diff --git a/charts/openstack-hypervisor-operator/templates/deployment.yaml b/charts/openstack-hypervisor-operator/templates/deployment.yaml
index 07c0178..afabbe8 100644
--- a/charts/openstack-hypervisor-operator/templates/deployment.yaml
+++ b/charts/openstack-hypervisor-operator/templates/deployment.yaml
@@ -39,6 +39,8 @@ spec:
             secretKeyRef:
               key: SERVICE_PASSWORD
               name: {{ include "openstack-hypervisor-operator.fullname" . }}-secret
+        - name: LABEL_SELECTOR
+          value: {{ quote .Values.controllerManager.manager.env.labelSelector }}
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ quote .Values.kubernetesClusterDomain }}
         image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
diff --git a/charts/openstack-hypervisor-operator/values.yaml b/charts/openstack-hypervisor-operator/values.yaml
index 00a8245..5dfedaf 100644
--- a/charts/openstack-hypervisor-operator/values.yaml
+++ b/charts/openstack-hypervisor-operator/values.yaml
@@ -4,12 +4,14 @@ controllerManager:
     - --metrics-bind-address=:8443
     - --leader-elect
     - --health-probe-bind-address=:8081
+    - --label-selector=${LABEL_SELECTOR}
     containerSecurityContext:
       allowPrivilegeEscalation: false
       capabilities:
         drop:
         - ALL
     env:
+      labelSelector: ""
       osAuthUrl: ""
       osProjectDomainName: ""
       osProjectName: ""
diff --git a/cmd/main.go b/cmd/main.go
index aa8d6e3..45fdcb9 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -18,6 +18,7 @@ limitations under the License.
 package main
 
 import (
+	"crypto/sha256"
 	"crypto/tls"
 	"flag"
 	"fmt"
@@ -162,6 +163,7 @@ func main() {
 		bininfo.Component(), bininfo.VersionOr("devel"), gruntime.GOOS, gruntime.GOARCH,
 		bininfo.CommitOr("edge"))
 
+	leaderElectionID := "4c28796a.cloud.sap"
 	var cacheOptions cache.Options
 	if global.LabelSelector != "" {
 		setupLog.Info("setting up cache with label selector", "selector", global.LabelSelector)
@@ -182,6 +184,10 @@ func main() {
 				},
 			},
 		}
+
+		h := sha256.New()
+		h.Write([]byte(global.LabelSelector))
+		leaderElectionID = fmt.Sprintf("%x.cloud.sap", h.Sum(nil))
 	}
 
 	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
@@ -190,7 +196,7 @@ func main() {
 		WebhookServer:          webhookServer,
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
-		LeaderElectionID:       "4c28796a.cloud.sap",
+		LeaderElectionID:       leaderElectionID,
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the
 		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 493bfe8..e20ce8d 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -61,6 +61,7 @@ spec:
       - args:
           - --leader-elect
           - --health-probe-bind-address=:8081
+          - --label-selector=${LABEL_SELECTOR}
         env:
           - name: OS_AUTH_URL
           - name: OS_PROJECT_DOMAIN_NAME
@@ -73,6 +74,7 @@ spec:
               secretKeyRef:
                 name: secret
                 key: SERVICE_PASSWORD
+          - name: LABEL_SELECTOR
         image: keppel.eu-de-1.cloud.sap/ccloud/openstack-hypervisor-operator:latest
         name: manager
         securityContext: