feat: added validation for prometheusRule size (#6478)

[yp969803]

Description

fixes: #6478
Reject PrometheusRule objects that generate > 1MB configmap

Type of change

What type of changes does your code introduce to the Prometheus operator? Put an x in the box that apply.

• CHANGE (fix or feature that would cause existing functionality to not work as expected)
• FEATURE (non-breaking change which adds functionality)
• BUGFIX (non-breaking change which fixes an issue)
• ENHANCEMENT (non-breaking change which improves existing functionality)
• NONE (if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)

Verification

added unit test

Changelog entry

[yp969803]

@simonpasquier can u review the pr

[simonpasquier]

In fact the original issue is about the internal hardcoded limit of the operator which is 512KiB (1MiB/2):

prometheus-operator/pkg/prometheus/server/rules.go

Lines 36 to 40 in 7e18b82

	// The maximum `Data` size of a ConfigMap seems to differ between
	// environments. This is probably due to different meta data sizes which count
	// into the overall maximum size of a ConfigMap. Thereby lets leave a
	// large buffer.
	var maxConfigMapDataSize = int(float64(v1.MaxSecretSize) * 0.5)

IMHO the first things to do would be

• better advertise this limit in the API documentation.
• have a descriptive error message stating the operator limit and the actual value.

I'd also rather see the check in ValidateRule() since it would help users that don't run the admission webhook.

Eventually we may want to make the 512MB limit configurable and/or increase the default limit. Unfortunately #1591 has little details on why 50% of 1MiB was picked up.

[simonpasquier]

In this specific case, I'd avoid storing a large file in the Git repository.

[yp969803]

@simonpasquier done the above changes