diff --git a/helm/osko/templates/cluster-role.yaml b/helm/osko/templates/cluster-role.yaml
index 1e1387d..53cfd34 100644
--- a/helm/osko/templates/cluster-role.yaml
+++ b/helm/osko/templates/cluster-role.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
diff --git a/helm/osko/templates/leader_election_role.yaml b/helm/osko/templates/leader_election_role.yaml
index c376f39..a27a15d 100644
--- a/helm/osko/templates/leader_election_role.yaml
+++ b/helm/osko/templates/leader_election_role.yaml
@@ -1,4 +1,3 @@
-# permissions to do leader election.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
diff --git a/helm/osko/templates/prometheusrule_editor_role.yaml b/helm/osko/templates/prometheusrule_editor_role.yaml
new file mode 100644
index 0000000..1369e05
--- /dev/null
+++ b/helm/osko/templates/prometheusrule_editor_role.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{ include "osko.labels" . | nindent 4 }}
+  name: prometheus-rule-editor-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.Name }}-prometheusrule-editor-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "osko.fullname" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/helm/osko/templates/prometheusrule_editor_role_binding.yaml b/helm/osko/templates/prometheusrule_editor_role_binding.yaml
new file mode 100644
index 0000000..ac7efbe
--- /dev/null
+++ b/helm/osko/templates/prometheusrule_editor_role_binding.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{ include "osko.labels" . | nindent 4 }}
+  name: {{ .Release.Name }}-prometheusrule-editor-role
+rules:
+- apiGroups:
+    - monitoring.coreos.com
+  resources:
+    - prometheusrules
+  verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete