diff --git a/deploy/helm-chart/templates/clusterrolebinding.yaml b/deploy/helm-chart/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..7d8c324
--- /dev/null
+++ b/deploy/helm-chart/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.rbac.enabled (not (eq .Values.rbac.name "")) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ .Values.rbac.type }}Binding
+metadata:
+  labels:
+    {{- include "exporter.labels" . | nindent 4 }}
+  name: {{ include "exporter.fullname" . }}
+  {{- if eq .Values.rbac.type "Role" }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: {{ .Values.rbac.type }}
+  name: {{ .Values.rbac.name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "exporter.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/deploy/helm-chart/values.yaml b/deploy/helm-chart/values.yaml
index 1d1ddd8..e10ee3b 100644
--- a/deploy/helm-chart/values.yaml
+++ b/deploy/helm-chart/values.yaml
@@ -23,6 +23,11 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
+rbac:
+  enabled: false
+  type: ClusterRole # ClusterRole or Role
+  name: "" # example: system:auth-delegator
+
 podAnnotations:
   prometheus.io/scrape: 'true'
   prometheus.io/port: '8000'