diff --git a/charts/tandoor-recipes/.gitignore b/charts/tandoor-recipes/.gitignore
new file mode 100644
index 0000000..268bba3
--- /dev/null
+++ b/charts/tandoor-recipes/.gitignore
@@ -0,0 +1 @@
+charts/*.tgz
\ No newline at end of file
diff --git a/charts/tandoor-recipes/Chart.lock b/charts/tandoor-recipes/Chart.lock
new file mode 100644
index 0000000..ca8828d
--- /dev/null
+++ b/charts/tandoor-recipes/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.12.10
+digest: sha256:c46f569535f1fbc2cbd743df1c0c38af969b6f82d638705af20aaba0af03d71b
+generated: "2024-01-20T17:18:32.741753422Z"
diff --git a/charts/tandoor-recipes/Chart.yaml b/charts/tandoor-recipes/Chart.yaml
index 0a3ca54..fa46a13 100644
--- a/charts/tandoor-recipes/Chart.yaml
+++ b/charts/tandoor-recipes/Chart.yaml
@@ -1,6 +1,7 @@
 apiVersion: v2
 name: tandoor-recipes
-description: A Helm chart for Kubernetes
+description: A Helm chart for Tandoor Recipes, a digital recipe manager
+icon: https://github.com/vabene1111/recipes/raw/develop/docs/logo_color.svg
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -22,3 +23,9 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.5.6"
+
+dependencies:
+  - name: postgresql
+    version: ^12.12.10
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled
diff --git a/charts/tandoor-recipes/templates/_helpers.tpl b/charts/tandoor-recipes/templates/_helpers.tpl
index d2b7f2d..a04b2d4 100644
--- a/charts/tandoor-recipes/templates/_helpers.tpl
+++ b/charts/tandoor-recipes/templates/_helpers.tpl
@@ -60,3 +60,81 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "tandoor-recipes.postgresql.fullname" -}}
+{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Set postgres host
+*/}}
+{{- define "tandoor-recipes.postgresql.host" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- template "tandoor-recipes.postgresql.fullname" . -}}
+{{- else -}}
+{{ required "A valid externalPostgresql.host is required" .Values.externalPostgresql.host }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres secret
+*/}}
+{{- define "tandoor-recipes.postgresql.secret" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- template "tandoor-recipes.postgresql.fullname" . -}}
+{{- else -}}
+{{- template "tandoor-recipes.fullname" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgres port
+*/}}
+{{- define "tandoor-recipes.postgresql.port" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- if .Values.postgresql.service -}}
+{{- .Values.postgresql.service.port | default 5432 }}
+{{- else -}}
+5432
+{{- end -}}
+{{- else -}}
+{{- required "A valid externalPostgresql.port is required" .Values.externalPostgresql.port -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql username
+*/}}
+{{- define "tandoor-recipes.postgresql.username" -}}
+{{- if .Values.postgresql.enabled -}}
+{{ required "A valid postgresql.auth.username is required" .Values.postgresql.auth.username }}
+{{- else -}}
+{{ required "A valid externalPostgresql.username is required" .Values.externalPostgresql.username }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql password
+*/}}
+{{- define "tandoor-recipes.postgresql.password" -}}
+{{- if .Values.postgresql.enabled -}}
+{{ required "A valid postgresql.auth.password is required" .Values.postgresql.auth.password }}
+{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}}
+{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set postgresql database
+*/}}
+{{- define "tandoor-recipes.postgresql.database" -}}
+{{- if .Values.postgresql.enabled -}}
+{{- .Values.postgresql.auth.database | default "recipes" }}
+{{- else -}}
+{{ required "A valid externalPostgresql.database is required" .Values.externalPostgresql.database }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/tandoor-recipes/templates/deployment.yaml b/charts/tandoor-recipes/templates/deployment.yaml
index ba3eb52..d469e92 100644
--- a/charts/tandoor-recipes/templates/deployment.yaml
+++ b/charts/tandoor-recipes/templates/deployment.yaml
@@ -5,9 +5,9 @@ metadata:
   labels:
     {{- include "tandoor-recipes.labels" . | nindent 4 }}
 spec:
-  {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
-  {{- end }}
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       {{- include "tandoor-recipes.selectorLabels" . | nindent 6 }}
@@ -37,6 +37,24 @@ spec:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
+          env:
+            - name: DB_ENGINE
+              value: django.db.backends.postgresql
+            - name: POSTGRES_HOST
+              value: {{ include "tandoor-recipes.postgresql.host" . }}
+            - name: POSTGRES_PORT
+              value: {{ include "tandoor-recipes.postgresql.port" . | quote }}
+            - name: POSTGRES_USER
+              value: {{ include "tandoor-recipes.postgresql.username" . }}
+            - name: POSTGRES_PASSWORD
+              value: {{ include "tandoor-recipes.postgresql.password" . }}
+            - name: POSTGRES_DB
+              value: {{ include "tandoor-recipes.postgresql.database" . }}
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: recipes-secret-key
+                  key: password
           livenessProbe:
             httpGet:
               path: /
diff --git a/charts/tandoor-recipes/templates/hpa.yaml b/charts/tandoor-recipes/templates/hpa.yaml
deleted file mode 100644
index f21361b..0000000
--- a/charts/tandoor-recipes/templates/hpa.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "tandoor-recipes.fullname" . }}
-  labels:
-    {{- include "tandoor-recipes.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "tandoor-recipes.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/charts/tandoor-recipes/templates/secret.yaml b/charts/tandoor-recipes/templates/secret.yaml
new file mode 100644
index 0000000..ad5a643
--- /dev/null
+++ b/charts/tandoor-recipes/templates/secret.yaml
@@ -0,0 +1,12 @@
+{{- if empty .Values.secretKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "recipes-secret-key"
+type: Opaque
+data:
+  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "recipes-secret-key") | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- $secretKey := (get $secretData "recipes-secret-key") | default (randAlphaNum 32 | b64enc) }}
+  password: {{ $secretKey | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/tandoor-recipes/values.yaml b/charts/tandoor-recipes/values.yaml
index e62354d..92e0ed6 100644
--- a/charts/tandoor-recipes/values.yaml
+++ b/charts/tandoor-recipes/values.yaml
@@ -38,19 +38,41 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 80
+  port: 8080
+
+externalPostgresql:
+  enabled: false
+  # host: postgres
+  port: 5432
+  database: recipes
+  username: recipes
+  # password: recipes
+
+postgresql:
+  enabled: true
+  auth:
+    database: recipes
+    username: recipes
+    password: recipes
+
 
 recipes:
-  db:
-      # -- Database name
-      name: recipes
-      # -- Database hostname
-      host: ""
-      # -- Database password
-      password: freshrss
-      # -- Database user
-      user: freshrss
-
+  secretKey: ""
+  persistence:
+    static:
+      enabled: false
+      existingClaim: ""
+      annotations: {}
+      accessMode: ReadWriteOnce
+      storageClass: ""
+      size: 1Gi
+    media:
+      enabled: false
+      existingClaim: ""
+      annotations: {}
+      accessMode: ReadWriteOnce
+      storageClass: ""
+      size: 1Gi
 ingress:
   enabled: false
   className: ""
@@ -58,14 +80,14 @@ ingress:
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
-    - host: chart-example.local
+    - host: recipes.local
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls: []
-  #  - secretName: chart-example-tls
+  #  - secretName: recipes-tls
   #    hosts:
-  #      - chart-example.local
+  #      - recipes.local
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -79,13 +101,6 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
 nodeSelector: {}
 
 tolerations: []