diff --git a/README.md b/README.md
index 0041c1a..91acb29 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
   - [App](#app)
   - [Continuous Deploy](#continuous-deploy)
   - [Infra](#infra)
-  - [All](#all)
 - [Backups](#backups)
 
 ## Deploy
@@ -31,6 +30,7 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
 ### Continuous Deploy
 
 Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml).
+kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d
 
 ### Infra
 
@@ -40,12 +40,6 @@ Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy
 
 - [kustomization](/deploy/infra/kustomization.yaml)
   
-### All
-
-```bash
-./deploy/apply.sh
-```
-
 ## Backups
 
 for more information [check readme](./docs/backups.md).
diff --git a/deploy/apply-all.sh b/deploy/apply-all.sh
deleted file mode 100755
index cf5a7fd..0000000
--- a/deploy/apply-all.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#/bin/bash
-deploy/apply-infra.sh
-deploy/apply-app.sh
\ No newline at end of file
diff --git a/deploy/infra/cd-service-account-rbac.yaml b/deploy/infra/cd-service-account-rbac.yaml
new file mode 100644
index 0000000..c836402
--- /dev/null
+++ b/deploy/infra/cd-service-account-rbac.yaml
@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: git-limbosolutions-com
+  name: continuous-deploy
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+
+- apiGroups: ["batch"]
+  resources: ["cronjobs", "jobs"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: continuous-deploy
+  namespace:  git-limbosolutions-com
+subjects:
+- kind: ServiceAccount
+  name: continuous-deploy
+  namespace: git-limbosolutions-com
+roleRef:
+  kind: Role
+  name: continuous-deploy
+  apiGroup: rbac.authorization.k8s.io
+
diff --git a/deploy/infra/cd-service-account-token.yaml b/deploy/infra/cd-service-account-token.yaml
new file mode 100644
index 0000000..727c6d8
--- /dev/null
+++ b/deploy/infra/cd-service-account-token.yaml
@@ -0,0 +1,8 @@
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: continuous-deploy
+  annotations:
+    kubernetes.io/service-account.name: continuous-deploy
+type: kubernetes.io/service-account-token
\ No newline at end of file
diff --git a/deploy/infra/cd-service-account.yaml b/deploy/infra/cd-service-account.yaml
new file mode 100644
index 0000000..c30eedf
--- /dev/null
+++ b/deploy/infra/cd-service-account.yaml
@@ -0,0 +1,6 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: continuous-deploy
+  namespace: git-limbosolutions-com
\ No newline at end of file
diff --git a/deploy/infra/kustomization.yaml b/deploy/infra/kustomization.yaml
index 4224d68..2e5bb31 100644
--- a/deploy/infra/kustomization.yaml
+++ b/deploy/infra/kustomization.yaml
@@ -3,5 +3,7 @@ kind: Kustomization
 resources:
   - namespace.yaml
   - ingress.yaml
-
+  - cd-service-account.yaml
+  - cd-service-account-token.yaml
+  - cd-service-account-rbac.yaml