Container Service for Kubernetes:Introduction to sample applications deployed based on ACK One GitOps

Deployment repository directory tree

A Continuous Integration and Continuous Delivery (CI/CD) pipeline usually includes a business code repository and a Deployment repository. The ACK One GitOps best practice uses the following repositories.

• Two business code repositories, which are forked from the echo-server and echo-web-server projects.

• The Deployment repository is used to store the YAML files of the application to be deployed in your clusters. This best practice covers the Dev, Staging, and Production environments, and allows you to use Helm or Kustomize to manage applications on demand. For more information, see Alibaba Cloud GitOps Demo. The following code block shows the directory tree of the Deployment repository in this best practice.

  manifests
  ├── helm
  │   ├── echo-server
  │   │   ├── .argocd-source-app-helm-dev.yaml
  │   │   ├── .argocd-source-app-helm-production.yaml
  │   │   ├── .argocd-source-app-helm-staging.yaml
  │   │   ├── Chart.yaml
  │   │   ├── templates
  │   │   │   ├── NOTES.txt
  │   │   │   ├── _helpers.tpl
  │   │   │   ├── deployment-echo-server.yaml
  │   │   │   ├── deployment-echo-web-server.yaml
  │   │   │   ├── external-secret.yaml
  │   │   │   ├── hpa.yaml
  │   │   │   ├── ingress.yaml
  │   │   │   ├── rollout.yaml
  │   │   │   ├── service-echo-server.yaml
  │   │   │   ├── service-echo-web-server.yaml
  │   │   │   ├── serviceaccount.yaml
  │   │   │   └── tests
  │   │   │       └── test-connection.yaml
  │   │   ├── values-dev.yaml
  │   │   ├── values-production.yaml
  │   │   ├── values-staging.yaml
  │   │   └── values.yaml
  │   └── web-demo
  │       ├── Chart.yaml
  │       ├── templates
  │       │   ├── deployment.yaml
  │       │   └── service.yaml
  │       └── values.yaml
  └── kustomize
      ├── base
      │   ├── deployment.yaml
      │   ├── kustomization.yaml
      │   └── service.yaml
      └── overlay
          ├── dev
          │   ├── .argocd-source-app-kust-dev.yaml
          │   ├── deployment.yaml
          │   └── kustomization.yaml
          ├── production
          │   ├── .argocd-source-app-kust-production.yaml
          │   ├── deployment.yaml
          │   └── kustomization.yaml
          └── staging
              ├── .argocd-source-app-kust-staging.yaml
              ├── deployment.yaml
              └── kustomization.yaml

  The echo-server project below Helm in the directory tree of the Deployment repository includes multiple environments or clusters, multiple Deployments, multi-cluster Secret management, and Rollout.

Multiple environments or multi-cluster deployment

The configurations vary based on the actual environment. The following section describes the configurations of applications managed by Helm and Kustomize.

• Applications managed by Helm

  You can use different values.yaml files to deploy applications that use different configurations, such as the values-dev.yaml, values-staging.yaml, and values-production.yaml files in the preceding directory tree.

  • If you want to disable Rollout for the Dev environment and enable Rollout for the Staging and Production environments, you can add the settings to the corresponding values.yaml file.

  • The image repository in the values-****.yaml file must be the Container Registry Enterprise Edition instance that you use. In this best practice, the instance name is demo-test.

• Applications managed by Kustomize

  The resources of applications managed by Kustomize are modified by using base and overlay. To deploy different application configurations in different environments, you can create different directories in overlay.

The .argocd-source-app-helm-xxx.yaml and .argocd-source-app-kust-xxx.yaml files in the directory tree store the application image information synchronized by Image Updater after the application image is updated. The following figure shows the content. For more information about application configurations, see Use ACK One GitOps and Container Registry to build CI/CD pipelines.

Deploy an application that uses different credentials in different clusters

If you want to deploy an application that uses different credentials (such as database usernames and passwords) in different clusters, you can use Secrets Manager to encrypt the credentials. Then, you can use ack-secret-manager or csi-secrets-store-provider-alibabacloud to import the credentials to Key Management Service (KMS) from the clusters where the application is deployed. For more information about Secrets Manager, see Getting started with secrets.

To do this, you need to add the external-secret.yaml file to the corresponding Deployment repository. The file creates an ExternalSecret to pull credentials from KMS during application deployment. You also need to mount the Secret to deployment-echo-server.yaml.

You need to add different configurations to the values.yaml files in different environments. For example, you need to disable secretManager in the Dev environment.

Canary releases

Typically, you need to use the Rollout feature to perform rolling updates in the Staging and Production environments. Therefore, you need to add the rollout.yaml file to the Deployment repository to deploy a rollout in order to trigger canary releases and rolling updates. For more information about canary releases, see Use ACK One Gitops and Argo Rollouts to perform canary releases and Use Kruise Rollout to perform canary releases and A/B testing.

Applications corresponding to different environments

Helm

The following code blocks show the Applications corresponding to different environments below the Helm directory in the preceding directory tree.

• Dev environment

  View the Application corresponding to the Dev environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    name: app-helm-dev
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
      argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
      argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
      argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
      argocd-image-updater.argoproj.io/webserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
  spec:
    destination:
      namespace: app-helm-dev
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/helm/echo-server
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      helm:
        valueFiles:
          - values-dev.yaml
    sources: []
    project: default
    syncPolicy:
      automated: {}
      syncOptions:
        - CreateNamespace=true

• Staging environment

  View the Application corresponding to the Staging environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    name: app-helm-staging
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
      argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
      argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
      argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
      argocd-image-updater.argoproj.io/webserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
  spec:
    destination:
      namespace: app-staging
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/helm/echo-server
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      helm:
        valueFiles:
          - values-staging.yaml
    sources: []
    project: default
    syncPolicy:
      syncOptions:
        - CreateNamespace=true

• Production environment

  View the Application corresponding to the Production environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    name: app-helm-production
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server,webserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-web-server
      argocd-image-updater.argoproj.io/echoserver.helm.image-name: image.echoServer.repository
      argocd-image-updater.argoproj.io/echoserver.helm.image-tag: image.echoServer.tag
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/webserver.helm.image-name: image.echoWebServer.repository
      argocd-image-updater.argoproj.io/webserver.helm.image-tag: image.echoWebServer.tag
      argocd-image-updater.argoproj.io/webserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
  spec:
    destination:
      namespace: app-production
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/helm/echo-server
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      helm:
        valueFiles:
          - values-production.yaml
    project: default
    syncPolicy:
      syncOptions:
        - CreateNamespace=true

Kustomize

The following code blocks show the Applications corresponding to different environments below the Kustomize directory in the preceding directory tree.

• Dev environment

  View the Application corresponding to the Dev environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
      argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
    name: app-kust-dev
  spec:
    destination:
      namespace: app-kust-dev
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/kustomize/overlay/dev
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      kustomize:
        images: []
    project: default
    syncPolicy:
      automated: {}
      syncOptions:
        - CreateNamespace=true

• Staging environment

  View the Application corresponding to the Staging environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
      argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
    name: app-kust-staging
  spec:
    destination:
      namespace: app-staging-kust
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/kustomize/overlay/staging
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      kustomize:
        images: []
    sources: []
    project: default
    syncPolicy:
      syncOptions:
        - CreateNamespace=true

• Production environment

  View the Application corresponding to the Production environment

  apiVersion: argoproj.io/v1alpha1
  kind: Application
  metadata:
    annotations:
      argocd-image-updater.argoproj.io/image-list: echoserver=demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server:v1.0
      argocd-image-updater.argoproj.io/echoserver.kustomize.image-name: demo-test-registry.cn-hangzhou.cr.aliyuncs.com/cidemo/echo-server
      argocd-image-updater.argoproj.io/echoserver.update-strategy: latest
      argocd-image-updater.argoproj.io/write-back-method: git
    name: app-kust-production
  spec:
    destination:
      namespace: app-production-kust
      # https://XX.XX.XX.XX:6443
      server: ${url}
    source:
      path: manifests/kustomize/overlay/production
      repoURL: 'git@github.com:ivan-cai/gitops-demo.git'
      targetRevision: stable-example
      kustomize:
        images: []
    project: default
    syncPolicy:
      syncOptions:
        - CreateNamespace=true

References

• Use an ACK One workflow cluster to build an image CI pipeline

• Best practice for ACK One GitOps

• Use ACK One GitOps and Container Registry to build CI/CD pipelines

• Use ACK One Gitops and Argo Rollouts to perform canary releases

• Use Kruise Rollout to implement canary releases based on ACK One GitOps

• Configure multi-tenant access control for ACK One GitOps

• Use ACK One GitOps to deploy Container Registry Enterprise Edition OCI Helm charts