After the installation is finished with MDC enabled, the user-facing sso is not set up to watch the MDC namespace (it is not listed in the `CONSUMER_NAMESPACES` env var of the user-facing sso operator).

If I set it manually, I will get the following error:

E0719 16:02:46.196322 1 reflector.go:205] github.com/integr8ly/keycloak-operator/vendor/github.com/operator-framework/operator-sdk/pkg/sdk/informer.go:91: Failed to list *unstructured.Unstructured: keycloakrealms.aerogear.org is forbidden: User "system:serviceaccount:user-sso:default" cannot list keycloakrealms.aerogear.org in the namespace "mobile-developer-console": no RBAC policy matched

which means we also missing a role & role binding in the MDC namespace to allow the sso operator to watch resources in the MDC namespace.

Leonardo Rossetti could you please take a look at this issue? Thanks.