diff --git a/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml b/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
index 9fbd2dd63a..a218e208fa 100644
--- a/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
+++ b/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
@@ -248,6 +248,7 @@ spec:
           resources:
           - pods
           verbs:
+          - delete
           - get
           - list
           - watch
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index b50c14d7c3..9b7b4485b0 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -46,6 +46,7 @@ rules:
   resources:
   - pods
   verbs:
+  - delete
   - get
   - list
   - watch
diff --git a/controllers/seedgen_controller.go b/controllers/seedgen_controller.go
index 2e7ada4c2f..fb24cbcc98 100644
--- a/controllers/seedgen_controller.go
+++ b/controllers/seedgen_controller.go
@@ -119,7 +119,7 @@ var phases = struct {
 //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch;delete
-//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch
+//+kubebuilder:rbac:groups="",resources=pods,verbs=delete;get;list;watch
 //+kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=delete
@@ -279,6 +279,22 @@ func (r *SeedGeneratorReconciler) cleanupOldRenderedMachineConfigs(ctx context.C
 	return nil
 }
 
+func (r *SeedGeneratorReconciler) deletePodsWithPhase(ctx context.Context, phase corev1.PodPhase) error {
+	podList := &corev1.PodList{}
+	if err := r.List(ctx, podList); err != nil {
+		return fmt.Errorf("failed to list pods: %w", err)
+	}
+	for i := range podList.Items {
+		if podList.Items[i].Status.Phase != phase {
+			continue
+		}
+		if err := r.Delete(ctx, &podList.Items[i]); err != nil {
+			return fmt.Errorf("failed to delete pod %s/%s: %w", podList.Items[i].Namespace, podList.Items[i].Name, err)
+		}
+	}
+	return nil
+}
+
 // Clean up ACM and other resources on the cluster
 func (r *SeedGeneratorReconciler) cleanupClusterResources(ctx context.Context) error {
 	// Ensure that the dependent resources are deleted
@@ -819,15 +835,13 @@ func (r *SeedGeneratorReconciler) generateSeedImage(ctx context.Context, seedgen
 		return
 	}
 
-	// TODO: Can this be done cleanly via client? The client.DeleteAllOf seems to require a specified namespace, so maybe loop over the namespaces
 	r.Log.Info("Cleaning completed and failed pods")
-	kubeconfigArg := fmt.Sprintf("--kubeconfig=%s", common.KubeconfigFile)
-	if _, err := r.Executor.Execute("oc", "delete", "pod", kubeconfigArg, "--field-selector=status.phase==Succeeded", "--all-namespaces"); err != nil {
+	if err := r.deletePodsWithPhase(ctx, corev1.PodSucceeded); err != nil {
 		rc = fmt.Errorf("failed to cleanup Succeeded pods: %w", err)
 		setSeedGenStatusFailed(seedgen, rc.Error())
 		return
 	}
-	if _, err := r.Executor.Execute("oc", "delete", "pod", kubeconfigArg, "--field-selector=status.phase==Failed", "--all-namespaces"); err != nil {
+	if err := r.deletePodsWithPhase(ctx, corev1.PodFailed); err != nil {
 		rc = fmt.Errorf("failed to cleanup Failed pods: %w", err)
 		setSeedGenStatusFailed(seedgen, rc.Error())
 		return