Deckhouse Kubernetes Platform can automatically restart Pods when certain ConfigMap or Secret resources are modified. This functionality is based on the Reloader project and is controlled via annotations added to Pod controllers (Deployment, DaemonSet, StatefulSet).
Reloader is not designed to be highly available.
The following annotations allow you to control pod restarts.
Supported annotations
Annotation | Applies to objects | Purpose | Example values |
---|---|---|---|
pod-reloader.deckhouse.io/auto |
Deployment, DaemonSet, StatefulSet | Automatically restarts Pods when any related ConfigMap or Secret changes (used as a volume or environment variable) | "true" , "false" |
pod-reloader.deckhouse.io/search |
Deployment, DaemonSet, StatefulSet | Restarts only when resources annotated with pod-reloader.deckhouse.io/match: "true" are changed |
"true" , "false" |
pod-reloader.deckhouse.io/configmap-reload |
Deployment, DaemonSet, StatefulSet | Specifies particular ConfigMap resources that should trigger a restart when changed |
"some-cm" , "some-cm1,some-cm2" |
pod-reloader.deckhouse.io/secret-reload |
Deployment, DaemonSet, StatefulSet | Specifies particular Secret resources that should trigger a restart when changed |
"some-secret" , "some-secret1,some-secret2" |
pod-reloader.deckhouse.io/match |
ConfigMap, Secret | Marks resources to be tracked when pod-reloader.deckhouse.io/search: "true" is used |
"true" , "false" |
The pod-reloader.deckhouse.io/search
annotation must not be used together with pod-reloader.deckhouse.io/auto: "true"
. In this case, both pod-reloader.deckhouse.io/search
and pod-reloader.deckhouse.io/match
annotations will be ignored. To ensure correct behavior, set pod-reloader.deckhouse.io/auto: "false"
or remove it.
The pod-reloader.deckhouse.io/configmap-reload
and pod-reloader.deckhouse.io/secret-reload
annotations do not work when pod-reloader.deckhouse.io/auto: "true"
is present. To ensure correct behavior, disable auto
.
Usage examples
Tracking all changes in all attached resources
Connected resources can be used either as environment variables or mounted as volumes.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
annotations:
pod-reloader.deckhouse.io/auto: "true"
spec:
template:
spec:
containers:
- name: nginx
env:
- name: SECRET_WORD
valueFrom:
secretKeyRef:
name: nginx-secret-value
key: extra
volumeMounts:
- name: pages
mountPath: "/usr/share/nginx/pages"
volumes:
- name: pages
configMap:
name: nginx-pages
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: nginx-secret-value
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-pages
Tracking changes in specific resources
Indicates that only those Secrets or ConfigMaps with the annotation pod-reloader.deckhouse.io/match: "true"
should be monitored. This is useful when a pod uses many resources, but restarts are required only upon changes to specific ones.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
annotations:
pod-reloader.deckhouse.io/search: "true"
spec:
template:
spec:
containers:
- name: nginx
env:
- name: SECRET_WORD
valueFrom:
secretKeyRef:
name: nginx-secret-value
key: extra
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: nginx-secret-value
annotations:
pod-reloader.deckhouse.io/match: "true"
Tracking changes in resources from the list
Explicitly specifies a list of ConfigMaps that should trigger a pod restart when changed.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
annotations:
pod-reloader.deckhouse.io/configmap-reload: "nginx-config,nginx-pages"
spec:
template:
spec:
containers:
- name: nginx
volumeMounts:
- name: pages
mountPath: "/usr/share/nginx/pages"
- name: config
mountPath: "/etc/nginx/templates"
volumes:
- name: pages
configMap:
name: nginx-pages
- name: config
configMap:
name: nginx-config
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-pages
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
Enabling or disabling pod restart
You can enable or disable the pod restart functionality in the following ways:
-
Using a
ModuleConfig
resource (e.g.,ModuleConfig/pod-reloader
). Set thespec.enabled
field totrue
orfalse
:apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: pod-reloader spec: enabled: true
-
Using the
d8
command (in thed8-system/deckhouse
pod):d8 platform module enable pod-reloader
-
Through the Deckhouse web interface:
- Go to the “Deckhouse → Modules” section;
- Find the
pod-reloader
module and click on it; - Toggle the “Module enabled” switch.
Configuration
The pod restart mechanism works out of the box and does not require any mandatory configuration. By default, it is enabled in the Default and Managed module bundles and disabled in the Minimal bundle.
If needed, its behavior can be adjusted in the settings of the pod-reloader module (ModuleConfig pod-reloader
).
Available parameters:
Parameter | Type | Description | Default Value |
---|---|---|---|
reloadOnCreate |
boolean | Restart on ConfigMap or Secret creation, not only on modification | true |
nodeSelector |
object | Limits the nodes where the component can run (equivalent to spec.nodeSelector ) |
Not set |
tolerations |
array | Allows scheduling on tainted nodes (equivalent to spec.tolerations ) |
Not set |