diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index f28c1530..711f3c53 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -62,6 +62,7 @@ spec:
           httpGet:
             path: /healthz
             port: healthz
+      serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
       tolerations:
         - effect: NoSchedule
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 3d4af7fb..aafa3081 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -8,5 +8,6 @@ resources:
 # subjects if changing service account names.
 - role.yaml
 - role_binding.yaml
+- service_account.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
index eed16906..1d1321ed 100644
--- a/config/rbac/leader_election_role_binding.yaml
+++ b/config/rbac/leader_election_role_binding.yaml
@@ -8,5 +8,5 @@ roleRef:
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 30280427..a0deb8b4 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -129,3 +129,13 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - elfmachinetemplates
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
index 8f265870..2070ede4 100644
--- a/config/rbac/role_binding.yaml
+++ b/config/rbac/role_binding.yaml
@@ -8,5 +8,5 @@ roleRef:
   name: manager-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system
diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
new file mode 100644
index 00000000..7cd6025b
--- /dev/null
+++ b/config/rbac/service_account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager
+  namespace: system
diff --git a/controllers/elfmachine_controller.go b/controllers/elfmachine_controller.go
index d455f6cf..1ebf7d26 100644
--- a/controllers/elfmachine_controller.go
+++ b/controllers/elfmachine_controller.go
@@ -64,6 +64,7 @@ const failedToUpsertLabelMsg = "failed to upsert label"
 //+kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=elfmachines,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=elfmachines/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=elfmachines/finalizers,verbs=update
+//+kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=elfmachinetemplates,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=*,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machinedeployments,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machinedeployments;machinedeployments/status,verbs=get;list;watch