chore: update to cert-manger 1.15

Also included are some fixes to the Makefile and python scripts to make them work on my machine including:

- Adding `&& \` to the Makefile in cases where a `cd` is used
- Fixing up the python to print strings in a nice way
- Removing the python to clear down CRD descriptions (no longer needed)
- Adding python to remove the new helm annotation that appears on the CRD
- Adding some lines to the gitignore so it ignores python venv files/folders

Signed-off-by: Adam Talbot <adam.talbot@venafi.com>

.gitignore

@@ -1,2 +1,4 @@
 bin
+lib
 build
+/pyvenv.cfg

Makefile

@@ -20,7 +20,7 @@ SHELL := bash
 #   successful.
 #
 # See README.md#Release Process for more details.
-CERT_MANAGER_VERSION ?= 1.14.2
+CERT_MANAGER_VERSION ?= 1.15.0
 export BUNDLE_VERSION ?= $(CERT_MANAGER_VERSION)
 
 
@@ -107,7 +107,7 @@ $(build):
 build_v := $(build)/${BUNDLE_VERSION}
 
 cert_manager_manifest_upstream = build/cert-manager.${CERT_MANAGER_VERSION}.upstream.yaml
-${cert_manager_manifest_upstream}: url := https://github.com/jetstack/cert-manager/releases/download/v${CERT_MANAGER_VERSION}/cert-manager.yaml
+${cert_manager_manifest_upstream}: url := https://github.com/cert-manager/cert-manager/releases/download/v${CERT_MANAGER_VERSION}/cert-manager.yaml
 
 cert_manager_logo = build/cert-manager-logo.png
 ${cert_manager_logo}: url := ${CERT_MANAGER_LOGO_URL}
@@ -133,9 +133,9 @@ scorecard_dir = config/scorecard
 scorecard_files := $(shell find ${scorecard_dir} -type f)
 kustomize_config = ${kustomize_config_dir}/kustomization.yaml
 ${kustomize_config}: ${kustomize_csv} ${scorecard_files} ${kustomize}
-	mkdir -p ${kustomize_config_dir}
-	rm -f $@
-	cd ${kustomize_config_dir}
+	mkdir -p ${kustomize_config_dir} && \
+	rm -f $@  && \
+	cd ${kustomize_config_dir}  && \
 	$(abspath ${kustomize}) create --resources ../../../config/scorecard,csv.yaml
 
 # We have to use `cat` and pipe the manifest rather than using it as stdin due
@@ -144,9 +144,9 @@ ${kustomize_config}: ${kustomize_csv} ${scorecard_files} ${kustomize}
 bundle_osdk_dir = ${build_v}/bundle_osdk
 bundle_osdk_csv = ${bundle_osdk_dir}/manifests/cert-manager.clusterserviceversion.yaml
 ${bundle_osdk_csv}: ${operator_sdk} ${kustomize_config} ${kustomize}
-	rm -rf ${bundle_osdk_dir}
-	mkdir -p ${bundle_osdk_dir}
-	cd ${bundle_osdk_dir}
+	rm -rf ${bundle_osdk_dir} && \
+	mkdir -p ${bundle_osdk_dir} && \
+	cd ${bundle_osdk_dir} && \
 	$(abspath ${kustomize}) build $(abspath ${kustomize_config_dir}) | $(abspath ${operator_sdk}) generate bundle \
 		--verbose \
 		--channels $(subst $(space),$(comma),${BUNDLE_CHANNELS}) \

bundle/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.14.2
+    app.kubernetes.io/version: v1.15.0
     rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
   name: cert-manager-cluster-view
 rules:

bundle/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.14.2
+    app.kubernetes.io/version: v1.15.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: cert-manager-edit

bundle/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.14.2
+    app.kubernetes.io/version: v1.15.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"

bundle/manifests/cert-manager-webhook_v1_service.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: webhook
-    app.kubernetes.io/version: v1.14.2
+    app.kubernetes.io/version: v1.15.0
   name: cert-manager-webhook
 spec:
   ports:

bundle/manifests/cert-manager.clusterserviceversion.yaml

@@ -67,9 +67,8 @@ metadata:
       ]
     capabilities: Full Lifecycle
     categories: Security
-    containerImage: quay.io/jetstack/cert-manager-controller:v1.14.2
-    createdAt: '2024-02-14T15:41:37'
-    olm.skipRange: '>=1.14.0 <1.14.2'
+    containerImage: quay.io/jetstack/cert-manager-controller:v1.15.0
+    createdAt: '2024-06-06T11:39:40'
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/internal-objects: |-
       [
@@ -84,26 +83,34 @@ metadata:
     operatorframework.io/arch.arm64: supported
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
-  name: cert-manager.v1.14.2
+  name: cert-manager.v1.15.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
   customresourcedefinitions:
     owned:
-    - description: "A CertificateRequest is used to request a signed certificate from\
-        \ one of the configured issuers. \n All fields within the CertificateRequest's\
-        \ `spec` are immutable after creation. A CertificateRequest will either succeed\
-        \ or fail, as denoted by its `Ready` status condition and its `status.failureTime`\
-        \ field. \n A CertificateRequest is a one-shot resource, meaning it represents\
-        \ a single point in time request for a certificate and cannot be re-used."
+    - description: |-
+        A CertificateRequest is used to request a signed certificate from one of the
+        configured issuers.
+
+
+        All fields within the CertificateRequest's `spec` are immutable after creation.
+        A CertificateRequest will either succeed or fail, as denoted by its `Ready` status
+        condition and its `status.failureTime` field.
+
+
+        A CertificateRequest is a one-shot resource, meaning it represents a single
+        point in time request for a certificate and cannot be re-used.
       displayName: CertificateRequest
       kind: CertificateRequest
       name: certificaterequests.cert-manager.io
       version: v1
-    - description: "A Certificate resource should be created to ensure an up to date\
-        \ and signed X.509 certificate is stored in the Kubernetes Secret resource\
-        \ named in `spec.secretName`. \n The stored certificate will be renewed before\
-        \ it expires (as configured by `spec.renewBefore`)."
+    - description: |-
+        A Certificate resource should be created to ensure an up to date and signed
+        X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
+
+
+        The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
       displayName: Certificate
       kind: Certificate
       name: certificates.cert-manager.io
@@ -114,17 +121,21 @@ spec:
       kind: Challenge
       name: challenges.acme.cert-manager.io
       version: v1
-    - description: A ClusterIssuer represents a certificate issuing authority which
-        can be referenced as part of `issuerRef` fields. It is similar to an Issuer,
-        however it is cluster-scoped and therefore can be referenced by resources
-        that exist in *any* namespace, not just the same namespace as the referent.
+    - description: |-
+        A ClusterIssuer represents a certificate issuing authority which can be
+        referenced as part of `issuerRef` fields.
+        It is similar to an Issuer, however it is cluster-scoped and therefore can
+        be referenced by resources that exist in *any* namespace, not just the same
+        namespace as the referent.
       displayName: ClusterIssuer
       kind: ClusterIssuer
       name: clusterissuers.cert-manager.io
       version: v1
-    - description: An Issuer represents a certificate issuing authority which can
-        be referenced as part of `issuerRef` fields. It is scoped to a single namespace
-        and can therefore only be referenced by resources within the same namespace.
+    - description: |-
+        An Issuer represents a certificate issuing authority which can be
+        referenced as part of `issuerRef` fields.
+        It is scoped to a single namespace and can therefore only be referenced by
+        resources within the same namespace.
       displayName: Issuer
       kind: Issuer
       name: issuers.cert-manager.io
@@ -621,7 +632,7 @@ spec:
           app.kubernetes.io/component: controller
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: cert-manager
-          app.kubernetes.io/version: v1.14.2
+          app.kubernetes.io/version: v1.15.0
         name: cert-manager
         spec:
           replicas: 1
@@ -642,21 +653,21 @@ spec:
                 app.kubernetes.io/component: controller
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: cert-manager
-                app.kubernetes.io/version: v1.14.2
+                app.kubernetes.io/version: v1.15.0
             spec:
               containers:
               - args:
                 - --v=2
                 - --cluster-resource-namespace=$(POD_NAMESPACE)
                 - --leader-election-namespace=kube-system
-                - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.2
+                - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.0
                 - --max-concurrent-challenges=60
                 env:
                 - name: POD_NAMESPACE
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-controller:v1.14.2
+                image: quay.io/jetstack/cert-manager-controller:v1.15.0
                 imagePullPolicy: IfNotPresent
                 livenessProbe:
                   failureThreshold: 8
@@ -696,7 +707,7 @@ spec:
           app.kubernetes.io/component: cainjector
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: cainjector
-          app.kubernetes.io/version: v1.14.2
+          app.kubernetes.io/version: v1.15.0
         name: cert-manager-cainjector
         spec:
           replicas: 1
@@ -713,7 +724,7 @@ spec:
                 app.kubernetes.io/component: cainjector
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: cainjector
-                app.kubernetes.io/version: v1.14.2
+                app.kubernetes.io/version: v1.15.0
             spec:
               containers:
               - args:
@@ -724,7 +735,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-cainjector:v1.14.2
+                image: quay.io/jetstack/cert-manager-cainjector:v1.15.0
                 imagePullPolicy: IfNotPresent
                 name: cert-manager-cainjector
                 resources: {}
@@ -747,7 +758,7 @@ spec:
           app.kubernetes.io/component: webhook
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: webhook
-          app.kubernetes.io/version: v1.14.2
+          app.kubernetes.io/version: v1.15.0
         name: cert-manager-webhook
         spec:
           replicas: 1
@@ -764,7 +775,7 @@ spec:
                 app.kubernetes.io/component: webhook
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: webhook
-                app.kubernetes.io/version: v1.14.2
+                app.kubernetes.io/version: v1.15.0
             spec:
               containers:
               - args:
@@ -777,7 +788,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-webhook:v1.14.2
+                image: quay.io/jetstack/cert-manager-webhook:v1.15.0
                 imagePullPolicy: IfNotPresent
                 livenessProbe:
                   failureThreshold: 3
@@ -907,7 +918,7 @@ spec:
   provider:
     name: The cert-manager maintainers
     url: https://cert-manager.io/
-  version: 1.14.2
+  version: 1.15.0
   webhookdefinitions:
   - admissionReviewVersions:
     - v1