accept ssh diffie-hellman-group1-sha1 and update cert-manager

openssh-client, etc. updated and might not accept these algos by
default. Cirros images should probably be updated at some point to
use a new SSH server.

Update cert-manager to 1.8.0 because [1] changed `deploy-k8s.sh`
to use Kubernetes 1.23 instead of 1.19.

This broke cert-manager as ca-injector had an error of:

Error: error registering secret controller: no matches for kind
"MutatingWebhookConfiguration" in version
"admissionregistration.k8s.io/v1beta1"

This is because admissionregistration.k8s.io/v1beta1 no longer exists
in Kubernetes 1.23.

Upgrade cert-manager so it uses admissionregistration.k8s.io/v1 instead.

1 - https://review.opendev.org/c/openstack/openstack-helm-infra/+/840691

Change-Id: I5ea204bbcd7add2f787df79ac1d996842f4d1fcc

tools/deployment/developer/common/900-use-it.sh

@@ -87,9 +87,14 @@ function wait_for_ssh_port {
 }
 wait_for_ssh_port $FLOATING_IP
 
+# accept diffie-hellman-group1-sha1 algo for SSH (cirros image should probably be updated to replace this)
+echo "    KexAlgorithms +diffie-hellman-group1-sha1" | sudo tee -a /etc/ssh/ssh_config
+
 # SSH into the VM and check it can reach the outside world
-ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
+# note: ssh-keyscan should be re-enabled to prevent skip host key checking
-ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
+#   ssh-keyscan does not use ssh_config so ignore host key checking for now
+#ssh-keyscan "$FLOATING_IP" >> ~/.ssh/known_hosts
+ssh -o "StrictHostKeyChecking no" -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} ping -q -c 1 -W 2 ${OSH_BR_EX_ADDR%/*}
 
 # Check the VM can reach the metadata server
 ssh -i ${HOME}/.ssh/osh_key cirros@${FLOATING_IP} curl --verbose --connect-timeout 5 169.254.169.254

tools/scripts/tls/cert-manager.sh

@@ -2,7 +2,7 @@
 
 set -eux
 
-: ${CERT_MANAGER_VERSION:="v1.2.0"}
+: ${CERT_MANAGER_VERSION:="v1.8.0"}
 
 cert_path="/etc/openstack-helm"
 ca_cert_root="$cert_path/certs/ca"