diff --git a/deploy/chart/templates/clusterrole.yaml b/deploy/chart/templates/clusterrole.yaml
index 7130045f..a58a2049 100644
--- a/deploy/chart/templates/clusterrole.yaml
+++ b/deploy/chart/templates/clusterrole.yaml
@@ -93,4 +93,17 @@ rules:
       - watch
       - update
       - patch
+  - apiGroups:
+      - metallb.io
+    resources:
+      - ipaddresspools
+      - bgppeers
+      - bgpadvertisements
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - patch
+      - delete
 {{- end }}
diff --git a/deploy/template/deployment.yaml b/deploy/template/deployment.yaml
index 8359e5cd..db5f6a1e 100644
--- a/deploy/template/deployment.yaml
+++ b/deploy/template/deployment.yaml
@@ -150,7 +150,7 @@ rules:
   - update
   - watch
 - apiGroups:
-  # reason: so ccm can read and update configmap/metallb-system:config
+  # reason: so ccm can read and update configmap for MetalLB <= 0.12.1
   - ""
   resources:
   - configmaps
@@ -185,6 +185,20 @@ rules:
   - watch
   - update
   - patch
+- apiGroups:
+  # reason: so ccm can manage CRDs for MetalLB v0.13.2+
+  - metallb.io
+  resources:
+  - ipaddresspools
+  - bgppeers
+  - bgpadvertisements
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - patch
+  - delete
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1