chore(deps): update sigstore/cosign-installer action to v3.8.2 (#905 )

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Revert chart labels for seamless upgrades (#903 )
2026-02-14 18:09:50 +00:00 · 2025-04-23 10:51:54 +02:00 · 2025-04-21 19:52:10 +05:00 · 2025-04-20 21:32:07 +02:00 · 2025-04-20 21:21:35 +02:00 · 2025-04-18 14:25:45 +05:00
80 changed files with 4272 additions and 1241 deletions
--- a/.github/workflows/init-branch-release.yaml
+++ b/.github/workflows/init-branch-release.yaml
@@ -0,0 +1,68 @@
+name: Init Release
+on:
+  workflow_dispatch:
+    inputs:
+      TARGET_BRANCH:
+        description: 'TARGET_BRANCH on which release will be based'
+        required: true
+        type: string
+
+      TARGET_VERSION:
+        description: 'TARGET_VERSION to build kubernetes manifests with using Kustomize'
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  prepare-release:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
+    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ref: ${{ inputs.TARGET_BRANCH }}
+
+      - name: Check if TARGET_VERSION is well formed.
+        run: |
+          set -xue
+          # Target version must not contain 'v' prefix
+          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
+            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
+            exit 1
+          fi
+
+      - name: Create VERSION information
+        run: |
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
+          echo "${{ inputs.TARGET_VERSION }}" > VERSION
+
+      - name: Replace latest tag with version from input
+        run: |
+          set -ue
+          VERSION=${{ inputs.TARGET_VERSION }} make update-manifests-version
+          git diff
+
+      - name: Generate new set of manifests
+        run: |
+          set -ue
+          make k8s-manifests
+          git diff
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@v7.0.6
+        with:
+          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
+          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
+          body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }}
+          branch: update-version
+          branch-suffix: random
+          signoff: true
+          labels: release
--- a/.github/workflows/pull_request-helm.yaml
+++ b/.github/workflows/pull_request-helm.yaml
@@ -0,0 +1,90 @@
+name: Pull Request Workflow for Helm Chart changes
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'deployments/kubernetes/chart/reloader/**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
+jobs:
+
+  helm-chart-validation:
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Helm Chart Validation
+
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    # Setting up helm binary
+    - name: Set up Helm
+      uses: azure/setup-helm@v4
+      with:
+        version: v3.11.3
+
+    - name: Helm chart unit tests
+      uses: d3adb5/helm-unittest-action@v2
+      with:
+        charts: deployments/kubernetes/chart/reloader
+
+  helm-version-validation:
+    needs: helm-chart-validation
+
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Helm Version Validation
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'release/helm-chart') }}
+
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    - name: Add Stakater Helm Repo
+      run: |
+        helm repo add stakater https://stakater.github.io/stakater-charts
+
+    - name: Get version for chart from helm repo
+      id: chart_eval
+      run: |
+        current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}')
+        echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT
+
+    - name: Get Updated Chart version from Chart.yaml
+      uses: mikefarah/yq@master
+      id: new_chart_version
+      with:
+        cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml
+
+    - name: Check Version
+      uses: aleoyakas/check-semver-increased-action@v1
+      id: check-version
+      with:
+        current-version: ${{ steps.new_chart_version.outputs.result }}
+        previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }}
+
+    - name: Fail if Helm Chart version isnt updated
+      if: steps.check-version.outputs.is-version-increased != 'true'
+      run: |
+        echo "Helm Chart Version wasnt updated"
+        exit 1
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -1,37 +1,55 @@
-name: Pull Request
+name: Pull Request Workflow for Code changes

 on:
-  pull_request_target:
+  pull_request:
    branches:
      - master
+      - 'v**'
+    paths:
+      - '**'
+      - '!.markdownlint.yaml'
+      - '!.vale.ini'
+      - '!Dockerfile-docs'
+      - '!docs-nginx.conf'
+      - '!docs/**'
+      - '!theme_common'
+      - '!theme_override'
+      - '!deployments/kubernetes/chart/reloader/**'

 env:
  DOCKER_FILE_PATH: Dockerfile
  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
-  KUBERNETES_VERSION: "1.19.0"
-  KIND_VERSION: "0.17.0"
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
  REGISTRY: ghcr.io

 jobs:
  qa:
-    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.64
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.131
    with:
      MD_CONFIG: .github/md_config.json
-      DOC_SRC: README.md docs
+      DOC_SRC: README.md
      MD_LINT_CONFIG: .markdownlint.yaml
+
  build:
+
+    permissions:
+      contents: read
+
    runs-on: ubuntu-latest
    name: Build
-    if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
    steps:
    - name: Check out code
      uses: actions/checkout@v4
      with:
        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0

    # Setting up helm binary
    - name: Set up Helm
-      uses: azure/setup-helm@v3
+      uses: azure/setup-helm@v4
+      with:
+        version: v3.11.3

    - name: Helm chart unit tests
      uses: d3adb5/helm-unittest-action@v2
@@ -45,12 +63,19 @@ jobs:
        check-latest: true
        cache: true

+    # Get highest tag and remove any suffixes with '-'
+    - name: Get Highest tag
+      id: highest_tag
+      run: |
+        highest=$(git tag -l --sort -version:refname | head -n 1)
+        echo "tag=${highest%%-*}" >> $GITHUB_OUTPUT
+
    - name: Install Dependencies
      run: |
        make install

    - name: Run golangci-lint
-      uses: golangci/golangci-lint-action@v3
+      uses: golangci/golangci-lint-action@v6
      with:
        version: latest
        only-new-issues: false
@@ -65,8 +90,7 @@ jobs:
      run: |
        curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
        sudo install ./kubectl /usr/local/bin/ && rm kubectl
-        kubectl version --short --client
-        kubectl version --short --client | grep -q ${KUBERNETES_VERSION}
+        kubectl version --client=true

    - name: Install Kind
      run: |
@@ -98,70 +122,19 @@ jobs:
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

-    - name: Login to Docker Registry
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.STAKATER_DOCKERHUB_USERNAME }}
-        password: ${{ secrets.STAKATER_DOCKERHUB_PASSWORD }}
-
-    - name: Generate image repository path for Docker registry
-      run: |
-        echo DOCKER_IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-
-    - name: Build and Push Docker Image to Docker registry
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ env.DOCKER_FILE_PATH  }}
-        pull: true
-        push: true
-        build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
-        cache-to: type=inline
-        platforms: linux/amd64,linux/arm,linux/arm64
-        tags: |
-          ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
-        labels: |
-          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-          org.opencontainers.image.revision=${{ github.sha }}
-
-    - name: Build and Push Docker UBI Image to Docker registry
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        file: ${{ env.DOCKER_UBI_FILE_PATH  }}
-        pull: true
-        push: true
-        build-args: |
-          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
-          BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
-        cache-to: type=inline
-        platforms: linux/amd64,linux/arm64
-        tags: |
-          ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}
-        labels: |
-          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
-          org.opencontainers.image.revision=${{ github.sha }}
-
-    - name: Login to ghcr registry
-      uses: docker/login-action@v3
-      with:
-        registry: ${{env.REGISTRY}}
-        username: ${{github.actor}}
-        password: ${{secrets.GITHUB_TOKEN}}
-
    - name: Generate image repository path for ghcr registry
      run: |
        echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV

-    - name: Build and Push Docker Image to ghcr registry
-      uses: docker/build-push-action@v5
+    # To identify any broken changes in dockerfiles or dependencies
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v6
      with:
        context: .
        file: ${{ env.DOCKER_FILE_PATH  }}
        pull: true
-        push: true
+        push: false
        build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
        cache-to: type=inline
        platforms: linux/amd64,linux/arm,linux/arm64
@@ -172,16 +145,16 @@ jobs:
          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
          org.opencontainers.image.revision=${{ github.sha }}

-    - name: Build and Push Docker UBI Image to ghcr registry
-      uses: docker/build-push-action@v5
+    - name: Build Docker UBI Image
+      uses: docker/build-push-action@v6
      with:
        context: .
        file: ${{ env.DOCKER_UBI_FILE_PATH  }}
        pull: true
-        push: true
+        push: false
        build-args: |
          BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
-          BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+          BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.highest_tag.outputs.tag }}
        cache-to: type=inline
        platforms: linux/amd64,linux/arm64
        tags: |
@@ -190,23 +163,3 @@ jobs:
          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
          org.opencontainers.image.revision=${{ github.sha }}
-
-    - name: Comment on PR
-      uses: mshick/add-pr-comment@v2
-      if: always()
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        message-success: '@${{ github.actor }} Images are available for testing. `docker pull ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}`\n`docker pull ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_UBI_TAG }}`'
-        message-failure: '@${{ github.actor }} Yikes! You better fix it before anyone else finds out! [Build](https://github.com/${{ github.repository }}/commit/${{ github.event.pull_request.head.sha }}/checks) has Failed!'
-        allow-repeats: true
-
-    - name: Notify Slack
-      uses: 8398a7/action-slack@v3
-      if: always() # Pick up events even if the job fails or is canceled.
-      with:
-        status: ${{ job.status }}
-        fields: repo,author,action,eventName,ref,workflow
-      env:
-        GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-        SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/pull_request_docs.yaml
+++ b/.github/workflows/pull_request_docs.yaml
@@ -0,0 +1,32 @@
+name: Pull Request for Documentation Changes
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - '.markdownlint.yaml'
+      - '.vale.ini'
+      - 'Dockerfile-docs'
+      - 'docs-nginx.conf'
+      - 'docs/**'
+      - 'theme_common'
+      - 'theme_override'
+      - 'deployments/kubernetes/chart/reloader/README.md'
+
+jobs:
+  qa:
+    uses: stakater/.github/.github/workflows/pull_request_doc_qa.yaml@v0.0.131
+    with:
+      MD_CONFIG: .github/md_config.json
+      DOC_SRC: docs
+      MD_LINT_CONFIG: .markdownlint.yaml
+  build:
+    uses: stakater/.github/.github/workflows/pull_request_container_build.yaml@v0.0.131
+    with:
+      DOCKER_FILE_PATH: Dockerfile-docs
+      CONTAINER_REGISTRY_URL: ghcr.io/stakater
+    secrets:
+      CONTAINER_REGISTRY_USERNAME: ${{ github.actor }}
+      CONTAINER_REGISTRY_PASSWORD: ${{ secrets.GHCR_TOKEN }}
+      SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/push-helm-chart.yaml
+++ b/.github/workflows/push-helm-chart.yaml
@@ -0,0 +1,123 @@
+name: Push Helm Chart
+
+# TODO: fix: workflows have a problem where only code owners' PRs get the actions running
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - master
+    paths:
+      - 'deployments/kubernetes/chart/reloader/**'
+      - '.github/workflows/push-helm-chart.yaml'
+      - '.github/workflows/release-helm-chart.yaml'
+
+env:
+  HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
+  REGISTRY: ghcr.io
+
+jobs:
+  verify-and-push-helm-chart:
+
+    permissions:
+      contents: read
+      id-token: write # needed for signing the images with GitHub OIDC Token
+      packages: write # for pushing and signing container images
+
+    name: Verify and Push Helm Chart
+    if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'release/helm-chart')) }}
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PUBLISH_TOKEN }}
+          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive
+
+      # Setting up helm binary
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.11.3
+
+      - name: Add Stakater Helm Repo
+        run: |
+          helm repo add stakater https://stakater.github.io/stakater-charts
+
+      - name: Get version for chart from helm repo
+        id: chart_eval
+        run: |
+          current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}')
+          echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT
+
+      - name: Get Updated Chart version from Chart.yaml
+        uses: mikefarah/yq@master
+        id: new_chart_version
+        with:
+          cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml
+
+      - name: Check Version
+        uses: aleoyakas/check-semver-increased-action@v1
+        id: check-version
+        with:
+          current-version: ${{ steps.new_chart_version.outputs.result }}
+          previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }}
+
+      - name: Fail if Helm Chart version isnt updated
+        if: steps.check-version.outputs.is-version-increased != 'true'
+        run: |
+          echo "Helm Chart Version wasnt updated"
+          exit 1
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.2
+
+      - name: Login to GHCR Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: stakater-user
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish Helm chart to ghcr.io
+        run: |
+          helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart
+          helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts
+          rm -rf ./packaged-chart
+
+      - name: Sign artifacts with Cosign
+        run: cosign sign --yes ghcr.io/stakater/charts/reloader:${{ steps.new_chart_version.outputs.result }}
+
+      - name: Publish Helm chart to gh-pages
+        uses: stefanprodan/helm-gh-pages@master
+        with:
+          branch: master
+          repository: stakater-charts
+          target_dir: docs
+          token: ${{ secrets.GHCR_TOKEN }}
+          charts_dir: deployments/kubernetes/chart/
+          charts_url: ${{ env.HELM_REGISTRY_URL }}
+          owner: stakater
+          linting: on
+          commit_username: stakater-user
+          commit_email: stakater@gmail.com
+
+      - name: Push new chart tag
+        uses: anothrNick/github-tag-action@1.71.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          WITH_V: false
+          CUSTOM_TAG: chart-v${{ steps.new_chart_version.outputs.result }}
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always() # Pick up events even if the job fails or is canceled.
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/push-pr-image.yaml
+++ b/.github/workflows/push-pr-image.yaml
@@ -0,0 +1,95 @@
+name: Push PR Image on Label
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [ labeled ]
+    paths:
+      - '!.markdownlint.yaml'
+      - '!.vale.ini'
+      - '!Dockerfile-docs'
+      - '!docs-nginx.conf'
+      - '!docs/**'
+      - '!theme_common'
+      - '!theme_override'
+      - '!deployments/kubernetes/chart/reloader/**'
+
+env:
+  DOCKER_FILE_PATH: Dockerfile
+  REGISTRY: ghcr.io
+
+jobs:
+
+  build-and-push-pr-image:
+    permissions:
+      contents: read
+
+    runs-on: ubuntu-latest
+    name: Build and Push PR Image
+    if: ${{ github.event.label.name == 'build-and-push-pr-image' }}
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+      with:
+        ref: ${{github.event.pull_request.head.sha}}
+        fetch-depth: 0
+
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: 'go.mod'
+        check-latest: true
+        cache: true
+
+    - name: Install Dependencies
+      run: |
+        make install
+
+    - name: Run golangci-lint
+      uses: golangci/golangci-lint-action@v6
+      with:
+        version: latest
+        only-new-issues: false
+        args: --timeout 10m
+
+    - name: Generate Tags
+      id: generate_tag
+      run: |
+        sha=${{ github.event.pull_request.head.sha }}
+        tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}"
+        echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Generate image repository path for ghcr registry
+      run: |
+        echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+    - name: Login to ghcr registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{env.REGISTRY}}
+        username: stakater-user
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Build Docker Image
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ env.DOCKER_FILE_PATH  }}
+        pull: true
+        push: true
+        build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+        cache-to: type=inline
+        platforms: linux/amd64,linux/arm,linux/arm64
+        tags: |
+          ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }}
+        labels: |
+          org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+          org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+          org.opencontainers.image.revision=${{ github.sha }}
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -1,50 +1,59 @@
 name: Push

 on:
-  push:
+  pull_request:
+    types:
+      - closed
    branches:
      - master
+      - 'v**'

 env:
  DOCKER_FILE_PATH: Dockerfile
  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
-  KUBERNETES_VERSION: "1.19.0"
-  KIND_VERSION: "0.17.0"
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
  HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
  REGISTRY: ghcr.io

 jobs:
  build:
+
+    permissions:
+      contents: read
+      packages: write # to push artifacts to `ghcr.io`
+
    name: Build
-    if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
+    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest

    steps:
      - name: Check out code
        uses: actions/checkout@v4
        with:
-          token: ${{ secrets.STAKATER_GITHUB_TOKEN }}        
+          token: ${{ secrets.PUBLISH_TOKEN }}
          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive

      # Setting up helm binary
      - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: azure/setup-helm@v4
        with:
          version: v3.11.3
-      
+
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'
          check-latest: true
          cache: true
-      
+
      - name: Install Dependencies
        run: |
          make install

      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
        with:
          version: latest
          only-new-issues: false
@@ -54,8 +63,7 @@ jobs:
        run: |
          curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
          sudo install ./kubectl /usr/local/bin/ && rm kubectl
-          kubectl version --short --client
-          kubectl version --short --client | grep -q ${KUBERNETES_VERSION}
+          kubectl version --client=true

      - name: Install Kind
        run: |
@@ -72,15 +80,6 @@ jobs:
      - name: Test
        run: make test

-      - name: Generate Tag
-        id: generate_tag
-        uses: anothrNick/github-tag-action@1.67.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-          WITH_V: true
-          DEFAULT_BUMP: patch
-          DRY_RUN: true
-
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

@@ -98,7 +97,7 @@ jobs:
          echo DOCKER_IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV

      - name: Build and Push Docker Image to Docker registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ env.DOCKER_FILE_PATH  }}
@@ -108,14 +107,13 @@ jobs:
          cache-to: type=inline
          platforms: linux/amd64,linux/arm,linux/arm64
          tags: |
-            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

      - name: Build and Push Docker UBI Image to Docker registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
@@ -123,14 +121,13 @@ jobs:
          push: true
          build-args: |
            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
-            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
          cache-to: type=inline
          platforms: linux/amd64,linux/arm64
          tags: |
-            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}-ubi
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}-ubi
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

      - name: Login to ghcr registry
@@ -145,7 +142,7 @@ jobs:
          echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV

      - name: Build and Push Docker Image to ghcr registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ env.DOCKER_FILE_PATH  }}
@@ -155,14 +152,13 @@ jobs:
          cache-to: type=inline
          platforms: linux/amd64,linux/arm,linux/arm64
          tags: |
-            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

      - name: Build and Push Docker UBI Image to ghcr registry
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
@@ -170,97 +166,52 @@ jobs:
          push: true
          build-args: |
            BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
-            BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}
+            BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}
          cache-to: type=inline
          platforms: linux/amd64,linux/arm64
          tags: |
-            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.new_tag }}-ubi
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:merge-${{ github.event.number }}-ubi
          labels: |
            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
            org.opencontainers.image.revision=${{ github.sha }}

-      ##############################
-      ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
-      ##############################
-
-      # Generate tag for operator without "v"
-      - name: Generate Operator Tag
-        id: generate_operator_tag
-        uses: anothrNick/github-tag-action@1.67.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-          WITH_V: false
-          DEFAULT_BUMP: patch
-          DRY_RUN: true
-
-      # Update chart tag to the latest semver tag
-      - name: Update Chart Version
-        env:
-          VERSION: ${{ steps.generate_operator_tag.outputs.new_tag }}
-        run: make bump-chart
-
-      - name: Helm Template
-        run: |
-          helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
-          helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
-
-      # Publish helm chart
-      - name: Login to ghcr via helm
-        run: |
-          echo ${{secrets.GITHUB_TOKEN}} | helm registry login ghcr.io/stakater --username stakater-user --password-stdin
-
-      - name: Publish Helm chart to ghcr.io
-        run: |
-          helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart
-          helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts
-          rm -rf ./packaged-chart
-
-      - name: Publish Helm chart to gh-pages
-        uses: stefanprodan/helm-gh-pages@master
+      - uses: dorny/paths-filter@v3
+        id: filter
        with:
-          branch: master
-          repository: stakater-charts
-          target_dir: docs
-          token: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-          charts_dir: deployments/kubernetes/chart/
-          charts_url: ${{ env.HELM_REGISTRY_URL }}
-          owner: stakater
-          linting: on
-          commit_username: stakater-user
-          commit_email: stakater@gmail.com
+          filters: |
+            docs:
+              - '.markdownlint.yaml'
+              - '.vale.ini'
+              - 'Dockerfile-docs'
+              - 'docs-nginx.conf'
+              - 'docs/**'
+              - 'README.md'
+              - 'theme_common'
+              - 'theme_override'

-      
-      # Commit back changes
-      - name: Log info about `.git` directory permissions
-        run: |
-          # Debug logging
-          echo "Disk usage: "
-          df -H
-
-          echo ".git files not owned by current user or current group:"
-          find .git ! -user $(id -u) -o ! -group $(id -g) | xargs ls -lah
-
-      - name: Commit files
-        run: |
-          git config --local user.email "stakater@gmail.com"
-          git config --local user.name "stakater-user"
-          git status
-          git add .
-          git commit -m "[skip-ci] Update artifacts" -a
-
-      - name: Push changes
-        uses: ad-m/github-push-action@master
+      # run only if 'docs' files were changed
+      - name: Build and Push Docker Image for Docs to ghcr registry
+        if: steps.filter.outputs.docs == 'true'
+        uses: docker/build-push-action@v6
        with:
-          github_token: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-          branch: ${{ github.ref }}
+          context: .
+          file: Dockerfile-docs
+          pull: true
+          push: true
+          build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }}
+          cache-to: type=inline
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}/docs:merge-${{ github.event.number }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.revision=${{ github.sha }}

      - name: Push Latest Tag
-        uses: anothrNick/github-tag-action@1.67.0
+        uses: anothrNick/github-tag-action@1.71.0
        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
-          WITH_V: true
-          DEFAULT_BUMP: patch
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          WITH_V: false
+          CUSTOM_TAG: merge-${{ github.event.number }}

      - name: Notify Slack
        uses: 8398a7/action-slack@v3
@@ -269,5 +220,5 @@ jobs:
          status: ${{ job.status }}
          fields: repo,author,action,eventName,ref,workflow
        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/release-helm-chart.yaml
+++ b/.github/workflows/release-helm-chart.yaml
@@ -0,0 +1,39 @@
+name: Release Helm chart
+
+on:
+  push:
+    tags:
+      - "chart-v*"
+
+permissions:
+  contents: write
+
+jobs:
+  release-helm-chart:
+    name: Release Helm chart
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+        run: |
+          gh release create "$tag" \
+              --repo="$GITHUB_REPOSITORY" \
+              --title="Helm chart ${tag#chart-}" \
+              --generate-notes
+
+      - name: Notify Slack
+        uses: 8398a7/action-slack@v3
+        if: always()
+        with:
+          status: ${{ job.status }}
+          fields: repo,author,action,eventName,ref,workflow
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,8 +5,20 @@ on:
    tags:
      - "v*"

+env:
+  DOCKER_FILE_PATH: Dockerfile
+  DOCKER_UBI_FILE_PATH: Dockerfile.ubi
+  KUBERNETES_VERSION: "1.30.0"
+  KIND_VERSION: "0.23.0"
+  REGISTRY: ghcr.io
+
 jobs:
-  build:
+  release:
+
+    permissions:
+      contents: read
+      packages: write # to push artifacts to `ghcr.io`
+
    name: GoReleaser build
    runs-on: ubuntu-latest

@@ -14,29 +26,188 @@ jobs:
      - name: Check out code
        uses: actions/checkout@v4
        with:
-          fetch-depth: 0 # See: https://goreleaser.com/ci/actions/
+          token: ${{ secrets.PUBLISH_TOKEN }}
+          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
+          submodules: recursive
+
+      # Setting up helm binary
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.11.3

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
-          go-version-file: "go.mod"
+          go-version-file: 'go.mod'
          check-latest: true
          cache: true

+      - name: Install Dependencies
+        run: |
+          make install
+
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          only-new-issues: false
+          args: --timeout 10m
+
+      - name: Install kubectl
+        run: |
+          curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
+          sudo install ./kubectl /usr/local/bin/ && rm kubectl
+          kubectl version --client=true
+
+      - name: Install Kind
+        run: |
+          curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
+          sudo install ./kind /usr/local/bin && rm kind
+          kind version
+          kind version | grep -q ${KIND_VERSION}
+
+      - name: Create Kind Cluster
+        run: |
+          kind create cluster
+          kubectl cluster-info
+
+      - name: Test
+        run: make test
+
+      - name: Get Tag from Github Ref
+        id: generate_tag
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.STAKATER_DOCKERHUB_USERNAME }}
+          password: ${{ secrets.STAKATER_DOCKERHUB_PASSWORD }}
+
+      - name: Generate image repository path for Docker registry
+        run: |
+          echo DOCKER_IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      - name: Build and Push Docker Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to Docker registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILDER_IMAGE=${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.DOCKER_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Login to ghcr registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{env.REGISTRY}}
+          username: stakater-user
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Generate image repository path for ghcr registry
+        run: |
+          echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
+
+      # tag this image as latest as it will be used in plain manifests
+      - name: Build and Push Docker Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_FILE_PATH  }}
+          pull: true
+          push: true
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }},${{ env.GHCR_IMAGE_REPOSITORY }}:latest
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker UBI Image to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ env.DOCKER_UBI_FILE_PATH  }}
+          pull: true
+          push: true
+          build-args: |
+            BUILDER_IMAGE=${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          cache-to: type=inline
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.RELEASE_VERSION }}-ubi
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Build and Push Docker Image for Docs to ghcr registry
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile-docs
+          pull: true
+          push: true
+          cache-to: type=inline
+          tags: |
+            ${{ env.GHCR_IMAGE_REPOSITORY }}/docs:${{ steps.generate_tag.outputs.RELEASE_VERSION }}
+          labels: |
+            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
+            org.opencontainers.image.created=${{ steps.prep.outputs.created }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      ##############################
+      ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
+      ##############################
+
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@master
        with:
          version: latest
-          args: release --rm-dist
+          args: release --clean
        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}

