diff --git a/bootstrap/system-upgrades/clusterrole.yaml b/bootstrap/system-upgrades/clusterrole.yaml
index 627abc1a88c1e587886465df3ff5b1111a9aa8ff..4c81428246001e9ba9d250fcf9c72c964e768963 100644
--- a/bootstrap/system-upgrades/clusterrole.yaml
+++ b/bootstrap/system-upgrades/clusterrole.yaml
@@ -68,22 +68,35 @@ metadata:
   name: system-upgrade-controller-drainer
 rules:
   # Needed to evict pods
-  - apiGroups: [""]
-    resources: ["pods/eviction"]
-    verbs: ["create"]
+  - apiGroups:
+      - ""
+    resources:
+      - "pods/eviction"
+    verbs:
+      - "create"
   # Needed to list pods by Node
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - "pods"
+    verbs:
+      - "get"
+      - "list"
   # Needed to cordon Nodes
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "patch"]
+  - apiGroups:
+      - ""
+    resources:
+      - "nodes"
+    verbs:
+      - "get"
+      - "patch"
   # Needed to determine Pod owners
-  - apiGroups: ["apps"]
-    resources: ["statefulsets"]
-    verbs: ["get", "list"]
-  # Needed to determine Pod owners
-  - apiGroups: ["extensions"]
-    resources: ["daemonsets", "replicasets"]
-    verbs: ["get", "list"]
+  - apiGroups:
+      - "apps"
+    resources:
+      - "statefulsets"
+      - "daemonsets"
+      - "replicasets"
+    verbs:
+      - "get"
+      - "list"