Deploying Applications
Purpose: For application developers, shows how to create an app repo, configure FluxCD, deploy pods, and verify traffic.
Outcome
By the end of this tutorial you'll have a running application on an openCenter cluster, accessible over HTTPS through Gateway API, with FluxCD reconciling changes from your Git repository.
Prerequisites
- An openCenter cluster with FluxCD bootstrapped
kubectlconfigured with cluster access- A Git repository for your application (GitHub, GitLab, or Gitea)
- The platform team has created a namespace for your application
Step 1 — Scaffold Your Application Repository
Create a repository following the openCenter-customer-app-example pattern:
my-app/
├── kustomization.yaml
├── namespace.yaml
├── deployment.yaml
├── service.yaml
├── httproute.yaml
└── networkpolicy.yaml
Start with the root kustomization.yaml:
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- deployment.yaml
- service.yaml
- httproute.yaml
- networkpolicy.yaml
Step 2 — Define the Deployment and Service
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: my-app
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: harbor.opencenter.example.com/customer-apps/my-app:1.0.0-abc1234
ports:
- containerPort: 8080
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /readyz
port: 8080
initialDelaySeconds: 3
periodSeconds: 5
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
---
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: my-app
namespace: my-app
spec:
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
protocol: TCP
Step 3 — Configure HTTPS Routing
Create an HTTPRoute that routes traffic through the shared Gateway:
# httproute.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: my-app
namespace: my-app
spec:
parentRefs:
- name: platform-gateway
namespace: gateway-system
hostnames:
- "my-app.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: my-app
port: 80
TLS is handled by the Gateway listener and cert-manager. You don't need to configure certificates in your HTTPRoute — the platform Gateway already has a wildcard or per-host certificate.
Step 4 — Request Platform Team Onboarding
Push your repository to Git. Then ask the platform team to create the FluxCD resources in the cluster's GitOps repo:
# Platform team creates: services/sources/my-app.yaml
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: my-app
namespace: flux-system
spec:
url: ssh://git@github.com/my-org/my-app.git
ref:
branch: main
interval: 5m
secretRef:
name: my-app-deploy-key
---
# Platform team creates: services/fluxcd/my-app.yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: my-app
namespace: flux-system
spec:
sourceRef:
kind: GitRepository
name: my-app
path: ./
interval: 10m
prune: true
targetNamespace: my-app
After the platform team commits these files, FluxCD picks up your application within the next reconciliation interval (default: 5 minutes).
Check Your Work
Verify the deployment is running:
kubectl get pods -n my-app
# Expected: 2/2 Running
kubectl get httproute -n my-app
# Expected: my-app with parentRef platform-gateway
Test HTTPS access:
curl -s https://my-app.example.com/healthz
# Expected: 200 OK
Check FluxCD reconciliation status:
flux get kustomizations -n flux-system | grep my-app
# Expected: Applied revision: main@sha1:abc1234
Next Steps
- Add a NetworkPolicy to restrict ingress/egress for your pods
- Set up Gateway API & TLS for custom certificate requirements
- Follow the Developer Golden Path for CI/CD integration and environment promotion