Add localmanifests controller to perform bootstrapping for cert-manager certs

[munnerz]

What this PR does / why we need it:

This PR adds a 'localmanifests' controller, which can be used similar to the kubelet's 'mirror pods' directory.

It will allow us to process Certificates/Issuers/ClusterIssuers before we are able to persist those resources to the API.

This is useful because when we add the validating admission webhook, we'll need to provide a way to secure it with up to date TLS certificates. We also want the failurePolicy of this webhook to be Fail (else users may be able to create invalid resources whilst the API is down). This will allow us to generate certificates for the webhook whilst we are unable to persist their appropriate resources, thus breaking the chicken-egg problem 😄

/cc @kragniz

Release note:

Add 'local manifests' support to allow bootstrapping TLS certificates for use by cert-manager's validating admission webhooks

[jetstack-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: munnerz

Assign the PR to them by writing /assign @munnerz in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[munnerz]

It appears adding to the indexer does not cause informer's AddFuncs to be called. Holding this pr pending investigation and a test case.

/hold

[jetstack-bot]

@munnerz: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
cert-manager-quick-verify	23d7a69	link	/test verify
cert-manager-e2e-v1-8	23d7a69	link	/test e2e v1.8

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[munnerz]

Closing in favour of using a namespaceSelector on the ValidatingWebhookConfiguration resource.