diff --git a/docs/deployenv.md b/docs/deployenv.md
new file mode 100644
index 0000000000000000000000000000000000000000..e9f386dc0e57feb6b6f01374ba2332110a304673
--- /dev/null
+++ b/docs/deployenv.md
@@ -0,0 +1,33 @@
+# create deploy environment
+
+consists of
+* _namespace_: where will all services be deployed
+* _service account_: which account will deploy the services
+
+## install via helm
+
+assuming the service-account name is "testuser" and the namespace is "testns"
+
+```
+$ helm install k8s-admin/deployenv/ \
+	--wait \
+	--name test-deployenv \
+	--set saName=testuser \
+	--set namespace=testns \
+```
+_will create a service account *testuser* in namespace *testns*. the helm install-name is *test-deployenv*_
+
+# remove serviceaccount
+
+```
+$ helm delete --purge test-deployenv
+```
+
+_will remove namespace service account, role and rolebinding for helm-install *test-deployenv*_
+
+# retrieve bearer token for service account
+
+```
+$ export ns=testns
+$ export user=testuser
+$ kubectl --namespace $ns get secret $(kubectl --namespace ${ns} get serviceaccount $user -o jsonpath={.secrets[0].name}) -o jsonpath={.data.token}
\ No newline at end of file
diff --git a/docs/workflow.wsd b/docs/workflow.wsd
new file mode 100644
index 0000000000000000000000000000000000000000..768b4683981edf83e8a05810a84402e0fec1ee31
--- /dev/null
+++ b/docs/workflow.wsd
@@ -0,0 +1,19 @@
+@startuml
+'include
+"Developer" as dev -> "Gitlab" as gitlab: commit:1-issue
+gitlab -> "CI-Runner" as runner: build image
+runner->runner: docker build
+runner-->gitlab: ok (docker-image)
+gitlab->runner: publish image
+runner->hub as "Docker-Hub": docker push alpha-1-issue
+hub-->runner: ok
+runner-->gitlab: ok
+gitlab->runner: deploy
+runner->cluster as "K8S-Cluster": helm install alpha-1-issue
+cluster->hub: docker pull alpha-1-issue
+hub-->cluster: docker-image
+cluster->cluster: deploy alpha
+cluster-->runner: ok
+runner-->gitlab: ok
+gitlab-->dev: https://alpha.uni-leipzig.de/alpha-1-issue/
+@enduml
\ No newline at end of file
diff --git a/k8s-admin/deployenv/.helmignore b/k8s-admin/deployenv/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..f0c13194444163d1cba5c67d9e79231a62bc8f44
--- /dev/null
+++ b/k8s-admin/deployenv/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/k8s-admin/deployenv/Chart.yaml b/k8s-admin/deployenv/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e97f8f5027596bb74893aeaba0c4ccabb3166e30
--- /dev/null
+++ b/k8s-admin/deployenv/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Create helm deploy environment
+name: deployenv
+version: 0.1.0
diff --git a/k8s-admin/deployenv/templates/NOTES.txt b/k8s-admin/deployenv/templates/NOTES.txt
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/k8s-admin/deployenv/templates/_helpers.tpl b/k8s-admin/deployenv/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..631776983d93ea8d1f7fcc6459ddaecf28b5208a
--- /dev/null
+++ b/k8s-admin/deployenv/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dacap.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dacap.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dacap.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/k8s-admin/deployenv/templates/namespace.yaml b/k8s-admin/deployenv/templates/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..77db5f9f65515a29cf23aca903945f1df415bcfe
--- /dev/null
+++ b/k8s-admin/deployenv/templates/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}
diff --git a/k8s-admin/deployenv/templates/role.yaml b/k8s-admin/deployenv/templates/role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8da2459c928c6ad56c87933a7b4603f5f118aca4
--- /dev/null
+++ b/k8s-admin/deployenv/templates/role.yaml
@@ -0,0 +1,9 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ .Values.roleName }}
+  namespace: {{ .Values.namespace }}
+rules:
+- apiGroups: ["", "batch", "extensions", "apps"]
+  resources: ["*"]
+  verbs: ["*"]
\ No newline at end of file
diff --git a/k8s-admin/deployenv/templates/rolebinding.yaml b/k8s-admin/deployenv/templates/rolebinding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e4f21713f3cc3259dd2717fb878e5315c03bf54
--- /dev/null
+++ b/k8s-admin/deployenv/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ .Values.roleBindingName }}
+  namespace: {{ .Values.namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.saName }}
+  namespace: {{ .Values.namespace }}
+roleRef:
+  kind: Role
+  name: {{ .Values.roleName }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/k8s-admin/deployenv/templates/serviceaccount.yaml b/k8s-admin/deployenv/templates/serviceaccount.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..72a62b52de2984a51dee3df7594f8e329183c1bf
--- /dev/null
+++ b/k8s-admin/deployenv/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.saName }}
+  namespace: {{ .Values.namespace }}
\ No newline at end of file
diff --git a/k8s-admin/deployenv/values.yaml b/k8s-admin/deployenv/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..df066429d57a9e7fa35309c5faff0e6b8005d9c8
--- /dev/null
+++ b/k8s-admin/deployenv/values.yaml
@@ -0,0 +1,5 @@
+
+namespace: default
+saName: tiller
+roleName: tiller-manager
+roleBindingName: tiller-binding
\ No newline at end of file