Platform Engineering
You need guaranteed compatibility on every Kubernetes upgrade, a stable image channel you can pin, and someone to call when an edge case surfaces at scale.
Running Reloader across 10+ clusters
stakater / reloader · Enterprise
Reloader, production-hardened
and fully supported
The same controller your team already runs — with a CVE-signed image, SLA-backed support, and the team that built it on call.
Still growing — live across the ecosystem
24B+
Docker pulls
9.9k+
GitHub stars
7+
Years in production
Drop-in
Replacement
The compliance moment
OSS is great — until compliance asks questions
Reloader OSS is battle-tested and running in thousands of clusters. But inside a regulated environment, the conversation shifts from "does it work?" to "can you prove it?" These are the questions OSS alone can't answer.
- Is this image CVE-clean — and who is responsible if it isn't?
- Can we pass a SOC 2 audit with an unverified container image?
- What happens when we hit a production edge case at 2am?
- Who do we escalate to when something breaks during a rotation?
OSS vs Enterprise
Same binary. A delivery chain you can prove.
Enterprise is a drop-in replacement — same codebase, hardened delivery pipeline.
| Capability | OSS | Enterprise |
|---|---|---|
| Full Reloader functionality | ||
| Community support (GitHub Issues) | ||
| CVE-scanned, signed container image | ||
| SBOM & artifact provenance | ||
| SLA-backed support with response times | ||
| Dedicated escalation channel | ||
| Security advisory notifications | ||
| Upgrade guidance & compatibility checks | ||
| Compliance-ready artifact chain (SOC 2 / ISO 27001) |
Getting started
Three steps. Zero migration effort.
The image registry reference changes. Everything else — annotations, flags, behaviour — stays identical.
01 / Step
Subscribe
Choose a support tier based on your cluster footprint and compliance requirements. No per-node pricing surprises.
02 / Step
Pull the certified image
Point your Helm values at the Enterprise registry. Same binary, hardened delivery chain. No manifest changes required.
# Before
image: stakater/reloader:latest
# After
image: enterprise.stakater.com/reloader:v1.x
03 / Step
Get support
Direct access to the Stakater engineering team — not a ticket queue, a dedicated channel with the people who wrote the code.
Who it's for
Built for teams who run Kubernetes seriously
The teams that reach for Enterprise are past "does it work?" — they're answering to upgrades, auditors, and on-call.
Security & Compliance
Your auditor wants verified image provenance, SBOMs, and a documented CVE response process. The OSS image alone doesn't give you that paper trail.
Prepping for a SOC 2 or ISO 27001 audit
SREs at Scale
Reloader sits in the critical path for config and secret rotation. When something breaks during a cert rotation at 2am, you need a human on the other end, not a GitHub issue.
Can't afford an unpatched controller incident
Trusted by the ecosystem
When a community member proposed adding Reloader to Kubernetes core, Tim Hockin — one of Kubernetes' original creators — defended it as the established ecosystem standard, arguing against adding it to core precisely because the project already serves the need well.
discuss.kubernetes.io · December 2024 — Tim Hockin, Google Distinguished Engineer & Kubernetes co-creator
The cert-manager + Reloader combo is gold. Renewed certs, live and hassle-free.
SRE · via Cloud Native Now, 2025
The Secrets Store CSI Driver docs recommend Reloader by name for restarting pods after secret rotation.
secrets-store-csi-driver.sigs.k8s.io
Reloader is part of KodeKloud's official Kubernetes Troubleshooting curriculum — used by 100K+ engineers.
notes.kodekloud.com
Ecosystem
Works with everything already in your stack
Reloader is a drop-in component, not a new platform to adopt. It slots into the GitOps, deployment, secrets, and config tooling you already run.
GitOps
03 integrations
- ArgoCD
- Annotations strategy avoids triggering unwanted sync diffs during config reloads
- Flux
- Works alongside Flux reconciliation without introducing config drift
- Kustomize
- Annotation-based control works cleanly with Kustomize overlays and patches
Deployment
01 integration
- Argo Rollouts
- Full support for progressive delivery rollout types alongside standard workloads
Secrets
07 integrations
- External Secrets Operator
- Restart workloads automatically when ESO syncs a new secret value from any backend
- HashiCorp Vault
- Uniform restart mechanism across Vault Secrets Operator, CSI, and direct patterns
- OpenBao
- Open-source Vault fork — same Reloader integration path via ESO or CSI driver
- Conjur
- Works with CyberArk Conjur secrets surfaced via Kubernetes Secrets or ESO
- AWS Secrets Manager
- Full rotation-to-restart pipeline via Secrets Store CSI or External Secrets Operator
- Azure Key Vault
- Workload restarts triggered on AKV secret updates via CSI driver or ESO
- Google Secret Manager
- Integrates via External Secrets Operator to restart pods on GCP secret rotation
Config
01 integration
- cert-manager
- Automatically reloads workloads when TLS certificates are renewed in-cluster
FAQ
Common questions
01 Is it a different binary from OSS Reloader?
No. It is the same codebase and the same binary. The difference is the image delivery pipeline — Enterprise images are built in a hardened environment, scanned for CVEs, signed with cosign, and shipped with a full SBOM.
02 Do we need to change our Helm configuration?
Minimal changes only — you update the image registry reference to point to the Enterprise registry. All existing annotations and flags remain identical. Migration typically takes under 10 minutes.
03 What compliance frameworks does it support?
The image and artifact chain supports SOC 2 Type II, ISO 27001, and FedRAMP-aligned environments. We provide the provenance documentation required by most enterprise security audits.
04 How is support delivered?
Via a dedicated Slack channel with the Stakater engineering team, with SLA-defined response times based on your tier. For critical production issues, we have an escalation path to the engineers who wrote the code.
05 How is Enterprise priced?
Pricing is based on cluster footprint and support tier. There is no per-node or per-pod pricing. Contact sales@stakater.com for a quote based on your environment.
06 Can we stay on OSS and just buy support?
Yes — support-only tiers are available for teams that need the SLA and escalation path but have already addressed image verification through their own pipeline. Ask about this option in the sales conversation.
Reloader Enterprise
Run Reloader with confidence — and a number to call.
24 billion downloads means it works. Enterprise means someone is accountable when it matters most.