diff --git a/kubernetes-templates/semaphoreui.yml b/kubernetes-templates/semaphoreui.yml
index d787185..6119d07 100644
--- a/kubernetes-templates/semaphoreui.yml
+++ b/kubernetes-templates/semaphoreui.yml
@@ -10,6 +10,30 @@ metadata:
   name: semaphore-sa
   namespace: semaphore
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: semaphore-role
+  namespace: semaphore
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "secrets", "configmaps"]
+    verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: semaphore-rb
+  namespace: semaphore
+subjects:
+  - kind: ServiceAccount
+    name: semaphore-sa
+    namespace: semaphore
+roleRef:
+  kind: Role
+  name: semaphore-role
+  apiGroups: rbac.authorization.k8s.io
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -123,13 +147,15 @@ spec:
           volumeMounts:
             - name: semaphore-persistent-storage
               mountPath: /home/semaphore
-              subPath: home
             - name: semaphore-persistent-storage
               mountPath: /tmp/semaphore
               subPath: tmp
             - name: ssh-keys-volume
-              mountPath: /home/semaphore/.ssh
-              readOnly: true
+              mountPath: /home/semaphore/.ssh/id_ed25519
+              subPath: id_ed25519
+            - name: ssh-keys-volume
+              mountPath: /home/semaphore/.ssh/id_ed25519.pub
+              subPath: id_ed25519.pub
       volumes:
         - name: semaphore-persistent-storage
           persistentVolumeClaim: