Currently, DC apps that use Hazelcast K8s plugin for clustering need a ClusterRole and a ClusterRoleBinding to allow the client talk to K8s api. Often, admins do not have cluster wide permissions which make deployment of a datacenter app with clustering enabled impossible.

It turns out that K8s client does not need to get and list nodes (that's the only reason to create clusterrole really). The official Hazelcast Helm chart makes it configurable - one can create a namespaced role instead of a cluster role - https://github.com/hazelcast/charts/pull/277

It would be great to add such an option to https://github.com/atlassian/data-center-helm-charts as this will make chart deployment easier, and no unnecessary privileges are requested. The only usecase when K8s client may need to list nodes is https://github.com/hazelcast/hazelcast-kubernetes#zone-aware