Reloader
Reloader copied to clipboard
stakater
[Question] What are the rights that are necessary and how does it work behind the scenes?
I am wondering what is takes to use the reloader. The client we are serving wants to know in details how it works to ensure their k8s infrastructure is not at risk in any case. Can you tell what is technically speaking the principle of the reloader installed the following way?
kubectl apply -k https://github.com/stakater/Reloader/deployments/kubernetes
and used the following way:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
labels:
app: nginx
annotations:
reloader.stakater.com/auto: "true"
[...]
In simple terms, Reloader needs:
- Role/ClusterRole
- RoleBinding/ClusterRoleBinding
- ServiceAccount
- Deployment
looks for change events in:
- secrets
- configmaps
updates (based on the permission and reloader annotation):
- deployment
- statefulset
- daemonset
- deploymentConfig
So, it just looks for change events and if a resource has a reloader annotation and corresponds to the change, it will create/update an environment variable in that resource (i.e. deployment) to trigger a rolling update.
@faizanahmad055 how do we exclude ClusterRole and ClusterRoleBinding from the templates? If I just link the repo as a dependency on my chart it will try to deploy these cluster wide role/bindings for which I have no permissions. How do I override this in the values file so that it deploys Role and RoleBinding instead of ClusterRole and ClusterRoleBinding ?
You need to set the watchGlobally flag to false. Please check the readme.
helm install stakater/reloader --set reloader.watchGlobally=false --namespace test # For helm3 add --generate-name flag or set the release name