Decide whether we confine the Starboard operator to a namespace or make it cluster scoped

[danielpacak]

Relates to the work underway on the Starboard Security Operator

[ribbybibby]

I happened across this project while searching for a registry agnostic version of Quay's container-security-operator: it looks just like what I'm looking for!

I'm assuming this issue is related to the OPERATOR_NAMESPACE value. I'd strongly favour it operating across all namespaces by default, with the option to constrain to a specific list.

[lizrice]

I think the choice is between running a single instance of the operator that can watch resources in all namespaces (ideally configurable which ones it's watching), or to have multiple instances each watching one namespace.

Then there is the question of what to do with cluster-wide resources (e.g. watching for nodes in order to trigger a kube-bench scan)

[danielpacak]

We're going to support the installation modes defined by the Operator Lifecycle Manager multitenancy spec:

• OwnNamespace
• SingleNamespace
• MultiNamespace
• AllNamespaces

The mode will be activated by setting the values of OPERATOR_NAMESPACE and OPERATOR_TARGET_NAMESPACES env variable. See README.md in the Starboard Operator project for details.