[skip-ci] Update artifacts

* issue/562 - enhance documentation for Reloader Chart values.yaml

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - aligned unordered list indentation

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - removed leading reloader due to QA spell check issues

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - updated failing qa / spell_check README checks

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>

* issue/562 - changed from helm to bash where needed

Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>

---------

Signed-off-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Signed-off-by: Benjamin Walterscheid <52604859+fdberlking@users.noreply.github.com>
Co-authored-by: Benjamin Walterscheid <benjamin.walterscheid@de.ibm.com>
Co-authored-by: Karl-Johan Grahn <6355577+karl-johan-grahn@users.noreply.github.com>

.github/workflows/pull_request.yaml

@@ -14,7 +14,7 @@ env:
 
 jobs:
   qa:
-    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.64
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.65
     with:
       MD_CONFIG: .github/md_config.json
       DOC_SRC: README.md docs

.github/workflows/push.yaml

@@ -205,6 +205,9 @@ jobs:
           helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
           helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
 
+      - name: Remove labels and annotations from manifests
+        run: make remove-labels-annotations
+
       # Publish helm chart
       - name: Login to ghcr via helm
         run: |

.vale.ini

@@ -1,7 +1,7 @@
 StylesPath = styles
 MinAlertLevel = warning
 
-Packages = https://github.com/stakater/vale-package/releases/download/v0.0.6/Stakater.zip
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.14/Stakater.zip
 Vocab = Stakater
 
 # Only check MarkDown files

Makefile

@@ -86,3 +86,25 @@ bump-chart:
 	sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml
 	sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
 	sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
+
+YQ_VERSION = v4.42.1
+YQ_BIN = $(shell pwd)/yq
+CURRENT_ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
+
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_$(CURRENT_ARCH)"
+
+yq-install:
+	@echo "Downloading yq $(YQ_VERSION) for linux/$(CURRENT_ARCH)"
+	@curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN)
+	@chmod +x $(YQ_BIN)
+	@echo "yq $(YQ_VERSION) installed at $(YQ_BIN)"
+
+remove-labels-annotations: yq-install
+	@for file in $$(find deployments/kubernetes/manifests -type f -name '*.yaml'); do \
+		echo "Processing $$file"; \
+		$(YQ_BIN) eval 'del(.metadata.labels, .metadata.annotations)' -i "$$file"; \
+	done
+	$(YQ_BIN) eval 'del(.spec.template.metadata.labels)' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval 'del(.spec.selector.matchLabels)' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval '.spec.selector.matchLabels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml
+	$(YQ_BIN) eval '.spec.template.metadata.labels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml

README.md

@@ -189,7 +189,7 @@ By default, Reloader gets deployed in `default` namespace and watches changes `s
 Reloader can be configured to ignore the resources `secrets` and `configmaps` by passing the following arguments (`spec.template.spec.containers.args`) to its container :
 
 | Argument                         | Description          |
-| -------------------------------- | -------------------- |
+|----------------------------------|----------------------|
 | --resources-to-ignore=configMaps | To ignore configMaps |
 | --resources-to-ignore=secrets    | To ignore secrets    |
 
@@ -199,7 +199,7 @@ Reloader can be configured to only watch secrets/configmaps with one or more lab
 
 **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
 
-These selectors can be combined together, for example with:
+These selectors can be combined, for example with:
 
 ```yaml
 --resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3)
@@ -211,20 +211,17 @@ Only configmaps or secrets labeled like the following will be watched:
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  ...
   labels:
     reloader: enabled
     key-exists: yes
     another-label: value1
-
-  ...
 ```
 
 Reloader can be configured to only watch namespaces labeled with one or more labels using the `--namespace-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
 
 **Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
 
-These selectors can be combined together, for example with:
+These selectors can be combined, for example with:
 
 ```yaml
 --namespace-selector=reloader=enabled,test=true
@@ -236,11 +233,9 @@ Only namespaces labeled as below would be watched and eligible for reloads:
 kind: Namespace
 apiVersion: v1
 metadata:
-  ...
   labels:
     reloader: enabled
     test: true
-  ...
 ```
 
 ### Vanilla Kustomize
@@ -261,7 +256,7 @@ You can write your own `kustomization.yaml` using ours as a 'base' and write pat
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-bases:
+resources:
   - https://github.com/stakater/Reloader/deployments/kubernetes
 
 namespace: reloader
@@ -271,67 +266,116 @@ namespace: reloader
 
 Alternatively if you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow [this](docs/Helm2-to-Helm3.md) guide, in case you have trouble migrating Reloader from Helm2 to Helm3.
 
+#### Installation
+
 ```bash
 helm repo add stakater https://stakater.github.io/stakater-charts
 
 helm repo update
 
 helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+
+helm install {{RELEASE_NAME}} stakater/reloader -n {{NAMESPACE}} --set reloader.watchGlobally=false # By default, Reloader watches in all namespaces. To watch in single namespace, set watchGlobally=false
+
+helm install stakater/reloader --set reloader.watchGlobally=false --namespace test --generate-name # Install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
 ```
 
-**Note:** By default Reloader watches in all namespaces. To watch in single namespace, please run following command. It will install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
+#### Uninstalling
 
 ```bash
-helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name
+helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
 ```
 
-Reloader can be configured to ignore the resources `secrets` and `configmaps` by using the following parameters of `values.yaml` file:
+### Parameters
 
-| Parameter        | Description                                                    | Type    |
-| ---------------- | -------------------------------------------------------------- | ------- |
-| ignoreSecrets    | To ignore secrets. Valid value are either `true` or `false`    | boolean |
-| ignoreConfigMaps | To ignore configMaps. Valid value are either `true` or `false` | boolean |
+#### Global Parameters
 
-**Note:** At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.
+| Parameter                 | Description                                                     | Type  | Default |
+|---------------------------|-----------------------------------------------------------------|-------|---------|
+| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | array | `[]`    |
 
-Reloader can be configured to only watch namespaces labeled with one or more labels using the `namespaceSelector` parameter
+#### Common Parameters
 
-| Parameter            | Description                                                                        | Type    |
-| ----------------     | ---------------------------------------------------------------------------------- | ------- |
-| namespaceSelector    | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string  |
+| Parameter          | Description                   | Type   | Default |
+|--------------------|-------------------------------|--------|---------|
+| `nameOverride`     | replace the name of the chart | string | `""`    |
+| `fullnameOverride` | replace the generated name    | string | `""`    |
 
-Reloader can be configured to only watch configmaps/secrets labeled with one or more labels using the `resourceLabelSelector` parameter
+#### Core Reloader Parameters
 
-| Parameter              | Description                                                                        | Type    |
-| ---------------------- | ---------------------------------------------------------------------------------- | ------- |
-| resourceLabelSelector  | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string  |
+| Parameter                         | Description                                                                                                                                         | Type        | Default   |
+|-----------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|-------------|-----------|
+| `reloader.autoReloadAll`          |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.isArgoRollouts`         | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                                    | boolean     | `false`   |
+| `reloader.isOpenshift`            | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                                        | boolean     | `false`   |
+| `reloader.ignoreSecrets`          | To ignore secrets. Valid value are either `true` or `false`. Either `ignoreSecrets` or `ignoreConfigMaps` can be ignored, not both at the same time | boolean     | `false`   |
+| `reloader.ignoreConfigMaps`       | To ignore configMaps. Valid value are either `true` or `false`                                                                                      | boolean     | `false`   |
+| `reloader.reloadOnCreate`         | Enable reload on create events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.syncAfterRestart`       | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false`          | boolean     | `false`   |
+| `reloader.reloadStrategy`         | Strategy to trigger resource restart, set to either `default`, `env-vars` or `annotations`                                                          | enumeration | `default` |
+| `reloader.ignoreNamespaces`       | List of comma separated namespaces to ignore, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.namespaceSelector`      | List of comma separated namespaces to select, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.resourceLabelSelector`  | List of comma separated label selectors, if multiple are provided they are combined with the AND operator                                           | string      | `""`      |
+| `reloader.logFormat`              | Set type of log format. Value could be either `json` or `""`                                                                                        | string      | `""`      |
+| `reloader.watchGlobally`          | Allow Reloader to watch in all namespaces (`true`) or just in a single namespace (`false`)                                                          | boolean     | `true`    |
+| `reloader.enableHA`               | Enable leadership election allowing you to run multiple replicas                                                                                    | boolean     | `false`   |
+| `reloader.readOnlyRootFileSystem` | Enforce readOnlyRootFilesystem                                                                                                                      | boolean     | `false`   |
+| `reloader.legacy.rbac`            |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.matchLabels`            | Pod labels to match                                                                                                                                 | map         | `{}`      |
 
