In#124 you now must pass in your own namespace as a parameter to the helm chart if you don't want to create aClusterRole andClusterRoleBinding. This is rough from a GitOps perspective, because it means that you have two choices (in an environment where applications are not allowed to create cluster-scoped resources):

1. You createvalues.<something>.yaml files where you setnamespaces: [ my-coder-ns ] and launch the application with custom values files for each namespace you put it in.
2. When you launch the application you pass in--set namespaces=...

In my opinion, ifnamespaces is not set, then there should be a simple setting ofrbacScope: <namespace|cluster> ... and if it is set tonamespace then the RBAC permissions created withRole/RoleBindings (andNAMESPACES=${{ .Release.Namespace}} is set as an env variable). If it is set tocluster, then you createClusterRole/ClusterRoleBindings.