diff --git a/README.md b/README.md
index a3cf493..4fa4770 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,18 @@
 # Tetrate Istio Distribution Helm Charts
+
+## Usage
+
+[Helm](https://helm.sh) must be installed to use the charts.
+Please refer to Helm's [documentation](https://helm.sh/docs/) to get started.
+
+Once Helm is set up properly, add the repository as follows:
+
+```console
+helm repo add tetratelabs https://tetratelabs.github.io/helm-charts
+```
+
+You can then run `helm search repo tetratelabs` to see the charts.
+
+> [!NOTE]
+> To list down all versions, you need to provide the `-l` and `--devel` flags.
+> It is recommended to migrate to the newer charts repo: https://tis.tetrate.io/charts.
diff --git a/charts/addons/istio-registry-sync/.helmignore b/charts/addons/istio-registry-sync/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/addons/istio-registry-sync/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/addons/istio-registry-sync/Chart.yaml b/charts/addons/istio-registry-sync/Chart.yaml
new file mode 100644
index 0000000..00f79e8
--- /dev/null
+++ b/charts/addons/istio-registry-sync/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: istio-registry-sync
+description: Helm chart for deploying Istio Registry Sync
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.5
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: v0.5.2
+
+annotations:
+  tetrate.io/addon: "true"
diff --git a/charts/addons/istio-registry-sync/README.md b/charts/addons/istio-registry-sync/README.md
new file mode 100644
index 0000000..ac7f134
--- /dev/null
+++ b/charts/addons/istio-registry-sync/README.md
@@ -0,0 +1,33 @@
+# istio-registry-sync
+
+![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.5.2](https://img.shields.io/badge/AppVersion-v0.5.2-informational?style=flat-square)
+
+Helm chart for deploying Istio Registry Sync
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| cloudmap.region | string | `""` | AWS Region to use to connect to Cloud Map |
+| consul.endpoint | string | `""` | Consul's endpoint to query service catalog |
+| consul.namespace | string | `""` | Consul's namespace to search service catalog |
+| consul.token | string | `""` | Consul's ACL token to access service catalog |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"addon-containers.istio.tetratelabs.com/istio-registry-sync"` |  |
+| image.tag | string | `"v0.5.1"` |  |
+| imagePullSecrets | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| publishNamespace | string | `""` | Istio Registry Sync publishes ServiceEntry into this namespace or the namespace it is deployed into |
+| resources | object | `{}` |  |
+| resyncPeriod | int | `5` | Interval in seconds between syncing |
+| securityContext | object | `{}` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` |  |
+
diff --git a/charts/addons/istio-registry-sync/templates/NOTES.txt b/charts/addons/istio-registry-sync/templates/NOTES.txt
new file mode 100644
index 0000000..e69de29
diff --git a/charts/addons/istio-registry-sync/templates/_helpers.tpl b/charts/addons/istio-registry-sync/templates/_helpers.tpl
new file mode 100644
index 0000000..51bbd52
--- /dev/null
+++ b/charts/addons/istio-registry-sync/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "istio-registry-sync.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "istio-registry-sync.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "istio-registry-sync.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "istio-registry-sync.labels" -}}
+helm.sh/chart: {{ include "istio-registry-sync.chart" . }}
+{{ include "istio-registry-sync.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/part-of: tis
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "istio-registry-sync.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "istio-registry-sync.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "istio-registry-sync.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "istio-registry-sync.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/addons/istio-registry-sync/templates/deployment.yaml b/charts/addons/istio-registry-sync/templates/deployment.yaml
new file mode 100644
index 0000000..9f264b3
--- /dev/null
+++ b/charts/addons/istio-registry-sync/templates/deployment.yaml
@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "istio-registry-sync.fullname" . }}
