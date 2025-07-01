The Akamai App Platform is based on a combination of GitOps and configuration as code (CaC) principles. GitOps uses Git repositories as a single source of truth for both infrastructure and application deployments, enabling continuous delivery and deployment. CaC, on the other hand, is a practice where application and environment configurations are defined as code and stored in version control. The heart of the platform is the platform API. The API manages the CaC stored in a Git repository. A Kubernetes operator periodically fetches the changes from the Git repository, compiles all the files into one data blob, renders Argo CD Application manifests, and then deploys them to the Kubernetes cluster. The updated Argo CD Application is picked up by the Argo CD controller and deploys the requested Helm chart with the corresponding values.

The Configuration as Code Git repository contains the configuration for both infrastructure (deployed on the cluster) and for specific configurations of platform applications. Changes in the configuration of platform applications like Keycloak (for Identity and Access management), Harbor (the self-hosted container registry service), and Gitea (the self-hosted Git service) are deployed by custom-built Kubernetes operators leveraging the application APIs.

Let’s take a look at an example: The platform administrator uses the self-service portal to enable Harbor because Teams on the platform would like to use private container registries. The platform API will first make the required changes in the CaC Git repository. Because Harbor is enabled, new Argo CD Application manifests are rendered and deployed to install Harbor, the (CloudNativePG) PostgreSQL databases, and the platform Harbor operator. When the platform Harbor operator is running, it will get the configuration instructions to configure Harbor. In this case, the operator will create projects for all the Teams on the platform, configure OIDC, create robot accounts, and create push and pull secrets in the namespaces of the Teams. After just a couple of minutes, all the Teams will have access to their projects in Harbor and can use the self-service portal to create container images that are automatically stored in Harbor.