | map    | `{}`              |
+| `reloader.deployment.tolerations`               | A list of `tolerations` to be applied to the deployment                                 | array  | `[]`              |
+| `reloader.deployment.topologySpreadConstraints` | Topology spread constraints for pod assignment                                          | array  | `[]`              |
+| `reloader.deployment.annotations`               | Set deployment annotations                                                              | map    | `{}`              |
+| `reloader.deployment.labels`                    | Set deployment labels, default to stakater settings                                     | array  | `see values.yaml` |
+| `reloader.deployment.image`                     | Set container image name, tag and policy                                                | array  | `see values.yaml` |
+| `reloader.deployment.env`                       | Support for extra environment variables                                                 | array  | `[]`              |
+| `reloader.deployment.livenessProbe`             | Set liveness probe timeout values                                                       | map    | `{}`              |
+| `reloader.deployment.readinessProbe`            | Set readiness probe timeout values                                                      | map    | `{}`              |
+| `reloader.deployment.resources`                 | Set container requests and limits (e.g. CPU or memory)                                  | map    | `{}`              |
+| `reloader.deployment.pod.annotations`           | Set annotations for pod                                                                 | map    | `{}`              |
+| `reloader.deployment.priorityClassName`         | Set priority class for pod in cluster                                                   | string | `""`              |
 
-You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonitor.enabled` or `podMonitor.enabled`  to `true` in values.yaml file. Service monitor will be removed in future releases of Reloader in favour of Pod monitor.
+#### Other Reloader Parameters
 
-**Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:
+| Parameter                              | Description                                                     | Type    | Default |
+|----------------------------------------|-----------------------------------------------------------------|---------|---------|
+| `reloader.service`                     |                                                                 | map     | `{}`    |
+| `reloader.rbac.enabled`                | Specifies whether a role based access control should be created | boolean | `true`  |
+| `reloader.serviceAccount.create`       | Specifies whether a ServiceAccount should be created            | boolean | `true`  |
+| `reloader.custom_annotations`          | Add custom annotations                                          | map     | `{}`    |
+| `reloader.serviceMonitor.enabled`      | Enable to scrape Reloader's Prometheus metrics (legacy)         | boolean | `false` |
+| `reloader.podMonitor.enabled`          | Enable to scrape Reloader's Prometheus metrics                  | boolean | `false` |
+| `reloader.podDisruptionBudget.enabled` | Limit the number of pods of a replicated application            | boolean | `false` |
+| `reloader.netpol.enabled`              |                                                                 | boolean | `false` |
+| `reloader.volumeMounts`                | Mount volume                                                    | array   | `[]`    |
+| `reloader.volumes`                     | Add volume to a pod                                             | array   | `[]`    |
+| `reloader.webhookUrl`                  | Add webhook to Reloader                                         | string  | `""`    |
 
-| Parameter        | Description                                                                                                                              | Type    |
-|------------------|------------------------------------------------------------------------------------------------------------------------------------------| ------- |
-| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                             | boolean |
-| isArgoRollouts   | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                           | boolean |
-| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`                                                                 | boolean |
-| syncAfterRestart | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean |
+#### Additional Remarks
 
-**isOpenShift** Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an uid range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install.
-
-**ReloadOnCreate** reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:
-
-- Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload.
-- When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload.
-- If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected.
-
-If ReloadOnCreate is set to false:
-
-- Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration.
+- Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
+- At one time only one of the resources `ignoreConfigMaps` or `ignoreSecrets` can be ignored, trying to do both will cause error in helm template compilation
+- Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions
+- `isOpenShift` Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install
+- `reloadOnCreate` controls how Reloader handles secrets being added to the cache for the first time. If `reloadOnCreate` is set to true:
+  1. Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload
+  1. When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload
+  1. If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected
+- `serviceMonitor` will be removed in future releases of Reloader in favour of Pod monitor
+- If `reloadOnCreate` is set to false:
+  1. Updates to configmaps/secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs
+  1. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration
+- By default, `reloadOnCreate` and `syncAfterRestart` are both set to false. Both need to be enabled explicitly
 
 ## Help
 
@@ -347,7 +391,7 @@ File a GitHub [issue](https://github.com/stakater/Reloader/issues).
 
 Join and talk to us on Slack for discussing Reloader
 
-[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
+[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater.slack.com/)
 [![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
 
 ## Contributing
@@ -360,7 +404,7 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r
 
 1. Deploy Reloader.
 1. Run `okteto up` to activate your development container.
-1. `make build`.
+1. `make build`
 1. `./Reloader`
 
 PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 1.0.55
-appVersion: v1.0.55
+version: 1.0.75
+appVersion: v1.0.75
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/deployment.yaml

@@ -57,8 +57,9 @@ spec:
       affinity:
       {{- if .Values.reloader.deployment.affinity }}
 {{ toYaml .Values.reloader.deployment.affinity | indent 8 }}
-      {{- end}}
+      {{- else }}
 {{ include "reloader-podAntiAffinity" . | indent 8 }}
+      {{- end }}
       {{- end }}
       {{- if .Values.reloader.deployment.tolerations }}
       tolerations:

deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml

@@ -10,6 +10,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   podSelector:
     matchLabels:

deployments/kubernetes/chart/reloader/templates/poddisruptionbudget.yaml

@@ -3,6 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }}
   selector:

deployments/kubernetes/chart/reloader/templates/podmonitor.yaml

@@ -14,6 +14,8 @@ metadata:
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.podMonitor.namespace }}
   namespace: {{ tpl .Values.reloader.podMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
   podMetricsEndpoints:

deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml

@@ -14,6 +14,8 @@ metadata:
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.serviceMonitor.namespace }}
   namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
   endpoints:

deployments/kubernetes/chart/reloader/templates/verticalpodautoscaler.yaml

@@ -0,0 +1,40 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+  labels:
+    {{- include "reloader-labels.chart" . | nindent 4 }}
+spec:
+  {{- with .Values.reloader.verticalPodAutoscaler.recommenders }}
+  recommenders:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  resourcePolicy:
+    containerPolicies:
+    - containerName: {{ template "reloader-fullname" . }}
+      {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }}
+      controlledResources:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }}
+      maxAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }}
+      minAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }}
+      {{- end }}
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "reloader-fullname" . }}
+  {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }}
+  updatePolicy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -55,6 +55,8 @@ reloader:
     securityContext:
       runAsNonRoot: true
       runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
 
     containerSecurityContext: {}
       # capabilities:
@@ -87,10 +89,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v1.0.55
+      version: v1.0.75
     image:
       name: ghcr.io/stakater/reloader
-      tag: v1.0.55
+      tag: v1.0.75
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -280,7 +282,38 @@ reloader:
     #     matchLabels:
     #       app.kubernetes.io/name: prometheus
     to: []
-    
+
+  # Enable vertical pod autoscaler
+  verticalPodAutoscaler:
+    enabled: false
+
+    # Recommender responsible for generating recommendation for the object.
+    # List should be empty (then the default recommender will generate the recommendation)
+    # or contain exactly one recommender.
+    # recommenders:
+    # - name: custom-recommender-performance
+
+    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+    controlledResources: []
+    # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
+    # controlledValues: RequestsAndLimits
+
+    # Define the max allowed resources for the pod
+    maxAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+    # Define the min allowed resources for the pod
+    minAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+
+    updatePolicy:
+      # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
+      # minReplicas: 1
+      # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+      # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+      updateMode: Auto
+
   volumeMounts: []
 
   volumes: []

deployments/kubernetes/manifests/clusterrole.yaml

@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRole
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.55"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role
 rules:
   - apiGroups:

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRoleBinding
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.55"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io

deployments/kubernetes/manifests/deployment.yaml

@@ -3,18 +3,6 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.55"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
-    group: com.stakater.platform
-    provider: stakater
-    version: v1.0.55
   name: reloader-reloader
   namespace: default
 spec:
@@ -23,49 +11,40 @@ spec:
   selector:
     matchLabels:
       app: reloader-reloader
-      release: "reloader"
   template:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-1.0.55"
-        release: "reloader"
-        heritage: "Helm"
-        app.kubernetes.io/managed-by: "Helm"
-        group: com.stakater.platform
-        provider: stakater
-        version: v1.0.55
     spec:
       containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.55"
-        imagePullPolicy: IfNotPresent
-        name: reloader-reloader
-
-        ports:
-        - name: http
-          containerPort: 9090
-        livenessProbe:
-          httpGet:
-            path: /live
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /metrics
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-
-        securityContext:
-          {}
-      securityContext: 
+        - image: "ghcr.io/stakater/reloader:v1.0.75"
+          imagePullPolicy: IfNotPresent
+          name: reloader-reloader
+          ports:
+            - name: http
+              containerPort: 9090
+          livenessProbe:
+            httpGet:
+              path: /live
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          securityContext: {}
+      securityContext:
         runAsNonRoot: true
         runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: reloader-reloader

