fix: Fix example documentation to include all the expected privileges…

… for extension server policies (envoyproxy#4879) * Updated the documentation to also create a role and binding for updating the status section of the policy. Signed-off-by: Lior Okman <[email protected]> * Removed an unneeded space Signed-off-by: Lior Okman <[email protected]> * Make 'make gen-check' happy. Signed-off-by: Lior Okman <[email protected]> * Update the correct copy of the document. Signed-off-by: Lior Okman <[email protected]> --------- Signed-off-by: Lior Okman <[email protected]>
zhaohuabing · Dec 9, 2024 · 9ef758b · 9ef758b
1 parent 337e5ac
commit 9ef758b
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/site/content/en/latest/tasks/extensibility/extension-server.md b/site/content/en/latest/tasks/extensibility/extension-server.md
@@ -88,13 +88,21 @@ image name and tag.
 * Grant Envoy Gateway's `ServiceAccount` permission to access the extension server's CRD
 
   ```shell
+  kubectl create clusterrole listener-context-example-status-update \
+             --verb=update  \
+             --resource=ListenerContextExample/status
+
   kubectl create clusterrole listener-context-example-viewer \
              --verb=get,list,watch  \
              --resource=ListenerContextExample
 
   kubectl create clusterrolebinding envoy-gateway-listener-context \
              --clusterrole=listener-context-example-viewer \
              --serviceaccount=envoy-gateway-system:envoy-gateway
+
+  kubectl create clusterrolebinding envoy-gateway-listener-context-status \
+             --clusterrole=listener-context-example-status-update \
+             --serviceaccount=envoy-gateway-system:envoy-gateway
   ```
 
 * Configure Envoy Gateway to use the Extension Server