diff --git a/deploy/chart/local-path-provisioner/templates/clusterrole.yaml b/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
index a9fd1c675e2aa4fa4a8a0548b79ddbf1f321195f..7f58506a4569d8384cde052c2128f4a05367c231 100644
--- a/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
+++ b/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
@@ -6,16 +6,19 @@ metadata:
   labels:
 {{ include "local-path-provisioner.labels" . | indent 4 }}
 rules:
-- apiGroups: [""]
-  resources: ["nodes", "persistentvolumeclaims", "configmaps"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["endpoints", "persistentvolumes", "pods"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["events"]
-  verbs: ["create", "patch"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes", "persistentvolumeclaims", "configmaps"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [""]
+    resources: ["endpoints", "persistentvolumes"]
+    verbs: ["*"]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "create", "patch" ]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
 {{- end -}}
diff --git a/deploy/chart/local-path-provisioner/templates/role.yaml b/deploy/chart/local-path-provisioner/templates/role.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9562816b1d7d819fec275d38756cac575e9485f5
--- /dev/null
+++ b/deploy/chart/local-path-provisioner/templates/role.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "local-path-provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "local-path-provisioner.labels" . | indent 4 }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+{{- end -}}
diff --git a/deploy/chart/local-path-provisioner/templates/rolebinding.yaml b/deploy/chart/local-path-provisioner/templates/rolebinding.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..53295c31ae6ef3eda4130a4c140163fdf025832a
--- /dev/null
+++ b/deploy/chart/local-path-provisioner/templates/rolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "local-path-provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "local-path-provisioner.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "local-path-provisioner.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "local-path-provisioner.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/deploy/local-path-storage.yaml b/deploy/local-path-storage.yaml
index 2130dfea260e5a8db491a504f3d2545627b6870d..81864f05f1f31fad6ae7d2d20cf095f817edd50e 100644
--- a/deploy/local-path-storage.yaml
+++ b/deploy/local-path-storage.yaml
@@ -10,6 +10,17 @@ metadata:
   name: local-path-provisioner-service-account
   namespace: local-path-storage
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: local-path-provisioner-role
+  namespace: local-path-storage
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -20,7 +31,10 @@ rules:
     resources: [ "nodes", "persistentvolumeclaims", "configmaps" ]
     verbs: [ "get", "list", "watch" ]
   - apiGroups: [ "" ]
-    resources: [ "endpoints", "persistentvolumes", "pods" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "endpoints", "persistentvolumes" ]
     verbs: [ "*" ]
   - apiGroups: [ "" ]
     resources: [ "events" ]
@@ -29,6 +43,21 @@ rules:
     resources: [ "storageclasses" ]
     verbs: [ "get", "list", "watch" ]
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: local-path-provisioner-bind
+  namespace: local-path-storage
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: local-path-provisioner-role
+subjects:
+  - kind: ServiceAccount
+    name: local-path-provisioner-service-account
+    namespace: local-path-storage
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/examples/quota/local-path-storage.yaml b/examples/quota/local-path-storage.yaml
index 9edb948e05683fa5f99909939d9e98eb2df2bf34..e489eca75dae79f181d6cf15fd43158faecc8a1a 100644
--- a/examples/quota/local-path-storage.yaml
+++ b/examples/quota/local-path-storage.yaml
@@ -10,6 +10,17 @@ metadata:
   name: local-path-provisioner-service-account
   namespace: local-path-storage
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: local-path-provisioner-role
+  namespace: local-path-storage
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -20,7 +31,10 @@ rules:
     resources: [ "nodes", "persistentvolumeclaims", "configmaps" ]
     verbs: [ "get", "list", "watch" ]
   - apiGroups: [ "" ]
-    resources: [ "endpoints", "persistentvolumes", "pods" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "endpoints", "persistentvolumes" ]
     verbs: [ "*" ]
   - apiGroups: [ "" ]
     resources: [ "events" ]
@@ -29,6 +43,21 @@ rules:
     resources: [ "storageclasses" ]
     verbs: [ "get", "list", "watch" ]
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: local-path-provisioner-bind
+  namespace: local-path-storage
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: local-path-provisioner-role
+subjects:
+  - kind: ServiceAccount
+    name: local-path-provisioner-service-account
+    namespace: local-path-storage
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding