diff --git a/.github/workflows/push-docker-v2-dev.yaml b/.github/workflows/push-docker-v2-dev.yaml
index 84e852fda..8fbbf9b77 100644
--- a/.github/workflows/push-docker-v2-dev.yaml
+++ b/.github/workflows/push-docker-v2-dev.yaml
@@ -6,6 +6,14 @@ on:
     branches:
     - release-v2-dev
   workflow_dispatch:
+    inputs:
+      tag:
+        type: string
+        description: "Image tag manually"
+      adc_version:
+        type: string
+        default: dev
+        description: "adc version"
 jobs:
   docker:
     runs-on: buildjet-2vcpu-ubuntu-2204
@@ -13,32 +21,35 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
       with:
+        ref: ${{ github.ref }}
         submodules: recursive
-
     - name: Setup Go Env
       uses: actions/setup-go@v4
       with:
         go-version: "1.22"
 
-#    - name: Set up QEMU
-#      uses: docker/setup-qemu-action@v3
-#
-#    - name: Set up Docker Buildx
-#      uses: docker/setup-buildx-action@v3
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
 
     - name: Login to Registry
-      uses: docker/login-action@v1
+      uses: docker/login-action@v3
       with:
         registry: ${{ secrets.DOCKER_REGISTRY }}
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
-
-    - name: Build push image
+    -
+      name: Build and push multi-arch image
       env:
-        TAG: dev
         ARCH: amd64
         ENABLE_PROXY: "false"
         BASE_IMAGE_TAG: "debug"
+        TAG: ${{ github.event.inputs.tag || github.ref_name }}dev
+        IMAGE_TAG: ${{ github.event.inputs.tag || github.ref_name }}dev
+        ADC_VERSION: ${{ github.event.inputs.adc_version }}
       run: |
         echo "building images..."
-        make build-push-image
+        make docker-build
+        make docker-push
diff --git a/.github/workflows/push-docker.yaml b/.github/workflows/push-docker.yaml
index 973161622..327c40de4 100644
--- a/.github/workflows/push-docker.yaml
+++ b/.github/workflows/push-docker.yaml
@@ -1,9 +1,9 @@
 name: push on dockerhub
-on: 
+on:
   push:
     tags:
       - '*'
-      
+
 jobs:
   docker:
     runs-on: buildjet-2vcpu-ubuntu-2204
diff --git a/config/rbac/gatewayproxy_editor_role.yaml b/config/rbac/gatewayproxy_editor_role.yaml
deleted file mode 100644
index 7ea08d91a..000000000
--- a/config/rbac/gatewayproxy_editor_role.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-# permissions for end users to edit gatewayproxies.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: gatewayproxy-editor-role
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: apisix-ingress-controller
-    app.kubernetes.io/part-of: apisix-ingress-controller
-    app.kubernetes.io/managed-by: kustomize
-  name: gatewayproxy-editor-role
-rules:
-- apiGroups:
-  - apisix.apache.org
-  resources:
-  - gatewayproxies
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apisix.apache.org
-  resources:
-  - gatewayproxies/status
-  verbs:
-  - get
diff --git a/config/rbac/gatewayproxy_viewer_role.yaml b/config/rbac/gatewayproxy_viewer_role.yaml
deleted file mode 100644
index 75ae42552..000000000
--- a/config/rbac/gatewayproxy_viewer_role.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# permissions for end users to view gatewayproxies.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: gatewayproxy-viewer-role
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: apisix-ingress-controller
-    app.kubernetes.io/part-of: apisix-ingress-controller
-    app.kubernetes.io/managed-by: kustomize
-  name: gatewayproxy-viewer-role
-rules:
-- apiGroups:
-  - apisix.apache.org
-  resources:
-  - gatewayproxies
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apisix.apache.org
-  resources:
-  - gatewayproxies/status
-  verbs:
-  - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 516b74bec..c9dc78391 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -91,6 +91,7 @@ rules:
   - gatewayclasses/status
   - gateways/status
   - httproutes/status
+  - referencegrants/status
   verbs:
   - get
   - update
@@ -102,6 +103,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - gateway.networking.k8s.io
+  resources:
+  - referencegrants
+  verbs:
+  - list
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:
diff --git a/internal/manager/controllers.go b/internal/manager/controllers.go
index f651d957f..5ece9d66d 100644
--- a/internal/manager/controllers.go
+++ b/internal/manager/controllers.go
@@ -66,6 +66,8 @@ import (
 // +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/status,verbs=get;update
 // +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes,verbs=get;list;watch
 // +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes/status,verbs=get;update
+// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=referencegrants,verbs=list;watch;update
+// +kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=referencegrants/status,verbs=get;update
 
 // Networking
 // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;update