In #124 you now must pass in your own namespace as a parameter to the helm chart if you don't want to create a ClusterRole and ClusterRoleBinding. This is rough from a GitOps perspective, because it means that you have two choices (in an environment where applications are not allowed to create cluster-scoped resources):

1. You create values.<something>.yaml files where you set namespaces: [ my-coder-ns ] and launch the application with custom values files for each namespace you put it in.
2. When you launch the application you pass in --set namespaces=...

In my opinion, if namespaces is not set, then there should be a simple setting of rbacScope: <namespace|cluster> ... and if it is set to namespace then the RBAC permissions created with Role/RoleBindings (and NAMESPACES=${{ .Release.Namespace}} is set as an env variable). If it is set to cluster, then you create ClusterRole/ClusterRoleBindings.