SANDBOX-1465: update kube & openshift dependencies to 4.20

[rsoaresd]

Description

Update dependencies

Tool/Library	Current Version	Updates to Version
k8s.io/*	v0.32.2	v0.33.4
controller-runtime	v0.20.4	v0.21.0
controller-tools	v0.17.3	v0.18.0

Related PRs

codeready-toolchain/api#495
codeready-toolchain/toolchain-common#503
codeready-toolchain/member-operator#718
codeready-toolchain/host-operator#1226
codeready-toolchain/toolchain-e2e#1239
codeready-toolchain/toolchain-cicd#165
kubesaw/ksctl#137
wa#311
https://github.com/codeready-toolchain/sandboxctl/pull/59
https://github.com/codeready-toolchain/sandbox-sre/pull/2815
https://github.com/codeready-toolchain/mcp-server-devsandbox/pull/49

Issue ticket number and link

SANDBOX-1465

Summary by CodeRabbit

• Chores
  • Updated Go language version requirement to 1.24.x (1.24.11 or higher).
  • Upgraded Kubernetes dependencies to v0.33.2 and controller-runtime to v0.21.0.
  • Updated Prometheus, Google Cloud, and OpenTelemetry libraries to latest compatible versions.
  • Refreshed build toolchain and container images.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Go toolchain upgraded from 1.23 to 1.24, with coordinated updates across go.mod, documentation, and CI configuration. Kubernetes and Prometheus dependencies bumped to compatible versions. Internal module replacements added for codeready-toolchain/api and toolchain-common. Vulnerability list cleared and test assertion updated.

Changes

Cohort / File(s)	Change Summary
Go Toolchain & Dependencies go.mod, README.adoc, openshift-ci/Dockerfile.tools	Go version bumped from 1.23.0 to 1.24.0; toolchain updated from go1.23.12 to go1.24.11 across all configuration files. Kubernetes deps (k8s.io/api, k8s.io/apimachinery, k8s.io/client-go, controller-runtime) upgraded to v0.33.2 and v0.21.0. Prometheus, Google Cloud, OpenTelemetry, and related libraries updated. Internal module replacements added for codeready-toolchain/api and toolchain-common.
Vulnerability & Security .govulncheck.yaml	Cleared ignored-vulnerabilities list; previously contained multiple GO-2025-* entries with silence-until metadata, now an empty array.
Test Updates pkg/proxy/metrics_server_test.go	Updated expected Content-Type header in TestProxyMetricsServer from escaping=values to escaping=underscores.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~35 minutes

• go.mod changes require verification of dependency compatibility across the expanded version matrix (Kubernetes v0.33.2, controller-runtime v0.21.0, and numerous transitive updates). The addition of internal module replacements needs confirmation that fork points are intentional and correctly mapped.
• Cross-file Go version consistency across go.mod, README, and Dockerfile should be validated.
• Test assertion change warrants confirmation that the new escaping behavior aligns with the updated Prometheus metrics library version.

Possibly related PRs

• Update API & toolchain-common (to check removal of che config) #554 — Modifies the same internal module replacements in go.mod (codeready-toolchain/api and toolchain-common).
• SANDBOX-1357: update kube & openshift dependencies to 4.19 #547 — Updates .govulncheck.yaml ignored-vulnerabilities and performs similar Go/Kubernetes tooling upgrades.
• update .govulncheck.yaml #556 — Directly opposes this PR by adding ignored-vulnerabilities entries (GO-2025-* with silence-until dates) rather than clearing them.

Suggested labels

lgtm

Suggested reviewers

• mfrancisc
• alexeykazakov
• xcoulon
• MatousJobanek
• rajivnathan

Poem

🐰 The version leap is here at last,
From 1.23 now to 1.24 cast!
Dependencies dance in harmony new,
Kubernetes and Prometheus too.
With clean vulns and tests aligned,
A tidy upgrade, well-designed! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: updating Kubernetes and OpenShift dependencies to version 4.20, which is the primary objective across multiple files.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rsoaresd]

temporary

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.58%. Comparing base (77d5530) to head (7fadd8b).

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #565      +/-   ##
==========================================
- Coverage   81.54%   75.58%   -5.97%     
==========================================
  Files          46       46              
  Lines        2802     2802              
==========================================
- Hits         2285     2118     -167     
- Misses        431      598     +167     
  Partials       86       86              

Flag	Coverage Δ
unittests	75.58% <ø> (-5.97%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexeykazakov, MatousJobanek, rajivnathan, rsoaresd

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [MatousJobanek,alexeykazakov,rajivnathan,rsoaresd]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment