SANDBOX-1465: update kube & openshift dependencies to 4.20

[rsoaresd]

Description

Update dependencies

Tool/Library	Current Version	Updates to Version
k8s.io/*	v0.32.2	v0.33.4
controller-runtime	v0.20.4	v0.21.0
controller-tools	v0.17.3	v0.18.0

Related PRs

codeready-toolchain/api#495
codeready-toolchain/toolchain-common#503
codeready-toolchain/member-operator#718
codeready-toolchain/host-operator#1226
codeready-toolchain/toolchain-e2e#1239
codeready-toolchain/toolchain-cicd#165
kubesaw/ksctl#137
wa#311
https://github.com/codeready-toolchain/sandboxctl/pull/59
https://github.com/codeready-toolchain/sandbox-sre/pull/2815
https://github.com/codeready-toolchain/mcp-server-devsandbox/pull/49

Issue ticket number and link

SANDBOX-1465

Summary by CodeRabbit

• Chores
  • Updated Go language version requirement to 1.24.x (1.24.11 or higher).
  • Upgraded Kubernetes dependencies to v0.33.2 and controller-runtime to v0.21.0.
  • Updated Prometheus, Google Cloud, and OpenTelemetry libraries to latest compatible versions.
  • Refreshed build toolchain and container images.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@rsoaresd has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 11 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between c4b7ed6 and 462da06.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

Walkthrough

Go toolchain upgraded from 1.23 to 1.24, with coordinated updates across go.mod, documentation, and CI configuration. Kubernetes and Prometheus dependencies bumped to compatible versions. Internal module replacements added for codeready-toolchain/api and toolchain-common. Vulnerability list cleared and test assertion updated.

Changes

Cohort / File(s)	Change Summary
Go Toolchain & Dependencies go.mod, README.adoc, openshift-ci/Dockerfile.tools	Go version bumped from 1.23.0 to 1.24.0; toolchain updated from go1.23.12 to go1.24.11 across all configuration files. Kubernetes deps (k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, controller-runtime) upgraded to v0.33.2 and v0.21.0. Prometheus, Google Cloud, OpenTelemetry, and related libraries updated. Internal module replacements added for codeready-toolchain/api and toolchain-common.
Vulnerability & Security .govulncheck.yaml	Cleared ignored-vulnerabilities list; previously contained multiple GO-2025-* entries with silence-until metadata, now an empty array.
Test Updates pkg/proxy/metrics_server_test.go	Updated expected Content-Type header in TestProxyMetricsServer from escaping=values to escaping=underscores.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~35 minutes

• go.mod changes require verification of dependency compatibility across the expanded version matrix (Kubernetes v0.33.2, controller-runtime v0.21.0, and numerous transitive updates). The addition of internal module replacements needs confirmation that fork points are intentional and correctly mapped.
• Cross-file Go version consistency across go.mod, README, and Dockerfile should be validated.
• Test assertion change warrants confirmation that the new escaping behavior aligns with the updated Prometheus metrics library version.

Possibly related PRs

• Update API & toolchain-common (to check removal of che config) #554 — Modifies the same internal module replacements in go.mod (codeready-toolchain/api and toolchain-common).
• SANDBOX-1357: update kube & openshift dependencies to 4.19 #547 — Updates .govulncheck.yaml ignored-vulnerabilities and performs similar Go/Kubernetes tooling upgrades.
• update .govulncheck.yaml #556 — Directly opposes this PR by adding ignored-vulnerabilities entries (GO-2025-* with silence-until dates) rather than clearing them.

Suggested labels

lgtm

Suggested reviewers

• mfrancisc
• alexeykazakov
• xcoulon
• MatousJobanek
• rajivnathan

Poem

🐰 The version leap is here at last,
From 1.23 now to 1.24 cast!
Dependencies dance in harmony new,
Kubernetes and Prometheus too.
With clean vulns and tests aligned,
A tidy upgrade, well-designed! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: updating Kubernetes and OpenShift dependencies to version 4.20, which is the primary objective across multiple files.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rsoaresd]

temporary

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.58%. Comparing base (77d5530) to head (462da06).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #565      +/-   ##
==========================================
- Coverage   81.54%   75.58%   -5.97%     
==========================================
  Files          46       46              
  Lines        2802     2802              
==========================================
- Hits         2285     2118     -167     
- Misses        431      598     +167     
  Partials       86       86              

Flag	Coverage Δ
unittests	75.58% <ø> (-5.97%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexeykazakov, MatousJobanek, rajivnathan, rsoaresd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MatousJobanek,alexeykazakov,rajivnathan,rsoaresd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud