Running Agent as non root in a dedicated namespace is not possible

[barkbay]

Despite what the documentation suggests:

Until version 7.14.0 and ECK version 2.10.0, Elastic Agent in Fleet mode has to run as root and in the same namespace as the Elasticsearch cluster it connects to.

It is not possible to run Agent as non root and in a namespace other than the one where Elasticsearch is deployed. This check is preventing this kind of setup to be deployed:

func applyRelatedEsAssoc(agent agentv1alpha1.Agent, esAssociation commonv1.Association, builder *defaults.PodTemplateBuilder) (*defaults.PodTemplateBuilder, error) {
	if esAssociation == nil {
		return builder, nil
	}

	esRef := esAssociation.AssociationRef()
	if !esRef.IsExternal() && !agent.Spec.FleetServerEnabled && agent.Namespace != esRef.Namespace {
		// check agent and ES share the same namespace
		return nil, fmt.Errorf(
			"agent namespace %s is different than referenced Elasticsearch namespace %s, this is not supported yet",
			agent.Namespace,
			esAssociation.AssociationRef().Namespace,
		)
	}

We should understand if it safe to remove this check and fix the documentation.

It might be an oversight of #6700

[barkbay]

@naemono assigning to you as you mentioned you can work on it, let me know if you can't, thanks! 🙇