chore (deps) : update controller-runtime to v0.23.3

[rohanKanojia]

What does this PR do?

This PR updates sigs.k8s.io/controller-runtime from v0.22.1 to v0.23.1, along with corresponding Kubernetes API dependencies to v0.35.0. This is a routine dependency update to ensure the DevWorkspace Operator stays current with the latest stable controller-runtime releases.

What issues does this PR fix or reference?

N/A - This is a routine dependency update for maintenance purposes.

Is it tested? How?

• Existing unit tests validate compatibility with the updated controller-runtime version
• The update only modifies go.mod and go.sum files with dependency version changes
• There is only one breaking change introduced:
  • Existing code of the form builder.WebhookManagedBy(mgr).For(&corev1.Deployment{}) has to be changed to builder.WebhookManagedBy(mgr, &appsv1.Deployment{})

PR Checklist

• E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
  • v8-devworkspace-operator-e2e: DevWorkspace e2e test
  • v8-che-happy-path: Happy path for verification integration with Che

Summary by CodeRabbit

• New Features

  • Support numeric taint toleration operators Lt/Gt in addition to Exists/Equal (default Equal; Lt/Gt require feature gate).
  • Added userAnnotations for pod-certificate signer config to allow passthrough of string metadata into generated PodCertificateRequests.

• Documentation

  • Clarified that container resizePolicy cannot be set on ephemeral containers and simplified volume expansion guidance.

• Chores

  • Upgraded module dependencies and adjusted webhook registration setup.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: rohanKanojia
Once this PR has been reviewed and has the lgtm label, please assign dkwon17 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rohanKanojia]

/ok-to-test

[rohanKanojia]

/retest

[dkwon17]

@rohanKanojia when you have a moment, could you please rebase?

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 30ab40a9-8997-437f-974a-dd27887473b8

📥 Commits

Reviewing files that changed from the base of the PR and between b7c4562 and de89215.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (12)

• deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/bundle/manifests/controller.devfile.io_devworkspaceroutings.yaml
• deploy/deployment/kubernetes/combined.yaml
• deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/kubernetes/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/openshift/combined.yaml
• deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/openshift/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/templates/crd/bases/controller.devfile.io_devworkspaceroutings.yaml
• go.mod
• main.go

✅ Files skipped from review due to trivial changes (4)

• deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/deployment/openshift/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml

🚧 Files skipped from review as they are similar to previous changes (4)

• main.go
• deploy/deployment/openshift/combined.yaml
• deploy/deployment/kubernetes/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/bundle/manifests/controller.devfile.io_devworkspaceroutings.yaml

---

📝 Walkthrough

Walkthrough

Updated CRD and manifest OpenAPI descriptions: added Lt/Gt to toleration operator docs (feature-gated), clarified resizePolicy cannot be set on ephemeral containers, removed conditional mention of RecoverVolumeExpansionFailure, added userAnnotations map to podCertificate signer config, bumped go module deps, and adjusted webhook registration.

Changes

Cohort / File(s)	Summary
CRDs & Manifests (tolerations / resizePolicy / podCertificate) deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml, deploy/bundle/manifests/controller.devfile.io_devworkspaceroutings.yaml, deploy/deployment/kubernetes/combined.yaml, deploy/deployment/openshift/combined.yaml, deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml, deploy/deployment/kubernetes/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml, deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml, deploy/deployment/openshift/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml, deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml, deploy/templates/crd/bases/controller.devfile.io_devworkspaceroutings.yaml	Schema documentation updates: toleration operator docs now list Exists, Equal, Lt, Gt (note that Lt/Gt require the TaintTolerationComparisonOperators feature gate); resizePolicy descriptions reformatted and now explicitly disallow use on ephemeral containers; removed conditional reference to RecoverVolumeExpansionFailure in volume expansion guidance; added userAnnotations (object of string) to podCertificate signer config with copying/validation notes.
Go module go.mod	Upgraded multiple direct and indirect dependencies (k8s.io/*, controller-runtime, testing libs, Prometheus, OpenTelemetry, etc.); removed github.com/pkg/errors indirect; added github.com/Masterminds/semver/v3.
Binary entry / webhooks main.go	Webhook managed registration calls updated to pass the DevWorkspace API objects into ctrl.NewWebhookManagedBy(mgr, &dwvX.DevWorkspace{}) for v1alpha1 and v1alpha2.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰
Manifests whisper, schemas grow clear,
Operators count where numbers appear,
Ephemeral pots now politely barred,
Annotations hitch a ride unmarred,
Webhooks snug — the rabbit hops, delighted.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title references updating controller-runtime to v0.23.3, but the actual changes span far beyond dependency updates—including schema documentation changes across multiple manifest and CRD files, new field additions (userAnnotations), and code changes to main.go webhook registration.	Revise the title to reflect all major changes, e.g., 'feat: add taint toleration comparison operators and userAnnotations field; update controller-runtime to v0.23.3' or similar to accurately represent the full scope.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 99: Update the pinned vulnerable modules in go.mod: bump
go.opentelemetry.io/otel/sdk from v1.36.0 to at least v1.40.0 and
google.golang.org/grpc to at least v1.79.3 (these are the unique module names to
change), then run module resolution to refresh the go.sum (e.g., update
dependencies and run dependency tidy/resolve so the new versions are recorded
and checksums updated) and verify compilation and tests pass.

In `@main.go`:
- Around line 216-220: The webhook registration errors are currently only logged
and startup continues; change both ctrl.NewWebhookManagedBy(...).Complete()
error checks (for dwv1.DevWorkspace and dwv2.DevWorkspace using mgr) to treat
failures as fatal initialization errors: after logging the error with
setupLog.Error include a process-terminating action (consistent with other
main() setup steps), e.g. call os.Exit(1) or an equivalent fatal logger, so the
manager does not start in a degraded state when conversion webhook registration
fails.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aefb06e4-2a5e-4ad1-b807-2739fec3e9ed

📥 Commits

Reviewing files that changed from the base of the PR and between 441bcb2 and d254509.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (12)

• deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/bundle/manifests/controller.devfile.io_devworkspaceroutings.yaml
• deploy/deployment/kubernetes/combined.yaml
• deploy/deployment/kubernetes/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/kubernetes/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/openshift/combined.yaml
• deploy/deployment/openshift/objects/devworkspaceoperatorconfigs.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/deployment/openshift/objects/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml
• deploy/templates/crd/bases/controller.devfile.io_devworkspaceoperatorconfigs.yaml
• deploy/templates/crd/bases/controller.devfile.io_devworkspaceroutings.yaml
• go.mod
• main.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fail fast if conversion webhook registration fails.

Line 216 and Line 219 only log .Complete() errors and continue startup. If conversion webhook registration fails, the manager can start in a degraded state where version conversions break at runtime. Please treat these as fatal initialization errors (consistent with other setup steps in main()).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@main.go` around lines 216 - 220, The webhook registration errors are
currently only logged and startup continues; change both
ctrl.NewWebhookManagedBy(...).Complete() error checks (for dwv1.DevWorkspace and
dwv2.DevWorkspace using mgr) to treat failures as fatal initialization errors:
after logging the error with setupLog.Error include a process-terminating action
(consistent with other main() setup steps), e.g. call os.Exit(1) or an
equivalent fatal logger, so the manager does not start in a degraded state when
conversion webhook registration fails.