      - name: Notify Slack
        uses: 8398a7/action-slack@v3
-        if: always()
+        if: always() # Pick up events even if the job fails or is canceled.
        with:
          status: ${{ job.status }}
          fields: repo,author,action,eventName,ref,workflow
        env:
-          GITHUB_TOKEN: ${{ secrets.STAKATER_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
          SLACK_WEBHOOK_URL: ${{ secrets.STAKATER_DELIVERY_SLACK_WEBHOOK }}
--- a/.github/workflows/reloader-enterprise-published.yml
+++ b/.github/workflows/reloader-enterprise-published.yml
@@ -0,0 +1,17 @@
+name: Dispatch event for published release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger target repository workflow
+        run: |
+          curl -X POST \
+          -H "Accept: application/vnd.github.v3+json" \
+          -H "Authorization: token ${{ secrets.STAKATER_AB_TOKEN_FOR_RLDR }}" \
+          https://api.github.com/repos/stakater-ab/reloader-enterprise/dispatches \
+          -d '{"event_type":"release-published","client_payload":{"tag":"${{ github.event.release.tag_name }}"}}'
--- a/.github/workflows/reloader-enterprise-unpublished.yml
+++ b/.github/workflows/reloader-enterprise-unpublished.yml
@@ -0,0 +1,17 @@
+name: Dispatch event for unpublished release
+
+on:
+  release:
+    types: [unpublished ]
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger target repository workflow
+        run: |
+          curl -X POST \
+          -H "Accept: application/vnd.github.v3+json" \
+          -H "Authorization: token ${{ secrets.STAKATER_AB_TOKEN_FOR_RLDR }}" \
+          https://api.github.com/repos/stakater-ab/reloader-enterprise/dispatches \
+          -d '{"event_type":"release-unpublished","client_payload":{"tag":"${{ github.event.release.tag_name }}"}}'
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,7 @@ Reloader
 !**/chart/reloader
 *.tgz
 styles/
+site/
+/mkdocs.yml
+yq
+bin
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "theme_common"]
+	path = theme_common
+	url = https://github.com/stakater/stakater-docs-mkdocs-theme.git 
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -10,6 +10,7 @@ builds:
  - amd64
  - arm
  - arm64
+  - ppc64le
 archives:
 - name_template: "{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
 snapshot:
@@ -17,10 +18,7 @@ snapshot:
 checksum:
  name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt"
 changelog:
-  sort: asc
-  filters:
-    exclude:
-    - '^docs:'
-    - '^test:'
+  # It will be generated manually as part of making a new GitHub release
+  disable: true
 env_files:
  github_token: /home/jenkins/.apitoken/hub
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -3,4 +3,6 @@
  "MD013": false,
  "MD024": false,
  "MD029": { "style": one },
+  "MD033": false,
+  "MD041": false,
 }
--- a/.vale.ini
+++ b/.vale.ini
@@ -1,7 +1,7 @@
 StylesPath = styles
 MinAlertLevel = warning

-Packages = https://github.com/stakater/vale-package/releases/download/v0.0.7/Stakater.zip
+Packages = https://github.com/stakater/vale-package/releases/download/v0.0.61/Stakater.zip
 Vocab = Stakater

 # Only check MarkDown files
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Code of Conduct
+
+Reloader follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
--- a/2
+++ b/2
@@ -2,7 +2,7 @@ ARG BUILDER_IMAGE
 ARG BASE_IMAGE

 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.21.6} as builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.24.2} AS builder

 ARG TARGETOS
 ARG TARGETARCH
--- a/35
+++ b/35
@@ -0,0 +1,35 @@
+FROM python:3.13-alpine as builder
+
+# set workdir
+RUN mkdir -p $HOME/application
+WORKDIR $HOME/application
+
+# copy the entire application
+COPY --chown=1001:root . .
+
+RUN pip3 install -r theme_common/requirements.txt
+
+# Combine Theme Resources
+RUN python theme_common/scripts/combine_theme_resources.py -s theme_common/resources -ov theme_override/resources -o dist/_theme
+# Produce mkdocs file
+RUN python theme_common/scripts/combine_mkdocs_config_yaml.py theme_common/mkdocs.yml theme_override/mkdocs.yml mkdocs.yml
+
+# build the docs
+RUN mkdocs build
+
+FROM nginxinc/nginx-unprivileged:1.27-alpine as deploy
+COPY --from=builder $HOME/application/site/ /usr/share/nginx/html/reloader/
+COPY docs-nginx.conf /etc/nginx/conf.d/default.conf
+
+# set non-root user
+USER 1001
+
+LABEL name="Stakater Reloader Documentation" \
+      maintainer="Stakater <hello@stakater.com>" \
+      vendor="Stakater" \
+      release="1" \
+      summary="Documentation for Stakater Reloader"
+
+EXPOSE 8080:8080/tcp
+
+CMD ["nginx", "-g", "daemon off;"]
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@@ -1,18 +1,38 @@
 ARG BUILDER_IMAGE
 ARG BASE_IMAGE

-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} as SRC
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE} AS SRC

-FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi8/ubi-minimal:latest}
+FROM ${BASE_IMAGE:-registry.access.redhat.com/ubi9/ubi:latest} AS ubi
+ARG TARGETARCH

+
+RUN dnf update -y && dnf install -y binutils
+# prep target rootfs for scratch container
 WORKDIR /
+RUN mkdir /image && \
+    ln -s usr/bin /image/bin && \
+	ln -s usr/sbin /image/sbin && \
+	ln -s usr/lib64 /image/lib64 && \
+	ln -s usr/lib /image/lib && \
+	mkdir -p /image/{usr/bin,usr/lib64,usr/lib,root,home,proc,etc,sys,var,dev}
+
+COPY ubi-build-files-${TARGETARCH}.txt /tmp
+# Copy all the required files from the base UBI image into the image directory
+# As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files
+RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/
+
+# Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt
+RUN rpm --root /image --initdb \
+  && PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \
+  && echo dnf install -y 'dnf-command(download)' \
+  && dnf download --destdir / ${PACKAGES} \
+  && rpm --root /image -ivh --justdb --nodeps `for i in ${PACKAGES}; do echo $i.rpm; done`
+
+FROM scratch
+COPY --from=ubi /image/ /
 COPY --from=SRC /manager .
-
-# Update image
-RUN microdnf update
-
 USER 65532:65532
-
 # Port for metrics and probes
 EXPOSE 9090

--- a/5
+++ b/5
@@ -0,0 +1,5 @@
+Bharath Nallapeta <bharath.nallapeta@stakater.com> (@bnallapeta)
+Karl Johan Grahn <karl.johan@stakater.com> (@karl-johan-grahn)
+Muhammad Sheryar Butt <sheryar@stakater.com> (@SheryarButt)
+Muneeb Aijaz <muneeb@stakater.com> (@MuneebAijaz)
+Tanveer Alam <tanveer.alam@stakater.com> (@tanalam2411)
--- a/92
+++ b/92
@@ -24,6 +24,73 @@ LDFLAGS =
 GOPROXY   ?=
 GOPRIVATE ?=

+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUBECTL ?= kubectl
+KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION)
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION)
+ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
+GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
+YQ ?= $(LOCALBIN)/yq
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v5.3.0
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
+ENVTEST_VERSION ?= release-0.17
+GOLANGCI_LINT_VERSION ?= v1.57.2
+
+YQ_VERSION ?= v4.27.5
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(OS)_$(ARCH)"
+
+.PHONY: yq
+yq: $(YQ) ## Download YQ locally if needed
+$(YQ):
+	@test -d $(LOCALBIN) || mkdir -p $(LOCALBIN)
+	@curl --retry 3 -fsSL $(YQ_DOWNLOAD_URL) -o $(YQ) || { \
+		echo "Failed to download yq from $(YQ_DOWNLOAD_URL). Please check the URL and your network connection."; \
+		exit 1; \
+	}
+	@chmod +x $(YQ)
+	@echo "yq downloaded successfully to $(YQ)."
+
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	$(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION))
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION})
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary (ideally with version)
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\
+}
+endef
+
 default: build test

 install:
@@ -80,9 +147,22 @@ apply:

 deploy: binary-image push apply

-# Bump Chart
-bump-chart: 
-	sed -i "s/^version:.*/version: $(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml
-	sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml
-	sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
-	sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml
+.PHONY: k8s-manifests
+k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'manifests' folder
+	$(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml
+
+.PHONY: update-manifests-version
+update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder
+	sed -i 's/image:.*/image: \"ghcr.io\/stakater\/reloader:v$(VERSION)"/g' deployments/kubernetes/manifests/deployment.yaml
+
+YQ_VERSION = v4.42.1
+YQ_BIN = $(shell pwd)/yq
+CURRENT_ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
+
+YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_linux_$(CURRENT_ARCH)"
+
+yq-install:
+	@echo "Downloading yq $(YQ_VERSION) for linux/$(CURRENT_ARCH)"
+	@curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN)
+	@chmod +x $(YQ_BIN)
+	@echo "yq $(YQ_VERSION) installed at $(YQ_BIN)"
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# ![Reloader-logo](assets/web/reloader-round-100px.png) Reloader
+<p align="center">
+  <img src="assets/web/reloader.jpg" alt="Reloader" width="40%"/>
+</p>

 [![Go Report Card](https://goreportcard.com/badge/github.com/stakater/reloader?style=flat-square)](https://goreportcard.com/report/github.com/stakater/reloader)
 [![Go Doc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](https://godoc.org/github.com/stakater/reloader)
@@ -7,250 +9,232 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
 [![Docker Stars](https://img.shields.io/docker/stars/stakater/reloader.svg?style=flat-square)](https://hub.docker.com/r/stakater/reloader/)
 [![license](https://img.shields.io/github/license/stakater/reloader.svg?style=flat-square)](LICENSE)
-[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](https://stakater.com/?utm_source=Reloader&utm_medium=github)

-## Problem
+## 🔁 What is Reloader?

-We would like to watch if some change happens in `ConfigMap` and/or `Secret`; then perform a rolling upgrade on relevant `DeploymentConfig`, `Deployment`, `Daemonset`, `Statefulset` and `Rollout`
+Reloader is a Kubernetes controller that automatically triggers rollouts of workloads (like Deployments, StatefulSets, and more) whenever referenced `Secrets` or `ConfigMaps` are updated.

-## Solution
+In a traditional Kubernetes setup, updating a `Secret` or `ConfigMap` does not automatically restart or redeploy your workloads. This can lead to stale configurations running in production, especially when dealing with dynamic values like credentials, feature flags, or environment configs.

-Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `DeploymentConfigs`, `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts`.
+Reloader bridges that gap by ensuring your workloads stay in sync with configuration changes — automatically and safely.

-## Enterprise Version
+## 🚀 Why Reloader?

-Reloader is available in two different versions:
+- ✅ **Zero manual restarts**: No need to manually rollout workloads after config/secret changes.
+- 🔒 **Secure by design**: Ensure your apps always use the most up-to-date credentials or tokens.
+- 🛠️ **Flexible**: Works with all major workload types — Deployment, StatefulSet, Daemonset, ArgoRollout, and more.
+- ⚡ **Fast feedback loop**: Ideal for CI/CD pipelines where secrets/configs change frequently.
+- 🔄 **Out-of-the-box integration**: Just label your workloads and let Reloader do the rest.

-1. Open Source Version
-1. Enterprise Version, which includes:
-    - SLA (Service Level Agreement) for support and unique requests
-    - Slack support
-    - Certified images
+## 🔧 How It Works?

-Contact [`sales@stakater.com`](mailto:sales@stakater.com) for info about Reloader Enterprise.
+```mermaid
+flowchart LR
+  ExternalSecret -->|Creates| Secret
+  SealedSecret -->|Creates| Secret
+  Secret -->|Watched by| Reloader
+  ConfigMap -->|Watched by| Reloader

-## Compatibility
+  Reloader -->|Triggers Rollout| Deployment
+  Reloader -->|Triggers Rollout| DeploymentConfig
+  Reloader -->|Triggers Rollout| Daemonset
+  Reloader -->|Triggers Rollout| Statefulset
+  Reloader -->|Triggers Rollout| ArgoRollout
+  Reloader -->|Triggers Job| CronJob
+  Reloader -->|Sends Notification| Slack,Teams,Webhook
+```

-Reloader is compatible with Kubernetes >= 1.19
+- Sources like `ExternalSecret` or `SealedSecret` create or manage your Kubernetes Secrets.
+- `Secrets` and `ConfigMaps` are watched by Reloader.
+- When changes are detected, Reloader automatically triggers a rollout of the associated workloads, ensuring your app always runs with the latest configuration.

-## How to use Reloader
+## ⚡ Quick Start

-For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap` or `Secret` called `foo-secret` or both. Then add your annotation (by default `reloader.stakater.com/auto`) to main metadata of your `Deployment`
+### 1. Install Reloader
+
+Follow any of this [installation options](#-installation).
+
+### 2. Annotate Your Workload
+
+To enable automatic reload for a Deployment:

 ```yaml
+apiVersion: apps/v1
 kind: Deployment
 metadata:
+  name: my-app
  annotations:
    reloader.stakater.com/auto: "true"
 spec:
  template:
    metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: app
+          image: your-image
+          envFrom:
+            - configMapRef:
+                name: my-config
+            - secretRef:
+                name: my-secret
 ```

-This will discover deploymentconfigs/deployments/daemonsets/statefulset/rollouts automatically where `foo-configmap` or `foo-secret` is being used either via environment variable or from volume mount. And it will perform rolling upgrade on related pods when `foo-configmap` or `foo-secret`are updated.
+This tells Reloader to watch the `ConfigMap` and `Secret` referenced in this deployment. When either is updated, it will trigger a rollout.

-You can restrict this discovery to only `ConfigMap` or `Secret` objects that
-are tagged with a special annotation. To take advantage of that, annotate
-your deploymentconfigs/deployments/daemonsets/statefulset/rollouts like this:
+## 🏢 Enterprise Version
+
+Stakater offers an enterprise-grade version of Reloader with:
+
+1. SLA-backed support
+1. Certified images
+1. Private Slack support
+
+Contact [`sales@stakater.com`](mailto:sales@stakater.com) for info about Reloader Enterprise.
+
+## 🧩 Usage
+
+Reloader supports multiple annotation-based controls to let you **customize when and how your Kubernetes workloads are reloaded** upon changes in `Secrets` or `ConfigMaps`.
+
+Kubernetes does not trigger pod restarts when a referenced `Secret` or `ConfigMap` is updated. Reloader bridges this gap by watching for changes and automatically performing rollouts — but it gives you full control via annotations, so you can:
+
+- Reload **all** resources by default
+- Restrict reloads to only **Secrets** or only **ConfigMaps**
+- Watch only **specific resources**
+- Use **opt-in via tagging** (`search` + `match`)
+- Exclude workloads you don’t want to reload
+
+### 1. 🔁 Automatic Reload (Default)
+
+Use these annotations to automatically restart the workload when referenced `Secrets` or `ConfigMaps` change.
+
+| Annotation                                 | Description                                                          |
+|--------------------------------------------|----------------------------------------------------------------------|
+| `reloader.stakater.com/auto: "true"`       | Reloads workload when any referenced ConfigMap or Secret changes     |
+| `secret.reloader.stakater.com/auto: "true"`| Reloads only when referenced Secret(s) change                        |
+| `configmap.reloader.stakater.com/auto: "true"`| Reloads only when referenced ConfigMap(s) change                  |
+
+### 2. 📛 Named Resource Reload (Specific Resource Annotations)
+
+These annotations allow you to manually define which ConfigMaps or Secrets should trigger a reload, regardless of whether they're used in the pod spec.
+
+| Annotation                                          | Description                                                                          |
+|-----------------------------------------------------|--------------------------------------------------------------------------------------|
+| `secret.reloader.stakater.com/reload: "my-secret"`  | Reloads when specific Secret(s) change, regardless of how they're used              |
+| `configmap.reloader.stakater.com/reload: "my-config"`| Reloads when specific ConfigMap(s) change, regardless of how they're used         |
+
+#### Use when
+
+1. ✅ This is useful in tightly scoped scenarios where config is shared but reloads are only relevant in certain cases.
+1. ✅ Use this when you know exactly which resource(s) matter and want to avoid auto-discovery or searching altogether.
+
+### 3. 🎯 Targeted Reload (Match + Search Annotations)
+
+This pattern allows fine-grained reload control — workloads only restart if the Secret/ConfigMap is both:
+
+1. Referenced by the workload
+1. Explicitly annotated with `match: true`
+
+| Annotation                                | Applies To   | Description                                                                 |
+|-------------------------------------------|--------------|-----------------------------------------------------------------------------|
+| `reloader.stakater.com/search: "true"`    | Workload     | Enables search mode (only reloads if matching secrets/configMaps are found) |
+| `reloader.stakater.com/match: "true"`     | ConfigMap/Secret | Marks the config/secret as eligible for reload in search mode              |
+
+#### How it works
+
+1. The workload must have: `reloader.stakater.com/search: "true"`
+1. The ConfigMap or Secret must have: `reloader.stakater.com/match: "true"`
+1. The resource (ConfigMap or Secret) must also be referenced in the workload (via env, `volumeMount`, etc.)
+
+#### Use when
+
+1. ✅ You want to reload a workload only if it references a ConfigMap or Secret that has been explicitly tagged with `reloader.stakater.com/match: "true"`.
+1. ✅ Use this when you want full control over which shared or system-wide resources trigger reloads. Great in multi-tenant clusters or shared configs.
+
+### 4. ⚙️ Workload-Specific Rollout Strategy
+
+By default, Reloader uses the **rollout** strategy — it updates the pod template to trigger a new rollout. This works well in most cases, but it can cause problems if you're using GitOps tools like ArgoCD, which detect this as configuration drift.
+
+To avoid that, you can switch to the **restart** strategy, which simply restarts the pod without changing the pod template.

 ```yaml
-kind: Deployment
 metadata:
  annotations:
-    reloader.stakater.com/search: "true"
-spec:
-  template:
+    reloader.stakater.com/rollout-strategy: "restart"
 ```

-and Reloader will trigger the rolling upgrade upon modification of any
-`ConfigMap` or `Secret` annotated like this:
+| Value              | Behavior                                                        |
+|--------------------|-----------------------------------------------------------------|
+| `rollout` (default) | Updates pod template metadata to trigger a rollout             |
+| `restart`           | Deletes the pod to restart it without patching the template    |
+
+✅ Use `restart` if:
+
+1. You're using GitOps and want to avoid drift
+1. You want a quick restart without changing the workload spec
+1. Your platform restricts metadata changes
+
+### 5. ❗ Annotation Behavior Rules & Compatibility
+
+- `reloader.stakater.com/auto` and `reloader.stakater.com/search` **cannot be used together** — the `auto` annotation takes precedence.
+- If both `auto` and its typed versions (`secret.reloader.stakater.com/auto`, `configmap.reloader.stakater.com/auto`) are used, **only one needs to be true** to trigger a reload.
+- Setting `reloader.stakater.com/auto: "false"` explicitly disables reload for that workload.
+- If `--auto-reload-all` is enabled on the controller:
+    - All workloads are treated as if they have `auto: "true"` unless they explicitly set it to `"false"`.
+    - Missing or unrecognized annotation values are treated as `"false"`.
+
+### 6. 🔔 Alerting on Reload
+
+Reloader can optionally **send alerts** whenever it triggers a rolling upgrade for a workload (e.g., `Deployment`, `StatefulSet`, etc.).
+
+These alerts are sent to a configured **webhook endpoint**, which can be a generic receiver or services like Slack or Microsoft Teams.
+
+To enable this feature, update the `reloader.env.secret` section in your `values.yaml` (when installing via Helm):

 ```yaml
-kind: ConfigMap
-metadata:
-  annotations:
-    reloader.stakater.com/match: "true"
-data:
-  key: value
+reloader:
+  env:
+    secret:
+      ALERT_ON_RELOAD: "true"                    # Enable alerting (default: false)
+      ALERT_SINK: "slack"                        # Options: slack, teams, webhook (default: webhook)
+      ALERT_WEBHOOK_URL: "<your-webhook-url>"    # Required if ALERT_ON_RELOAD is true
+      ALERT_ADDITIONAL_INFO: "Triggered by Reloader in staging environment"
 ```

-provided the secret/configmap is being used in an environment variable, or a
-volume mount.
+## 🚀 Installation

-Please note that `reloader.stakater.com/search` and
-`reloader.stakater.com/auto` do not work together. If you have the
-`reloader.stakater.com/auto: "true"` annotation on your deployment, then it
-will always restart upon a change in configmaps or secrets it uses, regardless
-of whether they have the `reloader.stakater.com/match: "true"` annotation or
-not.
+### 1. 📦 Helm

-We can also specify a specific configmap or secret which would trigger rolling upgrade only upon change in our specified configmap or secret, this way, it will not trigger rolling upgrade upon changes in all configmaps or secrets used in a `deploymentconfig`, `deployment`, `daemonset`, `statefulset` or `rollout`.
-To do this either set the auto annotation to `"false"` (`reloader.stakater.com/auto: "false"`) or remove it altogether, and use annotations for [Configmap](.#Configmap) or [Secret](.#Secret).
+Reloader can be installed in multiple ways depending on your Kubernetes setup and preference. Below are the supported methods:

-It's also possible to enable auto reloading for all resources, by setting the `--auto-reload-all` flag.
-In this case, all resources that do not have the auto annotation set to `"false"`, will be reloaded automatically when their ConfigMaps or Secrets are updated.
-Notice that setting the auto annotation to an undefined value counts as false as-well.
-
-### Configmap
-
-To perform rolling upgrade when change happens only on specific configmaps use below annotation.
-
-For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment`
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    configmap.reloader.stakater.com/reload: "foo-configmap"
-spec:
-  template:
-    metadata:
+```bash
+helm repo add stakater https://stakater.github.io/stakater-charts
+helm repo update
+helm install reloader stakater/reloader
 ```

-Use comma separated list to define multiple configmaps.
+➡️ See full Helm configuration in the [chart README](./deployments/kubernetes/chart/reloader/README.md).

-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap"
-spec:
-  template: 
-    metadata:
-```
+### 2. 📄 Vanilla Manifests

-### Secret
-
-To perform rolling upgrade when change happens only on specific secrets use below annotation.
-
-For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment`
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    secret.reloader.stakater.com/reload: "foo-secret"
-spec:
-  template: 
-    metadata:
-```
-
-Use comma separated list to define multiple secrets.
-
-```yaml
-kind: Deployment
-metadata:
-  annotations:
-    secret.reloader.stakater.com/reload: "foo-secret,bar-secret,baz-secret"
-spec:
-  template: 
-    metadata:
-```
-
-### NOTES
-
- Reloader also supports [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets). [Here](docs/Reloader-with-Sealed-Secrets.md) are the steps to use sealed-secrets with Reloader.
- For [`rollouts`](https://github.com/argoproj/argo-rollouts/) Reloader simply triggers a change is up to you how you configure the `rollout` strategy.
- `reloader.stakater.com/auto: "true"` will only reload the pod, if the configmap or secret is used (as a volume mount or as an env) in `DeploymentConfigs/Deployment/Daemonsets/Statefulsets`
- `secret.reloader.stakater.com/reload` or `configmap.reloader.stakater.com/reload` annotation will reload the pod upon changes in specified configmap or secret, irrespective of the usage of configmap or secret.
- you may override the auto annotation with the `--auto-annotation` flag
- you may override the search annotation with the `--auto-search-annotation` flag
-  and the match annotation with the `--search-match-annotation` flag
- you may override the configmap annotation with the `--configmap-annotation` flag
- you may override the secret annotation with the `--secret-annotation` flag
- you may want to prevent watching certain namespaces with the `--namespaces-to-ignore` flag
- you may want to watch only a set of namespaces with certain labels by using the `--namespace-selector` flag
- you may want to watch only a set of secrets/configmaps with certain labels by using the `--resource-label-selector` flag
- you may want to prevent watching certain resources with the `--resources-to-ignore` flag
- you can configure logging in JSON format with the `--log-format=json` option
- you can configure the "reload strategy" with the `--reload-strategy=<strategy-name>` option (details below)
-
-## Reload Strategies
-
-Reloader supports multiple "reload" strategies for performing rolling upgrades to resources. The following list describes them:
-
- **env-vars**: When a tracked `configMap`/`secret` is updated, this strategy attaches a Reloader specific environment variable to any containers referencing the changed `configMap` or `secret` on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.). This strategy can be specified with the `--reload-strategy=env-vars` argument. Note: This is the default reload strategy.
- **annotations**: When a tracked `configMap`/`secret` is updated, this strategy attaches a `reloader.stakater.com/last-reloaded-from` pod template annotation on the owning resource (e.g., `Deployment`, `StatefulSet`, etc.). This strategy is useful when using resource syncing tools like ArgoCD, since it will not cause these tools to detect configuration drift after a resource is reloaded. Note: Since the attached pod template annotation only tracks the last reload source, this strategy will reload any tracked resource should its `configMap` or `secret` be deleted and recreated. This strategy can be specified with the `--reload-strategy=annotations` argument.
-  
-## Deploying to Kubernetes
-
-You can deploy Reloader by following methods:
-
-### Vanilla Manifests
-
-You can apply vanilla manifests by changing `RELEASE-NAME` placeholder provided in manifest with a proper value and apply it by running the command given below:
+Apply raw Kubernetes manifests directly:

 ```bash
 kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
 ```

-By default, Reloader gets deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
+### 3. 🧱 Vanilla Kustomize

-Reloader can be configured to ignore the resources `secrets` and `configmaps` by passing the following arguments (`spec.template.spec.containers.args`) to its container :
-
-| Argument                         | Description          |
-|----------------------------------|----------------------|
-| --resources-to-ignore=configMaps | To ignore configMaps |
-| --resources-to-ignore=secrets    | To ignore secrets    |
-
-**Note:** At one time only one of these resource can be ignored, trying to do it will cause error in Reloader. Workaround for ignoring both resources is by scaling down the Reloader pods to `0`.
-
-Reloader can be configured to only watch secrets/configmaps with one or more labels using the `--resource-label-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
-
-**Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
-
-These selectors can be combined, for example with:
-
-```yaml
--resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3)
-```
-
-Only configmaps or secrets labeled like the following will be watched:
-
-```yaml
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  labels:
-    reloader: enabled
-    key-exists: yes
-    another-label: value1
-```
-
-Reloader can be configured to only watch namespaces labeled with one or more labels using the `--namespace-selector` parameter. Supported operators are `!, in, notin, ==, =, !=`, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the [Kubernetes Docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors).
-
-**Note:** The old `:` delimited key value mappings are deprecated and if provided will be translated to `key=value`. Likewise, if a wildcard value is provided (e.g. `key:*`) it will be translated to the standalone `key` which checks for key existence.
-
-These selectors can be combined, for example with:
-
-```yaml
--namespace-selector=reloader=enabled,test=true
-```
-
-Only namespaces labeled as below would be watched and eligible for reloads:
-
-```yaml
-kind: Namespace
-apiVersion: v1
-metadata:
-  labels:
-    reloader: enabled
-    test: true
-```
-
-### Vanilla Kustomize
-
-You can also apply the vanilla manifests by running the following command
+Use the built-in Kustomize support:

 ```bash
 kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes
 ```

-Similarly to vanilla manifests get deployed in `default` namespace and watches changes `secrets` and `configmaps` in all namespaces.
+### 4. 🛠️ Custom Kustomize Setup

-### Kustomize
-
-You can write your own `kustomization.yaml` using ours as a 'base' and write patches to tweak the configuration.
+You can create your own `kustomization.yaml` and use Reloader’s as a base:

 ```yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
@@ -262,79 +246,90 @@ resources:
 namespace: reloader
 ```

-### Helm Charts
+### 5. ⚖️ Default Resource Requests and Limits

-Alternatively if you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow [this](docs/Helm2-to-Helm3.md) guide, in case you have trouble migrating Reloader from Helm2 to Helm3.
+By default, Reloader is deployed with the following resource requests and limits:

-```bash
-helm repo add stakater https://stakater.github.io/stakater-charts
-
-helm repo update
-
-helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+```yaml
+resources:
+  limits:
+    cpu: 150m
+    memory: 512Mi
+  requests:
+    cpu: 10m
+    memory: 128Mi
 ```

-**Note:** By default Reloader watches in all namespaces. To watch in single namespace, please run following command. It will install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
+### 6. ⚙️ Optional runtime configurations

-```bash
-helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name
-```
+These flags let you customize Reloader's behavior globally, at the Reloader controller level.

