Allow all resources to be namespaced

[chiqomar]

We have a relatively unique set up. that until multiple namespaces are enabled, this may be a better solution.

Requirement:

We need to deploy trust-manager in a manner all the trust-manager resources are fully namespaced, or in a way that any deployments in other namespaces would not interfere with a deployment in another namespace.

Why?

The environment that we are deploying to only gives us access to a single namespace that we deploy to using Helm; we do not have access to the cert-manager namespace, and it is more ideal for us to deploy trust-manager as part of our namespace until it can support multiple namespaces (even if it could, we don't know how reconfiguring trust-manager for other namespaces after deployment would work).

Current Solution

I am using trust-manager as a dependent chart in our parent Helm chart, disabling CRDs, and have an edited Bundle CRD in the parent chart that is scoped to the namespace. What I realize is that 3 resources will prevent deployments in other namespaces: validatingwebhookconfiguration,,clusterrole, and clusterrolebinding. So even if we deploy to our namespace, it will currently prevent other deployments.

Proposed Solution

• Add a configuration value boolean namespacedOnly, which will allow for a fully namespaced deployment
• If enabled, clusterrole and clusterrolebinding won't be installed (not sure if this is an issue), or the name will include a reference to the namespace it is in, i.e. trust-manager-user-dev
• The validatingwebhookconfiguraton would follow the same naming convention if enabled

Alternatively, configuration for multiple namespaces should be completed, and we can work around that.