Have both auth and no-auth manifests

Signed-off-by: May Zhang <may_zhang@intuit.com>

hack/update-manifests.sh

@@ -31,21 +31,40 @@ fi
 $KUSTOMIZE version
 which $KUSTOMIZE
 
-cd ${SRCROOT}/manifests/base && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
-cd ${SRCROOT}/manifests/ha/base && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
-cd ${SRCROOT}/manifests/core-install && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+cd ${SRCROOT}/manifests/base/auth && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+cd ${SRCROOT}/manifests/base/noauth && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+
+cd ${SRCROOT}/manifests/ha/base/auth && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+cd ${SRCROOT}/manifests/ha/base/noauth && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+
+cd ${SRCROOT}/manifests/core-install/base && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
 
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/install.yaml"
-$KUSTOMIZE build "${SRCROOT}/manifests/cluster-install" >> "${SRCROOT}/manifests/install.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/cluster-install/auth" >> "${SRCROOT}/manifests/install.yaml"
+
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/install-noauth.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/cluster-install/noauth" >> "${SRCROOT}/manifests/install-noauth.yaml"
 
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/namespace-install.yaml"
-$KUSTOMIZE build "${SRCROOT}/manifests/namespace-install" >> "${SRCROOT}/manifests/namespace-install.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/namespace-install/auth" >> "${SRCROOT}/manifests/namespace-install.yaml"
 
-echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/install.yaml"
-$KUSTOMIZE build "${SRCROOT}/manifests/ha/cluster-install" >> "${SRCROOT}/manifests/ha/install.yaml"
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/namespace-install-noauth.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/namespace-install/noauth" >> "${SRCROOT}/manifests/namespace-install-noauth.yaml"
 
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/install.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/ha/cluster-install/auth" >> "${SRCROOT}/manifests/ha/install.yaml"
+#
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/install-noauth.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/ha/cluster-install/noauth" >> "${SRCROOT}/manifests/ha/install-noauth.yaml"
+#
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/namespace-install.yaml"
-$KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install" >> "${SRCROOT}/manifests/ha/namespace-install.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install/auth" >> "${SRCROOT}/manifests/ha/namespace-install.yaml"
+#
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/ha/namespace-install-noauth.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install/noauth" >> "${SRCROOT}/manifests/ha/namespace-install-noauth.yaml"
 
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/core-install.yaml"
-$KUSTOMIZE build "${SRCROOT}/manifests/core-install" >> "${SRCROOT}/manifests/core-install.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/core-install/auth" >> "${SRCROOT}/manifests/core-install.yaml"
+
+echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/core-install-noauth.yaml"
+$KUSTOMIZE build "${SRCROOT}/manifests/core-install/noauth" >> "${SRCROOT}/manifests/core-install-noauth.yaml"

manifests/base/auth/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+images:
+- name: quay.io/argoproj/argocd
+  newName: quay.io/argoproj/argocd
+  newTag: latest
+resources:
+- ../application-controller
+- ../dex
+- ../repo-server
+- ../server
+- ../config
+- ../redis/auth
+- ../notification
+- ../applicationset-controller

manifests/base/noauth/kustomization.yaml

@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+images:
+- name: quay.io/argoproj/argocd
+  newName: quay.io/argoproj/argocd
+  newTag: latest
+resources:
+- ../application-controller
+- ../dex
+- ../repo-server
+- ../server
+- ../config
+- ../redis/noauth
+- ../notification
+- ../applicationset-controller

manifests/base/redis/auth/argocd-redis-deployment.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-redis
+spec:
+  template:
+    spec:
+      containers:
+        - args:
+            - --save
+            - ""
+            - --appendonly
+            - "no"
+            - --requirepass $(REDIS_PASSWORD)
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: auth
+                  name: argocd-redis
+          name: redis
+      initContainers:
+        - command:
+            - argocd
+            - admin
+            - redis-initial-password
+          image: quay.io/argoproj/argocd:latest
+          imagePullPolicy: IfNotPresent
+          name: secret-init
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault

manifests/base/redis/auth/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../noauth
+- argocd-redis-role.yaml
+- argocd-redis-rolebinding.yaml
+
+patchesStrategicMerge:
+- argocd-redis-deployment.yaml

manifests/base/redis/argocd-redis-deployment.yaml → manifests/base/redis/noauth/argocd-redis-deployment.yaml

@@ -15,23 +15,6 @@ spec:
       labels:
         app.kubernetes.io/name: argocd-redis
     spec:
-      initContainers:
-        - command:
-            - argocd
-            - admin
-            - redis-initial-password
-          image: quay.io/argoproj/argocd:latest
-          imagePullPolicy: IfNotPresent
-          name: secret-init
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            seccompProfile:
-              type: RuntimeDefault
       securityContext:
         runAsNonRoot: true
         runAsUser: 999
@@ -47,13 +30,6 @@ spec:
         - ""
         - "--appendonly"
         - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                key: auth
-                name: argocd-redis
         ports:
         - containerPort: 6379
         securityContext:

manifests/base/redis/kustomization.yaml → manifests/base/redis/noauth/kustomization.yaml

@@ -6,5 +6,3 @@ resources:
 - argocd-redis-sa.yaml
 - argocd-redis-service.yaml
 - argocd-redis-network-policy.yaml
-- argocd-redis-role.yaml
-- argocd-redis-rolebinding.yaml

manifests/ha/cluster-install/kustomization.yaml → manifests/cluster-install/auth/kustomization.yaml

@@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- ../namespace-install
+- ../../namespace-install/auth
 - ../../cluster-rbac
-- ../../crds
+- ../../crds

manifests/cluster-install/noauth/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../namespace-install/noauth
+- ../../cluster-rbac
+- ../../crds