Normalize RBAC configuration

[pires]

We introduced breaking changes in #143 that were not caught by our e2e test suite because skaffold has its own RBAC configuration. This has been identified in #163.

In order to avoid falling in the same trap, we can try and normalize RBAC rules to a single file to rule all scenarios, ie deployment and e2e.

[pires]

@wallyqs want to pick it up? :)

[wallyqs]

@pires yes can take look 👍

[arminbuerkle]

I deployed a namespace scoped nats-operator and tried to only assign Roles instead of ClusterRoles.

Unfortunately the operator crashes because it requires list pods on nats-io which is hard coded in exitOnPreexistingClusterScopedNatsOperatorPods.

I understand that the goal is to prevent people from making accidental mistakes and deploying a cluster scoped nats operator alongside a namespace scoped operator.

IMO that should be the responsibility of whoever deploys the service instead and should just be properly documented. Are there other reasons why you can't use Roles instead of ClusterRoles?

I think two different deployment strategies would make sense, one for namespace scoped without ClusterRoles and one cluster-scope with ClusterRoles.

If that's something to consider, i'd gladly open a separate issue for it.