From 153543263ca1ed7c99311e5470665a83ecef82fc Mon Sep 17 00:00:00 2001
From: Dan Winship <danwinship@redhat.com>
Date: Tue, 11 Feb 2025 16:40:25 -0500
Subject: [PATCH] Fix some confused cloud-controller documentation

---
 .../concepts/architecture/cloud-controller.md | 25 ++++++-------------
 1 file changed, 8 insertions(+), 17 deletions(-)

diff --git a/content/en/docs/concepts/architecture/cloud-controller.md b/content/en/docs/concepts/architecture/cloud-controller.md
index 03fbd4a855..9be4ab07f2 100644
--- a/content/en/docs/concepts/architecture/cloud-controller.md
+++ b/content/en/docs/concepts/architecture/cloud-controller.md
@@ -106,14 +106,10 @@ routes appropriately. It requires Get access to Node objects.
 ### Service controller {#authorization-service-controller}
 
 The service controller watches for Service object **create**, **update** and **delete** events and then
-configures Endpoints for those Services appropriately (for EndpointSlices, the
-kube-controller-manager manages these on demand).
+configures load balancers for those Services appropriately.
 
 To access Services, it requires **list**, and **watch** access. To update Services, it requires
-**patch** and **update** access.
-
-To set up Endpoints resources for the Services, it requires access to **create**, **list**,
-**get**, **watch**, and **update**.
+**patch** and **update** access to the `status` subresource.
 
 `v1/Service`:
 
@@ -173,9 +169,14 @@ rules:
   - services
   verbs:
   - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/status
+  verbs:
   - patch
   - update
-  - watch
 - apiGroups:
   - ""
   resources:
@@ -191,16 +192,6 @@ rules:
   - list
   - update
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
 ```