+  labels:
+    {{- include "istio-registry-sync.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "istio-registry-sync.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "istio-registry-sync.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "istio-registry-sync.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+          - serve
+          {{- if .Values.consul.endpoint }} 
+          - --consul-endpoint={{ .Values.consul.endpoint }}
+          {{- end }}
+          {{- if .Values.consul.token }}
+          - --consul-token={{ .Values.consul.token }}
+          {{- end }}
+          {{- if .Values.consul.namespace }}
+          - --consul-namespace={{ .Values.consul.namespace }}
+          {{- end }}
+          {{- if .Values.resyncPeriod }}
+          - --resync-period={{ .Values.resyncPeriod }}
+          {{- end }}
+          env:
+          - name: PUBLISH_NAMESPACE
+            {{- if .Values.publishNamespace }}
+            value: {{ .Values.publishNamespace }}
+            {{ else }}
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+            {{- end }}
+          {{- if .Values.cloudmap.region }}
+          - name: AWS_REGION
+            value: {{ .Values.cloudmap.region }}
+          {{- end }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/addons/istio-registry-sync/templates/rbac.yaml b/charts/addons/istio-registry-sync/templates/rbac.yaml
new file mode 100644
index 0000000..c237b79
--- /dev/null
+++ b/charts/addons/istio-registry-sync/templates/rbac.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "istio-registry-sync.fullname" . }}-cluster-role
+  labels:
+  {{- include "istio-registry-sync.selectorLabels" . | nindent 4 }}
+rules:
+- apiGroups: ["networking.istio.io"]
+  resources: ["serviceentries"]
+  verbs: ["create", "get", "list", "watch", "patch", "delete", "update"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "istio-registry-sync.fullname" . }}-rolebinding
+  labels:
+  {{- include "istio-registry-sync.selectorLabels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "istio-registry-sync.fullname" . }}-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "istio-registry-sync.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/addons/istio-registry-sync/templates/serviceaccount.yaml b/charts/addons/istio-registry-sync/templates/serviceaccount.yaml
new file mode 100644
index 0000000..52c31ad
--- /dev/null
+++ b/charts/addons/istio-registry-sync/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "istio-registry-sync.serviceAccountName" . }}
+  labels:
+    {{- include "istio-registry-sync.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/addons/istio-registry-sync/values.yaml b/charts/addons/istio-registry-sync/values.yaml
new file mode 100644
index 0000000..0068626
--- /dev/null
+++ b/charts/addons/istio-registry-sync/values.yaml
@@ -0,0 +1,51 @@
+# -- Istio Registry Sync publishes ServiceEntry into this namespace or the namespace it is deployed into
+publishNamespace: ""
+
+# -- Interval in seconds between syncing
+resyncPeriod: 5
+
+cloudmap:
+  # -- AWS Region to use to connect to Cloud Map
+  region: ""
+
+consul:
+  # -- Consul's namespace to search service catalog
+  namespace: ""
+  # -- Consul's endpoint to query service catalog
+  endpoint: ""
+  # -- Consul's ACL token to access service catalog
+  token: ""
+
+image:
+  repository: addon-containers.istio.tetratelabs.com/istio-registry-sync
+  pullPolicy: IfNotPresent
+  tag: v0.5.1
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  # Example of how to associate AWS IAM role with ServiceAccount for AWS Cloud Map integration
+  # https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
+  # annotations:
+  #   eks.amazonaws.com/role-arn: arn:aws:iam::819220072900:role/cloudmap-read
+  annotations: {}
+  # -- The name of the service account to use.
+  # -- If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+
+securityContext: {}
+
+resources: {}
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/charts/demos/istio-monitoring-demo/.helmignore b/charts/demos/istio-monitoring-demo/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/demos/istio-monitoring-demo/Chart.lock b/charts/demos/istio-monitoring-demo/Chart.lock
new file mode 100644
index 0000000..274f699
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: grafana
+  repository: https://grafana.github.io/helm-charts
+  version: 6.58.4
+- name: prometheus
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 19.6.1
+- name: kube-state-metrics
+  repository: https://prometheus-community.github.io/helm-charts
+  version: 5.14.0
+digest: sha256:b7d61f82199fa993f213d2e05ec3034d353291c36b8891f412a5adc0d93fbb27
+generated: "2023-10-16T16:28:28.372508+08:00"
diff --git a/charts/demos/istio-monitoring-demo/Chart.yaml b/charts/demos/istio-monitoring-demo/Chart.yaml
new file mode 100644
index 0000000..833e092
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/Chart.yaml
@@ -0,0 +1,41 @@
+apiVersion: v2
+name: istio-monitoring-demo
+description: Helm chart for deploying Istio Monitoring demo
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.2.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v0.1.0"
+
+dependencies:
+  - name: grafana
+    condition: grafana.enabled
+    repository: https://grafana.github.io/helm-charts
+    version: 6.58.4
+  - name: prometheus
+    condition: prometheus.enabled
+    repository: https://prometheus-community.github.io/helm-charts
+    version: 19.6.1
+  - name: kube-state-metrics
+    condition: kube-state-metrics.enabled
+    repository: https://prometheus-community.github.io/helm-charts
+    version: 5.14.0
+
+annotations:
+  tetrate.io/demo: "true"
diff --git a/charts/demos/istio-monitoring-demo/README.md b/charts/demos/istio-monitoring-demo/README.md
new file mode 100644
index 0000000..0f8c548
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/README.md
@@ -0,0 +1,48 @@
+# istio-monitoring-demo
+
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+
+Helm chart for deploying Istio Monitoring demo
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| [https://grafana.github.io/helm-charts](https://grafana.github.io/helm-charts) | grafana | 6.58.4 |
+| [https://prometheus-community.github.io/helm-charts](https://prometheus-community.github.io/helm-charts) | kube-state-metrics | 5.14.0 |
+| [https://prometheus-community.github.io/helm-charts](https://prometheus-community.github.io/helm-charts) | prometheus | 19.6.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| grafana.admin.existingSecret | string | `""` |  |
+| grafana.enabled | bool | `true` |  |
+| grafana.env.GF_AUTH_ANONYMOUS_ENABLED | string | `"true"` |  |
+| grafana.env.GF_AUTH_ANONYMOUS_ORG_ROLE | string | `"Admin"` |  |
+| grafana.env.GF_AUTH_BASIC_ENABLED | string | `"false"` |  |
+| grafana.env.GF_SECURITY_ADMIN_PASSWORD | string | `"admin"` |  |
+| grafana.env.GF_SECURITY_ADMIN_USER | string | `"admin"` |  |
+| grafana.fullnameOverride | string | `"grafana"` |  |
+| grafana.ldap.existingSecret | bool | `true` |  |
+| grafana.podLabels."sidecar.istio.io/inject" | string | `"false"` |  |
+| grafana.podLabels.app | string | `"grafana"` |  |
+| grafana.rbac.create | bool | `false` |  |
+| grafana.rbac.pspEnabled | bool | `false` |  |
+| grafana.service.port | int | `3000` |  |
+| grafana.testFramework.enabled | bool | `false` |  |
+| kube-state-metrics.customLabels."sidecar.istio.io/inject" | string | `"false"` |  |
+| kube-state-metrics.enabled | bool | `true` |  |
+| prometheus.alertmanager.enabled | bool | `false` |  |
+| prometheus.enabled | bool | `true` |  |
+| prometheus.kube-state-metrics.enabled | bool | `false` |  |
+| prometheus.prometheus-node-exporter.enabled | bool | `false` |  |
+| prometheus.prometheus-pushgateway.enabled | bool | `false` |  |
+| prometheus.server.fullnameOverride | string | `"prometheus"` |  |
+| prometheus.server.global.scrape_interval | string | `"15s"` |  |
+| prometheus.server.image.repository | string | `"prom/prometheus"` |  |
+| prometheus.server.persistentVolume.enabled | bool | `false` |  |
+| prometheus.server.podLabels."sidecar.istio.io/inject" | string | `"false"` |  |
+| prometheus.server.readinessProbeInitialDelay | int | `0` |  |
+| prometheus.server.service.servicePort | int | `9090` |  |
+
diff --git a/charts/demos/istio-monitoring-demo/templates/NOTES.txt b/charts/demos/istio-monitoring-demo/templates/NOTES.txt
new file mode 100644
index 0000000..c547d99
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/templates/NOTES.txt
@@ -0,0 +1,11 @@
+"{{ .Release.Name }}" successfully installed!
