diff --git a/variants/prometheus-operator-example/k8s-cluster-rbac.yaml b/variants/prometheus-operator-example/k8s-cluster-rbac.yaml
new file mode 100644
index 00000000..3f57d21d
--- /dev/null
+++ b/variants/prometheus-operator-example/k8s-cluster-rbac.yaml
@@ -0,0 +1,30 @@
+# Allows the "k8s" prometheus from Prometheus Operator contrib to do service discovery in the kafka namespace
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus-k8s
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus-k8s
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus-k8s
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: monitoring
diff --git a/variants/prometheus-operator-example/k8s-kafka-rbac.yaml b/variants/prometheus-operator-example/k8s-kafka-rbac.yaml
index e13c4e3c..311961ce 100644
--- a/variants/prometheus-operator-example/k8s-kafka-rbac.yaml
+++ b/variants/prometheus-operator-example/k8s-kafka-rbac.yaml
@@ -1,4 +1,4 @@
-# Allows the "k8s" prometheus from Prometheus Operator contrib to do service discovery iin the kafka namespace
+# Allows the "k8s" prometheus from Prometheus Operator contrib to do service discovery in the kafka namespace
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/variants/prometheus-operator-example/kustomization.yaml b/variants/prometheus-operator-example/kustomization.yaml
index 3da27284..3fe25c81 100644
--- a/variants/prometheus-operator-example/kustomization.yaml
+++ b/variants/prometheus-operator-example/kustomization.yaml
@@ -9,6 +9,8 @@ bases:
 #- ../../prometheus
 resources:
 - k8s-kafka-rbac.yaml
+# or, to scrape all namespaces
+#- k8s-cluster-rbac.yaml
 # with base ../../prometheus
 #- k8s-kafka-servicemonitor.yaml
 # with base ../../consumers-prometheus