diff --git a/packages/apps/tenant/Chart.yaml b/packages/apps/tenant/Chart.yaml
new file mode 100644
index 00000000..762f0ef7
--- /dev/null
+++ b/packages/apps/tenant/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: tenant
+description: Additional tenant namespace
+icon: https://upload.wikimedia.org/wikipedia/commons/0/04/User_icon_1.svg
+
+type: application
+version: 0.1.1
diff --git a/packages/apps/tenant/templates/2.yaml b/packages/apps/tenant/templates/2.yaml
new file mode 100644
index 00000000..9a3e3611
--- /dev/null
+++ b/packages/apps/tenant/templates/2.yaml
@@ -0,0 +1,89 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tenant-{{ .Release.Name }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+  annotations:
+    kubernetes.io/service-account.name: tenant-{{ .Release.Name }}
+type: kubernetes.io/service-account-token
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["*"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
+- apiGroups: ["helm.toolkit.fluxcd.io"]
+  resources: ["helmreleases"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+roleRef:
+  kind: Role
+  name: tenant-{{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+{{ if hasPrefix .Release.Namespace "tenant-" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Namespace }}
+  namespace: tenant-{{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: tenant-{{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: cozy-public
+rules:
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmrepositories"]
+  verbs: ["get", "list"]
+- apiGroups: ["source.toolkit.fluxcd.io"]
+  resources: ["helmcharts"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tenant-{{ .Release.Name }}
+  namespace: cozy-public
+subjects:
+- kind: ServiceAccount
+  name: tenant-{{ .Release.Name }}
+  namespace: tenant-{{ .Release.Name }}
+roleRef:
+  kind: Role
+  name: tenant-{{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/packages/apps/versions_map b/packages/apps/versions_map
index faa26abc..6b046a3d 100644
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -6,7 +6,7 @@ postgres 0.1.0 HEAD
 rabbitmq 0.1.0 HEAD
 redis 0.1.0 HEAD
 tcp-balancer 0.1.0 HEAD
-tenant 0.1.0 HEAD
+tenant 0.1.1 HEAD
 virtual-machine 0.1.4 f2015d6
 virtual-machine 0.1.5 HEAD
 vpn 0.1.0 HEAD