In a cluster-wide install

• only one SMCP can exist per cluster
• there are no ServiceMeshMemberRolls/ServiceMeshMembers
• istiod watches all namespaces

The outcome of this issue should be a design document that answers the following questions:

• what permissions does a user need to create a cluster-wide install of Service Mesh?
• how do we need to isolate the control plane to make sure we don't leak permissions to unprivileged users?
• how do we ensure cluster-wide installs and multi-tenant installs of Service Mesh never exist on the same cluster?
• what are the implications for federation?
• how will auto-inject work in a cluster-wide install?
• how will we manage the helm charts around this? special charts for multi-tenant vs cluster-wide?
• are there implications for addons, ie prometheus, kiali, jaeger?

Timebox: 5 days