diff --git a/docs/setups/setup-asm-poco-gke.md b/docs/setups/setup-asm-poco-gke.md
index 2f41fbc..9327990 100644
--- a/docs/setups/setup-asm-poco-gke.md
+++ b/docs/setups/setup-asm-poco-gke.md
@@ -82,25 +82,3 @@ gcloud beta container fleet config-management apply \
     --membership ${CLUSTER_NAME} \
     --config acm-config.yaml
 ```
-
-Since the `RepoSync` reconcilers need additional permissions to create Istio resources, the following `ClusterRole` needs to be applied to the cluster:
-```bash
-cat << EOF | kubectl apply -f -
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-  name: custom:aggregate-to-edit:istio
-rules:
-- apiGroups:
-  - "networking.istio.io"
-  - "security.istio.io"
-  resources:
-  - "virtualservices"
-  - "authorizationpolicies"
-  - "gateways"
-  verbs:
-  - "*"
-EOF
-```