docs: add faq non clustered operator

scrocquesel · scrocquesel · commit f936b6291645 · 2022-10-18T20:08:26.000+02:00
diff --git a/docs/documentation/faq.md b/docs/documentation/faq.md
@@ -43,4 +43,32 @@ without an update:
 ```
 
 Although you might consider using `EventSources`, to handle reconciliation triggering in a smarter
-way. 
+way. 
+
+### Q: How can I run an operator without cluster scope rights?
+
+By default, JOSDK require access to CR at cluster scope. You may not be granted such
+rights and you will see some error at startup that looks like:
+
+```plain
+io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.local.svc/apis/mygroup/v1alpha1/mycr. Message: Forbidden! Configured service account doesn't have access. Service account may have been revoked. mycrs.mygroup is forbidden: User "system:serviceaccount:ns:sa" cannot list resource "mycrs" in API group "mygroup" at the cluster scope.
+```
+
+To restrict the operator to a set of namesapce, you may override the namespaces watched by a reconciler
+at [Reconciler-level configuration](./configuration.md#reconciler-level-configuration):
+
+```java
+Operator operator;
+Reconciler reconciler;
+...
+operator.register(reconciler, configOverrider ->
+        configOverrider.settingNamespace("mynamespace"));
+```
+
+Furthermore, you may not be able to list CRDs at startup which is required when `checkingCRDAndValidateLocalModel`
+is `true` (by default). To disable set it to `false` at [Operator-level configuration](./configuration.md#operator-level-configuration):
+
+```java
+ConfigurationServiceProvider.overrideCurrent(o -> o.checkingCRDAndValidateLocalModel(false)
+        .withLeaderElectionConfiguration(new LeaderElectionConfiguration("bar", "barNS")));
+```
