diff --git a/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml
index 2100728f..9c3850b7 100644
--- a/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml
+++ b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml
@@ -6,6 +6,15 @@ rules:
   - apiGroups: [""]
     resources: ["secrets"]
     verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
@@ -39,3 +48,18 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshotcontents/status"]
     verbs: ["update", "patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
diff --git a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
index e57fe9f6..deba2ba5 100644
--- a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
+++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml
@@ -54,9 +54,12 @@ rules:
   - apiGroups: [""]
     resources: ["serviceaccounts/token"]
     verbs: ["create"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotclasses"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents/status"]
+    verbs: ["update", "patch"]
diff --git a/deploy/all-in-one/install.yaml b/deploy/all-in-one/install.yaml
index 0e58d129..aa81e3e3 100644
--- a/deploy/all-in-one/install.yaml
+++ b/deploy/all-in-one/install.yaml
@@ -14135,6 +14135,28 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -14228,6 +14250,43 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -14947,21 +15006,30 @@ rules:
   verbs:
   - create
 - apiGroups:
-  - ""
+  - groupsnapshot.storage.k8s.io
   resources:
-  - nodes
+  - volumegroupsnapshotclasses
   verbs:
   - get
   - list
-  - watch"
+  - watch
 - apiGroups:
-  - storage.k8s.io
+  - groupsnapshot.storage.k8s.io
   resources:
-  - csinodes
+  - volumegroupsnapshotcontents
   verbs:
   - get
   - list
   - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/deploy/multifile/csi-rbac.yaml b/deploy/multifile/csi-rbac.yaml
index 264c13dd..bbe62d35 100644
--- a/deploy/multifile/csi-rbac.yaml
+++ b/deploy/multifile/csi-rbac.yaml
@@ -107,6 +107,28 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - csinodes
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -200,6 +222,43 @@ rules:
   verbs:
   - update
   - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -523,21 +582,30 @@ rules:
   verbs:
   - create
 - apiGroups:
-  - ""
+  - groupsnapshot.storage.k8s.io
   resources:
-  - nodes
+  - volumegroupsnapshotclasses
   verbs:
   - get
   - list
-  - watch"
+  - watch
 - apiGroups:
-  - storage.k8s.io
+  - groupsnapshot.storage.k8s.io
   resources:
-  - csinodes
+  - volumegroupsnapshotcontents
   verbs:
   - get
   - list
   - watch
+  - update
+  - patch
+- apiGroups:
+  - groupsnapshot.storage.k8s.io
+  resources:
+  - volumegroupsnapshotcontents/status
+  verbs:
+  - update
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/internal/controller/defaults.go b/internal/controller/defaults.go
index 19ed50a4..2a8e39b7 100644
--- a/internal/controller/defaults.go
+++ b/internal/controller/defaults.go
@@ -32,9 +32,9 @@ var imageDefaults = map[string]string{
 	"attacher":    "registry.k8s.io/sig-storage/csi-attacher:v4.6.1",
 	"resizer":     "registry.k8s.io/sig-storage/csi-resizer:v1.11.1",
 	"snapshotter": "registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1",
-	"registrar":   "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1",
-	"plugin":      "quay.io/cephcsi/cephcsi:v3.11.0",
-	"addons":      "quay.io/csiaddons/k8s-sidecar:v0.8.0",
+	"registrar":   "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1",
+	"plugin":      "quay.io/cephcsi/cephcsi:v3.12.2",
+	"addons":      "quay.io/csiaddons/k8s-sidecar:v0.10.0",
 }
 
 const (