-**Note:** Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
+#### Deployment Reloader Parameters
 
-You can also set the log format of Reloader to JSON by setting `logFormat` to `json` in `values.yaml` and apply the chart.
+| Parameter                                       | Description                                                                             | Type   | Default           |
+|-------------------------------------------------|-----------------------------------------------------------------------------------------|--------|-------------------|
+| `reloader.deployment.replicas`                  | Number of replicas, if you wish to run multiple replicas set `reloader.enableHA = true` | int    | 1                 |
+| `reloader.deployment.revisionHistoryLimit`      | Limit the number of revisions retained in the revision history                          | int    | 2                 |
+| `reloader.deployment.nodeSelector`              | Scheduling pod to a specific node based on set labels                                   | map    | `{}`              |
+| `reloader.deployment.affinity`                  | Set affinity rules on pod                                                               | map    | `{}`              |
+| `reloader.deployment.securityContext`           | Set pod security context                                                                | map    | `{}`              |
+| `reloader.deployment.containerSecurityContext`  | Set container security context                                                          | map    | `{}`              |
+| `reloader.deployment.tolerations`               | A list of `tolerations` to be applied to the deployment                                 | array  | `[]`              |
+| `reloader.deployment.topologySpreadConstraints` | Topology spread constraints for pod assignment                                          | array  | `[]`              |
+| `reloader.deployment.annotations`               | Set deployment annotations                                                              | map    | `{}`              |
+| `reloader.deployment.labels`                    | Set deployment labels, default to stakater settings                                     | array  | `see values.yaml` |
+| `reloader.deployment.image`                     | Set container image name, tag and policy                                                | array  | `see values.yaml` |
+| `reloader.deployment.env`                       | Support for extra environment variables                                                 | array  | `[]`              |
+| `reloader.deployment.livenessProbe`             | Set liveness probe timeout values                                                       | map    | `{}`              |
+| `reloader.deployment.readinessProbe`            | Set readiness probe timeout values                                                      | map    | `{}`              |
+| `reloader.deployment.resources`                 | Set container requests and limits (e.g. CPU or memory)                                  | map    | `{}`              |
+| `reloader.deployment.pod.annotations`           | Set annotations for pod                                                                 | map    | `{}`              |
+| `reloader.deployment.priorityClassName`         | Set priority class for pod in cluster                                                   | string | `""`              |
 
-You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonitor.enabled` or `podMonitor.enabled`  to `true` in `values.yaml` file. Service monitor will be removed in future releases of Reloader in favour of Pod monitor.
+#### Other Reloader Parameters
 
-**Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:
+| Parameter                              | Description                                                     | Type    | Default |
+|----------------------------------------|-----------------------------------------------------------------|---------|---------|
+| `reloader.service`                     |                                                                 | map     | `{}`    |
+| `reloader.rbac.enabled`                | Specifies whether a role based access control should be created | boolean | `true`  |
+| `reloader.serviceAccount.create`       | Specifies whether a ServiceAccount should be created            | boolean | `true`  |
+| `reloader.custom_annotations`          | Add custom annotations                                          | map     | `{}`    |
+| `reloader.serviceMonitor.enabled`      | Enable to scrape Reloader's Prometheus metrics (legacy)         | boolean | `false` |
+| `reloader.podMonitor.enabled`          | Enable to scrape Reloader's Prometheus metrics                  | boolean | `false` |
+| `reloader.podDisruptionBudget.enabled` | Limit the number of pods of a replicated application            | boolean | `false` |
+| `reloader.netpol.enabled`              |                                                                 | boolean | `false` |
+| `reloader.volumeMounts`                | Mount volume                                                    | array   | `[]`    |
+| `reloader.volumes`                     | Add volume to a pod                                             | array   | `[]`    |
+| `reloader.webhookUrl`                  | Add webhook to Reloader                                         | string  | `""`    |
 
-| Parameter        | Description                                                                                                                              | Type    |
-|------------------|------------------------------------------------------------------------------------------------------------------------------------------| ------- |
-| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                             | boolean |
-| isArgoRollouts   | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                           | boolean |
-| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`                                                                 | boolean |
-| syncAfterRestart | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean |
+#### Additional Remarks
 
