diff --git a/docs/installation.md b/docs/installation.md
index f73a25926917ae0edf00a8f75fdb33fb342fe9bb..759c0b1218c72e7c25d8e97f54c48a30147b6120 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -38,6 +38,31 @@ To store the results of benchmark executions in a [PersistentVolume](https://kub
 You can also use an existing PersistentVolumeClaim by setting `operator.resultsVolume.persistent.existingClaim`.
 If persistence is not enabled, all results will be gone upon pod termination.
 
+### Exposing Grafana
+
+Per default, Theodolite exposes a Grafana instance as NodePort at port `31199`. This can configured by setting `grafana.service.nodePort`.
+
+## Additional Kubernetes cluster metrics
+
+As long as you have sufficient permissions on your cluster, you can integrate additional Kubernetes metrics into Prometheus by enabling the following exporters:
+
+```yaml
+kube-prometheus-stack:
+  kubelet:
+    enabled: true
+  kubeStateMetrics:
+    enabled: true
+  nodeExporter:
+    enabled: true
+prometheus: 
+  role:
+    clusterRole: true
+  roleBinding:
+    clusterRoleBinding: true
+```
+
+The ClusterRole and ClusterRoleBindings are required for collecting metrics from the kubelets. See the [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) for more details on configuring the individual exporters.
+
 ### Random scheduler
 
 Installation of the random scheduler can be enabled via `randomScheduler.enabled`. Please note that the random scheduler is neither required in operator mode nor in standalone mode. However, it has to be installed if benchmark executions should use random scheduling.
diff --git a/helm/templates/prometheus/role-binding.yaml b/helm/templates/prometheus/role-binding.yaml
index 722f806e0621a5775083f74f064e0c9eae18f1d8..49b4eff0fed6627b52f2dd5529cd73cf723c4ec2 100644
--- a/helm/templates/prometheus/role-binding.yaml
+++ b/helm/templates/prometheus/role-binding.yaml
@@ -1,11 +1,11 @@
 {{- if .Values.prometheus.roleBinding.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: {{ if .Values.prometheus.roleBinding.clusterRoleBinding }}ClusterRoleBinding{{ else }}RoleBinding{{ end }}
 metadata:
   name: {{ template "theodolite.fullname" . }}-prometheus
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: {{ if .Values.prometheus.role.clusterRole }}ClusterRole{{ else }}Role{{ end }}
   name: {{ template "theodolite.fullname" . }}-prometheus
 subjects:
 - kind: ServiceAccount
diff --git a/helm/templates/prometheus/role.yaml b/helm/templates/prometheus/role.yaml
index 321d2825b5b98d31fc34619e88994058bac74cab..bbe1be6bfc9386f1b5bce896ccf100dc81a0a81d 100644
--- a/helm/templates/prometheus/role.yaml
+++ b/helm/templates/prometheus/role.yaml
@@ -1,6 +1,6 @@
 {{- if .Values.prometheus.role.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: {{ if .Values.prometheus.role.clusterRole }}ClusterRole{{ else }}Role{{ end }}
 metadata:
   name: {{ template "theodolite.fullname" . }}-prometheus
 rules:
@@ -14,4 +14,8 @@ rules:
   resources:
   - configmaps
   verbs: ["get"]
-{{- end}}
+{{- if .Values.prometheus.role.clusterRole }}
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+{{- end }}
+{{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index 1fe1938b9d2257eba4e49b581815937e1a400719..6acebe1874804ab47332c554aa970965864c0340 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -292,8 +292,10 @@ prometheus:
     enabled: true
   role:
     enabled: true
+    clusterRole: false
   roleBinding:
     enabled: true
+    clusterRoleBinding: false
 
 ###
 # Theodolite Operator