diff --git a/.gitignore b/.gitignore
index c86d2c3..8918dbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,5 @@
 **/private.yaml
 vault_password
 # Helm Charts
-values.yaml
 charts/
 .env
diff --git a/ansible/inventories/host_vars/application_server/public.yaml b/ansible/inventories/host_vars/application_server/public.yaml
index 321d42f..6561f00 100644
--- a/ansible/inventories/host_vars/application_server/public.yaml
+++ b/ansible/inventories/host_vars/application_server/public.yaml
@@ -1,3 +1,3 @@
 ---
 server_name: applications
-server_type: cax11
+server_type: cax21
diff --git a/helm/configserver/values.yaml b/helm/configserver/values.yaml
new file mode 100644
index 0000000..c86739e
--- /dev/null
+++ b/helm/configserver/values.yaml
@@ -0,0 +1,140 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+image:
+  repository: 2martens/configserver
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: ""
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: &applicationPort 8888
+  actuatorPort: &actuatorPort 13000
+  profile: prod
+  isSpring: true
+  prefix: /config
+  repositoryPath: "https://git.2martens.de/2martens/{application}"
+  searchPath: module-server/src/main/resources/config
+  kafka:
+    host: kafka
+    port: 9092
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: PORT
+    value: "{{ .Values.application.port }}"
+  - name: ACTUATOR_PORT
+    value: "{{ .Values.application.actuatorPort }}"
+  - name: PREFIX
+    value: "{{ .Values.application.prefix }}"
+  - name: REPOSITORY_PATH
+    value: "{{ .Values.application.repositoryPath }}"
+  - name: SEARCH_PATH
+    value: "{{ .Values.application.searchPath }}"
+  - name: KAFKA_HOST
+    value: "{{ .Values.application.kafka.host }}"
+  - name: KAFKA_PORT
+    value: "{{ .Values.application.kafka.port }}"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets: {}
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: *applicationPort
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: *actuatorPort
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: true
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: true
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+resources: {}
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}
diff --git a/helm/kafka/values.yaml b/helm/kafka/values.yaml
new file mode 100644
index 0000000..0f11f72
--- /dev/null
+++ b/helm/kafka/values.yaml
@@ -0,0 +1,137 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+image:
+  repository: confluentinc/cp-kafka
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: "latest"
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: &applicationPort 9092
+  actuatorPort: 8081
+  profile: prod
+  isSpring: false
+  zookeeper:
+    host: zookeeper
+    port: 2181
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: KAFKA_BROKER_ID
+    value: "1"
+  - name: KAFKA_ZOOKEEPER_CONNECT
+    value: "{{ .Values.application.zookeeper.host }}:{{ .Values.application.zookeeper.port }}"
+  - name: KAFKA_LISTENERS
+    value: "PLAINTEXT://0.0.0.0:{{ .Values.application.port }}"
+  - name: KAFKA_ADVERTISED_LISTENERS
+    value: "PLAINTEXT://kafka:{{ .Values.application.port }}"
+  - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+    value: PLAINTEXT:PLAINTEXT
+  - name: KAFKA_INTER_BROKER_LISTENER_NAME
+    value: PLAINTEXT
+  - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
+    value: "1"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets: {}
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: *applicationPort
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: 8081
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: false
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: false
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+resources: {}
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}
diff --git a/helm/wahlrecht/Chart.lock b/helm/wahlrecht/Chart.lock
index 7b1ffe1..6adee9d 100644
--- a/helm/wahlrecht/Chart.lock
+++ b/helm/wahlrecht/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: template
   repository: file://../template
-  version: 0.1.6
-digest: sha256:40131d6bbdde57f882dcdc958122f7a3553e3b71e6f24445a17dd12182b99bed
-generated: "2023-08-20T23:07:51.509297+02:00"
+  version: 0.1.10
+digest: sha256:e247e20ffcec4f6fa17ca05e6be348be71879de789a0000d498bfeffae95d2ef
+generated: "2023-10-28T22:37:48.12719+02:00"
diff --git a/helm/wahlrecht/Chart.yaml b/helm/wahlrecht/Chart.yaml
index eafee7f..ccf79eb 100644
--- a/helm/wahlrecht/Chart.yaml
+++ b/helm/wahlrecht/Chart.yaml
@@ -10,5 +10,5 @@ sources:
   - https://git.2martens.de/2martens/wahlrecht
 dependencies:
   - name: template
-    version: 0.1.6
+    version: 0.1.10
     repository: file://../template
diff --git a/helm/wahlrecht/values.yaml b/helm/wahlrecht/values.yaml
new file mode 100644
index 0000000..c34348a
--- /dev/null
+++ b/helm/wahlrecht/values.yaml
@@ -0,0 +1,151 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+image:
+  repository: 2martens/wahlrecht
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: ""
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: 12000
+  actuatorPort: 12001
+  profile: prod
+  isSpring: true
+  keycloak:
+    url: https://id.2martens.de
+    realm: 2martens
+  configserver:
+    scheme: http
+    host: configserver
