diff --git a/charts/monitor/charts/telegraf/templates/monitor-telegraf-role.yaml b/charts/monitor/charts/telegraf/templates/monitor-telegraf-role.yaml
new file mode 100644
index 0000000..f5ab9b3
--- /dev/null
+++ b/charts/monitor/charts/telegraf/templates/monitor-telegraf-role.yaml
@@ -0,0 +1,15 @@
+{{- if (.Values.global.use_rbac) -}}
+{{- if (.Capabilities.APIVersions.Has (include "rbacAPIVersion" .)) -}}
+kind: Role
+apiVersion: {{ template "rbacAPIVersion" . }}
+metadata:
+  name: deis-monitor-telegraf
+  labels:
+    app: deis-monitor-telegraf
+    heritage: deis
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+{{- end -}}
+{{- end -}}
diff --git a/charts/monitor/charts/telegraf/templates/monitor-telegraf-rolebinding.yaml b/charts/monitor/charts/telegraf/templates/monitor-telegraf-rolebinding.yaml
new file mode 100644
index 0000000..cb3e8be
--- /dev/null
+++ b/charts/monitor/charts/telegraf/templates/monitor-telegraf-rolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if (.Values.global.use_rbac) -}}
+{{- if (.Capabilities.APIVersions.Has (include "rbacAPIVersion" .)) -}}
+kind: RoleBinding
+apiVersion: {{ template "rbacAPIVersion" . }}
+metadata:
+  name: deis-monitor-telegraf
+  labels:
+    app: deis-monitor-telegraf
+    heritage: deis
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: deis-monitor-telegraf
+subjects:
+- kind: ServiceAccount
+  name: deis-monitor-telegraf
+{{- end -}}
+{{- end -}}
diff --git a/charts/monitor/templates/_helpers.tmpl b/charts/monitor/templates/_helpers.tmpl
new file mode 100644
index 0000000..0b9deb0
--- /dev/null
+++ b/charts/monitor/templates/_helpers.tmpl
@@ -0,0 +1,10 @@
+{{/*
+Set apiVersion based on Kubernetes version
+*/}}
+{{- define "rbacAPIVersion" -}}
+{{- if ge .Capabilities.KubeVersion.Minor "6" -}}
+rbac.authorization.k8s.io/v1beta1
+{{- else -}}
+rbac.authorization.k8s.io/v1alpha1
+{{- end -}}
+{{- end -}}
diff --git a/charts/monitor/values.yaml b/charts/monitor/values.yaml
index d1240dc..8af5d8d 100644
--- a/charts/monitor/values.yaml
+++ b/charts/monitor/values.yaml
@@ -49,3 +49,5 @@ global:
   # - on-cluster: Run Redis within the Kubernetes cluster
   # - off-cluster: Run Redis outside the Kubernetes cluster (configure in loggerRedis section)
   logger_redis_location: "on-cluster"
+  # Role-Based Access Control for Kubernetes >= 1.5
+  use_rbac: false