diff --git a/main.tf b/main.tf
index 82b93a6b..06a097f6 100644
--- a/main.tf
+++ b/main.tf
@@ -48,6 +48,8 @@ variable "monitoring_idrac_password" {}
 variable "alertmanager_slack_api_url" {}
 variable "home_assistant_configuration" {}
 variable "shadowsocks_password" {}
+variable "finance_app_monzo_client_id" {}
+variable "finance_app_monzo_client_secret" {}
 
 variable "ansible_prefix" {
   default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@@ -243,4 +245,8 @@ module "kubernetes_cluster" {
 
   # shadowsocks
   shadowsocks_password = var.shadowsocks_password
+
+  # finance app
+  finance_app_monzo_client_id     = var.finance_app_monzo_client_id
+  finance_app_monzo_client_secret = var.finance_app_monzo_client_secret
 }
diff --git a/modules/kubernetes/finance_app/main.tf b/modules/kubernetes/finance_app/main.tf
new file mode 100644
index 00000000..13526167
--- /dev/null
+++ b/modules/kubernetes/finance_app/main.tf
@@ -0,0 +1,77 @@
+variable "tls_secret_name" {}
+variable "monzo_client_id" {}
+variable "monzo_client_secret" {}
+
+
+resource "kubernetes_namespace" "finance_app" {
+  metadata {
+    name = "finance-app"
+  }
+}
+
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "finance-app"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "kubernetes_deployment" "finance_app" {
+  metadata {
+    name      = "finance-app"
+    namespace = "finance-app"
+    labels = {
+      app = "finance-app"
+    }
+  }
+  spec {
+    replicas = 2
+    selector {
+      match_labels = {
+        app = "finance-app"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "finance-app"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/finance-app"
+          name  = "finance-app"
+
+          env {
+            name  = "MONZO_CLIENT_ID"
+            value = var.monzo_client_id
+          }
+          env {
+            name  = "MONZO_CLIENT_SECRET"
+            value = var.monzo_client_secret
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "finance_app" {
+  metadata {
+    name      = "finance-app"
+    namespace = "finance-app"
+    labels = {
+      app = "finance-app"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "finance-app"
+    }
+    port {
+      name = "http"
+      port = "8000"
+    }
+  }
+}
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 7ad0d3f4..5327cf86 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -36,6 +36,8 @@ variable "idrac_password" {}
 variable "alertmanager_slack_api_url" {}
 variable "home_assistant_configuration" {}
 variable "shadowsocks_password" {}
+variable "finance_app_monzo_client_id" {}
+variable "finance_app_monzo_client_secret" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
@@ -247,3 +249,10 @@ module "home_assistant" {
   client_certificate_secret_name = var.client_certificate_secret_name
   configuration_yaml             = var.home_assistant_configuration
 }
+
+module "finance_app" {
+  source              = "./finance_app"
+  tls_secret_name     = var.tls_secret_name
+  monzo_client_id     = var.finance_app_monzo_client_id
+  monzo_client_secret = var.finance_app_monzo_client_secret
+}
diff --git a/terraform.tfvars b/terraform.tfvars
index 8cf0ff87..bcb8c4fe 100644
Binary files a/terraform.tfvars and b/terraform.tfvars differ