diff --git a/README.md b/README.md
index e3d7f02..4c9255a 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ kubectl apply -f certsigner
 
 ### Userspace
 
-1. Namespace
+#### Namespace
 
 ```yaml
 apiVersion: v1
@@ -30,7 +30,62 @@ metadata:
   name: {{ .Release.Name }}
 ```
 
-1. Rolebinding
+#### Roles
+
+```yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: namespace-manager
+  namespace: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+    - extensions
+    - apps
+    - batch
+    - autoscaling
+    - networking.k8s.io
+    - traefik.containo.us
+    - rbac.authorization.k8s.io
+    - metrics.k8s.io
+  resources: 
+    - deployments
+    - replicasets
+    - pods
+    - pods/exec
+    - pods/log
+    - pods/attach
+    - daemonsets
+    - statefulsets
+    - replicationcontrollers
+    - horizontalpodautoscalers
+    - services
+    - ingresses
+    - persistentvolumeclaims
+    - jobs
+    - cronjobs
+    - secrets
+    - configmaps
+    - serviceaccounts
+    - rolebindings
+    - ingressroutes
+    - middlewares
+    - endpoints
+  verbs: 
+    - "*"
+- apiGroups:
+    - ""
+    - metrics.k8s.io
+    - rbac.authorization.k8s.io
+  resources:
+    - resourcequotas
+    - roles
+  verbs:
+    - list
+```
+
+#### Rolebinding
 
 ```yaml
 kind: RoleBinding