diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
index b7c4c624df91655e290e903e8fbad059f1c1f361..5f5a9586c9db9df790ac7d992e56e585d906b5f7 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
@@ -18,6 +18,12 @@ rules:
     verbs:
       - watch
       - list
+  - apiGroups:
+    - ""
+    resources:
+      - nodes
+    verbs:
+      - get
   - apiGroups:
     - networking.k8s.io
     resources: