What problem does this PR solve?

according to kubernetes default user-facing role: admin,edit,view https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles, setup aggregated clusterrole to support multi-tenant scenario
refer: ray-project/kuberay#3193

Fix Issue:

there is a rolebing in doris namespace, as it:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: rolebinding-to-admin
  namespace: doris
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: example-group

NOTE: user xxxx belong to example-group

where user xxxx try to create dorisdisaggregatedclusters object, it meet error

Error from server (Forbidden): error when creating "cs_decoupled_min.yaml": dorisdisaggregatedclusters.disaggregated.cluster.doris.com is forbidden: User "xxxx" cannot create resource "dorisdisaggregatedclusters" in API group "disaggregated.cluster.doris.com" in the namespace "doris"

without this patch

$ k auth can-i -n doris create Dorisdisaggregatedclusters --as-group example-group --as xxxx
no

after this patch apply

$ k auth can-i -n doris create Dorisdisaggregatedclusters --as-group example-group --as xxxx
yes

Related PR: #xxx

Problem Summary:

Release note

None

Check List (For Author)

• Test

  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)
  • No need to test or manual test. Explain why:
    • This is a refactor/code format and no logic has been changed.
    • Previous test can cover this change.
    • No code files have been changed.
    • Other reason

• Behavior changed:

  • No.
  • Yes.

• Does this need documentation?

  • No.
  • Yes.

Check List (For Reviewer who merge this PR)

• Confirm the release note
• Confirm test cases
• Confirm document
• Add branch pick label