Update kserve/kserve manifests from v0.18.0 (#3406)

* Update kserve/kserve manifests from v0.17.0

There are a few specialties regarding this release as the initial
v0.17.0 tag did not contain the needed install files, see the linked
issue for more details. This is also the reason that the manifests were
synced from the `release-v0.17` branch manually instead of using the tag
as we normally do.

Additionally the sync came with a bunch of script which I did not
include into the changes as they were only scripts:

- `applications/kserve/kserve/keda-dependency-install.sh`
- `applications/kserve/kserve/kserve-knative-mode-dependency-install.sh`
- `applications/kserve/kserve/kserve-knative-mode-full-install-with-manifests.sh`
- `applications/kserve/kserve/kserve-standard-mode-dependency-install.sh`
- `applications/kserve/kserve/kserve-standard-mode-full-install-with-manifests.sh`
- `applications/kserve/kserve/llmisvc-dependency-install.sh`
- `applications/kserve/kserve/llmisvc-full-install-with-manifests.sh`

Link: kserve/kserve#5255
Signed-off-by: Christian Heusel <christian@heusel.eu>

* chore: Allow syncing manifests from a different ref

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Christian Heusel <christian@heusel.eu>

* chore: Update the resource version in the delete patch

Signed-off-by: Christian Heusel <christian@heusel.eu>

* fix(kserve): fix webhook Certificate SANs for kubeflow namespace

kserve_kubeflow.yaml v0.17.0 introduced a second set of Certificate
resources that still reference the upstream kserve namespace instead of
kubeflow. These duplicates override the correct kubeflow-scoped ones,
causing cert-manager to issue certs with kserve.svc SANs, which results
in TLS verification failures on the webhook server.

Patch all three Certificates (serving-cert, llmisvc-serving-cert,
localmodel-serving-cert) to use the correct kubeflow.svc SANs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Christian Heusel <christian@heusel.eu>

* fix(kserve): fix inject-ca-from annotations for kubeflow namespace

kserve_kubeflow.yaml v0.17.0 hardcodes cert-manager.io/inject-ca-from:
kserve/<cert-name> on all webhook configurations and relevant CRDs, but
the Certificate resources live in the kubeflow namespace. cert-manager's
ca-injector uses this annotation to populate the webhook caBundle, so
with the wrong namespace reference the caBundle is never set and TLS
verification fails with "certificate signed by unknown authority".

Patch all 12 affected resources (1 MutatingWebhookConfiguration, 3 CRDs,
8 ValidatingWebhookConfigurations) to use kubeflow/<cert-name> instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Christian Heusel <christian@heusel.eu>

* Update kserve/kserve manifests from v0.18.0

Signed-off-by: Christian Heusel <christian@heusel.eu>

* chore: Update readme for kserve v0.18.0

Usually this works automatically, however due to the changes for kserve
v0.17.0 this has to be done manually once.

Signed-off-by: Christian Heusel <christian@heusel.eu>

* refactor(kserve): consolidate inject-ca-from patches using name regex targets

Replace 12 individual strategic merge patches with 3 JSON 6902 patches
that use name regex targets, grouping resources by their cert name.

Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Christian Heusel <christian@heusel.eu>

* chore: Improve sync script to ignore scripts and fix readme replacement

Signed-off-by: Christian Heusel <christian@heusel.eu>

---------

Signed-off-by: Christian Heusel <christian@heusel.eu>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 3 people

README.md

@@ -74,10 +74,10 @@ This repository periodically synchronizes all official Kubeflow components from
 | Tensorboards Web Application | applications/notebooks-v1/upstream/tensorboards-web-app | [v1.11.0-rc.1](https://github.com/kubeflow/notebooks/tree/v1.11.0-rc.1/components/crud-web-apps/tensorboards/manifests) |  |  |  |
 | Volumes Web Application | applications/notebooks-v1/upstream/volumes-web-app | [v1.11.0-rc.1](https://github.com/kubeflow/notebooks/tree/v1.11.0-rc.1/components/crud-web-apps/volumes/manifests) | 4m | 226Mi | 0GB |
 | Katib | applications/katib/upstream | [v0.19.0](https://github.com/kubeflow/katib/tree/v0.19.0/manifests/v1beta1) | 13m | 476Mi | 10GB |
-| KServe | applications/kserve/kserve | [v0.16.0](https://github.com/kserve/kserve/releases/tag/v0.16.0/install/v0.16.0) | 600m | 1200Mi | 0GB |
-| KServe Models Web Application | applications/kserve/models-web-app | [c71ee4309f0335159d9fdfd4559a538b5c782c92](https://github.com/kserve/models-web-app/tree/c71ee4309f0335159d9fdfd4559a538b5c782c92/manifests/kustomize) | 6m | 259Mi  | 0GB |
+| KServe Models Web Application | applications/kserve/models-web-app | [c71ee4309f0335159d9fdfd4559a538b5c782c92](https://github.com/kserve/models-web-app/tree/c71ee4309f0335159d9fdfd4559a538b5c782c92/manifests/kustomize) | 6m | 259Mi  | 0GB |
+| KServe | applications/kserve/kserve | [v0.18.0](https://github.com/kserve/kserve/tree/v0.18.0) | 600m | 1200Mi | 0GB |
 | Kubeflow Pipelines | applications/pipeline/upstream | [2.16.1](https://github.com/kubeflow/pipelines/tree/2.16.1/manifests/kustomize) | 970m | 3552Mi | 35GB |
-| Kubeflow Model Registry | applications/model-registry/upstream | [v0.3.8](https://github.com/kubeflow/model-registry/tree/v0.3.8/manifests/kustomize) | 510m | 2112Mi | 20GB |
+| Kubeflow Model Registry | applications/model-registry/upstream | [v0.3.8](https://github.com/kubeflow/model-registry/tree/v0.3.8/manifests/kustomize) | 510m | 2112Mi | 20GB |
 | Spark Operator	|	applications/spark/spark-operator	|	[2.5.0](https://github.com/kubeflow/spark-operator/tree/v2.5.0) | 9m | 41Mi | 0GB |
 | Istio | common/istio | [1.29.1](https://github.com/istio/istio/releases/tag/1.29.1) | 750m | 2364Mi | 0GB |
 | Knative | common/knative/knative-serving <br /> common/knative/knative-eventing | [v1.21.1](https://github.com/knative/serving/releases/tag/knative-v1.21.1) <br /> [v1.21.0](https://github.com/knative/eventing/releases/tag/knative-v1.21.0) | 1450m | 1038Mi | 0GB |