Description
Is your feature request related to a problem? Please describe.
Currently, the Stakater Reloader project supports triggering restarts for deployments when certain Kubernetes resources (like ConfigMaps and Secrets) change. However, it does not provide a mechanism to restart a deployment when its associated ServiceAccount is updated.
A common use case for this is when IAM role annotations are added or modified in a ServiceAccount, but the associated deployment does not automatically pick up the changes without a manual restart. This results in inconsistent IAM permissions and requires additional operational overhead to track and restart affected deployments manually.
Describe the solution you'd like
I would like Reloader to detect changes in a ServiceAccount (e.g., annotations or labels, particularly those related to IAM roles) and trigger a restart for any deployment associated with that ServiceAccount.
This could work similarly to how Reloader watches for ConfigMap and Secret changes, ensuring that affected pods are automatically restarted when their ServiceAccount is updated.
Describe alternatives you've considered
- Manually restarting deployments when making changes to ServiceAccounts, which is error-prone and not scalable.
- Using an external controller or script to monitor ServiceAccount changes and trigger rollouts, which adds complexity.
- Implementing a custom Kubernetes admission webhook to enforce pod restarts when a ServiceAccount changes, but this requires additional maintenance.