fix: RBAC so continuous deploy service account can run helm upgrade

deploy/infra/cd-service-account-rbac.yaml

@@ -5,7 +5,7 @@ metadata:
   name: continuous-deploy
 rules:
 - apiGroups: [""]
-  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"]
   verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 
 - apiGroups: ["apps"]
@@ -15,6 +15,16 @@ rules:
 - apiGroups: ["batch"]
   resources: ["cronjobs", "jobs"]
   verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+
+- apiGroups: ["networking.k8s.io"]
+  resources: ["networkpolicies"]
+  verbs: ["get", "list", "watch", "patch", "update"]
+
+- apiGroups: ["policy"]
+  resources: ["poddisruptionbudgets"]
+  verbs: ["get", "list", "watch", "update", "patch"]
+
+
 ---
 
 apiVersion: rbac.authorization.k8s.io/v1