External-DNS requires cluster-level namespace permissions when they are unused

[wasabii]

When using gateway-httproute source it seems that if External-DNS does not have cluster scoped permission to read namespace it fails. Even if 'gatewayNamespace' is set.

I think this is because the NamespaceInformer is created without knowledge about whether namespaces will even be needed:

external-dns/source/gateway.go

Line 150 in effffb2

nsInformer := kubeInformerFactory.Core().V1().Namespaces() // TODO: Namespace informer should be shared across gateway sources.

Am I correct? That this attempts to list all namespaces, even if no selector is present? It's not initialized on demand.

To note, this is I think a 'bug' still left behind by the fix in #5300. Yes, the Chart is right. But the bug is in the code, not the chart. The code should not be retrieving all namespaces if it does not need them. If that was fixed the Chart would not need to grant them.