Generated

Signed-off-by: Monis Khan <mok@vmware.com>
2021-02-09 12:23:22 -05:00 · 2021-02-09 12:23:22 -05:00 · d2480e6300
commit d2480e6300
parent 4205e3dedc
135 changed files with 459 additions and 1327 deletions
--- a/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
+++ b/deploy/concierge/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
@ -18,7 +18,7 @@ spec:
    listKind: JWTAuthenticatorList
    plural: jwtauthenticators
    singular: jwtauthenticator
-  scope: Cluster
+  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.issuer
--- a/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
+++ b/deploy/concierge/authentication.concierge.pinniped.dev_webhookauthenticators.yaml
@ -18,7 +18,7 @@ spec:
    listKind: WebhookAuthenticatorList
    plural: webhookauthenticators
    singular: webhookauthenticator
-  scope: Cluster
+  scope: Namespaced
  versions:
  - additionalPrinterColumns:
    - jsonPath: .spec.endpoint
--- a/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
+++ b/deploy/concierge/config.concierge.pinniped.dev_credentialissuers.yaml
@ -16,7 +16,7 @@ spec:
    listKind: CredentialIssuerList
    plural: credentialissuers
    singular: credentialissuer
-  scope: Cluster
+  scope: Namespaced
  versions:
  - name: v1alpha1
    schema:
--- a/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go
+++ b/generated/1.17/apis/concierge/authentication/v1alpha1/types_jwt.go
@ -57,6 +57,7 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
--- a/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go
+++ b/generated/1.17/apis/concierge/authentication/v1alpha1/types_webhook.go
@ -29,6 +29,7 @@ type WebhookAuthenticatorSpec struct {
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
--- a/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go
+++ b/generated/1.17/apis/concierge/config/v1alpha1/types_credentialissuer.go
@ -67,6 +67,7 @@ type CredentialIssuerStrategy struct {
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
 type CredentialIssuer struct {
--- a/generated/1.17/apis/concierge/login/types_token.go
+++ b/generated/1.17/apis/concierge/login/types_token.go
@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta
--- a/generated/1.17/apis/concierge/login/v1alpha1/types_token.go
+++ b/generated/1.17/apis/concierge/login/v1alpha1/types_token.go
@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c, namespace)
+	return newJWTAuthenticators(c)
 }
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c, namespace)
+	return newWebhookAuthenticators(c)
 }
 // NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c, namespace}
+	return &FakeJWTAuthenticators{c}
 }
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c, namespace}
+	return &FakeWebhookAuthenticators{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
@ -18,7 +18,6 @@ import (
 // FakeJWTAuthenticators implements JWTAuthenticatorInterface
 type FakeJWTAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@ -28,8 +27,7 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
 // Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
 func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -39,8 +37,7 @@ func (c *FakeJWTAuthenticators) Get(name string, options v1.GetOptions) (result
 // List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
 func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
+		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -61,15 +58,13 @@ func (c *FakeJWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTA
 // Watch returns a watch.Interface that watches the requested jWTAuthenticators.
 func (c *FakeJWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
 }
 // Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -79,8 +74,7 @@ func (c *FakeJWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticat
 // Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -91,8 +85,7 @@ func (c *FakeJWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticat
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (*v1alpha1.JWTAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -102,14 +95,13 @@ func (c *FakeJWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthe
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeJWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOptions)
 	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
 	return err
@ -118,8 +110,7 @@ func (c *FakeJWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 // Patch applies the patch and returns the patched jWTAuthenticator.
 func (c *FakeJWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
@ -18,7 +18,6 @@ import (
 // FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
 type FakeWebhookAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@ -28,8 +27,7 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
 // Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
 func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -39,8 +37,7 @@ func (c *FakeWebhookAuthenticators) Get(name string, options v1.GetOptions) (res
 // List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
 func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
+		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -61,15 +58,13 @@ func (c *FakeWebhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.
 // Watch returns a watch.Interface that watches the requested webhookAuthenticators.
 func (c *FakeWebhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
 }
 // Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -79,8 +74,7 @@ func (c *FakeWebhookAuthenticators) Create(webhookAuthenticator *v1alpha1.Webhoo
 // Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -91,8 +85,7 @@ func (c *FakeWebhookAuthenticators) Update(webhookAuthenticator *v1alpha1.Webhoo
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -102,14 +95,13 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeWebhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOptions)
 	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
 	return err
@ -118,8 +110,7 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(options *v1.DeleteOptions,
 // Patch applies the patch and returns the patched webhookAuthenticator.
 func (c *FakeWebhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
@ -19,7 +19,7 @@ import (
 // JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
 // A group's client should implement this interface.
 type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators(namespace string) JWTAuthenticatorInterface
+	JWTAuthenticators() JWTAuthenticatorInterface
 }
 // JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@ -39,14 +39,12 @@ type JWTAuthenticatorInterface interface {
 // jWTAuthenticators implements JWTAuthenticatorInterface
 type jWTAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
+func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
 	return &jWTAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -54,7 +52,6 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jW
 func (c *jWTAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -71,7 +68,6 @@ func (c *jWTAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.JWTAuthe
 	}
 	result = &v1alpha1.JWTAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -88,7 +84,6 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -99,7 +94,6 @@ func (c *jWTAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, error)
 func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Body(jWTAuthenticator).
 		Do().
@ -111,7 +105,6 @@ func (c *jWTAuthenticators) Create(jWTAuthenticator *v1alpha1.JWTAuthenticator)
 func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		Body(jWTAuthenticator).
@ -126,7 +119,6 @@ func (c *jWTAuthenticators) Update(jWTAuthenticator *v1alpha1.JWTAuthenticator)
 func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthenticator) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		SubResource("status").
@ -139,7 +131,6 @@ func (c *jWTAuthenticators) UpdateStatus(jWTAuthenticator *v1alpha1.JWTAuthentic
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *jWTAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		Body(options).
@ -154,7 +145,6 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@ -167,7 +157,6 @@ func (c *jWTAuthenticators) DeleteCollection(options *v1.DeleteOptions, listOpti
 func (c *jWTAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		SubResource(subresources...).
 		Name(name).
--- a/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
@ -19,7 +19,7 @@ import (
 // WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
 // A group's client should implement this interface.
 type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
+	WebhookAuthenticators() WebhookAuthenticatorInterface
 }
 // WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@ -39,14 +39,12 @@ type WebhookAuthenticatorInterface interface {
 // webhookAuthenticators implements WebhookAuthenticatorInterface
 type webhookAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
+func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
 	return &webhookAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -54,7 +52,6 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string)
 func (c *webhookAuthenticators) Get(name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -71,7 +68,6 @@ func (c *webhookAuthenticators) List(opts v1.ListOptions) (result *v1alpha1.Webh
 	}
 	result = &v1alpha1.WebhookAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -88,7 +84,6 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -99,7 +94,6 @@ func (c *webhookAuthenticators) Watch(opts v1.ListOptions) (watch.Interface, err
 func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Body(webhookAuthenticator).
 		Do().
@ -111,7 +105,6 @@ func (c *webhookAuthenticators) Create(webhookAuthenticator *v1alpha1.WebhookAut
 func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		Body(webhookAuthenticator).
@ -126,7 +119,6 @@ func (c *webhookAuthenticators) Update(webhookAuthenticator *v1alpha1.WebhookAut
 func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.WebhookAuthenticator) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		SubResource("status").
@ -139,7 +131,6 @@ func (c *webhookAuthenticators) UpdateStatus(webhookAuthenticator *v1alpha1.Webh
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *webhookAuthenticators) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		Body(options).
@ -154,7 +145,6 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@ -167,7 +157,6 @@ func (c *webhookAuthenticators) DeleteCollection(options *v1.DeleteOptions, list
 func (c *webhookAuthenticators) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		SubResource(subresources...).
 		Name(name).
--- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
+func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
-	return newCredentialIssuers(c, namespace)
+	return newCredentialIssuers(c)
 }
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.
--- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
@ -19,7 +19,7 @@ import (
 // CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
 // A group's client should implement this interface.
 type CredentialIssuersGetter interface {
-	CredentialIssuers(namespace string) CredentialIssuerInterface
+	CredentialIssuers() CredentialIssuerInterface
 }
 // CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@ -39,14 +39,12 @@ type CredentialIssuerInterface interface {
 // credentialIssuers implements CredentialIssuerInterface
 type credentialIssuers struct {
 	client rest.Interface
 	ns     string
 }
 // newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
+func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
 	return &credentialIssuers{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -54,7 +52,6 @@ func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credential
 func (c *credentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -71,7 +68,6 @@ func (c *credentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Credenti
 	}
 	result = &v1alpha1.CredentialIssuerList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -88,7 +84,6 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -99,7 +94,6 @@ func (c *credentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error)
 func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Body(credentialIssuer).
 		Do().
@ -111,7 +105,6 @@ func (c *credentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer)
 func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		Body(credentialIssuer).
@ -126,7 +119,6 @@ func (c *credentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer)
 func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		SubResource("status").
@ -139,7 +131,6 @@ func (c *credentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIs
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *credentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		Body(options).
@ -154,7 +145,6 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@ -167,7 +157,6 @@ func (c *credentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOpti
 func (c *credentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		SubResource(subresources...).
 		Name(name).
--- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
+func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c, namespace}
+	return &FakeCredentialIssuers{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
@ -18,7 +18,6 @@ import (
 // FakeCredentialIssuers implements CredentialIssuerInterface
 type FakeCredentialIssuers struct {
 	Fake *FakeConfigV1alpha1
 	ns   string
 }
 var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@ -28,8 +27,7 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
 // Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
 func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -39,8 +37,7 @@ func (c *FakeCredentialIssuers) Get(name string, options v1.GetOptions) (result
 // List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
 func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
+		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
 	if obj == nil {
 		return nil, err
 	}
@ -61,15 +58,13 @@ func (c *FakeCredentialIssuers) List(opts v1.ListOptions) (result *v1alpha1.Cred
 // Watch returns a watch.Interface that watches the requested credentialIssuers.
 func (c *FakeCredentialIssuers) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
 }
 // Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -79,8 +74,7 @@ func (c *FakeCredentialIssuers) Create(credentialIssuer *v1alpha1.CredentialIssu
 // Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssuer) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -91,8 +85,7 @@ func (c *FakeCredentialIssuers) Update(credentialIssuer *v1alpha1.CredentialIssu
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.CredentialIssuer) (*v1alpha1.CredentialIssuer, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -102,14 +95,13 @@ func (c *FakeCredentialIssuers) UpdateStatus(credentialIssuer *v1alpha1.Credenti
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *FakeCredentialIssuers) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOptions)
 	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
 	return err
@ -118,8 +110,7 @@ func (c *FakeCredentialIssuers) DeleteCollection(options *v1.DeleteOptions, list
 // Patch applies the patch and returns the patched credentialIssuer.
 func (c *FakeCredentialIssuers) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
+func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c, namespace}
+	return &FakeTokenCredentialRequests{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
@ -18,7 +18,6 @@ import (
 // FakeTokenCredentialRequests implements TokenCredentialRequestInterface
 type FakeTokenCredentialRequests struct {
 	Fake *FakeLoginV1alpha1
 	ns   string
 }
 var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@ -28,8 +27,7 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
 // Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
 func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -39,8 +37,7 @@ func (c *FakeTokenCredentialRequests) Get(name string, options v1.GetOptions) (r
 // List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
 func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
+		Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
 	if obj == nil {
 		return nil, err
 	}
@ -61,15 +58,13 @@ func (c *FakeTokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha
 // Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
 func (c *FakeTokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
 }
 // Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -79,8 +74,7 @@ func (c *FakeTokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.To
 // Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -91,8 +85,7 @@ func (c *FakeTokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.To
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -102,14 +95,13 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alp
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *FakeTokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOptions)
+	action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOptions)
 	_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
 	return err
@ -118,8 +110,7 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions
 // Patch applies the patch and returns the patched tokenCredentialRequest.
 func (c *FakeTokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
+func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c, namespace)
+	return newTokenCredentialRequests(c)
 }
 // NewForConfig creates a new LoginV1alpha1Client for the given config.
--- a/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.17/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
@ -19,7 +19,7 @@ import (
 // TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
 // A group's client should implement this interface.
 type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
+	TokenCredentialRequests() TokenCredentialRequestInterface
 }
 // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@ -39,14 +39,12 @@ type TokenCredentialRequestInterface interface {
 // tokenCredentialRequests implements TokenCredentialRequestInterface
 type tokenCredentialRequests struct {
 	client rest.Interface
 	ns     string
 }
 // newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
+func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
 	return &tokenCredentialRequests{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -54,7 +52,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *token
 func (c *tokenCredentialRequests) Get(name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -71,7 +68,6 @@ func (c *tokenCredentialRequests) List(opts v1.ListOptions) (result *v1alpha1.To
 	}
 	result = &v1alpha1.TokenCredentialRequestList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -88,7 +84,6 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -99,7 +94,6 @@ func (c *tokenCredentialRequests) Watch(opts v1.ListOptions) (watch.Interface, e
 func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Body(tokenCredentialRequest).
 		Do().
@ -111,7 +105,6 @@ func (c *tokenCredentialRequests) Create(tokenCredentialRequest *v1alpha1.TokenC
 func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		Body(tokenCredentialRequest).
@ -126,7 +119,6 @@ func (c *tokenCredentialRequests) Update(tokenCredentialRequest *v1alpha1.TokenC
 func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.TokenCredentialRequest) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		SubResource("status").
@ -139,7 +131,6 @@ func (c *tokenCredentialRequests) UpdateStatus(tokenCredentialRequest *v1alpha1.
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *tokenCredentialRequests) Delete(name string, options *v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		Body(options).
@ -154,7 +145,6 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
 		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&listOptions, scheme.ParameterCodec).
 		Timeout(timeout).
@ -167,7 +157,6 @@ func (c *tokenCredentialRequests) DeleteCollection(options *v1.DeleteOptions, li
 func (c *tokenCredentialRequests) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		SubResource(subresources...).
 		Name(name).
--- a/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
+++ b/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // JWTAuthenticators returns a JWTAuthenticatorInformer.
 func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
-	return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 // WebhookAuthenticators returns a WebhookAuthenticatorInformer.
 func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
-	return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
@ -28,33 +28,32 @@ type JWTAuthenticatorInformer interface {
 type jWTAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(options)
 			},
 		},
 		&authenticationv1alpha1.JWTAuthenticator{},
@ -64,7 +63,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace s
 }
 func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.17/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
@ -28,33 +28,32 @@ type WebhookAuthenticatorInformer interface {
 type webhookAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(options)
 			},
 		},
 		&authenticationv1alpha1.WebhookAuthenticator{},
@ -64,7 +63,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespa
 }
 func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
+++ b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
@ -28,33 +28,32 @@ type CredentialIssuerInformer interface {
 type credentialIssuerInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).List(options)
+				return client.ConfigV1alpha1().CredentialIssuers().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(options)
+				return client.ConfigV1alpha1().CredentialIssuers().Watch(options)
 			},
 		},
 		&configv1alpha1.CredentialIssuer{},
@ -64,7 +63,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace s
 }
 func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go
+++ b/generated/1.17/client/concierge/informers/externalversions/config/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // CredentialIssuers returns a CredentialIssuerInformer.
 func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go
+++ b/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // TokenCredentialRequests returns a TokenCredentialRequestInformer.
 func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
-	return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.17/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
@ -28,33 +28,32 @@ type TokenCredentialRequestInformer interface {
 type tokenCredentialRequestInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(options)
+				return client.LoginV1alpha1().TokenCredentialRequests().List(options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(options)
+				return client.LoginV1alpha1().TokenCredentialRequests().Watch(options)
 			},
 		},
 		&loginv1alpha1.TokenCredentialRequest{},
@ -64,7 +63,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, names
 }
 func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.17/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
+++ b/generated/1.17/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
@ -9,14 +9,6 @@ package v1alpha1
 // JWTAuthenticatorLister.
 type JWTAuthenticatorListerExpansion interface{}
 // JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // JWTAuthenticatorNamespaceLister.
 type JWTAuthenticatorNamespaceListerExpansion interface{}
 // WebhookAuthenticatorListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorLister.
 type WebhookAuthenticatorListerExpansion interface{}
 // WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorNamespaceLister.
 type WebhookAuthenticatorNamespaceListerExpansion interface{}
--- a/generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.17/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
@ -16,8 +16,8 @@ import (
 type JWTAuthenticatorLister interface {
 	// List lists all JWTAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+	// Get retrieves the JWTAuthenticator from the index for a given name.
-	JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorListerExpansion
 }
@ -39,38 +39,9 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
+func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
 type JWTAuthenticatorNamespaceLister interface {
 	// List lists all JWTAuthenticators in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
 	// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorNamespaceListerExpansion
 }
 // jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
 // interface.
 type jWTAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all JWTAuthenticators in the indexer for a given namespace.
 func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.17/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
@ -16,8 +16,8 @@ import (
 type WebhookAuthenticatorLister interface {
 	// List lists all WebhookAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorListerExpansion
 }
@ -39,38 +39,9 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
 	return ret, err
 }
-// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
+func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
 type WebhookAuthenticatorNamespaceLister interface {
 	// List lists all WebhookAuthenticators in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
 	// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorNamespaceListerExpansion
 }
 // webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
 // interface.
 type webhookAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all WebhookAuthenticators in the indexer for a given namespace.
 func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go
+++ b/generated/1.17/client/concierge/listers/config/v1alpha1/credentialissuer.go
@ -16,8 +16,8 @@ import (
 type CredentialIssuerLister interface {
 	// List lists all CredentialIssuers in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// CredentialIssuers returns an object that can list and get CredentialIssuers.
