diff --git a/execution/infrastructure/kubernetes/rbac/role-binding.yaml b/execution/infrastructure/kubernetes/rbac/role-binding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ef2d0c015a1b42880f9652bc241950548a952792
--- /dev/null
+++ b/execution/infrastructure/kubernetes/rbac/role-binding.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: theodolite
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: theodolite
+subjects:
+- kind: ServiceAccount
+  name: theodolite
\ No newline at end of file
diff --git a/execution/infrastructure/kubernetes/rbac/role.yaml b/execution/infrastructure/kubernetes/rbac/role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..84ba14a8bc7a6eceb8a20596ede057ca2271b967
--- /dev/null
+++ b/execution/infrastructure/kubernetes/rbac/role.yaml
@@ -0,0 +1,41 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: theodolite
+rules:
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    verbs:
+    - delete
+    - list
+    - get
+    - create
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - pods
+    - servicemonitors
+    - configmaps
+    verbs:
+    - delete
+    - list
+    - get
+    - create
+  - apiGroups:
+    - ""
+    resources:
+    - pods/exec
+    verbs:
+    - create
+    - get
+  - apiGroups:
+    - monitoring.coreos.com
+    resources:
+    - servicemonitors
+    verbs:
+    - delete
+    - list
+    - create
\ No newline at end of file
diff --git a/execution/infrastructure/kubernetes/rbac/service-account.yaml b/execution/infrastructure/kubernetes/rbac/service-account.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c7f33076e31ac53d02491c80fd61cdc5b241dfd7
--- /dev/null
+++ b/execution/infrastructure/kubernetes/rbac/service-account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: theodolite
\ No newline at end of file