diff --git a/charts/mondoo-operator/Chart.yaml b/charts/mondoo-operator/Chart.yaml
index e4537372e..2a19f5e38 100755
--- a/charts/mondoo-operator/Chart.yaml
+++ b/charts/mondoo-operator/Chart.yaml
@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.7
+version: 0.2.8
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.7"
+appVersion: "0.2.8"
diff --git a/charts/mondoo-operator/templates/manager-rbac.yaml b/charts/mondoo-operator/templates/manager-rbac.yaml
index 6c0b8d34b..492247fa9 100644
--- a/charts/mondoo-operator/templates/manager-rbac.yaml
+++ b/charts/mondoo-operator/templates/manager-rbac.yaml
@@ -22,6 +22,15 @@ rules:
   resources:
   - daemonsets
   verbs:
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
   - create
   - delete
   - get
@@ -30,9 +39,9 @@ rules:
   - update
   - watch
 - apiGroups:
-  - apps
+  - batch
   resources:
-  - deployments
+  - cronjobs
   verbs:
   - create
   - delete
@@ -70,6 +79,7 @@ rules:
   - ""
   resources:
   - namespaces
+  - nodes
   - pods
   verbs:
   - get
@@ -82,6 +92,15 @@ rules:
   verbs:
   - create
   - delete
+- apiGroups:
+  - ""
+  resourceNames:
+  - mondoo-client
+  - mondoo-token
+  resources:
+  - secrets
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:
diff --git a/charts/mondoo-operator/templates/mondooauditconfig-crd.yaml b/charts/mondoo-operator/templates/mondooauditconfig-crd.yaml
index c740a0e70..62777e650 100644
--- a/charts/mondoo-operator/templates/mondooauditconfig-crd.yaml
+++ b/charts/mondoo-operator/templates/mondooauditconfig-crd.yaml
@@ -293,6 +293,17 @@ spec:
                       TODO: Add other useful fields. apiVersion, kind, uid?'
                     type: string
                 type: object
+              mondooTokenSecretRef:
+                description: MondooTokenSecretRef can optionally hold a time-limited
+                  token that the mondoo-operator will use to create a Mondoo service
+                  account saved to the Secret specified in .spec.mondooCredsSecretRef
+                  if that Secret does not exist.
+                properties:
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    type: string
+                type: object
               nodes:
                 properties:
                   enable:
diff --git a/charts/mondoo-operator/values.yaml b/charts/mondoo-operator/values.yaml
index 9cd741320..0dcb867dc 100644
--- a/charts/mondoo-operator/values.yaml
+++ b/charts/mondoo-operator/values.yaml
@@ -2,7 +2,7 @@ controllerManager:
   manager:
     image:
       repository: ghcr.io/mondoohq/mondoo-operator
-      tag: v0.2.7
+      tag: v0.2.8
     resources:
       limits:
         cpu: 200m
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 00a876bb9..b475592ee 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -14,4 +14,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: ghcr.io/mondoohq/mondoo-operator
-  newTag: v0.2.7
+  newTag: v0.2.8