prow: update kubernetes-external-secrets to v8.1.2

[spiffxp]

Trialing on prow before aaa to verify it comes up OK, and that prow is capable of auto-deploying this

Also using this as an opportunity to exercise the changes in kubernetes/test-infra#22525 and #2190

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [spiffxp]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[spiffxp]

/cc @ameukam
ref: #2148 (comment)

[ameukam]

/lgtm
/hold
Remove hold when ready to deploy.

[spiffxp]

/hold cancel

[spiffxp]

So this failed to deploy automatically, specifically in trying to revoke some existing RBAC permissions:

Error from server (Forbidden): error when applying patch:
{"metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"labels\":{\"app\":\"kubernetes-external-secrets\"},\"name\":\"kubernetes-external-secrets\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"secrets\"],\"verbs\":[\"create\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"namespaces\"],\"verbs\":[\"get\",\"watch\",\"list\"]},{\"apiGroups\":[\"apiextensions.k8s.io\"],\"resourceNames\":[\"externalsecrets.kubernetes-client.io\"],\"resources\":[\"customresourcedefinitions\"],\"verbs\":[\"get\",\"update\"]},{\"apiGroups\":[\"kubernetes-client.io\"],\"resources\":[\"externalsecrets\"],\"verbs\":[\"get\",\"watch\",\"list\"]},{\"apiGroups\":[\"kubernetes-client.io\"],\"resources\":[\"externalsecrets/status\"],\"verbs\":[\"get\",\"update\"]}]}\n"}},"rules":[{"apiGroups":[""],"resources":["secrets"],"verbs":["create","update"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","watch","list"]},{"apiGroups":["apiextensions.k8s.io"],"resourceNames":["externalsecrets.kubernetes-client.io"],"resources":["customresourcedefinitions"],"verbs":["get","update"]},{"apiGroups":["kubernetes-client.io"],"resources":["externalsecrets"],"verbs":["get","watch","list"]},{"apiGroups":["kubernetes-client.io"],"resources":["externalsecrets/status"],"verbs":["get","update"]}]}
to:
Resource: "rbac.authorization.k8s.io/v1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRole"
Name: "kubernetes-external-secrets", Namespace: ""
for: "/home/prow/go/src/github.com/kubernetes/k8s.io/infra/gcp/clusters/projects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/kubernetes-external-secrets_rbac.yaml": clusterroles.rbac.authorization.k8s.io "kubernetes-external-secrets" is forbidden: user "prow-deployer@k8s-infra-prow-build-trusted.iam.gserviceaccount.com" (groups=["system:authenticated"]) is attempting to grant RBAC permissions not currently held:
{APIGroups:[""], Resources:["namespaces"], Verbs:["get" "watch" "list"]}
{APIGroups:[""], Resources:["secrets"], Verbs:["create" "update"]}
{APIGroups:["apiextensions.k8s.io"], Resources:["customresourcedefinitions"], ResourceNames:["externalsecrets.kubernetes-client.io"], Verbs:["get" "update"]}
{APIGroups:["kubernetes-client.io"], Resources:["externalsecrets"], Verbs:["get" "watch" "list"]}
{APIGroups:["kubernetes-client.io"], Resources:["externalsecrets/status"], Verbs:["get" "update"]}

Everything else updated though, so I suspect this is working anyway