diff --git a/charts/argo-rollouts/Chart.yaml b/charts/argo-rollouts/Chart.yaml
index 6a0841b3..1e0976fd 100644
--- a/charts/argo-rollouts/Chart.yaml
+++ b/charts/argo-rollouts/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "v1.1.0"
 description: A Helm chart for Argo Rollouts
 name: argo-rollouts
-version: 2.4.0
+version: 2.5.0
 icon: https://argoproj.github.io/argo-rollouts/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 maintainers:
@@ -11,4 +11,4 @@ maintainers:
   - name: jessesuen
 annotations:
   artifacthub.io/changes: |
-    - "[Added]: Support for extraContainers for controller deployment"
+    - "[Added]: Updated ClusterRole with new rules"
diff --git a/charts/argo-rollouts/templates/controller/clusterrole.yaml b/charts/argo-rollouts/templates/controller/clusterrole.yaml
index fdd0f2b0..18318e44 100644
--- a/charts/argo-rollouts/templates/controller/clusterrole.yaml
+++ b/charts/argo-rollouts/templates/controller/clusterrole.yaml
@@ -56,6 +56,7 @@ rules:
   - update
   - patch
   - delete
+# deployments and podtemplates read access needed for workload reference support
 - apiGroups:
   - ""
   - apps
@@ -67,6 +68,7 @@ rules:
   - list
   - watch
 # services patch needed to update selector of canary/stable/active/preview services
+# services create needed to create services for experiments
 - apiGroups:
   - ""
   resources:
@@ -76,8 +78,17 @@ rules:
   - list
   - watch
   - patch
+  - create
+# leases create/get/update needed for leader election
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - update
 # secret read access to run analysis templates which reference secrets
-# configmap access to read notification-engine configuration
 - apiGroups:
   - ""
   resources:
@@ -136,7 +147,7 @@ rules:
   - update
   - patch
   - delete
-# virtualservice access needed for using the Istio provider
+# virtualservice/destinationrule access needed for using the Istio provider
 - apiGroups:
   - networking.istio.io
   resources:
@@ -159,10 +170,13 @@ rules:
   - get
   - update
   - patch
+# ambassador access needed for Ambassador provider
 - apiGroups:
   - getambassador.io
+  - x.getambassador.io
   resources:
   - mappings
+  - ambassadormappings
   verbs:
   - create
   - watch
@@ -170,4 +184,18 @@ rules:
   - update
   - list
   - delete
+# Endpoints and TargetGroupBindings needed for ALB target group verification
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+- apiGroups:
+  - elbv2.k8s.aws
+  resources:
+  - targetgroupbindings
+  verbs:
+  - list
+  - get
 {{- end }}