diff --git a/infrastructure/hydra/truenas-csi/controller-cluster-role.yaml b/infrastructure/hydra/truenas-csi/controller-cluster-role.yaml
index 31214ac..ab521f4 100644
--- a/infrastructure/hydra/truenas-csi/controller-cluster-role.yaml
+++ b/infrastructure/hydra/truenas-csi/controller-cluster-role.yaml
@@ -136,3 +136,15 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - create
+  - update
+  - patch
+  - delete
+  - list
+  - watch
diff --git a/infrastructure/hydra/truenas-csi/kuztomization.yaml b/infrastructure/hydra/truenas-csi/kuztomization.yaml
index be16b06..0b30f40 100644
--- a/infrastructure/hydra/truenas-csi/kuztomization.yaml
+++ b/infrastructure/hydra/truenas-csi/kuztomization.yaml
@@ -4,16 +4,16 @@ metadata:
   name: truenas-csi
   namespace: truenas-csi
 resources:
-- CSIDriver.yaml
-- nfs-storage-class.yaml
-- controller-deployment.yaml
-- controller-binding.yaml
-- node-binding.yaml
+- node-cluster-role.yaml
 - config.yaml
+- nfs-storage-class.yaml
 - iscsi-storage-class.yaml
 - namespace.yaml
 - controller-service-account.yaml
 - controller-cluster-role.yaml
-- node-service-account.yaml
-- node-cluster-role.yaml
+- node-binding.yaml
 - node-deamonset.yaml
+- CSIDriver.yaml
+- controller-deployment.yaml
+- controller-binding.yaml
+- node-service-account.yaml
diff --git a/pkg/truenas/rbac.go b/pkg/truenas/rbac.go
index 44e3635..0d21d06 100644
--- a/pkg/truenas/rbac.go
+++ b/pkg/truenas/rbac.go
@@ -25,6 +25,7 @@ func controllerClusterRole() rbac.ClusterRole {
 		kube.PolicyRule(kube.APIGroupSnapshot, kube.ResourceVolumeSnapshotContents, kube.VerbsAll()),
 		kube.PolicyRule(kube.APIGroupSnapshot, kube.ResourceVolumeSnapshotContentsStatus, kube.VerbsMutate()),
 		kube.PolicyRule(kube.APIGroupSnapshot, kube.ResourceVolumeSnapshotClases, kube.VerbsRead()),
+		kube.PolicyRule(kube.APIGroupCoordination, kube.ResourceLeases, kube.VerbsAll()),
 	}
 	return kube.ClusterRole(root.TrueNAS_CSI+"-controller-role", rules)
 }