diff --git a/manifests/klusterlet/klusterlet-work-clusterrole.yaml b/manifests/klusterlet/klusterlet-work-clusterrole.yaml
index 451ecaa12..2f759fbd0 100644
--- a/manifests/klusterlet/klusterlet-work-clusterrole.yaml
+++ b/manifests/klusterlet/klusterlet-work-clusterrole.yaml
@@ -8,10 +8,10 @@ rules:
 - apiGroups: ["apiextensions.k8s.io"]
   resources: ["customresourcedefinitions"]
   verbs: ["get", "list", "watch", "create", "delete", "update"]
-# Allow agent to create/delete namespaces, get/list are contained in admin role already
+# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
 - apiGroups: [""]
   resources: ["namespaces"]
-  verbs: ["create", "delete"]
+  verbs: ["create", "update", "patch", "delete"]
 # Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["clusterrolebindings", "rolebindings"]
diff --git a/pkg/operators/klusterlet/bindata/bindata.go b/pkg/operators/klusterlet/bindata/bindata.go
index 06b27546f..9b73ebf9d 100644
--- a/pkg/operators/klusterlet/bindata/bindata.go
+++ b/pkg/operators/klusterlet/bindata/bindata.go
@@ -728,10 +728,10 @@ rules:
 - apiGroups: ["apiextensions.k8s.io"]
   resources: ["customresourcedefinitions"]
   verbs: ["get", "list", "watch", "create", "delete", "update"]
-# Allow agent to create/delete namespaces, get/list are contained in admin role already
+# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
 - apiGroups: [""]
   resources: ["namespaces"]
-  verbs: ["create", "delete"]
+  verbs: ["create", "update", "patch", "delete"]
 # Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["clusterrolebindings", "rolebindings"]