+	// Get retrieves the CredentialIssuer from the index for a given name.
-	CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
+	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerListerExpansion
 }
@ -39,38 +39,9 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// CredentialIssuers returns an object that can list and get CredentialIssuers.
+// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
+func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
 type CredentialIssuerNamespaceLister interface {
 	// List lists all CredentialIssuers in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
 	// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerNamespaceListerExpansion
 }
 // credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
 // interface.
 type credentialIssuerNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all CredentialIssuers in the indexer for a given namespace.
 func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
 	})
 	return ret, err
 }
 // Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go
+++ b/generated/1.17/client/concierge/listers/config/v1alpha1/expansion_generated.go
@ -8,7 +8,3 @@ package v1alpha1
 // CredentialIssuerListerExpansion allows custom methods to be added to
 // CredentialIssuerLister.
 type CredentialIssuerListerExpansion interface{}
 // CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
 // CredentialIssuerNamespaceLister.
 type CredentialIssuerNamespaceListerExpansion interface{}
--- a/generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go
+++ b/generated/1.17/client/concierge/listers/login/v1alpha1/expansion_generated.go
@ -8,7 +8,3 @@ package v1alpha1
 // TokenCredentialRequestListerExpansion allows custom methods to be added to
 // TokenCredentialRequestLister.
 type TokenCredentialRequestListerExpansion interface{}
 // TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to
 // TokenCredentialRequestNamespaceLister.
 type TokenCredentialRequestNamespaceListerExpansion interface{}
--- a/generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.17/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go
@ -16,8 +16,8 @@ import (
 type TokenCredentialRequestLister interface {
 	// List lists all TokenCredentialRequests in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+	// Get retrieves the TokenCredentialRequest from the index for a given name.
-	TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister
+	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestListerExpansion
 }
@ -39,38 +39,9 @@ func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1
 	return ret, err
 }
-// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+// Get retrieves the TokenCredentialRequest from the index for a given name.
-func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister {
+func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests.
 type TokenCredentialRequestNamespaceLister interface {
 	// List lists all TokenCredentialRequests in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
 	// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestNamespaceListerExpansion
 }
 // tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister
 // interface.
 type tokenCredentialRequestNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all TokenCredentialRequests in the indexer for a given namespace.
 func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.TokenCredentialRequest))
 	})
 	return ret, err
 }
 // Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
 func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go
+++ b/generated/1.18/apis/concierge/authentication/v1alpha1/types_jwt.go
@ -57,6 +57,7 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
--- a/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go
+++ b/generated/1.18/apis/concierge/authentication/v1alpha1/types_webhook.go
@ -29,6 +29,7 @@ type WebhookAuthenticatorSpec struct {
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
--- a/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go
+++ b/generated/1.18/apis/concierge/config/v1alpha1/types_credentialissuer.go
@ -67,6 +67,7 @@ type CredentialIssuerStrategy struct {
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
 type CredentialIssuer struct {
--- a/generated/1.18/apis/concierge/login/types_token.go
+++ b/generated/1.18/apis/concierge/login/types_token.go
@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta
--- a/generated/1.18/apis/concierge/login/v1alpha1/types_token.go
+++ b/generated/1.18/apis/concierge/login/v1alpha1/types_token.go
@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c, namespace)
+	return newJWTAuthenticators(c)
 }
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c, namespace)
+	return newWebhookAuthenticators(c)
 }
 // NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c, namespace}
+	return &FakeJWTAuthenticators{c}
 }
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c, namespace}
+	return &FakeWebhookAuthenticators{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
@ -20,7 +20,6 @@ import (
 // FakeJWTAuthenticators implements JWTAuthenticatorInterface
 type FakeJWTAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@ -30,8 +29,7 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
 // Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
 func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
 func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
+		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested jWTAuthenticators.
 func (c *FakeJWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
 }
 // Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1
 // Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (*v1alpha1.JWTAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticat
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeJWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched jWTAuthenticator.
 func (c *FakeJWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
@ -20,7 +20,6 @@ import (
 // FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
 type FakeWebhookAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@ -30,8 +29,7 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
 // Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
 func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, option
 // List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
 func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
+		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOption
 // Watch returns a watch.Interface that watches the requested webhookAuthenticators.
 func (c *FakeWebhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
 }
 // Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthentic
 // Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthentic
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAut
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeWebhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v
 // Patch applies the patch and returns the patched webhookAuthenticator.
 func (c *FakeWebhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
@ -20,7 +20,7 @@ import (
 // JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
 // A group's client should implement this interface.
 type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators(namespace string) JWTAuthenticatorInterface
+	JWTAuthenticators() JWTAuthenticatorInterface
 }
 // JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@ -40,14 +40,12 @@ type JWTAuthenticatorInterface interface {
 // jWTAuthenticators implements JWTAuthenticatorInterface
 type jWTAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
+func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
 	return &jWTAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jW
 func (c *jWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *jWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.JWTAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(jWTAuthenticator).
@ -113,7 +107,6 @@ func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *jWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *jWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
@ -20,7 +20,7 @@ import (
 // WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
 // A group's client should implement this interface.
 type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
+	WebhookAuthenticators() WebhookAuthenticatorInterface
 }
 // WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@ -40,14 +40,12 @@ type WebhookAuthenticatorInterface interface {
 // webhookAuthenticators implements WebhookAuthenticatorInterface
 type webhookAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
+func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
 	return &webhookAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string)
 func (c *webhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *webhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 	}
 	result = &v1alpha1.WebhookAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(webhookAuthenticator).
@ -113,7 +107,6 @@ func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthent
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *webhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 func (c *webhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
+func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
-	return newCredentialIssuers(c, namespace)
+	return newCredentialIssuers(c)
 }
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.
--- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
@ -20,7 +20,7 @@ import (
 // CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
 // A group's client should implement this interface.
 type CredentialIssuersGetter interface {
-	CredentialIssuers(namespace string) CredentialIssuerInterface
+	CredentialIssuers() CredentialIssuerInterface
 }
 // CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@ -40,14 +40,12 @@ type CredentialIssuerInterface interface {
 // credentialIssuers implements CredentialIssuerInterface
 type credentialIssuers struct {
 	client rest.Interface
 	ns     string
 }
 // newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
+func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
 	return &credentialIssuers{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credential
 func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.CredentialIssuerList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(credentialIssuer).
@ -113,7 +107,6 @@ func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
+func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c, namespace}
+	return &FakeCredentialIssuers{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
@ -20,7 +20,6 @@ import (
 // FakeCredentialIssuers implements CredentialIssuerInterface
 type FakeCredentialIssuers struct {
 	Fake *FakeConfigV1alpha1
 	ns   string
 }
 var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@ -30,8 +29,7 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
 // Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
 func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
 func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
+		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested credentialIssuers.
 func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
 }
 // Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1
 // Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssu
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched credentialIssuer.
 func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
+func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c, namespace}
+	return &FakeTokenCredentialRequests{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
@ -20,7 +20,6 @@ import (
 // FakeTokenCredentialRequests implements TokenCredentialRequestInterface
 type FakeTokenCredentialRequests struct {
 	Fake *FakeLoginV1alpha1
 	ns   string
 }
 var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@ -30,8 +29,7 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
 // Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
 func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, opti
 // List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
 func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
+		Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOpti
 // Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
 func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
 }
 // Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia
 // Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentia
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCre
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts
 // Patch applies the patch and returns the patched tokenCredentialRequest.
 func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
+func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c, namespace)
+	return newTokenCredentialRequests(c)
 }
 // NewForConfig creates a new LoginV1alpha1Client for the given config.
--- a/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.18/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
@ -20,7 +20,7 @@ import (
 // TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
 // A group's client should implement this interface.
 type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
+	TokenCredentialRequests() TokenCredentialRequestInterface
 }
 // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@ -40,14 +40,12 @@ type TokenCredentialRequestInterface interface {
 // tokenCredentialRequests implements TokenCredentialRequestInterface
 type tokenCredentialRequests struct {
 	client rest.Interface
 	ns     string
 }
 // newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
+func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
 	return &tokenCredentialRequests{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *token
 func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions)
 	}
 	result = &v1alpha1.TokenCredentialRequestList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(tokenCredentialRequest).
@ -113,7 +107,6 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredent
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
+++ b/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // JWTAuthenticators returns a JWTAuthenticatorInformer.
 func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
-	return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 // WebhookAuthenticators returns a WebhookAuthenticatorInformer.
 func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
-	return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
@ -29,33 +29,32 @@ type JWTAuthenticatorInformer interface {
 type jWTAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.JWTAuthenticator{},
@ -65,7 +64,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace s
 }
 func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.18/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
@ -29,33 +29,32 @@ type WebhookAuthenticatorInformer interface {
 type webhookAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.WebhookAuthenticator{},
@ -65,7 +64,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespa
 }
 func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
+++ b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
@ -29,33 +29,32 @@ type CredentialIssuerInformer interface {
 type credentialIssuerInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).List(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().Watch(context.TODO(), options)
 			},
 		},
 		&configv1alpha1.CredentialIssuer{},
@ -65,7 +64,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace s
 }
 func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go
+++ b/generated/1.18/client/concierge/informers/externalversions/config/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // CredentialIssuers returns a CredentialIssuerInformer.
 func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go
+++ b/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // TokenCredentialRequests returns a TokenCredentialRequestInformer.
 func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
-	return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.18/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
@ -29,33 +29,32 @@ type TokenCredentialRequestInformer interface {
 type tokenCredentialRequestInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options)
 			},
 		},
 		&loginv1alpha1.TokenCredentialRequest{},
@ -65,7 +64,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, names
 }
 func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.18/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
+++ b/generated/1.18/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
@ -9,14 +9,6 @@ package v1alpha1
 // JWTAuthenticatorLister.
 type JWTAuthenticatorListerExpansion interface{}
 // JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // JWTAuthenticatorNamespaceLister.
 type JWTAuthenticatorNamespaceListerExpansion interface{}
 // WebhookAuthenticatorListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorLister.
 type WebhookAuthenticatorListerExpansion interface{}
 // WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorNamespaceLister.
 type WebhookAuthenticatorNamespaceListerExpansion interface{}
--- a/generated/1.18/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.18/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
@ -16,8 +16,8 @@ import (
 type JWTAuthenticatorLister interface {
 	// List lists all JWTAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+	// Get retrieves the JWTAuthenticator from the index for a given name.
-	JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorListerExpansion
 }
@ -39,38 +39,9 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
+func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
 type JWTAuthenticatorNamespaceLister interface {
 	// List lists all JWTAuthenticators in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
 	// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorNamespaceListerExpansion
 }
 // jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
 // interface.
 type jWTAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all JWTAuthenticators in the indexer for a given namespace.
 func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.18/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
@ -16,8 +16,8 @@ import (
 type WebhookAuthenticatorLister interface {
 	// List lists all WebhookAuthenticators in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
+	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorListerExpansion
 }
@ -39,38 +39,9 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
 	return ret, err
 }
-// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
+func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
 type WebhookAuthenticatorNamespaceLister interface {
 	// List lists all WebhookAuthenticators in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
 	// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorNamespaceListerExpansion
 }
 // webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
 // interface.
 type webhookAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all WebhookAuthenticators in the indexer for a given namespace.
 func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go
+++ b/generated/1.18/client/concierge/listers/config/v1alpha1/credentialissuer.go
@ -16,8 +16,8 @@ import (
 type CredentialIssuerLister interface {
 	// List lists all CredentialIssuers in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// CredentialIssuers returns an object that can list and get CredentialIssuers.
+	// Get retrieves the CredentialIssuer from the index for a given name.
-	CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
+	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerListerExpansion
 }
@ -39,38 +39,9 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// CredentialIssuers returns an object that can list and get CredentialIssuers.
+// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
+func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
 type CredentialIssuerNamespaceLister interface {
 	// List lists all CredentialIssuers in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
 	// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerNamespaceListerExpansion
 }
 // credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
 // interface.
 type credentialIssuerNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all CredentialIssuers in the indexer for a given namespace.
 func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
 	})
 	return ret, err
 }
 // Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go
+++ b/generated/1.18/client/concierge/listers/config/v1alpha1/expansion_generated.go
@ -8,7 +8,3 @@ package v1alpha1
 // CredentialIssuerListerExpansion allows custom methods to be added to
 // CredentialIssuerLister.
 type CredentialIssuerListerExpansion interface{}
 // CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
 // CredentialIssuerNamespaceLister.
 type CredentialIssuerNamespaceListerExpansion interface{}
--- a/generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go
+++ b/generated/1.18/client/concierge/listers/login/v1alpha1/expansion_generated.go
@ -8,7 +8,3 @@ package v1alpha1
 // TokenCredentialRequestListerExpansion allows custom methods to be added to
 // TokenCredentialRequestLister.
 type TokenCredentialRequestListerExpansion interface{}
 // TokenCredentialRequestNamespaceListerExpansion allows custom methods to be added to
 // TokenCredentialRequestNamespaceLister.
 type TokenCredentialRequestNamespaceListerExpansion interface{}
--- a/generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.18/client/concierge/listers/login/v1alpha1/tokencredentialrequest.go
@ -16,8 +16,8 @@ import (
 type TokenCredentialRequestLister interface {
 	// List lists all TokenCredentialRequests in the indexer.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
-	// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+	// Get retrieves the TokenCredentialRequest from the index for a given name.
-	TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister
+	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestListerExpansion
 }
@ -39,38 +39,9 @@ func (s *tokenCredentialRequestLister) List(selector labels.Selector) (ret []*v1
 	return ret, err
 }
-// TokenCredentialRequests returns an object that can list and get TokenCredentialRequests.
+// Get retrieves the TokenCredentialRequest from the index for a given name.
-func (s *tokenCredentialRequestLister) TokenCredentialRequests(namespace string) TokenCredentialRequestNamespaceLister {
+func (s *tokenCredentialRequestLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
-	return tokenCredentialRequestNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // TokenCredentialRequestNamespaceLister helps list and get TokenCredentialRequests.
 type TokenCredentialRequestNamespaceLister interface {
 	// List lists all TokenCredentialRequests in the indexer for a given namespace.
 	List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error)
 	// Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
 	Get(name string) (*v1alpha1.TokenCredentialRequest, error)
 	TokenCredentialRequestNamespaceListerExpansion
 }
 // tokenCredentialRequestNamespaceLister implements the TokenCredentialRequestNamespaceLister
 // interface.
 type tokenCredentialRequestNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all TokenCredentialRequests in the indexer for a given namespace.
 func (s tokenCredentialRequestNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.TokenCredentialRequest, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.TokenCredentialRequest))
 	})
 	return ret, err
 }
 // Get retrieves the TokenCredentialRequest from the indexer for a given namespace and name.
 func (s tokenCredentialRequestNamespaceLister) Get(name string) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go
+++ b/generated/1.19/apis/concierge/authentication/v1alpha1/types_jwt.go
@ -57,6 +57,7 @@ type JWTTokenClaims struct {
 // signature, existence of claims, etc.) and extract the username and groups from the token.
 //
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Issuer",type=string,JSONPath=`.spec.issuer`
--- a/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go
+++ b/generated/1.19/apis/concierge/authentication/v1alpha1/types_webhook.go
@ -29,6 +29,7 @@ type WebhookAuthenticatorSpec struct {
 // WebhookAuthenticator describes the configuration of a webhook authenticator.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped;pinniped-authenticator;pinniped-authenticators
 // +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint`
--- a/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go
+++ b/generated/1.19/apis/concierge/config/v1alpha1/types_credentialissuer.go
@ -67,6 +67,7 @@ type CredentialIssuerStrategy struct {
 // Describes the configuration status of a Pinniped credential issuer.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 // +kubebuilder:resource:categories=pinniped
 type CredentialIssuer struct {
--- a/generated/1.19/apis/concierge/login/types_token.go
+++ b/generated/1.19/apis/concierge/login/types_token.go
@ -27,7 +27,6 @@ type TokenCredentialRequestStatus struct {
 }
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta
--- a/generated/1.19/apis/concierge/login/v1alpha1/types_token.go
+++ b/generated/1.19/apis/concierge/login/v1alpha1/types_token.go
@ -30,6 +30,7 @@ type TokenCredentialRequestStatus struct {
 // TokenCredentialRequest submits an IDP-specific credential to Pinniped in exchange for a cluster-specific credential.
 // +genclient
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type TokenCredentialRequest struct {
 	metav1.TypeMeta   `json:",inline"`
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go
@ -22,12 +22,12 @@ type AuthenticationV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *AuthenticationV1alpha1Client) JWTAuthenticators(namespace string) JWTAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) JWTAuthenticators() JWTAuthenticatorInterface {
-	return newJWTAuthenticators(c, namespace)
+	return newJWTAuthenticators(c)
 }
-func (c *AuthenticationV1alpha1Client) WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface {
+func (c *AuthenticationV1alpha1Client) WebhookAuthenticators() WebhookAuthenticatorInterface {
-	return newWebhookAuthenticators(c, namespace)
+	return newWebhookAuthenticators(c)
 }
 // NewForConfig creates a new AuthenticationV1alpha1Client for the given config.
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_authentication_client.go
@ -15,12 +15,12 @@ type FakeAuthenticationV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeAuthenticationV1alpha1) JWTAuthenticators(namespace string) v1alpha1.JWTAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) JWTAuthenticators() v1alpha1.JWTAuthenticatorInterface {
-	return &FakeJWTAuthenticators{c, namespace}
+	return &FakeJWTAuthenticators{c}
 }
-func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators(namespace string) v1alpha1.WebhookAuthenticatorInterface {
+func (c *FakeAuthenticationV1alpha1) WebhookAuthenticators() v1alpha1.WebhookAuthenticatorInterface {
-	return &FakeWebhookAuthenticators{c, namespace}
+	return &FakeWebhookAuthenticators{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_jwtauthenticator.go
@ -20,7 +20,6 @@ import (
 // FakeJWTAuthenticators implements JWTAuthenticatorInterface
 type FakeJWTAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var jwtauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "jwtauthenticators"}
@ -30,8 +29,7 @@ var jwtauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.conci
 // Get takes name of the jWTAuthenticator, and returns the corresponding jWTAuthenticator object, and an error if there is any.
 func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootGetAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeJWTAuthenticators) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of JWTAuthenticators that match those selectors.
 func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.JWTAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, c.ns, opts), &v1alpha1.JWTAuthenticatorList{})
+		Invokes(testing.NewRootListAction(jwtauthenticatorsResource, jwtauthenticatorsKind, opts), &v1alpha1.JWTAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeJWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested jWTAuthenticators.
 func (c *FakeJWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(jwtauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(jwtauthenticatorsResource, opts))
 }
 // Create takes the representation of a jWTAuthenticator and creates it.  Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootCreateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeJWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1
 // Update takes the representation of a jWTAuthenticator and updates it. Returns the server's representation of the jWTAuthenticator, and an error, if there is any.
 func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(jwtauthenticatorsResource, c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(jwtauthenticatorsResource, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeJWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (*v1alpha1.JWTAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(jwtauthenticatorsResource, "status", c.ns, jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(jwtauthenticatorsResource, "status", jWTAuthenticator), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeJWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticat
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeJWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(jwtauthenticatorsResource, c.ns, name), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(jwtauthenticatorsResource, name), &v1alpha1.JWTAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(jwtauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(jwtauthenticatorsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.JWTAuthenticatorList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeJWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched jWTAuthenticator.
 func (c *FakeJWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(jwtauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(jwtauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.JWTAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/fake/fake_webhookauthenticator.go
@ -20,7 +20,6 @@ import (
 // FakeWebhookAuthenticators implements WebhookAuthenticatorInterface
 type FakeWebhookAuthenticators struct {
 	Fake *FakeAuthenticationV1alpha1
 	ns   string
 }
 var webhookauthenticatorsResource = schema.GroupVersionResource{Group: "authentication.concierge.pinniped.dev", Version: "v1alpha1", Resource: "webhookauthenticators"}
@ -30,8 +29,7 @@ var webhookauthenticatorsKind = schema.GroupVersionKind{Group: "authentication.c
 // Get takes name of the webhookAuthenticator, and returns the corresponding webhookAuthenticator object, and an error if there is any.
 func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootGetAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeWebhookAuthenticators) Get(ctx context.Context, name string, option
 // List takes label and field selectors, and returns the list of WebhookAuthenticators that match those selectors.
 func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.WebhookAuthenticatorList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, c.ns, opts), &v1alpha1.WebhookAuthenticatorList{})
+		Invokes(testing.NewRootListAction(webhookauthenticatorsResource, webhookauthenticatorsKind, opts), &v1alpha1.WebhookAuthenticatorList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeWebhookAuthenticators) List(ctx context.Context, opts v1.ListOption
 // Watch returns a watch.Interface that watches the requested webhookAuthenticators.
 func (c *FakeWebhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(webhookauthenticatorsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(webhookauthenticatorsResource, opts))
 }
 // Create takes the representation of a webhookAuthenticator and creates it.  Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootCreateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeWebhookAuthenticators) Create(ctx context.Context, webhookAuthentic
 // Update takes the representation of a webhookAuthenticator and updates it. Returns the server's representation of the webhookAuthenticator, and an error, if there is any.
 func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(webhookauthenticatorsResource, c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateAction(webhookauthenticatorsResource, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeWebhookAuthenticators) Update(ctx context.Context, webhookAuthentic
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(webhookauthenticatorsResource, "status", c.ns, webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootUpdateSubresourceAction(webhookauthenticatorsResource, "status", webhookAuthenticator), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeWebhookAuthenticators) UpdateStatus(ctx context.Context, webhookAut
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *FakeWebhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(webhookauthenticatorsResource, c.ns, name), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootDeleteAction(webhookauthenticatorsResource, name), &v1alpha1.WebhookAuthenticator{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(webhookauthenticatorsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(webhookauthenticatorsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.WebhookAuthenticatorList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeWebhookAuthenticators) DeleteCollection(ctx context.Context, opts v
 // Patch applies the patch and returns the patched webhookAuthenticator.
 func (c *FakeWebhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(webhookauthenticatorsResource, c.ns, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
+		Invokes(testing.NewRootPatchSubresourceAction(webhookauthenticatorsResource, name, pt, data, subresources...), &v1alpha1.WebhookAuthenticator{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/jwtauthenticator.go
@ -20,7 +20,7 @@ import (
 // JWTAuthenticatorsGetter has a method to return a JWTAuthenticatorInterface.
 // A group's client should implement this interface.
 type JWTAuthenticatorsGetter interface {
-	JWTAuthenticators(namespace string) JWTAuthenticatorInterface
+	JWTAuthenticators() JWTAuthenticatorInterface
 }
 // JWTAuthenticatorInterface has methods to work with JWTAuthenticator resources.
@ -40,14 +40,12 @@ type JWTAuthenticatorInterface interface {
 // jWTAuthenticators implements JWTAuthenticatorInterface
 type jWTAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newJWTAuthenticators returns a JWTAuthenticators
-func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jWTAuthenticators {
+func newJWTAuthenticators(c *AuthenticationV1alpha1Client) *jWTAuthenticators {
 	return &jWTAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newJWTAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *jW
 func (c *jWTAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *jWTAuthenticators) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.JWTAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *jWTAuthenticators) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.CreateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(jWTAuthenticator).
@ -113,7 +107,6 @@ func (c *jWTAuthenticators) Create(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *jWTAuthenticators) Update(ctx context.Context, jWTAuthenticator *v1alph
 func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *v1alpha1.JWTAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(jWTAuthenticator.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *jWTAuthenticators) UpdateStatus(ctx context.Context, jWTAuthenticator *
 // Delete takes name of the jWTAuthenticator and deletes it. Returns an error if one occurs.
 func (c *jWTAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *jWTAuthenticators) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *jWTAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.JWTAuthenticator, err error) {
 	result = &v1alpha1.JWTAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("jwtauthenticators").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/authentication/v1alpha1/webhookauthenticator.go
@ -20,7 +20,7 @@ import (
 // WebhookAuthenticatorsGetter has a method to return a WebhookAuthenticatorInterface.
 // A group's client should implement this interface.
 type WebhookAuthenticatorsGetter interface {
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorInterface
+	WebhookAuthenticators() WebhookAuthenticatorInterface
 }
 // WebhookAuthenticatorInterface has methods to work with WebhookAuthenticator resources.
@ -40,14 +40,12 @@ type WebhookAuthenticatorInterface interface {
 // webhookAuthenticators implements WebhookAuthenticatorInterface
 type webhookAuthenticators struct {
 	client rest.Interface
 	ns     string
 }
 // newWebhookAuthenticators returns a WebhookAuthenticators
-func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string) *webhookAuthenticators {
+func newWebhookAuthenticators(c *AuthenticationV1alpha1Client) *webhookAuthenticators {
 	return &webhookAuthenticators{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newWebhookAuthenticators(c *AuthenticationV1alpha1Client, namespace string)
 func (c *webhookAuthenticators) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *webhookAuthenticators) List(ctx context.Context, opts v1.ListOptions) (
 	}
 	result = &v1alpha1.WebhookAuthenticatorList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *webhookAuthenticators) Watch(ctx context.Context, opts v1.ListOptions)
 func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.CreateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(webhookAuthenticator).
@ -113,7 +107,6 @@ func (c *webhookAuthenticators) Create(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *webhookAuthenticators) Update(ctx context.Context, webhookAuthenticator
 func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthenticator *v1alpha1.WebhookAuthenticator, opts v1.UpdateOptions) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(webhookAuthenticator.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *webhookAuthenticators) UpdateStatus(ctx context.Context, webhookAuthent
 // Delete takes name of the webhookAuthenticator and deletes it. Returns an error if one occurs.
 func (c *webhookAuthenticators) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *webhookAuthenticators) DeleteCollection(ctx context.Context, opts v1.De
 func (c *webhookAuthenticators) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.WebhookAuthenticator, err error) {
 	result = &v1alpha1.WebhookAuthenticator{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("webhookauthenticators").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/config_client.go
@ -21,8 +21,8 @@ type ConfigV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *ConfigV1alpha1Client) CredentialIssuers(namespace string) CredentialIssuerInterface {
+func (c *ConfigV1alpha1Client) CredentialIssuers() CredentialIssuerInterface {
-	return newCredentialIssuers(c, namespace)
+	return newCredentialIssuers(c)
 }
 // NewForConfig creates a new ConfigV1alpha1Client for the given config.
--- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/credentialissuer.go
@ -20,7 +20,7 @@ import (
 // CredentialIssuersGetter has a method to return a CredentialIssuerInterface.
 // A group's client should implement this interface.
 type CredentialIssuersGetter interface {
-	CredentialIssuers(namespace string) CredentialIssuerInterface
+	CredentialIssuers() CredentialIssuerInterface
 }
 // CredentialIssuerInterface has methods to work with CredentialIssuer resources.
@ -40,14 +40,12 @@ type CredentialIssuerInterface interface {
 // credentialIssuers implements CredentialIssuerInterface
 type credentialIssuers struct {
 	client rest.Interface
 	ns     string
 }
 // newCredentialIssuers returns a CredentialIssuers
-func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credentialIssuers {
+func newCredentialIssuers(c *ConfigV1alpha1Client) *credentialIssuers {
 	return &credentialIssuers{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newCredentialIssuers(c *ConfigV1alpha1Client, namespace string) *credential
 func (c *credentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *credentialIssuers) List(ctx context.Context, opts v1.ListOptions) (resu
 	}
 	result = &v1alpha1.CredentialIssuerList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *credentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (wat
 func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(credentialIssuer).
@ -113,7 +107,6 @@ func (c *credentialIssuers) Create(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *credentialIssuers) Update(ctx context.Context, credentialIssuer *v1alph
 func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(credentialIssuer.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *credentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *credentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *credentialIssuers) DeleteCollection(ctx context.Context, opts v1.Delete
 func (c *credentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	result = &v1alpha1.CredentialIssuer{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("credentialissuers").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go
@ -15,8 +15,8 @@ type FakeConfigV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeConfigV1alpha1) CredentialIssuers(namespace string) v1alpha1.CredentialIssuerInterface {
+func (c *FakeConfigV1alpha1) CredentialIssuers() v1alpha1.CredentialIssuerInterface {
-	return &FakeCredentialIssuers{c, namespace}
+	return &FakeCredentialIssuers{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/config/v1alpha1/fake/fake_credentialissuer.go
@ -20,7 +20,6 @@ import (
 // FakeCredentialIssuers implements CredentialIssuerInterface
 type FakeCredentialIssuers struct {
 	Fake *FakeConfigV1alpha1
 	ns   string
 }
 var credentialissuersResource = schema.GroupVersionResource{Group: "config.concierge.pinniped.dev", Version: "v1alpha1", Resource: "credentialissuers"}
@ -30,8 +29,7 @@ var credentialissuersKind = schema.GroupVersionKind{Group: "config.concierge.pin
 // Get takes name of the credentialIssuer, and returns the corresponding credentialIssuer object, and an error if there is any.
 func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootGetAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeCredentialIssuers) Get(ctx context.Context, name string, options v1
 // List takes label and field selectors, and returns the list of CredentialIssuers that match those selectors.
 func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.CredentialIssuerList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(credentialissuersResource, credentialissuersKind, c.ns, opts), &v1alpha1.CredentialIssuerList{})
+		Invokes(testing.NewRootListAction(credentialissuersResource, credentialissuersKind, opts), &v1alpha1.CredentialIssuerList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeCredentialIssuers) List(ctx context.Context, opts v1.ListOptions) (
 // Watch returns a watch.Interface that watches the requested credentialIssuers.
 func (c *FakeCredentialIssuers) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(credentialissuersResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(credentialissuersResource, opts))
 }
 // Create takes the representation of a credentialIssuer and creates it.  Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.CreateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootCreateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeCredentialIssuers) Create(ctx context.Context, credentialIssuer *v1
 // Update takes the representation of a credentialIssuer and updates it. Returns the server's representation of the credentialIssuer, and an error, if there is any.
 func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(credentialissuersResource, c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateAction(credentialissuersResource, credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeCredentialIssuers) Update(ctx context.Context, credentialIssuer *v1
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssuer *v1alpha1.CredentialIssuer, opts v1.UpdateOptions) (*v1alpha1.CredentialIssuer, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(credentialissuersResource, "status", c.ns, credentialIssuer), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootUpdateSubresourceAction(credentialissuersResource, "status", credentialIssuer), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeCredentialIssuers) UpdateStatus(ctx context.Context, credentialIssu
 // Delete takes name of the credentialIssuer and deletes it. Returns an error if one occurs.
 func (c *FakeCredentialIssuers) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(credentialissuersResource, c.ns, name), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootDeleteAction(credentialissuersResource, name), &v1alpha1.CredentialIssuer{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(credentialissuersResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(credentialissuersResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.CredentialIssuerList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeCredentialIssuers) DeleteCollection(ctx context.Context, opts v1.De
 // Patch applies the patch and returns the patched credentialIssuer.
 func (c *FakeCredentialIssuers) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.CredentialIssuer, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(credentialissuersResource, c.ns, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
+		Invokes(testing.NewRootPatchSubresourceAction(credentialissuersResource, name, pt, data, subresources...), &v1alpha1.CredentialIssuer{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_login_client.go
@ -15,8 +15,8 @@ type FakeLoginV1alpha1 struct {
 	*testing.Fake
 }
-func (c *FakeLoginV1alpha1) TokenCredentialRequests(namespace string) v1alpha1.TokenCredentialRequestInterface {
+func (c *FakeLoginV1alpha1) TokenCredentialRequests() v1alpha1.TokenCredentialRequestInterface {
-	return &FakeTokenCredentialRequests{c, namespace}
+	return &FakeTokenCredentialRequests{c}
 }
 // RESTClient returns a RESTClient that is used to communicate
--- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/fake/fake_tokencredentialrequest.go
@ -20,7 +20,6 @@ import (
 // FakeTokenCredentialRequests implements TokenCredentialRequestInterface
 type FakeTokenCredentialRequests struct {
 	Fake *FakeLoginV1alpha1
 	ns   string
 }
 var tokencredentialrequestsResource = schema.GroupVersionResource{Group: "login.concierge.pinniped.dev", Version: "v1alpha1", Resource: "tokencredentialrequests"}
@ -30,8 +29,7 @@ var tokencredentialrequestsKind = schema.GroupVersionKind{Group: "login.concierg
 // Get takes name of the tokenCredentialRequest, and returns the corresponding tokenCredentialRequest object, and an error if there is any.
 func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewGetAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootGetAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -41,8 +39,7 @@ func (c *FakeTokenCredentialRequests) Get(ctx context.Context, name string, opti
 // List takes label and field selectors, and returns the list of TokenCredentialRequests that match those selectors.
 func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.TokenCredentialRequestList, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, c.ns, opts), &v1alpha1.TokenCredentialRequestList{})
+		Invokes(testing.NewRootListAction(tokencredentialrequestsResource, tokencredentialrequestsKind, opts), &v1alpha1.TokenCredentialRequestList{})
 	if obj == nil {
 		return nil, err
 	}
@ -63,15 +60,13 @@ func (c *FakeTokenCredentialRequests) List(ctx context.Context, opts v1.ListOpti
 // Watch returns a watch.Interface that watches the requested tokenCredentialRequests.
 func (c *FakeTokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
 	return c.Fake.
-		InvokesWatch(testing.NewWatchAction(tokencredentialrequestsResource, c.ns, opts))
+		InvokesWatch(testing.NewRootWatchAction(tokencredentialrequestsResource, opts))
 }
 // Create takes the representation of a tokenCredentialRequest and creates it.  Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewCreateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootCreateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -81,8 +76,7 @@ func (c *FakeTokenCredentialRequests) Create(ctx context.Context, tokenCredentia
 // Update takes the representation of a tokenCredentialRequest and updates it. Returns the server's representation of the tokenCredentialRequest, and an error, if there is any.
 func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateAction(tokencredentialrequestsResource, c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateAction(tokencredentialrequestsResource, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -93,8 +87,7 @@ func (c *FakeTokenCredentialRequests) Update(ctx context.Context, tokenCredentia
 // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
 func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (*v1alpha1.TokenCredentialRequest, error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewUpdateSubresourceAction(tokencredentialrequestsResource, "status", c.ns, tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootUpdateSubresourceAction(tokencredentialrequestsResource, "status", tokenCredentialRequest), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
@ -104,14 +97,13 @@ func (c *FakeTokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCre
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *FakeTokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	_, err := c.Fake.
-		Invokes(testing.NewDeleteAction(tokencredentialrequestsResource, c.ns, name), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootDeleteAction(tokencredentialrequestsResource, name), &v1alpha1.TokenCredentialRequest{})
 	return err
 }
 // DeleteCollection deletes a collection of objects.
 func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
-	action := testing.NewDeleteCollectionAction(tokencredentialrequestsResource, c.ns, listOpts)
+	action := testing.NewRootDeleteCollectionAction(tokencredentialrequestsResource, listOpts)
 	_, err := c.Fake.Invokes(action, &v1alpha1.TokenCredentialRequestList{})
 	return err
@ -120,8 +112,7 @@ func (c *FakeTokenCredentialRequests) DeleteCollection(ctx context.Context, opts
 // Patch applies the patch and returns the patched tokenCredentialRequest.
 func (c *FakeTokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	obj, err := c.Fake.
-		Invokes(testing.NewPatchSubresourceAction(tokencredentialrequestsResource, c.ns, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
+		Invokes(testing.NewRootPatchSubresourceAction(tokencredentialrequestsResource, name, pt, data, subresources...), &v1alpha1.TokenCredentialRequest{})
 	if obj == nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/login_client.go
@ -21,8 +21,8 @@ type LoginV1alpha1Client struct {
 	restClient rest.Interface
 }
-func (c *LoginV1alpha1Client) TokenCredentialRequests(namespace string) TokenCredentialRequestInterface {
+func (c *LoginV1alpha1Client) TokenCredentialRequests() TokenCredentialRequestInterface {
-	return newTokenCredentialRequests(c, namespace)
+	return newTokenCredentialRequests(c)
 }
 // NewForConfig creates a new LoginV1alpha1Client for the given config.
--- a/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.19/client/concierge/clientset/versioned/typed/login/v1alpha1/tokencredentialrequest.go
@ -20,7 +20,7 @@ import (
 // TokenCredentialRequestsGetter has a method to return a TokenCredentialRequestInterface.
 // A group's client should implement this interface.
 type TokenCredentialRequestsGetter interface {
-	TokenCredentialRequests(namespace string) TokenCredentialRequestInterface
+	TokenCredentialRequests() TokenCredentialRequestInterface
 }
 // TokenCredentialRequestInterface has methods to work with TokenCredentialRequest resources.
@ -40,14 +40,12 @@ type TokenCredentialRequestInterface interface {
 // tokenCredentialRequests implements TokenCredentialRequestInterface
 type tokenCredentialRequests struct {
 	client rest.Interface
 	ns     string
 }
 // newTokenCredentialRequests returns a TokenCredentialRequests
-func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *tokenCredentialRequests {
+func newTokenCredentialRequests(c *LoginV1alpha1Client) *tokenCredentialRequests {
 	return &tokenCredentialRequests{
 		client: c.RESTClient(),
 		ns:     namespace,
 	}
 }
@ -55,7 +53,6 @@ func newTokenCredentialRequests(c *LoginV1alpha1Client, namespace string) *token
 func (c *tokenCredentialRequests) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		VersionedParams(&options, scheme.ParameterCodec).
@ -72,7 +69,6 @@ func (c *tokenCredentialRequests) List(ctx context.Context, opts v1.ListOptions)
 	}
 	result = &v1alpha1.TokenCredentialRequestList{}
 	err = c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -89,7 +85,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 	}
 	opts.Watch = true
 	return c.client.Get().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -100,7 +95,6 @@ func (c *tokenCredentialRequests) Watch(ctx context.Context, opts v1.ListOptions
 func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.CreateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Post().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&opts, scheme.ParameterCodec).
 		Body(tokenCredentialRequest).
@ -113,7 +107,6 @@ func (c *tokenCredentialRequests) Create(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		VersionedParams(&opts, scheme.ParameterCodec).
@ -128,7 +121,6 @@ func (c *tokenCredentialRequests) Update(ctx context.Context, tokenCredentialReq
 func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredentialRequest *v1alpha1.TokenCredentialRequest, opts v1.UpdateOptions) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Put().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(tokenCredentialRequest.Name).
 		SubResource("status").
@ -142,7 +134,6 @@ func (c *tokenCredentialRequests) UpdateStatus(ctx context.Context, tokenCredent
 // Delete takes name of the tokenCredentialRequest and deletes it. Returns an error if one occurs.
 func (c *tokenCredentialRequests) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		Body(&opts).
@ -157,7 +148,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
 	}
 	return c.client.Delete().
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		VersionedParams(&listOpts, scheme.ParameterCodec).
 		Timeout(timeout).
@ -170,7 +160,6 @@ func (c *tokenCredentialRequests) DeleteCollection(ctx context.Context, opts v1.
 func (c *tokenCredentialRequests) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.TokenCredentialRequest, err error) {
 	result = &v1alpha1.TokenCredentialRequest{}
 	err = c.client.Patch(pt).
 		Namespace(c.ns).
 		Resource("tokencredentialrequests").
 		Name(name).
 		SubResource(subresources...).
--- a/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
+++ b/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/interface.go
@ -30,10 +30,10 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // JWTAuthenticators returns a JWTAuthenticatorInformer.
 func (v *version) JWTAuthenticators() JWTAuthenticatorInformer {
-	return &jWTAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &jWTAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
 // WebhookAuthenticators returns a WebhookAuthenticatorInformer.
 func (v *version) WebhookAuthenticators() WebhookAuthenticatorInformer {
-	return &webhookAuthenticatorInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &webhookAuthenticatorInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/jwtauthenticator.go
@ -29,33 +29,32 @@ type JWTAuthenticatorInformer interface {
 type jWTAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredJWTAuthenticatorInformer constructs a new informer for JWTAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().JWTAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().JWTAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.JWTAuthenticator{},
@ -65,7 +64,7 @@ func NewFilteredJWTAuthenticatorInformer(client versioned.Interface, namespace s
 }
 func (f *jWTAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredJWTAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredJWTAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *jWTAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1/webhookauthenticator.go
@ -29,33 +29,32 @@ type WebhookAuthenticatorInformer interface {
 type webhookAuthenticatorInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredWebhookAuthenticatorInformer constructs a new informer for WebhookAuthenticator type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).List(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.AuthenticationV1alpha1().WebhookAuthenticators(namespace).Watch(context.TODO(), options)
+				return client.AuthenticationV1alpha1().WebhookAuthenticators().Watch(context.TODO(), options)
 			},
 		},
 		&authenticationv1alpha1.WebhookAuthenticator{},
@ -65,7 +64,7 @@ func NewFilteredWebhookAuthenticatorInformer(client versioned.Interface, namespa
 }
 func (f *webhookAuthenticatorInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredWebhookAuthenticatorInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredWebhookAuthenticatorInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *webhookAuthenticatorInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
+++ b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/credentialissuer.go
@ -29,33 +29,32 @@ type CredentialIssuerInformer interface {
 type credentialIssuerInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredCredentialIssuerInformer constructs a new informer for CredentialIssuer type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredCredentialIssuerInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).List(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.ConfigV1alpha1().CredentialIssuers(namespace).Watch(context.TODO(), options)
+				return client.ConfigV1alpha1().CredentialIssuers().Watch(context.TODO(), options)
 			},
 		},
 		&configv1alpha1.CredentialIssuer{},
@ -65,7 +64,7 @@ func NewFilteredCredentialIssuerInformer(client versioned.Interface, namespace s
 }
 func (f *credentialIssuerInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredCredentialIssuerInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredCredentialIssuerInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *credentialIssuerInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go
+++ b/generated/1.19/client/concierge/informers/externalversions/config/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // CredentialIssuers returns a CredentialIssuerInformer.
 func (v *version) CredentialIssuers() CredentialIssuerInformer {
-	return &credentialIssuerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &credentialIssuerInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/interface.go
+++ b/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/interface.go
@ -28,5 +28,5 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 // TokenCredentialRequests returns a TokenCredentialRequestInformer.
 func (v *version) TokenCredentialRequests() TokenCredentialRequestInformer {
-	return &tokenCredentialRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+	return &tokenCredentialRequestInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
 }
--- a/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
+++ b/generated/1.19/client/concierge/informers/externalversions/login/v1alpha1/tokencredentialrequest.go
@ -29,33 +29,32 @@ type TokenCredentialRequestInformer interface {
 type tokenCredentialRequestInformer struct {
 	factory          internalinterfaces.SharedInformerFactory
 	tweakListOptions internalinterfaces.TweakListOptionsFunc
 	namespace        string
 }
 // NewTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+func NewTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, namespace, resyncPeriod, indexers, nil)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, indexers, nil)
 }
 // NewFilteredTokenCredentialRequestInformer constructs a new informer for TokenCredentialRequest type.
 // Always prefer using an informer factory to get a shared informer instead of getting an independent
 // one. This reduces memory footprint and number of connections to the server.
-func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
 	return cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).List(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().List(context.TODO(), options)
 			},
 			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
 				if tweakListOptions != nil {
 					tweakListOptions(&options)
 				}
-				return client.LoginV1alpha1().TokenCredentialRequests(namespace).Watch(context.TODO(), options)
+				return client.LoginV1alpha1().TokenCredentialRequests().Watch(context.TODO(), options)
 			},
 		},
 		&loginv1alpha1.TokenCredentialRequest{},
@ -65,7 +64,7 @@ func NewFilteredTokenCredentialRequestInformer(client versioned.Interface, names
 }
 func (f *tokenCredentialRequestInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
-	return NewFilteredTokenCredentialRequestInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+	return NewFilteredTokenCredentialRequestInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
 }
 func (f *tokenCredentialRequestInformer) Informer() cache.SharedIndexInformer {
--- a/generated/1.19/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
+++ b/generated/1.19/client/concierge/listers/authentication/v1alpha1/expansion_generated.go
@ -9,14 +9,6 @@ package v1alpha1
 // JWTAuthenticatorLister.
 type JWTAuthenticatorListerExpansion interface{}
 // JWTAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // JWTAuthenticatorNamespaceLister.
 type JWTAuthenticatorNamespaceListerExpansion interface{}
 // WebhookAuthenticatorListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorLister.
 type WebhookAuthenticatorListerExpansion interface{}
 // WebhookAuthenticatorNamespaceListerExpansion allows custom methods to be added to
 // WebhookAuthenticatorNamespaceLister.
 type WebhookAuthenticatorNamespaceListerExpansion interface{}
--- a/generated/1.19/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
+++ b/generated/1.19/client/concierge/listers/authentication/v1alpha1/jwtauthenticator.go
@ -18,8 +18,9 @@ type JWTAuthenticatorLister interface {
 	// List lists all JWTAuthenticators in the indexer.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
-	// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+	// Get retrieves the JWTAuthenticator from the index for a given name.
-	JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister
+	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorListerExpansion
 }
@ -41,41 +42,9 @@ func (s *jWTAuthenticatorLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// JWTAuthenticators returns an object that can list and get JWTAuthenticators.
+// Get retrieves the JWTAuthenticator from the index for a given name.
-func (s *jWTAuthenticatorLister) JWTAuthenticators(namespace string) JWTAuthenticatorNamespaceLister {
+func (s *jWTAuthenticatorLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
-	return jWTAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // JWTAuthenticatorNamespaceLister helps list and get JWTAuthenticators.
 // All objects returned here must be treated as read-only.
 type JWTAuthenticatorNamespaceLister interface {
 	// List lists all JWTAuthenticators in the indexer for a given namespace.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error)
 	// Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.JWTAuthenticator, error)
 	JWTAuthenticatorNamespaceListerExpansion
 }
 // jWTAuthenticatorNamespaceLister implements the JWTAuthenticatorNamespaceLister
 // interface.
 type jWTAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all JWTAuthenticators in the indexer for a given namespace.
 func (s jWTAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.JWTAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.JWTAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the JWTAuthenticator from the indexer for a given namespace and name.
 func (s jWTAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.JWTAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
+++ b/generated/1.19/client/concierge/listers/authentication/v1alpha1/webhookauthenticator.go
@ -18,8 +18,9 @@ type WebhookAuthenticatorLister interface {
 	// List lists all WebhookAuthenticators in the indexer.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
-	// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+	// Get retrieves the WebhookAuthenticator from the index for a given name.
-	WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister
+	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorListerExpansion
 }
@ -41,41 +42,9 @@ func (s *webhookAuthenticatorLister) List(selector labels.Selector) (ret []*v1al
 	return ret, err
 }
-// WebhookAuthenticators returns an object that can list and get WebhookAuthenticators.
+// Get retrieves the WebhookAuthenticator from the index for a given name.
-func (s *webhookAuthenticatorLister) WebhookAuthenticators(namespace string) WebhookAuthenticatorNamespaceLister {
+func (s *webhookAuthenticatorLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
-	return webhookAuthenticatorNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // WebhookAuthenticatorNamespaceLister helps list and get WebhookAuthenticators.
 // All objects returned here must be treated as read-only.
 type WebhookAuthenticatorNamespaceLister interface {
 	// List lists all WebhookAuthenticators in the indexer for a given namespace.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error)
 	// Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.WebhookAuthenticator, error)
 	WebhookAuthenticatorNamespaceListerExpansion
 }
 // webhookAuthenticatorNamespaceLister implements the WebhookAuthenticatorNamespaceLister
 // interface.
 type webhookAuthenticatorNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all WebhookAuthenticators in the indexer for a given namespace.
 func (s webhookAuthenticatorNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.WebhookAuthenticator, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.WebhookAuthenticator))
 	})
 	return ret, err
 }
 // Get retrieves the WebhookAuthenticator from the indexer for a given namespace and name.
 func (s webhookAuthenticatorNamespaceLister) Get(name string) (*v1alpha1.WebhookAuthenticator, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuer.go
+++ b/generated/1.19/client/concierge/listers/config/v1alpha1/credentialissuer.go
@ -18,8 +18,9 @@ type CredentialIssuerLister interface {
 	// List lists all CredentialIssuers in the indexer.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
-	// CredentialIssuers returns an object that can list and get CredentialIssuers.
+	// Get retrieves the CredentialIssuer from the index for a given name.
-	CredentialIssuers(namespace string) CredentialIssuerNamespaceLister
+	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerListerExpansion
 }
@ -41,41 +42,9 @@ func (s *credentialIssuerLister) List(selector labels.Selector) (ret []*v1alpha1
 	return ret, err
 }
-// CredentialIssuers returns an object that can list and get CredentialIssuers.
+// Get retrieves the CredentialIssuer from the index for a given name.
-func (s *credentialIssuerLister) CredentialIssuers(namespace string) CredentialIssuerNamespaceLister {
+func (s *credentialIssuerLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
-	return credentialIssuerNamespaceLister{indexer: s.indexer, namespace: namespace}
+	obj, exists, err := s.indexer.GetByKey(name)
 }
 // CredentialIssuerNamespaceLister helps list and get CredentialIssuers.
 // All objects returned here must be treated as read-only.
 type CredentialIssuerNamespaceLister interface {
 	// List lists all CredentialIssuers in the indexer for a given namespace.
 	// Objects returned here must be treated as read-only.
 	List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error)
 	// Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 	// Objects returned here must be treated as read-only.
 	Get(name string) (*v1alpha1.CredentialIssuer, error)
 	CredentialIssuerNamespaceListerExpansion
 }
 // credentialIssuerNamespaceLister implements the CredentialIssuerNamespaceLister
 // interface.
 type credentialIssuerNamespaceLister struct {
 	indexer   cache.Indexer
 	namespace string
 }
 // List lists all CredentialIssuers in the indexer for a given namespace.
 func (s credentialIssuerNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.CredentialIssuer, err error) {
 	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
 		ret = append(ret, m.(*v1alpha1.CredentialIssuer))
 	})
 	return ret, err
 }
 // Get retrieves the CredentialIssuer from the indexer for a given namespace and name.
 func (s credentialIssuerNamespaceLister) Get(name string) (*v1alpha1.CredentialIssuer, error) {
 	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
 	if err != nil {
 		return nil, err
 	}
--- a/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go
+++ b/generated/1.19/client/concierge/listers/config/v1alpha1/expansion_generated.go
@ -8,7 +8,3 @@ package v1alpha1
 // CredentialIssuerListerExpansion allows custom methods to be added to
 // CredentialIssuerLister.
 type CredentialIssuerListerExpansion interface{}
 // CredentialIssuerNamespaceListerExpansion allows custom methods to be added to
 // CredentialIssuerNamespaceLister.
 type CredentialIssuerNamespaceListerExpansion interface{}
--- a/Show More
+++ b/Show More