diff --git a/deploy/kubernetes/dev/setup-cluster.yaml b/deploy/kubernetes/dev/setup-cluster.yaml
index 24ae7f154..5f58f5453 100644
--- a/deploy/kubernetes/dev/setup-cluster.yaml
+++ b/deploy/kubernetes/dev/setup-cluster.yaml
@@ -67,4 +67,29 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: system:csi-external-provisioner
-  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
+  apiGroup: rbac.authorization.k8s.io
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-csi-external-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-csi-external-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: csi-controller-sa
+    namespace: default
+roleRef:
+  kind: Role
+  name: leader-locking-csi-external-provisioner
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/kubernetes/stable/setup-cluster.yaml b/deploy/kubernetes/stable/setup-cluster.yaml
index 24ae7f154..bc59e7a6b 100644
--- a/deploy/kubernetes/stable/setup-cluster.yaml
+++ b/deploy/kubernetes/stable/setup-cluster.yaml
@@ -67,4 +67,30 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: system:csi-external-provisioner
-  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-csi-external-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-csi-external-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: csi-controller-sa
+    namespace: default
+roleRef:
+  kind: Role
+  name: leader-locking-csi-external-provisioner
+  apiGroup: rbac.authorization.k8s.io