Deploy a Web Application With Let’s Encrypt and Kubernetes Using Terraform on GCP (Part 1)


In previous article, we learnt how to deploy two applications – WordPress and Guestbook using Terraform. However, these two applications were already well-developed by others. This time, I will show how to deploy a real application made by ourselves. It means we are able to see the source code of the applications. I will divide the whole things as two parts: the first part, this article, will talk about how to deploy the application with Let’s encrypt on GCP using Terraform just like before. The second part, next article, will talk about how to maintain our code and update our application.



In console, we choose Cloud Shell and then click the editor mode such that we could easily review our code.

The we have to setup our environment e.g. define project, zone and region:

gcloud config set project <you-project-id>
gcloud config set compute/zone us-west1-a
gcloud config set compute/region us-west1

Please download my prepared file from github or

git clone

Be friendly reminded that we will edit something later, so please build your own repository.

Folder Structure

The Terraform structure is basically the same as previous. The only difference is this time we do not apply k8s directly from Terraform. Instead, we write a startup script and call it. “depend_on = [google_container_cluster.default]” ensures that we run the script after the cluster is built successfully.

For the startup script, we firstly get credentials. Then we install helm and ingress-nginx. Finally, we apply the web application k8s files first before the Lets encrypt k8s files.

The benefit of this approach is to ensure the web application has enough time to process. Otherwise, it may appear some error.

Point to Your own Domain

There are two yaml files we should edit: certificate.yaml and ingress-service.yaml. Please ensure it points to your own domain. Of course, if you have multiple domains, you are feel free to add them.

Deploy Using Terraform

The the following steps will look exactly the same as previous, but we still do it again here.

We initialize the terraform by typing:

terraform init

If they are all fine, then we can directly type:

terraform apply

We can see any changes for this action, if all fine then type “yes” to confirm.

Then we find our public IP of ingress by typing:

kubectl get ingress

Finally, we point our DNS to this IP, it depends on which provider you use. For your reference, I use no-ip.

Now it is time to validate our web application.

Yes, it works. We can also see the https logo.

If we click into it, the certificate is verified by Let’s Encrypt. Then how about the function? Let’s check.

Edit Postgres Database Password

In fact, you can edit some “secret” in secret.yaml file. You can not only store POSTGRES_PASSWORD, but also any type of password you do not want to show.


If you want to go to Part 2 directly, then please do not cleanup, otherwise you have to build the infrastructure again.

Just like before, if we want to clean up all the things, we just have to type:

terraform destroy

Then choose “yes” to confirm.

Leave a Reply