diff --git a/ansible-deploy-k8s/users.yml b/ansible-deploy-k8s/users.yml
new file mode 100644
index 0000000..7227655
--- /dev/null
+++ b/ansible-deploy-k8s/users.yml
@@ -0,0 +1,17 @@
+- hosts: 'workers, masters'
+  become: yes
+
+  tasks:
+    - name: create the kube user account
+      user: name=kube append=yes state=present createhome=yes shell=/bin/bash
+
+    - name: allow 'kube' to use sudo without needing a password
+      lineinfile:
+        dest: /etc/sudoers
+        line: 'kube ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+
+    - name: set up authorized keys for the kube user
+      authorized_key: user=kube key="{{item}}"
+      with_file:
+        - ~/.ssh/id_rsa.pub