diff --git a/deployments/relay-deployment.yaml b/deployments/relay-deployment.yaml
index 9fe336f..e430bad 100644
--- a/deployments/relay-deployment.yaml
+++ b/deployments/relay-deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: kubearmor
-  namespace: kube-system
+  namespace: kubearmor
 spec:
   selector:
     kubearmor-app: kubearmor-relay
@@ -10,11 +10,43 @@ spec:
   - port: 32767
     protocol: TCP
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubearmor-relay
+  namespace: kubearmor
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubearmor-relay-clusterrole
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubearmor-relay-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubearmor-relay-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: kubearmor-relay
+  namespace: kubearmor
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: kubearmor-relay
-  namespace: kube-system
+  namespace: kubearmor
   labels:
     kubearmor-app: kubearmor-relay
 spec:
@@ -29,7 +61,7 @@ spec:
       annotations:
         kubearmor-policy: audited
     spec:
-      serviceAccountName: kubearmor
+      serviceAccountName: kubearmor-relay
       containers:
       - name: kubearmor-relay-server
         image: kubearmor/kubearmor-relay-server:latest