diff --git a/helm-config/README.md b/helm-config/README.md
new file mode 100644
index 0000000..6237169
--- /dev/null
+++ b/helm-config/README.md
@@ -0,0 +1,19 @@
+# Helm Chart Template
+
+## Copy chart to your repo
+
+## Setting specifics in values.yaml
+
+Replace `replaceme` in the values.yaml with the name of your service.
+
+Set the liveness and readiness check timeouts appropriately for your service if
+it takes longer to start up or is typically slower to respond.
+
+Set the liveness and readiness check endpoints to `/healthz` if your service
+handles that endpoint or `/v1/healthz` or otherwise if your service is special.
+
+Set replicaCount to how many instances of your service should be running by
+default.
+
+If the component needs an ingress (accessibility to the internet) set the
+ingress enabled field to true and set the hostname to be appropriate.
diff --git a/helm-config/templates/_helpers.tpl b/helm-config/templates/_helpers.tpl
deleted file mode 100644
index e482c9e..0000000
--- a/helm-config/templates/_helpers.tpl
+++ /dev/null
@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "helm-config.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "helm-config.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "helm-config.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
diff --git a/helm-config/templates/deployment.yaml b/helm-config/templates/deployment.yaml
index 8d30bff..3b8bfd3 100644
--- a/helm-config/templates/deployment.yaml
+++ b/helm-config/templates/deployment.yaml
@@ -1,10 +1,10 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "helm-config.fullname" . }}
+  name: {{ .Chart.Name }}
   labels:
-    app.kubernetes.io/name: {{ include "helm-config.name" . }}
-    helm.sh/chart: {{ include "helm-config.chart" . }}
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
@@ -13,14 +13,17 @@ spec:
     type: {{ .Values.strategy.type }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "helm-config.name" . }}
+      app.kubernetes.io/name: {{ .Chart.Name }}
       app.kubernetes.io/instance: {{ .Release.Name }}
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "helm-config.name" . }}
+        app.kubernetes.io/name: {{ .Chart.Name }}
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
+  {{- if .Values.serviceAccount.enabled }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+  {{- end }}
       containers:
       - args:
         name: {{ .Chart.Name }}
@@ -33,18 +36,19 @@ spec:
           - name: {{ .Values.service.portName }}
             containerPort: {{ .Values.service.containerPort }}
         readinessProbe:
-          initialDelaySeconds: 20
+          initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
           httpGet:
-            path: /healthz
+            path: {{ .Values.readiness.path }}
             port: {{ .Values.service.containerPort }}
             httpHeaders:
             - name: x-request-id
               value: k8s-healthz
         livenessProbe:
-          timeoutSeconds: 10
-          initialDelaySeconds: 20
+          initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           httpGet:
-            path: /healthz
+            path: {{ .Values.liveness.path }}
             port: {{ .Values.service.containerPort }}
             httpHeaders:
             - name: x-request-id
diff --git a/helm-config/templates/ingress.yaml b/helm-config/templates/ingress.yaml
new file mode 100644
index 0000000..9615aa0
--- /dev/null
+++ b/helm-config/templates/ingress.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ .Chart.Name }}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: {{ .Values.ingress.class }}
+    kubernetes.io/ingress.ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+      - backend:
+          serviceName: {{ .Chart.Name }}
+          servicePort: {{ .Values.service.port }}
+        path: /
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: {{ .Values.ingress.secret }}
+{{- end -}}
diff --git a/helm-config/templates/service.yaml b/helm-config/templates/service.yaml
index ec2fc5d..ddf65e0 100644
--- a/helm-config/templates/service.yaml
+++ b/helm-config/templates/service.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "helm-config.fullname" . }}
+  name: {{ .Chart.Name }}
   labels:
-    app.kubernetes.io/name: {{ include "helm-config.name" . }}
-    helm.sh/chart: {{ include "helm-config.chart" . }}
+    app.kubernetes.io/name: {{ .Chart.Name }}
+    helm.sh/chart: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
@@ -14,5 +14,5 @@ spec:
       targetPort: {{ .Values.service.targetPort }}
       name: {{ .Values.service.portName }}
   selector:
-    app.kubernetes.io/name: {{ include "helm-config.name" . }}
+    app.kubernetes.io/name: {{ .Chart.Name }}
     app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/helm-config/values.yaml b/helm-config/values.yaml
index dcb2ff2..8a78ac1 100644
--- a/helm-config/values.yaml
+++ b/helm-config/values.yaml
@@ -1,19 +1,22 @@
 # Default values for helm-config.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+#
+# Update these when you copy the chart to your own repo so they match your
+# service's specifics.
 
 replicaCount: 1
 
 image:
-  repository: aries-key-guardian
-  tag: latest
+  repository: kivaprotocol/aries-key-guardian
+  tag: latest # leave this as latest. CICD will set a specific version tag.
   pullPolicy: Always
   imagePullSecrets:
     - name: "regcred"
 
 nameOverride: "aries-key-guardian"
 fullnameOverride: "aries-key-guardian"
-secrets: "aries-key-guardian-secrets"
+secrets: "aries-key-guardian"
 
 strategy:
   type: "RollingUpdate"
@@ -33,6 +36,29 @@ resources:
     cpu: 1100m
     memory: 607164212
 
+readiness:
+  initialDelaySeconds: 20
+  timeoutSeconds: 1
+  path: /healthz
+
+liveness:
+  initialDelaySeconds: 20
+  timeoutSeconds: 10
+  path: /healthz
+
+ingress:
+  enabled: false # set to true if component needs ingress
+  host: "replaceme.replacethisdomain"
+  class: nginx-ingress-external
+  secret: "replaceme-tls"
+
+# By default services should disable this option as it is used to give the pod
+# elevated k8s privileges
+serviceAccount:
+  enabled: false
+
+# Uncomment below to allocate pods to a specific node type.
+#
 #tolerations:
 #  - effect: NoSchedule
 #    key: crypto