From 9ef758b1f044db4e02d05cbae1b160d91e81d598 Mon Sep 17 00:00:00 2001
From: Lior Okman <lior.okman@sap.com>
Date: Mon, 9 Dec 2024 20:26:45 +0200
Subject: [PATCH] fix: Fix example documentation to include all the expected
 privileges for extension server policies (#4879)

* Updated the documentation to also create a role and binding for updating
the status section of the policy.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Removed an unneeded space

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Make 'make gen-check' happy.

Signed-off-by: Lior Okman <lior.okman@sap.com>

* Update the correct copy of the document.

Signed-off-by: Lior Okman <lior.okman@sap.com>

---------

Signed-off-by: Lior Okman <lior.okman@sap.com>
---
 .../en/latest/tasks/extensibility/extension-server.md     | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/site/content/en/latest/tasks/extensibility/extension-server.md b/site/content/en/latest/tasks/extensibility/extension-server.md
index 6d16013d410..e1d6b471c11 100644
--- a/site/content/en/latest/tasks/extensibility/extension-server.md
+++ b/site/content/en/latest/tasks/extensibility/extension-server.md
@@ -88,6 +88,10 @@ image name and tag.
 * Grant Envoy Gateway's `ServiceAccount` permission to access the extension server's CRD
 
   ```shell
+  kubectl create clusterrole listener-context-example-status-update \
+             --verb=update  \
+             --resource=ListenerContextExample/status
+
   kubectl create clusterrole listener-context-example-viewer \
              --verb=get,list,watch  \
              --resource=ListenerContextExample
@@ -95,6 +99,10 @@ image name and tag.
   kubectl create clusterrolebinding envoy-gateway-listener-context \
              --clusterrole=listener-context-example-viewer \
              --serviceaccount=envoy-gateway-system:envoy-gateway
+
+  kubectl create clusterrolebinding envoy-gateway-listener-context-status \
+             --clusterrole=listener-context-example-status-update \
+             --serviceaccount=envoy-gateway-system:envoy-gateway
   ```
 
 * Configure Envoy Gateway to use the Extension Server