diff --git a/charts/tf-controller/templates/rbac.yaml b/charts/tf-controller/templates/rbac.yaml
index 28bca945..04f17d2a 100644
--- a/charts/tf-controller/templates/rbac.yaml
+++ b/charts/tf-controller/templates/rbac.yaml
@@ -46,6 +46,57 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
+metadata:
+  name: tf-cluster-reconciler-role
+rules:
+- apiGroups:
+  - infra.contrib.fluxcd.io
+  resources:
+  - terraforms
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infra.contrib.fluxcd.io
+  resources:
+  - terraforms/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - patch
+  - update
+- apiGroups: 
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   name: tf-manager-role
 rules:
@@ -167,7 +218,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: tf-cluster-reconciler-role
 subjects:
 - kind: ServiceAccount
   name: {{ include "tf-controller.serviceAccountName" . }}