OperatorConfig CRD supports more of alertmanager_config

[pintohutch]

This is the bulk of Alertmanager support for our CRD as it pertains to setting up the managed rule-evaluator.

• operator_config.go now supports most of the rest of the alertmanger_config fields, including:
  • authorization via pulling the credentials payload from a secret selector.
  • tls_config via pulling ca_file, cert_file, key_file fields from configmap/secret selectors (in other namespaces). For tls_config in particular, we have to mirror the provided secrets to our namespace and mount them as files to the rule-evaluator deployment. This is because:
    1. tls_config uses filepaths to configure client TLS connections instead of raw bytes or strings.
    2. Secrets can only be accessed by pods in the same namespace.
  • kubernetes_sd_configs to permit the rule-evaluator to use Kubernetes service-discovery to discover any configured Alertmanager endpoints. prometheus-operator inspired the changes here. Note: no authorization configuration to the K8s apiserver is provided at this time, so this will only be supported on GKE for the time being.
  • relabel_configs to filter only the specified Alertmanagers in the CRD (i.e. if there are other Alertmanagers discovered in the K8s cluster). prometheus-operator inspired the changes here.
• Add support for user-provided alertmanager_configs via configmap/secret selectors.
• Operator ClusterRole needs Secrets resource access to read and create secrets (e.g. for Alertmanager TLS secrets).
• Add unused import to rule-evaluator so it can support kubernetes_sd_config configuration field. See this comment and the imported init.
• Add new image tags with code changes.