[BUG] Ignore configmaps results in permission errors

[hugoboos]

Describe the bug
Using the Helm chart to deploy Reloader and setting reloader.ignoreConfigMaps: true results in error logs. See the context for the output.

To Reproduce
Deploy the Helm chart with version 2.2.7 and the following values:

ignoreConfigMaps: true
ignoreJobs: true
ignoreCronJobs: true
reloadStrategy: annotations
namespaceSelector: kustomize.toolkit.fluxcd.io/name in (organizations, tenants)
readOnlyRootFileSystem: true
deployment:
  labels: null
  containerSecurityContext:
    capabilities:
      drop:
        - ALL
    allowPrivilegeEscalation: false

Expected behavior
Not seeing errors in the logs.

Screenshots
N.A.

Environment

• Helm chart version: 2.2.7
• Kubernetes/OpenShift version: 1.34.0

Additional context

# Arguments
--log-level=info --resources-to-ignore=configMaps --ignored-workload-types=jobs,cronjobs --namespace-selector="kustomize.toolkit.fluxcd.io/name in (organizations, tenants)" --reload-strategy=annotations

time="2025-12-16T08:35:09Z" level=info msg="Environment: Kubernetes"
time="2025-12-16T08:35:09Z" level=info msg="Starting Reloader"
time="2025-12-16T08:35:09Z" level=warning msg="KUBERNETES_NAMESPACE is unset, will detect changes in all namespaces."
time="2025-12-16T08:35:09Z" level=warning msg="namespace-selector is set, will only detect changes in namespaces with these labels: kustomize.toolkit.fluxcd.io/name in (organizations, tenants)."
time="2025-12-16T08:35:09Z" level=info msg="created controller for: secrets"
time="2025-12-16T08:35:09Z" level=info msg="Starting Controller to watch resource type: secrets"
time="2025-12-16T08:35:09Z" level=info msg="created controller for: namespaces"
time="2025-12-16T08:35:09Z" level=info msg="Starting Controller to watch resource type: namespaces"
time="2025-12-16T08:35:09Z" level=info msg="created controller for: configmaps"
time="2025-12-16T08:35:09Z" level=info msg="Starting Controller to watch resource type: configmaps"
W1216 08:35:09.906018       1 reflector.go:569] pkg/mod/k8s.io/client-go@v0.32.3/tools/cache/reflector.go:251: failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:fds-system:stakater-reloader" cannot list resource "configmaps" in API group "" at the cluster scope
E1216 08:35:09.906110       1 reflector.go:166] "Unhandled Error" err="pkg/mod/k8s.io/client-go@v0.32.3/tools/cache/reflector.go:251: Failed to watch *v1.ConfigMap: failed to list *v1.ConfigMap: configmaps is forbidden: User \"system:serviceaccount:fds-system:stakater-reloader\" cannot list resource \"configmaps\" in API group \"\" at the cluster scope" logger="UnhandledError"

Found the bug

In reloader.go the resource is checked if it is ignored:

Reloader/internal/pkg/cmd/reloader.go

Line 163 in a5d1012

if ignoredResourcesList.Contains(k) || (len(namespaceLabelSelector) == 0 && k == "namespaces") {

The ResourceMap contains configmap with a lower case m so never ignoring that resource:

Reloader/pkg/kube/resourcemapper.go

Line 10 in a5d1012

"configmaps": &v1.ConfigMap{},

So configMap (cli argument) <> configmap (ResourceMap).