diff --git a/games/valheim/prod.jsonnet b/games/valheim/prod.jsonnet
index f1f3c346..82e29076 100644
--- a/games/valheim/prod.jsonnet
+++ b/games/valheim/prod.jsonnet
@@ -59,6 +59,37 @@ local kube = import "../../kube/kube.libsonnet";
                 },
             },
 
+            // Given to some external users/systems which manage a given valheim server in a namespace.
+            // TODO(q3k): only grant privileges to the same server
+            controlAccount: {
+                svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
+                role: ns.Contain(kube.Role("control")) {
+                    rules: [
+                        {
+                            apiGroups: [""],
+                            resources: ["pods"],
+                            verbs: ["get", "list", "watch", "delete"],
+                        },
+                        {
+                            apiGroups: [""],
+                            resources: ["pods/log"],
+                            verbs: ["get"],
+                        },
+                        {
+                            apiGroups: ["apps"],
+                            resources: ["deployments"],
+                            verbs: ["get", "list", "watch"],
+                        },
+                    ],
+                },
+                roleBinding:  ns.Contain(kube.RoleBinding(named("control"))) {
+                    subjects_: [
+                        game.controlAccount.svcAccount,
+                    ],
+                    roleRef_: game.controlAccount.role,
+                },
+            },
+
             scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
                 data: {
                     # Based on https://github.com/mbround18/valheim-docker ,