Add option to restrict opensearch operator to watch a desired namespace

[aarontams]

Task Optionally restrict the opensearch operator to watch a specific namespace.

Scenarios 1 When a k8s cluster has 100 namespaces and each namespace holds one opensearch cluster. If there is only one opensearch operator to manager all 100 opensearch clusters, it will take a lot time to sync all of them.

Scenarios 2 With a single operator to control all the opensearch clusters within the same k8s cluster, you won't have the flexibility to upgrade, downgrade, or pin down certain opensearch clusters.
In production, sometimes users need to run opensearch clusters with different favors - stable, canary, and long term support images within a k8s cluster.

Solution To solve the issues from both scenarios, we can deploy a opensearch operator to each namespace and each operator will be restricted to only manager the opensearch cluster within the same namespace.
When each namespace contains it's own opensearch operator and opensearch cluster, we can selectively upgrade/downgrade some of the namespaces with different opensearch opertor and cluster images. Or even pin down certain namespaces with current older version and upgrade the rest to latest.

watchNamespace
The watchNamespace can be set during helm deployment in values.yaml manager.watchNamespace, and past to the operator as env variable --watch-namespace={{ .Values.manager.watchNamespace }}, then has the operator to start the controller manager with Namespace option.

### sigs.k8s.io manager/manager.go
	// Namespace if specified restricts the manager's cache to watch objects in
	// the desired namespace Defaults to all namespaces
	Namespace string

Note In our production system, our operator used to watch all the CRs from all namespaces. After we grew our CRs/namespaces to few tens, we got hit really hard by the performance. We decided to change our design and used local (namespaced) operator few years ago. With that solution, we have been syncing of our applications every 30s and running different image favors on all our k8s fleets.

[aarontams]

If we don't want to show this env setting when watchNamespace is not set in values.yaml, we can add an if statement around this line.

{{- if . Values.manager.watchNamespace }}
        - --watch-namespace={{ .Values.manager.watchNamespace }}
{{- end }}

[swoehrl-mw]

I agree. Please wrap it in the if block so the option is only added when a namespace is set.

[aarontams]

Sounds good.
Will add and test it out when I get a chance.
Thanks for reviewing this MR.

[aarontams]

Addressed the comment in latest push.

[swoehrl-mw]

Hi @aarontams. Thank you for this PR. Please have a look at my review comments.

[swoehrl-mw]

I agree. Please wrap it in the if block so the option is only added when a namespace is set.

[swoehrl-mw]

Not needed here.

[aarontams]

Will remove it in next commit.

[aarontams]

Removed.

[swoehrl-mw]

Could you add a comment here to explain that an empty watchNamespace means all namespaces are watched. Just so we have it documented somewhere.
For the future I think we will need a section in the user guide to explain the available helm values.

[aarontams]

Will do.

[aarontams]

Addressed the comment in latest push.

[aarontams]

Thanks @swoehrl-mw
Appreciated your review.