+    port: 8888
+    prefix: /config
+  kafka:
+    host: kafka
+    port: 9092
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: KEYCLOAK_URL
+    value: "{{ .Values.application.keycloak.url }}"
+  - name: KEYCLOAK_REALM
+    value: "{{ .Values.application.keycloak.realm }}"
+  - name: CONFIGSERVER_SCHEME
+    value: "{{ .Values.application.configserver.scheme }}"
+  - name: CONFIGSERVER_HOST
+    value: "{{ .Values.application.configserver.host }}"
+  - name: CONFIGSERVER_PORT
+    value: "{{ .Values.application.configserver.port }}"
+  - name: CONFIGSERVER_PREFIX
+    value: "{{ .Values.application.configserver.prefix }}"
+  - name: KAFKA_HOST
+    value: "{{ .Values.application.kafka.host }}"
+  - name: KAFKA_PORT
+    value: "{{ .Values.application.kafka.port }}"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets:
+  # Needs to be overwritten and in base64 encoding
+  MONGODB_CONNECTION_STRING: ""
+  # Needs to be overwritten and in base64 encoding
+  CLIENT_SECRET: ""
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: 12000
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: 12001
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: true
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: true
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+resources: {}
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}
diff --git a/helm/zookeeper/values.yaml b/helm/zookeeper/values.yaml
new file mode 100644
index 0000000..367abc5
--- /dev/null
+++ b/helm/zookeeper/values.yaml
@@ -0,0 +1,125 @@
+# Copy these values to your application chart completely and then modify those bits where
+# the default for your application differs. The image.repository is a prime candidate for that.
+
+replicaCount: 1
+image:
+  repository: confluentinc/cp-zookeeper
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is latest
+  tag: "latest"
+# If image is not accessible for Kubernetes without authentication, configure required secrets here
+# will be added verbatim to imagePullSecrets in deployment pod template
+imagePullSecrets: []
+# Overrides the name being used in, for example, annotations
+# by default it is the chart name
+nameOverride: ""
+# Overrides the name being used for the name of Kubernetes resources
+# by default release name if it contains the chart name, otherwise releaseName-chartName
+fullnameOverride: ""
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+# Configure annotations for the pod, will be added verbatim to key annotations in pod metadata
+podAnnotations: {}
+# Configure the security context of the application pod
+podSecurityContext: {}
+# fsGroup: 2000
+
+# Configure security context of the application container
+securityContext: {}
+#   capabilities:
+#     drop:
+#     - ALL
+#   readOnlyRootFilesystem: true
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+application:
+  port: 2181
+  actuatorPort: 8081
+  profile: prod
+  isSpring: false
+  tickTime: 2000
+# Overwrite with application specific environment variables
+# Each item has key and value, where the value is parsed as a template
+environment:
+  - name: ZOOKEEPER_CLIENT_PORT
+    value: "{{ .Values.application.port }}"
+  - name: ZOOKEEPER_TICK_TIME
+    value: "{{ .Values.application.tickTime }}"
+enableServiceLinks: false
+# Contents of this object will be added to a Kubernetes secret data section and Base64 encoded
+# External secrets are not supported by this template
+secrets: {}
+# Configure the service
+service:
+  type: ClusterIP
+  # port is targeting the containerPort http, described by application.port
+  port: 2181
+  # actuatorPort is targeting the containerPort http-actuator, described by application.actuatorPort
+  # only used if application.isSpring=true
+  actuatorPort: 8081
+# Configure the liveness probe
+# Defaults fitting for Spring Boot application that has livenessProbe enabled
+livenessProbe:
+  enabled: false
+  path: /actuator/health/liveness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 120
+# Configure the readiness probe
+# Defaults fitting for Spring Boot application that has readinessProbe enabled
+readinessProbe:
+  enabled: false
+  path: /actuator/health/readiness
+  port: http-actuator
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  # Allows you to specify the number of seconds the application can take to answer readinessProbe
+  # before failure is assumed by Kubernetes
+  timeoutSeconds: 1
+# Configure ingress if desired (exposing app beyond the boundaries of the cluster)
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+resources: {}
+# limits:
+#   cpu: 100m
+#   memory: 128Mi
+# requests:
+#   cpu: 100m
+#   memory: 128Mi
+
+# Configure autoscaling
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+# Configure nodeSelector, contents will be added verbatim to key nodeSelector in deployment pod template
+nodeSelector: {}
+# Configure tolerations, contents will be added verbatim to key tolerations in deployment pod template
+tolerations: []
+# Configure affinity, contents will be added verbatim to key affinity in deployment pod template
+affinity: {}
+# podSpec: will be added at the bottom of the pod template in the deployment
+podSpec: {}
+# containerSpec: will be added at the bottom of the container specification in the pod template
+containerSpec: {}