feat: adds EnableCARM flag to prevent watching namespaces in ns scope (#199)

fixes aws-controllers-k8s/community#2625

Description of changes:
- adds explicit EnableCARM flag to enable/disable Cross Account Resource Management

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Author: vijaydandu

pkg/config/config.go

@@ -45,6 +45,7 @@ const (
 	flagEnableAdoptedResourceReconciler = "enable-adopted-resource-reconciler"
 	flagEnableFieldExportReconciler     = "enable-field-export-reconciler"
 	flagEnableLeaderElection            = "enable-leader-election"
+	flagEnableCARM                      = "enable-carm"
 	flagLeaderElectionNamespace         = "leader-election-namespace"
 	flagMetricAddr                      = "metrics-addr"
 	flagHealthzAddr                     = "healthz-addr"
@@ -89,6 +90,7 @@ type Config struct {
 	EnableLeaderElection            bool
 	EnableAdoptedResourceReconciler bool
 	EnableFieldExportReconciler     bool
+	EnableCARM                      bool
 	LeaderElectionNamespace         string
 	EnableDevelopmentLogging        bool
 	AccountID                       string
@@ -151,6 +153,11 @@ func (cfg *Config) BindFlags() {
 		true,
 		"Enable the FieldExport reconciler.",
 	)
+	flag.BoolVar(
+		&cfg.EnableCARM, flagEnableCARM,
+		true,
+		"Enable Cross Account Resource Management.",
+	)
 	flag.StringVar(
 		// In the context of the controller-runtime library, if the LeaderElectionNamespace parametere is not
 		//  explicitly set, the library will automatically default its value to the content of the file

pkg/runtime/service_controller.go

@@ -220,14 +220,9 @@ func (c *serviceController) BindControllerManager(mgr ctrlrt.Manager, cfg ackcfg
 		}},
 		cfg.FeatureGates,
 	)
-	// We want to run the caches if the length of the namespaces slice is
-	// either 0 (watching all namespaces) or greater than 1 (watching multiple
-	// namespaces).
-	//
-	// The caches are only used for cross account resource management. If the
-	// controller is not configured to watch multiple namespaces, then we don't
-	// need to run the caches.
-	if len(namespaces) == 0 || len(namespaces) >= 2 {
+	// The caches are only used for cross account resource management. We
+	// want to run them only when --enable-carm is set to true.
+	if cfg.EnableCARM {
 		clusterConfig := mgr.GetConfig()
 		clientSet, err := kubernetes.NewForConfig(clusterConfig)
 		if err != nil {

pkg/runtime/service_controller_test.go

@@ -177,8 +177,8 @@ func TestServiceController(t *testing.T) {
 
 	mgr := &fakeManager{}
 	cfg := ackcfg.Config{
-		// Disable caches, by setting a mono-namespace watch mode
-		WatchNamespace: "default",
+		// Disable caches, by setting EnableCARM to false
+		EnableCARM: false,
 	}
 	err := sc.BindControllerManager(mgr, cfg)
 	require.Nil(err)