cert-manager: bump to v0.9.1

We just got this email:

We've been working with Jetstack, the authors of cert-manager, on a
series of fixes to the client. Cert-manager sometimes falls into a
traffic pattern where it sends really excessive traffic to Let's
Encrypt's servers, continuously. To mitigate this, we plan to start
blocking all traffic from cert-manager versions less than 0.8.0 (the
current semver minor release), as of November 1, 2019. Please upgrade
all of your cert-manager instances before then.

We're sending this email because this is the contact address of your
cert-manager instance at:

 185.236.240.37 .

Version 0.8.0 is much better but we still observe excessive traffic in
some cases. We're working with Jetstack to improve these cases. As new
versions of cert-manager are released, we will add the non-current
versions to our block list after 3 months. We strongly encourage
cert-manager users to stay up-to-date with new versions.

Also, there is an opportunity to help both Jetstack and Let's Encrypt.
Once you've upgraded, please check the logs for your cert-manager
instances from time to time. Are they making excessive requests to Let's
Encrypt (more than, say, 10 per day over multiple days)? If so, please
share details at https://github.com/jetstack/cert-manager/issues/1948 .

Thanks,
Let's Encrypt Team

Change-Id: Ic7152150ac1c96941423878c6d4b6209e07429cf

cluster/kube/lib/cert-manager.libsonnet

@@ -11,6 +11,7 @@ local kube = import "../../../kube/kube.libsonnet";
         cfg:: {
             namespace: "cert-manager",
             enableWebhook: false,
+            version: "v0.9.1",
         },
 
         metadata:: {
@@ -389,7 +390,7 @@ local kube = import "../../../kube/kube.libsonnet";
                             serviceAccountName: env.sas.cainjector.metadata.name,
                             containers_: {
                                 cainjector: kube.Container("cainjector") {
-                                    image: "quay.io/jetstack/cert-manager-cainjector:v0.7.0",
+                                    image: "quay.io/jetstack/cert-manager-cainjector:" + cfg.version,
                                     args: [
                                         "--leader-election-namespace=%s" % [cfg.namespace],
                                     ],
@@ -415,7 +416,7 @@ local kube = import "../../../kube/kube.libsonnet";
                             serviceAccountName: env.sas.webhook.metadata.name,
                             containers_: {
                                 webhook: kube.Container("webhook") {
-                                    image: "quay.io/jetstack/cert-manager-webhook:v0.7.0",
+                                    image: "quay.io/jetstack/cert-manager-webhook:" + cfg.version,
                                     args: [
                                         "--v=12",
                                         "--secure-port=6443",
@@ -452,7 +453,7 @@ local kube = import "../../../kube/kube.libsonnet";
                             serviceAccountName: env.sas.certmanager.metadata.name,
                             containers_: {
                                 webhook: kube.Container("cert-manager") {
-                                    image: "quay.io/jetstack/cert-manager-controller:v0.7.0",
+                                    image: "quay.io/jetstack/cert-manager-controller:" + cfg.version,
                                     args: [
                                         "--cluster-resource-namespace=%s" % [cfg.namespace],
                                         "--leader-election-namespace=%s" % [cfg.namespace],