Skip to content


Deploy Terrateam to Kubernetes



Installing this chart will create two pods:

  • PostgreSQL
  • Terrateam Server


  1. Source your private Terrateam GitHub application settings file
Terminal window
source .env
  1. Create your Terrateam private GitHub application secrets
Terminal window
kubectl create secret generic terrateam-github-app-pem --from-literal=pem="$GITHUB_APP_PEM"
kubectl create secret generic terrateam-github-webhook-secret --from-literal=secret="$GITHUB_WEBHOOK_SECRET"
kubectl create secret generic terrateam-github-app-client-secret --from-literal=secret="$GITHUB_APP_CLIENT_SECRET"
kubectl create secret generic terrateam-github-app-client-id --from-literal=id="$GITHUB_APP_CLIENT_ID"
kubectl create secret generic terrateam-github-app-id --from-literal=id="$GITHUB_APP_ID"
  1. Clean up your environment
Terminal window
  1. Create your Terateam database password secret
Terminal window
kubectl create secret generic terrateam-db-password --from-literal=password="STRONG_PASSWORD_HERE"

Helm Repo

Add the Terrateam Helm repository

Terminal window
helm repo add terrateamio
helm repo update

Helm chart

GKE with an HTTPS load balancer and managed certificate

  1. Create a global static IP address


resource "google_compute_global_address" "terrateam_static_ip" {
name = "terrateam-static-ip"

Create the IP

Terminal window
terraform apply

Show the IP

Terminal window
terraform state show google_compute_global_address.terrateam_static_ip
  1. Assign a DNS name

The global static IP will be used with the Terrateam Ingress controller. To enable, add it to a DNS zone you control, for example as

  1. Install
Terminal window
helm install terrateam terrateamio/terrateam \
--set server.dns_name="" \
--set certificate.enabled="true" \
--set ingress.enabled="true" \
--set ingress.annotations."networking\.gke\.io\/managed-certificates"="terrateam-ingress-certificate" \
--set ingress.annotations."kubernetes\.io\/ingress\.global-static-ip-name"="terrateam-static-ip" \
--set ingress.annotations."kubernetes\.io\/ingress\.class"="gce" \
--set-string ingress.annotations."kubernetes\.io\/ingress\.allow-http"="false"

Without Ingress

Terminal window
helm install terrateam terrateamio/terrateam --set server.dns_name=""

You can use NGINX-ingress and cert-manager to expose the terrateam-server service.


Specify a custom my-values.yaml for installation.

Terminal window
helm inspect values terrateamio/terrateam > my-values.yaml
helm install -f my-values.yaml terrateam terrateamio/terrateam

Validate endpoint before moving on

Make sure your Terrateam Server endpoint is healthy

Terminal window
curl -I

You should receive a HTTP/2 200 response.

GitHub application webhook URL

When the Terrateam server starts up, it will try to update the GitHub application Webhook URL using the Helm chart value server.dns_name which in turn populates the TERRAT_API_BASE environment variable. To disable, set the GITHUB_WEBHOOK_URL_UPDATE environment variable to FALSE.


Navigate to your private Terrateam GitHub application URL and Install

Next steps

Complete the Terrateam Self-Hosted Next Steps

We use cookies and similar technologies to provide certain features, enhance the user experience and deliver content that is relevant to your interests. Depending on their purpose, analysis and marketing cookies may be used in addition to technically necessary cookies. By clicking on "Agree and continue", you declare your consent to the use of the aforementioned cookies. Here you can make detailed settings or revoke your consent (in part if necessary) with effect for the future. For further information, please refer to our Privacy Policy .