From 38b38131e9b9d9ba086f86557c22deabc3d8293a Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sat, 10 Jan 2026 09:08:25 +0100 Subject: [PATCH] added Reloader --- argocd-apps/homelab.yaml | 22 ++++ control-system/reloader.yaml | 223 +++++++++++++++++++++++++++++++++++ 2 files changed, 245 insertions(+) create mode 100644 control-system/reloader.yaml diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index 9e95195..3bcf850 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -921,4 +921,26 @@ spec: syncOptions: - CreateNamespace=true - PruneLast=true +--- +# Controllers (Reloader, etc.) +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: controller + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: control-system + destination: + server: https://kubernetes.default.svc + namespace: control-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true --- \ No newline at end of file diff --git a/control-system/reloader.yaml b/control-system/reloader.yaml new file mode 100644 index 0000000..41e173d --- /dev/null +++ b/control-system/reloader.yaml @@ -0,0 +1,223 @@ +# Reloader - Automatically restarts pods when ConfigMaps/Secrets change +# https://github.com/stakater/Reloader +# Namespace: control-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: reloader + namespace: control-system + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader +--- +# Role for Reloader's own namespace (for leader election configmap) +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: reloader-leader-election + namespace: control-system + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - get + - watch + - create + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - get + - watch + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: reloader-leader-election + namespace: control-system + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: reloader-leader-election +subjects: +- kind: ServiceAccount + name: reloader + namespace: control-system +--- +# ClusterRole for watching ConfigMaps/Secrets and updating workloads across all namespaces +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: reloader + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - extensions + resources: + - deployments + - daemonsets + verbs: + - list + - get + - update + - patch +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - list + - get +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - get +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: reloader + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: reloader +subjects: +- kind: ServiceAccount + name: reloader + namespace: control-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reloader + namespace: control-system + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader + app.kubernetes.io/version: "v1.4.12" +spec: + replicas: 1 + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader + template: + metadata: + labels: + app.kubernetes.io/name: reloader + app.kubernetes.io/instance: reloader + app.kubernetes.io/version: "v1.4.12" + spec: + serviceAccountName: reloader + securityContext: + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containers: + - name: reloader + image: ghcr.io/stakater/reloader:v1.4.12 + imagePullPolicy: IfNotPresent + env: + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.cpu + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + divisor: "1" + resource: limits.memory + - name: RELOADER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELOADER_DEPLOYMENT_NAME + value: reloader + ports: + - name: http + containerPort: 9090 + protocol: TCP + resources: + requests: + cpu: 10m + memory: 128Mi + limits: + cpu: 500m + memory: 256Mi + livenessProbe: + httpGet: + path: /live + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /metrics + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL \ No newline at end of file