diff --git a/monitoring/cicd-rbac.yaml b/monitoring/cicd-rbac.yaml
index fa30b45..aed31cd 100644
--- a/monitoring/cicd-rbac.yaml
+++ b/monitoring/cicd-rbac.yaml
@@ -22,6 +22,13 @@ rules:
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["clusterroles", "clusterrolebindings"]
   verbs: ["get", "list", "create", "update", "patch", "delete"]
+
+
+# telegraf
+- apiGroups: ["monitoring.coreos.com"]
+  resources: ["servicemonitors", "podmonitors", "prometheuses", "alertmanagers"]
+  verbs: ["get", "list", "create", "update", "patch", "delete"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -61,3 +68,30 @@ roleRef:
   kind: ClusterRole
   name: ci-cd-cluster
   apiGroup: rbac.authorization.k8s.io
+
+---
+# telegraf
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: kube-system
+  name: ci-cd-kube-system
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ci-cd-kube-system
+  namespace: kube-system
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: Role
+  name: ci-cd-kube-system
+  apiGroup: rbac.authorization.k8s.io