diff --git a/helmchart/single-sign-on/templates/deployment-consent.yaml b/helmchart/single-sign-on/templates/deployment-consent.yaml
index 6d94b887f51ceeb1cc40853b127a47eec22f4e70..25999cec869cb8221b6a07059c5a18c9b71a65d0 100644
--- a/helmchart/single-sign-on/templates/deployment-consent.yaml
+++ b/helmchart/single-sign-on/templates/deployment-consent.yaml
@@ -16,8 +16,8 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}-consent
-          image: {{ .Values.image.repository }}/consent_provider:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ .Values.consentProviderImage.repository }}:{{ .Values.consentProviderImage.tag }}
+          imagePullPolicy: {{ .Values.consentProviderImage.pullPolicy }}
           env:
             - name: HYDRA_ADMIN_URL
               value: http://{{ .Release.Name }}-hydra-admin:4445
diff --git a/helmchart/single-sign-on/templates/deployment-login.yaml b/helmchart/single-sign-on/templates/deployment-login.yaml
index b6851d11ef783c0afef919c00801ef50f07cbdad..bdcc31b62c1a7d3bbdff5abbc0dbc14f1036894d 100644
--- a/helmchart/single-sign-on/templates/deployment-login.yaml
+++ b/helmchart/single-sign-on/templates/deployment-login.yaml
@@ -16,8 +16,8 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}-login
-          image: {{ .Values.image.repository }}/login_provider:{{ .Values.image.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ .Values.loginProviderImage.repository }}:{{ .Values.loginProviderImage.tag }}
+          imagePullPolicy: {{ .Values.loginProviderImage.pullPolicy }}
           env:
             - name: HYDRA_ADMIN_URL
               value: http://{{ .Release.Name }}-hydra-admin:4445
diff --git a/helmchart/single-sign-on/templates/deployment-userbackend.yaml b/helmchart/single-sign-on/templates/deployment-userbackend.yaml
index 291231ae04180670d768366ea7c584253ac7ccd1..eeed6c54d79173d267275ac7008f5a41c6fff0af 100644
--- a/helmchart/single-sign-on/templates/deployment-userbackend.yaml
+++ b/helmchart/single-sign-on/templates/deployment-userbackend.yaml
@@ -16,7 +16,8 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}-userbackend-db
-          image: postgres:11
+          image: {{ .Values.userbackend.postgresImage }}:{{ .Values.userbackend.postgresTag }}
+          imagePullPolicy: {{ .Values.userbackend.postgresPullPolicy }}
           env:
             - name: POSTGRES_PASSWORD
               value: {{ .Values.userbackend.postgresPassword }}
@@ -24,7 +25,7 @@ spec:
             - name: database
               mountPath: /var/lib/postgresql/data
         - name: {{ .Chart.Name }}-userbackend-api
-          image: {{ .Values.userbackend.image.repository }}/backend:{{ .Values.userbackend.image.tag }}
+          image: {{ .Values.userbackend.image.repository }}:{{ .Values.userbackend.image.tag }}
           imagePullPolicy: {{ .Values.userbackend.image.pullPolicy }}
           env:
             - name: HYDRA_ADMIN_URL
diff --git a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
index 7ffce6d9a4543ff4ddb42e81c90800936e93b733..fd8599e542c99e8a555417313436bdcfa15393c8 100644
--- a/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
+++ b/helmchart/single-sign-on/templates/deployment-userfrontend.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: {{ .Chart.Name }}-userpanel
-          image: {{ .Values.userpanel.image.repository }}/frontend:{{ .Values.userpanel.image.tag }}
+          image: {{ .Values.userpanel.image.repository }}:{{ .Values.userpanel.image.tag }}
           imagePullPolicy: {{ .Values.userpanel.image.pullPolicy }}
           env:
             - name: HOST
diff --git a/helmchart/single-sign-on/values.yaml b/helmchart/single-sign-on/values.yaml
index c5c2cbbd6961afa1fc55bf7ef822bb2101d671ef..17d5eab62dea208926c7aa5dc896cede56aed96b 100644
--- a/helmchart/single-sign-on/values.yaml
+++ b/helmchart/single-sign-on/values.yaml
@@ -1,9 +1,15 @@
 replicaCount: 1
 
-image:
-  repository: "open.greenhost.net:4567/openappstack/single-sign-on"
-  tag: "master"
-  pullPolicy: Always
+
+consentProviderImage:
+    # consentProviderImage.tag and consentProviderImage.pullPolicy should be the same as
+    # loginProviderImage.tag and loginProviderImage.pullPolicy as the images are released
+    # together in order to guarantee compatibility
+  << : &IMAGE_DEFAULTS_SSO { tag: "master", pullPolicy: "Always" }
+  repository: "open.greenhost.net:4567/openappstack/single-sign-on/consent_provider"
+loginProviderImage:
+  << : *IMAGE_DEFAULTS_SSO
+  repository: "open.greenhost.net:4567/openappstack/single-sign-on/login_provider"
 
 # singleSignOnHost is the FQDN that will be used by the ingress to make the consent and
 # the login provider accessible by user agents. For now it is recommended to set it to the
@@ -12,9 +18,11 @@ singleSignOnHost: &SSO_HOST sso.oas.example.net
 
 userpanel:
   image:
-    repository: "open.greenhost.net:4567/openappstack/user-panel"
-    tag: "master"
-    pullPolicy: Always
+    # userpanel.image.tag and userpanel.image.pullPolicy should be the same as
+    # userbackend.image.tag and userpanel.image.pullPolicy as the images are released
+    # together in order to guarantee compatibility
+    << : &IMAGE_DEFAULTS_USER_PANEL { tag: "master", pullPolicy: "Always" }
+    repository: "open.greenhost.net:4567/openappstack/user-panel/frontend"
   ingress:
     # userpanel.ingress.host is the FQDN of the userpanel application
     host: admin.oas.example.net
@@ -24,9 +32,8 @@ userpanel:
 
 userbackend:
   image:
-    repository: "open.greenhost.net:4567/openappstack/user-panel"
-    tag: "master"
-    pullPolicy: Always
+    << : *IMAGE_DEFAULTS_USER_PANEL
+    repository: "open.greenhost.net:4567/openappstack/user-panel/backend"
   # userbackend.username is the username of the admin user that will be create
   # after the installation of the user backend.
   username: "admin"
@@ -34,19 +41,27 @@ userbackend:
   password: "YouReallyNeedToChangeThis"
   # username.email is email address of the admin user
   email: "admin@example.net"
-  # root password of the postgress db that is created and used by the userbackend
+  postgresImage: postgres
+  postgresTag: 11
+  postgresPullPolicy: Always
+  # userbackend.postgresPassword is the root password of the postgress db that is
+  # created and used by the userbackend
   postgresPassword: "postgres"
   persistence:
     enabled: false
-    annotations: {}
-    # storageClass: "-"
+    annotations:
+      size: 1Gi
+      storageClass: "-"
     # existingClaim:
-    # size: 1Gi
 
 
 hydra:
   hydra:
-    # hydra.hydra.dangerousForceHttp allows access to the hydra admin API over http
+    # hydra.hydra.dangerousForceHttp allows access to the hydra admin API over http. The
+    # hydra admin API is only accessible by services within the same namespace unless you
+    # change hydra.ingress.admin.enabled to true. In that case you should make sure that the
+    # service can only be accessed via https from the outside by configuring your ingress
+    # to redirect to https.
     dangerousForceHttp: true
     config:
       dsn: memory
@@ -77,11 +92,13 @@ hydra:
         - host: *SSO_HOST
           paths: ["/"]
       tls:
+        # oAuth2 only works via https. You really need to configure your ingress service to
+        # provide access to hydra via https.
         - hosts:
           - *SSO_HOST
           secretName: hydra-public.tls
     # hydra.ingress.admin is the ingress resource that controls access to the hydra
     # admin API server. It can be activated using the same options as in
-    # hydra.ingress.public with a different FQDN
+    # hydra.ingress.public using a different FQDN
     admin:
       enabled: false