diff --git a/Makefile b/Makefile
index af1224fe..403052ce 100644
--- a/Makefile
+++ b/Makefile
@@ -38,7 +38,7 @@ fmt: README.md
 README.md: README.md.gotmpl values.yaml
 	@echo "--- Generating documentation"
 	helm-docs --template-files=$<
-	@echo -e "<!-- DO NOT EDIT. THIS IS GENERATED FROM README.md.gotmpl -->\n\n$$(cat README.md)" > README.md
+	@echo "<!-- DO NOT EDIT. THIS IS GENERATED FROM README.md.gotmpl -->\n\n$$(cat README.md)" > README.md
 .PHONY: README.md
 
 clean:
diff --git a/README.md b/README.md
index b58732fa..9c7936ce 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | certs | object | Certificate that will be mounted inside Coder services. | `{"secret":{"key":"","name":""}}` |
 | certs.secret.key | string | Key pointing to a certificate in the secret. | `""` |
 | certs.secret.name | string | Name of the secret. | `""` |
-| coderd | object | Primary service responsible for all things Coder! | `{"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
+| coderd | object | Primary service responsible for all things Coder! | `{"builtinProviderServiceAccount":{"annotations":{},"labels":{}},"devurlsHost":"","image":"","oidc":{"enableRefresh":false,"redirectOptions":{}},"podSecurityContext":{"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"replicas":1,"resources":{"limits":{"cpu":"250m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"512Mi"}},"satellite":{"accessURL":"","enable":false,"primaryURL":""},"securityContext":{"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}},"serviceAnnotations":{},"serviceNodePorts":{"http":30080,"https":30443},"serviceSpec":{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"},"superAdmin":{"passwordSecret":{"key":"password","name":""}},"tls":{"devurlsHostSecretName":"","hostSecretName":""},"trustProxyIP":false}` |
 | coderd.builtinProviderServiceAccount | object | Customize the built-in Kubernetes provider service account. | `{"annotations":{},"labels":{}}` |
 | coderd.builtinProviderServiceAccount.annotations | object | A KV mapping of annotations. See: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | `{}` |
 | coderd.builtinProviderServiceAccount.labels | object | Add labels to the service account used for the built-in provider. | `{}` |
@@ -46,6 +46,9 @@ View [our docs](https://coder.com/docs/setup/installation) for detailed installa
 | coderd.securityContext.readOnlyRootFilesystem | bool | Mounts the container's root filesystem as read-only. It is recommended to leave this setting enabled in production. This will override the same setting in the pod | `true` |
 | coderd.securityContext.seccompProfile | object | Sets the seccomp profile for the migration and runtime containers. | `{"type":"RuntimeDefault"}` |
 | coderd.serviceAnnotations | object | Extra annotations to apply to the coderd service. | `{}` |
+| coderd.serviceNodePorts | object | Allows manually setting static node ports for the coderd service. This is only helpful if static ports are required, and usually should be left alone. By default these are dynamically chosen. | `{"http":30080,"https":30443}` |
+| coderd.serviceNodePorts.http | int | Sets a static 'coderd' service non-TLS nodePort. This should usually be omitted. | `30080` |
+| coderd.serviceNodePorts.https | int | Sets a static 'coderd' service TLS nodePort This should usually be omitted. | `30443` |
 | coderd.serviceSpec | object | Specification to inject for the coderd service. See: https://kubernetes.io/docs/concepts/services-networking/service/ | `{"externalTrafficPolicy":"Local","loadBalancerIP":"","loadBalancerSourceRanges":[],"type":"LoadBalancer"}` |
 | coderd.serviceSpec.externalTrafficPolicy | string | Set the traffic policy for the service. See: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | `"Local"` |
 | coderd.serviceSpec.loadBalancerIP | string | Set the external IP address of the Ingress service. | `""` |
diff --git a/templates/coderd.yaml b/templates/coderd.yaml
index 76b94dd0..35103565 100644
--- a/templates/coderd.yaml
+++ b/templates/coderd.yaml
@@ -254,10 +254,16 @@ spec:
       port: 80
       targetPort: 8080
       protocol: TCP
+      {{ if .Values.coderd.serviceNodePorts.http }}
+      nodePort: {{  .Values.coderd.serviceNodePorts.http  }}
+      {{ end }}
     - name: tcp-{{ include "coder.serviceName" . }}-https
       port: 443
       targetPort: 8443
       protocol: TCP
+      {{ if .Values.coderd.serviceNodePorts.https }}
+      nodePort: {{ .Values.coderd.serviceNodePorts.https }}
+      {{ end }}
 {{- else }}
 ---
 apiVersion: v1
diff --git a/values.yaml b/values.yaml
index c8165e0f..36d5e31e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -21,6 +21,18 @@ coderd:
     # will be restricted to the specified client IPs. This field will be ignored if
     # the cloud provider does not support this feature.
     loadBalancerSourceRanges: []
+
+  # coderd.serviceNodePorts -- Allows manually setting static node ports for the coderd service.
+  # This is only helpful if static ports are required, and usually should be left alone.
+  # By default these are dynamically chosen.
+  serviceNodePorts:
+    # coderd.serviceNodePorts.http -- Sets a static 'coderd' service non-TLS nodePort.
+    # This should usually be omitted.
+    http: null
+    # coderd.serviceNodePorts.https -- Sets a static 'coderd' service TLS nodePort
+    # This should usually be omitted.
+    https: null
+
   # coderd.serviceAnnotations -- Extra annotations to apply to the coderd service.
   serviceAnnotations: {}