diff --git a/.github/workflows/push-build-downstream.yaml b/.github/workflows/push-build-downstream.yaml
new file mode 100644
index 000000000000..b2521790d92b
--- /dev/null
+++ b/.github/workflows/push-build-downstream.yaml
@@ -0,0 +1,59 @@
+name: Push Image Build Downstream
+on:
+  push:
+    branches:
+      - master
+      - release-*
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+
+defaults:
+  run:
+    # reference: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell
+    shell: bash --noprofile --norc -eo pipefail -x {0}
+
+permissions:
+  contents: read
+
+jobs:
+  push-image-to-container-registry:
+    runs-on: ubuntu-latest
+    if: github.repository == 'parth-gr/rook'
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: "1.21"
+
+        # docker/setup-qemu action installs QEMU static binaries, which are used to run builders for architectures other than the host.
+      - name: set up QEMU
+        uses: docker/setup-qemu-action@master
+        with:
+          platforms: all
+
+      - name: log in to container registry
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_OCS_DEV_ROBOT_USER }}
+          password: ${{ secrets.QUAY_OCS_DEV_ROBOT_PASSWORD }}
+
+      # creating custom env var
+      - name: set env
+        run: |
+          echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
+          echo "GITHUB_SHA=${GITHUB_SHA}" >> $GITHUB_ENV
+
+      - name: build and release
+        env:
+          BRANCH_NAME: ${{ env.BRANCH_NAME }}
+          GITHUB_SHA: $ {{ env.GITHUB_SHA }}
+        run: |
+          tests/scripts/build-release-downstream.sh
diff --git a/deploy/charts/library/templates/_cluster-role.tpl b/deploy/charts/library/templates/_cluster-role.tpl
index fd79b7ce908e..3d13e12a142b 100644
--- a/deploy/charts/library/templates/_cluster-role.tpl
+++ b/deploy/charts/library/templates/_cluster-role.tpl
@@ -148,4 +148,14 @@ rules:
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
     verbs: ["get", "update", "delete", "list"]
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-default
+  namespace: {{ .Release.Namespace }} # namespace:cluster
+rules:
+  - apiGroups: [""]
+    resources: [""]
+    verbs: [""]
 {{- end }}
diff --git a/deploy/charts/library/templates/_cluster-rolebinding.tpl b/deploy/charts/library/templates/_cluster-rolebinding.tpl
index dc5e05f29daf..01281929bd6a 100644
--- a/deploy/charts/library/templates/_cluster-rolebinding.tpl
+++ b/deploy/charts/library/templates/_cluster-rolebinding.tpl
@@ -105,4 +105,18 @@ subjects:
   - kind: ServiceAccount
     name: rook-ceph-purge-osd
     namespace: {{ .Release.Namespace }} # namespace:cluster
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-default
+  namespace: {{ .Release.Namespace }} # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rook-ceph-default
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-default
+    namespace: {{ .Release.Namespace }} # namespace:cluster
 {{- end }}
diff --git a/deploy/examples/common.yaml b/deploy/examples/common.yaml
index ed523e8cb051..a9a1067b00e2 100644
--- a/deploy/examples/common.yaml
+++ b/deploy/examples/common.yaml
@@ -790,6 +790,16 @@ rules:
       - update
       - delete
 ---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-default
+  namespace: rook-ceph # namespace:cluster
+rules:
+  - apiGroups: [""]
+    resources: [""]
+    verbs: [""]
+---
 # Aspects of ceph-mgr that operate within the cluster's namespace
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -1052,6 +1062,20 @@ subjects:
     name: rook-ceph-cmd-reporter
     namespace: rook-ceph # namespace:cluster
 ---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rook-ceph-default
+  namespace: rook-ceph # namespace:cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: rook-ceph-default
+subjects:
+  - kind: ServiceAccount
+    name: rook-ceph-default
+    namespace: rook-ceph # namespace:cluster
+---
 # Allow the ceph mgr to access resources scoped to the CephCluster namespace necessary for mgr modules
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/tests/scripts/build-release-downstream.sh b/tests/scripts/build-release-downstream.sh
new file mode 100755
index 000000000000..febc6efd52dd
--- /dev/null
+++ b/tests/scripts/build-release-downstream.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -ex
+
+# Load dot env file if available
+if [ -f .env ]; then
+    # shellcheck disable=SC2046
+    export $(grep -v '^#' .env | xargs -d '\n')
+fi
+
+MAKE='make --debug=v --output-sync'
+$MAKE build BUILD_REGISTRY=local
+build_Image="local/ceph-amd64:latest"
+git_hash=$(git rev-parse --short "${GITHUB_SHA}")
+tag_Image=quay.io/ocs-dev/rook-ceph:v${BRANCH_NAME}-$git_hash
+docker tag "$build_Image" "$tag_Image"
+docker push "$tag_Image"