Configurable operator meta issue and design proposal.

In order to restrict RBAC permissions required by the operator watching resources in multiple namespaces, we need to support multi-namespaces watch. So far, the controller-runtime only supports watching resources in one namespace, or all of them.

There is already an issue open for it, as a follow-up for the one-namespace restriction: kubernetes-sigs/controller-runtime#218
Looks like it's long-termed planned 👍

operator-sdk folks seem to want that feature as well, and might contribute to the controller-runtime: operator-framework/operator-sdk#767

Meanwhile, the issue above suggests an interesting workaround: implement our own Manager that embeds the controller-runtime Manager, but override the cache to support something like prometheus-operator MultiListWatcher.

My take on it would be to:

1. Try implementing the multi-namespaces watches in the controller-runtime itself and create a PR upstream.
2. If 1. turns out not to work that well, use our own cache implementation (the workaround described above).