docs on the ability to enable/disable namespace watching. (#783)

part of kiali/kiali#7322

content/en/docs/Configuration/namespace-management.md

@@ -53,7 +53,7 @@ Because Kiali server utilizes Kubernetes watches to watch all namespaces in `dep
 If you install Kiali using the [Server Helm Chart]({{< ref "/docs/installation/installation-guide/install-with-helm" >}}), these Roles will not be created. This security feature is provided by the operator only, and is one reason why it is recommended to use the operator. The Server Helm Chart is provided only as a convenience.
 {{% /alert %}}
 
-Note that the namespaces declared here (including any regex expressions) are evaluated and discovered by the operator at install time. Namespaces that do not exist at the time of install will not be accessible to Kiali until the operator has a chance to reconcile the Kiali CR (which should happen fairly quickly after the new namespace is created). Adding the new namespace to the list of `accessible_namespaces` will also trigger the operator to reconcile the Kiali CR. When the operator reconciles the Kiali CR, the necessary Role will be created giving the Kiali Server access to the new namespace.
+Note that the namespaces declared here (including any regex expressions) are evaluated and discovered by the operator at install time. Namespaces that do not exist at the time of install will not be accessible to Kiali until the operator has a chance to reconcile the Kiali CR. If you enable namespace watching in the operator, this should happen fairly quickly after the new namespace is created. Namespace watching is an advanced feature; see the [FAQ]({{< ref "/docs/faq/installation" >}}) describing the operator WATCHES_FILE environment variable. Adding the new namespace to the list of `accessible_namespaces` will also trigger the operator to reconcile the Kiali CR. When the operator reconciles the Kiali CR, the necessary Role will be created giving the Kiali Server access to the new namespace.
 
 {{% alert color="warning" %}}
 As you can see in the example, the namespace where Kiali is installed must be listed as accessible (often, but not always, this is the same namespace as the Istio control plane namespace). If it is not in the list, it will be added for you by the operator.

content/en/docs/FAQ/installation.md

@@ -66,6 +66,7 @@ OPERATOR_NAMESPACE="$(kubectl get deployments --all-namespaces  | grep kiali-ope
 - `ANSIBLE_DEBUG_LOGS`: must be `true` or `false`. When `true`, turns on debug logging within the Operator SDK. For details, see the [docs here](https://sdk.operatorframework.io/docs/building-operators/ansible/development-tips/#viewing-the-ansible-logs).
 - `ANSIBLE_VERBOSITY_KIALI_KIALI_IO`: Controls how verbose the operator logs are - the higher the value the more output is logged. For details, see the [docs here](https://sdk.operatorframework.io/docs/building-operators/ansible/reference/advanced_options/#ansible-verbosity).
 - `ANSIBLE_CONFIG`: must be `/etc/ansible/ansible.cfg` or `/opt/ansible/ansible-profiler.cfg`. If set to `/opt/ansible/ansible-profiler.cfg` a profiler report will be dumped in the operator logs after each reconciliation run.
+- `WATCHES_YAML`: must be either (a) `watches-os.yaml`, (b) `watches-os-ns.yaml`, (c) `watches-k8s.yaml` or (d) `watches-k8s-ns.yaml`. If the operator is running on OpenShift, this value must be either (a) or (b); likewise, if the operator is running on a non-OpenShift Kubernetes cluster, this value must be either (c) or (d). If you require the operator to automatically update the Kiali Server with access to new namespaces created in the cluster, set this value to one of the `-ns` files (e.g. `watches-os-ns.yaml` or `watches-k8s-ns.yaml`). This changes the default behavior of the operator such that it will watch for new namespaces getting created and will automatically set up the Kiali Server with the proper access to the new namespace (if such access is to be granted). This namespace watching is not necessary if `spec.deployment.cluster_wide_access` is set to `true` in the Kiali CR.
 
 3. Store the name of the environment variable you want to change in `$ENV_NAME`: