Description of problem:

When following https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki to configure fine grained access for Loki logs, it was noticed that ClusterRoles are only created, when LokiStack is configured as log store in clusterlogging/instance

This can also be confirmed, when looking at logstore.go.

With LOG-3856 we enabled users to run elasticsearch and LokiStack in parallel to run the transition in more smooth manner for Enterprise Environment.

Therefore the missing ClusterRole are now breaking that experience as things don't behave as expected and we are missing out the required ClusterRole. Even if no transition is made and only LokiStack is being used, the ClusterRoles are also missing but should eventually be provided to manage access to logs, stored in LokiStack

Version-Release number of selected component (if applicable):

OpenShift Container Platform 4 - Cluster Logging 5.8.1

How reproducible:

Always

Steps to Reproduce:

1. Setup OpenShift Container Platform 4 - Cluster Logging with LokiStack and elasticsearch both in managed state and thus keep elasticsearch the log store configured in clusterlogging/instance. If needed, review LOG-3856 for more details

Actual results:

The ClusterRole documented in https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki are not being created

Expected results:

The ClusterRole documented in https://docs.openshift.com/container-platform/4.14/logging/log_storage/cluster-logging-loki.html#logging-loki-log-access_cluster-logging-loki are being created, when LokiStack is configured/created no matter if it's defined as log store in clusterlogging/instance

Additional info:

It's possible to create the ClusterRole manually but it would be appreciated to have it managed by either ClusterLogging or LokiStack Operator.