{"id":13644600,"url":"https://github.com/wave-k8s/wave","last_synced_at":"2026-03-03T09:09:07.940Z","repository":{"id":39486606,"uuid":"153767915","full_name":"wave-k8s/wave","owner":"wave-k8s","description":"Kubernetes configuration tracking controller","archived":false,"fork":false,"pushed_at":"2026-03-02T14:17:16.000Z","size":763,"stargazers_count":768,"open_issues_count":11,"forks_count":81,"subscribers_count":14,"default_branch":"master","last_synced_at":"2026-03-02T17:48:26.842Z","etag":null,"topics":["cloud-infrastructure","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wave-k8s.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-10-19T10:44:15.000Z","updated_at":"2026-01-23T07:30:18.000Z","dependencies_parsed_at":"2024-04-18T13:57:12.129Z","dependency_job_id":"1bff5e46-0210-4a15-a454-8940481149ce","html_url":"https://github.com/wave-k8s/wave","commit_stats":null,"previous_names":["pusher/wave"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/wave-k8s/wave","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wave-k8s%2Fwave","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wave-k8s%2Fwave/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wave-k8s%2Fwave/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wave-k8s%2Fwave/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wave-k8s","download_url":"https://codeload.github.com/wave-k8s/wave/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wave-k8s%2Fwave/sbom","scorecard":{"id":750308,"data":{"date":"2025-08-11","repo":{"name":"github.com/wave-k8s/wave","commit":"e582f0e3fb0a1ddd00ebebcc608196eca5ce881a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":3,"reason":"Found 4/11 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/charts.yaml:1","Warn: no topLevel permission defined: .github/workflows/e2e-test.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:10","Warn: no topLevel permission defined: .github/workflows/image.yaml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact wave-4.4.1 not signed: https://api.github.com/repos/wave-k8s/wave/releases/181403789","Warn: release artifact wave-4.4.0 not signed: https://api.github.com/repos/wave-k8s/wave/releases/180619473","Warn: release artifact wave-4.3.0 not signed: https://api.github.com/repos/wave-k8s/wave/releases/179514784","Warn: release artifact wave-4.2.0 not signed: https://api.github.com/repos/wave-k8s/wave/releases/160865395","Warn: release artifact wave-4.4.1 does not have provenance: https://api.github.com/repos/wave-k8s/wave/releases/181403789","Warn: release artifact wave-4.4.0 does not have provenance: https://api.github.com/repos/wave-k8s/wave/releases/180619473","Warn: release artifact wave-4.3.0 does not have provenance: https://api.github.com/repos/wave-k8s/wave/releases/179514784","Warn: release artifact wave-4.2.0 does not have provenance: https://api.github.com/repos/wave-k8s/wave/releases/160865395"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/image.yaml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/charts.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/charts.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/charts.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/charts.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/charts.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/charts.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e-test.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/e2e-test.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e-test.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/e2e-test.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/golangci-lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangci-lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/golangci-lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/image.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/image.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/image.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/image.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/image.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/image.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/image.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/wave-k8s/wave/test.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2","Warn: containerImage not pinned by hash: Dockerfile:22: pin your Docker image by updating alpine:3.20 to alpine:3.20@sha256:b3119ef930faabb6b7b976780c0c7a9c1aa24d0c75e9179ac10e6bc9ac080d0d","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   8 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T20:08:05.622Z","repository_id":39486606,"created_at":"2025-08-22T20:08:05.622Z","updated_at":"2025-08-22T20:08:05.622Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30038675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T06:58:30.252Z","status":"ssl_error","status_checked_at":"2026-03-03T06:58:15.329Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-infrastructure","kubernetes"],"created_at":"2024-08-02T01:02:09.044Z","updated_at":"2026-03-03T09:09:07.925Z","avatar_url":"https://github.com/wave-k8s.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://raw.githubusercontent.com/wave-k8s/wave/master/LICENSE) [![Go Report Card](https://goreportcard.com/badge/github.com/wave-k8s/wave)](https://goreportcard.com/report/github.com/wave-k8s/wave) [![Build Status](https://github.com/wave-k8s/wave/actions/workflows/image.yaml/badge.svg)](https://github.com/wave-k8s/wave/actions/workflows/image.yaml) [![Go Reference](https://pkg.go.dev/badge/github.com/wave-k8s/wave.svg)](https://pkg.go.dev/github.com/wave-k8s/wave)\n\n\u003cimg src=\"./wave-logo.svg\" width=150 height=150 alt=\"Wave Logo\"/\u003e\n\n# Wave\n\nWave watches Deployments, StatefulSets and DaemonSets within a Kubernetes\ncluster and ensures that their Pods always have up to date configuration.\n\nBy monitoring mounted ConfigMaps and Secrets, Wave can trigger\na Rolling Update of the Deployment when the mounted configuration is changed.\n\n## Introduction\n\nNot all software is built equal. Some applications can automatically reload their\nconfiguration and continue running with the updated configuration, while others\nwill just continue running the old configuration until their process dies.\nWave is here to help those applications that do not support dynamic configuration\nreloading.\n\nWhen deploying applications to Kubernetes, it is common practice to deploy\nconfiguration using ConfigMaps and Secrets, mounted into the Pod either as\nenvironment variables or in files.\n\nWhen this configuration is updated, if the software consuming the configuration\nis not able to dynamically reload, it will continue running the old\nconfiguration until the Pod is killed, this leads to inconsistency between the\nsupposed desired state of the application and the running state of the\napplication.\n\nWave monitors Deployments and their underlying configuration and will trigger\nthe Kubernetes Deployment controller to update the application and bring up\nnew Pods whenever the underlying configuration is changed.\n\nThis means that, with Wave, whenever a ConfigMap or Secret is updated, all\nDeployments mounting the configuration will bring up new Pods on the cluster and\nremove the old Pods with the out-of-date configuration.\n\nWave gives application developers confidence that the deployed configuration,\nmatches the live configuration.\nIt allows developers to discover misconfiguration as it is deployed,\nrather than when the Pods happen to be re-cycled.\n\n## Compatibility\n\nWave uses the golang Kubernetes client library which only supports\nthe previous and the next Kubernetes version.\nHowever, since Wave only edits Deployments, Daemonsets and StatefulSet\nwe can support older Kubernetes verions as long as no fields were removed\nfrom those three objects.\nYou can find supported versions in the following table:\n\n| Wave Version | API Client | Maximum Supported Kubernetes Versions | E2E Tested Versions |\n|--------------|------------|---------------------------------------|---------------------|\n| 0.5          | 1.14       | 1.15                                  |                     |\n| 0.6 - 0.9    | 1.29       | 1.30                                  | 1.21, 1.30          |\n| 0.10         | 1.31       | 1.32                                  | 1.21, 1.31          |\n| 0.11         | 1.34       | 1.34                                  | 1.28, 1.34          |\n|              |            |                                       |                     |\n\n\n## Installation\n\nWave is released periodically.\n\nA list of changes can be seen in the [CHANGELOG](CHANGELOG.md).\n\n### Deploying to Kubernetes\n\nPublic docker images for releases since v0.4.0 are available on [Quay](https://quay.io/repository/wave-k8s/wave).\n\n#### Deploying with Helm\n\nHelm charts are available in this repository and hosted through Github Pages.\nTo deploy, add the repository to helm and install:\n\n```\n$ helm repo add wave-k8s https://wave-k8s.github.io/wave/\n$ helm install wave wave-k8s/wave\n```\n\nHelm will install a minimal setup.\nFor production setups we recommend the following values:\n\n```\n# run two replias for HA\nreplicas: 2\n\n# enable webhooks for faster updates\nwebhooks:\n  enabled: true\n\n# make sure that replicas do not restart at the same time\npdb:\n  enabled: true\n\n# schedule to multiple AZs\ntopologySpreadConstraints:\n  - maxSkew: 1\n    topologyKey: topology.kubernetes.io/zone\n    whenUnsatisfiable: DoNotSchedule\n    labelSelector:\n      matchLabels:\n        app: wave\n\n# set resources. adjust this to your setup\nresources:\n  requests:\n    memory: 256Mi\n    cpu: 25m\n  limits:\n    memory: 2Gi\n```\n\n#### Deploying with Kustomize\n\nWave is a [Kubebuilder](https://github.com/kubernetes-sigs/kubebuilder) based\nproject, as such we have auto-generated [Kustomize](https://github.com/kubernetes-sigs/kustomize)\nconfiguration as an example of how to install the controller in the\n[config](config) folder.\n\n```\nquay.io/wave-k8s/wave\n```\n\n#### RBAC\n\nIf you are using [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\nwithin your cluster, you must grant the service account used by your Wave\ninstance permission to read all Secrets, ConfigMaps and Deployments and\nthe ability to update Deployments within each namespace in the cluster.\n\nExample `ClusterRole` and `ClusterRoleBindings` are available in the\n[config/rbac](config/rbac) folder or as part of the helm chart.\n\n### Configuration\n\nThe following section details the various configuration options that Wave\nprovides at the controller level.\n\n#### Leader Election\n\nWave can be run in an active-standby HA configuration using Kubernetes leader\nelection.\nWhen leader election is enabled, each Pod will attempt to become leader and,\nwhichever is successful, will become the active or master controller.\nThe master will perform all of the reconciliation of Resources.\n\nThe standby Pods will sit and wait until the leader goes away and then one\nstandby will be promoted to master.\n\nTo enable leader election, set the following flags:\n\n```\n--leader-election=true\n--leader-election-id=\u003cname-of-leader-election-configmap\u003e\n--leader-election-namespace=\u003cnamespace-controller-runs-in\u003e\n```\n\n#### Sync period\n\nThe controller uses Kubernetes informers to cache resources and reduce load on\nthe Kubernetes API server. Every informer has a sync period, after which it will\nrefresh all resources within its cache. At this point, every item in the cache\nis queued for reconciliation by the controller.