Is this rolebinding ok to apply?

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: log-reader
  namespace: production
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: log-reader-binding
  namespace: production
subjects:
- kind: ServiceAccount
  name: logger
  namespace: production
roleRef:
  kind: Role
  name: log-reader
  apiGroup: rbac.authorization.k8s.io