diff --git a/README.MD b/README.MD
index c71f32b..371e25a 100644
--- a/README.MD
+++ b/README.MD
@@ -1,4 +1,4 @@
 # Default-request-adder
 A small container which periodically (every 10s) checks for a LimitRange on all non-excluded namespaces named `extreme-request-defaults` and creates it using the configured memory settings if absent.
 
-See the example-dir for an example deployment-file.
\ No newline at end of file
+[Example deployment-file](example/deploy.yaml)
\ No newline at end of file
diff --git a/example/deploy.yaml b/example/deploy.yaml
index 36e2a64..ba227ee 100644
--- a/example/deploy.yaml
+++ b/example/deploy.yaml
@@ -1,3 +1,40 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: default-request-adder
+  namespace: kube-system
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: default-request-adder
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["list"]
+  - apiGroups: [""]
+    resources: ["limitranges"]
+    verbs: ["list","create"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: default-request-adder
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: default-request-adder
+subjects:
+  - kind: ServiceAccount
+    name: default-request-adder
+    namespace: kube-system
+---
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -20,6 +57,7 @@ spec:
       labels:
         app: default-request-adder
     spec:
+      serviceAccountName: default-request-adder
       containers:
         - name: default-request-adder
           resources:
diff --git a/main.go b/main.go
index a088191..0a8b726 100644
--- a/main.go
+++ b/main.go
@@ -54,18 +54,22 @@ func main() {
 	for {
 		namespaces, err := clientset.CoreV1().Namespaces().List(metav1.ListOptions{})
 		if err != nil {
-			panic(err.Error())
+			panic(err)
 		}
 
 		for _, ns := range namespaces.Items {
 			if !nsExcluded(ns.Name, excludedNS) {
 				log.Printf("Checking for LimitRange named extreme-request-defaults in namespace '%v'\n", ns.Name)
-				if limitRanges, err := clientset.CoreV1().LimitRanges(ns.Name).List(metav1.ListOptions{FieldSelector: "metadata.name=extreme-request-defaults"}); err == nil && len(limitRanges.Items) == 0 {
-					log.Printf("Trying to create LimitRange\n")
-					if _, err := clientset.CoreV1().LimitRanges(ns.Name).Create(&limitRange); err != nil {
-						log.Printf("Unable to create LimitRange in namespace '%v': Error: %v\n", ns.Name, err)
-					} else {
-						log.Printf("LimitRange extreme-request-defaults created in namespace '%v'\n", ns.Name)
+				if limitRanges, err := clientset.CoreV1().LimitRanges(ns.Name).List(metav1.ListOptions{FieldSelector: "metadata.name=extreme-request-defaults"}); err != nil {
+					panic(err)
+				} else {
+					if len(limitRanges.Items) == 0 {
+						log.Printf("Trying to create LimitRange\n")
+						if _, err := clientset.CoreV1().LimitRanges(ns.Name).Create(&limitRange); err != nil {
+							log.Printf("Unable to create LimitRange in namespace '%v': Error: %v\n", ns.Name, err)
+						} else {
+							log.Printf("LimitRange extreme-request-defaults created in namespace '%v'\n", ns.Name)
+						}
 					}
 				}
 			}