diff --git a/hack/local-development/kubernetes/clusterrole-binding.yaml b/hack/local-development/kubernetes/clusterrole-binding.yaml
index 71240e7..1b46253 100644
--- a/hack/local-development/kubernetes/clusterrole-binding.yaml
+++ b/hack/local-development/kubernetes/clusterrole-binding.yaml
@@ -4,13 +4,13 @@ apiVersion: rbac.authorization.k8s.io/v1
 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
 kind: RoleBinding
 metadata:
-  name: garm-server
+  name: garm-provider-k8s
   namespace: runner
 subjects:
   - kind: ServiceAccount
     namespace: garm-server
     name: garm-server
 roleRef:
-  kind: Role
-  name: garm-server
+  kind: ClusterRole
+  name: garm-provider-k8s
   apiGroup: rbac.authorization.k8s.io
diff --git a/hack/local-development/kubernetes/clusterrole.yaml b/hack/local-development/kubernetes/clusterrole.yaml
index 1764139..c2ad4b4 100644
--- a/hack/local-development/kubernetes/clusterrole.yaml
+++ b/hack/local-development/kubernetes/clusterrole.yaml
@@ -1,11 +1,11 @@
-# SPDX-License-Identifier: MIT
-
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
-  name: garm-server
-  namespace: runner
+  name: garm-provider-k8s
 rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]