Unable to deploy eventing in different namespace because of hardcoded namespace

[eloo-abi]

Describe the bug
Hi, it looks like its not possible to deploy and operate knative eventing in a different namespace using IMC because the service account is harded here:
https://github.com/knative/eventing/blob/main/pkg/apis/messaging/v1/in_memory_channel_validation.go#L29C7-L29C31

const eventingControllerSAName = "system:serviceaccount:knative-eventing:eventing-controller"

This const is afterwards used for the validation checkSubsciberSpecAuthChanged.

I guess the best would be to use the SYSTEM_NAMESPACE env here in the eventingControllerSAName.

Expected behavior
I can deploy knative eventing in any namespace and configure it properly

To Reproduce

• Deploy knative eventing in a different namespace (e.g. knative-random)
• Deploy a basic example with source, channel, subscription and service like this

apiVersion: sources.knative.dev/v1
kind: PingSource
metadata:
  name: test-ping-source
  namespace: knative-random

spec:
  schedule: "*/1 * * * *"
  contentType: "application/json"
  data: '{"message": "Hello world!"}'
  sink:
    ref:
      apiVersion: messaging.knative.dev/v1
      kind: InMemoryChannel
      name: foo
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: event-display
  namespace: knative-random
spec:
  template:
    spec:
      containers:
        - image: gcr.io/knative-releases/knative.dev/eventing-contrib/cmd/event_display:latest
---
apiVersion: messaging.knative.dev/v1
kind: InMemoryChannel
metadata:
  name: foo
  namespace: knative-random

---
apiVersion: messaging.knative.dev/v1
kind: Subscription
metadata:
  name: my-subscription
  namespace: knative-random
spec:
  channel:
    apiVersion: messaging.knative.dev/v1
    kind: InMemoryChannel
    name: foo
  subscriber:
    ref:
      apiVersion: serving.knative.dev/v1
      kind: Service
      name: event-display

• Check the eventing-controller logs
• See errors like this

admission webhook \"validation.inmemorychannel.eventing.knative.dev\" denied the request: validation failed: Channel.Spec.Subscribers changed by user system:serviceaccount:knative-system:eventing-controller which was not the system:serviceaccount:knative-eventing:eventing-controller service account

 **Knative release version**
1.16

 **Additional context**
Add any other context about the problem here such as proposed priority

[pierDipi]

Would you be interested in contributing this bug fix?

In this case, we would need to use system.Namespace() instead of the hardcoded knative-eventing in that constant (and make it a variable) https://github.com/knative/eventing/blob/28c489edcdfc4fe7aa4cdff30bfe9a15dd0255f9/pkg/apis/messaging/v1/in_memory_channel_validation.go#L29C7-L29C31

[pierDipi]

/good-first-issue

[knative-prow]

@pierDipi:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.