fix: add role for service access

Workaround for timescale/helm-charts#610

Author: paddatrapper

charts/helix/templates/db-role.yaml

@@ -0,0 +1,13 @@
+#TODO: remove once https://github.com/timescale/helm-charts/pull/610 is merged and released
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace}}
+  name: {{ include "helix.fullname" . }}-db-services
+  labels:
+    {{- include "helix.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["create", "get", "list", "patch", "update", "watch", "delete"]

charts/helix/templates/db-rolebinding.yaml

@@ -0,0 +1,16 @@
+{{- $timescaledb := index .Values "timescaledb-single" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "helix.fullname" . }}-db-services
+  namespace: {{ .Release.Namespace}}
+  labels:
+    {{- include "helix.labels" . | nindent 4 }}
+    app.kubernetes.io/component: rbac
+subjects:
+- kind: ServiceAccount
+  name: {{ default $timescaledb.fullnameOverride $timescaledb.serviceAccount.name }}
+roleRef:
+  kind: Role
+  name: {{ include "helix.fullname" . }}-db-services
+  apiGroup: rbac.authorization.k8s.io