diff --git a/manifests/generate-manifests.ps1 b/manifests/generate-manifests.ps1
index 3f74eb66..4cafeb30 100644
--- a/manifests/generate-manifests.ps1
+++ b/manifests/generate-manifests.ps1
@@ -35,6 +35,7 @@ dotnet run --no-build --project $project -- generator rbac -o $output\rbac\
     # "$($output)operator\kustomization.yaml"
     "$($output)crd\deploymentconfigs_apps_openshift_io.yaml"
     "$($output)crd\dynakubes_dynatrace_com.yaml"
+    "$($output)crd\rollouts_argoproj_io.yaml"
     "$($output)crd\kustomization.yaml"
 ) | ForEach-Object {
     Write-Host "Cleaning up bad object $_"
diff --git a/manifests/install/all/operator/base/rbac/cluster-role.yaml b/manifests/install/all/operator/base/rbac/cluster-role.yaml
index 940a95a0..90a9bc0c 100644
--- a/manifests/install/all/operator/base/rbac/cluster-role.yaml
+++ b/manifests/install/all/operator/base/rbac/cluster-role.yaml
@@ -6,35 +6,14 @@ metadata:
     app.kubernetes.io/name: operator
     app.kubernetes.io/part-of: contrast-agent-operator
 rules:
-- apiGroups:
-  - ""
-  - agents.contrastsecurity.com
-  - coordination.k8s.io
-  resources:
-  - secrets
-  - agentconnections
-  - agentconfigurations
-  - leases
-  verbs:
-  - '*'
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - patch
-  - update
-  - delete
 - apiGroups:
   - apps
+  - argoproj.io
   - ""
   - apps.openshift.io
   resources:
   - daemonsets
+  - rollouts
   - deployments
   - statefulsets
   - pods
@@ -46,21 +25,44 @@ rules:
   - patch
 - apiGroups:
   - agents.contrastsecurity.com
+  - dynatrace.com
   resources:
-  - agentinjectors
+  - clusteragentconfigurations
+  - dynakubes
+  - clusteragentconnections
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - agents.contrastsecurity.com
+  - ""
+  - coordination.k8s.io
+  resources:
+  - agentconnections
+  - secrets
+  - agentconfigurations
+  - leases
   verbs:
   - '*'
 - apiGroups:
   - agents.contrastsecurity.com
-  - dynatrace.com
   resources:
-  - clusteragentconnections
-  - dynakubes
-  - clusteragentconfigurations
+  - agentinjectors
+  verbs:
+  - '*'
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
   verbs:
+  - create
   - get
   - list
   - watch
+  - patch
+  - update
+  - delete
 - apiGroups:
   - ""
   resources:
@@ -121,4 +123,4 @@ rules:
   verbs:
   - get
   - patch
-  - update
\ No newline at end of file
+  - update