• Stars
    star
    6,996
  • Rank 5,599 (Top 0.2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!

Reloader-logo Reloader

Go Report Card Go Doc Release GitHub tag Docker Pulls Docker Stars license Get started with Stakater

Problem

We would like to watch if some change happens in ConfigMap and/or Secret; then perform a rolling upgrade on relevant DeploymentConfig, Deployment, Daemonset, Statefulset and Rollout

Solution

Reloader can watch changes in ConfigMap and Secret and do rolling upgrades on Pods with their associated DeploymentConfigs, Deployments, Daemonsets Statefulsets and Rollouts.

Enterprise Version

Reloader is available in two different versions:

  1. Open Source Version
  2. Enterprise Version, which includes:
    • SLA (Service Level Agreement) for support and unique requests
    • Slack support
    • Certified images

Contact [email protected] for info about Reloader Enterprise.

Compatibility

Reloader is compatible with Kubernetes >= 1.9

How to use Reloader

For a Deployment called foo have a ConfigMap called foo-configmap or Secret called foo-secret or both. Then add your annotation (by default reloader.stakater.com/auto) to main metadata of your Deployment

kind: Deployment
metadata:
  annotations:
    reloader.stakater.com/auto: "true"
spec:
  template:
    metadata:

This will discover deploymentconfigs/deployments/daemonsets/statefulset/rollouts automatically where foo-configmap or foo-secret is being used either via environment variable or from volume mount. And it will perform rolling upgrade on related pods when foo-configmap or foo-secretare updated.

You can restrict this discovery to only ConfigMap or Secret objects that are tagged with a special annotation. To take advantage of that, annotate your deploymentconfigs/deployments/daemonsets/statefulset/rollouts like this:

kind: Deployment
metadata:
  annotations:
    reloader.stakater.com/search: "true"
spec:
  template:

and Reloader will trigger the rolling upgrade upon modification of any ConfigMap or Secret annotated like this:

kind: ConfigMap
metadata:
  annotations:
    reloader.stakater.com/match: "true"
data:
  key: value

provided the secret/configmap is being used in an environment variable, or a volume mount.

Please note that reloader.stakater.com/search and reloader.stakater.com/auto do not work together. If you have the reloader.stakater.com/auto: "true" annotation on your deployment, then it will always restart upon a change in configmaps or secrets it uses, regardless of whether they have the reloader.stakater.com/match: "true" annotation or not.

We can also specify a specific configmap or secret which would trigger rolling upgrade only upon change in our specified configmap or secret, this way, it will not trigger rolling upgrade upon changes in all configmaps or secrets used in a deploymentconfig, deployment, daemonset, statefulset or rollout. To do this either set the auto annotation to "false" (reloader.stakater.com/auto: "false") or remove it altogether, and use annotations for Configmap or Secret.

Configmap

To perform rolling upgrade when change happens only on specific configmaps use below annotation.

For a Deployment called foo have a ConfigMap called foo-configmap. Then add this annotation to main metadata of your Deployment

kind: Deployment
metadata:
  annotations:
    configmap.reloader.stakater.com/reload: "foo-configmap"
spec:
  template:
    metadata:

Use comma separated list to define multiple configmaps.

kind: Deployment
metadata:
  annotations:
    configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap"
spec:
  template: 
    metadata:

Secret

To perform rolling upgrade when change happens only on specific secrets use below annotation.

For a Deployment called foo have a Secret called foo-secret. Then add this annotation to main metadata of your Deployment

kind: Deployment
metadata:
  annotations:
    secret.reloader.stakater.com/reload: "foo-secret"
spec:
  template: 
    metadata:

Use comma separated list to define multiple secrets.

kind: Deployment
metadata:
  annotations:
    secret.reloader.stakater.com/reload: "foo-secret,bar-secret,baz-secret"
spec:
  template: 
    metadata:

NOTES

  • Reloader also supports sealed-secrets. Here are the steps to use sealed-secrets with Reloader.
  • For rollouts Reloader simply triggers a change is up to you how you configure the rollout strategy.
  • reloader.stakater.com/auto: "true" will only reload the pod, if the configmap or secret is used (as a volume mount or as an env) in DeploymentConfigs/Deployment/Daemonsets/Statefulsets
  • secret.reloader.stakater.com/reload or configmap.reloader.stakater.com/reload annotation will reload the pod upon changes in specified configmap or secret, irrespective of the usage of configmap or secret.
  • you may override the auto annotation with the --auto-annotation flag
  • you may override the search annotation with the --auto-search-annotation flag and the match annotation with the --search-match-annotation flag
  • you may override the configmap annotation with the --configmap-annotation flag
  • you may override the secret annotation with the --secret-annotation flag
  • you may want to prevent watching certain namespaces with the --namespaces-to-ignore flag
  • you may want to watch only a set of namespaces with certain labels by using the --namespace-selector flag
  • you may want to watch only a set of secrets/configmaps with certain labels by using the --resource-label-selector flag
  • you may want to prevent watching certain resources with the --resources-to-ignore flag
  • you can configure logging in JSON format with the --log-format=json option
  • you can configure the "reload strategy" with the --reload-strategy=<strategy-name> option (details below)

Reload Strategies

Reloader supports multiple "reload" strategies for performing rolling upgrades to resources. The following list describes them:

  • env-vars: When a tracked configMap/secret is updated, this strategy attaches a Reloader specific environment variable to any containers referencing the changed configMap or secret on the owning resource (e.g., Deployment, StatefulSet, etc.). This strategy can be specified with the --reload-strategy=env-vars argument. Note: This is the default reload strategy.
  • annotations: When a tracked configMap/secret is updated, this strategy attaches a reloader.stakater.com/last-reloaded-from pod template annotation on the owning resource (e.g., Deployment, StatefulSet, etc.). This strategy is useful when using resource syncing tools like ArgoCD, since it will not cause these tools to detect configuration drift after a resource is reloaded. Note: Since the attached pod template annotation only tracks the last reload source, this strategy will reload any tracked resource should its configMap or secret be deleted and recreated. This strategy can be specified with the --reload-strategy=annotations argument.

Deploying to Kubernetes

You can deploy Reloader by following methods:

Vanilla Manifests

You can apply vanilla manifests by changing RELEASE-NAME placeholder provided in manifest with a proper value and apply it by running the command given below:

kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml

By default, Reloader gets deployed in default namespace and watches changes secrets and configmaps in all namespaces.

Reloader can be configured to ignore the resources secrets and configmaps by passing the following arguments (spec.template.spec.containers.args) to its container :

Argument Description
--resources-to-ignore=configMaps To ignore configMaps
--resources-to-ignore=secrets To ignore secrets

Note: At one time only one of these resource can be ignored, trying to do it will cause error in Reloader. Workaround for ignoring both resources is by scaling down the Reloader pods to 0.

Reloader can be configured to only watch secrets/configmaps with one or more labels using the --resource-label-selector parameter. Supported operators are !, in, notin, ==, =, !=, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the Kubernetes Docs.

Note: The old : delimited key value mappings are deprecated and if provided will be translated to key=value. Likewise, if a wildcard value is provided (e.g. key:*) it will be translated to the standalone key which checks for key existence.

These selectors can be combined together, for example with:

--resource-label-selector=reloader=enabled,key-exists,another-label in (value1,value2,value3)

Only configmaps or secrets labeled like the following will be watched:

kind: ConfigMap
apiVersion: v1
metadata:
  ...
  labels:
    reloader: enabled
    key-exists: yes
    another-label: value1

  ...

Reloader can be configured to only watch namespaces labeled with one or more labels using the --namespace-selector parameter. Supported operators are !, in, notin, ==, =, !=, if no operator is found the 'exists' operator is inferred (i.e. key only). Additional examples of these selectors can be found in the Kubernetes Docs.

Note: The old : delimited key value mappings are deprecated and if provided will be translated to key=value. Likewise, if a wildcard value is provided (e.g. key:*) it will be translated to the standalone key which checks for key existence.

These selectors can be combined together, for example with:

--namespace-selector=reloader=enabled,test=true

Only namespaces labeled as below would be watched and eligible for reloads:

kind: Namespace
apiVersion: v1
metadata:
  ...
  labels:
    reloader: enabled
    test: true
  ...

Vanilla Kustomize

You can also apply the vanilla manifests by running the following command

kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes

Similarly to vanilla manifests get deployed in default namespace and watches changes secrets and configmaps in all namespaces.

Kustomize

You can write your own kustomization.yaml using ours as a 'base' and write patches to tweak the configuration.

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

bases:
  - https://github.com/stakater/Reloader/deployments/kubernetes

namespace: reloader

Helm Charts

Alternatively if you have configured helm on your cluster, you can add Reloader to helm from our public chart repository and deploy it via helm using below-mentioned commands. Follow this guide, in case you have trouble migrating Reloader from Helm2 to Helm3.

helm repo add stakater https://stakater.github.io/stakater-charts

helm repo update

helm install stakater/reloader # For helm3 add --generate-name flag or set the release name

Note: By default Reloader watches in all namespaces. To watch in single namespace, please run following command. It will install Reloader in test namespace which will only watch Deployments, Daemonsets Statefulsets and Rollouts in test namespace.

helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name

Reloader can be configured to ignore the resources secrets and configmaps by using the following parameters of values.yaml file:

Parameter Description Type
ignoreSecrets To ignore secrets. Valid value are either true or false boolean
ignoreConfigMaps To ignore configMaps. Valid value are either true or false boolean

Note: At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.

Reloader can be configured to only watch namespaces labeled with one or more labels using the namespaceSelector parameter

Parameter Description Type
namespaceSelector list of comma separated label selectors, if multiple are provided they are combined with the AND operator string

Reloader can be configured to only watch configmaps/secrets labeled with one or more labels using the resourceLabelSelector parameter

Parameter Description Type
resourceLabelSelector list of comma separated label selectors, if multiple are provided they are combined with the AND operator string

Note: Both namespaceSelector & resourceLabelSelector can be used together. If they are then both conditions must be met for the configmap or secret to be eligible to trigger reload events. (e.g. If a configMap matches resourceLabelSelector but namespaceSelector does not match the namespace the configmap is in, it will be ignored).

You can also set the log format of Reloader to json by setting logFormat to json in values.yaml and apply the chart.

You can enable to scrape Reloader's Prometheus metrics by setting serviceMonitor.enabled or podMonitor.enabled to true in values.yaml file. Service monitor will be removed in future releases of Reloader in favour of Pod monitor.

Note: Reloading of OpenShift (DeploymentConfig) and/or Argo Rollouts has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:

Parameter Description Type
isOpenshift Enable OpenShift DeploymentConfigs. Valid value are either true or false boolean
isArgoRollouts Enable Argo Rollouts. Valid value are either true or false boolean
reloadOnCreate Enable reload on create events. Valid value are either true or false boolean
syncAfterRestart Enable sync after Reloader restarts for Add events, works only when reloadOnCreate is true. Valid value are either true or false boolean

ReloadOnCreate reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:

  • Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload.
  • When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload.
  • If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected.

If ReloadOnCreate is set to false:

  • Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration.

Help

Documentation

You can find more documentation here

Have a question?

File a GitHub issue.

Talk to us on Slack

Join and talk to us on Slack for discussing Reloader

Join Slack Chat

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

  1. Deploy Reloader.
  2. Run okteto up to activate your development container.
  3. make build.
  4. ./Reloader

PRs are welcome. In general, we follow the "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull request so that we can review your changes

NOTE: Be sure to merge the latest from "upstream" before making a pull request!

Changelog

View our closed Pull Requests.

License

Apache2 © Stakater

About

Reloader is maintained by Stakater. Like it? Please let us know at [email protected]

See our other projects or contact us in case of professional services and queries on [email protected]

Acknowledgements

More Repositories

1

IngressMonitorController

A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices in UptimeRobot, StatusCake, Pingdom, etc. – [✩Star] if you're using it!
Go
479
star
2

Forecastle

Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes – [✩Star] if you're using it!
Go
440
star
3

application

Generic helm chart for all kind of applications
Starlark
211
star
4

GitWebhookProxy

A proxy to let webhooks reach running services behind a firewall – [✩Star] if you're using it!
Go
182
star
5

Konfigurator

A kubernetes operator that dynamically generates and manages app configuration based on kubernetes resources – [✩Star] if you're using it!
Go
91
star
6

til

📝 Today I Learned
88
star
7

ProxyInjector

A Kubernetes controller to inject an authentication proxy container to relevant pods - [✩Star] if you're using it!
Go
88
star
8

developer-handbook

A developer handbook!
Dockerfile
86
star
9

Chowkidar

A kubernetes controller that watches/observes events & then takes configured actions – [✩Star] if you're using it!
Go
55
star
10

Jamadar

A kubernetes controller which cleans up cluster left-overs – [✩Star] if you're using it!
Go
45
star
11

Xposer

A Kubernetes controller to manage (create/update/delete) Kubernetes Ingresses based on the Service - [✩Star] if you are using it!
Go
32
star
12

microservices-testing

how to test microservices based applications? Moved to: https://github.com/stakater/developer-handbook
26
star
13

slack-operator

Kubernetes operator for Slack
Go
19
star
14

tbd-cd-workflow

trunk based development continuous delivery workflow; Moved to: https://github.com/stakater/developer-handbook
18
star
15

aws-terraform-recipes

aws-terraform-recipes
HCL
17
star
16

Playbook

Stakater playbook and documentation!
Dockerfile
15
star
17

stakater-pipeline-library

A repo for managing pipelines for Jenkins
Groovy
15
star
18

Whitelister

A tool to white list node and developer IPs for kubernetes.
Go
14
star
19

StakaterPlatform

Stakater platform provides out of the box stacks to control, monitor, log, trace and security for applications deployed on kubernetes using CI/CD pipelines.
Shell
14
star
20

jira-service-desk-operator

Kubernetes operator for Jira Service Desk
Go
13
star
21

blueprint-network-aws

Stakater Blueprint for creating best-practices network on AWS. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS. Stakater is based on Docker, CoreOS, Terraform, Packer, Docker Compose, GoCD, Fleet, ETCD, and more.
HCL
13
star
22

ami-baker

Build custom AMI (Amazon Machine Image) on top of CoreOS
Shell
11
star
23

Scaler

A tool to modify auto scaling groups.
Go
11
star
24

StakaterNordmart

A repo to deploy nordmart microservices
Shell
11
star
25

stakater-charts

Public helm charts of opensource apps
9
star
26

infrastructure-reference

Reference infrastructure for Stakater blueprints. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS. Stakater is based on Docker, CoreOS, Terraform, Packer, Docker Compose, GoCD, Fleet, ETCD, and more.
Shell
9
star
27

docker-images

Docker Images
Dockerfile
7
star
28

nordmart-apps-gitops-config

Tenant's namespace scoped apps are deployed via this gitops config repository
7
star
29

kops-cluster-templates

A set of templates to create different kubernetes clusters using kops.
Shell
6
star
30

blueprint-storage-aws

Stakater Blueprint for creating best-practices based storage on AWS. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS. Stakater is based on Docker, CoreOS, Terraform, Packer, Docker Compose, GoCD, Fleet, ETCD, and more.
HCL
6
star
31

terraform-azure-openshift

OpenShift on Azure with Terraform!
HCL
5
star
32

employee-handbook

Handbook for Stakater Employees
Dockerfile
5
star
33

blueprint-utilities-aws

Stakater Blueprint for small utility modules on AWS. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS. Stakater is based on Docker, CoreOS, Terraform, Packer, Docker Compose, GoCD, Fleet, ETCD, and more.
HCL
5
star
34

ForecastleIcons

Collection of icons which can be referenced in Forecastle
4
star
35

charts

Stakater OpenSource Helm Charts
Smarty
4
star
36

mto-docs

Multi Tenant Operator (MTO) Documentation
Dockerfile
4
star
37

tekton-catalog

Collection of Tekton Tasks
Starlark
3
star
38

openshift-infra-gitops-example

An example gitops repo for openshift internal infrastructure
Jinja
3
star
39

StakaterCloudDocs

Stakater Cloud Documentation
JavaScript
3
star
40

house-keeper

start & stop AWS servers | night watcher | night savings
Shell
3
star
41

multiple-ingress-controllers

multiple nginx ingress controllers running on kubernetes on AWS
Shell
3
star
42

dockerfile-kafka-with-consul-template

Dockerfile of Kafka with consul template
Shell
3
star
43

dockerfile-logrotate

Dockerized Logrotate
2
star
44

operator-utils

Utility library to support operators
Go
2
star
45

continuous-integration-deployment

what is continuous integration? what is continuous delivery? what is continuous deployment? what is release strategy?
2
star
46

go-cd

Go CD template
Shell
2
star
47

blueprint-static-site-aws

A repo for creating a static web site deployment stack using aws s3 bucket, route53, and cloudfront
HCL
2
star
48