-Reloader can be configured to ignore the resources `secrets` and `configmaps` by using the following parameters of `values.yaml` file:
+#### 1. 🔁 Reload Behavior

-| Parameter        | Description                                                    | Type    | Default |
-|------------------|----------------------------------------------------------------|---------|---------|
-| ignoreSecrets    | To ignore secrets. Valid value are either `true` or `false`    | boolean | false   |
-| ignoreConfigMaps | To ignore configMaps. Valid value are either `true` or `false` | boolean | false   |
+| Flag | Description |
+|------|-------------|
+| `--reload-on-create=true` | Reload workloads when a watched ConfigMap or Secret is created |
+| `--reload-on-delete=true` | Reload workloads when a watched ConfigMap or Secret is deleted |
+| `--auto-reload-all=true` | Automatically reload all workloads unless opted out (`auto: "false"`) |
+| `--reload-strategy=env-vars` | Strategy to use for triggering reload (`env-vars` or `annotations`) |
+| `--log-format=json` | Enable JSON-formatted logs for better machine readability |

-**Note:** At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.
+##### Reload Strategies

-Reloader can be configured to only watch namespaces labeled with one or more labels using the `namespaceSelector` parameter
+Reloader supports multiple strategies for triggering rolling updates when a watched `ConfigMap` or `Secret` changes. You can configure the strategy using the `--reload-strategy` flag.

-| Parameter         | Description                                                                                               | Type   | Default |
-|-------------------|-----------------------------------------------------------------------------------------------------------|--------|---------|
-| namespaceSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string |  ""     |
+| Strategy     | Description |
+|--------------|-------------|
+| `env-vars` (default) | Adds a dummy environment variable to any container referencing the changed resource (e.g., `Deployment`, `StatefulSet`, etc.). This forces Kubernetes to perform a rolling update. |
+| `annotations` | Adds a `reloader.stakater.com/last-reloaded-from` annotation to the pod template metadata. Ideal for GitOps tools like ArgoCD, as it avoids triggering unwanted sync diffs. |

-Reloader can be configured to only watch configmaps/secrets labeled with one or more labels using the `resourceLabelSelector` parameter
+- The `env-vars` strategy is the default and works in most setups.
+- The `annotations` strategy is preferred in **GitOps environments** to prevent config drift in tools like ArgoCD or Flux.
+- In `annotations` mode, a `ConfigMap` or `Secret` that is deleted and re-created will still trigger a reload (since previous state is not tracked).

-| Parameter             | Description                                                                                               | Type   | Default |
-|-----------------------|-----------------------------------------------------------------------------------------------------------|--------|---------|
-| resourceLabelSelector | list of comma separated label selectors, if multiple are provided they are combined with the AND operator | string |  ""     |
+#### 2. 🚫 Resource Filtering

-**Note:** Both `namespaceSelector` & `resourceLabelSelector` can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches `resourceLabelSelector` but `namespaceSelector` does not match the namespace the configmap is in, it will be ignored).
+| Flag | Description |
+|------|-------------|
+| `--resources-to-ignore=configmaps` | Ignore ConfigMaps (only one type can be ignored at a time) |
+| `--resources-to-ignore=secrets` | Ignore Secrets (cannot combine with configMaps) |
+| `--resource-label-selector=key=value` | Only watch ConfigMaps/Secrets with matching labels |

-You can also set the log format of Reloader to JSON by setting `logFormat` to `json` in `values.yaml` and apply the chart.
+> **⚠️ Note:**  
+> Only **one** resource type can be ignored at a time.  
+> Trying to ignore **both `configmaps` and `secrets`** will cause an error in Reloader.  
+> ✅ **Workaround:** Scale the Reloader deployment to `0` replicas if you want to disable it completely.

-You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonitor.enabled` or `podMonitor.enabled`  to `true` in `values.yaml` file. Service monitor will be removed in future releases of Reloader in favour of Pod monitor.
+#### 3. 🧩 Namespace Filtering

-**Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo `Rollouts` has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:
+| Flag | Description |
+|------|-------------|
+| `--namespace-selector=key=value` | Watch only namespaces with matching labels |
+| `--namespaces-to-ignore=ns1,ns2` | Skip specific namespaces from being watched |

-| Parameter        | Description                                                                                                                                | Type    | Default |
-|------------------|--------------------------------------------------------------------------------------------------------------------------------------------|---------|---------|
-| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                               | boolean | false   |
-| isArgoRollouts   | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                           | boolean | false   |
-| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`                                                                   | boolean | false   |
-| syncAfterRestart | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean | false   |
+#### 4. 📝 Annotation Key Overrides

-**isOpenShift** Recent versions of OpenShift (tested on 4.13.3) require the specified user to be in an `uid` range which is dynamically assigned by the namespace. The solution is to unset the runAsUser variable via ``deployment.securityContext.runAsUser=null`` and let OpenShift assign it at install.
+These flags allow you to redefine annotation keys used in your workloads or resources:

-**reloadOnCreate** controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:
+| Flag | Overrides |
+|------|-----------|
+| `--auto-annotation` | Overrides `reloader.stakater.com/auto` |
+| `--secret-auto-annotation` | Overrides `secret.reloader.stakater.com/auto` |
+| `--configmap-auto-annotation` | Overrides `configmap.reloader.stakater.com/auto` |
+| `--auto-search-annotation` | Overrides `reloader.stakater.com/search` |
+| `--search-match-annotation` | Overrides `reloader.stakater.com/match` |
+| `--secret-annotation` | Overrides `secret.reloader.stakater.com/reload` |
+| `--configmap-annotation` | Overrides `configmap.reloader.stakater.com/reload` |

- Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload.
- When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload.
- If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected.
+## Compatibility

-If reloadOnCreate is set to false:
-
- Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration.
-
-**Note:** By default, **reloadOnCreate** and **syncAfterRestart** are both set to false. Both need to be enabled explicitly.
+Reloader is compatible with Kubernetes >= 1.19

 ## Help

 ### Documentation

-You can find more documentation [here](docs)
+The Reloader documentation can be viewed from [the doc site](https://docs.stakater.com/reloader/). The doc source is in the [docs](./docs/) folder.

 ### Have a question?

@@ -342,7 +337,7 @@ File a GitHub [issue](https://github.com/stakater/Reloader/issues).

 ### Talk to us on Slack

-Join and talk to us on Slack for discussing Reloader
+Join and talk to us on Slack for discussing Reloader:

 [![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://slack.stakater.com/)
 [![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater-community.slack.com/messages/CC5S05S12)
@@ -355,12 +350,12 @@ Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to r

 ### Developing

-1. Deploy Reloader.
-1. Run `okteto up` to activate your development container.
+1. Deploy Reloader
+1. Run `okteto up` to activate your development container
 1. `make build`
 1. `./Reloader`

-PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.
+PRs are welcome. In general, we follow the "fork-and-pull" Git workflow:

 1. **Fork** the repo on GitHub
 1. **Clone** the project to your own machine
@@ -370,23 +365,34 @@ PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.

 **NOTE:** Be sure to merge the latest from "upstream" before making a pull request!

+## Release Processes
+
+_Repository GitHub releases_: As requested by the community in [issue 685](https://github.com/stakater/Reloader/issues/685), Reloader is now based on a manual release process. Releases are no longer done on every merged PR to the main branch, but manually on request.
+
+To make a GitHub release:
+
+1. Code owners create a release branch `release-vX.Y.Z`
+1. Code owners run a dispatch mode workflow to automatically generate version and manifests on the release branch
+1. A PR is created to bump the image version on the release branch, example: [PR-798](https://github.com/stakater/Reloader/pull/798)
+1. Code owners create a GitHub release with tag `vX.Y.Z` and target branch `release-vX.Y.Z`, which triggers creation of images
+1. Code owners create a PR to update the Helm chart version, example: [PR-846](https://github.com/stakater/Reloader/pull/846)
+
+_Repository git tagging_: Push to the main branch will create a merge-image and merge-tag named `merge-${{ github.event.number }}`, for example `merge-800` when pull request number 800 is merged.
+
 ## Changelog

-View our closed [Pull Requests](https://github.com/stakater/Reloader/pulls?q=is%3Apr+is%3Aclosed).
+View the [releases page](https://github.com/stakater/Reloader/releases) to see what has changed in each release.

 ## License

 Apache2 © [Stakater][website]

-## About
+## About Stakater

-`Reloader` is maintained by [Stakater][website]. Like it? Please let us know at <hello@stakater.com>
+[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](https://stakater.com/?utm_source=Reloader&utm_medium=github)

-See [our other projects](https://github.com/stakater)
-or contact us in case of professional services and queries on <hello@stakater.com>
+`Reloader` is maintained by [Stakater][website]. Like it? Please let us know at [hello@stakater.com](hello@stakater.com)
+
+See [our other projects](https://github.com/stakater) or contact us in case of professional services and queries on [hello@stakater.com](hello@stakater.com)

 [website]: https://stakater.com
-
-## Acknowledgements
-
- [ConfigmapController](https://github.com/fabric8io/configmapcontroller); We documented [here](docs/Reloader-vs-ConfigmapController.md) why we re-created Reloader
--- a/1
+++ b/1
@@ -0,0 +1 @@
+1.1.0
--- a/assets/web/reloader-round-100px.png
+++ b/assets/web/reloader-round-100px.png
--- a/assets/web/reloader.jpg
+++ b/assets/web/reloader.jpg
--- a/deployments/kubernetes/chart/reloader/Chart.yaml
+++ b/deployments/kubernetes/chart/reloader/Chart.yaml
@@ -1,10 +1,8 @@
-# Generated from deployments/kubernetes/templates/chart/Chart.yaml.tmpl
-
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: 1.0.67
-appVersion: v1.0.67
+version: 2.1.2
+appVersion: v1.4.1
 keywords:
  - Reloader
  - kubernetes
@@ -18,4 +16,4 @@ maintainers:
  - name: rasheedamir
    email: rasheed@stakater.com
  - name: faizanahmad055
-    email: faizan.ahmad55@outlook.com
+    email: faizan@stakater.com
--- a/deployments/kubernetes/chart/reloader/README.md
+++ b/deployments/kubernetes/chart/reloader/README.md
@@ -0,0 +1,165 @@
+# Reloader Helm Chart
+
+If you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow the [Helm2 to Helm3 guide](../../../../docs/Helm2-to-Helm3.md), in case you have trouble migrating Reloader from Helm2 to Helm3.
+
+## Installation
+
+```bash
+helm repo add stakater https://stakater.github.io/stakater-charts
+
+helm repo update
+
+helm install stakater/reloader # For helm3 add --generate-name flag or set the release name
+
+helm install {{RELEASE_NAME}} stakater/reloader -n {{NAMESPACE}} --set reloader.watchGlobally=false # By default, Reloader watches in all namespaces. To watch in single namespace, set watchGlobally=false
+
+helm install stakater/reloader --set reloader.watchGlobally=false --namespace test --generate-name # Install Reloader in `test` namespace which will only watch `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts` in `test` namespace.
+```
+
+## Uninstalling
+
+```bash
+helm uninstall {{RELEASE_NAME}} -n {{NAMESPACE}}
+```
+
+## Parameters
+
+### Global Parameters
+
+| Parameter                 | Description                                                     | Type  | Default |
+| ------------------------- | --------------------------------------------------------------- | ----- | ------- |
+| `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | array | `[]`    |
+
+### Common Parameters
+
+| Parameter          | Description                              | Type   | Default           |
+| ------------------ | ---------------------------------------- | ------ | ----------------- |
+| `nameOverride`     | replace the name of the chart            | string | `""`              |
+| `fullnameOverride` | replace the generated name               | string | `""`              |
+| `image`            | Set container image name, tag and policy | map    | `see values.yaml` |
+
+### Core Reloader Parameters
+
+| Parameter                           | Description                                                                                                                                         | Type        | Default   |
+| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | --------- |
+| `reloader.autoReloadAll`            |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.isArgoRollouts`           | Enable Argo `Rollouts`. Valid value are either `true` or `false`                                                                                    | boolean     | `false`   |
+| `reloader.isOpenshift`              | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                                        | boolean     | `false`   |
+| `reloader.ignoreSecrets`            | To ignore secrets. Valid value are either `true` or `false`. Either `ignoreSecrets` or `ignoreConfigMaps` can be ignored, not both at the same time | boolean     | `false`   |
+| `reloader.ignoreConfigMaps`         | To ignore configmaps. Valid value are either `true` or `false`                                                                                      | boolean     | `false`   |
+| `reloader.reloadOnCreate`           | Enable reload on create events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.reloadOnDelete`           | Enable reload on delete events. Valid value are either `true` or `false`                                                                            | boolean     | `false`   |
+| `reloader.syncAfterRestart`         | Enable sync after Reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false`          | boolean     | `false`   |
+| `reloader.reloadStrategy`           | Strategy to trigger resource restart, set to either `default`, `env-vars` or `annotations`                                                          | enumeration | `default` |
+| `reloader.ignoreNamespaces`         | List of comma separated namespaces to ignore, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.namespaceSelector`        | List of comma separated namespaces to select, if multiple are provided, they are combined with the AND operator                                     | string      | `""`      |
+| `reloader.resourceLabelSelector`    | List of comma separated label selectors, if multiple are provided they are combined with the AND operator                                           | string      | `""`      |
+| `reloader.logFormat`                | Set type of log format. Value could be either `json` or `""`                                                                                        | string      | `""`      |
+| `reloader.watchGlobally`            | Allow Reloader to watch in all namespaces (`true`) or just in a single namespace (`false`)                                                          | boolean     | `true`    |
+| `reloader.enableHA`                 | Enable leadership election allowing you to run multiple replicas                                                                                    | boolean     | `false`   |
+| `reloader.readOnlyRootFileSystem`   | Enforce readOnlyRootFilesystem                                                                                                                      | boolean     | `false`   |
+| `reloader.legacy.rbac`              |                                                                                                                                                     | boolean     | `false`   |
+| `reloader.matchLabels`              | Pod labels to match                                                                                                                                 | map         | `{}`      |
+| `reloader.enableMetricsByNamespace` | Expose an additional Prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)            | boolean     | `false`   |
+
+### Deployment Reloader Parameters
+
+| Parameter                                       | Description                                                                                                                                                 | Type   | Default           |
+| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----------------- |
+| `reloader.deployment.replicas`                  | Number of replicas, if you wish to run multiple replicas set `reloader.enableHA = true`. The replicas will be limited to 1 when `reloader.enableHA = false` | int    | 1                 |
+| `reloader.deployment.revisionHistoryLimit`      | Limit the number of revisions retained in the revision history                                                                                              | int    | 2                 |
+| `reloader.deployment.nodeSelector`              | Scheduling pod to a specific node based on set labels                                                                                                       | map    | `{}`              |
+| `reloader.deployment.affinity`                  | Set affinity rules on pod                                                                                                                                   | map    | `{}`              |
+| `reloader.deployment.securityContext`           | Set pod security context                                                                                                                                    | map    | `{}`              |
+| `reloader.deployment.containerSecurityContext`  | Set container security context                                                                                                                              | map    | `{}`              |
+| `reloader.deployment.tolerations`               | A list of `tolerations` to be applied to the deployment                                                                                                     | array  | `[]`              |
+| `reloader.deployment.topologySpreadConstraints` | Topology spread constraints for pod assignment                                                                                                              | array  | `[]`              |
+| `reloader.deployment.annotations`               | Set deployment annotations                                                                                                                                  | map    | `{}`              |
+| `reloader.deployment.labels`                    | Set deployment labels, default to Stakater settings                                                                                                         | array  | `see values.yaml` |
+| `reloader.deployment.env`                       | Support for extra environment variables                                                                                                                     | array  | `[]`              |
+| `reloader.deployment.livenessProbe`             | Set liveness probe timeout values                                                                                                                           | map    | `{}`              |
+| `reloader.deployment.readinessProbe`            | Set readiness probe timeout values                                                                                                                          | map    | `{}`              |
+| `reloader.deployment.resources`                 | Set container requests and limits (e.g. CPU or memory)                                                                                                      | map    | `{}`              |
+| `reloader.deployment.pod.annotations`           | Set annotations for pod                                                                                                                                     | map    | `{}`              |
+| `reloader.deployment.priorityClassName`         | Set priority class for pod in cluster                                                                                                                       | string | `""`              |
+
+### Other Reloader Parameters
+
+| Parameter                              | Description                                                     | Type    | Default |
+| -------------------------------------- | --------------------------------------------------------------- | ------- | ------- |
+| `reloader.service`                     |                                                                 | map     | `{}`    |
+| `reloader.rbac.enabled`                | Specifies whether a role based access control should be created | boolean | `true`  |
+| `reloader.serviceAccount.create`       | Specifies whether a ServiceAccount should be created            | boolean | `true`  |
+| `reloader.custom_annotations`          | Add custom annotations                                          | map     | `{}`    |
+| `reloader.serviceMonitor.enabled`      | Enable to scrape Reloader's Prometheus metrics (legacy)         | boolean | `false` |
+| `reloader.podMonitor.enabled`          | Enable to scrape Reloader's Prometheus metrics                  | boolean | `false` |
+| `reloader.podDisruptionBudget.enabled` | Limit the number of pods of a replicated application            | boolean | `false` |
+| `reloader.netpol.enabled`              |                                                                 | boolean | `false` |
+| `reloader.volumeMounts`                | Mount volume                                                    | array   | `[]`    |
+| `reloader.volumes`                     | Add volume to a pod                                             | array   | `[]`    |
+| `reloader.webhookUrl`                  | Add webhook to Reloader                                         | string  | `""`    |
+
+## ⚙️ Helm Chart Configuration Notes
+
+### Selector Behavior
+- Both `namespaceSelector` & `resourceLabelSelector` can be used together
+- **Both conditions must be met** for a ConfigMap/Secret to trigger reloads
+  - Example: If a ConfigMap matches `resourceLabelSelector` but not `namespaceSelector`, it will be ignored
+
+### Important Limitations
+- Only one of these resources can be ignored at a time:
+  - `ignoreConfigMaps` **or** `ignoreSecrets`
+  - Trying to ignore both will cause Helm template compilation errors
+
+### Special Integrations
+- OpenShift (`DeploymentConfig`) and Argo Rollouts support must be **explicitly enabled**
+  - Required due to potential permission restrictions on clusters
+
+### OpenShift Considerations
+- Recent OpenShift versions (tested on 4.13.3) require:
+  - Users to be in a dynamically assigned UID range
+  - **Solution**: Unset `runAsUser` via `deployment.securityContext.runAsUser=null`
+  - Let OpenShift assign UID automatically during installation
+
+### Core Functionality Flags
+
+#### 🔄 `reloadOnCreate` Behavior
+**When true:**
+✅ New ConfigMaps/Secrets trigger rolling updates
+✅ New deployments referencing existing resources reload
+✅ In HA mode, new leader reloads all tracked workloads
+
+**When false:**
+❌ Updates during leader downtime are missed
+⏳ Potential 15s delay window (default `LeaseDuration`)
+
+#### 🗑️ `reloadOnDelete` Behavior
+**When true:**
+✅ Deleted resources trigger rolling updates of referencing workloads
+
+**When false:**
+❌ Deletions have no effect on referencing pods
+
+#### Default Settings
+⚠️ All flags default to `false` (must be enabled explicitly):
+- `reloadOnCreate`
+- `reloadOnDelete`
+- `syncAfterRestart`
+
+### Deprecation Notice
+- `serviceMonitor` will be removed in future releases in favor of `PodMonitor`
+
+## Release Process
+
+_Helm chart versioning_: The Reloader Helm chart is maintained in this repository. The Helm chart has its own semantic versioning. Helm charts and code releases are separate artifacts and separately versioned. Manifest making strategy relies on Kustomize. The Reloader Helm chart manages the two artifacts with these two fields:
+
+- [`appVersion`](Chart.yaml) points to released Reloader application image version listed on the [releases page](https://github.com/stakater/Reloader/releases)
+- [`version`](Chart.yaml) sets the Reloader Helm chart version
+
+Helm chart will be released to the chart registry whenever files in `deployments/kubernetes/chart/reloader/**` change on the main branch.
+
+### To release the Helm chart
+
+1. Create a new branch and update the Helm chart `appVersion` and `version`, example pull-request: [PR-846](https://github.com/stakater/Reloader/pull/846)
+1. Label the PR with `release/helm-chart`
+1. After approval and just before squash, make sure the squash commit message represents all changes, because it will be used to autogenerate the changelog message
--- a/deployments/kubernetes/chart/reloader/templates/_helpers.tpl
+++ b/deployments/kubernetes/chart/reloader/templates/_helpers.tpl
@@ -20,9 +20,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}

+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "reloader-chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{- define "reloader-labels.chart" -}}
 app: {{ template "reloader-fullname" . }}
-chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
 release: {{ .Release.Name | quote }}
 heritage: {{ .Release.Service | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
--- a/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/clusterrole.yaml
@@ -76,16 +76,7 @@ rules:
      - get
      - update
      - patch
-  - apiGroups:
-      - "extensions"
-    resources:
-      - deployments
-      - daemonsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
+{{- if .Values.reloader.ignoreCronJobs }}{{- else }}
  - apiGroups:
      - "batch"
    resources:
@@ -93,12 +84,18 @@ rules:
    verbs:
      - list
      - get
+{{- end }}
+{{- if .Values.reloader.ignoreJobs }}{{- else }}
  - apiGroups:
      - "batch"
    resources:
      - jobs
    verbs:
      - create
+      - delete
+      - list
+      - get
+{{- end}}
 {{- if .Values.reloader.enableHA }}
  - apiGroups:
      - "coordination.k8s.io"
--- a/deployments/kubernetes/chart/reloader/templates/deployment.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/deployment.yaml
@@ -18,7 +18,7 @@ metadata:
  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
 {{- if not (.Values.reloader.enableHA) }}
-  replicas: 1
+  replicas: {{ min .Values.reloader.deployment.replicas 1 }}
 {{- else }}
  replicas: {{ .Values.reloader.deployment.replicas }}
 {{- end}}
@@ -45,7 +45,7 @@ spec:
 {{ toYaml .Values.reloader.matchLabels | indent 8 }}
 {{- end }}
    spec:
-      {{- with .Values.reloader.deployment.imagePullSecrets }}
+      {{- with .Values.global.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
@@ -73,11 +73,36 @@ spec:
      priorityClassName: {{ .Values.reloader.deployment.priorityClassName }}
      {{- end }}
      containers:
-      - image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}"
-        imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }}
+      {{- if .Values.global.imageRegistry }}
+      - image: "{{ .Values.global.imageRegistry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+      {{- else }}
+      {{- if .Values.image.digest }}
+      - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+      {{- else }}
+      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+      {{- end }}
+      {{- end }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
        name: {{ template "reloader-fullname" . }}
-      {{- if or (.Values.reloader.deployment.env.open) (.Values.reloader.deployment.env.secret) (.Values.reloader.deployment.env.field) (.Values.reloader.deployment.env.existing) (eq .Values.reloader.watchGlobally false) (.Values.reloader.enableHA)}}
        env:
+        - name: GOMAXPROCS
+        {{- if .Values.reloader.deployment.gomaxprocsOverride }}
+          value: {{ .Values.reloader.deployment.gomaxprocsOverride | quote }}
+        {{- else }}
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.cpu
+              divisor: '1'
+        {{- end }}
+        - name: GOMEMLIMIT
+        {{- if .Values.reloader.deployment.gomemlimitOverride }}
+          value: {{ .Values.reloader.deployment.gomemlimitOverride | quote }}
+        {{- else }}
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
+              divisor: '1'
+        {{- end }}
      {{- range $name, $value := .Values.reloader.deployment.env.open }}
      {{- if not (empty $value) }}
        - name: {{ $name | quote }}
@@ -129,8 +154,10 @@ spec:
            fieldRef:
              fieldPath: metadata.namespace
      {{- end }}
+      {{- if .Values.reloader.enableMetricsByNamespace }}
+        - name: METRICS_COUNT_BY_NAMESPACE
+          value: enabled
      {{- end }}
-
        ports:
        - name: http
          containerPort: 9090
@@ -171,11 +198,14 @@ spec:
          {{- . | toYaml | nindent 10 }}
          {{- end }}
      {{- end }}
-      {{- if or (.Values.reloader.logFormat) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.namespaceSelector) (.Values.reloader.resourceLabelSelector) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA) (.Values.reloader.autoReloadAll)}}
+      {{- if or (.Values.reloader.logFormat) (.Values.reloader.logLevel) (.Values.reloader.ignoreSecrets) (.Values.reloader.ignoreNamespaces) (.Values.reloader.namespaceSelector) (.Values.reloader.resourceLabelSelector) (.Values.reloader.ignoreConfigMaps) (.Values.reloader.custom_annotations) (eq .Values.reloader.isArgoRollouts true) (eq .Values.reloader.reloadOnCreate true) (eq .Values.reloader.reloadOnDelete true) (ne .Values.reloader.reloadStrategy "default") (.Values.reloader.enableHA) (.Values.reloader.autoReloadAll)}}
        args:
          {{- if .Values.reloader.logFormat }}
          - "--log-format={{ .Values.reloader.logFormat }}"
          {{- end }}
+          {{- if .Values.reloader.logLevel }}
+          - "--log-level={{ .Values.reloader.logLevel }}"
+          {{- end }}
          {{- if .Values.reloader.ignoreSecrets }}
          - "--resources-to-ignore=secrets"
          {{- end }}
@@ -187,10 +217,10 @@ spec:
          {{- end }}
          {{- if .Values.reloader.namespaceSelector }}
          - "--namespace-selector={{ .Values.reloader.namespaceSelector }}"
-          {{- end }}    
+          {{- end }}
          {{- if .Values.reloader.resourceLabelSelector }}
          - "--resource-label-selector={{ .Values.reloader.resourceLabelSelector }}"
-          {{- end }}             
+          {{- end }}
          {{- if .Values.reloader.custom_annotations }}
            {{- if .Values.reloader.custom_annotations.configmap }}
          - "--configmap-annotation"
@@ -203,6 +233,14 @@ spec:
            {{- if .Values.reloader.custom_annotations.auto }}
          - "--auto-annotation"
          - "{{ .Values.reloader.custom_annotations.auto }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.secret_auto }}
+          - "--secret-auto-annotation"
+          - "{{ .Values.reloader.custom_annotations.secret_auto }}"
+            {{- end }}
+            {{- if .Values.reloader.custom_annotations.configmap_auto }}
+          - "--configmap-auto-annotation"
+          - "{{ .Values.reloader.custom_annotations.configmap_auto }}"
            {{- end }}
            {{- if .Values.reloader.custom_annotations.search }}
          - "--auto-search-annotation"
@@ -223,6 +261,9 @@ spec:
          {{- if eq .Values.reloader.reloadOnCreate true }}
          - "--reload-on-create={{ .Values.reloader.reloadOnCreate }}"
          {{- end }}
+          {{- if eq .Values.reloader.reloadOnDelete true }}
+          - "--reload-on-delete={{ .Values.reloader.reloadOnDelete }}"
+          {{- end }}
          {{- if eq .Values.reloader.syncAfterRestart true }}
          - "--sync-after-restart={{ .Values.reloader.syncAfterRestart }}"
          {{- end }}
--- a/deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/networkpolicy.yaml
@@ -10,6 +10,7 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
  podSelector:
    matchLabels:
--- a/deployments/kubernetes/chart/reloader/templates/poddisruptionbudget.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/poddisruptionbudget.yaml
@@ -3,8 +3,14 @@ apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 spec:
+{{- if .Values.reloader.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.reloader.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+{{- if and .Values.reloader.podDisruptionBudget.minAvailable (not .Values.reloader.podDisruptionBudget.maxUnavailable)}}
  minAvailable: {{ .Values.reloader.podDisruptionBudget.minAvailable }}
+{{- end }}
  selector:
    matchLabels:
      app: {{ template "reloader-fullname" . }}
--- a/deployments/kubernetes/chart/reloader/templates/podmonitor.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/podmonitor.yaml
@@ -14,6 +14,8 @@ metadata:
  name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.podMonitor.namespace }}
  namespace: {{ tpl .Values.reloader.podMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
  podMetricsEndpoints:
--- a/deployments/kubernetes/chart/reloader/templates/role.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/role.yaml
@@ -67,16 +67,6 @@ rules:
      - get
      - update
      - patch
-  - apiGroups:
-      - "extensions"
-    resources:
-      - deployments
-      - daemonsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
  - apiGroups:
      - "batch"
    resources:
@@ -90,6 +80,9 @@ rules:
      - jobs
    verbs:
      - create
+      - delete
+      - list
+      - get
 {{- if .Values.reloader.enableHA }}
  - apiGroups:
      - "coordination.k8s.io"
--- a/deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/servicemonitor.yaml
@@ -14,6 +14,8 @@ metadata:
  name: {{ template "reloader-fullname" . }}
 {{- if .Values.reloader.serviceMonitor.namespace }}
  namespace: {{ tpl .Values.reloader.serviceMonitor.namespace . }}
+{{- else }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}
 spec:
  endpoints:
--- a/deployments/kubernetes/chart/reloader/templates/verticalpodautoscaler.yaml
+++ b/deployments/kubernetes/chart/reloader/templates/verticalpodautoscaler.yaml
@@ -0,0 +1,40 @@
+{{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.reloader.verticalPodAutoscaler.enabled) }}
+apiVersion: autoscaling.k8s.io/v1
+kind: VerticalPodAutoscaler
+metadata:
+  name: {{ template "reloader-fullname" . }}
+  namespace: {{ .Values.namespace | default .Release.Namespace }}
+  labels:
+    {{- include "reloader-labels.chart" . | nindent 4 }}
+spec:
+  {{- with .Values.reloader.verticalPodAutoscaler.recommenders }}
+  recommenders:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  resourcePolicy:
+    containerPolicies:
+    - containerName: {{ template "reloader-fullname" . }}
+      {{- with .Values.reloader.verticalPodAutoscaler.controlledResources }}
+      controlledResources:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      controlledValues: {{ .Values.reloader.verticalPodAutoscaler.controlledValues }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.maxAllowed }}
+      maxAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.maxAllowed | nindent 8 }}
+      {{- end }}
+      {{- if .Values.reloader.verticalPodAutoscaler.minAllowed }}
+      minAllowed:
+        {{ toYaml .Values.reloader.verticalPodAutoscaler.minAllowed | nindent 8 }}
+      {{- end }}
+  targetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "reloader-fullname" . }}
+  {{- with .Values.reloader.verticalPodAutoscaler.updatePolicy }}
+  updatePolicy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
--- a/deployments/kubernetes/chart/reloader/tests/deployment_test.yaml
+++ b/deployments/kubernetes/chart/reloader/tests/deployment_test.yaml
@@ -48,3 +48,16 @@ tests:
    asserts:
      - isEmpty:
          path: spec.template.spec.containers[0].securityContext
+
+  - it: template still sets POD_NAME and POD_NAMESPACE environment variables when enableHA is true
+    set:
+      reloader:
+        enableHA: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
--- a/deployments/kubernetes/chart/reloader/values.yaml
+++ b/deployments/kubernetes/chart/reloader/values.yaml
@@ -3,7 +3,10 @@ global:
  ## Reference to one or more secrets to be used when pulling images
  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  ##
+  imageRegistry: ""
  imagePullSecrets: []
+  #imagePullSecrets:
+  #  - name: my-pull-secret

 kubernetes:
  host: https://kubernetes.default
@@ -11,19 +14,30 @@ kubernetes:
 nameOverride: ""
 fullnameOverride: ""

+image:
+  name: stakater/reloader
+  repository: ghcr.io/stakater/reloader
+  tag: v1.4.1
+  # digest: sha256:1234567
+  pullPolicy: IfNotPresent
+
 reloader:
  autoReloadAll: false
  isArgoRollouts: false
  isOpenshift: false
  ignoreSecrets: false
  ignoreConfigMaps: false
+  ignoreJobs: false
+  ignoreCronJobs: false
  reloadOnCreate: false
+  reloadOnDelete: false
  syncAfterRestart: false
  reloadStrategy: default # Set to default, env-vars or annotations
  ignoreNamespaces: "" # Comma separated list of namespaces to ignore
  namespaceSelector: "" # Comma separated list of k8s label selectors for namespaces selection
  resourceLabelSelector: "" # Comma separated list of k8s label selectors for configmap/secret selection
-  logFormat: "" #json
+  logFormat: "" # json
+  logLevel: info # Log level to use (trace, debug, info, warning, error, fatal and panic)
  watchGlobally: true
  # Set to true to enable leadership election allowing you to run multiple replicas
  enableHA: false
@@ -32,6 +46,8 @@ reloader:
  legacy:
    rbac: false
  matchLabels: {}
+  # Set to true to expose a prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)
+  enableMetricsByNamespace: false
  deployment:
    # If you wish to run multiple replicas set reloader.enableHA = true
    replicas: 1
@@ -55,8 +71,11 @@ reloader:
    securityContext:
      runAsNonRoot: true
      runAsUser: 65534
+      seccompProfile:
+        type: RuntimeDefault

-    containerSecurityContext: {}
+    containerSecurityContext:
+      {}
      # capabilities:
      #   drop:
      #     - ALL
@@ -87,11 +106,7 @@ reloader:
    labels:
      provider: stakater
      group: com.stakater.platform
-      version: v1.0.67
-    image:
-      name: ghcr.io/stakater/reloader
-      tag: v1.0.67
-      pullPolicy: IfNotPresent
+      version: v1.4.1
    # Support for extra environment variables.
    env:
      # Open supports Key value pair as environment variables.
@@ -142,7 +157,14 @@ reloader:
    # imagePullSecrets:
    #   - name: myregistrykey

-  service: {}
+    # Put "0" in either to have go runtime ignore the set value.
+    # Otherwise, see https://pkg.go.dev/runtime#hdr-Environment_Variables for GOMAXPROCS and GOMEMLIMIT
+    gomaxprocsOverride: ""
+    gomemlimitOverride: ""
+
+  service:
+    {}
+
    # labels: {}
    # annotations: {}
    # port: 9090
@@ -272,6 +294,9 @@ reloader:
    enabled: false
    # Set the minimum available replicas
    # minAvailable: 1
+    # OR Set the maximum unavailable replicas
+    # maxUnavailable: 1
+    # If both defined only maxUnavailable will be used

  netpol:
    enabled: false
@@ -280,7 +305,38 @@ reloader:
    #     matchLabels:
    #       app.kubernetes.io/name: prometheus
    to: []
-    
+
+  # Enable vertical pod autoscaler
+  verticalPodAutoscaler:
+    enabled: false
+
+    # Recommender responsible for generating recommendation for the object.
+    # List should be empty (then the default recommender will generate the recommendation)
+    # or contain exactly one recommender.
+    # recommenders:
+    # - name: custom-recommender-performance
+
+    # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory
+    controlledResources: []
+    # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits.
+    # controlledValues: RequestsAndLimits
+
+    # Define the max allowed resources for the pod
+    maxAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+    # Define the min allowed resources for the pod
+    minAllowed: {}
+    # cpu: 200m
+    # memory: 100Mi
+
+    updatePolicy:
+      # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction
+      # minReplicas: 1
+      # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates
+      # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto".
+      updateMode: Auto
+
  volumeMounts: []

  volumes: []
--- a/deployments/kubernetes/manifests/clusterrole.yaml
+++ b/deployments/kubernetes/manifests/clusterrole.yaml
@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRole
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader-role
 rules:
  - apiGroups:
@@ -58,6 +48,9 @@ rules:
      - jobs
    verbs:
      - create
+      - delete
+      - list
+      - get
  - apiGroups:
      - ""
    resources:
--- a/deployments/kubernetes/manifests/clusterrolebinding.yaml
+++ b/deployments/kubernetes/manifests/clusterrolebinding.yaml
@@ -1,18 +1,8 @@
 ---
 # Source: reloader/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRoleBinding
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
--- a/deployments/kubernetes/manifests/deployment.yaml
+++ b/deployments/kubernetes/manifests/deployment.yaml
@@ -3,18 +3,6 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
-    group: com.stakater.platform
-    provider: stakater
-    version: v1.0.67
  name: reloader-reloader
  namespace: default
 spec:
@@ -23,49 +11,58 @@ spec:
  selector:
    matchLabels:
      app: reloader-reloader
-      release: "reloader"
  template:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-1.0.67"
-        release: "reloader"
-        heritage: "Helm"
-        app.kubernetes.io/managed-by: "Helm"
-        group: com.stakater.platform
-        provider: stakater
-        version: v1.0.67
    spec:
      containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.67"
-        imagePullPolicy: IfNotPresent
-        name: reloader-reloader
-
-        ports:
-        - name: http
-          containerPort: 9090
-        livenessProbe:
-          httpGet:
-            path: /live
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /metrics
-            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
-          periodSeconds: 10
-          successThreshold: 1
-          initialDelaySeconds: 10
-
-        securityContext:
-          {}
-      securityContext: 
+        - image: "ghcr.io/stakater/reloader:v1.1.0"
+          imagePullPolicy: IfNotPresent
+          name: reloader-reloader
+          env:
+            - name: GOMAXPROCS
+              valueFrom:
+                resourceFieldRef:
+                  resource: limits.cpu
+                  divisor: '1'
+            - name: GOMEMLIMIT
+              valueFrom:
+                resourceFieldRef:
+                  resource: limits.memory
+                  divisor: '1'
+          ports:
+            - name: http
+              containerPort: 9090
+          livenessProbe:
+            httpGet:
+              path: /live
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            timeoutSeconds: 5
+            failureThreshold: 5
+            periodSeconds: 10
+            successThreshold: 1
+            initialDelaySeconds: 10
+          securityContext: {}
+          resources:
+            limits:
+              cpu: "1"
+              memory: 512Mi
+            requests:
+              cpu: 10m
+              memory: 512Mi
+      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
      serviceAccountName: reloader-reloader
--- a/deployments/kubernetes/manifests/serviceaccount.yaml
+++ b/deployments/kubernetes/manifests/serviceaccount.yaml
@@ -3,14 +3,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader
  namespace: default
--- a/deployments/kubernetes/reloader.yaml
+++ b/deployments/kubernetes/reloader.yaml
@@ -1,127 +1,84 @@
---
-# Source: reloader/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader
  namespace: default
 ---
-# Source: reloader/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRole
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader-role
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-      - configmaps
-    verbs:
-      - list
-      - get
-      - watch
-  - apiGroups:
-      - "apps"
-    resources:
-      - deployments
-      - daemonsets
-      - statefulsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
-  - apiGroups:
-      - "extensions"
-    resources:
-      - deployments
-      - daemonsets
-    verbs:
-      - list
-      - get
-      - update
-      - patch
-  - apiGroups:
-      - "batch"
-    resources:
-      - cronjobs
-    verbs:
-      - list
-      - get
-  - apiGroups:
-      - "batch"
-    resources:
-      - jobs
-    verbs:
-      - create
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - statefulsets
+  verbs:
+  - list
+  - get
+  - update
+  - patch
+- apiGroups:
+  - extensions
+  resources:
+  - deployments
+  - daemonsets
+  verbs:
+  - list
+  - get
+  - update
+  - patch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  verbs:
+  - list
+  - get
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - list
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
 ---
-# Source: reloader/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
-
 kind: ClusterRoleBinding
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
  name: reloader-reloader-role-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: reloader-reloader-role
 subjects:
-  - kind: ServiceAccount
-    name: reloader-reloader
-    namespace: default
+- kind: ServiceAccount
+  name: reloader-reloader
+  namespace: default
 ---
-# Source: reloader/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  annotations:
-    meta.helm.sh/release-namespace: "default"
-    meta.helm.sh/release-name: "reloader"
-  labels:
-    app: reloader-reloader
-    chart: "reloader-1.0.67"
-    release: "reloader"
-    heritage: "Helm"
-    app.kubernetes.io/managed-by: "Helm"
-    group: com.stakater.platform
-    provider: stakater
-    version: v1.0.67
  name: reloader-reloader
  namespace: default
 spec:
@@ -130,49 +87,58 @@ spec:
  selector:
    matchLabels:
      app: reloader-reloader
-      release: "reloader"
  template:
    metadata:
      labels:
        app: reloader-reloader
-        chart: "reloader-1.0.67"
-        release: "reloader"
-        heritage: "Helm"
-        app.kubernetes.io/managed-by: "Helm"
-        group: com.stakater.platform
-        provider: stakater
-        version: v1.0.67
    spec:
      containers:
-      - image: "ghcr.io/stakater/reloader:v1.0.67"
+      - env:
+        - name: GOMAXPROCS
+          valueFrom:
+            resourceFieldRef:
+              divisor: "1"
+              resource: limits.cpu
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              divisor: "1"
+              resource: limits.memory
+        image: "ghcr.io/stakater/reloader:latest"
        imagePullPolicy: IfNotPresent
-        name: reloader-reloader
-
-        ports:
-        - name: http
-          containerPort: 9090
        livenessProbe:
+          failureThreshold: 5
          httpGet:
            path: /live
            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
+          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
-          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        name: reloader-reloader
+        ports:
+        - containerPort: 9090
+          name: http
        readinessProbe:
+          failureThreshold: 5
          httpGet:
            path: /metrics
            port: http
-          timeoutSeconds: 5
-          failureThreshold: 5
+          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
-          initialDelaySeconds: 10
-
-        securityContext:
-          {}
-      securityContext: 
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: "1"
+            memory: 512Mi
+          requests:
+            cpu: 10m
+            memory: 512Mi
+        securityContext: {}
+      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
+        seccompProfile:
+          type: RuntimeDefault
      serviceAccountName: reloader-reloader
--- a/deployments/kubernetes/templates/chart/values.yaml.tmpl
+++ b/deployments/kubernetes/templates/chart/values.yaml.tmpl
@@ -23,6 +23,8 @@ reloader:
  legacy:
    rbac: false
  matchLabels: {}
+  # Set to true to expose a prometheus counter of reloads by namespace (this metric may have high cardinality in clusters with many namespaces)
+  enableMetricsByNamespace: false
  deployment:
    replicas: 1
    nodeSelector:
--- a/docs-nginx.conf
+++ b/docs-nginx.conf
@@ -0,0 +1,11 @@
+server {
+    listen 8080;
+    root /usr/share/nginx/html/;
+    index index.html;
+    error_page 403 404 /404.html;
+    location = /404.html {
+        internal;
+    }
+    # redirects issued by nginx will be relative
+    absolute_redirect off;
+}
--- a/docs/Alerting.md
+++ b/docs/Alerting.md
@@ -2,17 +2,17 @@

 Reloader can alert when it triggers a rolling upgrade on Deployments or StatefulSets. Webhook notification alert would be sent to the configured webhook server with all the required information.

-## Enabling the feature
+## Enabling

 In-order to enable this feature, you need to update the `reloader.env.secret` section of `values.yaml` providing the information needed for alert:

 ```yaml
-      ALERT_ON_RELOAD: [ true/false ] Default: false 
+      ALERT_ON_RELOAD: [ true/false ] Default: false
      ALERT_SINK: [ slack/teams/webhook ] Default: webhook
      ALERT_WEBHOOK_URL: Required if ALERT_ON_RELOAD is true
      ALERT_ADDITIONAL_INFO: Any additional information to be added to alert
 ```

-## Slack incoming-webhook creation docs
+## Slack Incoming-Webhook Creation Docs

 [Sending messages using Incoming Webhooks](https://api.slack.com/messaging/webhooks)
--- a/docs/Helm2-to-Helm3.md
+++ b/docs/Helm2-to-Helm3.md
@@ -8,7 +8,7 @@ There are 3 steps involved in migrating the Reloader from Helm2 to Helm3.

 ### Step 1

-Install the helm-2to3 plugin
+Install the `helm-2to3` plugin

 ```bash
 helm3 plugin install https://github.com/helm/helm-2to3
--- a/docs/How-it-works.md
+++ b/docs/How-it-works.md
@@ -1,21 +1,32 @@
-# How it works?
+# How Does Reloader Work?

-Reloader watches for `ConfigMap` and `Secret` and detects if there are changes in data of these objects. After change detection Reloader performs rolling upgrade on relevant Pods via associated `Deployment`, `Daemonset` and `Statefulset`.
+Reloader watches for `ConfigMap` and `Secret` and detects if there are changes in data of these objects. After change detection Reloader performs rolling upgrade on relevant Pods via associated `Deployment`, `Daemonset` and `Statefulset`:

-## How change detection works
+```mermaid
+flowchart LR
+    subgraph Reloader
+    controller("Controller watches in a loop") -- "Detects a change" --> upgrade_handler("Upgrade handler checks if the change is a valid data change by comparing the change hash")
+    upgrade_handler -- "Update resource" --> update_resource("Updates the resource with computed hash of change")
+    end
+    Reloader -- "Watches" --> secret_configmaps("Secrets/ConfigMaps")
+    Reloader -- "Updates resources with Reloader environment variable" --> resources("Deployments/DaemonSets/StatefulSets resources with Reloader annotation")
+    resources -- "Restart pods based on StrategyType" --> Pods
+```

-Reloader watches changes in `configmaps` and `secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
+## How Does Change Detection Work?

-## Requirements for rolling upgrade
+Reloader watches changes in `ConfigMaps` and `Secrets` data. As soon as it detects a change in these. It forwards these objects to an update handler which decides if and how to perform the rolling upgrade.
+
+## Requirements for Rolling Upgrade

 To perform rolling upgrade a `deployment`, `daemonset` or `statefulset` must have

 - support for rolling upgrade strategy
- specific annotation for `configmaps` or `secrets`
+- specific annotation for `ConfigMaps` or `Secrets`

-The annotation value is comma separated list of `configmaps` or `secrets`. If a change is detected in data of these `configmaps` or `secrets`, Reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.
+The annotation value is comma separated list of `ConfigMaps` or `Secrets`. If a change is detected in data of these `ConfigMaps` or `Secrets`, Reloader will perform rolling upgrades on their associated `deployments`, `daemonsets` or `statefulsets`.

-### Annotation for Configmap
+### Annotation for ConfigMap

 For a `Deployment` called `foo` have a `ConfigMap` called `foo`. Then add this annotation* to your `Deployment`, where the default annotation can be changed with the `--configmap-annotation` flag:

@@ -37,21 +48,21 @@ metadata:

 Above mentioned annotation are also work for `Daemonsets` `Statefulsets` and `Rollouts`

-## How Rolling upgrade works?
+## How Does Rolling Upgrade Work?

-When Reloader detects changes in configmap. It gets two objects of configmap. First object is an old configmap object which has a state before the latest change. Second object is new configmap object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If Reloader finds any change in new configmap object, only then, it moves forward with rolling upgrade.
+When Reloader detects changes in `ConfigMap`. It gets two objects of `ConfigMap`. First object is an old `ConfigMap` object which has a state before the latest change. Second object is new `ConfigMap` object which contains latest changes. Reloader compares both objects and see whether any change in data occurred or not. If Reloader finds any change in new `ConfigMap` object, only then, it moves forward with rolling upgrade.

-After that, Reloader gets the list of all `deployments`, `daemonsets` and `statefulset` and looks for above mentioned annotation for configmap. If the annotation value contains the configmap name, it then looks for an environment variable which can contain the configmap or secret data change hash.
+After that, Reloader gets the list of all `deployments`, `daemonsets` and `statefulset` and looks for above mentioned annotation for `ConfigMap`. If the annotation value contains the `ConfigMap` name, it then looks for an environment variable which can contain the `ConfigMap` or secret data change hash.

-### Environment variable for Configmap
+### Environment Variable for ConfigMap

-If configmap name is foo then
+If `ConfigMap` name is foo then

 ```yaml
 STAKATER_FOO_CONFIGMAP
 ```

-### Environment variable for Secret
+### Environment Variable for Secret

 If Secret name is foo then

@@ -59,11 +70,11 @@ If Secret name is foo then
 STAKATER_FOO_SECRET
 ```

-If the environment variable is found then it gets its value and compares it with new configmap hash value. If old value in environment variable is different from new hash value then Reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from configmap and updates the relevant `deployment`, `daemonset` or `statefulset`
+If the environment variable is found then it gets its value and compares it with new `ConfigMap` hash value. If old value in environment variable is different from new hash value then Reloader updates the environment variable. If the environment variable does not exist then it creates a new environment variable with latest hash value from `ConfigMap` and updates the relevant `deployment`, `daemonset` or `statefulset`

 Note: Rolling upgrade also works in the same way for secrets.

-### Hash value Computation
+### Hash Value Computation

 Reloader uses SHA1 to compute hash value. SHA1 is used because it is efficient and less prone to collision.

@@ -77,6 +88,6 @@ helm --namespace {replace this with namespace name} template . > reloader.yaml

 The output file can then be used to deploy Reloader in specific namespace.

-## Compatibility with helm install and upgrade
+## Compatibility With Helm Install and Upgrade

-Reloader has no impact on helm deployment cycle. Reloader only injects an environment variable in  `deployment`, `daemonset` or `statefulset`. The environment variable contains the SHA1 value of configmap's or secret's data. So  if a deployment is created using Helm and Reloader updates the deployment, then next time you upgrade the helm release, Reloader will do nothing except changing that environment variable value in `deployment` , `daemonset` or `statefulset`.
+Reloader has no impact on helm deployment cycle. Reloader only injects an environment variable in  `deployment`, `daemonset` or `statefulset`. The environment variable contains the SHA1 value of `ConfigMaps` or `Secrets` data. So  if a deployment is created using Helm and Reloader updates the deployment, then next time you upgrade the helm release, Reloader will do nothing except changing that environment variable value in `deployment` , `daemonset` or `statefulset`.
--- a/docs/Reloader-vs-ConfigmapController.md
+++ b/docs/Reloader-vs-ConfigmapController.md
@@ -1,12 +1,11 @@
-
 # Reloader vs ConfigmapController

-Reloader is inspired from [Configmapcontroller](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from configmapController. Below is the small comparison between these two controllers.
+Reloader is inspired from [`configmapcontroller`](https://github.com/fabric8io/configmapcontroller) but there are many ways in which it differs from `configmapcontroller`. Below is the small comparison between these two controllers.

-| Reloader                                                                                                                                                                                                                                                                                                                 | Configmap                                                                                                                                                                                                                                                          |
+| Reloader                                                                                                                                                                                                                                                                                                                 | ConfigMap                                                                                                                                                                                                                                                          |
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Reloader can watch both `secrets` and `configmaps`.                                                                                                                                                                                                                                                    | ConfigmapController can only watch changes in `configmaps`. It cannot detect changes in other resources like `secrets`.                                                                                                                                        |
-| Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | ConfigmapController can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
-| Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in configmap controller. It add difficulties for any additional updates in configmap controller and one can not know for sure whether new changes breaks any old functionality or not. |
-| Reloader uses SHA1 to encode the change in configmap or secret. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. | Configmap controller uses `FABRICB_FOO_REVISION` environment variable to store any change in configmap controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
-| Reloader allows you to customize your own annotation (for both Secrets and Configmaps) using command line flags | Configmap controller restricts you to only their provided annotation |
+| Reloader can watch both `Secrets` and `ConfigMaps`.                                                                                                                                                                                                                                                    | `configmapcontroller` can only watch changes in `ConfigMaps`. It cannot detect changes in other resources like `Secrets`.                                                                                                                                        |
+| Reloader can perform rolling upgrades on `deployments` as well as on `statefulsets` and `daemonsets`                                                                                                                                                                                                   | `configmapcontroller` can only perform rolling upgrades on `deployments`. It currently does not support rolling upgrades on `statefulsets` and `daemonsets`                                                                                                          |
+| Reloader provides both unit test cases and end to end integration test cases for future updates. So one can make sure that new changes do not break any old functionality.                                                                                                                                               | Currently there are not any unit test cases or end to end integration test cases in `configmap-controller`. It add difficulties for any additional updates in `configmap-controller` and one can not know for sure whether new changes breaks any old functionality or not. |
+| Reloader uses SHA1 to encode the change in `ConfigMap` or `Secret`. It then saves the SHA1 value in `STAKATER_FOO_CONFIGMAP` or `STAKATER_FOO_SECRET` environment variable depending upon where the change has happened. The use of SHA1 provides a concise 40 characters encoded value that is very less prone to collision. |  `configmap-controller` uses `FABRICB_FOO_REVISION` environment variable to store any change in `ConfigMap` controller. It does not encode it or convert it in suitable hash value to avoid data pollution in deployment.                                               |
+| Reloader allows you to customize your own annotation (for both `Secrets` and `ConfigMaps`) using command line flags | `configmap-controller` restricts you to only their provided annotation |
--- a/docs/Reloader-vs-k8s-trigger-controller.md
+++ b/docs/Reloader-vs-k8s-trigger-controller.md
@@ -4,7 +4,7 @@ Reloader and k8s-trigger-controller are both built for same purpose. So there ar

 ## Similarities

- Both controllers support change detection in configmap and secrets
+- Both controllers support change detection in `ConfigMaps` and `Secrets`
 - Both controllers support deployment `rollout`
 - Both controllers use SHA1 for hashing
 - Both controllers have end to end as well as unit test cases.
@@ -21,7 +21,7 @@ Reloader and k8s-trigger-controller are both built for same purpose. So there ar

 Reloader supports deployment `rollout` as well as `daemonsets` and `statefulsets` `rollout`.

-### Hashing usage
+### Hashing Usage

 #### `k8s-trigger-controller`

--- a/docs/Reloader-with-Sealed-Secrets.md
+++ b/docs/Reloader-with-Sealed-Secrets.md
@@ -3,12 +3,12 @@
 Below are the steps to use Reloader with Sealed Secrets:

 1. Download and install the kubeseal client from [here](https://github.com/bitnami-labs/sealed-secrets)
-1. Install the controller for sealed secrets
+1. Install the controller for Sealed Secrets
 1. Fetch the encryption certificate
 1. Encrypt the secret
 1. Apply the secret
-1. Install the tool which uses that sealed secret
+1. Install the tool which uses that Sealed Secret
 1. Install Reloader
 1. Once everything is setup, update the original secret at client and encrypt it with kubeseal to see Reloader working
-1. Apply the updated sealed secret
+1. Apply the updated Sealed Secret
 1. Reloader will restart the pod to use that updated secret
--- a/docs/Verify-Reloader-Working.md
+++ b/docs/Verify-Reloader-Working.md
@@ -2,7 +2,7 @@

 Reloader's working can be verified by three ways.

-## Verify from logs
+## Verify From Logs

 Check the logs of Reloader and verify that you can see logs looks like below, if you are able to find these logs then it means Reloader is working.

@@ -14,11 +14,11 @@ Updated test-resource of type Deployment in namespace: test-reloader

 Below are the details that explain these logs:

-### test-object
+### `test-object`

-`test-object` is the name of a `secret` or a `deployment` in which change has been detected.
+`test-object` is the name of a `secret` or a `configmap` in which change has been detected.

-### SECRET
+### `SECRET`

 `SECRET` is the type of `test-object`. It can either be `SECRET` or `CONFIGMAP`

@@ -30,11 +30,11 @@ Below are the details that explain these logs:

 `test-resource` is the name of resource which is going to be updated

-### Deployment
+### `Deployment`

 `Deployment` is the type of `test-resource`. It can either be a `Deployment`, `Daemonset` or `Statefulset`

-## Verify by checking the age of Pod
+## Verify by Checking the Age of Pod

 A pod's age can tell whether Reloader is working correctly or not. If you know that a change in a `secret` or `configmap` has occurred, then check the relevant Pod's age immediately. It should be newly created few moments ago.

@@ -42,7 +42,7 @@ A pod's age can tell whether Reloader is working correctly or not. If you know t

 `kubernetes dashboard` can be used to verify the working of Reloader. After a change in `secret` or `configmap`, check the relevant Pod's age from dashboard. It should be newly created few moments ago.

-### Verify from command line
+### Verify from Command Line

 After a change in `secret` or `configmap`. Run the below-mentioned command and verify that the pod is newly created.

@@ -50,7 +50,7 @@ After a change in `secret` or `configmap`. Run the below-mentioned command and v
 kubectl get pods <pod name> -n <namespace name>
 ```

-## Verify from metrics
+## Verify From Metrics

 Some metrics are exported to Prometheus endpoint `/metrics` on port `9090`.

@@ -60,3 +60,16 @@ When Reloader is unable to reload, `reloader_reload_executed_total{success="fals
 reloader_reload_executed_total{success="false"} 15
 reloader_reload_executed_total{success="true"} 12
 ```
+
+### Reloads by Namespace
+
+Reloader can also export a metric to show the number of reloads by namespace. This feature is disabled by default, as it can lead to high cardinality in clusters with many namespaces.
+
+The metric will have both `success` and `namespace` as attributes:
+
+```text
+reloader_reload_executed_total{success="false", namespace="some-namespace"} 2
+reloader_reload_executed_total{success="true", namespace="some-namespace"} 1
+```
+
+To opt in, set the environment variable `METRICS_COUNT_BY_NAMESPACE` to `enabled` or set the Helm value `reloader.enableMetricsByNamespace` to `true`.
--- a/docs/features.md
+++ b/docs/features.md
@@ -1,8 +0,0 @@
-# Features
-
-These are the key features of Reloader:
-
-1. Restart pod in a `deployment` on change in linked/related configmap's or secret's
-1. Restart pod in a `daemonset` on change in linked/related configmap's or secret's
-1. Restart pod in a `statefulset` on change in linked/related configmap's or secret's
-1. Restart pod in a `rollout` on change in linked/related configmap's or secret's
--- a/docs/index.md
+++ b/docs/index.md
@@ -0,0 +1,12 @@
+# Introduction
+
+Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `DeploymentConfigs`, `Deployments`, `Daemonsets` `Statefulsets` and `Rollouts`.
+
+These are the key features of Reloader:
+
+1. Restart pod in a `deployment` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `daemonset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `statefulset` on change in linked/related `ConfigMaps` or `Secrets`
+1. Restart pod in a `rollout` on change in linked/related `ConfigMaps` or `Secrets`
+
+This site contains more details on how Reloader works. For an overview, please see the repository's [README file](https://github.com/stakater/Reloader/blob/master/README.md).
--- a/go.mod
+++ b/go.mod
@@ -1,80 +1,82 @@
 module github.com/stakater/Reloader

-go 1.21
+go 1.24.2

 require (
-	github.com/argoproj/argo-rollouts v1.6.5
-	github.com/openshift/api v3.9.0+incompatible
-	github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba
-	github.com/parnurzeal/gorequest v0.2.16
-	github.com/prometheus/client_golang v1.17.0
+	github.com/argoproj/argo-rollouts v1.8.2
+	github.com/openshift/api v0.0.0-20250411135543-10a8fa583797
+	github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2
+	github.com/parnurzeal/gorequest v0.3.0
+	github.com/prometheus/client_golang v1.22.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.8.0
-	k8s.io/api v0.28.4
-	k8s.io/apimachinery v0.28.4
-	k8s.io/client-go v0.28.4
-	k8s.io/kubectl v0.28.4
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
+	github.com/spf13/cobra v1.9.1
+	github.com/stretchr/testify v1.10.0
+	k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.32.3
+	k8s.io/kubectl v0.32.3
+	k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e
 )

 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/moul/http2curl v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
-	github.com/prometheus/procfs v0.11.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.63.0 // indirect
+	github.com/prometheus/procfs v0.16.0 // indirect
 	github.com/smartystreets/goconvey v1.7.2 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.12.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
-	moul.io/http2curl v1.0.0 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )

 // Replacements for argo-rollouts
 replace (
 	github.com/go-check/check => github.com/go-check/check v0.0.0-20201130134442-10cb98267c6c
-	k8s.io/api v0.0.0 => k8s.io/api v0.28.4
-	k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.28.4
-	k8s.io/client-go v0.0.0 => k8s.io/client-go v0.27.4
+	k8s.io/api v0.0.0 => k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.32.3
+	k8s.io/client-go v0.0.0 => k8s.io/client-go v0.32.3
 	k8s.io/cloud-provider v0.0.0 => k8s.io/cloud-provider v0.24.2
 	k8s.io/controller-manager v0.0.0 => k8s.io/controller-manager v0.24.2
 	k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.20.5-rc.0
@@ -83,7 +85,7 @@ replace (
 	k8s.io/kube-controller-manager v0.0.0 => k8s.io/kube-controller-manager v0.24.2
 	k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.24.2
 	k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.24.2
-	k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.27.1
+	k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.32.3
 	k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.24.2
 	k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.24.2
 	k8s.io/mount-utils v0.0.0 => k8s.io/mount-utils v0.20.5-rc.0
--- a/go.sum
+++ b/go.sum
@@ -1,60 +1,48 @@
-github.com/argoproj/argo-rollouts v1.6.2 h1:5Eur0FA9F9L0S+MkhxEtQlD9Hwb86U30QgTyKCUOor8=
-github.com/argoproj/argo-rollouts v1.6.2/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
-github.com/argoproj/argo-rollouts v1.6.4 h1:mPa08VDNNk1/1Tq7I4QvWe5p+eDaBzVFVo1TmBpHk1I=
-github.com/argoproj/argo-rollouts v1.6.4/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
-github.com/argoproj/argo-rollouts v1.6.5 h1:VDAp9PGboRbzd9tQJ/8IkaI+KrvWIRrpfSV5aeX0GUQ=
-github.com/argoproj/argo-rollouts v1.6.5/go.mod h1:X2kTiBaYCSounmw1kmONdIZTwJNzNQYC0SrXUgSw9UI=
+github.com/argoproj/argo-rollouts v1.8.2 h1:DBvkYvFTEH/zJ9MxJerqz/NMWEgZcHY5vxztyCBS5ak=
+github.com/argoproj/argo-rollouts v1.8.2/go.mod h1:xZIw+dg+B4IqMv5fNPenIBUiPb9xljL2st1xxkjhaC0=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0=
-github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
-github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8=
-github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ=
-github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
-github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380 h1:1NyRx2f4W4WBRyg0Kys0ZbaNmDDzZ2R/C7DTi+bbsJ0=
+github.com/elazarl/goproxy v0.0.0-20240726154733-8b0c20506380/go.mod h1:thX175TtLTzLj3p7N/Q9IiKZ7NF+p72cvL91emV0hzo=
+github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
+github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
+github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
+github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -65,49 +53,58 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs=
+github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
-github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
-github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
-github.com/openshift/api v3.9.0+incompatible h1:fJ/KsefYuZAjmrr3+5U9yZIZbTOpVkDDLDLFresAeYs=
-github.com/openshift/api v3.9.0+incompatible/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY=
-github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba h1:uZ9gqdJIKUegxqeBqKXbPdd0JfO6aueQ2Ot/gTOhkD8=
-github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba/go.mod h1:/BACtJX3fnHOlecTC3VW7JPsJU7KCGaUqt/HkWp5ryo=
-github.com/parnurzeal/gorequest v0.2.16 h1:T/5x+/4BT+nj+3eSknXmCTnEVGSzFzPGdpqmUVVZXHQ=
-github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
+github.com/openshift/api v0.0.0-20250331192611-6179881b782d h1:Vadr+xFmNi6RzWRTJtqMQJv1hiUe7as1rV2svKQffoY=
+github.com/openshift/api v0.0.0-20250331192611-6179881b782d/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797 h1:8x3G8QOZqo2bRAL8JFlPz/odqQECI/XmlZeRwnFxJ8I=
+github.com/openshift/api v0.0.0-20250411135543-10a8fa583797/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/client-go v0.0.0-20250330132942-bc2e3c2af6e1 h1:9SaT0p5FsRDvz4STV1VnxMyfXXzAXv1PubZ0nczzDYk=
+github.com/openshift/client-go v0.0.0-20250330132942-bc2e3c2af6e1/go.mod h1:6a0Hj32FrkokKMeTck1uStmNV0wHYv46dHWAWER5iis=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2 h1:bPXR0R8zp1o12nSUphN26hSM+OKYq5pMorbDCpApzDQ=
+github.com/openshift/client-go v0.0.0-20250402181141-b3bad3b645f2/go.mod h1:dT1cJyVTperQ53GvVRa+GZ27r02fDZy2k5j+9QoQsCo=
+github.com/parnurzeal/gorequest v0.3.0 h1:SoFyqCDC9COr1xuS6VA8fC8RU7XyrJZN2ona1kEX7FI=
+github.com/parnurzeal/gorequest v0.3.0/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
-github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
-github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
+github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=
+github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=
+github.com/prometheus/procfs v0.16.0 h1:xh6oHhKwnOJKMYiYBDWmkHqQPyiY40sny36Cmx2bbsM=
+github.com/prometheus/procfs v0.16.0/go.mod h1:8veyXUu3nGP7oaCxhX6yeaM5u4stL2FeMXnCqhDthZg=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -115,22 +112,21 @@ github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N
 github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
-github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
-github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -138,14 +134,17 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4=
-golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -153,65 +152,65 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
+golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY=
-k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0=
-k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
-k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
-k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY=
-k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
-k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
-k8s.io/kubectl v0.28.4 h1:gWpUXW/T7aFne+rchYeHkyB8eVDl5UZce8G4X//kjUQ=
-k8s.io/kubectl v0.28.4/go.mod h1:CKOccVx3l+3MmDbkXtIUtibq93nN2hkDR99XDCn7c/c=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
-moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
+k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/kubectl v0.32.3 h1:VMi584rbboso+yjfv0d8uBHwwxbC438LKq+dXd5tOAI=
+k8s.io/kubectl v0.32.3/go.mod h1:6Euv2aso5GKzo/UVMacV6C7miuyevpfI91SvBvV9Zdg=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e h1:KqK5c/ghOm8xkHYhlodbp6i6+r+ChV2vuAuVRdFbLro=
+k8s.io/utils v0.0.0-20250321185631-1f6e0b77f77e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/internal/pkg/callbacks/rolling_upgrade.go
+++ b/internal/pkg/callbacks/rolling_upgrade.go
@@ -2,14 +2,18 @@ package callbacks

 import (
 	"context"
+	"fmt"
+	"time"

 	"github.com/sirupsen/logrus"
+	"github.com/stakater/Reloader/internal/pkg/options"
 	"github.com/stakater/Reloader/pkg/kube"
 	appsv1 "k8s.io/api/apps/v1"
 	batchv1 "k8s.io/api/batch/v1"
 	v1 "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	patchtypes "k8s.io/apimachinery/pkg/types"

 	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	openshiftv1 "github.com/openshift/api/apps/v1"
@@ -88,6 +92,26 @@ func GetCronJobItems(clients kube.Clients, namespace string) []runtime.Object {
 	return items
 }

+// GetJobItems returns the jobs in given namespace
+func GetJobItems(clients kube.Clients, namespace string) []runtime.Object {
+	jobs, err := clients.KubernetesClient.BatchV1().Jobs(namespace).List(context.TODO(), meta_v1.ListOptions{})
+	if err != nil {
+		logrus.Errorf("Failed to list jobs %v", err)
+	}
+
+	items := make([]runtime.Object, len(jobs.Items))
+	// Ensure we always have pod annotations to add to
+	for i, v := range jobs.Items {
+		if v.Spec.Template.ObjectMeta.Annotations == nil {
+			annotations := make(map[string]string)
+			jobs.Items[i].Spec.Template.ObjectMeta.Annotations = annotations
+		}
+		items[i] = &jobs.Items[i]
+	}
+
+	return items
+}
+
 // GetDaemonSetItems returns the daemonSets in given namespace
 func GetDaemonSetItems(clients kube.Clients, namespace string) []runtime.Object {
 	daemonSets, err := clients.KubernetesClient.AppsV1().DaemonSets(namespace).List(context.TODO(), meta_v1.ListOptions{})
@@ -174,6 +198,11 @@ func GetCronJobAnnotations(item runtime.Object) map[string]string {
 	return item.(*batchv1.CronJob).ObjectMeta.Annotations
 }

+// GetJobAnnotations returns the annotations of given job
+func GetJobAnnotations(item runtime.Object) map[string]string {
+	return item.(*batchv1.Job).ObjectMeta.Annotations
+}
+
 // GetDaemonSetAnnotations returns the annotations of given daemonSet
 func GetDaemonSetAnnotations(item runtime.Object) map[string]string {
 	return item.(*appsv1.DaemonSet).ObjectMeta.Annotations
@@ -204,6 +233,11 @@ func GetCronJobPodAnnotations(item runtime.Object) map[string]string {
 	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations
 }

+// GetJobPodAnnotations returns the pod's annotations of given job
+func GetJobPodAnnotations(item runtime.Object) map[string]string {
+	return item.(*batchv1.Job).Spec.Template.ObjectMeta.Annotations
+}
+
 // GetDaemonSetPodAnnotations returns the pod's annotations of given daemonSet
 func GetDaemonSetPodAnnotations(item runtime.Object) map[string]string {
 	return item.(*appsv1.DaemonSet).Spec.Template.ObjectMeta.Annotations
@@ -234,6 +268,11 @@ func GetCronJobContainers(item runtime.Object) []v1.Container {
 	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.Containers
 }

+// GetJobContainers returns the containers of given job
+func GetJobContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.Job).Spec.Template.Spec.Containers
+}
+
 // GetDaemonSetContainers returns the containers of given daemonSet
 func GetDaemonSetContainers(item runtime.Object) []v1.Container {
 	return item.(*appsv1.DaemonSet).Spec.Template.Spec.Containers
@@ -264,6 +303,11 @@ func GetCronJobInitContainers(item runtime.Object) []v1.Container {
 	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.InitContainers
 }

+// GetJobInitContainers returns the containers of given job
+func GetJobInitContainers(item runtime.Object) []v1.Container {
+	return item.(*batchv1.Job).Spec.Template.Spec.InitContainers
+}
+
 // GetDaemonSetInitContainers returns the containers of given daemonSet
 func GetDaemonSetInitContainers(item runtime.Object) []v1.Container {
 	return item.(*appsv1.DaemonSet).Spec.Template.Spec.InitContainers
@@ -303,6 +347,38 @@ func CreateJobFromCronjob(clients kube.Clients, namespace string, resource runti
 	return err
 }

+// ReCreateJobFromjob performs rolling upgrade on job
+func ReCreateJobFromjob(clients kube.Clients, namespace string, resource runtime.Object) error {
+	oldJob := resource.(*batchv1.Job)
+	job := oldJob.DeepCopy()
+
+	// Delete the old job
+	policy := meta_v1.DeletePropagationBackground
+	err := clients.KubernetesClient.BatchV1().Jobs(namespace).Delete(context.TODO(), job.Name, meta_v1.DeleteOptions{PropagationPolicy: &policy})
+	if err != nil {
+		return err
+	}
+
+	// Remove fields that should not be specified when creating a new Job
+	job.ObjectMeta.ResourceVersion = ""
+	job.ObjectMeta.UID = ""
+	job.ObjectMeta.CreationTimestamp = meta_v1.Time{}
+	job.Status = batchv1.JobStatus{}
+
+	// Remove problematic labels
+	delete(job.Spec.Template.Labels, "controller-uid")
+	delete(job.Spec.Template.Labels, batchv1.ControllerUidLabel)
+	delete(job.Spec.Template.Labels, batchv1.JobNameLabel)
+	delete(job.Spec.Template.Labels, "job-name")
+
+	// Remove the selector to allow it to be auto-generated
+	job.Spec.Selector = nil
+
+	// Create the new job with same spec
+	_, err = clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, meta_v1.CreateOptions{FieldManager: "Reloader"})
+	return err
+}
+
 // UpdateDaemonSet performs rolling upgrade on daemonSet
 func UpdateDaemonSet(clients kube.Clients, namespace string, resource runtime.Object) error {
 	daemonSet := resource.(*appsv1.DaemonSet)
@@ -326,11 +402,15 @@ func UpdateDeploymentConfig(clients kube.Clients, namespace string, resource run

 // UpdateRollout performs rolling upgrade on rollout
 func UpdateRollout(clients kube.Clients, namespace string, resource runtime.Object) error {
+	var err error
 	rollout := resource.(*argorolloutv1alpha1.Rollout)
-	rolloutBefore, _ := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Get(context.TODO(), rollout.Name, meta_v1.GetOptions{})
-	logrus.Warnf("Before: %+v", rolloutBefore.Spec.Template.Spec.Containers[0].Env)
-	logrus.Warnf("After: %+v", rollout.Spec.Template.Spec.Containers[0].Env)
-	_, err := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Update(context.TODO(), rollout, meta_v1.UpdateOptions{FieldManager: "Reloader"})
+	strategy := rollout.GetAnnotations()[options.RolloutStrategyAnnotation]
+	switch options.ToArgoRolloutStrategy(strategy) {
+	case options.RestartStrategy:
+		_, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Patch(context.TODO(), rollout.Name, patchtypes.MergePatchType, []byte(fmt.Sprintf(`{"spec": {"restartAt": "%s"}}`, time.Now().Format(time.RFC3339))), meta_v1.PatchOptions{FieldManager: "Reloader"})
+	case options.RolloutStrategy:
+		_, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Update(context.TODO(), rollout, meta_v1.UpdateOptions{FieldManager: "Reloader"})
+	}
 	return err
 }

@@ -344,6 +424,11 @@ func GetCronJobVolumes(item runtime.Object) []v1.Volume {
 	return item.(*batchv1.CronJob).Spec.JobTemplate.Spec.Template.Spec.Volumes
 }

+// GetJobVolumes returns the Volumes of given job
+func GetJobVolumes(item runtime.Object) []v1.Volume {
+	return item.(*batchv1.Job).Spec.Template.Spec.Volumes
+}
+
 // GetDaemonSetVolumes returns the Volumes of given daemonSet
 func GetDaemonSetVolumes(item runtime.Object) []v1.Volume {
 	return item.(*appsv1.DaemonSet).Spec.Template.Spec.Volumes
--- a/internal/pkg/callbacks/rolling_upgrade_test.go
+++ b/internal/pkg/callbacks/rolling_upgrade_test.go
@@ -0,0 +1,524 @@
+package callbacks_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
+	v1 "k8s.io/api/core/v1"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	"k8s.io/client-go/kubernetes/fake"
+
+	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
+	fakeargoclientset "github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned/fake"
+
+	"github.com/stakater/Reloader/internal/pkg/callbacks"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/testutil"
+	"github.com/stakater/Reloader/pkg/kube"
+)
+
+var (
+	clients = setupTestClients()
+)
+
+type testFixtures struct {
+	defaultContainers     []v1.Container
+	defaultInitContainers []v1.Container
+	defaultVolumes        []v1.Volume
+	namespace             string
+}
+
+func newTestFixtures() testFixtures {
+	return testFixtures{
+		defaultContainers:     []v1.Container{{Name: "container1"}, {Name: "container2"}},
+		defaultInitContainers: []v1.Container{{Name: "init-container1"}, {Name: "init-container2"}},
+		defaultVolumes:        []v1.Volume{{Name: "volume1"}, {Name: "volume2"}},
+		namespace:             "default",
+	}
+}
+
+func setupTestClients() kube.Clients {
+	return kube.Clients{
+		KubernetesClient:  fake.NewSimpleClientset(),
+		ArgoRolloutClient: fakeargoclientset.NewSimpleClientset(),
+	}
+}
+
+// TestUpdateRollout test update rollout strategy annotation
+func TestUpdateRollout(t *testing.T) {
+	namespace := "test-ns"
+
+	cases := map[string]struct {
+		name      string
+		strategy  string
+		isRestart bool
+	}{
+		"test-without-strategy": {
+			name:      "defaults to rollout strategy",
+			strategy:  "",
+			isRestart: false,
+		},
+		"test-with-restart-strategy": {
+			name:      "triggers a restart strategy",
+			strategy:  "restart",
+			isRestart: true,
+		},
+		"test-with-rollout-strategy": {
+			name:      "triggers a rollout strategy",
+			strategy:  "rollout",
+			isRestart: false,
+		},
+	}
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			rollout, err := testutil.CreateRollout(
+				clients.ArgoRolloutClient, name, namespace,
+				map[string]string{options.RolloutStrategyAnnotation: tc.strategy},
+			)
+			if err != nil {
+				t.Errorf("creating rollout: %v", err)
+			}
+			modifiedChan := watchRollout(rollout.Name, namespace)
+
+			err = callbacks.UpdateRollout(clients, namespace, rollout)
+			if err != nil {
+				t.Errorf("updating rollout: %v", err)
+			}
+			rollout, err = clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(
+				namespace).Get(context.TODO(), rollout.Name, meta_v1.GetOptions{})
+
+			if err != nil {
+				t.Errorf("getting rollout: %v", err)
+			}
+			if isRestartStrategy(rollout) == tc.isRestart {
+				t.Errorf("Should not be a restart strategy")
+			}
+			select {
+			case <-modifiedChan:
+				// object has been modified
+			case <-time.After(1 * time.Second):
+				t.Errorf("Rollout has not been updated")
+			}
+		})
+	}
+}
+
+func TestResourceItems(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name          string
+		createFunc    func(kube.Clients, string) error
+		getItemsFunc  func(kube.Clients, string) []runtime.Object
+		expectedCount int
+	}{
+		{
+			name:          "Deployments",
+			createFunc:    createTestDeployments,
+			getItemsFunc:  callbacks.GetDeploymentItems,
+			expectedCount: 2,
+		},
+		{
+			name:          "CronJobs",
+			createFunc:    createTestCronJobs,
+			getItemsFunc:  callbacks.GetCronJobItems,
+			expectedCount: 2,
+		},
+		{
+			name:          "Jobs",
+			createFunc:    createTestJobs,
+			getItemsFunc:  callbacks.GetJobItems,
+			expectedCount: 2,
+		},
+		{
+			name:          "DaemonSets",
+			createFunc:    createTestDaemonSets,
+			getItemsFunc:  callbacks.GetDaemonSetItems,
+			expectedCount: 2,
+		},
+		{
+			name:          "StatefulSets",
+			createFunc:    createTestStatefulSets,
+			getItemsFunc:  callbacks.GetStatefulSetItems,
+			expectedCount: 2,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.createFunc(clients, fixtures.namespace)
+			assert.NoError(t, err)
+
+			items := tt.getItemsFunc(clients, fixtures.namespace)
+			assert.Equal(t, tt.expectedCount, len(items))
+		})
+	}
+}
+
+func TestGetAnnotations(t *testing.T) {
+	testAnnotations := map[string]string{"version": "1"}
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) map[string]string
+	}{
+		{"Deployment", &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetDeploymentAnnotations},
+		{"CronJob", &batchv1.CronJob{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetCronJobAnnotations},
+		{"Job", &batchv1.Job{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetJobAnnotations},
+		{"DaemonSet", &appsv1.DaemonSet{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetDaemonSetAnnotations},
+		{"StatefulSet", &appsv1.StatefulSet{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetStatefulSetAnnotations},
+		{"Rollout", &argorolloutv1alpha1.Rollout{ObjectMeta: metav1.ObjectMeta{Annotations: testAnnotations}}, callbacks.GetRolloutAnnotations},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, testAnnotations, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetPodAnnotations(t *testing.T) {
+	testAnnotations := map[string]string{"version": "1"}
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) map[string]string
+	}{
+		{"Deployment", createResourceWithPodAnnotations(&appsv1.Deployment{}, testAnnotations), callbacks.GetDeploymentPodAnnotations},
+		{"CronJob", createResourceWithPodAnnotations(&batchv1.CronJob{}, testAnnotations), callbacks.GetCronJobPodAnnotations},
+		{"Job", createResourceWithPodAnnotations(&batchv1.Job{}, testAnnotations), callbacks.GetJobPodAnnotations},
+		{"DaemonSet", createResourceWithPodAnnotations(&appsv1.DaemonSet{}, testAnnotations), callbacks.GetDaemonSetPodAnnotations},
+		{"StatefulSet", createResourceWithPodAnnotations(&appsv1.StatefulSet{}, testAnnotations), callbacks.GetStatefulSetPodAnnotations},
+		{"Rollout", createResourceWithPodAnnotations(&argorolloutv1alpha1.Rollout{}, testAnnotations), callbacks.GetRolloutPodAnnotations},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, testAnnotations, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetContainers(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Container
+	}{
+		{"Deployment", createResourceWithContainers(&appsv1.Deployment{}, fixtures.defaultContainers), callbacks.GetDeploymentContainers},
+		{"DaemonSet", createResourceWithContainers(&appsv1.DaemonSet{}, fixtures.defaultContainers), callbacks.GetDaemonSetContainers},
+		{"StatefulSet", createResourceWithContainers(&appsv1.StatefulSet{}, fixtures.defaultContainers), callbacks.GetStatefulSetContainers},
+		{"CronJob", createResourceWithContainers(&batchv1.CronJob{}, fixtures.defaultContainers), callbacks.GetCronJobContainers},
+		{"Job", createResourceWithContainers(&batchv1.Job{}, fixtures.defaultContainers), callbacks.GetJobContainers},
+		{"Rollout", createResourceWithContainers(&argorolloutv1alpha1.Rollout{}, fixtures.defaultContainers), callbacks.GetRolloutContainers},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultContainers, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestGetInitContainers(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Container
+	}{
+		{"Deployment", createResourceWithInitContainers(&appsv1.Deployment{}, fixtures.defaultInitContainers), callbacks.GetDeploymentInitContainers},
+		{"DaemonSet", createResourceWithInitContainers(&appsv1.DaemonSet{}, fixtures.defaultInitContainers), callbacks.GetDaemonSetInitContainers},
+		{"StatefulSet", createResourceWithInitContainers(&appsv1.StatefulSet{}, fixtures.defaultInitContainers), callbacks.GetStatefulSetInitContainers},
+		{"CronJob", createResourceWithInitContainers(&batchv1.CronJob{}, fixtures.defaultInitContainers), callbacks.GetCronJobInitContainers},
+		{"Job", createResourceWithInitContainers(&batchv1.Job{}, fixtures.defaultInitContainers), callbacks.GetJobInitContainers},
+		{"Rollout", createResourceWithInitContainers(&argorolloutv1alpha1.Rollout{}, fixtures.defaultInitContainers), callbacks.GetRolloutInitContainers},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultInitContainers, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+func TestUpdateResources(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name       string
+		createFunc func(kube.Clients, string, string) (runtime.Object, error)
+		updateFunc func(kube.Clients, string, runtime.Object) error
+	}{
+		{"Deployment", createTestDeploymentWithAnnotations, callbacks.UpdateDeployment},
+		{"DaemonSet", createTestDaemonSetWithAnnotations, callbacks.UpdateDaemonSet},
+		{"StatefulSet", createTestStatefulSetWithAnnotations, callbacks.UpdateStatefulSet},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resource, err := tt.createFunc(clients, fixtures.namespace, "1")
+			assert.NoError(t, err)
+
+			err = tt.updateFunc(clients, fixtures.namespace, resource)
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestCreateJobFromCronjob(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	cronJob, err := createTestCronJobWithAnnotations(clients, fixtures.namespace, "1")
+	assert.NoError(t, err)
+
+	err = callbacks.CreateJobFromCronjob(clients, fixtures.namespace, cronJob.(*batchv1.CronJob))
+	assert.NoError(t, err)
+}
+
+func TestReCreateJobFromJob(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	job, err := createTestJobWithAnnotations(clients, fixtures.namespace, "1")
+	assert.NoError(t, err)
+
+	err = callbacks.ReCreateJobFromjob(clients, fixtures.namespace, job.(*batchv1.Job))
+	assert.NoError(t, err)
+}
+
+func TestGetVolumes(t *testing.T) {
+	fixtures := newTestFixtures()
+
+	tests := []struct {
+		name     string
+		resource runtime.Object
+		getFunc  func(runtime.Object) []v1.Volume
+	}{
+		{"Deployment", createResourceWithVolumes(&appsv1.Deployment{}, fixtures.defaultVolumes), callbacks.GetDeploymentVolumes},
+		{"CronJob", createResourceWithVolumes(&batchv1.CronJob{}, fixtures.defaultVolumes), callbacks.GetCronJobVolumes},
+		{"Job", createResourceWithVolumes(&batchv1.Job{}, fixtures.defaultVolumes), callbacks.GetJobVolumes},
+		{"DaemonSet", createResourceWithVolumes(&appsv1.DaemonSet{}, fixtures.defaultVolumes), callbacks.GetDaemonSetVolumes},
+		{"StatefulSet", createResourceWithVolumes(&appsv1.StatefulSet{}, fixtures.defaultVolumes), callbacks.GetStatefulSetVolumes},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, fixtures.defaultVolumes, tt.getFunc(tt.resource))
+		})
+	}
+}
+
+// Helper functions
+
+func isRestartStrategy(rollout *argorolloutv1alpha1.Rollout) bool {
+	return rollout.Spec.RestartAt == nil
+}
+
+func watchRollout(name, namespace string) chan interface{} {
+	timeOut := int64(1)
+	modifiedChan := make(chan interface{})
+	watcher, _ := clients.ArgoRolloutClient.ArgoprojV1alpha1().Rollouts(namespace).Watch(context.Background(), meta_v1.ListOptions{TimeoutSeconds: &timeOut})
+	go watchModified(watcher, name, modifiedChan)
+	return modifiedChan
+}
+
+func watchModified(watcher watch.Interface, name string, modifiedChan chan interface{}) {
+	for event := range watcher.ResultChan() {
+		item := event.Object.(*argorolloutv1alpha1.Rollout)
+		if item.Name == name {
+			switch event.Type {
+			case watch.Modified:
+				modifiedChan <- nil
+			}
+			return
+		}
+	}
+}
+
+func createTestDeployments(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateDeployment(clients.KubernetesClient, fmt.Sprintf("test-deployment-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestCronJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateCronJob(clients.KubernetesClient, fmt.Sprintf("test-cron-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestJobs(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateJob(clients.KubernetesClient, fmt.Sprintf("test-job-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestDaemonSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateDaemonSet(clients.KubernetesClient, fmt.Sprintf("test-daemonset-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createTestStatefulSets(clients kube.Clients, namespace string) error {
+	for i := 1; i <= 2; i++ {
+		_, err := testutil.CreateStatefulSet(clients.KubernetesClient, fmt.Sprintf("test-statefulset-%d", i), namespace, false)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func createResourceWithPodAnnotations(obj runtime.Object, annotations map[string]string) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *appsv1.DaemonSet:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *appsv1.StatefulSet:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.ObjectMeta.Annotations = annotations
+	case *batchv1.Job:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.ObjectMeta.Annotations = annotations
+	}
+	return obj
+}
+
+func createResourceWithContainers(obj runtime.Object, containers []v1.Container) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.Containers = containers
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.Containers = containers
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.Containers = containers
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.Containers = containers
+	case *batchv1.Job:
+		v.Spec.Template.Spec.Containers = containers
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.Spec.Containers = containers
+	}
+	return obj
+}
+
+func createResourceWithInitContainers(obj runtime.Object, initContainers []v1.Container) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.InitContainers = initContainers
+	case *batchv1.Job:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	case *argorolloutv1alpha1.Rollout:
+		v.Spec.Template.Spec.InitContainers = initContainers
+	}
+	return obj
+}
+
+func createResourceWithVolumes(obj runtime.Object, volumes []v1.Volume) runtime.Object {
+	switch v := obj.(type) {
+	case *appsv1.Deployment:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *batchv1.CronJob:
+		v.Spec.JobTemplate.Spec.Template.Spec.Volumes = volumes
+	case *batchv1.Job:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *appsv1.DaemonSet:
+		v.Spec.Template.Spec.Volumes = volumes
+	case *appsv1.StatefulSet:
+		v.Spec.Template.Spec.Volumes = volumes
+	}
+	return obj
+}
+
+func createTestDeploymentWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	deployment := &appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-deployment",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().Deployments(namespace).Create(context.TODO(), deployment, metav1.CreateOptions{})
+}
+
+func createTestDaemonSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	daemonSet := &appsv1.DaemonSet{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-daemonset",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().DaemonSets(namespace).Create(context.TODO(), daemonSet, metav1.CreateOptions{})
+}
+
+func createTestStatefulSetWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	statefulSet := &appsv1.StatefulSet{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-statefulset",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.AppsV1().StatefulSets(namespace).Create(context.TODO(), statefulSet, metav1.CreateOptions{})
+}
+
+func createTestCronJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	cronJob := &batchv1.CronJob{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-cronjob",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.BatchV1().CronJobs(namespace).Create(context.TODO(), cronJob, metav1.CreateOptions{})
+}
+
+func createTestJobWithAnnotations(clients kube.Clients, namespace, version string) (runtime.Object, error) {
+	job := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        "test-job",
+			Namespace:   namespace,
+			Annotations: map[string]string{"version": version},
+		},
+	}
+	return clients.KubernetesClient.BatchV1().Jobs(namespace).Create(context.TODO(), job, metav1.CreateOptions{})
+}
--- a/internal/pkg/cmd/reloader.go
+++ b/internal/pkg/cmd/reloader.go
@@ -13,13 +13,14 @@ import (

 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+
 	"github.com/stakater/Reloader/internal/pkg/controller"
 	"github.com/stakater/Reloader/internal/pkg/metrics"
 	"github.com/stakater/Reloader/internal/pkg/options"
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/labels"
 )

 // NewReloaderCommand starts the reloader controller
@@ -35,10 +36,13 @@ func NewReloaderCommand() *cobra.Command {
 	cmd.PersistentFlags().BoolVar(&options.AutoReloadAll, "auto-reload-all", false, "Auto reload all resources")
 	cmd.PersistentFlags().StringVar(&options.ConfigmapUpdateOnChangeAnnotation, "configmap-annotation", "configmap.reloader.stakater.com/reload", "annotation to detect changes in configmaps, specified by name")
 	cmd.PersistentFlags().StringVar(&options.SecretUpdateOnChangeAnnotation, "secret-annotation", "secret.reloader.stakater.com/reload", "annotation to detect changes in secrets, specified by name")
-	cmd.PersistentFlags().StringVar(&options.ReloaderAutoAnnotation, "auto-annotation", "reloader.stakater.com/auto", "annotation to detect changes in secrets")
+	cmd.PersistentFlags().StringVar(&options.ReloaderAutoAnnotation, "auto-annotation", "reloader.stakater.com/auto", "annotation to detect changes in secrets/configmaps")
+	cmd.PersistentFlags().StringVar(&options.ConfigmapReloaderAutoAnnotation, "configmap-auto-annotation", "configmap.reloader.stakater.com/auto", "annotation to detect changes in configmaps")
+	cmd.PersistentFlags().StringVar(&options.SecretReloaderAutoAnnotation, "secret-auto-annotation", "secret.reloader.stakater.com/auto", "annotation to detect changes in secrets")
 	cmd.PersistentFlags().StringVar(&options.AutoSearchAnnotation, "auto-search-annotation", "reloader.stakater.com/search", "annotation to detect changes in configmaps or secrets tagged with special match annotation")
 	cmd.PersistentFlags().StringVar(&options.SearchMatchAnnotation, "search-match-annotation", "reloader.stakater.com/match", "annotation to mark secrets or configmaps to match the search")
-	cmd.PersistentFlags().StringVar(&options.LogFormat, "log-format", "", "Log format to use (empty string for text, or JSON")
+	cmd.PersistentFlags().StringVar(&options.LogFormat, "log-format", "", "Log format to use (empty string for text, or JSON)")
+	cmd.PersistentFlags().StringVar(&options.LogLevel, "log-level", "info", "Log level to use (trace, debug, info, warning, error, fatal and panic)")
 	cmd.PersistentFlags().StringVar(&options.WebhookUrl, "webhook-url", "", "webhook to trigger instead of performing a reload")
 	cmd.PersistentFlags().StringSlice("resources-to-ignore", []string{}, "list of resources to ignore (valid options 'configMaps' or 'secrets')")
 	cmd.PersistentFlags().StringSlice("namespaces-to-ignore", []string{}, "list of namespaces to ignore")
@@ -47,6 +51,7 @@ func NewReloaderCommand() *cobra.Command {
 	cmd.PersistentFlags().StringVar(&options.IsArgoRollouts, "is-Argo-Rollouts", "false", "Add support for argo rollouts")
 	cmd.PersistentFlags().StringVar(&options.ReloadStrategy, constants.ReloadStrategyFlag, constants.EnvVarsReloadStrategy, "Specifies the desired reload strategy")
 	cmd.PersistentFlags().StringVar(&options.ReloadOnCreate, "reload-on-create", "false", "Add support to watch create events")
+	cmd.PersistentFlags().StringVar(&options.ReloadOnDelete, "reload-on-delete", "false", "Add support to watch delete events")
 	cmd.PersistentFlags().BoolVar(&options.EnableHA, "enable-ha", false, "Adds support for running multiple replicas via leadership election")
 	cmd.PersistentFlags().BoolVar(&options.SyncAfterRestart, "sync-after-restart", false, "Sync add events after reloader restarts")

@@ -78,7 +83,7 @@ func validateFlags(*cobra.Command, []string) error {
 	return nil
 }

-func configureLogging(logFormat string) error {
+func configureLogging(logFormat, logLevel string) error {
 	switch logFormat {
 	case "json":
 		logrus.SetFormatter(&logrus.JSONFormatter{})
@@ -88,6 +93,12 @@ func configureLogging(logFormat string) error {
 			return fmt.Errorf("unsupported logging formatter: %q", logFormat)
 		}
 	}
+	// set log level
+	level, err := logrus.ParseLevel(logLevel)
+	if err != nil {
+		return err
+	}
+	logrus.SetLevel(level)
 	return nil
 }

@@ -111,7 +122,7 @@ func getHAEnvs() (string, string) {
 }

 func startReloader(cmd *cobra.Command, args []string) {
-	err := configureLogging(options.LogFormat)
+	err := configureLogging(options.LogFormat, options.LogLevel)
 	if err != nil {
 		logrus.Warn(err)
 	}
--- a/internal/pkg/controller/controller.go
+++ b/internal/pkg/controller/controller.go
@@ -28,7 +28,7 @@ import (
 type Controller struct {
 	client            kubernetes.Interface
 	indexer           cache.Indexer
-	queue             workqueue.RateLimitingInterface
+	queue             workqueue.TypedRateLimitingInterface[any]
 	informer          cache.Controller
 	namespace         string
 	resource          string
@@ -67,7 +67,7 @@ func NewController(
 	})
 	recorder := eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: fmt.Sprintf("reloader-%s", resource)})

-	queue := workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter())
+	queue := workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any]())

 	optionsModifier := func(options *metav1.ListOptions) {
 		if resource == "namespaces" {
@@ -81,12 +81,17 @@ func NewController(

 	listWatcher := cache.NewFilteredListWatchFromClient(client.CoreV1().RESTClient(), resource, namespace, optionsModifier)

-	indexer, informer := cache.NewIndexerInformer(listWatcher, kube.ResourceMap[resource], 0, cache.ResourceEventHandlerFuncs{
-		AddFunc:    c.Add,
-		UpdateFunc: c.Update,
-		DeleteFunc: c.Delete,
-	}, cache.Indexers{})
-	c.indexer = indexer
+	_, informer := cache.NewInformerWithOptions(cache.InformerOptions{
+		ListerWatcher: listWatcher,
+		ObjectType:    kube.ResourceMap[resource],
+		ResyncPeriod:  0,
+		Handler: cache.ResourceEventHandlerFuncs{
+			AddFunc:    c.Add,
+			UpdateFunc: c.Update,
+			DeleteFunc: c.Delete,
+		},
+		Indexers: cache.Indexers{},
+	})
 	c.informer = informer
 	c.queue = queue
 	c.collectors = collectors
@@ -178,13 +183,22 @@ func (c *Controller) Update(old interface{}, new interface{}) {

 // Delete function to add an object to the queue in case of deleting a resource
 func (c *Controller) Delete(old interface{}) {
+
+	if options.ReloadOnDelete == "true" {
+		if !c.resourceInIgnoredNamespace(old) && c.resourceInSelectedNamespaces(old) && secretControllerInitialized && configmapControllerInitialized {
+			c.queue.Add(handler.ResourceDeleteHandler{
+				Resource:   old,
+				Collectors: c.collectors,
+				Recorder:   c.recorder,
+			})
+		}
+	}
+
 	switch object := old.(type) {
 	case *v1.Namespace:
 		c.removeSelectedNamespaceFromCache(*object)
 		return
 	}
-
-	// Todo: Any future delete event can be handled here
 }

 // Run function for controller which handles the queue
--- a/internal/pkg/controller/controller_test.go
+++ b/internal/pkg/controller/controller_test.go
@@ -2208,7 +2208,7 @@ func TestController_resourceInIgnoredNamespace(t *testing.T) {
 	type fields struct {
 		client            kubernetes.Interface
 		indexer           cache.Indexer
-		queue             workqueue.RateLimitingInterface
+		queue             workqueue.TypedRateLimitingInterface[any]
 		informer          cache.Controller
 		namespace         string
 		ignoredNamespaces util.List
@@ -2291,7 +2291,7 @@ func TestController_resourceInIgnoredNamespace(t *testing.T) {
 func TestController_resourceInNamespaceSelector(t *testing.T) {
 	type fields struct {
 		indexer           cache.Indexer
-		queue             workqueue.RateLimitingInterface
+		queue             workqueue.TypedRateLimitingInterface[any]
 		informer          cache.Controller
 		namespace         v1.Namespace
 		namespaceSelector string
@@ -2449,7 +2449,7 @@ func TestController_resourceInNamespaceSelector(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			fakeClient := fake.NewSimpleClientset()
 			namespace, _ := fakeClient.CoreV1().Namespaces().Create(context.Background(), &tt.fields.namespace, metav1.CreateOptions{})
-			logrus.Infof("created fakeClient namesapce for testing = %s", namespace.Name)
+			logrus.Infof("created fakeClient namespace for testing = %s", namespace.Name)

 			c := &Controller{
 				client:            fakeClient,
--- a/internal/pkg/handler/create.go
+++ b/internal/pkg/handler/create.go
@@ -27,7 +27,7 @@ func (r ResourceCreatedHandler) Handle() error {
 			return sendUpgradeWebhook(config, options.WebhookUrl)
 		}
 		// process resource based on its type
-		return doRollingUpgrade(config, r.Collectors, r.Recorder)
+		return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeReloadStrategy)
 	}
 	return nil
 }
--- a/internal/pkg/handler/delete.go
+++ b/internal/pkg/handler/delete.go
@@ -0,0 +1,92 @@
+package handler
+
+import (
+	"github.com/sirupsen/logrus"
+	"github.com/stakater/Reloader/internal/pkg/callbacks"
+	"github.com/stakater/Reloader/internal/pkg/constants"
+	"github.com/stakater/Reloader/internal/pkg/metrics"
+	"github.com/stakater/Reloader/internal/pkg/options"
+	"github.com/stakater/Reloader/internal/pkg/testutil"
+	"github.com/stakater/Reloader/internal/pkg/util"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/record"
+)
+
+// ResourceDeleteHandler contains new objects
+type ResourceDeleteHandler struct {
+	Resource   interface{}
+	Collectors metrics.Collectors
+	Recorder   record.EventRecorder
+}
+
+// Handle processes resources being deleted
+func (r ResourceDeleteHandler) Handle() error {
+	if r.Resource == nil {
+		logrus.Errorf("Resource delete handler received nil resource")
+	} else {
+		config, _ := r.GetConfig()
+		// Send webhook
+		if options.WebhookUrl != "" {
+			return sendUpgradeWebhook(config, options.WebhookUrl)
+		}
+		// process resource based on its type
+		return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeDeleteStrategy)
+	}
+	return nil
+}
+
+// GetConfig gets configurations containing SHA, annotations, namespace and resource name
+func (r ResourceDeleteHandler) GetConfig() (util.Config, string) {
+	var oldSHAData string
+	var config util.Config
+	if _, ok := r.Resource.(*v1.ConfigMap); ok {
+		config = util.GetConfigmapConfig(r.Resource.(*v1.ConfigMap))
+	} else if _, ok := r.Resource.(*v1.Secret); ok {
+		config = util.GetSecretConfig(r.Resource.(*v1.Secret))
+	} else {
+		logrus.Warnf("Invalid resource: Resource should be 'Secret' or 'Configmap' but found, %v", r.Resource)
+	}
+	return config, oldSHAData
+}
+
+func invokeDeleteStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
+		return removePodAnnotations(upgradeFuncs, item, config, autoReload)
+	}
+
+	return removeContainerEnvVars(upgradeFuncs, item, config, autoReload)
+}
+
+func removePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+	config.SHAValue = testutil.GetSHAfromEmptyData()
+	return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
+}
+
+func removeContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
+	envVar := getEnvVarName(config.ResourceName, config.Type)
+	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)
+
+	if container == nil {
+		return constants.NoContainerFound
+	}
+
+	//remove if env var exists
+	containers := upgradeFuncs.ContainersFunc(item)
+	for i := range containers {
+		envs := containers[i].Env
+		index := -1
+		for j := range envs {
+			if envs[j].Name == envVar {
+				index = j
+				break
+			}
+		}
+		if index != -1 {
+			containers[i].Env = append(containers[i].Env[:index], containers[i].Env[index+1:]...)
+			return constants.Updated
+		}
+	}
+
+	return constants.NotUpdated
+}
--- a/internal/pkg/handler/update.go
+++ b/internal/pkg/handler/update.go
@@ -29,7 +29,7 @@ func (r ResourceUpdatedHandler) Handle() error {
 				return sendUpgradeWebhook(config, options.WebhookUrl)
 			}
 			// process resource based on its type
-			return doRollingUpgrade(config, r.Collectors, r.Recorder)
+			return doRollingUpgrade(config, r.Collectors, r.Recorder, invokeReloadStrategy)
 		}
 	}
 	return nil
--- a/internal/pkg/handler/upgrade.go
+++ b/internal/pkg/handler/upgrade.go
@@ -55,6 +55,20 @@ func GetCronJobCreateJobFuncs() callbacks.RollingUpgradeFuncs {
 	}
 }

+// GetDeploymentRollingUpgradeFuncs returns all callback funcs for a cronjob
+func GetJobCreateJobFuncs() callbacks.RollingUpgradeFuncs {
+	return callbacks.RollingUpgradeFuncs{
+		ItemsFunc:          callbacks.GetJobItems,
+		AnnotationsFunc:    callbacks.GetJobAnnotations,
+		PodAnnotationsFunc: callbacks.GetJobPodAnnotations,
+		ContainersFunc:     callbacks.GetJobContainers,
+		InitContainersFunc: callbacks.GetJobInitContainers,
+		UpdateFunc:         callbacks.ReCreateJobFromjob,
+		VolumesFunc:        callbacks.GetJobVolumes,
+		ResourceType:       "Job",
+	}
+}
+
 // GetDaemonSetRollingUpgradeFuncs returns all callback funcs for a daemonset
 func GetDaemonSetRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 	return callbacks.RollingUpgradeFuncs{
@@ -112,9 +126,9 @@ func GetArgoRolloutRollingUpgradeFuncs() callbacks.RollingUpgradeFuncs {
 }

 func sendUpgradeWebhook(config util.Config, webhookUrl string) error {
-	message := fmt.Sprintf("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
-	message += fmt.Sprintf(", Sending webhook to '%s'", webhookUrl)
-	logrus.Infof(message)
+	logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s', Sending webhook to '%s'",
+		config.ResourceName, config.Type, config.Namespace, webhookUrl)
+
 	body, errs := sendWebhook(webhookUrl)
 	if errs != nil {
 		// return the first error
@@ -133,6 +147,7 @@ func sendWebhook(url string) (string, []error) {
 		// the reloader seems to retry automatically so no retry logic added
 		return "", err
 	}
+	defer resp.Body.Close()
 	var buffer bytes.Buffer
 	_, bufferErr := io.Copy(&buffer, resp.Body)
 	if bufferErr != nil {
@@ -141,35 +156,39 @@ func sendWebhook(url string) (string, []error) {
 	return buffer.String(), nil
 }

-func doRollingUpgrade(config util.Config, collectors metrics.Collectors, recorder record.EventRecorder) error {
+func doRollingUpgrade(config util.Config, collectors metrics.Collectors, recorder record.EventRecorder, invoke invokeStrategy) error {
 	clients := kube.GetClients()

-	err := rollingUpgrade(clients, config, GetDeploymentRollingUpgradeFuncs(), collectors, recorder)
+	err := rollingUpgrade(clients, config, GetDeploymentRollingUpgradeFuncs(), collectors, recorder, invoke)
 	if err != nil {
 		return err
 	}
-	err = rollingUpgrade(clients, config, GetCronJobCreateJobFuncs(), collectors, recorder)
+	err = rollingUpgrade(clients, config, GetCronJobCreateJobFuncs(), collectors, recorder, invoke)
 	if err != nil {
 		return err
 	}
-	err = rollingUpgrade(clients, config, GetDaemonSetRollingUpgradeFuncs(), collectors, recorder)
+	err = rollingUpgrade(clients, config, GetJobCreateJobFuncs(), collectors, recorder, invoke)
 	if err != nil {
 		return err
 	}
-	err = rollingUpgrade(clients, config, GetStatefulSetRollingUpgradeFuncs(), collectors, recorder)
+	err = rollingUpgrade(clients, config, GetDaemonSetRollingUpgradeFuncs(), collectors, recorder, invoke)
+	if err != nil {
+		return err
+	}
+	err = rollingUpgrade(clients, config, GetStatefulSetRollingUpgradeFuncs(), collectors, recorder, invoke)
 	if err != nil {
 		return err
 	}

 	if kube.IsOpenshift {
-		err = rollingUpgrade(clients, config, GetDeploymentConfigRollingUpgradeFuncs(), collectors, recorder)
+		err = rollingUpgrade(clients, config, GetDeploymentConfigRollingUpgradeFuncs(), collectors, recorder, invoke)
 		if err != nil {
 			return err
 		}
 	}

 	if options.IsArgoRollouts == "true" {
-		err = rollingUpgrade(clients, config, GetArgoRolloutRollingUpgradeFuncs(), collectors, recorder)
+		err = rollingUpgrade(clients, config, GetArgoRolloutRollingUpgradeFuncs(), collectors, recorder, invoke)
 		if err != nil {
 			return err
 		}
@@ -178,17 +197,17 @@ func doRollingUpgrade(config util.Config, collectors metrics.Collectors, recorde
 	return nil
 }

-func rollingUpgrade(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder) error {
+func rollingUpgrade(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder, strategy invokeStrategy) error {

-	err := PerformRollingUpgrade(clients, config, upgradeFuncs, collectors, recorder)
+	err := PerformAction(clients, config, upgradeFuncs, collectors, recorder, strategy)
 	if err != nil {
 		logrus.Errorf("Rolling upgrade for '%s' failed with error = %v", config.ResourceName, err)
 	}
 	return err
 }

-// PerformRollingUpgrade upgrades the deployment if there is any change in configmap or secret data
-func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder) error {
+// PerformAction invokes the deployment if there is any change in configmap or secret data
+func PerformAction(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs, collectors metrics.Collectors, recorder record.EventRecorder, strategy invokeStrategy) error {
 	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)

 	for _, i := range items {
@@ -197,16 +216,40 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		annotationValue, found := annotations[config.Annotation]
 		searchAnnotationValue, foundSearchAnn := annotations[options.AutoSearchAnnotation]
 		reloaderEnabledValue, foundAuto := annotations[options.ReloaderAutoAnnotation]
-		if !found && !foundAuto && !foundSearchAnn {
+		typedAutoAnnotationEnabledValue, foundTypedAuto := annotations[config.TypedAutoAnnotation]
+		excludeConfigmapAnnotationValue, foundExcludeConfigmap := annotations[options.ConfigmapExcludeReloaderAnnotation]
+		excludeSecretAnnotationValue, foundExcludeSecret := annotations[options.SecretExcludeReloaderAnnotation]
+
+		if !found && !foundAuto && !foundTypedAuto && !foundSearchAnn {
 			annotations = upgradeFuncs.PodAnnotationsFunc(i)
 			annotationValue = annotations[config.Annotation]
 			searchAnnotationValue = annotations[options.AutoSearchAnnotation]
 			reloaderEnabledValue = annotations[options.ReloaderAutoAnnotation]
+			typedAutoAnnotationEnabledValue = annotations[config.TypedAutoAnnotation]
 		}
+
+		isResourceExcluded := false
+
+		switch config.Type {
+		case constants.ConfigmapEnvVarPostfix:
+			if foundExcludeConfigmap {
+				isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeConfigmapAnnotationValue)
+			}
+		case constants.SecretEnvVarPostfix:
+			if foundExcludeSecret {
+				isResourceExcluded = checkIfResourceIsExcluded(config.ResourceName, excludeSecretAnnotationValue)
+			}
+		}
+
+		if isResourceExcluded {
+			continue
+		}
+
 		result := constants.NotUpdated
 		reloaderEnabled, _ := strconv.ParseBool(reloaderEnabledValue)
-		if reloaderEnabled || reloaderEnabledValue == "" && options.AutoReloadAll {
-			result = invokeReloadStrategy(upgradeFuncs, i, config, true)
+		typedAutoAnnotationEnabled, _ := strconv.ParseBool(typedAutoAnnotationEnabledValue)
+		if reloaderEnabled || typedAutoAnnotationEnabled || reloaderEnabledValue == "" && typedAutoAnnotationEnabledValue == "" && options.AutoReloadAll {
+			result = strategy(upgradeFuncs, i, config, true)
 		}

 		if result != constants.Updated && annotationValue != "" {
@@ -215,7 +258,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 				value = strings.TrimSpace(value)
 				re := regexp.MustCompile("^" + value + "$")
 				if re.Match([]byte(config.ResourceName)) {
-					result = invokeReloadStrategy(upgradeFuncs, i, config, false)
+					result = strategy(upgradeFuncs, i, config, false)
 					if result == constants.Updated {
 						break
 					}
@@ -226,7 +269,7 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 		if result != constants.Updated && searchAnnotationValue == "true" {
 			matchAnnotationValue := config.ResourceAnnotations[options.SearchMatchAnnotation]
 			if matchAnnotationValue == "true" {
-				result = invokeReloadStrategy(upgradeFuncs, i, config, true)
+				result = strategy(upgradeFuncs, i, config, true)
 			}
 		}

@@ -239,8 +282,10 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 			err = upgradeFuncs.UpdateFunc(clients, config.Namespace, i)
 			if err != nil {
 				message := fmt.Sprintf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
-				logrus.Errorf(message)
+				logrus.Errorf("Update for '%s' of type '%s' in namespace '%s' failed with error %v", resourceName, upgradeFuncs.ResourceType, config.Namespace, err)
+
 				collectors.Reloaded.With(prometheus.Labels{"success": "false"}).Inc()
+				collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "false", "namespace": config.Namespace}).Inc()
 				if recorder != nil {
 					recorder.Event(i, v1.EventTypeWarning, "ReloadFail", message)
 				}
@@ -248,8 +293,11 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 			} else {
 				message := fmt.Sprintf("Changes detected in '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace)
 				message += fmt.Sprintf(", Updated '%s' of type '%s' in namespace '%s'", resourceName, upgradeFuncs.ResourceType, config.Namespace)
-				logrus.Infof(message)
+
+				logrus.Infof("Changes detected in '%s' of type '%s' in namespace '%s'; updated '%s' of type '%s' in namespace '%s'", config.ResourceName, config.Type, config.Namespace, resourceName, upgradeFuncs.ResourceType, config.Namespace)
+
 				collectors.Reloaded.With(prometheus.Labels{"success": "true"}).Inc()
+				collectors.ReloadedByNamespace.With(prometheus.Labels{"success": "true", "namespace": config.Namespace}).Inc()
 				alert_on_reload, ok := os.LookupEnv("ALERT_ON_RELOAD")
 				if recorder != nil {
 					recorder.Event(i, v1.EventTypeNormal, "Reloaded", message)
@@ -266,6 +314,21 @@ func PerformRollingUpgrade(clients kube.Clients, config util.Config, upgradeFunc
 	return nil
 }

+func checkIfResourceIsExcluded(resourceName, excludedResources string) bool {
+	if excludedResources == "" {
+		return false
+	}
+
+	excludedResourcesList := strings.Split(excludedResources, ",")
+	for _, excludedResource := range excludedResourcesList {
+		if strings.TrimSpace(excludedResource) == resourceName {
+			return true
+		}
+	}
+
+	return false
+}
+
 func getVolumeMountName(volumes []v1.Volume, mountType string, volumeName string) string {
 	for i := range volumes {
 		if mountType == constants.ConfigmapEnvVarPostfix {
@@ -376,6 +439,8 @@ func getContainerUsingResource(upgradeFuncs callbacks.RollingUpgradeFuncs, item
 	return container
 }

+type invokeStrategy func(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result
+
 func invokeReloadStrategy(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
 	if options.ReloadStrategy == constants.AnnotationsReloadStrategy {
 		return updatePodAnnotations(upgradeFuncs, item, config, autoReload)
@@ -412,6 +477,13 @@ func updatePodAnnotations(upgradeFuncs callbacks.RollingUpgradeFuncs, item runti
 	return constants.Updated
 }

+func getReloaderAnnotationKey() string {
+	return fmt.Sprintf("%s/%s",
+		constants.ReloaderAnnotationPrefix,
+		constants.LastReloadedFromAnnotation,
+	)
+}
+
 func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, error) {
 	if target == nil {
 		return nil, errors.New("target is required")
@@ -422,10 +494,7 @@ func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, er
 	// Intentionally only storing the last item in order to keep
 	// the generated annotations as small as possible.
 	annotations := make(map[string]string)
-	lastReloadedResourceName := fmt.Sprintf("%s/%s",
-		constants.ReloaderAnnotationPrefix,
-		constants.LastReloadedFromAnnotation,
-	)
+	lastReloadedResourceName := getReloaderAnnotationKey()

 	lastReloadedResource, err := json.Marshal(target)
 	if err != nil {
@@ -436,9 +505,13 @@ func createReloadedAnnotations(target *util.ReloadSource) (map[string]string, er
 	return annotations, nil
 }

+func getEnvVarName(resourceName string, typeName string) string {
+	return constants.EnvVarPrefix + util.ConvertToEnvVarName(resourceName) + "_" + typeName
+}
+
 func updateContainerEnvVars(upgradeFuncs callbacks.RollingUpgradeFuncs, item runtime.Object, config util.Config, autoReload bool) constants.Result {
 	var result constants.Result
-	envVar := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + config.Type
+	envVar := getEnvVarName(config.ResourceName, config.Type)
 	container := getContainerUsingResource(upgradeFuncs, item, config, autoReload)

 	if container == nil {
--- a/internal/pkg/handler/upgrade_test.go
+++ b/internal/pkg/handler/upgrade_test.go
--- a/internal/pkg/leadership/leadership_test.go
+++ b/internal/pkg/leadership/leadership_test.go
@@ -113,7 +113,7 @@ func TestRunLeaderElection(t *testing.T) {
 }

 // TestRunLeaderElectionWithControllers tests that leadership election works
-// wiht real controllers and that on context cancellation the controllers stop
+// with real controllers and that on context cancellation the controllers stop
 // running.
 func TestRunLeaderElectionWithControllers(t *testing.T) {
 	t.Logf("Creating controller")
--- a/internal/pkg/metrics/prometheus.go
+++ b/internal/pkg/metrics/prometheus.go
@@ -1,13 +1,16 @@
 package metrics

 import (
+	"net/http"
+	"os"
+
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-	"net/http"
 )

 type Collectors struct {
-	Reloaded *prometheus.CounterVec
+	Reloaded            *prometheus.CounterVec
+	ReloadedByNamespace *prometheus.CounterVec
 }

 func NewCollectors() Collectors {
@@ -17,21 +20,40 @@ func NewCollectors() Collectors {
 			Name:      "reload_executed_total",
 			Help:      "Counter of reloads executed by Reloader.",
 		},
-		[]string{"success"},
+		[]string{
+			"success",
+		},
 	)

 	//set 0 as default value
 	reloaded.With(prometheus.Labels{"success": "true"}).Add(0)
 	reloaded.With(prometheus.Labels{"success": "false"}).Add(0)

+	reloaded_by_namespace := prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Namespace: "reloader",
+			Name:      "reload_executed_total_by_namespace",
+			Help:      "Counter of reloads executed by Reloader by namespace.",
+		},
+		[]string{
+			"success",
+			"namespace",
+		},
+	)
 	return Collectors{
-		Reloaded: reloaded,
+		Reloaded:            reloaded,
+		ReloadedByNamespace: reloaded_by_namespace,
 	}
 }

 func SetupPrometheusEndpoint() Collectors {
 	collectors := NewCollectors()
 	prometheus.MustRegister(collectors.Reloaded)
+
+	if os.Getenv("METRICS_COUNT_BY_NAMESPACE") == "enabled" {
+		prometheus.MustRegister(collectors.ReloadedByNamespace)
+	}
+
 	http.Handle("/metrics", promhttp.Handler())

 	return collectors
--- a/internal/pkg/options/flags.go
+++ b/internal/pkg/options/flags.go
@@ -2,6 +2,15 @@ package options

 import "github.com/stakater/Reloader/internal/pkg/constants"

+type ArgoRolloutStrategy int
+
+const (
+	// RestartStrategy is the annotation value for restart strategy for rollouts
+	RestartStrategy ArgoRolloutStrategy = iota
+	// RolloutStrategy is the annotation value for rollout strategy for rollouts
+	RolloutStrategy
+)
+
 var (
 	// Auto reload all resources when their corresponding configmaps/secrets are updated
 	AutoReloadAll = false
@@ -11,25 +20,50 @@ var (
 	// SecretUpdateOnChangeAnnotation is an annotation to detect changes in
 	// secrets specified by name
 	SecretUpdateOnChangeAnnotation = "secret.reloader.stakater.com/reload"
-	// ReloaderAutoAnnotation is an annotation to detect changes in secrets
+	// ReloaderAutoAnnotation is an annotation to detect changes in secrets/configmaps
 	ReloaderAutoAnnotation = "reloader.stakater.com/auto"
+	// ConfigmapReloaderAutoAnnotation is an annotation to detect changes in configmaps
+	ConfigmapReloaderAutoAnnotation = "configmap.reloader.stakater.com/auto"
+	// SecretReloaderAutoAnnotation is an annotation to detect changes in secrets
+	SecretReloaderAutoAnnotation = "secret.reloader.stakater.com/auto"
+	// ConfigmapReloaderAutoAnnotation is a comma separated list of configmaps that excludes detecting changes on cms
+	ConfigmapExcludeReloaderAnnotation = "configmaps.exclude.reloader.stakater.com/reload"
+	// SecretExcludeReloaderAnnotation is a comma separated list of secrets that excludes detecting changes on secrets
+	SecretExcludeReloaderAnnotation = "secrets.exclude.reloader.stakater.com/reload"
 	// AutoSearchAnnotation is an annotation to detect changes in
 	// configmaps or triggers with the SearchMatchAnnotation
 	AutoSearchAnnotation = "reloader.stakater.com/search"
 	// SearchMatchAnnotation is an annotation to tag secrets to be found with
 	// AutoSearchAnnotation
 	SearchMatchAnnotation = "reloader.stakater.com/match"
+	// RolloutStrategyAnnotation is an annotation to define rollout update strategy
+	RolloutStrategyAnnotation = "reloader.stakater.com/rollout-strategy"
 	// LogFormat is the log format to use (json, or empty string for default)
 	LogFormat = ""
+	// LogLevel is the log level to use (trace, debug, info, warning, error, fatal and panic)
+	LogLevel = ""
 	// IsArgoRollouts Adds support for argo rollouts
 	IsArgoRollouts = "false"
 	// ReloadStrategy Specify the update strategy
 	ReloadStrategy = constants.EnvVarsReloadStrategy
 	// ReloadOnCreate Adds support to watch create events
-	ReloadOnCreate   = "false"
+	ReloadOnCreate = "false"
+	// ReloadOnDelete Adds support to watch delete events
+	ReloadOnDelete   = "false"
 	SyncAfterRestart = false
 	// EnableHA adds support for running multiple replicas via leadership election
 	EnableHA = false
 	// Url to send a request to instead of triggering a reload
 	WebhookUrl = ""
 )
+
+func ToArgoRolloutStrategy(s string) ArgoRolloutStrategy {
+	switch s {
+	case "restart":
+		return RestartStrategy
+	case "rollout":
+		fallthrough
+	default:
+		return RolloutStrategy
+	}
+}
--- a/internal/pkg/testutil/kube.go
+++ b/internal/pkg/testutil/kube.go
@@ -10,6 +10,8 @@ import (
 	"strings"
 	"time"

+	argorolloutv1alpha1 "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
+	argorollout "github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned"
 	openshiftv1 "github.com/openshift/api/apps/v1"
 	appsclient "github.com/openshift/client-go/apps/clientset/versioned"
 	"github.com/sirupsen/logrus"
@@ -21,6 +23,7 @@ import (
 	"github.com/stakater/Reloader/internal/pkg/util"
 	"github.com/stakater/Reloader/pkg/kube"
 	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -69,24 +72,36 @@ func DeleteNamespace(namespace string, client kubernetes.Interface) {
 	}
 }

-func getObjectMeta(namespace string, name string, autoReload bool) metav1.ObjectMeta {
+func getObjectMeta(namespace string, name string, autoReload bool, secretAutoReload bool, configmapAutoReload bool, extraAnnotations map[string]string) metav1.ObjectMeta {
 	return metav1.ObjectMeta{
 		Name:        name,
 		Namespace:   namespace,
 		Labels:      map[string]string{"firstLabel": "temp"},
-		Annotations: getAnnotations(name, autoReload),
+		Annotations: getAnnotations(name, autoReload, secretAutoReload, configmapAutoReload, extraAnnotations),
 	}
 }

-func getAnnotations(name string, autoReload bool) map[string]string {
+func getAnnotations(name string, autoReload bool, secretAutoReload bool, configmapAutoReload bool, extraAnnotations map[string]string) map[string]string {
+	annotations := make(map[string]string)
 	if autoReload {
-		return map[string]string{
-			options.ReloaderAutoAnnotation: "true"}
+		annotations[options.ReloaderAutoAnnotation] = "true"
+	}
+	if secretAutoReload {
+		annotations[options.SecretReloaderAutoAnnotation] = "true"
+	}
+	if configmapAutoReload {
+		annotations[options.ConfigmapReloaderAutoAnnotation] = "true"
 	}

