diff --git a/CHANGELOG.md b/CHANGELOG.md
index edaec267..5bf810d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,6 +30,7 @@ All notable changes to this project will be documented in this file.
   - The defaults from the docker images itself will now apply, which will be different from 1000/0 going forward
   - This is marked as breaking because tools and policies might exist, which require these fields to be set
 - Use versioned common structs ([#684]).
+- BREAKING: remove legacy service account binding for cluster role nodes ([#697]).
 
 ### Fixed
 
@@ -52,6 +53,7 @@ All notable changes to this project will be documented in this file.
 [#693]: https://github.com/stackabletech/hdfs-operator/pull/693
 [#695]: https://github.com/stackabletech/hdfs-operator/pull/695
 [#696]: https://github.com/stackabletech/hdfs-operator/pull/696
+[#697]: https://github.com/stackabletech/hdfs-operator/pull/697
 
 ## [25.3.0] - 2025-03-21
 
diff --git a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
index c963ea17..f1d339c8 100644
--- a/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
+++ b/rust/operator-binary/src/hdfs_clusterrolebinding_nodes_controller.rs
@@ -73,26 +73,12 @@ pub async fn reconcile(
             }
         })
         .flat_map(|(meta, sa_name)| {
-            let mut result = vec![
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: sa_name,
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-                // This extra Serviceaccount is being written for legacy/compatibility purposes
-                // to ensure that running clusters don't lose access to anything during an upgrade
-                // of the Stackable operators, this code can be removed in later releases
-                // The value is hardcoded here, as we have removed access to the private fns that
-                // would have built it, since this is a known target though, and will be removed soon
-                // this should not be an issue.
-                Subject {
-                    kind: "ServiceAccount".to_string(),
-                    name: "hdfs-serviceaccount".to_string(),
-                    namespace: meta.namespace.clone(),
-                    ..Subject::default()
-                },
-            ];
+            let mut result = vec![Subject {
+                kind: "ServiceAccount".to_string(),
+                name: sa_name,
+                namespace: meta.namespace.clone(),
+                ..Subject::default()
+            }];
             // If a cluster is called hdfs this would result in the same subject
             // being written twicex.
             // Since we know this vec only contains two elements we can use dedup for