Telegraf input kubernetes HTTP status 403 Forbidden

I am trying to setup the telegraf input for kubernetes. We are running k8s version 1.10
the http port 10255 has been disabled, so we need to use the https port 10250.
but i get the following in the logs from the daemonset pods:
2019-02-22T17:24:10Z E! [inputs.kubernetes]: Error in plugin: https://redacted:10250/stats/summary returned HTTP status 403 Forbidden

I found I need to setup a service account and grant it the correct cluster role binding.