diff --git a/watcher/Chart.yaml b/watcher/Chart.yaml
index 282e9b2..d150dd1 100644
--- a/watcher/Chart.yaml
+++ b/watcher/Chart.yaml
@@ -18,4 +18,6 @@ version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.16.0
+appVersion: v3.10.5
+
+icon: https://github.com/barbequesauce/Watcher3/blob/master/static/images/vector/watcher%20logo%20large.svg
diff --git a/watcher/templates/deployment.yaml b/watcher/templates/deployment.yaml
deleted file mode 100644
index d0ce6cc..0000000
--- a/watcher/templates/deployment.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "watcher.fullname" . }}
-  labels:
-    {{- include "watcher.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "watcher.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "watcher.selectorLabels" . | nindent 8 }}
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      serviceAccountName: {{ include "watcher.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /
-              port: http
-          readinessProbe:
-            httpGet:
-              path: /
-              port: http
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
diff --git a/watcher/templates/service.yaml b/watcher/templates/service.yaml
index fc6f601..3be036c 100644
--- a/watcher/templates/service.yaml
+++ b/watcher/templates/service.yaml
@@ -8,8 +8,8 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: http
+      targetPort: 9090
       protocol: TCP
-      name: http
+      name: watcher
   selector:
     {{- include "watcher.selectorLabels" . | nindent 4 }}
diff --git a/watcher/templates/statefulset.yaml b/watcher/templates/statefulset.yaml
new file mode 100644
index 0000000..8e19973
--- /dev/null
+++ b/watcher/templates/statefulset.yaml
@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "watcher.fullname" . }}
+  labels:
+    {{- include "watcher.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  serviceName: {{ include "watcher.fullname" . }}
+  selector:
+    matchLabels:
+      {{- include "watcher.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "watcher.selectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "watcher.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: watcher
+              containerPort: 9090
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 9090
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 9090
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - name: app-local-config
+            mountPath: /config
+            mountPropagation: HostToContainer
+          - name: watcher-config
+            mountPath: /config/backup
+            subPath: backup
+          - name: watcher-config
+            mountPath: /config/posters
+            subPath: posters
+          - name: watcher-media-pv
+            mountPath: /media
+        - name: {{ .Chart.Name }}-sidecar
+          image: harbor.ervine.dev/alpine/x86_64/alpine/db-sidecar
+          imagePullPolicy: Always
+          securityContext:
+            privileged: true
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                - umount
+                - /mnt/app-local-config
+          volumeMounts:
+          - name: watcher-config
+            mountPath: /app-remote-config
+          - name: app-local-config
+            mountPath: /mnt/app-local-config
+            mountPropagation: Bidirectional
+      volumes:
+      - name: app-local-config
+        emptyDir: {}
+      - name: watcher-media-pv
+        persistentVolumeClaim:
+          claimName: {{ .Values.mediaPvc }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+  volumeClaimTemplates:
+  - metadata:
+      name: watcher-config
+    spec:
+      accessModes: ['ReadWriteOnce']
+      storageClassName: {{ .Values.config.storageClassName | quote }}
+      resources:
+        requests:
+          storage: {{ .Values.config.storageSize }}
diff --git a/watcher/values.yaml b/watcher/values.yaml
index 76c1fad..4be59ad 100644
--- a/watcher/values.yaml
+++ b/watcher/values.yaml
@@ -5,7 +5,7 @@
 replicaCount: 1
 
 image:
-  repository: nginx
+  repository: harbor.ervine.dev/public/x86_64/alpine/watcher
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -22,17 +22,17 @@ serviceAccount:
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
   # capabilities:
   #   drop:
   #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1003
 
 service:
   type: ClusterIP
-  port: 80
+  port: 9090
 
 ingress:
   enabled: false
@@ -47,7 +47,7 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -55,12 +55,19 @@ resources: {}
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+  requests:
+    cpu: 20m
+    memory: 64Mi
 
-nodeSelector: {}
+nodeSelector:
+  location: livingRoom
 
 tolerations: []
 
 affinity: {}
+
+config:
+  storageClassName: nfs-client-hermes
+  storageSize: 5Gi
+
+mediaPvc: watcher-media-pvc