This repo represents the typical objects under control of a central platform team for organizations using Argo CD and Kargo on the Akuity Platform.
Use SSO sign-in. If you don't have access, bug @eddiewebb
This repo contains 3 layers of IaC
- AWS Infrastructure via Terraform
- K8s Platform Config via Terraform
- Application Layer Config via Argo CD
To make any AWS or EKS level changes you will need access to the AWS Account and roles as described in Infra Demo - AWS Readme
Because this demo environment is fully defined as IaC, you can open pull requests on this repo or the infra repo to add or change demos.
.
βββ bootstrap/ # ApplicationSets that bootstrap all ArgoCD and Kargo apps
βββ apps/ # One directory per demo app
β βββ <app-name>/
β βββ argocd/ # AppProject + ApplicationSet for this app
β βββ kargo/ # Kargo Project, Warehouse, Stages, and Tasks
β βββ ... # App-specific manifests (base, stages, chart, etc.)
βββ kargo-shared/ # Shared Kargo platform resources (CustomPromotionSteps, etc.)
βββ components/ # Cluster add-ons (Argo Rollouts, Prometheus, ESO, cert-manager)
βββ secrets/ # ExternalSecret and SecretStore resources (backed by AWS Secrets Manager)
βββ templated-teams/ # Helm-templated "golden path" projects for app teams
bootstrap/ contains two ApplicationSets managed by the top-level app-of-apps ArgoCD Application (defined in sedemo-infra-iac):
argocd-apps.yamlβ discoversapps/*/argocd/and creates one ArgoCD Application per app usingproject: default(avoids chicken-and-egg with AppProjects living inside the synced path)kargo-apps.yamlβ discoversapps/*/kargo/and creates one ArgoCD Application per app targeting thekargocluster
Each app under apps/ is self-contained:
argocd/holds theAppProjectand anApplicationSet(or individualApplicationmanifests) for that app's stageskargo/holds all Kargo resources:Project,Warehouse,Stage,PromotionTask, etc.- Additional directories (e.g.
base/,stages/,chart/) hold the actual Kubernetes manifests promoted by Kargo
Cluster add-ons installed via ArgoCD, including:
- Argo Rollouts (with
ServerSideApply=truedue to CRD size) - Prometheus
- External Secrets Operator
- cert-manager
apps/demo-ephemeral demonstrates two complementary delivery patterns in a single Kargo project:
- PR Preview β every open pull request in
akuity/sedemo-monorepolabeledpreviewgets an isolated, auto-promoted preview environment with its own Warehouse, Stage, namespace, and PR comment. Environments tear down automatically when the PR closes. - Traditional pipeline β
dev β staging β prodpromotion driven bykustomize-set-imageon the main branch, showing the graduation path from a validated preview to production.
Per-PR Warehouses scope image discovery to ^pr-<N>-.+$ tags, preventing any cross-PR freight bleed. ApplicationSets handle the full lifecycle β creating and pruning Argo CD Applications and Kargo resources as PRs open and close.
To trigger a preview environment: open a pull request against
mainin akuity/sedemo-monorepo touching any file underrollouts-app/, then add thepreviewlabel to the PR.
URLs: pr-{N}.ephemeral.akpdemoapps.link
apps/demo-rollouts demonstrates blue/green and canary delivery using Argo Rollouts with a fan-out pattern in Kargo to deploy to multiple prod regions concurrently. Staging uses a PR-based approval gate; prod uses Jira change management.
Prometheus monitors traffic for non-200 response codes (triggerable from the rollouts app UI) and feeds Rollouts analysis results.
URLs: demo-{stage}.akpdemoapps.link Β· prometheus.akpdemoapps.link
apps/active-active demonstrates a high-availability multi-region pipeline with parallel dev regions, a convergence gate (both dev-east and dev-west must pass before staging advances), and a ServiceNow change management lifecycle split across approve and close stages.
URLs: {stage}.ha.akpdemoapps.link
apps/demo-snow demonstrates ServiceNow integration with a simpler multi-region pipeline. The prod stage creates a change request, blocks until it reaches "Implement" state, then fans out to three regional stages automatically.
apps/beyond-k8s demonstrates Kargo managing workloads outside of Kubernetes. A Fargate pipeline registers new ECS task definitions in AWS, while a parallel K8s pipeline handles standard cluster deployments β both in the same Kargo project.
templated-teams/ provides a "golden path" β a single Kargo project definition templated with Helm. The platform team controls the k8s rollout and ingress; app teams only supply a Docker image and a few parameters. Includes IaC-defined roles for Dev, SRE, and QA with PR-based prod approvals and optional Argo Rollouts canary.
apps/oci-airgap demonstrates packaging all rendered manifests as an OCI artifact at dev time. Downstream stages (including an air-gapped prod) sync from the OCI artifact rather than a git branch, enabling deployment into environments with no outbound git access. Requires Argo CD v3.1+.
apps/demo-intelligence demonstrates AI-powered incident response. An OOM or crashloop condition triggers an AI runbook that triages the incident, proposes remediation via Slack, waits for approval, applies the fix, and resolves the incident automatically.
components/ uses multi-source ArgoCD Applications that pull vendor Helm charts and apply custom value files from components/value-overrides/.
secrets/ defines ExternalSecret and SecretStore resources connecting to AWS Secrets Manager via the External Secrets Operator.
This demo assumes Kargo and ArgoCD are connected bidirectionally via the Akuity Platform.
Configured when registering the Kargo agent β select the ArgoCD instance under Akuity Managed Argo CD Instance.
- Akuity UI β Kargo β
<Instance>β Agents β Register Agent - Select your ArgoCD instance
The Kargo cluster must be registered in ArgoCD as a cluster named kargo (this is what kargo-apps.yaml targets).
- Akuity UI β ArgoCD β
<Instance>β Clusters β Add Integration - Select your Kargo cluster and name it
kargo