diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml
new file mode 100644
index 0000000..4f0a71c
--- /dev/null
+++ b/.github/workflows/build-images.yaml
@@ -0,0 +1,87 @@
+name: Build and Push to GHCR
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - "**/consumer/**"
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Check Out Repo
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ghcr.io/${{ github.repository }}/consumer
+          tags: |
+            type=sha,prefix=commit,length=7
+            type=raw,value=latest,enable=true
+
+      - name: Build and push to GHCR
+        uses: docker/build-push-action@v2
+        with:
+          context: packages/consumer
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    steps:
+      - name: Check Out Repo
+        uses: actions/checkout@v4
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v0.2.0
+        with:
+          service_account_key: '${{ secrets.GCP_CREDENTIALS }}'
+          project_id: '${{ secrets.GCP_PROJECT_ID }}'
+
+      - name: Get kubernetes config
+        env:
+          USE_GKE_GCLOUD_AUTH_PLUGIN: "true"
+        run: |
+          gcloud components install gke-gcloud-auth-plugin
+          gcloud container clusters get-credentials ${{ secrets.GCP_CLUSTER_NAME }} --zone=${{ secrets.GCP_ZONE }}
+
+      - name: Get tag name
+        id: tag
+        run: echo "::set-output name=sha::${GITHUB_SHA::7}"
+
+      - name: Apply Helmfile
+        uses: hiberbee/github-action-helm@latest
+        env:
+          IMAGE_TAG: '${{ steps.tag.outputs.sha }}'
+          DOCKER_USERNAME: '${{ github.repository_owner }}'
+          DOCKER_PASSWORD: '${{ secrets.GITHUB_TOKEN }}'
+          INTERBROKER_PASSWORD: '{{ secrets.INTERBROKER_PASSWORD }}'
+          CONTROLLER_PASSWORD: '{{ secrets.CONTROLLER_PASSWORD }}'
+          KRAFT_CLUSTER_ID: '{{ secrets.KRAFT_CLUSTER_ID }}'
+        with:
+          helmfile: diff
+          helmfile-config: packages/cloud/helmfile.yaml
diff --git a/packages/cloud/helmfile.lock b/packages/cloud/helmfile.lock
index 26aee66..a622762 100644
--- a/packages/cloud/helmfile.lock
+++ b/packages/cloud/helmfile.lock
@@ -1,4 +1,4 @@
-version: 0.160.0
+version: 0.144.0
 dependencies:
 - name: ingress-nginx
   repository: https://kubernetes.github.io/ingress-nginx
diff --git a/packages/cloud/helmfile.yaml b/packages/cloud/helmfile.yaml
index a49b00e..c8f7a9c 100644
--- a/packages/cloud/helmfile.yaml
+++ b/packages/cloud/helmfile.yaml
@@ -47,4 +47,12 @@ releases:
           service:
             omitClusterIP: true
         tcp:
-          '9092': "default/kafka:9092"
+          "9092": "default/kafka:9092"
+  - name: consumer
+    chart: ../consumer
+    values:
+      - image:
+          tag: '{{ requiredEnv "IMAGE_TAG" }}'
+          registry:
+            username: '{{ requiredEnv "DOCKER_USERNAME" }}'
+            password: '{{ requiredEnv "DOCKER_PASSWORD" }}'
diff --git a/packages/consumer/Chart.yaml b/packages/consumer/Chart.yaml
new file mode 100644
index 0000000..4ccb0ce
--- /dev/null
+++ b/packages/consumer/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: go
+description: Go Web Application
+version: 1.0.0
+type: application
diff --git a/packages/consumer/Dockerfile b/packages/consumer/Dockerfile
new file mode 100644
index 0000000..a8b35d9
--- /dev/null
+++ b/packages/consumer/Dockerfile
@@ -0,0 +1,20 @@
+# Start from the latest golang base image
+FROM golang:latest
+
+# Set the Current Working Directory inside the container
+WORKDIR /app
+
+# Copy go mod and sum files
+COPY go.mod go.sum ./
+
+# Download all dependencies. Dependencies will be cached if the go.mod and go.sum files are not changed
+RUN go mod download
+
+# Copy the source from the current directory to the Working Directory inside the container
+COPY . .
+
+# Build the Go app
+RUN go build -o main .
+
+# Command to run the executable
+CMD ["./main"]
diff --git a/packages/consumer/templates/Deployment.yaml b/packages/consumer/templates/Deployment.yaml
new file mode 100644
index 0000000..827e67b
--- /dev/null
+++ b/packages/consumer/templates/Deployment.yaml
@@ -0,0 +1,24 @@
+{{ $fullname := include "app.fullname" . }}
+{{ $registry := .Values.image.registry }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ $fullname }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ $fullname }}
+  template:
+    metadata:
+      labels:
+        app: {{ $fullname }}
+    spec: {{ if and $registry.url $registry.username $registry.password }}
+      imagePullSecrets:
+        - name: {{ include "app.registry" . }} {{ end }}
+      containers:
+        - name: go-app
+          image: {{ printf "%s/%s:%s" .Values.image.registry.url .Values.image.repository .Values.image.tag | quote }}
+          env:
+            - name: XPERM
+              value: "1.2.3"
diff --git a/packages/consumer/templates/Secret.yaml b/packages/consumer/templates/Secret.yaml
new file mode 100644
index 0000000..6cac260
--- /dev/null
+++ b/packages/consumer/templates/Secret.yaml
@@ -0,0 +1,8 @@
+{{ with .Values.image.registry }} {{ if and .url .username .password }}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "app.registry" $ }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .url .username .password (printf "%s@%s" $.Values.app.name .url) (printf "%s:%s" .username .password | b64enc) | b64enc | quote }} {{ end }} {{ end }}
diff --git a/packages/consumer/templates/_helpers.tpl b/packages/consumer/templates/_helpers.tpl
new file mode 100644
index 0000000..7497bc0
--- /dev/null
+++ b/packages/consumer/templates/_helpers.tpl
@@ -0,0 +1,24 @@
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "app.registry" -}}
+{{- printf "%s-%s" .Release.Name "registry" }}
+{{- end }}
+
+{{- define "app.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
diff --git a/packages/consumer/values.yaml b/packages/consumer/values.yaml
new file mode 100644
index 0000000..775c61f
--- /dev/null
+++ b/packages/consumer/values.yaml
@@ -0,0 +1,17 @@
+image:
+  registry:
+    url: ghcr.io/hiberbee
+    username: "fromEnv"
+    password: "fromEnv"
+  repository: vortexia/consumer
+  tag: latest
+
+  pullSecrets: []
+
+app:
+  name: vortexia
+
+replicaCount: 1
+
+nameOverride: ""
+fullnameOverride: ""