feat: helm rbac perms for deployments (coder#8233)

ericpaulsen · web-flow · commit df95cf7ab249 · 2023-06-27T15:14:39.000-04:00
diff --git a/helm/templates/rbac.yaml b/helm/templates/rbac.yaml
@@ -27,7 +27,21 @@ rules:
     - patch
     - update
     - watch
-
+{{- if .Values.coder.serviceAccount.enableDeployments }}
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    verbs:
+    - create
+    - delete
+    - deletecollection
+    - get
+    - list
+    - patch
+    - update
+    - watch
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -73,6 +73,9 @@ coder:
     # It is recommended to keep this on if you are using Kubernetes templates
     # within Coder.
     workspacePerms: true
+    # coder.serviceAccount.enableDeployments -- Provides the service account permission
+    # to manage Kubernetes deployments.
+    enableDeployments: false
     # coder.serviceAccount.annotations -- The Coder service account annotations.
     annotations: {}
     # coder.serviceAccount.name -- The service account name
