diff --git a/3.zalando/README.md b/3.zalando/README.md
index d3ccdd0..c6a0a0d 100644
--- a/3.zalando/README.md
+++ b/3.zalando/README.md
@@ -12,12 +12,13 @@ helm install zalando -n zalando --create-namespace charts/postgres-operator
 kubectl apply -f 3.zalando/baseCluster.yaml
 ```
 
-
 ## больше
 
-документация
-https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md
+* документация
+<https://github.com/zalando/postgres-operator/blob/master/docs/administrator.md>
 
-
-баунсер без проблему SSL_MODE=true
+* баунсер без проблемы SSL_MODE=true
 hub.realmanual.ru/pub/zalando-pgbouncer:master-32
+
+* в конфиг patroni надо добавить
+	- hostssl   all  all  0.0.0.0/0   trust
diff --git a/3.zalando/baseCluster.yaml b/3.zalando/baseCluster.yaml
index 0f1cf6c..86c259c 100644
--- a/3.zalando/baseCluster.yaml
+++ b/3.zalando/baseCluster.yaml
@@ -65,12 +65,4 @@ spec:
       - host      all  all  0.0.0.0/0   md5
       - host      all  all  ::1/128     md5
       - host      replication standby 0.0.0.0/0 md5 # TODO
-  resources:
-    requests:
-      cpu: "0.4"
-      memory: "500Mi"
-    limits:
-      cpu: "0.8"
-      memory: "1Gi"
-
 ---
diff --git a/3.zalando/exampleApp.yaml b/3.zalando/exampleApp.yaml
index 643b94f..eb50b9d 100644
--- a/3.zalando/exampleApp.yaml
+++ b/3.zalando/exampleApp.yaml
@@ -33,7 +33,10 @@ spec:
               name: rmu.rm-psql
               key: username
         - name: DB_PASSWORD
-          value: "123"
+          valueFrom:
+            secretKeyRef:
+              name: rmu.rm-psql
+              key: password
         - name: DB_NAME
           value: rm
         volumeMounts:
@@ -62,7 +65,11 @@ data:
           host: process.env.DB_HOST,
           user: process.env.DB_USER,
           password: process.env.DB_PASSWORD,
-          database: process.env.DB_NAME
+          database: process.env.DB_NAME,
+          ssl: {
+                require: true,
+                rejectUnauthorized: false
+              }
         });
 
         client.connect()
diff --git a/3.zalando/poolerCluster.yaml b/3.zalando/poolerCluster.yaml
index 5e45399..aa0a6f8 100644
--- a/3.zalando/poolerCluster.yaml
+++ b/3.zalando/poolerCluster.yaml
@@ -92,23 +92,3 @@ spec:
           secretKeyRef:
             name: postgres.rm-psql
             key: password
-  - name: "zalando-df-exporter"
-    image: "hub.realmanual.ru/pub/df-exporter:0.1"
-    ports:
-      - name: df-exporter
-        containerPort: 9873
-        protocol: TCP
-    env:
-      - name: "MYPATH"
-        value: "/home/postgres/pgdata"
-      - name: "PORT"
-        value: "9873"
-    resources:
-      limits:
-        cpu: 100m
-        memory: 256M
-      requests:
-        cpu: 50m
-        memory: 128M
-
----
diff --git a/4.monitoring/alerts.yaml b/4.monitoring/alerts.yaml
new file mode 100644
index 0000000..cf3fa8f
--- /dev/null
+++ b/4.monitoring/alerts.yaml
@@ -0,0 +1,41 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  generation: 2
+  labels:
+    prometheus: zalando
+    role: alert-rules
+  name: prometheus-zalando-rules
+  namespace: zalando
+spec:
+  groups:
+    - name: zalando.rules
+      rules:
+        - alert: PG exporter
+          annotations:
+            description: >-
+              Failed to scrape {{ $labels.job }} on {{ $labels.namespace }} for
+              more than 2 minutes.
+            title: PG exporter is down
+          expr: up{job="zalando-monitoring"} == 0
+          for: 2m
+          labels:
+            severity: warning
+        - alert: PG InstanceDown
+          annotations:
+            description: Failed to scrape {{$labels.namespace}} for more than 3 minutes.
+            title: PG Instance is down
+          expr: pg_up == 0
+          for: 3m
+          labels:
+            severity: critical
+        - alert: PG Lag
+          annotations:
+            description: >-
+              Failed replication on replica {{$labels.namespace}} for more than
+              3 minutes.
+            title: PG Peplication lag
+          expr: pg_replication_slots_pg_wal_lsn_diff > 1024
+          for: 3m
+          labels:
+            severity: critical
diff --git a/4.monitoring/podMonitor.yaml b/4.monitoring/podMonitor.yaml
new file mode 100644
index 0000000..8492f4a
--- /dev/null
+++ b/4.monitoring/podMonitor.yaml
@@ -0,0 +1,19 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  labels:
+    app: psql-pg-exporter
+  name: zalando-pg-exporter
+  namespace: rm-pgsql
+spec:
+  podMetricsEndpoints:
+    - path: /metrics
+      port: exporter
+      relabelings:
+        - action: replace
+          replacement: rke-first-cluster
+          targetLabel: cluster
+      scheme: http
+  selector:
+    matchLabels:
+      application: spilo
diff --git a/charts/postgres-operator-ui/templates/s3-secret.yaml b/charts/postgres-operator-ui/templates/s3-secret.yaml
new file mode 100644
index 0000000..41dfa77
--- /dev/null
+++ b/charts/postgres-operator-ui/templates/s3-secret.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: logical-backup-secrets
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ template "postgres-operator-ui.name" . }}
+    helm.sh/chart: {{ template "postgres-operator-ui.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- with .Values.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+stringData:
+  LOGICAL_BACKUP_PROVIDER: s3
+  LOGICAL_BACKUP_S3_ENDPOINT: https://s3-nsk.bildme.ru
+  LOGICAL_BACKUP_S3_REGION: ru-nsk
+  LOGICAL_BACKUP_S3_BUCKET: zalando-backups
+  LOGICAL_BACKUP_S3_BUCKET_PREFIX: ''
+  LOGICAL_BACKUP_S3_RETENTION_TIME: '2 week'
+  LOGICAL_BACKUP_S3_SSE: ''
+  AWS_ACCESS_KEY_ID: zalando-user
+  AWS_SECRET_ACCESS_KEY: C7oMRPqifdHRgNJMfmPKoNhyw
diff --git a/charts/postgres-operator-ui/values.yaml b/charts/postgres-operator-ui/values.yaml
index 2342496..04646f9 100644
--- a/charts/postgres-operator-ui/values.yaml
+++ b/charts/postgres-operator-ui/values.yaml
@@ -42,13 +42,16 @@ envs:
   # IMPORTANT: While operator chart and UI chart are independent, this is the interface between
   # UI and operator API. Insert the service name of the operator API here!
   appUrl: "http://localhost:8081"
-  operatorApiUrl: "http://postgres-operator:8080"
+  operatorApiUrl: "http://zalando-operator-postgres-operator:8080" #TODO
   operatorClusterNameLabel: "cluster-name"
   resourcesVisible: "False"
   # Set to "*" to allow viewing/creation of clusters in all namespaces
-  targetNamespace: "default"
-  teams:
+  targetNamespace: "*" #TODO default: default NS
+  teams: #TODO
     - "acid"
+    - "zalando"
+    -  "rm"
+    - "realmanual"
 
 # Extra pod annotations
 podAnnotations:
@@ -59,32 +62,41 @@ podAnnotations:
 # https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
 # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
 # UI specific env variables can be found here: https://github.com/zalando/postgres-operator/blob/master/ui/operator_ui/main.py
-extraEnvs:
-  []
+extraEnvs: #TODO
   # Exemple of settings to make snapshot view working in the ui when using AWS
-  # - name: WALE_S3_ENDPOINT
-  #   value: https+path://s3.us-east-1.amazonaws.com:443
-  # - name: SPILO_S3_BACKUP_PREFIX
-  #   value: spilo/
-  # - name: AWS_ACCESS_KEY_ID
-  #   valueFrom:
-  #     secretKeyRef:
-  #       name: <postgres operator secret with AWS token>
-  #       key: AWS_ACCESS_KEY_ID
-  # - name: AWS_SECRET_ACCESS_KEY
-  #   valueFrom:
-  #     secretKeyRef:
-  #       name: <postgres operator secret with AWS token>
-  #       key: AWS_SECRET_ACCESS_KEY
-  # - name: AWS_DEFAULT_REGION
-  #   valueFrom:
-  #     secretKeyRef:
-  #       name: <postgres operator secret with AWS token>
-  #       key: AWS_DEFAULT_REGION
-  # - name: SPILO_S3_BACKUP_BUCKET
-  #   value: <s3 bucket used by the operator>
-  # - name: "USE_AWS_INSTANCE_PROFILE"
-  #   value: "true"
+  - name: AWS_ENDPOINT
+    # value: https+path://s3.us-east-1.amazonaws.com:443
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: LOGICAL_BACKUP_S3_ENDPOINT
+  - name: SPILO_S3_BACKUP_PREFIX
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: LOGICAL_BACKUP_S3_BUCKET_PREFIX
+  - name: AWS_ACCESS_KEY_ID
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: AWS_ACCESS_KEY_ID
+  - name: AWS_SECRET_ACCESS_KEY
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: AWS_SECRET_ACCESS_KEY
+  - name: AWS_DEFAULT_REGION
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: LOGICAL_BACKUP_S3_REGION
+  - name: SPILO_S3_BACKUP_BUCKET
+    valueFrom:
+      secretKeyRef:
+        name: logical-backup-secrets
+        key: LOGICAL_BACKUP_S3_BUCKET
+  - name: "USE_AWS_INSTANCE_PROFILE"
+    value: "true"
 
 # configure UI service
 service:
diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml
index b8cbd4e..e6dbe26 100644
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@@ -439,7 +439,13 @@ configConnectionPooler:
   # max db connections the pooler should hold
   connection_pooler_max_db_connections: 60
   # default pooling mode
-  connection_pooler_mode: "transaction"
+  connection_pooler_mode: "transaction" #TODO
+
+  # Session pooling: В этом режиме каждое клиентское соединение связывается с сервером на время клиентской сессии. Когда клиент завершает работу, соединение возвращается в пул.
+  # Transaction pooling: Соединение используется только в течение одной транзакции, после чего оно возвращается в пул.
+  # Это позволяет более эффективно управлять подключениями для однопоточных приложений или транзакционных нагрузок.
+  # Statement pooling: Соединение используется для одного запроса, после чего оно возвращается в пул. Такой режим полезен для кратковременных клиентских запросов.
+
   # number of pooler instances
   connection_pooler_number_of_instances: 2
   # default resources