Since Fluentd Daemonset has access to the pod log locations why it needs to contact API server?

Question

I have deployed Fluentd as DaemonSet on my cluster using fluentd-daemonset-elasticsearch.

In the logs I can see this error

start_pod_watch: Exception encountered setting up pod watch from Kubernetes API v1 endpoint https://<ip>:443/api: pods is forbidden: User "system:serviceaccount:development:default" cannot list resource "pods" in API group "" at the cluster scope ({"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods is forbidden: User \\"system:serviceaccount:development:default\\" cannot list resource \\"pods\\" in API group \\"\\" at the cluster scope","reason":"Forbidden","details":{"kind":"pods"},"code":403} (Fluent::ConfigError)

If you check the volumeMounts you can see that Fluentd has access to all the logs. So, my question is if it has access why it tries to contact APIServer? and how to resolve this issue?