All Products
Search

This Product

    Container Service for Kubernetes:Introduction to sample applications deployed based on ACK One GitOps

    Document Center

    Container Service for Kubernetes:Introduction to sample applications deployed based on ACK One GitOps

    Last Updated:Jul 25, 2025

    This topic introduces sample applications deployed based on ACK One GitOps.

    Deployment repository directory tree

    A complete CI/CD pipeline primarily involves two types of repositories: business code repositories and application deployment code repositories. Because the configuration of code repositories requires modification, you need to fork the following code repositories to your own account.

    • Business code repositories: echo-server project and echo-web-server project.

    • Application deployment code repository: used to store the YAML files of applications that you need to deploy to clusters. For more information, see Alibaba Cloud GitOps Demo project (example branch). The main directory structure is shown below. This best practice covers examples for the complete development process including Dev, Staging, and Production environments, with both Helm and Kustomize methods. You can use one of these methods for deployment based on your actual needs.

      manifests
├── helm
│   ├── echo-server
│   │   ├── .argocd-source-app-helm-dev.yaml
│   │   ├── .argocd-source-app-helm-production.yaml
│   │   ├── .argocd-source-app-helm-staging.yaml
│   │   ├── Chart.yaml
│   │   ├── templates
│   │   │   ├── NOTES.txt
│   │   │   ├── _helpers.tpl
│   │   │   ├── deployment-echo-server.yaml
│   │   │   ├── deployment-echo-web-server.yaml
│   │   │   ├── external-secret.yaml
│   │   │   ├── hpa.yaml
│   │   │   ├── ingress.yaml
│   │   │   ├── rollout.yaml
│   │   │   ├── service-echo-server.yaml
│   │   │   ├── service-echo-web-server.yaml
│   │   │   ├── serviceaccount.yaml
│   │   │   └── tests
│   │   │       └── test-connection.yaml
│   │   ├── values-dev.yaml
│   │   ├── values-production.yaml
│   │   ├── values-staging.yaml
│   │   └── values.yaml
│   └── web-demo
│       ├── Chart.yaml
│       ├── templates
│       │   ├── deployment.yaml
│       │   └── service.yaml
│       └── values.yaml
└── kustomize
    ├── base
    │   ├── deployment.yaml
    │   ├── kustomization.yaml
    │   └── service.yaml
    └── overlay
        ├── dev
        │   ├── .argocd-source-app-kust-dev.yaml
        │   ├── deployment.yaml
        │   └── kustomization.yaml
        ├── production
        │   ├── .argocd-source-app-kust-production.yaml
        │   ├── deployment.yaml
        │   └── kustomization.yaml
        └── staging
            ├── .argocd-source-app-kust-staging.yaml
            ├── deployment.yaml
            └── kustomization.yaml

      The echo-server project managed by Helm in this deployment repository directory structure includes capabilities for multiple environments or clusters, multiple Deployments, multi-cluster Secret management, and Rollout.

    Multiple environments or multi-cluster deployment

    The following section describes the configurations of applications managed by Helm and Kustomize.

    • Applications managed by Helm

      You can use different values.yaml files to deploy applications with different configurations, such as the values-dev.yaml, values-staging.yaml, and values-production.yaml files in the preceding directory structure.

      • If you want to disable Rollout for the Dev environment and enable Rollout for the Staging and Production environments, you can configure different settings in the corresponding values.yaml files.

      • Please modify the image repository information in the values-****.yaml files to the Container Registry Enterprise Edition instance (ACR EE) that you actually use. In this best practice, the ACR EE instance name is demo-test and the namespace is cidemo. Configure as needed.acr-ee.png

    • Applications managed by Kustomize

      Because these applications need to modify resources based on the base+overlay approach, you can use different directories in overlay to implement different configurations for different environments.

    After an application image is updated, Image Updater automatically updates the latest image information to the .argocd-source-app-helm-xxx.yaml and .argocd-source-app-kust-xxx.yaml files in the Git repository, as shown in the following figure. For more information about application configurations, see Use ACK One GitOps and Container Registry to build CI/CD pipelines.

    3.png

    Differentiated distribution of sensitive information across multiple clusters

    If you want to deploy an application that uses different configurations in different clusters and need to use sensitive information such as database usernames and passwords, you can use Secrets Manager to encrypt the credentials after the multi-cluster differentiated deployment described above. Then, you can import the credentials to Key Management Service (KMS) from each cluster. For more information about Secrets Manager, see Getting started with secrets.

    To use this capability, you need to add the corresponding YAML file (external-secret.yaml) to the application deployment repository. During application deployment, this file creates an ExternalSecret to retrieve service credentials from KMS, and mounts the corresponding Secret in deployment-echo-server.yaml.

    In this best practice, you need to configure different information in the values-****.yaml files for different environments. For example, you can disable the secretManager capability in the Dev environment. Modify as needed.

    Canary releases

    In the Staging and Production environments, you typically need to use the Rollout capability to implement rolling deployments. Therefore, you need to add the corresponding YAML file to the application deployment repository to deploy Rollout resources that trigger canary releases and rolling updates, which is the rollout.yaml file in the directory structure. For more information about canary releases, see Use ACK One Gitops and Argo Rollouts to perform canary releases and Use Kruise Rollout to perform canary releases and A/B testing.

    Applications corresponding to different environments

    The following content shows YAML examples for deploying Applications in different environments (Dev, Staging, Production) using both Helm and Kustomize methods. Modify the argocd-image-updater.argoproj.io/image-list and repoURL configurations as needed.

    Helm

    The following code blocks show the Applications corresponding to different environments below the Helm directory in the preceding directory tree.

    • Dev environment

      View the Application corresponding to the Dev environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-helm-dev
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
    argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
    argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
    argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
    argocd-image-updater.argoproj.io/webserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
spec:
  destination:
    namespace: app-helm-dev
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/helm/echo-server
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    helm:
      valueFiles:
        - values-dev.yaml
  sources: []
  project: default
  syncPolicy:
    automated: {}
    syncOptions:
      - CreateNamespace=true

    • Staging environment

      View the Application corresponding to the Staging environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-helm-staging
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
    argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
    argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
    argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
    argocd-image-updater.argoproj.io/webserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
spec:
  destination:
    namespace: app-staging
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/helm/echo-server
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    helm:
      valueFiles:
        - values-staging.yaml
  sources: []
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

    • Production environment

      View the Application corresponding to the Production environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: app-helm-production
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
    argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
    argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
    argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
    argocd-image-updater.argoproj.io/webserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
spec:
  destination:
    namespace: app-production
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/helm/echo-server
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    helm:
      valueFiles:
        - values-production.yaml
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

    Kustomize

    The following code blocks show the Applications corresponding to different environments below the Kustomize directory in the preceding directory tree.

    • Dev environment

      View the Application corresponding to the Dev environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
    argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
  name: app-kust-dev
spec:
  destination:
    namespace: app-kust-dev
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/kustomize/overlay/dev
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    kustomize:
      images: []
  project: default
  syncPolicy:
    automated: {}
    syncOptions:
      - CreateNamespace=true

    • Staging environment

      View the Application corresponding to the Staging environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
    argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
  name: app-kust-staging
spec:
  destination:
    namespace: app-staging-kust
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/kustomize/overlay/staging
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    kustomize:
      images: []
  sources: []
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

    • Production environment

      View the Application corresponding to the Production environment

      apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
    argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
    argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
    argocd-image-updater.argoproj.io/write-back-method: git
  name: app-kust-production
spec:
  destination:
    namespace: app-production-kust
    # https://XX.XX.XX.XX:6443
    server: ${url}
  source:
    path: manifests/kustomize/overlay/production
    repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
    targetRevision: stable-example
    kustomize:
      images: []
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true

    References