diff --git a/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac-bind.yaml b/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac-bind.yaml
new file mode 100644
index 00000000000..00f7847f2ff
--- /dev/null
+++ b/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac-bind.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sample-apiserver-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: aggregated-apiserver-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: apiserver
+  namespace: wardle
\ No newline at end of file
diff --git a/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac.yaml b/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac.yaml
new file mode 100644
index 00000000000..ef1c57c8305
--- /dev/null
+++ b/staging/src/k8s.io/sample-apiserver/artifacts/example/rbac.yaml
@@ -0,0 +1,11 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: aggregated-apiserver-clusterrole
+rules:
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+  verbs: ["get", "watch", "list"]
\ No newline at end of file
diff --git a/staging/src/k8s.io/sample-apiserver/docs/minikube-walkthrough.md b/staging/src/k8s.io/sample-apiserver/docs/minikube-walkthrough.md
index c5ca1ecd129..0a5bfd8459b 100644
--- a/staging/src/k8s.io/sample-apiserver/docs/minikube-walkthrough.md
+++ b/staging/src/k8s.io/sample-apiserver/docs/minikube-walkthrough.md
@@ -78,6 +78,10 @@ kubectl create -f artifacts/example/sa.yaml -n wardle
 kubectl create -f artifacts/example/auth-delegator.yaml -n kube-system
 kubectl create -f artifacts/example/auth-reader.yaml -n kube-system
 
+# create rbac roles and clusterrolebinding that allow the service account user to use admission webhooks
+kubectl create -f artifacts/example/rbac.yaml
+kubectl create -f artifacts/example/rbac-bind.yaml
+
 # create the service and replication controller
 kubectl create -f artifacts/example/rc.yaml -n wardle
 kubectl create -f artifacts/example/service.yaml -n wardle