Description
The spec recommends keeping the provisioned service and the application in the same namespace.
In the Provisioned Service section, it is written like this:
The
SecretMUST be in the same namespace as the resource.
Later in the 2nd paragraph of Service Binding section:
Restricting service binding to resources within the same namespace is strongly RECOMMENDED
The Provisioned Service Syncer synchronizes Provisioned Service Secret resources across namespace. You can create the ProvisionedServiceSyncer resource in the same namespace as where the application is going to run. The ProvisionedServiceSyncer custom resource will be a Provisioned Service-able resource that you can use in the ServiceBinding configuration.
Schema
apiVersion: extensions.servicebinding.io/v1beta1
kind: ProvisionedServiceSyncer
metadata:
name: # string
namespace: # string, optional, default: current namespace
spec: # Provisioned Service resource ObjectReference-like
apiVersion: #string
kind: #string
name: #string
namespace: #string
status:
binding: # LocalObjectReference, optional
name: # string
conditions: # []metav1.Condition containing at least one entry for `Ready`
observedGeneration: # int64
Example Resource
apiVersion: extensions.servicebinding.io/v1beta1
kind: ProvisionedServiceSyncer
metadata:
name: postgres-instance
namespace: default
spec:
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
name: hippo
namespace: prod-postgres
The extension also should define RBAC to allow copying resources from one namespace to another.