This repo represents the typical objects under control of a central platform team for organizations using Argo CD and Kargo on the Akuity Platform.
Use SSO sign-in. If you don't have access, bug @eddiewebb
This repo contains 3 layers of IaC
- AWS Infrastructure via Terraform
- K8s Platform Config via Terraform
- Application Layer Config via Argo CD
To make any AWS or EKS level changes you will need access to the AWS Account and roles as described in Infra Demo - AWS Readme
Because this demo environment is fully defined as IaC, you can open pull requests on this repo or the infra repo to add or change demos.
.
├── bootstrap/ # ApplicationSets that bootstrap all ArgoCD and Kargo apps
├── apps/ # One directory per demo app
│ └── <app-name>/
│ ├── argocd/ # AppProject + ApplicationSet for this app
│ ├── kargo/ # Kargo Project, Warehouse, Stages, and Tasks
│ └── ... # App-specific manifests (base, stages, chart, etc.)
├── kargo-shared/ # Shared Kargo platform resources (CustomPromotionSteps, etc.)
├── components/ # Cluster add-ons (Argo Rollouts, Prometheus, ESO, cert-manager)
├── secrets/ # ExternalSecret and SecretStore resources (backed by AWS Secrets Manager)
└── templated-teams/ # Helm-templated "golden path" projects for app teams
bootstrap/ contains two ApplicationSets managed by the top-level app-of-apps ArgoCD Application (defined in sedemo-infra-iac):
argocd-apps.yaml— discoversapps/*/argocd/and creates one ArgoCD Application per app usingproject: default(avoids chicken-and-egg with AppProjects living inside the synced path)kargo-apps.yaml— discoversapps/*/kargo/and creates one ArgoCD Application per app targeting thekargocluster
Each app under apps/ is self-contained:
argocd/holds theAppProjectand anApplicationSet(or individualApplicationmanifests) for that app's stageskargo/holds all Kargo resources:Project,Warehouse,Stage,PromotionTask, etc.- Additional directories (e.g.
base/,stages/,chart/) hold the actual Kubernetes manifests promoted by Kargo
Cluster add-ons installed via ArgoCD, including:
- Argo Rollouts (with
ServerSideApply=truedue to CRD size) - Prometheus
- External Secrets Operator
- cert-manager
apps/demo-rollouts demonstrates blue/green and canary delivery using Argo Rollouts with a fan-out pattern in Kargo to deploy to multiple prod stages concurrently.
Prometheus monitors traffic for non-200 response codes (triggerable from the rollouts app UI) and feeds Rollouts analysis results.
URLs:
demo-{stage}.akpdemoapps.linkprometheus.akpdemoapps.link
templated-teams/ provides a "golden path" — a single Kargo project definition templated with Helm. The platform team controls the k8s rollout and ingress; app teams only supply a Docker image and a few parameters.
components/ uses multi-source ArgoCD Applications that pull vendor Helm charts and apply custom value files from components/value-overrides/.
secrets/ defines ExternalSecret and SecretStore resources connecting to AWS Secrets Manager via the External Secrets Operator.
This demo assumes Kargo and ArgoCD are connected bidirectionally via the Akuity Platform.
Configured when registering the Kargo agent — select the ArgoCD instance under Akuity Managed Argo CD Instance.
- Akuity UI → Kargo →
<Instance>→ Agents → Register Agent - Select your ArgoCD instance
The Kargo cluster must be registered in ArgoCD as a cluster named kargo (this is what kargo-apps.yaml targets).
- Akuity UI → ArgoCD →
<Instance>→ Clusters → Add Integration - Select your Kargo cluster and name it
kargo