Practice of fully automated GitOps delivery based on ACK One and ACR

Background Information

You can use any third-party CI system to complete the following CI processes:
When the CI process successfully pushes the application image to the ACR image warehouse, it can automatically trigger the running of the CD process and update the application container image. The example in this article mainly demonstrates that ACK One GitOps automatically monitors the changes in the ACR mirror warehouse. If there is an update of the container mirror tags that meet the filtering conditions, the following process will be triggered:

usage restrictions

• Applies only to applications created through the ACK One GitOps system.
• Applicable only to application orchestration hosted in the Git system through Kustomize or Helm orchestration rendering.
• Only valid for applications whose synchronization policy is set to auto-sync.
• The private image pulling credentials must be deployed in the same cluster as the GitOps system, and cross-cluster reading of private image pulling credentials is not supported.


• ACK One multi-cluster management instance has been created, refer to
• The GitOps function has been enabled in the ACK One multi-cluster management instance, refer to:

quick start

Since this example involves writing application changes back to the Git repository, you first need to fork the above Git repository to your own account. For example, this demonstration will use the warehouse address of fork:

The directory structure of the gitops-demo application is:

In the values.yaml file, the image tag used by the application lock is dynamically rendered through image.tag:

Step 1 Create an application in the GitOps system

To connect and access the GitOps system, please refer to
Git source repository added, please refer to
Application creation reference:
In this example, the UI page is used for demonstration, and the application gitops-demo is created. For details of the parameters, see the following figure 2:
Check the running status of the application:

Step 2 Configure application automatic update

When you push a new version of the application mirror to the ACR mirror warehouse, you hope that the GitOps system can automatically detect the new version of the mirror and automatically update it to the actual environment. Before configuring automatic app updates, you need to know the following:

• In the GitOps system, the function of triggering the automatic update of the application based on the change of the ACR mirror warehouse is responsible for the argocd-image-updater component. This component is currently in the alpha stage. It is recommended to use it only in the development and testing environment. If you want to use it in the production environment, please You evaluate carefully and at your own risk.
• The application created by the GitOps system will generate an Application CR under the argocd namespace, and we will configure the automatic update of the application by adding annotations to the Application CR.
• The GitOps system requires you to manually configure the login username and password of the ACR mirror warehouse to monitor changes in the mirror warehouse.

(1) View the Application CR of the gitops-demo application
(2) Add annotations for gitops-demo
(3) Configure credentials for accessing ACR and Git warehouses

Step 3 Test the automatic update of the application

(1) Push the new image tag to the ACR image warehouse
(2) Execute the following command to view the logs of the argocd-image-updater container in the argocd namespace.
(3) Check whether the manifests/helm/.argocd-source-gitops-demo.yaml file is automatically generated in the Git repository on GitHub (indicating that writing back to Git is successful).

Configure automatic update of the application image

1. Configure and update the specified container image

You can mark one or more container images to be automatically updated for the application created in the GitOps system by setting Annotation.
2. Conditional filtering of mirror tags
3. Set container image update strategy
There are several update policies for container images as follows. The default image update policy is semver.
4. Application parameter settings orchestrated by Helm/Kustomize
• Application parameter settings orchestrated by Helm
• Application parameter settings orchestrated by Kustomize

Configure credentials for accessing the ACR mirror repository

You need to configure the following access credentials to automatically monitor changes in the ACR mirror repository and update the application through the GitOps system. The configuration related to the ACR mirror warehouse is saved in the ConfigMap named argocd-image-updater-config under the argocd namespace.

The query prefix of the container mirror warehouse, which is automatically generated according to the dynamic rendering of the current region when GitOps is installed.
If you are using the ACREE mirror repository, please replace the values of the corresponding api_url and prefix fields.
According to the credentials: secret:argocd/acr#acr configuration, we need to create a secret named acr under the argocd namespace to save the credentials for accessing the ACR mirror warehouse:

Configure credentials for accessing Git repositories

If you configured a username and password when adding a Git Repository to the GitOps system, the application using the Git Repository has the permission to write back the application container image change information to the Git system by default. You can use the Git credentials by adding the following Annotations configuration.

Related Articles

Explore More Special Offers

  1. Short Message Service(SMS) & Mail Service

    50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00

phone Contact Us