diff --git a/molgenis-jenkins/resources/README.md b/molgenis-jenkins/resources/README.md
new file mode 100644
index 0000000..67bf687
--- /dev/null
+++ b/molgenis-jenkins/resources/README.md
@@ -0,0 +1,6 @@
+To be able to run helm inside a jenkins pod, you'll need to 
+* create a role in the namespace where tiller is installed
+* bind that role to the user that jenkins pods run as
+
+This directory contains yaml for these resources.
+See also https://github.com/helm/helm/blob/master/docs/rbac.md
\ No newline at end of file
diff --git a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
new file mode 100644
index 0000000..04aa1f7
--- /dev/null
+++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: tiller-jenkins-binding
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tiller-user
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: molgenis-jenkins
\ No newline at end of file
diff --git a/molgenis-jenkins/resources/tiller-user-role.yaml b/molgenis-jenkins/resources/tiller-user-role.yaml
new file mode 100644
index 0000000..5555442
--- /dev/null
+++ b/molgenis-jenkins/resources/tiller-user-role.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: tiller-user
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
\ No newline at end of file