diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml
new file mode 100644
index 0000000..8a7969f
--- /dev/null
+++ b/.github/workflows/helm-chart.yml
@@ -0,0 +1,21 @@
+name: Helm Chart CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Start minikube
+        uses: medyagh/setup-minikube@latest
+
+      - name: Test WIP
+        run: |
+          minikube -p minikube docker-env
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
new file mode 100644
index 0000000..c761ef7
--- /dev/null
+++ b/helm/Chart.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v2
+name: ictu-sonarqube
+version: 1.0.0
+appVersion: "10.3.0"
+description: A SonarQube helm chart with plugins, profiles and config used at ICTU
+type: application
+home: https://github.com/ICTU/sonar
+dependencies:
+  - name: postgresql
+    version: 15.2.2  # appVersion 16.2.0
+    repository: https://charts.bitnami.com/bitnami  # TODO - 3rd party helm chart or postgres docker container? NB: sonar defines bitnami postgres 10.15.0 as a dependency
+  - name: sonarqube
+    version: 10.3.0
+    repository: https://SonarSource.github.io/helm-chart-sonarqube
diff --git a/helm/templates/sonarqube-env-vars-configmap.yaml b/helm/templates/sonarqube-env-vars-configmap.yaml
new file mode 100644
index 0000000..30e877f
--- /dev/null
+++ b/helm/templates/sonarqube-env-vars-configmap.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-sonarqube-env-vars
+  labels:
+    app: sonarqube
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{- range $key, $val := .Values.env_vars }}
+  {{ $key }}: "{{ $val }}"
+{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
new file mode 100644
index 0000000..0c48852
--- /dev/null
+++ b/helm/values.yaml
@@ -0,0 +1,55 @@
+---
+env_vars:
+  SONARQUBE_USERNAME: "admin"
+  SONARQUBE_PASSWORD: "admin123"
+
+settings:
+  sonar.core.serverBaseURL: "test.local"
+  sonar.forceAuthentication: false
+
+postgresql:
+  audit:
+    logTimezone: "Europe/Amsterdam"
+  auth:
+    username: sonar
+    database: sonar
+    existingSecret: sonarqube-postgresql-secret
+    secretKeys:
+      userPasswordKey: sonar_db_password
+      adminPasswordKey: postgres_db_password
+  primary:
+    persistence:
+      size: 1Gi
+    extraVolumes:
+      - name: tz-config
+        hostPath:
+          path: /etc/localtime
+    extraVolumeMounts:
+      - name: tz-config
+        mountPath: /etc/localtime
+
+sonarqube:
+  image:
+    repository: ictu/sonar
+    tag: "10.3.0"
+    pullPolicy: IfNotPresent
+  jdbcOverwrite:
+    enable: true
+    jdbcUrl: jdbc:postgresql://ictu-sonarqube-postgresql:5432/sonar?socketTimeout=1500
+    jdbcUsername: "sonar"
+    jdbcSecretName: sonarqube-postgresql-secret
+    jdbcSecretPasswordKey: sonar_db_password
+  nginx:
+    enabled: false
+  postgresql:
+    enabled: false
+  initSysctl:
+    enabled: false
+  initFs:
+    enabled: false
+  ingress:
+    enabled: false
+
+  extraConfig:
+    configmaps:
+      - ictu-sonarqube-sonarqube-env-vars