diff --git a/k8s/base/drone-rbac.yaml b/k8s/base/drone-rbac.yaml
new file mode 100644
index 0000000..9a54612
--- /dev/null
+++ b/k8s/base/drone-rbac.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: drone-deploy
+  namespace: invest-api
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drone-deploy
+  namespace: invest-api
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: drone
+roleRef:
+  kind: Role
+  name: drone-deploy
+  apiGroup: rbac.authorization.k8s.io
diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml
index f4af061..ed1f095 100644
--- a/k8s/base/kustomization.yaml
+++ b/k8s/base/kustomization.yaml
@@ -9,4 +9,5 @@ resources:
   - deployment.yaml
   - service.yaml
   - ingress.yaml
+  - drone-rbac.yaml