diff --git a/README.md b/README.md
index 8b7ea843e..5cb5a8345 100644
--- a/README.md
+++ b/README.md
@@ -49,9 +49,11 @@ To deploy the latest version of cert-manager using Helm, run:
 $ helm install --name cert-manager --namespace kube-system contrib/charts/cert-manager
 ```
 
-**NOTE**
+#### Deploy RBAC roles
 
-* There are currently no official RBAC roles defined for cert-manager (see [#34](https://github.com/jetstack-experimental/cert-manager/issues/34))
+```
+$ kubectl create -f https://raw.githubusercontent.com/jetstack-experimental/cert-manager/master/docs/rbac.yaml
+```
 
 ### 2. Set up letsencrypt staging issuer
 
diff --git a/docs/rbac.yaml b/docs/rbac.yaml
new file mode 100644
index 000000000..808a49af1
--- /dev/null
+++ b/docs/rbac.yaml
@@ -0,0 +1,40 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: cert-manager
+rules:
+- apiGroups: ["certmanager.k8s.io"]
+  resources: ["certificates", "issuers"]
+  verbs: ["get", "list", "watch", "update", "create"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "watch", "update", "create", "delete"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["get", "list", "watch", "update", "create", "patch"]
+- apiGroups: [""]
+  resources: ["endpoints"]
+  verbs: ["get", "put", "create", "update", "list", "watch"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["list","watch","get", "create", "update", "delete"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["list","watch","get", "update", "delete", "create"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["list","watch","update","create","delete", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: cert-manager-binding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cert-manager
+subjects:
+- namespace: default
+  kind: ServiceAccount
+  name: default