diff --git a/flux/cluster/apps/misc/kustomization.yaml b/flux/cluster/apps/misc/kustomization.yaml
index 99dbddd..f8f82e5 100644
--- a/flux/cluster/apps/misc/kustomization.yaml
+++ b/flux/cluster/apps/misc/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
   - pinbot
   - registry-creds.yaml
   - whoami
+  - tickets
diff --git a/flux/cluster/apps/misc/tickets/deployment.yaml b/flux/cluster/apps/misc/tickets/deployment.yaml
new file mode 100644
index 0000000..a4a1888
--- /dev/null
+++ b/flux/cluster/apps/misc/tickets/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tickets-deployment
+  namespace: misc
+  labels:
+    app: tickets-deployment
+    keel.sh/policy: force
+    keel.sh/match-tag: "true"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tickets-deployment
+  template:
+    metadata:
+      labels:
+        app: tickets-deployment
+    spec:
+      containers:
+        - name: tickets-deployment
+          imagePullPolicy: Always
+          image: registry.asraphiel.dev/library/tickets:main
+          ports:
+            - containerPort: 8080
+          envFrom:
+            - secretRef:
+                name: tickets-secrets
diff --git a/flux/cluster/apps/misc/tickets/ingress.yaml b/flux/cluster/apps/misc/tickets/ingress.yaml
new file mode 100644
index 0000000..0fd49ed
--- /dev/null
+++ b/flux/cluster/apps/misc/tickets/ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: tickets-deployment-ingress
+  namespace: misc
+spec:
+  rules:
+    - host: "tickets.asraphiel.dev"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: tickets-deployment-service
+                port:
+                  number: 80
diff --git a/flux/cluster/apps/misc/tickets/kustomization.yaml b/flux/cluster/apps/misc/tickets/kustomization.yaml
new file mode 100644
index 0000000..0169223
--- /dev/null
+++ b/flux/cluster/apps/misc/tickets/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - ingress.yaml
+  - service.yaml
+  - secret.yaml
diff --git a/flux/cluster/apps/misc/tickets/secret.yaml b/flux/cluster/apps/misc/tickets/secret.yaml
new file mode 100644
index 0000000..a514043
--- /dev/null
+++ b/flux/cluster/apps/misc/tickets/secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tickets-secrets
+  namespace: misc
+spec:
+  refreshInterval: "15s"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: tickets-secrets
+  data:
+    - secretKey: DATABASE_URL
+      remoteRef:
+        key: k8s/tickets
+        property: db-secret
+    - secretKey: ADMIN_PASSWORD
+      remoteRef:
+        key: k8s/tickets
+        property: password
diff --git a/flux/cluster/apps/misc/tickets/service.yaml b/flux/cluster/apps/misc/tickets/service.yaml
new file mode 100644
index 0000000..b0585c4
--- /dev/null
+++ b/flux/cluster/apps/misc/tickets/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tickets-deployment-service
+  namespace: misc
+spec:
+  selector:
+    app: tickets-deployment
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080