\n\nBy default, sync will happen every 10h.\nKubernetes will inform Wave about changes in any Deployment, DaemonSet,\nStatefulSet, Secret or ConfigMap in the meantime and Wave will trigger a\nreconciliation right away.\nIf you encounter any bugs you can reduce sync period by setting the following flag:\n\n```\n--sync-period=5m // Default value of 10h (10 hours)\n```\n\nThis will ensure that every resource will be reconciled at least every 5 minutes.\nPlease note that this will cause more load on your API and increase CPU load in\nthe Wave container.\nIt might also increase latency during the time of the sync.\nDo not set this unless you encounter bugs (and in that case please tell us).\n\n#### Limit Namespaces\n\nYou can limit Wave to only watch certain namespaces:\n\n```\n--namespaces=your-namespace,other-namespace\n```\n\n## Quick Start\n\nIf you haven't yet got Wave running on your cluster, see\n[Installation](#installation) for details on how to get it running.\n\nWave watches all Deployments within a cluster but only processes those that have\nthe annotation `wave.pusher.com/update-on-config-change: \"true\"` which allows\nindividual service owners to opt-in to the Wave controller.\n\nTherefore, to enable Wave for your Deployment, add the\n`wave.pusher.com/update-on-config-change` annotation to your Deployment as shown\nbelow:\n\n```\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  annotations:\n    wave.pusher.com/update-on-config-change: \"true\"\n...\n```\n\nOnce enabled, Wave will set the initial configuration hash as an annotation on\nthe Deployment's `PodTemplate`. You will be able to see this when reading\nyour Deployment:\n\n```\n$ kubectl get deployment foo\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: foo\n  namespace: default\n  annotations:\n    wave.pusher.com/update-on-config-change: \"true\"\nspec:\n  template:\n    metadata:\n      annotations:\n        wave.pusher.com/config-hash: \"\u003cSHA256_HASH\u003e\"\n...\n```\n\nFrom now on, when a mounted ConfigMap or Secret is updated, Wave will update\nthis `config-hash` annotation and cause a Rolling Update to occur.\n\n### Advanced Features\n\nIf your Pod is reading some ConfigMap or Secret using the API and you want it\nto be restarted on change you can tell Wave in an annotation:\n\n```\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  annotations:\n    wave.pusher.com/update-on-config-change: \"true\"\n    wave.pusher.com/extra-configmaps: \"some-namespace/my-configmap,configmap-in-same-namespace\"\n    wave.pusher.com/extra-secrets: \"some-namespace/my-secret,some-other-namespace/foo\"\n...\n```\n\nWave will watch those ConfigMap or Secret and behave just like if they were\nmounted.\n\n## Project Concepts\n\nThis section outlines some of the underlying concepts that enable this\ncontroller to work the way it does.\n\n### Enabling Wave for a Deployment\n\nWave acts as an opt-in controller on a per Deployment basis.\nBefore processing any Deployment, Wave checks for the presence of a \"Required\nannotation\". If the annotation is not present, Wave will ignore the Deployment.\n\nTherefore, to enable Wave for your Deployment, add the\n`wave.pusher.com/update-on-config-change` annotation to your Deployment as shown\nbelow:\n\n```\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  annotations:\n    wave.pusher.com/update-on-config-change: \"true\"\n...\n```\n\nWave will now start processing this Deployment.\n\n### Triggering Updates\n\nWave monitors the data stored in ConfigMaps and Secrets referenced within\na Deployment.\nBy calculating a SHA256 hash of the data in a reproducible manner,\nWave can determine when the data with the ConfigMaps and Secrets has changed.\n\nWave stores the calculated hash as an annotation on the `PodTemplate` within the\nDeployment's specification and will update the Deployment whenever the hash is\nchanged.\n\nModifying the `PodTemplate` in this way causes the Kubernetes Deployment\ncontroller to start a Rolling Update of the Deployment's Pods without changing\nany of the configuration of the containers or other controllers operation on the\nPods and Deployment.\n\n#### Configuring How Pods are Updated\n\nSince Wave triggers a Rolling Update you can configure how pods are replaced\nin [Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) field of your Deployment object.\nYou can choose between `RollingUpdate` (default) and `Recreate`.\n\n### Watching\n\nWave watches all ConfigMaps and Secrets that are referenced\nby a Deployment. This allows Wave to trigger a reconciliation whenever the\nConfigMaps or Secrets are modified.\n\n### Webhooks\n\nWave can update Deployments on creation/update using Mutating Webhooks.\nThis will prevent triggering restarts when adding the hash annotation initially.\nAdditionally, Wave will prevent scheduling of pods which lack any of their\nrequired Secrets or ConfigMaps to reduce stress on the cluster.\nPods will stay in state `Pending` instead of `ContainerCreating`.\nWhen required Secrets/ConfigMaps have been created Wave will restore the\nscheduler and add the config hash without requiring any restarts.\n\n## Communication\n\n- Found a bug? Please open an issue.\n- Have a feature request. Please open an issue.\n- If you want to contribute, please submit a pull request\n\n## Contributing\n\nPlease see our [Contributing](CONTRIBUTING.md) guidelines.\n\n## License\n\nThis project is licensed under Apache 2.0 and a copy of the license is available [here](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwave-k8s%2Fwave","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwave-k8s%2Fwave","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwave-k8s%2Fwave/lists"}