diff --git a/Readme.md b/Readme.md
index 37227b12..785fa56b 100644
--- a/Readme.md
+++ b/Readme.md
@@ -167,6 +167,23 @@ If you are running in OpenShift, the default `restricted` security context const
 
 The other default settings, such as a read-only root filesystem, are suitable for an OpenShift environment.
 
+## Additional Permissions for Prefect Agent
+
+### Dask
+
+If you are running flows on your agent’s pod (i.e. with Process infrastructure), and using the Dask task runner to create Dask Kubernetes clusters, you will need to grant the following permissions within `values.yaml`.
+
+```yaml
+role:
+  extraPermissions:
+    - apiGroups: [""]
+    resources: ["pods", "services"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+    - apiGroups: ["policy"]
+    resources: ["poddisruptionbudgets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+```
+
 ## Troubleshooting
 
 ### The database deploys correctly but other services fail with "bad password"
diff --git a/charts/prefect-agent/README.md b/charts/prefect-agent/README.md
index 1d51efb6..b7fc2d70 100644
--- a/charts/prefect-agent/README.md
+++ b/charts/prefect-agent/README.md
@@ -65,6 +65,7 @@ Prefect Agent application bundle
 | fullnameOverride | string | `"prefect-agent"` | fully override common.names.fullname |
 | nameOverride | string | `""` | partially overrides common.names.name |
 | namespaceOverride | string | `""` | fully override common.names.namespace |
+| role.extraPermissions | list | `[]` | array with extra permissions to add to the agent role |
 | serviceAccount.annotations | object | `{}` | additional service account annotations (evaluated as a template) |
 | serviceAccount.create | bool | `true` | specifies whether a ServiceAccount should be created |
 | serviceAccount.name | string | `""` | the name of the ServiceAccount to use. if not set and create is true, a name is generated using the common.names.fullname template |
diff --git a/charts/prefect-agent/templates/role.yaml b/charts/prefect-agent/templates/role.yaml
index 320b7783..3173efdc 100644
--- a/charts/prefect-agent/templates/role.yaml
+++ b/charts/prefect-agent/templates/role.yaml
@@ -19,3 +19,6 @@ rules:
 - apiGroups: ["batch"]
   resources: ["jobs"]
   verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
+{{- if .Values.role.extraPermissions }}
+{{- include "common.tplvalues.render" (dict "value" .Values.role.extraPermissions "context" $) | nindent 0 }}
+{{- end }}
diff --git a/charts/prefect-agent/values.yaml b/charts/prefect-agent/values.yaml
index b9d0960e..2041eb63 100644
--- a/charts/prefect-agent/values.yaml
+++ b/charts/prefect-agent/values.yaml
@@ -65,7 +65,6 @@ agent:
     # -- prefect API url
     apiUrl: http://127.0.0.1:4200/api
 
-
   # -- number of agent replicas to deploy
   replicaCount: 1
 
@@ -137,3 +136,14 @@ serviceAccount:
   name: ""
   # -- additional service account annotations (evaluated as a template)
   annotations: {}
+
+## Role configuration
+role:
+  ## List of extra role permissions
+  ## e.g:
+  ## extraPermissions:
+  ##  - apiGroups: [""]
+  ##    resources: ["pods", "services"]
+  ##    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  # -- array with extra permissions to add to the agent role
+  extraPermissions: []