diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 4a52c079..4cfd5180 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -122,6 +122,14 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - k8s.cni.cncf.io
+  resources:
+  - network-attachment-definitions
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - memcached.openstack.org
   resources:
diff --git a/controllers/instanceha/instanceha_controller.go b/controllers/instanceha/instanceha_controller.go
index 13b18437..323f545d 100644
--- a/controllers/instanceha/instanceha_controller.go
+++ b/controllers/instanceha/instanceha_controller.go
@@ -78,6 +78,7 @@ func (r *Reconciler) GetLogger(ctx context.Context) logr.Logger {
 // +kubebuilder:rbac:groups=instanceha.openstack.org,resources=instancehas/finalizers,verbs=update;patch
 // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;
 // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;
+// +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch
 // service account, role, rolebinding
 // +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update;patch
 // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=get;list;watch;create;update;patch
diff --git a/main.go b/main.go
index ed42e9bd..79de7b84 100644
--- a/main.go
+++ b/main.go
@@ -41,6 +41,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 
+	k8s_networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
 	instancehav1 "github.com/openstack-k8s-operators/infra-operator/apis/instanceha/v1beta1"
 	memcachedv1 "github.com/openstack-k8s-operators/infra-operator/apis/memcached/v1beta1"
 	networkv1 "github.com/openstack-k8s-operators/infra-operator/apis/network/v1beta1"
@@ -68,6 +69,7 @@ func init() {
 	utilruntime.Must(instancehav1.AddToScheme(scheme))
 	utilruntime.Must(redisv1.AddToScheme(scheme))
 	utilruntime.Must(networkv1.AddToScheme(scheme))
+	utilruntime.Must(k8s_networkv1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }