diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index e686ee1..9ee039b 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: ghcr.io/kubestellar/kubeflex/manager
-  newTag: 0.1.0
+  newName: ko.local/manager
+  newTag: e3e4723
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index ea5d486..9cd8ecd 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -17,6 +17,30 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -29,6 +53,78 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/attach
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/log
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/portforward
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -77,6 +173,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -89,6 +193,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:
@@ -101,6 +217,54 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - tenancy.kflex.kubestellar.org
   resources:
diff --git a/docs/debugging.md b/docs/debugging.md
index 5337c61..e970b54 100644
--- a/docs/debugging.md
+++ b/docs/debugging.md
@@ -73,6 +73,19 @@ helm package charts/multicluster-controlplane
 helm push multicluster-controlplane-chart-0.1.0.tgz oci://quay.io/pdettori
 ```
 
+### Commands to build and load locally the kubeflex operator image for testing
+
+```shell
+ko build --local --push=false -B ./cmd/manager -t $(git rev-parse --short HEAD) --platform linux/arm64
+kind load docker-image ko.local/manager:$(git rev-parse --short HEAD) --name kubeflex
+```
+
+To deploy locally the image:
+
+```shell
+make deploy IMG=ko.local/manager:$(git rev-parse --short HEAD)
+```
+
 ### Commands to build and load locally the cmupdate image (for testing)
 
 ```shell
diff --git a/internal/controller/controlplane_controller.go b/internal/controller/controlplane_controller.go
index 2e3a1c7..12a36cb 100644
--- a/internal/controller/controlplane_controller.go
+++ b/internal/controller/controlplane_controller.go
@@ -53,6 +53,20 @@ type ControlPlaneReconciler struct {
 //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="batch",resources=jobs,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=events,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods/attach,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods/exec,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods/log,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods/portforward,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="apps",resources=replicasets,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/pkg/reconcilers/vcluster/chart.go b/pkg/reconcilers/vcluster/chart.go
index 6f6318b..49d33ed 100644
--- a/pkg/reconcilers/vcluster/chart.go
+++ b/pkg/reconcilers/vcluster/chart.go
@@ -21,24 +21,13 @@ import (
 	"fmt"
 	"strings"
 
+	clog "sigs.k8s.io/controller-runtime/pkg/log"
+
 	tenancyv1alpha1 "github.com/kubestellar/kubeflex/api/v1alpha1"
 	"github.com/kubestellar/kubeflex/pkg/helm"
 	"github.com/kubestellar/kubeflex/pkg/util"
 )
 
-// helm upgrade --install <controlplane-name> vcluster \
-//   --set vcluster.image=rancher/k3s:v1.27.2-k3s1 \
-//   --repo https://charts.loft.sh \
-//   --namespace <controlplane-name>-system \
-//   --repository-config='' \
-//   --create-namespace
-
-// Need also
-// syncer:
-//   extraArgs:
-//   - --tls-san=<controlplane-name>.localtest.me
-//   - --out-kube-config-server=https://<controlplane-name>.localtest.me:9443
-
 const (
 	URL         = "https://charts.loft.sh"
 	RepoName    = "loft"
@@ -53,6 +42,7 @@ var (
 )
 
 func (r *VClusterReconciler) ReconcileChart(ctx context.Context, hcp *tenancyv1alpha1.ControlPlane) error {
+	_ = clog.FromContext(ctx)
 	localDNSName := util.GenerateDevLocalDNSName(hcp.Name)
 	configs = append(configs, fmt.Sprintf("syncer.extraArgs[0]=--tls-san=%s", localDNSName))
 	configs = append(configs, fmt.Sprintf("syncer.extraArgs[1]=--out-kube-config-server=https://%s:9443", localDNSName))