diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
new file mode 100644
index 0000000..393c475
--- /dev/null
+++ b/.github/workflows/helm-release.yml
@@ -0,0 +1,35 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+      - helm-wip
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          charts_dir: helm
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
index 28203c6..12aa0fe 100644
--- a/helm/templates/configmap.yaml
+++ b/helm/templates/configmap.yaml
@@ -3,6 +3,7 @@ kind: ConfigMap
 metadata:
   name: {{ .Chart.Name }}-config
 data:
-  {{- $files:= .Files}}
-    config.toml: |-
-  {{$files.Get "config.toml"}}
+  config.yaml: |
+    {{- if .Values.config }}
+    {{- toYaml .Values.config | nindent 4 }}
+    {{- end }}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
index aaeea9d..1951c99 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Chart.Name }}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -14,12 +15,17 @@ spec:
         app.kubernetes.io/name: {{ .Chart.Name }}
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
+      serviceAccountName: {{ .Chart.Name }}-serviceaccount
       containers:
         - name: slackwatch
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.port }}
-          envFrom:
-            - configMapRef:
-                name: {{ .Chart.Name }}-config
+          volumeMounts:
+            - name: config-volume
+              mountPath: /app/config
+      volumes:
+        - name: config-volume
+          configMap:
+            name: {{ .Chart.Name }}-config
diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
new file mode 100644
index 0000000..1ad27a8
--- /dev/null
+++ b/helm/templates/ingress.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.ingress.enabled -}}
+{{- $paths := .Values.ingress.paths -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+{{- $pathType := .Values.ingress.pathType -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $serviceName := .Chart.Name}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Chart.Name }}-ingress
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- with .Values.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.ingressClassName }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  rules:
+  {{- if .Values.ingress.hosts }}
+    {{- range $host := .Values.ingress.hosts }}
+    - host: {{ $host | quote }}
+      http:
+        paths:
+          {{- with $extraPaths }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            pathType: {{ $pathType }}
+            backend:
+              service:
+                name: {{ $serviceName }}-svc
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+          {{- end -}}
+    {{- end -}}
+  {{- else }}
+    - http:
+        paths:
+          {{- with $extraPaths }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+          {{- range $p := $paths }}
+          - path: {{ $p }}
+            pathType: {{ $pathType }}
+            backend:
+              service:
+                name: {{ .Chart.Name }}-svc
+                port:
+                  {{- if kindIs "float64" $servicePort }}
+                  number: {{ $servicePort }}
+                  {{- else }}
+                  name: {{ $servicePort }}
+                  {{- end }}
+          {{- end -}}
+  {{- end -}}
+  {{- with .Values.ingress.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/helm/templates/rbac.yaml b/helm/templates/rbac.yaml
new file mode 100644
index 0000000..de40a64
--- /dev/null
+++ b/helm/templates/rbac.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-clusterrole
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ .Chart.Name }}-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-serviceaccount
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/templates/role.yaml b/helm/templates/role.yaml
new file mode 100644
index 0000000..ec65433
--- /dev/null
+++ b/helm/templates/role.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ .Chart.Name }}-role
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Chart.Name }}-rolebinding
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Chart.Name }}-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Chart.Name }}-serviceaccount
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml
index b934a7e..258b459 100644
--- a/helm/templates/service.yaml
+++ b/helm/templates/service.yaml
@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Chart.Name }}
+  name: {{ .Chart.Name }}-svc
 spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: http
+      targetPort: 8080
   selector:
     app.kubernetes.io/name: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
new file mode 100644
index 0000000..03e3e7b
--- /dev/null
+++ b/helm/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-serviceaccount
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/values.yaml b/helm/values.yaml
index a2f53df..65fd649 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -1,28 +1,51 @@
 replicaCount: 1
+namespace: slackwatch
 
 image:
-  repository: ghcr.io/slackspace-io/slackwatch
+  repository: ghcr.io/slackspace-io/slackwatch  # Assuming this image is accessible as a placeholder
   pullPolicy: IfNotPresent
   tag: "latest"
 
 service:
+  annotations: {}
+  labels: {}
   type: ClusterIP
-  port: 8080
+  port: 80
+
+ingress:
+  enabled: false
+  labels: {}
+  ingressClassName: ""
+  paths:
+    - /
+  pathType: Prefix
+  extraPaths: []
+  https: false
+  annotations: {}
+  tls: []
+  hosts:
+    - test.slackwatch.default # Placeholder domain
 
 config:
-  schedule: "0 15 9-22/2 * * *"
-  data_dir: "/app/slackwatch/data"
-  ntfy:
-    url: "http://ntfy.ntfy.svc.cluster.local"
-    topic: "slackwatch"
-    reminder: "24h"
-    token: "dummy"
+  system:
+    #default schedule is every 2 hours
+    schedule: "0 0 */2 * *"
+    data_dir: "/app/slackwatch/data"
+
+  notifications:
+    ntfy:
+      url: "http://ntfy-server.default:80" # Assumes an 'ntfy-server' available in the 'default' namespace
+      topic: "slackwatch-test"
+      token: "slackwatch-ntfy-token"
+      priority: 1
+      reminder: "24h"
+      # ... other notification provider settings
 
-gitops:
-  - name: "dummy"
-    repository_url: "https://github.com/slackspace-io/dummy.git"
-    branch: "main"
-    commit_message: "Updated by slackwatch"
-    commit_name: "slackwatch"
-    commit_email: "slackwatch@slackspace.io"
-    access_token_env_name: "SLACKWATCH_TOKEN"
+  gitops:
+    - name: "test-repo" # Placeholder name
+      repository_url: "https://github.com/your-org/test-repo.git"
+      branch: "main"
+      access_token_env_name: "TEST_REPO_ACCESS_TOKEN"
+      commit_message: "Automated commit by slackwatch"
+      commit_email: "slackwatch@yourmail.default"
+      # ... other GitOps settings