Changing ASB configuration should not be a requirement

[l0rd]

Currently a manual step at cluster scope is required in order to have Che provisioned correctly: Ansible Service Broker should be configured with openshift sandbox_role set to admin.

This makes Che installation harder and impossible in some cases.

To get rid of this manual step we could have OpenShift teams to default sandbox_role to admin. This is what this issue is about https://github.com/openshift/openshift-ansible/issues/9231

If this won't work we should look at 1) why we need a RoleBinding with role_ref_kind: ClusterRole instead of role_ref_kind: Role and 2) if sandbox_role set to edit would be enough to create a RoleBindings with role_ref_kind: Role

[l0rd]

After the discussions on https://github.com/openshift/openshift-ansible/issues/9231 we can conclude that we cannot get rid of a manual step when installing Che using the ansible service broker.

But rather than asking users to change the configuration of the ASB as indicated today in the README (that has an effect on the whole cluster) we should rather ask users to manually create the ServiceAccount and RoleBinding. That is something that can be done before or after the provisioning of the APB if we set ignore_errors: yes for the RoleBinding creation step.

Summarizing this issue subtasks are:

• [ ] Set ignore_errors: yes for the RoleBinding creation step
• [ ] Update the docker image tagged latest to make sure that we don't need to switch to the canary stream
• [ ] Update README: instead of change ASB configuration admins should manually create the RoleBinding