diff --git a/docs/deploy/README.md b/docs/deploy/README.md
new file mode 100644
index 000000000..dd49bf274
--- /dev/null
+++ b/docs/deploy/README.md
@@ -0,0 +1,15 @@
+# Deployment files
+
+This directory contains example deployment manifests for cert-manager that can
+be used in place of the official Helm chart.
+
+This is useful if you are deploying cert-manager into an environment without
+Helm, or want to inspect a 'bare minimum' deployment.
+
+## Where do these come from?
+
+The manifests in these subdirectories are generated from the Helm chart
+automatically. The `values.yaml` files used to configure cert-manager can be
+found in [`hack/deploy`](../../hack/deploy/).
+
+They are automatically generated by running `./hack/update-deploy-gen.sh`.
diff --git a/hack/deploy/rbac-values.yaml b/hack/deploy/rbac-values.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/hack/deploy/without-rbac-values.yaml b/hack/deploy/without-rbac-values.yaml
new file mode 100644
index 000000000..652979972
--- /dev/null
+++ b/hack/deploy/without-rbac-values.yaml
@@ -0,0 +1,5 @@
+rbac:
+  create: false
+
+serviceAccount:
+  create: false
diff --git a/hack/update-deploy-gen.sh b/hack/update-deploy-gen.sh
new file mode 100755
index 000000000..ce1f81175
--- /dev/null
+++ b/hack/update-deploy-gen.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname ${BASH_SOURCE})
+REPO_ROOT="${SCRIPT_ROOT}/.."
+# This will set Capabilities.KubeVersion.Major/Minor when generating manifests
+KUBE_VERSION=1.9
+
+gen() {
+	VALUES=$1
+	OUTPUT_DIR=$2
+	TMP_OUTPUT=$(mktemp -d)
+	mkdir -p "${OUTPUT_DIR}"
+	helm template \
+		"${REPO_ROOT}/contrib/charts/cert-manager" \
+		--values "${SCRIPT_ROOT}/deploy/${VALUES}.yaml" \
+		--kube-version "${KUBE_VERSION}" \
+		--namespace "default" \
+		--name "cert-manager" \
+		--set "fullnameOverride=cert-manager" \
+		--output-dir "${TMP_OUTPUT}"
+	mv "${TMP_OUTPUT}"/cert-manager/templates/*.* "${OUTPUT_DIR}/"
+}
+
+gen rbac-values "${REPO_ROOT}/docs/deploy/rbac"
+gen without-rbac-values "${REPO_ROOT}/docs/deploy/without-rbac"
diff --git a/hack/verify-deploy-gen.sh b/hack/verify-deploy-gen.sh
new file mode 100755
index 000000000..21ce5ebee
--- /dev/null
+++ b/hack/verify-deploy-gen.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname "${BASH_SOURCE}")/..
+
+DIFFROOT="${SCRIPT_ROOT}/docs"
+TMP_DIFFROOT="${SCRIPT_ROOT}/_tmp/docs"
+_tmp="${SCRIPT_ROOT}/_tmp"
+
+cleanup() {
+  rm -rf "${_tmp}"
+}
+trap "cleanup" EXIT SIGINT
+
+cleanup
+
+mkdir -p "${TMP_DIFFROOT}"
+cp -a "${DIFFROOT}"/* "${TMP_DIFFROOT}"
+
+"${SCRIPT_ROOT}/hack/update-deploy-gen.sh"
+echo "diffing ${DIFFROOT} against freshly deploy-gen"
+ret=0
+diff -Naupr "${DIFFROOT}" "${TMP_DIFFROOT}" || ret=$?
+cp -a "${TMP_DIFFROOT}"/* "${DIFFROOT}"
+if [[ $ret -eq 0 ]]
+then
+  echo "${DIFFROOT} up to date."
+else
+  echo "${DIFFROOT} is out of date. Please run hack/update-deploy-gen.sh"
+  exit 1
+fi
\ No newline at end of file