diff --git a/.gitignore b/.gitignore
index 50a7a5458acf21c4e3d5b4029f9801702686a8f5..bb4fc9ed371d3aba18eb578d9fc98ec1ce8f819c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,39 @@
 local.cmd.sh
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 77aefe0ad2be229d89d54473640c8b9ef0546574..cdbce3c11c4d5ea5d8b46c849b9cdf9f87b0333e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,23 +1,7 @@
 include:
 - project: kubernetes-cluster/deploy/ci
-  ref: master
-  file: helm_deployment.gitlab-ci.yml
+  ref: terraform_migration
+  file: distribution.terraform.gitlab-ci.yml
 
 variables:
-  HELM_REPO_NAME: projectcalico
-  HELM_CHART_NAME: tigera-operator
-  HELM_REPO: https://docs.tigera.io/calico/charts
-  HELM_VALUES_FILES: values.yaml
-  NAMESPACE: tigera-operator
-  DEPLOYMENT_NAME: calico
-  HELM_CHART_VERSION: v3.29.2
-  HELM_UPGRADE_ARGS: >
-    --set installation.calicoNetwork.ipPools[0].cidr=${DISTRIBUTION_CIDR}
-
-deploy_calico:
-  extends: .deploy_helm_from_repo
-  only:
-    refs:
-      - master
-  variables:
-    KUBE_CONTEXT: ${DISTRIBUTION_KUBE_CONTEXT}
+  TF_VAR_cidr: ${DISTRIBUTION_CIDR}
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..10db2099f5199ed1c362c5b7b63f3a0e57af2b5b
--- /dev/null
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,22 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.17.0"
+  constraints = "~> 2.17"
+  hashes = [
+    "h1:K5FEjxvDnxb1JF1kG1xr8J3pNGxoaR3Z0IBG9Csm/Is=",
+    "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4",
+    "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7",
+    "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3",
+    "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c",
+    "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd",
+    "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940",
+    "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e",
+    "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930",
+    "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f",
+    "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654",
+    "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..6073c2a19991b9b56e7f17463d1427a2c1f95a04
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,52 @@
+variable "kubernetes_config" {
+  type = string
+}
+
+variable "kubernetes_context" {
+  type = string
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = var.kubernetes_config
+    config_context = var.kubernetes_context
+  }
+}
+
+variable "cidr" {
+  type = string
+}
+
+variable "extra_values_files" {
+  type = list(string)
+  default = []
+}
+
+variable "extra_set_values" {
+  type = map(any)
+  default = {}
+}
+
+variable "extra_set_sensitive_values" {
+  type = map(any)
+  default = {}
+}
+
+module "helm_release" {
+  source = "git::https://git.420joos.dev/kubernetes-cluster/terraform-generalization.git"
+  release_name = "calico"
+  chart_repo = "https://docs.tigera.io/calico/charts"
+  chart_name = "tigera-operator"
+  chart_version = "v3.29.2"
+  namespace = "tigera-operator"
+  default_values_files = [
+    "../values.yaml"
+  ]
+  extra_values_files = var.extra_values_files
+  default_set_values = {
+    "installation.calicoNetwork.ipPools[0].cidr" = var.cidr
+  }
+  extra_set_values = var.extra_set_values
+  default_set_sensitive_values = {}
+  extra_set_sensitive_values = var.extra_set_sensitive_values
+}