diff --git a/.github/workflows/osartifact-chart.yml b/.github/workflows/osartifact-chart.yml
new file mode 100644
index 0000000..b6a66ae
--- /dev/null
+++ b/.github/workflows/osartifact-chart.yml
@@ -0,0 +1,31 @@
+name: Publish OS Artifact Chart
+
+on:
+  push:
+    paths:
+      - charts/osartifact
+    branches:
+      - master
+
+jobs:
+  publish:
+    name: Publish Helm Chart
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Run chart-releaser
+        id: release
+        uses: helm/chart-releaser-action@v1.5.0
+        with:
+          config: "./.github/configs/cr.yaml"
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/charts/osartifact/Chart.yaml b/charts/osartifact/Chart.yaml
new file mode 100644
index 0000000..4f3ce15
--- /dev/null
+++ b/charts/osartifact/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: osartifact
+description: A Helm chart for OSArtifact CRD deployment
+type: application
+version: 0.1.0
\ No newline at end of file
diff --git a/charts/osartifact/templates/_helpers.tpl b/charts/osartifact/templates/_helpers.tpl
new file mode 100644
index 0000000..ccefe5b
--- /dev/null
+++ b/charts/osartifact/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "osartifact.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "osartifact.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "osartifact.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "osartifact.labels" -}}
+helm.sh/chart: {{ include "osartifact.chart" . }}
+{{ include "osartifact.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "osartifact.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "osartifact.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "osartifact.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "osartifact.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/osartifact/templates/osartifact.yaml b/charts/osartifact/templates/osartifact.yaml
new file mode 100644
index 0000000..956973c
--- /dev/null
+++ b/charts/osartifact/templates/osartifact.yaml
@@ -0,0 +1,42 @@
+apiVersion: build.kairos.io/v1alpha2
+kind: OSArtifact
+metadata:
+  name: '{{ include "osartifact.fullname" . }}'
+spec:
+  imageName: {{ .Values.image }}
+  iso: true
+  {{- if .Values.device }}
+  model: {{ .Values.device }}
+  {{- end }}
+  fileBundles:
+    {{- range $key, $value := .Values.defaultBundles }}
+    {{ $key }}: {{ $value }}
+    {{- end }}
+    {{- range $key, $value := .Values.bundles }}
+    {{ $key }}: {{ $value }}
+    {{- end }}
+    {{- range $key, $value := .Values.extraBundles }}
+    {{ $key }}: {{ $value }}
+    {{- end }}
+  cloudConfigRef:
+    name: '{{ include "osartifact.fullname" . }}-cloud-config'
+    key: 'cloud-config.yaml'
+  exporters:
+    - template:
+        spec:
+          restartPolicy: Never
+          containers:
+            - name: upload
+              image: quay.io/curl/curl
+              command:
+                - /bin/sh
+              args:
+                - -c
+                - |
+                  for f in $(ls /artifacts)
+                  do
+                  curl -T /artifacts/$f http://osartifactbuilder-operator-osbuilder-nginx/upload/$f
+                  done
+              volumeMounts:
+                - name: artifacts
+                  mountPath: /artifacts
diff --git a/charts/osartifact/templates/secret.yaml b/charts/osartifact/templates/secret.yaml
new file mode 100644
index 0000000..8aae848
--- /dev/null
+++ b/charts/osartifact/templates/secret.yaml
@@ -0,0 +1,76 @@
+{{ $secret := (lookup "v1" "Secret" .Release.Namespace .Values.tokenSecret.name) }}
+
+kind: Secret
+apiVersion: v1
+metadata:
+  name: '{{ include "osartifact.fullname" . }}-cloud-config'
+stringData:
+  cloud-config.yaml: |
+    #cloud-config
+    hostname: plural-edge-{{ `{{ trunc 10 .MachineID }}` }}
+
+    users:
+      - name: {{ .Values.username }}
+        passwd: {{ .Values.password }}
+        {{- with .Values.defaultUser }}
+        groups: [
+         {{- range .groups -}}
+          {{- if eq . ($.Values.defaultUser.groups | last) -}}
+          "{{ . }}"
+          {{- else -}}
+          "{{ . }}",
+          {{- end -}}
+         {{- end -}}
+        ]
+        {{- if .ssh_authorized_keys}}
+        ssh_authorized_keys:
+        {{- .ssh_authorized_keys | toYaml | nindent 10 }}
+        {{- end }}
+        {{- end }}
+      {{- if .Values.extraUserCloudConfig }}
+      {{- .Values.extraUserCloudConfig | toYaml | nindent 6 }}
+      {{- end }}
+
+    write_files:
+      - path: /etc/rancher/k3s/registries.yaml
+        permissions: "0644"
+        content: |
+          mirrors:
+            "*":
+
+    k3s:
+      enabled: true
+      replace_args: true
+      args:
+        - --node-name={{ .Values.nodeName }}
+        - --embedded-registry
+        - --disable=traefik,servicelb
+
+    bundles:
+      - targets:
+          - run:///plural-bundle.tar
+        local_file: true
+      {{- range $key, $value := .Values.defaultBundles }}
+      - targets:
+          - run://{{ $key }}.tar
+        local_file: true
+      {{- end }}
+      {{- range $key, $value := .Values.bundles }}
+      - targets:
+          - run://{{ $key }}.tar
+        local_file: true
+      {{- end }}
+      {{- range $key, $value := .Values.extraBundles }}
+      - targets:
+          - run://{{ $key }}.tar
+        local_file: true
+      {{- end }}
+
+    plural:
+      token: {{ index $secret .Values.tokenSecret.key }}
+      url: {{ .Values.url }}
+
+    {{- if .Values.extraUserCloudConfig }}
+    {{ .Values.extraCloudConfig | toYaml | nindent 4 }}
+    {{- end }}
+
diff --git a/charts/osartifact/values.yaml b/charts/osartifact/values.yaml
new file mode 100644
index 0000000..d08d70b
--- /dev/null
+++ b/charts/osartifact/values.yaml
@@ -0,0 +1,63 @@
+# Kubernetes node name
+nodeName: plural-edge
+
+# Base image used for building customized plural ISO
+image: quay.io/kairos/alpine:3.19-standard-arm64-rpi4-v3.2.4-k3sv1.31.3-k3s1
+
+# Target device. Currently supported values: rpi4
+device: rpi4
+
+# Username that will be used to access the device over SSH
+username: plural
+
+# Password for the default user that will be used to access the device over SSH
+password: ~
+
+# Optional Plural user email that will be attached to the autogenerated device bootstrap token. It will be visible in audit logs
+email: ~
+
+# Name of the Plural project that will be attached to the device bootstrap token
+project: default
+
+# Console URL that will be used by the device to join the fleet, i.e. console.plrl-xyz.onplural.sh
+url: ~
+
+tokenSecret:
+  # Name of the secret that holds the bootstrap token
+  name: ~
+  # Key in the secret that holds the bootstrap token
+  key: token
+
+# A list of our required bundles that should be added to the result ISO image.
+defaultBundles:
+  plural-bundle: ghcr.io/pluralsh/kairos-plural-bundle:0.1.4
+
+# A list of our optional bundles that should be added to the result ISO image.
+bundles:
+  plural-images-bundle: ghcr.io/pluralsh/kairos-plural-images-bundle:0.1.1
+  plural-trust-manager-bundle: ghcr.io/pluralsh/kairos-plural-trust-manager-bundle:0.1.0
+
+# A list of extra bundles that should be added to the result ISO image.
+extraBundles: {}
+
+# Additional config for the default user
+defaultUser:
+  groups:
+    - admin
+  ssh_authorized_keys: []
+
+# Extra cloud config for the user. It allows extending user config with additional configuration.
+#  extraUserCloudConfig:
+#  - name: newuser
+#    passwd: somenewpasswd
+extraUserCloudConfig: ~
+
+# Extra cloud config. Examples can be found here: https://kairos.io/docs/reference/configuration/
+#extraCloudConfig:
+#  stages:
+#    network:
+#      - name: "Setup users"
+#        authorized_keys:
+#          kairos:
+#            - github:myusername
+extraCloudConfig: ~
\ No newline at end of file