diff --git a/00-defs/02-roles.yaml b/00-defs/02-roles.yaml
deleted file mode 100644
--- a/00-defs/02-roles.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-  namespace: pomerium
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-  namespace: pomerium
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - services
-  - endpoints
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - services/status
-  - secrets/status
-  - endpoints/status
-  verbs:
-  - get
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses
-  - ingressclasses
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - networking.k8s.io
-  resources:
-  - ingresses/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - ingress.pomerium.io
-  resources:
-  - pomerium
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ingress.pomerium.io
-  resources:
-  - pomerium/status
-  verbs:
-  - get
-  - update
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pomerium-controller
-subjects:
-- kind: ServiceAccount
-  name: pomerium-controller
-  namespace: pomerium
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: pomerium
-  name: pomerium-gen-secrets
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: pomerium-gen-secrets
-subjects:
-- kind: ServiceAccount
-  name: pomerium-gen-secrets
-  namespace: pomerium