diff --git a/clusterrol.yaml b/clusterrol.yaml
new file mode 100644
index 0000000..c67c0c7
--- /dev/null
+++ b/clusterrol.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list"] 
diff --git a/config.anna b/config.anna
new file mode 100644
index 0000000..27ccf2c
--- /dev/null
+++ b/config.anna
@@ -0,0 +1,19 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3hOREV5TWpFMU1Gb1hEVE13TURreE1qRXlNakUxTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTjBXCjZxQkZPTVpRU2wxYTROd0dIeTJjZmZaaWg5bFJFc04zTkVqZXBxYzY1ZWJJTFR6R3hhNytnREZSYzZPUGk4REcKUFZhQzNMVFlaRk1udW9xOGNJbjlma0VoK2tPblBvOFFmc0tPdktXdmpibWVqZVFBMnBSbHNsVnJFcStKN1dQZwpoSVhhTDFsMUxpRWZaN1hOTE94SDArVEU5eWtjaEhhdjRsOGtoZWladUczMlVhSVpuRmh4Wnp2TC9vNGNPeXZPCmZSNUh3OCt2NUVqaWNoMmJjU0d2WGFKMkNXVXRUcDBERmVmWEpvM3gwbWJ2VjhjU0N5UURpUnB2STB5QmFxa3AKMFcrQnRvSVpISWtZWUkxblYzSjN6dVloeW5QekpjUHR6Ykk0QnhMeDN2M0lRN3lrWWYrakh0K2t0L1o3VDllYQpkRWpUUllSVzd5M1lsSGpjUWdFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZHeGJuWEpsdklJYUswcDFQQllVNWpxQjNUM3pNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDYTR5bzU5RW5tTzJ3V1RjUXQ2di93RlRNRXpocFdZRktpbHdheVFRaEZpM1JTTk42Ugp1NDNmSDR6dHYxdk14TXR4M1F2czVET0ZRd28rNTR6TktUTXYzVlpWUFpIbDBsMlpNV1NnbGI2dWp2SEF5emxJCnlNOWdEOG5hODZ1cWZiOUtHNzI3SWRnWlVKeTVhYzNlbU04ZUw2eksvV2pTb1VVREloVlI5VW9WVmNMaXY3S2YKU0NzdlowRzNYdTMvWCtVeE5TNEFrNTl3bHJWL0EyODFOcHZobCt0V0hOVjRndVZYL1VWaEVydmQ5ck1pYXZERgpxTnFEVDBwTmt3WmlPWkVQbERtdnhXalVOdS9EYXNMd1dJdlVxOVYrOENTdHp6RThvcjJld0NHRXA2aG5HS0JtCmZ5aUVMRXdJdHd6N0xhZnU4TlFxSWl2TVg5cUZuRTA3Z002ZQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    server: https://192.168.4.90:6443
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: anna
+  name: anna-context
+current-context: anna-context
+kind: Config
+preferences: {}
+users:
+- name: anna
+  user:
+    client-certificate: /home/anna/.certs/anna.crt
+    client-key: /home/anna/.certs/anna.key
diff --git a/podacessrole.yaml b/podacessrole.yaml
new file mode 100644
index 0000000..d79fbcc
--- /dev/null
+++ b/podacessrole.yaml
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata: 
+  namespace: default
+  name: pod-reader
+rules:
+- apiGroups: [""] # "" indicates the core API grouop
+  resources: ["pods"]
+  verbs: ["get", "watch", "list"] 
diff --git a/rolebinding.yaml b/rolebinding.yaml
new file mode 100644
index 0000000..83776e8
--- /dev/null
+++ b/rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: read-pods
+  namespace: default
+subjects:
+- kind: User
+  name: anna
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: pod-reader
+  apiGroup: rbac.authorization.k8s.io