diff --git a/cmd/fpga_admissionwebhook/main.go b/cmd/fpga_admissionwebhook/main.go
index f56cd4ad..d6303c98 100644
--- a/cmd/fpga_admissionwebhook/main.go
+++ b/cmd/fpga_admissionwebhook/main.go
@@ -43,12 +43,10 @@ func init() {
 
 func main() {
 	var (
-		metricsAddr          string
 		enableLeaderElection bool
 	)
 
-	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
+	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.Parse()
@@ -62,7 +60,7 @@ func main() {
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:             scheme,
-		MetricsBindAddress: metricsAddr,
+		MetricsBindAddress: "0",
 		Logger:             ctrl.Log.WithName("FpgaAdmissionWebhook"),
 		WebhookServer:      webHook,
 		LeaderElection:     enableLeaderElection,
diff --git a/cmd/operator/README.md b/cmd/operator/README.md
index 7fee8097..d4f2214b 100644
--- a/cmd/operator/README.md
+++ b/cmd/operator/README.md
@@ -164,7 +164,7 @@ No upgrade is done for:
 ## Known issues
 
 When the operator is run with leader election enabled, that is with the option
-`--enable-leader-election`, make sure the cluster is not overloaded with excessive
+`--leader-elect`, make sure the cluster is not overloaded with excessive
 number of pods. Otherwise a heart beat used by the leader election code may trigger
 a timeout and crash. We are going to use different clients for the controller and
 leader election code to alleviate the issue. See more details in
diff --git a/cmd/sgx_admissionwebhook/main.go b/cmd/sgx_admissionwebhook/main.go
index 424f0a76..c7399750 100644
--- a/cmd/sgx_admissionwebhook/main.go
+++ b/cmd/sgx_admissionwebhook/main.go
@@ -15,7 +15,6 @@
 package main
 
 import (
-	"flag"
 	"os"
 
 	sgxwebhook "github.com/intel/intel-device-plugins-for-kubernetes/pkg/webhooks/sgx"
@@ -36,17 +35,6 @@ func init() {
 }
 
 func main() {
-	var (
-		metricsAddr          string
-		enableLeaderElection bool
-	)
-
-	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
-		"Enable leader election for controller manager. "+
-			"Enabling this will ensure there is only one active controller manager.")
-	flag.Parse()
-
 	ctrl.SetLogger(klogr.New())
 
 	webHook := &webhook.Server{
@@ -56,11 +44,9 @@ func main() {
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:             scheme,
-		MetricsBindAddress: metricsAddr,
+		MetricsBindAddress: "0",
 		Logger:             ctrl.Log.WithName("SgxAdmissionWebhook"),
 		WebhookServer:      webHook,
-		LeaderElection:     enableLeaderElection,
-		LeaderElectionID:   "a9b71ad3.intel.com",
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
diff --git a/deployments/fpga_admissionwebhook/rbac/kustomization.yaml b/deployments/fpga_admissionwebhook/rbac/kustomization.yaml
index b228b96d..c887f9f6 100644
--- a/deployments/fpga_admissionwebhook/rbac/kustomization.yaml
+++ b/deployments/fpga_admissionwebhook/rbac/kustomization.yaml
@@ -1,3 +1,5 @@
 resources:
 - role.yaml
 - role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
diff --git a/deployments/fpga_admissionwebhook/rbac/leader_election_role.yaml b/deployments/fpga_admissionwebhook/rbac/leader_election_role.yaml
new file mode 100644
index 00000000..eaa79158
--- /dev/null
+++ b/deployments/fpga_admissionwebhook/rbac/leader_election_role.yaml
@@ -0,0 +1,32 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
diff --git a/deployments/fpga_admissionwebhook/rbac/leader_election_role_binding.yaml b/deployments/fpga_admissionwebhook/rbac/leader_election_role_binding.yaml
new file mode 100644
index 00000000..eed16906
--- /dev/null
+++ b/deployments/fpga_admissionwebhook/rbac/leader_election_role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: system