diff --git a/contrib/charts/cert-manager/templates/deployment.yaml b/contrib/charts/cert-manager/templates/deployment.yaml
index 80a7585f0..09cb95979 100644
--- a/contrib/charts/cert-manager/templates/deployment.yaml
+++ b/contrib/charts/cert-manager/templates/deployment.yaml
@@ -15,6 +15,8 @@ spec:
         app: {{ template "name" . }}
         release: {{ .Release.Name }}
     spec:
+      serviceAccount: {{ template "fullname" . }}
+      serviceAccountName: {{ template "fullname" . }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
diff --git a/contrib/charts/cert-manager/templates/rbac.yaml b/contrib/charts/cert-manager/templates/rbac.yaml
new file mode 100644
index 000000000..702d4caf0
--- /dev/null
+++ b/contrib/charts/cert-manager/templates/rbac.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups: ["certmanager.k8s.io"]
+  resources: ["certificates", "issuers"]
+  verbs: ["*"]
+- apiGroups: [""]
+  resources: ["secrets", "events", "endpoints", "services"]
+  verbs: ["*"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["*"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["list", "watch", "create", "delete", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "fullname" . }}
+subjects:
+- name: {{ template "fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  kind: ServiceAccount
+{{- end -}}
\ No newline at end of file
diff --git a/contrib/charts/cert-manager/templates/serviceaccount.yaml b/contrib/charts/cert-manager/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b65d4c92a
--- /dev/null
+++ b/contrib/charts/cert-manager/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml
index c6c3e3e79..22487e13f 100644
--- a/contrib/charts/cert-manager/values.yaml
+++ b/contrib/charts/cert-manager/values.yaml
@@ -10,4 +10,7 @@ image:
 
 createCustomResource: true
 
+rbac:
+  enabled: true
+
 resources: {}
diff --git a/docs/rbac.yaml b/docs/rbac.yaml
index 808a49af1..7187e0f68 100644
--- a/docs/rbac.yaml
+++ b/docs/rbac.yaml
@@ -5,31 +5,21 @@ metadata:
 rules:
 - apiGroups: ["certmanager.k8s.io"]
   resources: ["certificates", "issuers"]
-  verbs: ["get", "list", "watch", "update", "create"]
+  verbs: ["*"]
 - apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["get", "list", "watch", "update", "create", "delete"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["get", "list", "watch", "update", "create", "patch"]
-- apiGroups: [""]
-  resources: ["endpoints"]
-  verbs: ["get", "put", "create", "update", "list", "watch"]
-- apiGroups: [""]
-  resources: ["services"]
-  verbs: ["list","watch","get", "create", "update", "delete"]
+  resources: ["secrets", "events", "endpoints", "services"]
+  verbs: ["*"]
 - apiGroups: ["extensions"]
   resources: ["ingresses"]
-  verbs: ["list","watch","get", "update", "delete", "create"]
+  verbs: ["*"]
 - apiGroups: ["batch"]
   resources: ["jobs"]
-  verbs: ["list","watch","update","create","delete", "get"]
+  verbs: ["list", "watch", "create", "delete", "get"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
   name: cert-manager-binding
-  namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole