diff --git a/whereabouts/templates/cluster_role.yaml b/whereabouts/templates/cluster_role.yaml
index a9b02e2..148ae90 100644
--- a/whereabouts/templates/cluster_role.yaml
+++ b/whereabouts/templates/cluster_role.yaml
@@ -7,6 +7,7 @@ rules:
   - whereabouts.cni.cncf.io
   resources:
   - ippools
+  - overlappingrangeipreservations
   verbs:
   - get
   - list
@@ -26,3 +27,20 @@ rules:
   - pods
   verbs:
   - list
+  - watch
+- apiGroups: ["k8s.cni.cncf.io"]
+  resources:
+  - network-attachment-definitions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  - events.k8s.io
+  resources:
+    - events
+  verbs:
+  - create
+  - patch
+  - update
diff --git a/whereabouts/templates/cronjob.yaml b/whereabouts/templates/cronjob.yaml
index 4cc61a9..9a3eb65 100644
--- a/whereabouts/templates/cronjob.yaml
+++ b/whereabouts/templates/cronjob.yaml
@@ -7,7 +7,7 @@ metadata:
     {{- include "whereabouts.labels" . | nindent 4 }}
 spec:
   concurrencyPolicy: Forbid
-  successfulJobsHistoryLimit: 0
+  successfulJobsHistoryLimit: {{ .Values.successfulJobsHistoryLimit | default "0" }}
   schedule: "*/5 * * * *"
   jobTemplate:
     spec:
diff --git a/whereabouts/templates/daemonset.yaml b/whereabouts/templates/daemonset.yaml
index 896efc3..fda9b24 100644
--- a/whereabouts/templates/daemonset.yaml
+++ b/whereabouts/templates/daemonset.yaml
@@ -22,13 +22,12 @@ spec:
         name: whereabouts
         {{- include "whereabouts.selectorLabels" . | nindent 8 }}
     spec:
-      priorityClassName: system-node-critical
       hostNetwork: true
+      serviceAccountName: {{ include "whereabouts.serviceAccountName" . }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "whereabouts.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
diff --git a/whereabouts/values.yaml b/whereabouts/values.yaml
index cced9b0..a68593b 100644
--- a/whereabouts/values.yaml
+++ b/whereabouts/values.yaml
@@ -13,6 +13,7 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 namespaceOverride: "kube-system"
+successfulJobsHistoryLimit: 0
 
 serviceAccount:
   # Specifies whether a service account should be created