terraform-module-postgres

postgres setup on Amazon AWS using Terraform and Ansible
HCL
2
star
49

dockerfile-pipeline-tools

Image containing all the tools required for pipelines
Dockerfile
2
star
50

terraform-module-github

Terraform modules for github used for setting up a GitHub organization
HCL
2
star
51

dockerfile-nexus

Docker image for Sonatype Nexus
Shell
2
star
52

dockerfile-nginx-with-consul-template

dockerfile of nginx with consul template
Shell
2
star
53

ztp-pipeline-toolbox

ztp-pipeline-toolbox
Dockerfile
2
star
54

grafana-cloud-ansible-operator

Grafana cloud operator
Makefile
2
star
55

stakater-devops-labs

The Lab for the DevOps Workshop with Kubernetes and Containers
Java
2
star
56

dockerfile-logstash-with-consul-template

Dockerfile of Logstash with consul template
Shell
2
star
57

dockerfile-maven-jenkins

Dockerfile for Maven with Jenkins user, for Jenkins Slave
Dockerfile
2
star
58

dockerfile-maven-centos

CentOS 7 --> Java 1.8 --> Maven 3.5.4
Dockerfile
2
star
59

blueprint-instance-pool-aws

Stakater Blueprint for creating best-practices based instance pool on AWS. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS. Stakater is based on Docker, CoreOS, Terraform, Packer, Docker Compose, GoCD, Fleet, ETCD, and more.
HCL
2
star
60

terraform-aws-certificate

Certificate Generation for AWS(route 53) hosted domain using Terraform!
HCL
2
star
61

prod-deployment-reference

Stakater sub-module for infrastructure-reference and a practical reference implementation of Production deployment using custom AMI. Stakater is an Infrastructure-as-Code DevOps solution to automate the creation of web infrastructure stack on AWS, based on Docker, Terraform, and more.
HCL
2
star
62

StakaterDeliveryStack

A Stack to Setup Release(CI/CD) Apps on Kubernetes Cluster via Helm Charts i.e. Jenkins, Nexus, Chartmuseum etc.
Groovy
1
star
63

vocabulary

Stakater Vocabulary
1
star
64

pipeline-library

Libraries, utils and tools required by stakater pipelines
Shell
1
star
65

git-set-commit-status

Set commit status
Python
1
star
66

dockerfile-elasticsearch

Dockerfile for Elasticsearch
Shell
1
star
67

dockerfile-grails3

Docker File for grails 3
1
star
68

infrastructure-app-units

systemd unit files for infrastructure applications
1
star
69

operator-template

Template project for operators
Go
1
star
70

java-test-app-ci-and-versioning

Spring based Test app for CI and versioning
Java
1
star
71

dockerfile-awscli

Dockerfile for AWS CLI
1
star
72

openshift4-ansible

Setup Openshift4 via ansible
Jinja
1
star
73

stakater-reference-app-java

reference app for stakater
Java
1
star
74

dockerfile-logstash

Dockerfile of Logstash
Shell
1
star
75

dockerfile-jenkins

dockerfile for jenkins
Shell
1
star
76

provider-databricks

Databricks Crossplane provider
Go
1
star
77

terraform-module-gitlab

Terraform modules for gitlab used for setting up a GitLab Organization
HCL
1
star
78

workshop-operator

A Kubernetes Operator to install the infrastructure for running workshops/bootcamps on OpenShift.
Go
1
star
79

secrets-management

how to manage secrets?
1
star
80

coreos-and-consul-cluster-via-terraform

coreos-and-consul-cluster-via-terraform
HCL
1
star
81

dockerfile-filebeat-with-consul-template

dockerfile of filebeat with consul template
Shell
1
star
82

resume-renderer

Custom renderer for Stakater resumes
TypeScript
1
star
83

mysql-backup-glacier

Python
1
star
84

dockerfile-java

Java dockerfiles
1
star
85

coreos-vagrant-with-consul-elk

CoreOS Cluster on Vagrant with ELK Stack and Service Registration & Discovery through Consul
Ruby
1
star
86

roadmap

roadmap of stakater
1
star
87

cloud-exits

A collection of cloud exit stories
1
star
88

blueprint-solo-instance-aws

Blueprint for creating best-practices based solo instance on AWS
HCL
1
star
89

stakater-tekton-chart

Jumbo chart for creating pipeline manifests
Smarty
1
star