diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml
index 4caccf5..7706829 100644
--- a/kustomize/kustomization.yaml
+++ b/kustomize/kustomization.yaml
@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
-#  - rbac.yaml
+  - rbac.yaml
 #  - storage.yaml
 #  - deployment.yaml
 #  - service.yaml
diff --git a/kustomize/rbac.yaml b/kustomize/rbac.yaml
new file mode 100644
index 0000000..0a00421
--- /dev/null
+++ b/kustomize/rbac.yaml
@@ -0,0 +1,40 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: drone
+  name: drone
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - create
+  - delete
+  - list
+  - watch
+  - update
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: drone
+  namespace: drone
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: drone
+roleRef:
+  kind: Role
+  name: drone
+  apiGroup: rbac.authorization.k8s.io