diff --git a/charts/catalog/templates/_helpers.tpl b/charts/catalog/templates/_helpers.tpl
index 458fc1b0ce4..ee6c8614101 100644
--- a/charts/catalog/templates/_helpers.tpl
+++ b/charts/catalog/templates/_helpers.tpl
@@ -7,3 +7,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- define "fullname" -}}
 {{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Conditionally print out rbac api verison.
+This will select v1 before v1beta1 if both are available.
+*/}}
+{{- define "rbacApiVersion" -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+rbac.authorization.k8s.io/v1
+{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" -}}
+rbac.authorization.k8s.io/v1beta1
+{{- end -}}
+{{- end -}}
diff --git a/charts/catalog/templates/rbac.yaml b/charts/catalog/templates/rbac.yaml
index be92177b3ed..e642a508171 100644
--- a/charts/catalog/templates/rbac.yaml
+++ b/charts/catalog/templates/rbac.yaml
@@ -1,13 +1,13 @@
-{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }}
+{{- if .Values.rbacEnable }}
 apiVersion: v1
 kind: List
 items:
 
 ### API Server ###
-  
+
 # TODO: if this is just for namespace lifecycle admission, move to a generic role
 # the role for the apiserver 
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: ClusterRole
   metadata:
     name: "servicecatalog.k8s.io:apiserver"
@@ -18,7 +18,7 @@ items:
     resources: ["namespaces"]
     verbs:     ["get", "list", "watch"]
 # API-server service-account gets its own role
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: ClusterRoleBinding
   metadata:
     name: "servicecatalog.k8s.io:apiserver"
@@ -33,7 +33,7 @@ items:
     namespace: "{{ .Release.Namespace }}"
 # apiserver gets the auth-delegator role to delegate auth decisions to
 # the core apiserver
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: ClusterRoleBinding
   metadata:
     name: "servicecatalog.k8s.io:apiserver-auth-delegator"
@@ -49,7 +49,7 @@ items:
 # apiserver gets the ability to read authentication. This allows it to
 # read the specific configmap that has the requestheader-* entries to
 # enable api aggregation
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: RoleBinding
   metadata:
     name: "servicecatalog.k8s.io:apiserver-authentication-reader"
@@ -69,7 +69,7 @@ items:
 # controller-manager role defines what access the service-catalog
 # controller-manager needs to manage the resources of the
 # service-catalog
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: ClusterRole
   metadata:
     name: "servicecatalog.k8s.io:controller-manager"
@@ -98,7 +98,7 @@ items:
     resources: ["clusterservicebrokers/status","serviceinstances/status","serviceinstances/reference","servicebindings/status"]
     verbs:     ["update"]
 # give the controller-manager service account access to whats defined in its role.
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: ClusterRoleBinding
   metadata:
     name: "servicecatalog.k8s.io:controller-manager"
@@ -114,7 +114,7 @@ items:
 
 # This gives create/update access to an endpoint in kube-system for leader election
 # TODO: use an object other than endpoints, and in the same namespace as the service catalog, not in kube-system
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: Role
   metadata:
     name: "servicecatalog.k8s.io:leader-locking-controller-manager"
@@ -127,7 +127,7 @@ items:
     resources:     ["endpoints"]
     resourceNames: ["service-catalog-controller-manager"]
     verbs:         ["get","update"]
-- apiVersion: rbac.authorization.k8s.io/v1beta1
+- apiVersion: {{template "rbacApiVersion" . }}
   kind: RoleBinding
   metadata:
     name: service-catalog-controller-manager
@@ -141,4 +141,4 @@ items:
     kind: ServiceAccount
     name: "{{ .Values.controllerManager.serviceAccount }}"
     namespace: "{{ .Release.Namespace }}"
-{{ end }}
+{{end}}
diff --git a/charts/catalog/values.yaml b/charts/catalog/values.yaml
index 85554f2a877..1cdb193a3ac 100644
--- a/charts/catalog/values.yaml
+++ b/charts/catalog/values.yaml
@@ -1,6 +1,9 @@
 # Default values for Service Catalog
 # determines whether the API server should be registered with the kube-aggregator
 useAggregator: false
+## If true, create & use RBAC resources
+##
+rbacEnable: true
 apiserver:
   # apiserver image to use
   image: quay.io/kubernetes-service-catalog/apiserver:v0.1.0-rc1