-**isOpenShift** Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install.
-
-**ReloadOnCreate** reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:
-
-- Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload.
-- When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload.
-- If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected.
-
-If ReloadOnCreate is set to false:
-
-- Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration.
+- Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
+- At one time only one of the resources `ignoreConfigMaps` or `ignoreSecrets` can be ignored, trying to do both will cause error in helm template compilation
+- Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions
+- `isOpenShift` Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install
+- `reloadOnCreate` controls how Reloader handles secrets being added to the cache for the first time. If `reloadOnCreate` is set to true:
+  1. Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload
+  1. When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload
+  1. If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected
+- `serviceMonitor` will be removed in future releases of Reloader in favour of Pod monitor
+- If `reloadOnCreate` is set to false:
+  1. Updates to configmaps/secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs
+  1. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration
+- By default, `reloadOnCreate` and `syncAfterRestart` are both set to false. Both need to be enabled explicitly
 
 ## Help
 
@@ -347,7 +391,7 @@ File a GitHub [issue](https://github.com/stakater/Reloader/issues).
 
 Join and talk to us on Slack for discussing Reloader
 
-[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
+[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater.slack.com/)
 [![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
 
 ## Contributing
@@ -360,7 +404,7 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r
 
 1. Deploy Reloader.
 1. Run `okteto up` to activate your development container.
-1. `make build`.
+1. `make build`
 1. `./Reloader`
 
 PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 1.0.65
-appVersion: v1.0.65
+version: 1.0.75
+appVersion: v1.0.75
 keywords:
   - Reloader
   - kubernetes

deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml

@@ -10,6 +10,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   podSelector:
     matchLabels:

deployments/kubernetes/chart/reloader/templates/poddisruptionbudget.yaml

@@ -3,6 +3,7 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
   minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }}
   selector:

deployments/kubernetes/chart/reloader/templates/podmonitor.yaml

@@ -14,6 +14,8 @@ metadata:
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.podMonitor.namespace }}
   namespace: {{ tpl .Values.reloader.podMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
   podMetricsEndpoints:

deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml

@@ -14,6 +14,8 @@ metadata:
   name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.serviceMonitor.namespace }}
   namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
   endpoints:

deployments/kubernetes/chart/reloader/templates/verticalpodautoscaler.yaml

@@ -0,0 +1,40 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+  labels:
+    {{- include "reloader-labels.chart" . | nindent 4 }}
+spec:
+  {{- with .Values.reloader.verticalPodAutoscaler.recommenders }}
+  recommenders:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  resourcePolicy:
+    containerPolicies:
+    - containerName: {{ template "reloader-fullname" . }}
+      {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }}
+      controlledResources:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }}
+      maxAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }}
+      minAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }}
+      {{- end }}
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "reloader-fullname" . }}
+  {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }}
+  updatePolicy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

deployments/kubernetes/chart/reloader/values.yaml

@@ -55,6 +55,8 @@ reloader:
     securityContext:
       runAsNonRoot: true
       runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault
 
     containerSecurityContext: {}
       # capabilities:
@@ -87,10 +89,10 @@ reloader:
     labels:
       provider: stakater
       group: com.stakater.platform
-      version: v1.0.65
+      version: v1.0.75
     image:
       name: ghcr.io/stakater/reloader
-      tag: v1.0.65
+      tag: v1.0.75
       pullPolicy: IfNotPresent
     # Support for extra environment variables.
     env:
@@ -280,7 +282,38 @@ reloader:
     #     matchLabels:
     #       app.kubernetes.io/name: prometheus
     to: []
-    
+
+  # Enable vertical pod autoscaler
+  verticalPodAutoscaler:
+    enabled: false
+
+    # Recommender responsible for generating recommendation for the object.
+    # List should be empty (then the default recommender will generate the recommendation)
+    # or contain exactly one recommender.
+    # recommenders:
+    # - name: custom-recommender-performance
+
+    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+    controlledResources: []
+    # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
+    # controlledValues: RequestsAndLimits
+
+    # Define the max allowed resources for the pod
+    maxAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+    # Define the min allowed resources for the pod
+    minAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+
+    updatePolicy:
+      # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
+      # minReplicas: 1
+      # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+      # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+      updateMode: Auto
+
   volumeMounts: []
 
   volumes: []

deployments/kubernetes/manifests/clusterrole.yaml

@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRole
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.65"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role
 rules:
   - apiGroups:

deployments/kubernetes/manifests/clusterrolebinding.yaml

@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRoleBinding
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.65"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader-role-binding
 roleRef:
   apiGroup: rbac.authorization.k8s.io

deployments/kubernetes/manifests/deployment.yaml

@@ -3,18 +3,6 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.65"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
-    group: com.stakater.platform
-    provider: stakater
-    version: v1.0.65
   name: reloader-reloader
   namespace: default
 spec:
@@ -23,49 +11,40 @@ spec:
   selector:
     matchLabels:
       app: reloader-reloader
-      release: "reloader"
   template:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-1.0.65"
-        release: "reloader"
-        heritage: "Helm"
-        app.kubernetes.io/managed-by: "Helm"
-        group: com.stakater.platform
-        provider: stakater
-        version: v1.0.65
     spec:
       containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.65"
-        imagePullPolicy: IfNotPresent
-        name: reloader-reloader
-
-        ports:
-        - name: http
-          containerPort: 9090
-        livenessProbe:
-          httpGet:
-            path: /live
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /metrics
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-
-        securityContext:
-          {}
-      securityContext: 
+        - image: "ghcr.io/stakater/reloader:v1.0.75"
+          imagePullPolicy: IfNotPresent
+          name: reloader-reloader
+          ports:
+            - name: http
+              containerPort: 9090
+          livenessProbe:
+            httpGet:
+              path: /live
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          securityContext: {}
+      securityContext:
         runAsNonRoot: true
         runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: reloader-reloader

deployments/kubernetes/manifests/serviceaccount.yaml

@@ -3,14 +3,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.65"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
   name: reloader-reloader
   namespace: default

deployments/kubernetes/reloader.yaml

@@ -8,7 +8,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.65"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -25,7 +25,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.65"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -92,7 +92,7 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.65"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
@@ -115,13 +115,13 @@ metadata:
     meta.helm.sh/release-name: "reloader"
   labels:
     app: reloader-reloader
-    chart: "reloader-1.0.65"
+    chart: "reloader-1.0.75"
     release: "reloader"
     heritage: "Helm"
     app.kubernetes.io/managed-by: "Helm"
     group: com.stakater.platform
     provider: stakater
-    version: v1.0.65
+    version: v1.0.75
   name: reloader-reloader
   namespace: default
 spec:
@@ -135,16 +135,16 @@ spec:
     metadata:
       labels:
         app: reloader-reloader
-        chart: "reloader-1.0.65"
+        chart: "reloader-1.0.75"
         release: "reloader"
         heritage: "Helm"
         app.kubernetes.io/managed-by: "Helm"
         group: com.stakater.platform
         provider: stakater
-        version: v1.0.65
+        version: v1.0.75
     spec:
       containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.65"
+      - image: "ghcr.io/stakater/reloader:v1.0.75"
         imagePullPolicy: IfNotPresent
         name: reloader-reloader
 
@@ -175,4 +175,6 @@ spec:
       securityContext: 
         runAsNonRoot: true
         runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: reloader-reloader

go.mod

@@ -3,7 +3,7 @@ module github.com/stakater/Reloader
 go 1.21
 
 require (
-	github.com/argoproj/argo-rollouts v1.6.5
+	github.com/argoproj/argo-rollouts v1.6.6
 	github.com/openshift/api v3.9.0+incompatible
 	github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba
 	github.com/parnurzeal/gorequest v0.2.16

go.sum

@@ -4,6 +4,8 @@ github.com/argoproj/argo-rollouts v1.6.4 h1:mPa08VDNNk1/1Tq7I4QvWe5p+eDaBzVFVo1T
 github.com/argoproj/argo-rollouts v1.6.4/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
 github.com/argoproj/argo-rollouts v1.6.5 h1:VDAp9PGboRbzd9tQJ/8IkaI+KrvWIRrpfSV5aeX0GUQ=
 github.com/argoproj/argo-rollouts v1.6.5/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
+github.com/argoproj/argo-rollouts v1.6.6 h1:JCJ0cGAwWkh2xCAHZ1OQmrobysRjCatmG9IZaLJpS1g=
+github.com/argoproj/argo-rollouts v1.6.6/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=