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -3,14 +3,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.55"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader
   namespace: default

deployments/kubernetes/reloader.yaml

@@ -8,7 +8,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.55"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -25,7 +25,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.55"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -92,7 +92,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.55"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -115,13 +115,13 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.55"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v1.0.55
+    version: v1.0.75
   name: reloader-reloader
   namespace: default
 spec:
@@ -135,16 +135,16 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-1.0.55"
+        chart: "reloader-1.0.75"
         release: "reloader"
         heritage: "Helm"
         app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v1.0.55
+        version: v1.0.75
     spec:
       containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.55"
+      - image: "ghcr.io/stakater/reloader:v1.0.75"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
 
@@ -175,4 +175,6 @@ spec:
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: reloader-reloader

docs/Alerting.md

@@ -4,11 +4,11 @@ Reloader can alert when it triggers a rolling upgrade on Deployments or Stateful
 
 ## Enabling the feature
 
-In-order to enable this feature, you need to update the `reloader.env.secret` section of values.yaml providing the information needed for alert.
+In-order to enable this feature, you need to update the `reloader.env.secret` section of `values.yaml` providing the information needed for alert:
 
 ```yaml
       ALERT_ON_RELOAD: [ true/false ] Default: false 
-      ALERT_SINK: [ slack/webhook ] Default: webhook
+      ALERT_SINK: [ slack/teams/webhook ] Default: webhook
       ALERT_WEBHOOK_URL: Required if ALERT_ON_RELOAD is true
       ALERT_ADDITIONAL_INFO: Any additional information to be added to alert
 ```

go.mod

@@ -3,7 +3,7 @@ module github.com/stakater/Reloader
 go 1.21
 
 require (
-	github.com/argoproj/argo-rollouts v1.6.4
+	github.com/argoproj/argo-rollouts v1.6.6
 	github.com/openshift/api v3.9.0+incompatible
 	github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba
 	github.com/parnurzeal/gorequest v0.2.16

go.sum

@@ -2,6 +2,10 @@ github.com/argoproj/argo-rollouts v1.6.2 h1:5Eur0FA9F9L0S+MkhxEtQlD9Hwb86U30QgTy
 github.com/argoproj/argo-rollouts v1.6.2/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
 github.com/argoproj/argo-rollouts v1.6.4 h1:mPa08VDNNk1/1Tq7I4QvWe5p+eDaBzVFVo1TmBpHk1I=
 github.com/argoproj/argo-rollouts v1.6.4/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
+github.com/argoproj/argo-rollouts v1.6.5 h1:VDAp9PGboRbzd9tQJ/8IkaI+KrvWIRrpfSV5aeX0GUQ=
+github.com/argoproj/argo-rollouts v1.6.5/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
+github.com/argoproj/argo-rollouts v1.6.6 h1:JCJ0cGAwWkh2xCAHZ1OQmrobysRjCatmG9IZaLJpS1g=
+github.com/argoproj/argo-rollouts v1.6.6/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=

internal/pkg/alerts/alert.go

@@ -33,6 +33,8 @@ func SendWebhookAlert(msg string) {
 
 	if alert_sink == "slack" {
 		sendSlackAlert(webhook_url, webhook_proxy, msg)
+	} else if alert_sink == "teams" {
+		sendTeamsAlert(webhook_url, webhook_proxy, msg)
 	} else {
 		msg = strings.Replace(msg, "*", "", -1)
 		sendRawWebhookAlert(webhook_url, webhook_proxy, msg)
@@ -73,6 +75,29 @@ func sendSlackAlert(webhookUrl string, proxy string, msg string) []error {
 	return nil
 }
 
+// function to send alert to Microsoft Teams webhook
+func sendTeamsAlert(webhookUrl string, proxy string, msg string) []error {
+	attachment := Attachment{
+		Text: msg,
+	}
+
+	request := gorequest.New().Proxy(proxy)
+	resp, _, err := request.
+		Post(webhookUrl).
+		RedirectPolicy(redirectPolicy).
+		Send(attachment).
+		End()
+
+	if err != nil {
+		return err
+	}
+	if resp.StatusCode != 200 {
+		return []error{fmt.Errorf("error sending msg. status: %v", resp.Status)}
+	}
+
+	return nil
+}
+
 // function to send alert to webhook service as text
 func sendRawWebhookAlert(webhookUrl string, proxy string, msg string) []error {
 	request := gorequest.New().Proxy(proxy)

renovate.json

@@ -1,6 +1,21 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:base"
+    "config:recommended"
+  ],
+  "labels": [
+    "dependencies"
+  ],
+  "customManagers": [
+    {
+        "customType": "regex",
+        "fileMatch": [
+            ".vale.ini"
+        ],
+        "matchStrings": [
+            "https:\/\/github\\.com\/(?<depName>.*)\/releases\/download\/(?<currentValue>.*)\/.*\\.zip"
+        ],
+        "datasourceTemplate": "github-releases"
+    }
   ]
 }