diff --git a/pkg/cmd/server/bootstrappolicy/policy.go b/pkg/cmd/server/bootstrappolicy/policy.go
index ae060ef1f600..0cdfe37517ab 100644
--- a/pkg/cmd/server/bootstrappolicy/policy.go
+++ b/pkg/cmd/server/bootstrappolicy/policy.go
@@ -151,7 +151,12 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
 				{
 					APIGroups: []string{extensions.GroupName},
 					Verbs:     sets.NewString("get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"),
-					Resources: sets.NewString("daemonsets", "jobs", "horizontalpodautoscalers", "replicationcontrollers/scale"),
+					Resources: sets.NewString("jobs", "horizontalpodautoscalers", "replicationcontrollers/scale"),
+				},
+				{
+					APIGroups: []string{extensions.GroupName},
+					Verbs:     sets.NewString("get", "list", "watch"),
+					Resources: sets.NewString("daemonsets"),
 				},
 				{
 					Verbs:     sets.NewString("get", "list", "watch"),
@@ -210,7 +215,12 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
 				{
 					APIGroups: []string{extensions.GroupName},
 					Verbs:     sets.NewString("get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"),
-					Resources: sets.NewString("daemonsets", "jobs", "horizontalpodautoscalers", "replicationcontrollers/scale"),
+					Resources: sets.NewString("jobs", "horizontalpodautoscalers", "replicationcontrollers/scale"),
+				},
+				{
+					APIGroups: []string{extensions.GroupName},
+					Verbs:     sets.NewString("get", "list", "watch"),
+					Resources: sets.NewString("daemonsets"),
 				},
 				{
 					Verbs:     sets.NewString("get", "list", "watch"),
diff --git a/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml b/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
index 071f1640c192..8bafebf10885 100644
--- a/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
+++ b/test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
@@ -271,7 +271,6 @@ items:
     - extensions
     attributeRestrictions: null
     resources:
-    - daemonsets
     - horizontalpodautoscalers
     - jobs
     - replicationcontrollers/scale
@@ -284,6 +283,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups: null
     attributeRestrictions: null
     resources:
@@ -436,7 +444,6 @@ items:
     - extensions
     attributeRestrictions: null
     resources:
-    - daemonsets
     - horizontalpodautoscalers
     - jobs
     - replicationcontrollers/scale
@@ -449,6 +456,15 @@ items:
     - patch
     - update
     - watch
+  - apiGroups:
+    - extensions
+    attributeRestrictions: null
+    resources:
+    - daemonsets
+    verbs:
+    - get
+    - list
+    - watch
   - apiGroups: null
     attributeRestrictions: null
     resources: