Autoinject routines scan all namespaces

[rubenvp8510]

In the actual implementation of autoinject, the routines doesn't take into account the environment variable WATCH_NAMESPACE

This could lead to a scenario when two jaeger operators installed in the same cluster will scan all deployments of all namespaces.

[objectiser]

I think that is ok, as the WATCH_NAMESPACE is intended for use by the operator to scan for new/updated CRs. So for example, a user may only want their Jaeger CR to be created in a particular observability namespace, but may want Jaeger agents injected in apps that reside in other namespaces.

Maybe we need to consider adding a namespace list to the CR, to restrict which namespaces a particular operator will scan?

Using the annotations it is possible to ensure individual deployments are managed by a particular Jaeger instance - but then the onus is on the app developer/admin to know what Jaeger instances are deployed.

[jpkrohling]

Maybe we need to consider adding a namespace list to the CR, to restrict which namespaces a particular operator will scan?

If the reason for having that is access control, I'd rather see something more Kubernetes native.

[jpkrohling]

Turns out, WATCH_NAMESPACE is actually intended to be a list of namespaces the operator should watch (see https://github.com/jaegertracing/jaeger-operator/pull/916#issuecomment-589170927).

I believe this will be fixed once #916 gets merged.