Possibility to watch AuthConfigs on a specified namespace

[guicassolato]

Authorino instances can either watch AuthConfigs in the same namespace where the instance is running (namespaced deployment mode) or in all namespaces (cluster-wide deployment mode).

Currently it is not possible to deploy an instance of Authorino in namespace X and make it watch for AuthConfigs defined in namespace Y (and no other namespace).

This is because, when the instance is not cluster-wide:

1. the value of the WATCH_NAMESPACE environment variable injected is set from the namespace of the Authorino CR

   authorino-operator/controllers/authorino_controller.go

   Line 284 in 5ada185

   Name: api.WatchNamespace,

2. the RBAC created (RoleBinding) gives permission for the instance only in the namespace where it is running and no other

   authorino-operator/controllers/authorino_controller.go

   Line 542 in 5ada185

   roleBinding = authorinoResources.GetAuthorinoRoleBinding(authorino.Namespace, authorino.Name, roleBindingName, "ClusterRole", clusterRoleName, serviceAccount)

This makes cluster-wide deployment mode the only option for topologies where the Authorino instance is in one namespace and the AuthConfigs of interest in another. Label selectors might be needed to prevent the cluster-wide instance from caching AuthConfigs from other namespaces.