diff --git a/.github/workflows/init-branch-release.yaml b/.github/workflows/init-branch-release.yaml new file mode 100644 index 000000000..142643b84 --- /dev/null +++ b/.github/workflows/init-branch-release.yaml @@ -0,0 +1,69 @@ +name: Init Release +on: + workflow_dispatch: + inputs: + TARGET_BRANCH: + description: 'TARGET_BRANCH on which release will be based' + required: true + type: string + + TARGET_VERSION: + description: 'TARGET_VERSION to build kubernetes manifests with using Kustomize' + required: true + type: string + +permissions: {} + +jobs: + prepare-release: + permissions: + contents: write # for peter-evans/create-pull-request to create branch + pull-requests: write # for peter-evans/create-pull-request to create a PR + name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }} + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4.2 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + ref: ${{ inputs.TARGET_BRANCH }} + + - name: Check if TARGET_VERSION is well formed. + run: | + set -xue + # Target version must not contain 'v' prefix + if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then + echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2 + exit 1 + fi + + - name: Create VERSION information + run: | + set -ue + echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}" + echo "${{ inputs.TARGET_VERSION }}" > VERSION + + - name: Replace latest tag with version from input + run: | + set -ue + VERSION=${{ inputs.TARGET_VERSION }} make update-manifests-version + VERSION=${{ inputs.TARGET_VERSION }} make bump-chart + git diff + + - name: Generate new set of manifests + run: | + set -ue + make k8s-manifests + git diff + + - name: Create pull request + uses: peter-evans/create-pull-request@v7.0.5 + with: + commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" + title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" + body: Updating VERSION and manifests to ${{ inputs.TARGET_VERSION }} + branch: update-version + branch-suffix: random + signoff: true + labels: release diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 1392d8a21..b476bf53c 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -4,6 +4,7 @@ on: pull_request: branches: - master + - 'v**' paths: - '**' - '!.markdownlint.yaml' @@ -17,8 +18,8 @@ on: env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" REGISTRY: ghcr.io jobs: @@ -46,6 +47,8 @@ jobs: # Setting up helm binary - name: Set up Helm uses: azure/setup-helm@v4 + with: + version: v3.11.3 - name: Helm chart unit tests uses: d3adb5/helm-unittest-action@v2 @@ -86,8 +89,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | @@ -160,3 +162,72 @@ jobs: org.opencontainers.image.source=${{ github.event.repository.clone_url }} org.opencontainers.image.created=${{ steps.prep.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} + + - name: Check if Helm validation needs to run + uses: dorny/paths-filter@v3 + id: filter + with: + filters: | + chart: + - 'deployments/kubernetes/chart/reloader/**' + + outputs: + helm_chart_changed: ${{ steps.filter.outputs.chart }} + + helm-validation: + permissions: + contents: read + + runs-on: ubuntu-latest + name: Helm Chart Validation + needs: + - build + + if: ${{ needs.build.outputs.helm_chart_changed }} == "true" + steps: + + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + fetch-depth: 0 + + # Setting up helm binary + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.11.3 + + - name: Helm chart unit tests + uses: d3adb5/helm-unittest-action@v2 + with: + charts: deployments/kubernetes/chart/reloader + + - name: Add Stakater Helm Repo + run: | + helm repo add stakater https://stakater.github.io/stakater-charts + + - name: Get version for chart from helm repo + id: chart_eval + run: | + current_chart_version=$(helm search repo stakater/reloader | tail -n 1 | awk '{print $2}') + echo "CURRENT_CHART_VERSION=$(echo ${current_chart_version})" >> $GITHUB_OUTPUT + + - name: Get Updated Chart version from Chart.yaml + uses: mikefarah/yq@master + id: new_chart_version + with: + cmd: yq e '.version' deployments/kubernetes/chart/reloader/Chart.yaml + + - name: Check Version + uses: aleoyakas/check-semver-increased-action@v1 + id: check-version + with: + current-version: ${{ steps.new_chart_version.outputs.result }} + previous-version: ${{ steps.chart_eval.outputs.CURRENT_CHART_VERSION }} + + - name: Fail if Helm Chart version isnt updated + if: steps.check-version.outputs.is-version-increased != 'true' + run: | + echo "Helm Chart Version wasnt updated" + exit 1 diff --git a/.github/workflows/push-pr-image.yaml b/.github/workflows/push-pr-image.yaml new file mode 100644 index 000000000..279174419 --- /dev/null +++ b/.github/workflows/push-pr-image.yaml @@ -0,0 +1,86 @@ +name: Push PR Image on Label + +on: + pull_request: + branches: + - master + types: [ labeled ] + +env: + DOCKER_FILE_PATH: Dockerfile + REGISTRY: ghcr.io + +jobs: + + build-and-push-pr-image: + permissions: + contents: read + + runs-on: ubuntu-latest + name: Build and Push PR Image + if: ${{ github.event.label.name == 'build-and-push-pr-image' }} + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + ref: ${{github.event.pull_request.head.sha}} + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + check-latest: true + cache: true + + - name: Install Dependencies + run: | + make install + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v5 + with: + version: latest + only-new-issues: false + args: --timeout 10m + + - name: Generate Tags + id: generate_tag + run: | + sha=${{ github.event.pull_request.head.sha }} + tag="SNAPSHOT-PR-${{ github.event.pull_request.number }}-${sha:0:8}" + echo "GIT_TAG=$(echo ${tag})" >> $GITHUB_OUTPUT + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Generate image repository path for ghcr registry + run: | + echo GHCR_IMAGE_REPOSITORY=${{env.REGISTRY}}/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV + + - name: Login to ghcr registry + uses: docker/login-action@v3 + with: + registry: ${{env.REGISTRY}} + username: stakater-user + password: ${{secrets.GITHUB_TOKEN}} + + - name: Build Docker Image + uses: docker/build-push-action@v6 + with: + context: . + file: ${{ env.DOCKER_FILE_PATH }} + pull: true + push: true + build-args: BUILD_PARAMETERS=${{ env.BUILD_PARAMETERS }} + cache-to: type=inline + platforms: linux/amd64,linux/arm,linux/arm64 + tags: | + ${{ env.GHCR_IMAGE_REPOSITORY }}:${{ steps.generate_tag.outputs.GIT_TAG }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.clone_url }} + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml index dff2989dd..626e50620 100644 --- a/.github/workflows/push.yaml +++ b/.github/workflows/push.yaml @@ -6,12 +6,13 @@ on: - closed branches: - master + - 'v**' env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" HELM_REGISTRY_URL: "https://stakater.github.io/stakater-charts" REGISTRY: ghcr.io @@ -62,8 +63,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | @@ -207,76 +207,6 @@ jobs: org.opencontainers.image.source=${{ github.event.repository.clone_url }} org.opencontainers.image.revision=${{ github.sha }} - ############################## - ## Add steps to generate required artifacts for a release here(helm chart, operator manifest etc.) - ############################## - - # Skip pushing plain manifests till we decide what to do with them - - # - name: Helm Template - # run: | - # helm template reloader deployments/kubernetes/chart/reloader/ \ - # --set reloader.deployment.resources.limits.cpu=150m \ - # --set reloader.deployment.resources.limits.memory=512Mi \ - # --set reloader.deployment.resources.requests.cpu=10m \ - # --set reloader.deployment.resources.requests.memory=128Mi > deployments/kubernetes/reloader.yaml - - # helm template reloader deployments/kubernetes/chart/reloader/ --output-dir deployments/kubernetes/manifests && mv deployments/kubernetes/manifests/reloader/templates/* deployments/kubernetes/manifests/ && rm -r deployments/kubernetes/manifests/reloader - - # - name: Remove labels and annotations from manifests - # run: make remove-labels-annotations - - # Charts are to be pushed to a separate repo with a separate release cycle - - # # Publish helm chart - # - name: Login to ghcr via helm - # run: | - # echo ${{secrets.GITHUB_TOKEN}} | helm registry login ghcr.io/stakater --username stakater-user --password-stdin - - # - name: Publish Helm chart to ghcr.io - # run: | - # helm package ./deployments/kubernetes/chart/reloader --destination ./packaged-chart - # helm push ./packaged-chart/*.tgz oci://ghcr.io/stakater/charts - # rm -rf ./packaged-chart - - # - name: Publish Helm chart to gh-pages - # uses: stefanprodan/helm-gh-pages@master - # with: - # branch: master - # repository: stakater-charts - # target_dir: docs - # token: ${{ secrets.STAKATER_GITHUB_TOKEN }} - # charts_dir: deployments/kubernetes/chart/ - # charts_url: ${{ env.HELM_REGISTRY_URL }} - # owner: stakater - # linting: on - # commit_username: stakater-user - # commit_email: stakater@gmail.com - - # # Commit back changes - # - name: Log info about `.git` directory permissions - # run: | - # # Debug logging - # echo "Disk usage: " - # df -H - - # echo ".git files not owned by current user or current group:" - # find .git ! -user $(id -u) -o ! -group $(id -g) | xargs ls -lah - - # - name: Commit files - # run: | - # git config --local user.email "stakater@gmail.com" - # git config --local user.name "stakater-user" - # git status - # git add . - # git commit -m "[skip-ci] Update artifacts" -a - - # - name: Push changes - # uses: ad-m/github-push-action@master - # with: - # github_token: ${{ secrets.STAKATER_GITHUB_TOKEN }} - # branch: ${{ github.ref }} - - name: Push Latest Tag uses: anothrNick/github-tag-action@1.71.0 env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a7a812c24..075859760 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,8 +7,8 @@ on: env: DOCKER_FILE_PATH: Dockerfile DOCKER_UBI_FILE_PATH: Dockerfile.ubi - KUBERNETES_VERSION: "1.19.0" - KIND_VERSION: "0.17.0" + KUBERNETES_VERSION: "1.30.0" + KIND_VERSION: "0.23.0" REGISTRY: ghcr.io jobs: @@ -57,8 +57,7 @@ jobs: run: | curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" sudo install ./kubectl /usr/local/bin/ && rm kubectl - kubectl version --short --client - kubectl version --short --client | grep -q ${KUBERNETES_VERSION} + kubectl version --client=true - name: Install Kind run: | diff --git a/.gitignore b/.gitignore index 95b8b63e3..73da63e55 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ styles/ site/ /mkdocs.yml yq +bin \ No newline at end of file diff --git a/Makefile b/Makefile index 5a2a6c2b6..f4a725d26 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,75 @@ LDFLAGS = GOPROXY ?= GOPRIVATE ?= +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) +YQ ?= $(LOCALBIN)/yq + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +ENVTEST_VERSION ?= release-0.17 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +YQ_VERSION ?= v4.27.5 +YQ_DOWNLOAD_URL = "https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(OS)_$(ARCH)" + + +.PHONY: yq +yq: $(YQ) ## Download YQ locally if needed +$(YQ): + @test -d $(LOCALBIN) || mkdir -p $(LOCALBIN) + @curl --retry 3 -fsSL $(YQ_DOWNLOAD_URL) -o $(YQ) || { \ + echo "Failed to download yq from $(YQ_DOWNLOAD_URL). Please check the URL and your network connection."; \ + exit 1; \ + } + @chmod +x $(YQ) + @echo "yq downloaded successfully to $(YQ)." + + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef + default: build test install: @@ -80,9 +149,16 @@ apply: deploy: binary-image push apply +.PHONY: k8s-manifests +k8s-manifests: $(KUSTOMIZE) ## Generate k8s manifests using Kustomize from 'manifests' folder + $(KUSTOMIZE) build ./deployments/kubernetes/ -o ./deployments/kubernetes/reloader.yaml + +.PHONY: update-manifests-version +update-manifests-version: ## Generate k8s manifests using Kustomize from 'manifests' folder + sed -i 's/image: "ghcr.io\/stakater\/reloader:latest"/image: \"ghcr.io\/stakater\/reloader:v$(VERSION)"/g' deployments/kubernetes/manifests/deployment.yaml + # Bump Chart bump-chart: - sed -i "s/^version:.*/version: $(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml sed -i "s/^appVersion:.*/appVersion: v$(VERSION)/" deployments/kubernetes/chart/reloader/Chart.yaml sed -i "s/tag:.*/tag: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml sed -i "s/version:.*/version: v$(VERSION)/" deployments/kubernetes/chart/reloader/values.yaml @@ -98,13 +174,3 @@ yq-install: @curl -sL $(YQ_DOWNLOAD_URL) -o $(YQ_BIN) @chmod +x $(YQ_BIN) @echo "yq $(YQ_VERSION) installed at $(YQ_BIN)" - -remove-labels-annotations: yq-install - @for file in $$(find deployments/kubernetes/manifests -type f -name '*.yaml'); do \ - echo "Processing $$file"; \ - $(YQ_BIN) eval 'del(.metadata.labels, .metadata.annotations)' -i "$$file"; \ - done - $(YQ_BIN) eval 'del(.spec.template.metadata.labels)' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval 'del(.spec.selector.matchLabels)' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval '.spec.selector.matchLabels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml - $(YQ_BIN) eval '.spec.template.metadata.labels.app = "reloader-reloader"' -i deployments/kubernetes/manifests/deployment.yaml diff --git a/VERSION b/VERSION new file mode 100644 index 000000000..1cc5f657e --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.1.0 \ No newline at end of file diff --git a/deployments/kubernetes/chart/reloader/Chart.yaml b/deployments/kubernetes/chart/reloader/Chart.yaml index 51141e5e2..08ed81c88 100644 --- a/deployments/kubernetes/chart/reloader/Chart.yaml +++ b/deployments/kubernetes/chart/reloader/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.0.122 -appVersion: v1.0.122 +version: 1.1.1 +appVersion: v1.1.0 keywords: - Reloader - kubernetes diff --git a/deployments/kubernetes/chart/reloader/values.yaml b/deployments/kubernetes/chart/reloader/values.yaml index bdc121c51..3e4e52a0c 100644 --- a/deployments/kubernetes/chart/reloader/values.yaml +++ b/deployments/kubernetes/chart/reloader/values.yaml @@ -94,11 +94,11 @@ reloader: labels: provider: stakater group: com.stakater.platform - version: v1.0.121 + version: v1.1.0 image: name: ghcr.io/stakater/reloader base: stakater/reloader - tag: v1.0.121 + tag: v1.1.0 pullPolicy: IfNotPresent # Support for extra environment variables. env: diff --git a/deployments/kubernetes/manifests/deployment.yaml b/deployments/kubernetes/manifests/deployment.yaml index faa06fca1..fb80fa47d 100644 --- a/deployments/kubernetes/manifests/deployment.yaml +++ b/deployments/kubernetes/manifests/deployment.yaml @@ -17,7 +17,7 @@ spec: app: reloader-reloader spec: containers: - - image: "ghcr.io/stakater/reloader:latest" + - image: "ghcr.io/stakater/reloader:v1.1.0" imagePullPolicy: IfNotPresent name: reloader-reloader env: @@ -53,6 +53,13 @@ spec: successThreshold: 1 initialDelaySeconds: 10 securityContext: {} + resources: + limits: + cpu: "1" + memory: 512Mi + requests: + cpu: 10m + memory: 512Mi securityContext: runAsNonRoot: true runAsUser: 65534 diff --git a/deployments/kubernetes/reloader.yaml b/deployments/kubernetes/reloader.yaml index 437956362..881ba3464 100644 --- a/deployments/kubernetes/reloader.yaml +++ b/deployments/kubernetes/reloader.yaml @@ -1,127 +1,81 @@ ---- -# Source: reloader/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader namespace: default --- -# Source: reloader/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - list - - get - - watch - - apiGroups: - - "apps" - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "extensions" - resources: - - deployments - - daemonsets - verbs: - - list - - get - - update - - patch - - apiGroups: - - "batch" - resources: - - cronjobs - verbs: - - list - - get - - apiGroups: - - "batch" - resources: - - jobs - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- -# Source: reloader/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" name: reloader-reloader-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: reloader-reloader-role subjects: - - kind: ServiceAccount - name: reloader-reloader - namespace: default +- kind: ServiceAccount + name: reloader-reloader + namespace: default --- -# Source: reloader/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: - annotations: - meta.helm.sh/release-namespace: "default" - meta.helm.sh/release-name: "reloader" - labels: - app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest name: reloader-reloader namespace: default spec: @@ -130,56 +84,47 @@ spec: selector: matchLabels: app: reloader-reloader - release: "reloader" template: metadata: labels: app: reloader-reloader - chart: "reloader-1.0.121" - release: "reloader" - heritage: "Helm" - app.kubernetes.io/managed-by: "Helm" - group: com.stakater.platform - provider: stakater - version: latest spec: containers: - - image: "ghcr.io/stakater/reloader:latest" - imagePullPolicy: IfNotPresent - name: reloader-reloader - env: + - env: - name: GOMAXPROCS valueFrom: resourceFieldRef: + divisor: "1" resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: + divisor: "1" resource: limits.memory - ports: - - name: http - containerPort: 9090 + image: "ghcr.io/stakater/reloader:latest" + imagePullPolicy: IfNotPresent livenessProbe: + failureThreshold: 5 httpGet: path: /live port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 + timeoutSeconds: 5 + name: reloader-reloader + ports: + - containerPort: 9090 + name: http readinessProbe: + failureThreshold: 5 httpGet: path: /metrics port: http - timeoutSeconds: 5 - failureThreshold: 5 + initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 - initialDelaySeconds: 10 - - securityContext: - {} + timeoutSeconds: 5 resources: limits: cpu: "1" @@ -187,7 +132,8 @@ spec: requests: cpu: 10m memory: 512Mi - securityContext: + securityContext: {} + securityContext: runAsNonRoot: true runAsUser: 65534 seccompProfile: