adding eda rolebinding (#8918)

ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform/defaults/main.yml

@@ -33,3 +33,11 @@ ocp4_workload_ansible_automation_platform_disable_controller: false
 ocp4_workload_ansible_automation_platform_disable_eda: false
 ocp4_workload_ansible_automation_platform_disable_hub: true
 ocp4_workload_ansible_automation_platform_disable_lightspeed: true
+
+# -------------------------------------------------------------------------
+# EDA Cluster-admin rolebinding
+# -------------------------------------------------------------------------
+ocp4_workload_ansible_automation_platform_create_eda_rolebinding: false
+ocp4_workload_ansible_automation_platform_eda_rolebinding_name: eda_default
+ocp4_workload_ansible_automation_platform_service_account: default
+ocp4_workload_ansible_automation_platform_ocp_cluster_role: cluster-admin

ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform/tasks/aap/aap-2.5.yml

@@ -58,3 +58,9 @@
       ansible.builtin.file:
         path: /tmp/aap-manifest.zip
         state: absent
+
+- name: Create Rolebinding for Rulebook Activations for OpenShift events
+  when: ocp4_workload_ansible_automation_platform_create_eda_rolebinding | bool
+  kubernetes.core.k8s:
+    state: present
+    definition: "{{ lookup('template', 'eda_cluster_rolebinding.j2') }}"

ansible/roles_ocp_workloads/ocp4_workload_ansible_automation_platform/templates/eda_cluster_rolebinding.j2

@@ -0,0 +1,13 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ ocp4_workload_ansible_automation_platform_eda_rolebinding_name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ ocp4_workload_ansible_automation_platform_service_account }}
+    namespace: {{ ocp4_workload_ansible_automation_platform_project }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ ocp4_workload_ansible_automation_platform_ocp_cluster_role }}