diff --git a/Chart.lock b/Chart.lock
new file mode 100644
index 0000000..4b01dcf
--- /dev/null
+++ b/Chart.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 8.2.1
+- name: redis
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 10.4.0
+digest: sha256:6dab63cfbf6a2f363b12ff9cbf683697352acfaa438962ef827418e5e9e7af22
+generated: "2020-02-01T17:08:07.30147224-05:00"
diff --git a/Chart.yaml b/Chart.yaml
index 8b80ac1..7de0199 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -19,3 +19,13 @@ version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: 1.0.0
+
+dependencies:
+  - name: postgresql
+    version: 8.2.1
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    condition: postgresql.enabled
+  - name: redis
+    version: 10.4.0
+    repository: https://kubernetes-charts.storage.googleapis.com/
+    condition: redis.enabled
\ No newline at end of file
diff --git a/charts/postgresql-8.2.1.tgz b/charts/postgresql-8.2.1.tgz
new file mode 100644
index 0000000..fd2656e
Binary files /dev/null and b/charts/postgresql-8.2.1.tgz differ
diff --git a/charts/redis-10.4.0.tgz b/charts/redis-10.4.0.tgz
new file mode 100644
index 0000000..5113f54
Binary files /dev/null and b/charts/redis-10.4.0.tgz differ
diff --git a/templates/secrets.yaml b/templates/secrets.yaml
index 9bffee3..7a9cac3 100644
--- a/templates/secrets.yaml
+++ b/templates/secrets.yaml
@@ -7,4 +7,5 @@ metadata:
 type: Opaque
 data:
   DATABASE_URL: {{ required "databaseURL is a required value." .Values.databaseURL | b64enc | quote }}
-  SECRET_KEY: {{ required "secretKey is a required value." .Values.secretKey | b64enc | quote }}
\ No newline at end of file
+  SECRET_KEY: {{ required "secretKey is a required value." .Values.secretKey | b64enc | quote }}
+  REDIS_URL: "redis"
\ No newline at end of file
diff --git a/templates/deployment.yaml b/templates/web-deployment.yaml
similarity index 83%
rename from templates/deployment.yaml
rename to templates/web-deployment.yaml
index a6d0ec1..d014b71 100644
--- a/templates/deployment.yaml
+++ b/templates/web-deployment.yaml
@@ -1,10 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "glitchtip.fullname" . }}
+  name: {{ include "glitchtip.fullname" . }}-web
   labels:
     {{- include "glitchtip.labels" . | nindent 4 }}
-    lol: "yes"
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -14,6 +13,8 @@ spec:
     metadata:
       labels:
         {{- include "glitchtip.selectorLabels" . | nindent 8 }}
+      annotations:
+        checksum/secrets.yaml: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
     spec:
     {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -39,12 +40,11 @@ spec:
               value: "False"
             - name: STATIC_URL
               value: /
-            - name: DATABASE_URL
-              value: {{ required "databaseURL is a required value." .Values.databaseURL | quote }}
-            - name: SECRET_KEY
-              value: {{ required "secretKey is a required value." .Values.secretKey | quote }}
             - name: ENABLE_SOCIAL_AUTH
               value: {{ .Values.enableSocialAuth | quote }}
+          envFrom:
+            - secretRef:
+                name: {{ include "glitchtip.fullname" . }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
diff --git a/templates/web-hpa.yaml b/templates/web-hpa.yaml
new file mode 100644
index 0000000..ebe36ac
--- /dev/null
+++ b/templates/web-hpa.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.web.hpa.enabled -}}
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "glitchtip.fullname" . }}-web
+  labels:
+    app: {{ template "glitchtip.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  scaleTargetRef:
+    kind: Deployment
+    apiVersion: apps/v1
+    name: {{ template "glitchtip.fullname" . }}-web
+  minReplicas: {{ .Values.web.hpa.minpods }}
+  maxReplicas: {{ .Values.web.hpa.maxpods }}
+  targetCPUUtilizationPercentage: {{ .Values.web.hpa.cputhreshold }}
+{{- end }}
\ No newline at end of file
diff --git a/templates/worker-deployment.yaml b/templates/worker-deployment.yaml
new file mode 100644
index 0000000..ca8c0eb
--- /dev/null
+++ b/templates/worker-deployment.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "glitchtip.fullname" . }}-worker
+  labels:
+    {{- include "glitchtip.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.image.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "glitchtip.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "glitchtip.selectorLabels" . | nindent 8 }}
+      annotations:
+        checksum/secrets.yaml: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.worker.resources | nindent 12 }}
+          env:
+            - name: DEBUG
+              value: "False"
+            - name: STATIC_URL
+              value: /
+            - name: SERVER_ROLE
+              value: "worker"
+          envFrom:
+            - secretRef:
+                name: {{ include "glitchtip.fullname" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
\ No newline at end of file
diff --git a/templates/worker-hpa.yaml b/templates/worker-hpa.yaml
new file mode 100644
index 0000000..86a3672
--- /dev/null
+++ b/templates/worker-hpa.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.worker.hpa.enabled -}}
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "glitchtip.fullname" . }}-worker
+  labels:
+    app: {{ template "glitchtip.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  scaleTargetRef:
+    kind: Deployment
+    apiVersion: apps/v1
+    name: {{ template "glitchtip.fullname" . }}-worker
+  minReplicas: {{ .Values.worker.hpa.minpods }}
+  maxReplicas: {{ .Values.worker.hpa.maxpods }}
+  targetCPUUtilizationPercentage: {{ .Values.worker.hpa.cputhreshold }}
+{{- end }}
\ No newline at end of file
diff --git a/values.yaml b/values.yaml
index d98c9d2..a121e67 100644
--- a/values.yaml
+++ b/values.yaml
@@ -2,8 +2,6 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-replicaCount: 1
-
 image:
   repository: registry.gitlab.com/glitchtip/glitchtip-frontend
   tag: master
@@ -16,6 +14,42 @@ databaseURL:
 secretKey:
 enableSocialAuth: false
 
+web:
+  hpa:
+    enabled: false
+    cputhreshold: 60
+    minpods: 1
+    maxpods: 10
+  replicaCount: 1
+  resources: {}
+    # limits:
+    #   cpu: 500m
+    #   memory: 512Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+worker:
+  replicaCount: 1
+  hpa:
+    enabled: false
+    cputhreshold: 60
+    minpods: 1
+    maxpods: 10
+  resources: {}
+    # limits:
+    #   cpu: 500m
+    #   memory: 256Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -23,17 +57,6 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name:
 
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
 service:
   type: ClusterIP
   port: 80
@@ -51,20 +74,18 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+redis:
+  enabled: true
+  master:
+    persistence:
+      enabled: false
+  slave:
+    persistence:
+      enabled: false
+  cluster:
+    enabled: false
+    slaveCount: 1
 
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
+# Default to disabled, use a managed database service. But can be enabled here.
+postgresql:
+  enabled: false
\ No newline at end of file