add feature to enable permission to manage Kubernates services inside helm

lbi22 · lbi22 · commit 494d7394a4b2 · 2023-11-08T16:53:22.000+01:00
diff --git a/helm/coder/values.yaml b/helm/coder/values.yaml
@@ -94,6 +94,9 @@ coder:
     # coder.serviceAccount.enableDeployments -- Provides the service account permission
     # to manage Kubernetes deployments.
     enableDeployments: true
+    # coder.serviceAccount.enableServices -- Provides the service account permission
+    # to manage Kubernetes services.
+    enableServices: false
     # coder.serviceAccount.annotations -- The Coder service account annotations.
     annotations: {}
     # coder.serviceAccount.name -- The service account name
diff --git a/helm/libcoder/templates/_rbac.yaml b/helm/libcoder/templates/_rbac.yaml
@@ -43,6 +43,19 @@ rules:
     - update
     - watch
 {{- end }}
+{{- if .Values.coder.serviceAccount.enableServices }}
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