+
+To learn more about the release, try:
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}
+
+{{ if .Values.grafana.enabled }}
+Running these commands in the shell to make Grafana avaiable to access on localhost:3000:
+
+  $ kubectl --namespace {{ .Release.Namespace }} port-forward svc/grafana 3000:3000
+{{ end }}
diff --git a/charts/demos/istio-monitoring-demo/values.yaml b/charts/demos/istio-monitoring-demo/values.yaml
new file mode 100644
index 0000000..df5687a
--- /dev/null
+++ b/charts/demos/istio-monitoring-demo/values.yaml
@@ -0,0 +1,68 @@
+grafana:
+  enabled: true
+  fullnameOverride: grafana
+  # Avoid creating a bunch of RBAC rules for features we are not enabling
+  rbac:
+    create: false
+    pspEnabled: false
+
+  # Disable test pods
+  testFramework:
+    enabled: false
+
+  # For istioctl dashboard, we will look for this label
+  podLabels:
+    app: grafana
+    sidecar.istio.io/inject: "false"
+
+  # Demo only, so we will have no authentication
+  admin:
+    existingSecret: ""
+  ldap:
+    existingSecret: true
+  env:
+    GF_SECURITY_ADMIN_USER: "admin"
+    GF_SECURITY_ADMIN_PASSWORD: "admin"
+    GF_AUTH_BASIC_ENABLED: "false"
+    GF_AUTH_ANONYMOUS_ENABLED: "true"
+    GF_AUTH_ANONYMOUS_ORG_ROLE: Admin
+
+  # Expose on port 3000 to match the Istio docs
+  service:
+    port: 3000
+
+prometheus:
+  enabled: true
+  # To simplify the deployment, disable non-essential components
+  alertmanager:
+    enabled: false
+  prometheus-pushgateway:
+    enabled: false
+  kube-state-metrics:
+    enabled: false
+  prometheus-node-exporter:
+    enabled: false
+  server:
+    podLabels:
+      sidecar.istio.io/inject: "false"
+    persistentVolume:
+      enabled: false
+    # Use port 9090 to match Istio documentation
+    service:
+      servicePort: 9090
+    readinessProbeInitialDelay: 0
+    # Speed up scraping a bit from the default
+    global:
+      scrape_interval: 15s
+
+    # Match legacy addon deployment
+    fullnameOverride: prometheus
+
+    # use dockerhub
+    image:
+      repository: prom/prometheus
+
+kube-state-metrics:
+  enabled: true
+  customLabels:
+    sidecar.istio.io/inject: "false"
diff --git a/charts/system/agent/Chart.yaml b/charts/system/agent/Chart.yaml
new file mode 100644
index 0000000..106cde5
--- /dev/null
+++ b/charts/system/agent/Chart.yaml
@@ -0,0 +1,7 @@
+annotations:
+  tetrate.io/system: "true"
+apiVersion: v2
+appVersion: 0.0.3
+description: Helm chart for deploying TIS Agent
+name: agent
+version: 0.0.3
diff --git a/charts/system/agent/README.md b/charts/system/agent/README.md
new file mode 100644
index 0000000..bbd767a
--- /dev/null
+++ b/charts/system/agent/README.md
@@ -0,0 +1,26 @@
+# agent
+
+![Version: 0.0.3](https://img.shields.io/badge/Version-0.0.3-informational?style=flat-square) ![AppVersion: 0.0.3](https://img.shields.io/badge/AppVersion-0.0.3-informational?style=flat-square)
+
+Helm chart for deploying TIS Agent
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.name | string | `"gcr.io/tetratelabs/tis/agent:v0.0.3@sha256:7118f8b0634c6313e7dfb20804d3c03ff0651eed28085a4f8c3393969808d66d"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.pullSecrets | list | `[]` |  |
+| istioRegistrySync.cloudMap.region | string | `""` |  |
+| istioRegistrySync.consul.endpoint | string | `""` |  |
+| istioRegistrySync.consul.namespace | string | `""` |  |
+| istioRegistrySync.consul.token | string | `""` |  |
+| istioRegistrySync.debug | bool | `false` |  |
+| istioRegistrySync.enable | bool | `true` |  |
+| istioRegistrySync.publishNamespace | string | `""` |  |
+| istioRegistrySync.resyncPeriod | int | `5` |  |
+| license | string | `""` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+
diff --git a/charts/system/agent/templates/_helpers.tpl b/charts/system/agent/templates/_helpers.tpl
new file mode 100644
index 0000000..dfb771e
--- /dev/null
+++ b/charts/system/agent/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "agent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "agent.labels" -}}
+{{ include "agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/component: agent
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "agent.fullname" . }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "agent.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/system/agent/templates/config.yaml b/charts/system/agent/templates/config.yaml
new file mode 100644
index 0000000..cf1a614
--- /dev/null
+++ b/charts/system/agent/templates/config.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "agent.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+data:
+  ISTIO_REGISTRY_SYNC_ENABLE: "{{ .Values.istioRegistrySync.enable }}"
+  ISTIO_REGISTRY_SYNC_RESYNC_PERIOD: "{{ .Values.istioRegistrySync.resyncPeriod }}"
+  ISTIO_REGISTRY_SYNC_PUBLISH_NAMESPACE: "{{ .Values.istioRegistrySync.publishNamespace }}"
+  ISTIO_REGISTRY_SYNC_CONSUL_ENDPOINT: "{{ .Values.istioRegistrySync.consul.endpoint }}"
+  ISTIO_REGISTRY_SYNC_CLOUD_MAP_REGION: "{{ .Values.istioRegistrySync.cloudMap.region }}"
diff --git a/charts/system/agent/templates/deployment.yaml b/charts/system/agent/templates/deployment.yaml
