fix: specify namespace when there is a namespace search

[Videl]

fix: specify namespace when there is a namespace search

Related Issue or Design Document

Hello, this fixed for me a bug where the controller tries to access cluster-wide Oauth2Clients despite the singleNamespaceMode property set to true. The role resources a correctly setup but I noticed I had a bunch of issues in the logs where the manager tries to access resources cluster-wide.

Here's the logs I had:

ERROR    controller-runtime.cache.UnhandledError    Failed to watch    {"reflector": "pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:290", "type": "*v1alpha1.OAuth2Client", "error": "failed to list *v1alpha1.OAuth2Client: oauth2clients.hydra.ory.sh is forbidden: User \"system:serviceaccount:videl-ns:videl-auth-hydra-maester-account\" cannot list resource \"oauth2clients\" in API group \"hydra.ory.sh\" at the cluster scope"} 

I noticed the code used an empty variable named NAMESPACE in my case (I use the default helm chart from https://github.com/ory/k8s).

Checklist

• I have read the contributing guidelines and signed the CLA.
• I have referenced an issue containing the design document if my change introduces a new feature.
• I have read the security policy.
• I confirm that this pull request does not address a security vulnerability.
  If this pull request addresses a security vulnerability,
  I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
• I have added tests that prove my fix is effective or that my feature works.
• I have added the necessary documentation within the code base (if appropriate).

Further comments

I did not tests in the case where singleNamespaceMode is set to false, nor have I tried a case of multiple namespace with the Helm's chart variable enabledNamespaces.

[CLAassistant]

All committers have signed the CLA.