diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml
index a24da84..4f2123c 100644
--- a/chart/templates/clusterrole.yaml
+++ b/chart/templates/clusterrole.yaml
@@ -8,7 +8,11 @@ metadata:
 rules:
   - apiGroups: [ "" ]
     resources: [ "nodes" ]
+    {{- if .Values.rbac.allowNodesPatchPermission }}
+    verbs: [ "get", "patch" ]
+    {{- else }}
     verbs: [ "get" ]
+    {{- end }}
   - apiGroups: [ "coordination.k8s.io" ]
     resources: [ "leases" ]
     verbs: [ "create", "delete", "get" ]
diff --git a/chart/templates/daemonset.yaml b/chart/templates/daemonset.yaml
index 8d11e50..5ec4d3d 100644
--- a/chart/templates/daemonset.yaml
+++ b/chart/templates/daemonset.yaml
@@ -42,6 +42,8 @@ spec:
                   fieldPath: spec.nodeName
             - name: FILTER
               value: {{ .Values.daemonSet.env.FILTER | quote }}
+            - name: TAINT_KEY
+              value: {{ .Values.daemonSet.env.TAINT_KEY | quote }}
             - name: LOG_LEVEL
               value: {{ .Values.daemonSet.env.LOG_LEVEL | quote }}
             - name: LOG_JSON
diff --git a/chart/values.yaml b/chart/values.yaml
index 08dca3c..9cdd362 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -25,6 +25,7 @@ serviceAccount:
 # Role-Based Access Control (RBAC) configuration.
 rbac:
   create: true
+  allowNodesPatchPermission: false
 
 # DaemonSet configuration.
 daemonSet:
@@ -35,6 +36,7 @@ daemonSet:
     kubeip: use
   env:
     FILTER: labels.kubeip=reserved;labels.environment=demo
+    TAINT_KEY: ""
     LOG_LEVEL: debug
     LOG_JSON: true
   resources: