diff --git a/helm-chart-sources/edge/templates/rbac/role.yaml b/helm-chart-sources/edge/templates/rbac/role.yaml
new file mode 100644
index 0000000..f3921aa
--- /dev/null
+++ b/helm-chart-sources/edge/templates/rbac/role.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.fullname" . }}:{{ include "common.name" . }}:{{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- with .Values.rbac.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+  {{- toYaml .Values.rbac.roleRules | nindent 2}}
+  {{- range .Values.rbac.extraRoleRules }}
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}
diff --git a/helm-chart-sources/edge/templates/rbac/rolebinding.yaml b/helm-chart-sources/edge/templates/rbac/rolebinding.yaml
new file mode 100644
index 0000000..e201849
--- /dev/null
+++ b/helm-chart-sources/edge/templates/rbac/rolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "common.fullname" . }}:{{ include "common.name" . }}:{{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ if not .Values.serviceAccount.name }}{{ include "common.fullname" . }}{{ else }}{{ .Values.serviceAccount.name }}{{ end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "common.fullname" . }}:{{ include "common.name" . }}:{{ .Release.Namespace }}
+{{- end }}
diff --git a/helm-chart-sources/edge/tests/rbac_test.yaml b/helm-chart-sources/edge/tests/rbac_test.yaml
index 1f040e2..7bcee08 100644
--- a/helm-chart-sources/edge/tests/rbac_test.yaml
+++ b/helm-chart-sources/edge/tests/rbac_test.yaml
@@ -2,6 +2,8 @@ suite: RBAC
 templates:
   - rbac/serviceaccount.yaml
   - rbac/clusterrole.yaml
+  - rbac/role.yaml
+  - rbac/rolebinding.yaml
 values:
   - ./values/leader.yaml
 tests:
@@ -55,6 +57,31 @@ tests:
               - replicasets
               - statefulsets
 
+  - it: Creates a Role
+    template: rbac/role.yaml
+    asserts:
+      - containsDocument:
+          kind: Role
+          apiVersion: rbac.authorization.k8s.io/v1
+
+  - it: Defines Role Rules
+    template: rbac/role.yaml
+    asserts:
+      - contains:
+          path: rules
+          any: true
+          content:
+            resources:
+              - pods
+
+  - it: Creates a RoleBinding
+    template: rbac/rolebinding.yaml
+    asserts:
+      - isKind:
+          of: RoleBinding
+      - isAPIVersion:
+          of: rbac.authorization.k8s.io/v1
+
   - it: Correctly includes extraRules
     template: rbac/clusterrole.yaml
     set:
diff --git a/helm-chart-sources/edge/values.yaml b/helm-chart-sources/edge/values.yaml
index 8e76d94..f5b83e6 100644
--- a/helm-chart-sources/edge/values.yaml
+++ b/helm-chart-sources/edge/values.yaml
@@ -83,12 +83,44 @@ serviceAccount:
 rbac:
   create: true
   annotations: {}
+  # Required namespace-scoped resources
+  roleRules:
+    - apiGroups:
+        - ""
+      resources:
+        - pods
+      verbs: ['get']
+    - apiGroups:
+        - "apps"
+      resources:
+        - daemonsets
+      verbs:
+        - get
+  # Extra namespace-scoped resources
+  extraRoleRules: []
+  # - apiGroups: []
+  #   resources: []
+  #   resourceNames: []
+  #   verbs: []
+
+  # ClusterRole Rules
   rules:
     - apiGroups:
         - "events.k8s.io"
       resources:
         - events
       verbs: ['watch']
+    - apiGroups:
+        - ""
+      resources:
+        - nodes
+        - nodes/log
+        - nodes/metrics
+        - nodes/proxy
+        - nodes/spec
+        - nodes/stats
+        - pods/log
+      verbs: ['get', 'list', 'watch']
     - apiGroups:
         - ""
       resources:
@@ -96,19 +128,13 @@ rbac:
         - endpoints
         - limitranges
         - namespaces
-        - nodes
         - persistentvolumeclaims
         - pods
         - replicationcontrollers
         - secrets
         - services
         - strategicMergePatches
-        - nodes/log
-        - nodes/metrics
-        - nodes/proxy
-        - nodes/spec
-        - nodes/stats
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "apps"
       resources:
@@ -116,46 +142,46 @@ rbac:
         - deployments
         - replicasets
         - statefulsets
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "batch"
       resources:
         - cronjobs
         - jobs
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "autoscaling"
       resources:
         - horizontalpodautoscalers
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "policy"
       resources:
         - poddisruptionbudgets
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "networking.k8s.io"
       resources:
         - ingresses
         - networkpolicies
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "admissionregistration.k8s.io"
       resources:
         - mutatingwebhookconfigurations
         - validatingwebhookconfigurations
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "certificates.k8s.io"
       resources:
         - certificatesigningrequests
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
     - apiGroups:
         - "storage.k8s.io"
       resources:
         - storageclasses
         - volumeattachments
-      verbs: ['get', 'list', 'watch']
+      verbs: ['list', 'watch']
   extraRules: []
   # - apiGroups: []
   #   resources: []