new file mode 100644
index 0000000..ecd508b
--- /dev/null
+++ b/charts/system/agent/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "agent.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      {{- include "agent.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "agent.labels" . | nindent 8 }}
+      annotations:
+        prometheus.io/scrape: "true"
+    spec:
+      terminationGracePeriodSeconds: 30
+      serviceAccountName: {{ include "agent.serviceAccountName" . }}
+      {{- with .Values.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ include "agent.fullname" . }}
+          image: {{ .Values.image.name }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            readOnlyRootFilesystem: true
+          envFrom:
+            - configMapRef:
+                name: {{ include "agent.fullname" . }}
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+              hostPort: 3000
+          volumeMounts:
+            - mountPath: /var/tis-agent
+              name: license
+      volumes:
+        - secret:
+            secretName: {{ include "agent.fullname" . }}
+          name: license
diff --git a/charts/system/agent/templates/license.yaml b/charts/system/agent/templates/license.yaml
new file mode 100644
index 0000000..4371e21
--- /dev/null
+++ b/charts/system/agent/templates/license.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "agent.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+stringData:
+  license: {{ .Values.license }}
diff --git a/charts/system/agent/templates/rbac.yaml b/charts/system/agent/templates/rbac.yaml
new file mode 100644
index 0000000..30eab3a
--- /dev/null
+++ b/charts/system/agent/templates/rbac.yaml
@@ -0,0 +1,40 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "agent.fullname" . }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - networking.istio.io
+    resources:
+      - serviceentries
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+      - patch
+      - delete
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "agent.fullname" . }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "agent.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "agent.fullname" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/system/agent/templates/service.yaml b/charts/system/agent/templates/service.yaml
new file mode 100644
index 0000000..cf35da7
--- /dev/null
+++ b/charts/system/agent/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "agent.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+spec:
+  selector:
+    {{- include "agent.selectorLabels" . | nindent 6 }}
+  ports:
+    - name: http
+      port: 3000
+      targetPort: 3000
diff --git a/charts/system/agent/templates/serviceaccount.yaml b/charts/system/agent/templates/serviceaccount.yaml
new file mode 100644
index 0000000..90549d3
--- /dev/null
+++ b/charts/system/agent/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "agent.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "agent.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/system/agent/values.yaml b/charts/system/agent/values.yaml
new file mode 100644
index 0000000..6305171
--- /dev/null
+++ b/charts/system/agent/values.yaml
@@ -0,0 +1,41 @@
+# Istio Registry Sync configuration. https://docs.tetrate.io/istio-subscription/add-ons/registry-sync/introduction.
+istioRegistrySync:
+  # Set this flag to "true" to enable Istio Registry Sync.
+  enable: true
+  # Set this flag to "true" to enable debug mode.
+  debug: false
+  # The interval in seconds between syncing processes.
+  resyncPeriod: 5
+  # The Istio Registry Sync publishes the ServiceEntry into either the namespace where it is deployed or this namespace.
+  publishNamespace: ""
+  # [Consul](https://www.consul.io/) registry configuration. https://docs.tetrate.io/istio-subscription/add-ons/registry-sync/registries/consul.
+  consul:
+    # Consul's endpoint used to query service catalog.
+    endpoint: ""
+    # Consul's token used to query service catalog.
+    token: ""
+    # Consul's namespace used to query service catalog.
+    namespace: ""
+  # [AWS Cloud Map](https://aws.amazon.com/cloud-map/) registry configuration. https://docs.tetrate.io/istio-subscription/add-ons/registry-sync/registries/cloud-map
+  cloudMap:
+    # The AWS region to use for connecting to Cloud Map.
+    region: ""
+image:
+  name: gcr.io/tetratelabs/tis/agent:v0.0.3@sha256:7118f8b0634c6313e7dfb20804d3c03ff0651eed28085a4f8c3393969808d66d
+  pullPolicy: IfNotPresent
+  pullSecrets: []
+# Content of the license file.
+license: ""
+# Service account to be used.
+serviceAccount:
+  # Set this flag to "true" to create a service account.
+  create: true
+  # Set the name of the service account.
+  name: ""
+  # Example of how to associate AWS IAM role with ServiceAccount for AWS Cloud Map integration
+  # https://docs.aws.amazon.com/eks/latest/userguide/associate-service-account-role.html
+  # annotations:
+  #   eks.amazonaws.com/role-arn: arn:aws:iam::819220072900:role/cloudmap-read
+  annotations: {}
+
+---
\ No newline at end of file