helm: add GCP CCM permissions for internal LBs

[3u13r]

Context

The GCP CCM hard-codes an outdated ClusterRole. We need to give it the required permissions again. See: kubernetes/cloud-provider-gcp#611

Proposed change(s)

• Add a ClusterRoleBinding linking the used service account to the role we use for the CCMs on other CSPs.

Additional info

• Any additional information or context

Checklist

• Add labels (e.g., for changelog category)
• Is PR title adequate for changelog?
• Link to Milestone

[netlify]

✅ Deploy Preview for constellation-docs canceled.

Name	Link
🔨 Latest commit	2c8ae48
🔍 Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/652ff6a000b964000910f190

[github-actions]

Coverage report

Package	Old	New	Trend
cli/internal/helm	49.50%	49.50%	🚧

[daniel-weisse]

Can you provide an e2e test for this?
From what I can tell, there is no ServiceAccount called cloud-provider in our set up

[3u13r]

E2E, gcp, 1.27, lb, 1:1 https://github.com/edgelesssys/constellation/actions/runs/6571600139
Or do you mean that I should add an E2E test which explicitly tests this feature?

[daniel-weisse]

No, just running the e2e test is fine.
But I'm still wondering who is supposed to consume this role binding as the referenced ServiceAccount does not exist (at least in our Helm charts)

[3u13r]

I think it's a default service account which simply exists in K8s and some (default) permissions have been removed from it. If it does not exists anymore, we'll have to create it, but currently it seems to work.