---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app: reloader
  name: reloader
  namespace: reloader
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app: reloader
  name: reloader-role
  namespace: reloader
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
      - configmaps
    verbs:
      - list
      - get
      - watch
  - apiGroups:
      - apps
    resources:
      - deployments
      - daemonsets
      - statefulsets
    verbs:
      - list
      - get
      - update
      - patch
  - apiGroups:
      - "extensions"
    resources:
      - deployments
      - daemonsets
    verbs:
      - list
      - get
      - update
      - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app: reloader
  name: reloader-role-binding
  namespace: reloader
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: reloader-role
subjects:
  - kind: ServiceAccount
    name: reloader
    namespace: reloader
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: reloader
  name: reloader
  namespace: reloader
spec:
  replicas: 1
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: reloader
  template:
    metadata:
      labels:
        app: reloader
    spec:
      containers:
      - image: "stakater/reloader:v0.0.118"
        imagePullPolicy: Always
        name: reloader
        ports:
        - name: http
          containerPort: 9090
        livenessProbe:
          httpGet:
            path: /metrics
            port: http
          timeoutSeconds: 5
          failureThreshold: 5
          periodSeconds: 10
          successThreshold: 1
        readinessProbe:
          httpGet:
            path: /metrics
            port: http
          timeoutSeconds: 5
          failureThreshold: 5
          periodSeconds: 10
          successThreshold: 1
      securityContext:
        runAsNonRoot: true
        runAsUser: 65534
      serviceAccountName: reloader