Cloud-native architectures rely heavily on ConfigMaps and Secrets for externalizing application settings. However, modifying these resources does not inherently propagate changes to running containers. Environment variables injected via env remain static until a pod restart. File-based mounts eventually reflect updates but often introduce slight latency. Manually orchestrating rolling updates across large clusters creates operational friction and increases the risk of configuration drift.
To mitigate this, operators utilize Reloader, an automation utility designed to watch for ConfigMap or Secret modifications and trigger corresponding workload reconciliations instantly.
Core Functionality
Reloader monitors designated namespaces for changes in configuration objects. When a modification is detected, it automatically initiates rolling upgrades for associated controllers such as Deployments, StatefulSets, DaemonSets, and Rollouts. This ensures that applications consume the latest values immediately without manual intervention.
Underlying Mechanism
The synchronization logic operates through annotation injection:
- Change Detection: The controller identifies when a targeted ConfigMap or Secret data alters.
- Hashing: It calculates a hash digest (e.g., SHA1) based on the new content state.
- Workload Identification: It queries for resources linked to the updated object via metadata labels.
- Annotation Check: It inspects pods/templates for specific annotations inddicating Reloader integration.
- Trigger: If a valid annotation exists, Reloader injects or updates an environment variable containing the new hash value within the pod spec.
- Reconciliation: Kubernetes detects the spec change in the deployment definition and triggers a standard rolling update to replace the old pods with new ones referencing the refreshed configuration.
Installation
Deploy the controller into the cluster using the official manifest. The components initialize in the default namespace by standard practice.
kubectl apply -f https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml
Operational Usage
Enabling Global Automatic Reloads
To allow any attached configuration to trigger a pod refresh, apply the global auto-reload annotation to the Deployment metadata:
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-gateway-svc
annotations:
reloader.stakater.com/auto: "true"
spec:
replicas: 3
When the associated ConfigMap or Secret is patched, verify the status change:
kubectl get pods
Specifying Target Resources
For granular control, define exactly which configurations should trigger an update using specific annotation keys.
ConfigMap Targeting
List specific ConfigMaps in the annotation string, separated by commas:
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-gateway-svc
annotations:
configmap.reloader.stakater.com/reload: "database-conn,feature-flags"
spec:
template:
metadata:
labels:
app: payment
Secret Targeting
Similarly, configure selective reloads for Secret objects:
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-gateway-svc
annotations:
secret.reloader.stakater.com/reload: "tls-cert,master-key"
spec:
template:
metadata:
labels:
app: payment