Extension to copy Provisioned Service Secret resource from one namespace to another

[baijum]

The spec recommends keeping the provisioned service and the application in the same namespace.

In the Provisioned Service section, it is written like this:

The Secret MUST be in the same namespace as the resource.

Later in the 2nd paragraph of Service Binding section:

Restricting service binding to resources within the same namespace is strongly RECOMMENDED

The Provisioned Service Syncer synchronizes Provisioned Service Secret resources across namespace. You can create the ProvisionedServiceSyncer resource in the same namespace as where the application is going to run. The ProvisionedServiceSyncer custom resource will be a Provisioned Service-able resource that you can use in the ServiceBinding configuration.

Schema

apiVersion: extensions.servicebinding.io/v1beta1
kind: ProvisionedServiceSyncer
metadata:
  name: # string
  namespace: # string, optional, default: current namespace
spec: # Provisioned Service resource ObjectReference-like
  apiVersion: #string
  kind: #string
  name: #string
  namespace: #string
status:
  binding: # LocalObjectReference, optional
    name: # string
  conditions: # []metav1.Condition containing at least one entry for `Ready`
  observedGeneration: # int64

Example Resource

apiVersion: extensions.servicebinding.io/v1beta1
kind: ProvisionedServiceSyncer
metadata:
  name: postgres-instance
  namespace: default
spec:
  apiVersion: postgres-operator.crunchydata.com/v1beta1
  kind: PostgresCluster
  name: hippo
  namespace: prod-postgres

The extension also should define RBAC to allow copying resources from one namespace to another.

[scothis]

We should define different api groups for extensions vs core resources.

[baijum]

We should define different api groups for extensions vs core resources.

I have updated the API group to extensions.servicebinding.io.