diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index d8af6b4..2a81e37 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -71,7 +71,7 @@ rules:
 ## Extra rules used by the controller manager
 ##
 - apiGroups: ["networking.k8s.io"]
-  resources: ["networkpolicies", "ingressclasses"]
+  resources: ["networkpolicies"]
   verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
 - apiGroups: [""]
   resources: ["limitranges", "resourcequotas"]
@@ -80,4 +80,56 @@ rules:
   resources: ["clusterroles", "clusterrolebindings"]
   verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
 
+##
+## Rules from vCluster OSS (helm-charts/vcluster/templates/rbac/clusterrole.yaml)
+##
+- apiGroups: [""]
+  resources: ["nodes", "nodes/status"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: [ "pods", "nodes/metrics", "nodes/stats"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["nodes/proxy"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["nodes", "nodes/status"]
+  verbs: ["update", "patch"]
+- apiGroups: [""]
+  resources: ["persistentvolumes"]
+  verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses","csinodes","csidrivers","csistoragecapacities"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingressclasses"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses"]
+  verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["storageclasses"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["scheduling.k8s.io"]
+  resources: ["priorityclasses"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotclasses"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshotcontents"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["serviceaccounts"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["nodes"]
+  verbs: ["get", "list"]
+
 #+kubebuilder:scaffold:rules
diff --git a/deploy/manifests.yaml b/deploy/manifests.yaml
index 6a4fd7e..ec2b83c 100644
--- a/deploy/manifests.yaml
+++ b/deploy/manifests.yaml
@@ -175,7 +175,6 @@ rules:
   - networking.k8s.io
   resources:
   - networkpolicies
-  - ingressclasses
   verbs:
   - create
   - delete
@@ -210,6 +209,163 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - nodes/status
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes/metrics
+  - nodes/stats
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - nodes/proxy
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - nodes/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - watch
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - csinodes
+  - csidrivers
+  - csistoragecapacities
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - watch
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - scheduling.k8s.io
+  resources:
+  - priorityclasses
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshotcontents
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - patch
+  - update
+  - get
+  - list
+  - watch
+- apiGroups:
+  - metrics.k8s.io
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole