diff --git a/yml/busybox.yml b/yaml/busybox.yml
similarity index 100%
rename from yml/busybox.yml
rename to yaml/busybox.yml
diff --git a/yml/hello.yml b/yaml/hello.yml
similarity index 100%
rename from yml/hello.yml
rename to yaml/hello.yml
diff --git a/yaml/kube-rbac.yaml b/yaml/kube-rbac.yaml
new file mode 100644
index 0000000..2238af5
--- /dev/null
+++ b/yaml/kube-rbac.yaml
@@ -0,0 +1,73 @@
+#
+# These RBAC permissions enable the cluster to operate, but restrict the default/default Service
+# The 'kube-admin' and 'kube-worker' users have full access
+# The 'kube-system/default' ServiceAccount has full access (used by the default kube-system Pods)
+# The 'default/default' ServiceAccount has no access, and so can only pull public or ECR images
+#
+
+#
+# ClusterRole's
+#
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+metadata:
+    name: full-access
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
+  - nonResourceURLs: ["*"]
+    verbs: ["*"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+metadata:
+    name: read-access
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+  - nonResourceURLs: ["*"]
+    verbs: ["get", "list", "watch"]
+---
+#
+# ClusterRoleBindings's
+#
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+metadata:
+  name: kube-admin
+subjects:
+  - kind: User
+    name: kube-admin
+roleRef:
+  kind: ClusterRole
+  name: full-access
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+metadata:
+  name: kube-worker
+subjects:
+  - kind: User
+    name: kube-worker
+roleRef:
+  kind: ClusterRole
+  name: full-access
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1alpha1
+metadata:
+  name: system-default-service-account
+subjects:
+  - kind: ServiceAccount
+    namespace: kube-system
+    name: default
+roleRef:
+  kind: ClusterRole
+  name: full-access
+  apiGroup: rbac.authorization.k8s.io
diff --git a/yml/traefik-conf.yml b/yaml/traefik-conf.yml
similarity index 100%
rename from yml/traefik-conf.yml
rename to yaml/traefik-conf.yml
diff --git a/yml/traefik-ui.yml b/yaml/traefik-ui.yml
similarity index 100%
rename from yml/traefik-ui.yml
rename to yaml/traefik-ui.yml
diff --git a/yml/traefik.yml b/yaml/traefik.yml
similarity index 100%
rename from yml/traefik.yml
rename to yaml/traefik.yml