Merge remote-tracking branch 'upstream/master' into fix-255

Author: hussnain612

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/pull_request.yaml

@@ -7,7 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
-  GOLANG_VERSION: 1.17
+  GOLANG_VERSION: 1.20.2
   KUBERNETES_VERSION: "1.18.0"
   KIND_VERSION: "0.10.0"
   REGISTRY: ghcr.io
@@ -40,7 +40,7 @@ jobs:
     - name: Run golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
-        version: v1.50.1
+        version: v1.51.1
         only-new-issues: false
         args: --timeout 10m
 

.github/workflows/push.yaml

@@ -7,7 +7,7 @@ on:
 
 env:
   DOCKER_FILE_PATH: Dockerfile
-  GOLANG_VERSION: 1.17.7
+  GOLANG_VERSION: 1.20.2
   KUBERNETES_VERSION: "1.18.0"
   KIND_VERSION: "0.10.0"
   HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts"
@@ -43,10 +43,10 @@ jobs:
       - name: Run golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50.1
+          version: v1.51.1
           only-new-issues: false
           args: --timeout 10m
-          
+
       - name: Install kubectl
         run: |
           curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
@@ -138,7 +138,7 @@ jobs:
             org.opencontainers.image.source=${{ github.event.repository.clone_url }}
             org.opencontainers.image.created=${{ steps.prep.outputs.created }}
             org.opencontainers.image.revision=${{ github.sha }}
-            
+
       ##############################
       ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.)
       ##############################
@@ -162,7 +162,7 @@ jobs:
       - name: Helm Template
         run: |
           helm template reloader deployments/kubernetes/chart/reloader/ > deployments/kubernetes/reloader.yaml
-          helm template reloader deployments/kubernetes/chart/reloader/  --output-dir deployments/kubernetes/manifests/ && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
+          helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader
 
       # Publish helm chart
       - name: Publish Helm chart
@@ -178,16 +178,16 @@ jobs:
           linting: on
           commit_username: stakater-user
           commit_email: stakater@gmail.com
-          
+
       # Commit back changes
       - name: Commit files
         run: |
           git config --local user.email "stakater@gmail.com"
           git config --local user.name "stakater-user"
-          git status 
+          git status
           git add .
           git commit -m "[skip-ci] Update artifacts" -a
-          
+
       - name: Push changes
         uses: ad-m/github-push-action@master
         with:

.github/workflows/release.yaml

@@ -6,7 +6,7 @@ on:
       - "v*"
 
 env:
-  GOLANG_VERSION: 1.17.7
+  GOLANG_VERSION: 1.20.2
 
 jobs:
   build:
@@ -15,12 +15,12 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0 # See: https://goreleaser.com/ci/actions/
 
       - name: Set up Go 1.x
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GOLANG_VERSION }}
         id: go

Dockerfile

@@ -2,7 +2,7 @@ ARG BUILDER_IMAGE
 ARG BASE_IMAGE
 
 # Build the manager binary
-FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.17.7} as builder
+FROM --platform=${BUILDPLATFORM} ${BUILDER_IMAGE:-golang:1.20.2} as builder
 
 ARG TARGETOS
 ARG TARGETARCH

README.md

@@ -31,7 +31,8 @@ metadata:
   annotations:
     reloader.stakater.com/auto: "true"
 spec:
-  template: metadata:
+  template:
+    metadata:
 ```
 
 This will discover deploymentconfigs/deployments/daemonsets/statefulset/rollouts automatically where `foo-configmap` or `foo-secret` is being used either via environment variable or from volume mount. And it will perform rolling upgrade on related pods when `foo-configmap` or `foo-secret`are updated.
@@ -86,7 +87,8 @@ metadata:
   annotations:
     configmap.reloader.stakater.com/reload: "foo-configmap"
 spec:
-  template: metadata:
+  template:
+    metadata:
 ```
 
 Use comma separated list to define multiple configmaps.
@@ -141,6 +143,7 @@ spec:
 - you may override the configmap annotation with the `--configmap-annotation` flag
 - you may override the secret annotation with the `--secret-annotation` flag
 - you may want to prevent watching certain namespaces with the `--namespaces-to-ignore` flag
+- you may want to watch only a set of namespaces with certain labels by using the `--namespace-selector` flag
 - you may want to prevent watching certain resources with the `--resources-to-ignore` flag
 - you can configure logging in JSON format with the `--log-format=json` option
 - you can configure the "reload strategy" with the `--reload-strategy=<strategy-name>` option (details below)
@@ -180,6 +183,25 @@ Reloader can be configured to ignore the resources `secrets` and `configmaps` by
 
 `Note`: At one time only one of these resource can be ignored, trying to do it will cause error in Reloader. Workaround for ignoring both resources is by scaling down the reloader pods to `0`.
 
+Reloader can be configured to watch only namespaces labeled with (one or more) labels of your choosing by using the `--namespace-selector` parameter, for example:
+```
+--namespace-selector=reloder:enabled,test:true
+```
+
+Only namespaces labeled like the following namespace YAML will be watched:
+```yaml
+kind: Namespace
+apiVersion: v1
+metadata:
+  ...
+  labels:
+    reloder: enabled
+    test: true
+  ...
+```
+If you want to select namespace only by the key of the label use ```*``` as the value.
+For example, for ```--namespace-selector=select-this:*``` all namespaces with label-key "select-this" will be selected regardless of the labels value
+
 ### Vanilla kustomize
 
 You can also apply the vanilla manifests by running the following command
@@ -231,17 +253,32 @@ Reloader can be configured to ignore the resources `secrets` and `configmaps` by
 
 `Note`: At one time only one of these resource can be ignored, trying to do it will cause error in helm template compilation.
 
+Reloader can be configured to watch only namespaces labeled with (one or more) labels of your choosing by using the `namespaceSelector` parameter
+
+| Parameter            | Description                                                    | Type    |
+| ----------------     | -------------------------------------------------------------- | ------- |
+| namespaceSelector    | list of comma separated key:value namespace                    | string  |
+
 You can also set the log format of Reloader to json by setting `logFormat` to `json` in values.yaml and apply the chart
 
 You can enable to scrape Reloader's Prometheus metrics by setting `serviceMonitor.enabled` or `podMonitor.enabled`  to `true` in values.yaml file. Service monitor will be removed in future releases of reloader in favour of Pod monitor.
 
 **Note:** Reloading of OpenShift (DeploymentConfig) and/or Argo Rollouts has to be enabled explicitly because it might not be always possible to use it on a cluster with restricted permissions. This can be done by changing the following parameters:
 
-| Parameter        | Description                                                                  | Type    |
-| ---------------- |------------------------------------------------------------------------------| ------- |
-| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false` | boolean |
-| isArgoRollouts   | Enable Argo Rollouts. Valid value are either `true` or `false`               | boolean |
-| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`     | boolean |
+| Parameter        | Description                                                                                                                              | Type    |
+|------------------|------------------------------------------------------------------------------------------------------------------------------------------| ------- |
+| isOpenshift      | Enable OpenShift DeploymentConfigs. Valid value are either `true` or `false`                                                             | boolean |
+| isArgoRollouts   | Enable Argo Rollouts. Valid value are either `true` or `false`                                                                           | boolean |
+| reloadOnCreate   | Enable reload on create events. Valid value are either `true` or `false`                                                                 | boolean |
+| syncAfterRestart | Enable sync after reloader restarts for **Add** events, works only when reloadOnCreate is `true`. Valid value are either `true` or `false` | boolean |
+
+**ReloadOnCreate** reloadOnCreate controls how Reloader handles secrets being added to the cache for the first time. If reloadOnCreate is set to true:
+* Configmaps/secrets being added to the cache will cause Reloader to perform a rolling update of the associated workload. 
+* When applications are deployed for the first time, Reloader will perform a rolling update of the associated workload. 
+* If you are running Reloader in HA mode all workloads will have a rolling update performed when a new leader is elected. 
+
+If ReloadOnCreate is set to false: 
+* Updates to configMaps/Secrets that occur while there is no leader will not be picked up by the new leader until a subsequent update of the configmap/secret occurs. In the worst case the window in which there can be no leader is 15s as this is the LeaseDuration.
 
 ## Help
 
@@ -251,7 +288,7 @@ You can find more documentation [here](docs)
 
 ### Have a question?
 
-File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us an [email](mailto:stakater@gmail.com).
+File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us an [email](mailto:hello@stakater.com).
 
 ### Talk to us on Slack
 

deployments/kubernetes/chart/reloader/Chart.yaml

@@ -3,8 +3,8 @@
 apiVersion: v1
 name: reloader
 description: Reloader chart that runs on kubernetes
-version: v0.0.114
-appVersion: v0.0.114
+version: v1.0.20
+appVersion: v1.0.20
 keywords:
   - Reloader
   - kubernetes
@@ -16,16 +16,6 @@ maintainers:
   - name: Stakater
     email: hello@stakater.com
   - name: rasheedamir
-    email: rasheed@aurorasolutions.io
-  - name: waseem-h
-    email: waseemhassan@stakater.com
+    email: rasheed@stakater.com
   - name: faizanahmad055
     email: faizan.ahmad55@outlook.com
-  - name: kahootali
-    email: ali.kahoot@aurorasolutions.io
-  - name: ahmadiq
-    email: ahmad@aurorasolutions.io
-  - name: ahsan-storm
-    email: ahsanmuhammad1@outlook.com
-  - name: ahmedwaleedmalik
-    email: waleed@stakater.com

deployments/kubernetes/chart/reloader/templates/_helpers.tpl

@@ -28,6 +28,23 @@ heritage: {{ .Release.Service | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 {{- end -}}
 
+{{/*
+Create pod anti affinity labels
+*/}}
+{{- define "reloader-podAntiAffinity" -}}
+podAntiAffinity:
+  preferredDuringSchedulingIgnoredDuringExecution:
+  - weight: 100
+    podAffinityTerm:
+      labelSelector:
+        matchExpressions:
+        - key: app
+          operator: In
+          values:
+          - {{ template "reloader-fullname" . }}
+      topologyKey: "kubernetes.io/hostname"
+{{- end -}}
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -45,4 +62,4 @@ Create the annotations to support helm3
 {{- define "reloader-helm3.annotations" -}}
 meta.helm.sh/release-namespace: {{ .Release.Namespace | quote }}
 meta.helm.sh/release-name: {{ .Release.Name | quote }}
-{{- end -}}
+{{- end -}}

deployments/kubernetes/chart/reloader/templates/clusterrole.yaml

@@ -17,7 +17,6 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role
-  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups:
       - ""
@@ -32,6 +31,14 @@ rules:
       - list
       - get
       - watch
+{{- if .Values.reloader.namespaceSelector }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+{{- end }}
 {{- if and (.Capabilities.APIVersions.Has "apps.openshift.io/v1") (.Values.reloader.isOpenshift) }}
   - apiGroups:
       - "apps.openshift.io"
@@ -77,4 +84,21 @@ rules:
       - get
       - update
       - patch
+{{- if .Values.reloader.enableHA }}
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - create
+      - get
+      - update
+{{- end}}
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
 {{- end }}

deployments/kubernetes/chart/reloader/templates/clusterrolebinding.yaml

@@ -17,13 +17,12 @@ metadata:
 {{ toYaml .Values.reloader.matchLabels | indent 4 }}
 {{- end }}
   name: {{ template "reloader-fullname" . }}-role-binding
-  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: {{ template "reloader-fullname" . }}-role
 subjects:
   - kind: ServiceAccount
     name: {{ template "reloader-serviceAccountName" . }}
-    namespace: {{ .Release.Namespace }}
+    namespace: {{ .Values.namespace | default .Release.Namespace }}
 {{- end }}