diff --git a/azure/terraform/gitlab.tf b/azure/terraform/gitlab.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/gitlab.tf
@@ -0,0 +1,20 @@
+# create a kubernetes cluster for a given environment
+# and deploy a gitlab instance on it
+# The cluster is deployed in its own resource group
+# suffixed by the environment
+
+# module "gitlab-production" {
+#     source = "./modules/gitlab"
+
+#     environment = "production"
+# }
+
+module "gitlab-staging" {
+    source = "./modules/gitlab"
+    environment = "staging"
+    internal_ip_address = "192.168.200.100"
+}
+
+output "gitlab-staging_summary" {
+  value = module.gitlab-staging.summary
+}
diff --git a/azure/terraform/modules/gitlab/data.tf b/azure/terraform/modules/gitlab/data.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/modules/gitlab/data.tf
@@ -0,0 +1,5 @@
+data "azurerm_subnet" "internal_subnet" {
+  name                 = "default"
+  virtual_network_name = var.internal_vnet
+  resource_group_name  = var.internal_vnet_rg
+}
diff --git a/azure/terraform/modules/gitlab/main.tf b/azure/terraform/modules/gitlab/main.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/modules/gitlab/main.tf
@@ -0,0 +1,62 @@
+resource "azurerm_resource_group" "gitlab_rg" {
+  name     = "euwest-gitlab-${var.environment}"
+  location = var.location
+
+  tags = {
+    environment = var.environment
+  }
+}
+
+resource "azurerm_kubernetes_cluster" "gitlab_aks" {
+  name                = "gitlab-aks-${var.environment}"
+  location            = azurerm_resource_group.gitlab_rg.location
+  resource_group_name = azurerm_resource_group.gitlab_rg.name
+  dns_prefix          = "gitlab-${var.environment}"
+
+  default_node_pool {
+    name                = "default"
+    node_count          = 1
+    vm_size             = var.node_type
+    enable_auto_scaling = true
+    max_count           = var.maximal_pool_count
+    min_count           = var.minimal_pool_count
+    
+    # not supported for all vm types
+    # os_disk_type        = "Ephemeral"
+
+    # experimental feature, not activable as we don't
+    # have a subscription
+    # kubelet_config {
+    #   container_log_max_size_mb = "1024"
+    # }
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+
+  private_cluster_enabled = true
+
+  network_profile {
+    network_plugin = "kubenet"
+    network_policy = "calico"
+  }
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+resource "azurerm_private_endpoint" "gitlab_aks_endpoint" {
+  name                 = "gitlab-aks-${var.environment}-endpoint"
+  location             = azurerm_resource_group.gitlab_rg.location
+  resource_group_name  = azurerm_resource_group.gitlab_rg.name
+  subnet_id            = data.azurerm_subnet.internal_subnet.id
+
+  private_service_connection {
+    name                           = "gitlab-aks-${var.environment}-psc"
+    is_manual_connection           = false
+    private_connection_resource_id = azurerm_kubernetes_cluster.gitlab_aks.id
+    subresource_names              = ["management"]
+  }
+}
diff --git a/azure/terraform/modules/gitlab/outputs.tf b/azure/terraform/modules/gitlab/outputs.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/modules/gitlab/outputs.tf
@@ -0,0 +1,15 @@
+output "summary" {
+  value = <<EOF
+
+name: ${azurerm_kubernetes_cluster.gitlab_aks.name}
+internal_ip: ${azurerm_private_endpoint.gitlab_aks_endpoint.private_service_connection.0.private_ip_address}
+
+Execute the following command to add the credentials i                                  n your .kube/config:
+az aks get-credentials --resource-group ${azurerm_resource_group.gitlab_rg.name} --name ${azurerm_kubernetes_cluster.gitlab_aks.name} 
+
+and add this line in your /etc/hosts file:
+${azurerm_private_endpoint.gitlab_aks_endpoint.private_service_connection.0.private_ip_address} ${azurerm_kubernetes_cluster.gitlab_aks.private_fqdn}
+
+EOF
+
+}
diff --git a/azure/terraform/modules/gitlab/variables.tf b/azure/terraform/modules/gitlab/variables.tf
new file mode 100644
--- /dev/null
+++ b/azure/terraform/modules/gitlab/variables.tf
@@ -0,0 +1,51 @@
+variable "environment" {
+  description = "Environment of the gitlab instance"
+  type        = string
+}
+
+variable "location" {
+  description = "The location of the kubernetes cluster"
+  type        = string
+  default     = "westeurope"
+}
+
+variable "node_type" {
+  description = "Type of vms in the default node pool"
+  default     = "Standard_B2ms"
+  type        = string
+}
+
+variable "minimal_pool_count" {
+  description = "Minimal number of node in the default pool"
+  type        = number
+  default     = 1
+}
+
+variable "maximal_pool_count" {
+  description = "Minimal number of node in the default pool"
+  type        = number
+  default     = 5
+}
+
+variable "internal_ip_address" {
+  description = "Ip address to assigne to the aks management service (in the azure internal vnet 192.168.200.0/22)"
+  type        = string
+}
+
+variable "internal_vnet" {
+  description = "A vnet accessible from the VPN"
+  type        = string
+  default     = "swh-vnet"
+}
+
+variable "internal_vnet_location" {
+  description = "The location of the vnet accessible from the VPN"
+  type        = string
+  default     = "westeurope"
+}
+
+variable "internal_vnet_rg" {
+  description = "The resource group of the vnet accessible from the VPN"
+  type        = string
+  default     = "swh-resource"
+}