Upgrade k8s.io/api dependency for compatibility with Tekton Chains/sigstore

[priyawadhwa]

We vendor in knative in Tekton Chains, and have pinned the k8.io/api dependency to v0.20.7 for compatibility with knative.

I'm running into issues integrating Chains with cosign because cosign requires the same dependency @ v0.22.x

I was wondering if it would be possible to upgrade this dependency in knative so that everything works -- the main issue seems to be that v1alpha1 and v2alpha1 aren't supported in the new version.

knative.dev/pkg/client/injection/kube/client imports
	k8s.io/api/batch/v2alpha1: module k8s.io/api@latest found (v0.22.1), but does not contain package k8s.io/api/batch/v2alpha1
knative.dev/pkg/client/injection/kube/client imports
	k8s.io/api/discovery/v1alpha1: module k8s.io/api@latest found (v0.22.1), but does not contain package k8s.io/api/discovery/v1alpha1

I'm happy to open a PR if someone could lmk what the best way to do this upgrade might be, cc @mattmoor

[mattmoor]

@dprotaso When are we due to bump to v0.21?

As for why we lag, it generally has to do with the window of supported versions for a given client-go, so we generally lag 1-2 versions. I'm sort of surprised cosign would need to track HEAD so closely (or why it vendors K8s at all 🤔 ). Happy to help game out options here.

[priyawadhwa]

I'm sort of surprised cosign would need to track HEAD so closely (or why it vendors K8s at all 🤔 ).

I think cosign has a feature where it'll read your k8s manifests and try to verify the images in them have been signed! It probably doesn't require tracking HEAD though, we could consider downgrading the version in cosign instead. @dlorenc wdyt?

[mattmoor]

It might make sense to make some of that stuff use Knative's pod-speccable stuff anyways, so it might be worth making it consistent regardless 🤔

[dprotaso]

We're due for a bump this release - I'll probably get to it next week

[mattmoor]

LMK if you need any help.

[dprotaso]

We bumped to 0.21.4