Allow referencing TLS secret from other namespace

[amit-kumar-4]

What this PR does / why we need it: Allow referencing TLS secret from other namespaces. When TLS secret referred to when creating an ingress is of pattern <namespace>/<secretName>, ingress controller will check the namespace specified rather than ingress' namespace for secret.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #2170

Special notes for your reviewer: NA

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: [email protected]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aku105
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: caseydavenport

Assign the PR to them by writing /assign @caseydavenport in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-io]

Codecov Report

Merging #2177 into master will increase coverage by 0.04%.
The diff coverage is 53.84%.

@@            Coverage Diff            @@
##           master   #2177      +/-   ##
=========================================
+ Coverage   36.45%   36.5%   +0.04%     
=========================================
  Files          69      69              
  Lines        4861    4871      +10     
=========================================
+ Hits         1772    1778       +6     
- Misses       2819    2823       +4     
  Partials      270     270

Impacted Files	Coverage Δ
internal/ingress/controller/controller.go	0% <0%> (ø)	⬆️
internal/ingress/controller/store/backend_ssl.go	40.17% <87.5%> (+3.23%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3130665...fedcffe. Read the comment docs.

[amit-kumar-4]

CLA Signed.

[amit-kumar-4]

/assign @caseydavenport

[aledbf]

Closing. This must be allowed in the Ingress spec. We are not breaking this rule.

[rvadim]

Why we can't do this within annotations?

[winkee01]

I think there should be a way to access secrets in other namespaces if granted permission.