-	return map[string]string{
-		options.ConfigmapUpdateOnChangeAnnotation: name,
-		options.SecretUpdateOnChangeAnnotation:    name}
+	if !(len(annotations) > 0) {
+		annotations = map[string]string{
+			options.ConfigmapUpdateOnChangeAnnotation: name,
+			options.SecretUpdateOnChangeAnnotation:    name}
+	}
+	for k, v := range extraAnnotations {
+		annotations[k] = v
+	}
+	return annotations
 }

 func getEnvVarSources(name string) []v1.EnvFromSource {
@@ -163,7 +178,7 @@ func getVolumes(name string) []v1.Volume {
 	}
 }

-func getVolumeMounts(name string) []v1.VolumeMount {
+func getVolumeMounts() []v1.VolumeMount {
 	return []v1.VolumeMount{
 		{
 			MountPath: "etc/config",
@@ -261,7 +276,7 @@ func getPodTemplateSpecWithVolumes(name string) v1.PodTemplateSpec {
 							Value: "test",
 						},
 					},
-					VolumeMounts: getVolumeMounts(name),
+					VolumeMounts: getVolumeMounts(),
 				},
 			},
 			Volumes: getVolumes(name),
@@ -279,7 +294,7 @@ func getPodTemplateSpecWithInitContainer(name string) v1.PodTemplateSpec {
 				{
 					Image:        "busybox",
 					Name:         "busyBox",
-					VolumeMounts: getVolumeMounts(name),
+					VolumeMounts: getVolumeMounts(),
 				},
 			},
 			Containers: []v1.Container{
@@ -332,7 +347,7 @@ func getPodTemplateSpecWithInitContainerAndEnv(name string) v1.PodTemplateSpec {
 func GetDeployment(namespace string, deploymentName string) *appsv1.Deployment {
 	replicaset := int32(1)
 	return &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, false),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, false, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -351,7 +366,7 @@ func GetDeploymentConfig(namespace string, deploymentConfigName string) *openshi
 	replicaset := int32(1)
 	podTemplateSpecWithVolume := getPodTemplateSpecWithVolumes(deploymentConfigName)
 	return &openshiftv1.DeploymentConfig{
-		ObjectMeta: getObjectMeta(namespace, deploymentConfigName, false),
+		ObjectMeta: getObjectMeta(namespace, deploymentConfigName, false, false, false, map[string]string{}),
 		Spec: openshiftv1.DeploymentConfigSpec{
 			Replicas: replicaset,
 			Strategy: openshiftv1.DeploymentStrategy{
@@ -366,7 +381,7 @@ func GetDeploymentConfig(namespace string, deploymentConfigName string) *openshi
 func GetDeploymentWithInitContainer(namespace string, deploymentName string) *appsv1.Deployment {
 	replicaset := int32(1)
 	return &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, false),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, false, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -384,7 +399,7 @@ func GetDeploymentWithInitContainer(namespace string, deploymentName string) *ap
 func GetDeploymentWithInitContainerAndEnv(namespace string, deploymentName string) *appsv1.Deployment {
 	replicaset := int32(1)
 	return &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, true),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, true, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -401,7 +416,7 @@ func GetDeploymentWithInitContainerAndEnv(namespace string, deploymentName strin
 func GetDeploymentWithEnvVars(namespace string, deploymentName string) *appsv1.Deployment {
 	replicaset := int32(1)
 	return &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, true),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, true, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -419,7 +434,7 @@ func GetDeploymentConfigWithEnvVars(namespace string, deploymentConfigName strin
 	replicaset := int32(1)
 	podTemplateSpecWithEnvVars := getPodTemplateSpecWithEnvVars(deploymentConfigName)
 	return &openshiftv1.DeploymentConfig{
-		ObjectMeta: getObjectMeta(namespace, deploymentConfigName, false),
+		ObjectMeta: getObjectMeta(namespace, deploymentConfigName, false, false, false, map[string]string{}),
 		Spec: openshiftv1.DeploymentConfigSpec{
 			Replicas: replicaset,
 			Strategy: openshiftv1.DeploymentStrategy{
@@ -433,7 +448,7 @@ func GetDeploymentConfigWithEnvVars(namespace string, deploymentConfigName strin
 func GetDeploymentWithEnvVarSources(namespace string, deploymentName string) *appsv1.Deployment {
 	replicaset := int32(1)
 	return &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, true),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, true, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -450,7 +465,7 @@ func GetDeploymentWithEnvVarSources(namespace string, deploymentName string) *ap
 func GetDeploymentWithPodAnnotations(namespace string, deploymentName string, both bool) *appsv1.Deployment {
 	replicaset := int32(1)
 	deployment := &appsv1.Deployment{
-		ObjectMeta: getObjectMeta(namespace, deploymentName, false),
+		ObjectMeta: getObjectMeta(namespace, deploymentName, false, false, false, map[string]string{}),
 		Spec: appsv1.DeploymentSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -465,14 +480,69 @@ func GetDeploymentWithPodAnnotations(namespace string, deploymentName string, bo
 	if !both {
 		deployment.ObjectMeta.Annotations = nil
 	}
-	deployment.Spec.Template.ObjectMeta.Annotations = getAnnotations(deploymentName, true)
+	deployment.Spec.Template.ObjectMeta.Annotations = getAnnotations(deploymentName, true, false, false, map[string]string{})
 	return deployment
 }

+func GetDeploymentWithTypedAutoAnnotation(namespace string, deploymentName string, resourceType string) *appsv1.Deployment {
+	replicaset := int32(1)
+	var objectMeta metav1.ObjectMeta
+	if resourceType == SecretResourceType {
+		objectMeta = getObjectMeta(namespace, deploymentName, false, true, false, map[string]string{})
+	} else if resourceType == ConfigmapResourceType {
+		objectMeta = getObjectMeta(namespace, deploymentName, false, false, true, map[string]string{})
+	}
+
+	return &appsv1.Deployment{
+		ObjectMeta: objectMeta,
+		Spec: appsv1.DeploymentSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{"secondLabel": "temp"},
+			},
+			Replicas: &replicaset,
+			Strategy: appsv1.DeploymentStrategy{
+				Type: appsv1.RollingUpdateDeploymentStrategyType,
+			},
+			Template: getPodTemplateSpecWithVolumes(deploymentName),
+		},
+	}
+}
+
+func GetDeploymentWithExcludeAnnotation(namespace string, deploymentName string, resourceType string) *appsv1.Deployment {
+	replicaset := int32(1)
+
+	annotation := map[string]string{}
+
+	if resourceType == SecretResourceType {
+		annotation[options.SecretExcludeReloaderAnnotation] = deploymentName
+	} else if resourceType == ConfigmapResourceType {
+		annotation[options.ConfigmapExcludeReloaderAnnotation] = deploymentName
+	}
+
+	return &appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        deploymentName,
+			Namespace:   namespace,
+			Labels:      map[string]string{"firstLabel": "temp"},
+			Annotations: annotation,
+		},
+		Spec: appsv1.DeploymentSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{"secondLabel": "temp"},
+			},
+			Replicas: &replicaset,
+			Strategy: appsv1.DeploymentStrategy{
+				Type: appsv1.RollingUpdateDeploymentStrategyType,
+			},
+			Template: getPodTemplateSpecWithVolumes(deploymentName),
+		},
+	}
+}
+
 // GetDaemonSet provides daemonset for testing
 func GetDaemonSet(namespace string, daemonsetName string) *appsv1.DaemonSet {
 	return &appsv1.DaemonSet{
-		ObjectMeta: getObjectMeta(namespace, daemonsetName, false),
+		ObjectMeta: getObjectMeta(namespace, daemonsetName, false, false, false, map[string]string{}),
 		Spec: appsv1.DaemonSetSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -487,7 +557,7 @@ func GetDaemonSet(namespace string, daemonsetName string) *appsv1.DaemonSet {

 func GetDaemonSetWithEnvVars(namespace string, daemonSetName string) *appsv1.DaemonSet {
 	return &appsv1.DaemonSet{
-		ObjectMeta: getObjectMeta(namespace, daemonSetName, true),
+		ObjectMeta: getObjectMeta(namespace, daemonSetName, true, false, false, map[string]string{}),
 		Spec: appsv1.DaemonSetSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -503,7 +573,7 @@ func GetDaemonSetWithEnvVars(namespace string, daemonSetName string) *appsv1.Dae
 // GetStatefulSet provides statefulset for testing
 func GetStatefulSet(namespace string, statefulsetName string) *appsv1.StatefulSet {
 	return &appsv1.StatefulSet{
-		ObjectMeta: getObjectMeta(namespace, statefulsetName, false),
+		ObjectMeta: getObjectMeta(namespace, statefulsetName, false, false, false, map[string]string{}),
 		Spec: appsv1.StatefulSetSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -519,7 +589,7 @@ func GetStatefulSet(namespace string, statefulsetName string) *appsv1.StatefulSe
 // GetStatefulSet provides statefulset for testing
 func GetStatefulSetWithEnvVar(namespace string, statefulsetName string) *appsv1.StatefulSet {
 	return &appsv1.StatefulSet{
-		ObjectMeta: getObjectMeta(namespace, statefulsetName, true),
+		ObjectMeta: getObjectMeta(namespace, statefulsetName, true, false, false, map[string]string{}),
 		Spec: appsv1.StatefulSetSpec{
 			Selector: &metav1.LabelSelector{
 				MatchLabels: map[string]string{"secondLabel": "temp"},
@@ -568,6 +638,64 @@ func GetSecret(namespace string, secretName string, data string) *v1.Secret {
 	}
 }

+func GetCronJob(namespace string, cronJobName string) *batchv1.CronJob {
+	return &batchv1.CronJob{
+		ObjectMeta: getObjectMeta(namespace, cronJobName, false, false, false, map[string]string{}),
+		Spec: batchv1.CronJobSpec{
+			Schedule: "*/5 * * * *", // Run every 5 minutes
+			JobTemplate: batchv1.JobTemplateSpec{
+				Spec: batchv1.JobSpec{
+					Selector: &metav1.LabelSelector{
+						MatchLabels: map[string]string{"secondLabel": "temp"},
+					},
+					Template: getPodTemplateSpecWithVolumes(cronJobName),
+				},
+			},
+		},
+	}
+}
+
+func GetJob(namespace string, jobName string) *batchv1.Job {
+	return &batchv1.Job{
+		ObjectMeta: getObjectMeta(namespace, jobName, false, false, false, map[string]string{}),
+		Spec: batchv1.JobSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{"secondLabel": "temp"},
+			},
+			Template: getPodTemplateSpecWithVolumes(jobName),
+		},
+	}
+}
+
+func GetCronJobWithEnvVar(namespace string, cronJobName string) *batchv1.CronJob {
+	return &batchv1.CronJob{
+		ObjectMeta: getObjectMeta(namespace, cronJobName, true, false, false, map[string]string{}),
+		Spec: batchv1.CronJobSpec{
+			Schedule: "*/5 * * * *", // Run every 5 minutes
+			JobTemplate: batchv1.JobTemplateSpec{
+				Spec: batchv1.JobSpec{
+					Selector: &metav1.LabelSelector{
+						MatchLabels: map[string]string{"secondLabel": "temp"},
+					},
+					Template: getPodTemplateSpecWithEnvVars(cronJobName),
+				},
+			},
+		},
+	}
+}
+
+func GetJobWithEnvVar(namespace string, jobName string) *batchv1.Job {
+	return &batchv1.Job{
+		ObjectMeta: getObjectMeta(namespace, jobName, true, false, false, map[string]string{}),
+		Spec: batchv1.JobSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{"secondLabel": "temp"},
+			},
+			Template: getPodTemplateSpecWithEnvVars(jobName),
+		},
+	}
+}
+
 // GetSecretWithUpdatedLabel provides secret for testing
 func GetSecretWithUpdatedLabel(namespace string, secretName string, label string, data string) *v1.Secret {
 	return &v1.Secret{
@@ -729,6 +857,25 @@ func CreateDeploymentWithEnvVarSourceAndAnnotations(client kubernetes.Interface,
 	return deployment, err
 }

+// CreateDeploymentWithTypedAutoAnnotation creates a deployment in given namespace and returns the Deployment with typed auto annotation
+func CreateDeploymentWithTypedAutoAnnotation(client kubernetes.Interface, deploymentName string, namespace string, resourceType string) (*appsv1.Deployment, error) {
+	logrus.Infof("Creating Deployment")
+	deploymentClient := client.AppsV1().Deployments(namespace)
+	deploymentObj := GetDeploymentWithTypedAutoAnnotation(namespace, deploymentName, resourceType)
+	deployment, err := deploymentClient.Create(context.TODO(), deploymentObj, metav1.CreateOptions{})
+	time.Sleep(3 * time.Second)
+	return deployment, err
+}
+
+// CreateDeploymentWithExcludeAnnotation creates a deployment in given namespace and returns the Deployment with typed auto annotation
+func CreateDeploymentWithExcludeAnnotation(client kubernetes.Interface, deploymentName string, namespace string, resourceType string) (*appsv1.Deployment, error) {
+	logrus.Infof("Creating Deployment")
+	deploymentClient := client.AppsV1().Deployments(namespace)
+	deploymentObj := GetDeploymentWithExcludeAnnotation(namespace, deploymentName, resourceType)
+	deployment, err := deploymentClient.Create(context.TODO(), deploymentObj, metav1.CreateOptions{})
+	return deployment, err
+}
+
 // CreateDaemonSet creates a deployment in given namespace and returns the DaemonSet
 func CreateDaemonSet(client kubernetes.Interface, daemonsetName string, namespace string, volumeMount bool) (*appsv1.DaemonSet, error) {
 	logrus.Infof("Creating DaemonSet")
@@ -759,6 +906,36 @@ func CreateStatefulSet(client kubernetes.Interface, statefulsetName string, name
 	return statefulset, err
 }

+// CreateCronJob creates a cronjob in given namespace and returns the CronJob
+func CreateCronJob(client kubernetes.Interface, cronJobName string, namespace string, volumeMount bool) (*batchv1.CronJob, error) {
+	logrus.Infof("Creating CronJob")
+	cronJobClient := client.BatchV1().CronJobs(namespace)
+	var cronJobObj *batchv1.CronJob
+	if volumeMount {
+		cronJobObj = GetCronJob(namespace, cronJobName)
+	} else {
+		cronJobObj = GetCronJobWithEnvVar(namespace, cronJobName)
+	}
+	cronJob, err := cronJobClient.Create(context.TODO(), cronJobObj, metav1.CreateOptions{})
+	time.Sleep(3 * time.Second)
+	return cronJob, err
+}
+
+// CreateJob creates a job in given namespace and returns the Job
+func CreateJob(client kubernetes.Interface, jobName string, namespace string, volumeMount bool) (*batchv1.Job, error) {
+	logrus.Infof("Creating Job")
+	jobClient := client.BatchV1().Jobs(namespace)
+	var jobObj *batchv1.Job
+	if volumeMount {
+		jobObj = GetJob(namespace, jobName)
+	} else {
+		jobObj = GetJobWithEnvVar(namespace, jobName)
+	}
+	job, err := jobClient.Create(context.TODO(), jobObj, metav1.CreateOptions{})
+	time.Sleep(3 * time.Second)
+	return job, err
+}
+
 // DeleteDeployment creates a deployment in given namespace and returns the error if any
 func DeleteDeployment(client kubernetes.Interface, namespace string, deploymentName string) error {
 	logrus.Infof("Deleting Deployment")
@@ -858,9 +1035,11 @@ func VerifyResourceEnvVarUpdate(clients kube.Clients, config util.Config, envVar
 		annotationValue := annotations[config.Annotation]
 		searchAnnotationValue := annotations[options.AutoSearchAnnotation]
 		reloaderEnabledValue := annotations[options.ReloaderAutoAnnotation]
+		typedAutoAnnotationEnabledValue := annotations[config.TypedAutoAnnotation]
 		reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
+		typedAutoAnnotationEnabled, errTyped := strconv.ParseBool(typedAutoAnnotationEnabledValue)
 		matches := false
-		if err == nil && reloaderEnabled {
+		if err == nil && reloaderEnabled || errTyped == nil && typedAutoAnnotationEnabled {
 			matches = true
 		} else if annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
@@ -888,6 +1067,55 @@ func VerifyResourceEnvVarUpdate(clients kube.Clients, config util.Config, envVar
 	return false
 }

+// VerifyResourceEnvVarRemoved verifies whether the rolling upgrade happened or not and all Envvars SKAKATER_name_CONFIGMAP/SECRET are removed
+func VerifyResourceEnvVarRemoved(clients kube.Clients, config util.Config, envVarPostfix string, upgradeFuncs callbacks.RollingUpgradeFuncs) bool {
+	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)
+	for _, i := range items {
+		containers := upgradeFuncs.ContainersFunc(i)
+		accessor, err := meta.Accessor(i)
+		if err != nil {
+			return false
+		}
+
+		annotations := accessor.GetAnnotations()
+		// match statefulsets with the correct annotation
+
+		annotationValue := annotations[config.Annotation]
+		searchAnnotationValue := annotations[options.AutoSearchAnnotation]
+		reloaderEnabledValue := annotations[options.ReloaderAutoAnnotation]
+		typedAutoAnnotationEnabledValue := annotations[config.TypedAutoAnnotation]
+		reloaderEnabled, err := strconv.ParseBool(reloaderEnabledValue)
+		typedAutoAnnotationEnabled, errTyped := strconv.ParseBool(typedAutoAnnotationEnabledValue)
+
+		matches := false
+		if err == nil && reloaderEnabled || errTyped == nil && typedAutoAnnotationEnabled {
+			matches = true
+		} else if annotationValue != "" {
+			values := strings.Split(annotationValue, ",")
+			for _, value := range values {
+				value = strings.Trim(value, " ")
+				if value == config.ResourceName {
+					matches = true
+					break
+				}
+			}
+		} else if searchAnnotationValue == "true" {
+			if config.ResourceAnnotations[options.SearchMatchAnnotation] == "true" {
+				matches = true
+			}
+		}
+
+		if matches {
+			envName := constants.EnvVarPrefix + util.ConvertToEnvVarName(config.ResourceName) + "_" + envVarPostfix
+			value := GetResourceSHAFromEnvVar(containers, envName)
+			if value == "" {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 // VerifyResourceAnnotationUpdate verifies whether the rolling upgrade happened or not
 func VerifyResourceAnnotationUpdate(clients kube.Clients, config util.Config, upgradeFuncs callbacks.RollingUpgradeFuncs) bool {
 	items := upgradeFuncs.ItemsFunc(clients, config.Namespace)
@@ -902,9 +1130,11 @@ func VerifyResourceAnnotationUpdate(clients kube.Clients, config util.Config, up
 		annotationValue := annotations[config.Annotation]
 		searchAnnotationValue := annotations[options.AutoSearchAnnotation]
 		reloaderEnabledValue := annotations[options.ReloaderAutoAnnotation]
+		typedAutoAnnotationEnabledValue := annotations[config.TypedAutoAnnotation]
 		reloaderEnabled, _ := strconv.ParseBool(reloaderEnabledValue)
+		typedAutoAnnotationEnabled, _ := strconv.ParseBool(typedAutoAnnotationEnabledValue)
 		matches := false
-		if reloaderEnabled || reloaderEnabledValue == "" && options.AutoReloadAll {
+		if reloaderEnabled || typedAutoAnnotationEnabled || reloaderEnabledValue == "" && typedAutoAnnotationEnabledValue == "" && options.AutoReloadAll {
 			matches = true
 		} else if annotationValue != "" {
 			values := strings.Split(annotationValue, ",")
@@ -930,3 +1160,32 @@ func VerifyResourceAnnotationUpdate(clients kube.Clients, config util.Config, up
 	}
 	return false
 }
+
+func GetSHAfromEmptyData() string {
+	return crypto.GenerateSHA("")
+}
+
+// GetRollout provides rollout for testing
+func GetRollout(namespace string, rolloutName string, annotations map[string]string) *argorolloutv1alpha1.Rollout {
+	replicaset := int32(1)
+	return &argorolloutv1alpha1.Rollout{
+		ObjectMeta: getObjectMeta(namespace, rolloutName, false, false, false, annotations),
+		Spec: argorolloutv1alpha1.RolloutSpec{
+			Selector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{"secondLabel": "temp"},
+			},
+			Replicas: &replicaset,
+			Template: getPodTemplateSpecWithVolumes(rolloutName),
+		},
+	}
+}
+
+// CreateRollout creates a rolout in given namespace and returns the Rollout
+func CreateRollout(client argorollout.Interface, rolloutName string, namespace string, annotations map[string]string) (*argorolloutv1alpha1.Rollout, error) {
+	logrus.Infof("Creating Rollout")
+	rolloutClient := client.ArgoprojV1alpha1().Rollouts(namespace)
+	rolloutObj := GetRollout(namespace, rolloutName, annotations)
+	rollout, err := rolloutClient.Create(context.TODO(), rolloutObj, metav1.CreateOptions{})
+	time.Sleep(3 * time.Second)
+	return rollout, err
+}
--- a/internal/pkg/util/config.go
+++ b/internal/pkg/util/config.go
@@ -12,6 +12,7 @@ type Config struct {
 	ResourceName        string
 	ResourceAnnotations map[string]string
 	Annotation          string
+	TypedAutoAnnotation string
 	SHAValue            string
 	Type                string
 }
@@ -23,6 +24,7 @@ func GetConfigmapConfig(configmap *v1.ConfigMap) Config {
 		ResourceName:        configmap.Name,
 		ResourceAnnotations: configmap.Annotations,
 		Annotation:          options.ConfigmapUpdateOnChangeAnnotation,
+		TypedAutoAnnotation: options.ConfigmapReloaderAutoAnnotation,
 		SHAValue:            GetSHAfromConfigmap(configmap),
 		Type:                constants.ConfigmapEnvVarPostfix,
 	}
@@ -35,6 +37,7 @@ func GetSecretConfig(secret *v1.Secret) Config {
 		ResourceName:        secret.Name,
 		ResourceAnnotations: secret.Annotations,
 		Annotation:          options.SecretUpdateOnChangeAnnotation,
+		TypedAutoAnnotation: options.SecretReloaderAutoAnnotation,
 		SHAValue:            GetSHAfromSecret(secret.Data),
 		Type:                constants.SecretEnvVarPostfix,
 	}
--- a/renovate.json
+++ b/renovate.json
@@ -6,6 +6,12 @@
  "labels": [
    "dependencies"
  ],
+  "rebaseWhen": "never",
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security"]
+  },
+
  "customManagers": [
    {
        "customType": "regex",
@@ -16,6 +22,17 @@
            "https:\/\/github\\.com\/(?<depName>.*)\/releases\/download\/(?<currentValue>.*)\/.*\\.zip"
        ],
        "datasourceTemplate": "github-releases"
+    },
+    {
+      "customType": "regex",
+      "description": "Update Helm Chart values file",
+      "fileMatch": [
+          "values\\.yaml$"
+      ],
+      "matchStrings": [
+          "image:\\s*name: (?<depName>[a-zA-Z0-9\\.\\/]*)\\s*tag: (?<currentValue>[a-zA-Z0-9\\.\\/]*)"
+      ],
+      "datasourceTemplate": "docker"
    }
  ]
 }
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -0,0 +1,8 @@
+sonar.projectKey=Reloader
+sonar.sources=.
+sonar.exclusions=**/*_test.go
+sonar.language=go
+
+sonar.tests=.
+sonar.test.inclusions=**/*_test.go
+sonar.analysisCache.enabled=false
--- a/1
+++ b/1
--- a/theme_override/mkdocs.yml
+++ b/theme_override/mkdocs.yml
@@ -0,0 +1,22 @@
+site_name: Stakater Reloader
+docs_dir: docs
+site_url: https://docs.stakater.com/reloader/
+repo_url: https://github.com/stakater/reloader
+edit_uri: blob/master/docs/
+
+theme:
+  favicon: assets/images/favicon.svg
+
+nav:
+  - index.md
+  - How-to Guides:
+    - Verify-Reloader-Working.md
+    - Alerting.md
+    - Reloader-with-Sealed-Secrets.md
+    - Helm2-to-Helm3.md
+  - References:
+    - How-it-works.md
+    - Container Build.md
+    - Comparisons with similar tools:
+      - Reloader-vs-ConfigmapController.md
+      - Reloader-vs-k8s-trigger-controller.md
--- a/theme_override/resources/.gitignore
+++ b/theme_override/resources/.gitignore
--- a/theme_override/resources/assets/images/favicon.svg
+++ b/theme_override/resources/assets/images/favicon.svg
--- a/ubi-build-files-amd64.txt
+++ b/ubi-build-files-amd64.txt
@@ -0,0 +1,9 @@
+etc/pki
+etc/ssl/certs
+etc/redhat-release
+usr/share/zoneinfo
+usr/lib64/ld-linux-x86-64.so.2
+usr/lib64/libc.so.6
+usr/lib64/libdl.so.2
+usr/lib64/libpthread.so.0
+usr/lib64/libm.so.6
--- a/ubi-build-files-arm64.txt
+++ b/ubi-build-files-arm64.txt
@@ -0,0 +1,9 @@
+etc/pki
+etc/ssl/certs
+etc/redhat-release
+usr/share/zoneinfo
+usr/lib/ld-linux-aarch64.so.1
+usr/lib64/libc.so.6
+usr/lib64/libdl.so.2
+usr/lib64/libpthread.so.0
+usr/lib64/libm.so.6