diff --git a/terraform/app.tf b/terraform/app.tf
new file mode 100644
index 0000000..0c30376
--- /dev/null
+++ b/terraform/app.tf
@@ -0,0 +1,141 @@
+# app.tf
+
+provider "kubernetes" {
+  host                   = "https://${google_container_cluster.default.endpoint}"
+  token                  = data.google_client_config.default.access_token
+  cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate)
+
+  ignore_annotations = [
+    "^autopilot\\.gke\\.io\\/.*",
+    "^cloud\\.google\\.com\\/.*"
+  ]
+}
+
+data "google_client_config" "default" {}
+
+resource "kubernetes_deployment_v1" "default" {
+  metadata {
+    name = "webwallet-vite-app-deployment"
+  }
+
+  spec {
+    replicas = 2
+
+    selector {
+      match_labels = {
+        app = "vite-app"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "vite-app"
+        }
+      }
+
+      spec {
+        container {
+          image = "bernalraul/webwallet:latest"
+          name  = "vite-app-container"
+
+          port {
+            container_port = 3000
+            name           = "vite-app-svc"
+          }
+
+          security_context {
+            allow_privilege_escalation = false
+            privileged                 = false
+            read_only_root_filesystem  = false
+
+            capabilities {
+              add  = []
+              drop = ["NET_RAW"]
+            }
+          }
+
+          liveness_probe {
+            http_get {
+              path = "/login"
+              port = "3000"
+            }
+
+            initial_delay_seconds = 60
+            period_seconds        = 5
+          }
+        }
+
+        security_context {
+          run_as_non_root = true
+
+          seccomp_profile {
+            type = "RuntimeDefault"
+          }
+        }
+
+        toleration {
+          effect   = "NoSchedule"
+          key      = "kubernetes.io/arch"
+          operator = "Equal"
+          value    = "amd64"
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service_v1" "default" {
+  metadata {
+    name = "webwallet-vite-app-loadbalancer"
+    annotations = {
+      "networking.gke.io/load-balancer-type" = "External"
+    }
+  }
+
+  spec {
+    selector = {
+      app = kubernetes_deployment_v1.default.spec[0].selector[0].match_labels.app
+    }
+
+#    ip_family_policy = "RequireDualStack"
+
+    port {
+      port        = 443
+      target_port = kubernetes_deployment_v1.default.spec[0].template[0].spec[0].container[0].port[0].name
+    }
+
+    type = "LoadBalancer"
+  }
+
+  depends_on = [time_sleep.wait_service_cleanup]
+}
+
+resource "kubernetes_ingress_v1" "default" {
+  metadata {
+    name = "webwallet-ingress"
+    annotations = {
+      "kubernetes.io/ingress.class" : "gce",
+      "networking.gke.io/managed-certificates" : "gke-wallet-cert"
+    }
+  }
+
+  spec {
+    rule {
+      host = "gke-wallet.bitcanna.io"
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+              name = kubernetes_service_v1.default.metadata[0].name
+              port {
+                number = 443
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/terraform/cluster.tf b/terraform/cluster.tf
new file mode 100644
index 0000000..629ce8a
--- /dev/null
+++ b/terraform/cluster.tf
@@ -0,0 +1,52 @@
+# cluster.tf
+
+resource "google_compute_network" "default" {
+  name = "webwallet-network"
+
+  auto_create_subnetworks  = false
+  enable_ula_internal_ipv6 = false
+}
+
+resource "google_compute_subnetwork" "default" {
+  name = "webwallet-subnetwork"
+
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+
+  stack_type       = "IPV4_ONLY"
+  ipv6_access_type = null
+
+  network = google_compute_network.default.id
+  secondary_ip_range {
+    range_name    = "services-range"
+    ip_cidr_range = "192.168.0.0/24"
+  }
+
+  secondary_ip_range {
+    range_name    = "pod-ranges"
+    ip_cidr_range = "192.168.1.0/24"
+  }
+}
+
+resource "google_container_cluster" "default" {
+  name               = "webwallet-cluster"
+  location           = "us-central1"
+  enable_autopilot   = true
+
+  network    = google_compute_network.default.id
+  subnetwork = google_compute_subnetwork.default.id
+
+  ip_allocation_policy {
+    stack_type                    = "IPV4"
+    services_secondary_range_name = google_compute_subnetwork.default.secondary_ip_range[0].range_name
+    cluster_secondary_range_name  = google_compute_subnetwork.default.secondary_ip_range[1].range_name
+  }
+
+  deletion_protection = false
+}
+
+resource "time_sleep" "wait_service_cleanup" {
+  depends_on = [google_container_cluster.default]
+
+  destroy_duration = "180s"
+}
diff --git a/terraform/managed-certificate.yaml b/terraform/managed-certificate.yaml
new file mode 100644
index 0000000..ff96d8e
--- /dev/null
+++ b/terraform/managed-certificate.yaml
@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: gke-wallet-cert
+spec:
+  domains:
+    - gke-wallet.bitcanna.io
diff --git a/terraform/update-ingress.yaml b/terraform/update-ingress.yaml
new file mode 100644
index 0000000..f4894ed
--- /dev/null
+++ b/terraform/update-ingress.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: webwallet-ingress
+  annotations:
+    networking.gke.io/managed-certificates: "gke-wallet-cert"
+    kubernetes.io/ingress.class: "gce"
+spec:
+  rules:
+  - host: gke-wallet.bitcanna.io
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: webwallet-vite-app-loadbalancer
+            port:
+              number: 443