LOG-8992: update dependencies to match OCP v4.22

[jcantrill]

Description

This PR:

• Updates the Dockerfile to golang 1.25
• Removes obsolete variables from the Dockerfile
• Updates the kubernetes dependencies to be the same as OCP 4.22
• Removes the elasticsearch-operator dependency from this operator
• Updates the controller-runtime, operator-sdk, bingo tools to versions compatible with golang 1.25

Links

• https://redhat.atlassian.net/browse/LOG-8991
• https://redhat.atlassian.net/browse/LOG-8992
• https://redhat.atlassian.net/browse/LOG-9001

cc @vparfonov @Clee2691

Summary by CodeRabbit

• Chores

  • Upgraded Go toolchain to 1.25 and refreshed many module dependencies
  • Streamlined container build/runtime layout and copy paths

• Behavioral Change

  • Operator no longer recognizes Elasticsearch-operator logging API types
  • Added KUBE_FEATURE_WatchListClient="false" to operator deployment

• API/Schema

  • CRD docs updated: toleration operators now include Lt/Gt (feature-gated) and resources text clarified

• Tests

  • Updated tests to omit creationTimestamp:null in serialized outputs

[openshift-ci-robot]

@jcantrill: This pull request references LOG-8992 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the sub-task to target the "4.8.0" version, but no target version was set.

Details

In response to this:

Description

This PR:

• Updates the Dockerfile to golang 1.25
• Removes obsolete variables from the Dockerfile
• Updates the kubernetes dependencies to be the same as OCP 4.22
• Removes the elasticsearch-operator dependency from this operator

Links

• https://redhat.atlassian.net/browse/LOG-8991
• https://redhat.atlassian.net/browse/LOG-8992

cc @vparfonov @Clee2691

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Bump Go toolchain to 1.25, refresh dependency pins, adjust build wiring/Makefile, update CSV/CRD docs and operator env var, migrate several tests to controller-runtime fake clients with scheme normalization, and change a REST client construction call in the test client.

Changes

Build image, toolchain, and dependency pins

Layer / File(s)	Summary
Go toolchain and dependency pins go.mod, .bingo/*, Makefile	Bump go directive to 1.25.0, refresh many direct and indirect dependencies, update .bingo toolchain directives, and add export GOTOOLCHAIN=auto to the Makefile.

Manifests and CRD schema docs

Layer / File(s)	Summary
CSV timestamp and operator env bundle/manifests/cluster-logging.clusterserviceversion.yaml, config/manager/manager.yaml	Update CSV createdAt timestamp and add KUBE_FEATURE_WatchListClient="false" to the operator container env.
LogFileMetricExporter CRD text bundle/manifests/logging.openshift.io_logfilemetricexporters.yaml, config/crd/bases/logging.openshift.io_logfilemetricexporters.yaml	Revise spec.resources description to reference DynamicResourceAllocation feature gate and extend spec.tolerations[].operator docs to include Lt/Gt and mention TaintTolerationComparisonOperators.

Tests and client changes

Layer / File(s)	Summary
Test harness: fake clients and scheme handling internal/metrics/dashboard/dashboards_test.go, internal/reconcile/scc_test.go	Replace older fake client usage with fake.NewClientBuilder().WithScheme(scheme), register core/security types into a dedicated runtime.Scheme, and normalize/clear TypeMeta/ResourceVersion before assertions.
REST client construction test/client/client.go	Pass an additional boolean argument to apiutil.RESTClientForGVK in Client.rest, changing the REST client construction path when no cached client exists.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Modified test files have quality issues: missing assertion messages, context.TODO() without timeouts in cluster operations, and tests asserting multiple unrelated behaviors.	Add failure messages to assertions. Replace context.TODO() with timeouts in cluster operations. Split tests asserting both success and outcome state.
Ipv6 And Disconnected Network Test Compatibility	⚠️ Warning	New tests contain hardcoded IPv4 localhost (127.0.0.1): status_test.go line 56 (Loki URL), vector_api_cli_test.go line 28 (health endpoint), forward_to_syslog_test.go line 169 (syslog UDP).	Replace 127.0.0.1 with ::1 or detect localhost dynamically. Use net.JoinHostPort() for IPv6-safe URL construction. Prefer cluster-internal DNS names (service.namespace.svc.cluster.local) for e2e tests.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating dependencies to match OCP v4.22, with the JIRA reference providing context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in modified files are static and deterministic with no dynamic information (pod names, timestamps, UUIDs, node names, namespaces, IPs, or generated identifiers).
Microshift Test Compatibility	✅ Passed	New e2e tests use only standard K8s and MicroShift-compatible APIs. No unavailable APIs, multi-node assumptions, or FeatureGate references detected.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added. All test changes are modifications to existing tests (updated expectations and setup). SNO check applies only to new tests.
Topology-Aware Scheduling Compatibility	✅ Passed	No new topology-aware scheduling constraints. Operator deployment unchanged except env var. CRD changes are documentation-only updates to tolerations and resources descriptions.
Ote Binary Stdout Contract	✅ Passed	No stdout writes in process-level code. Binary uses logerr/v2 (stderr), test suites redirect GinkgoWriter to stderr. OTE stdout contract compliance verified.
Description check	✅ Passed	The PR description addresses all mandatory template sections: it summarizes the intent clearly, provides context via JIRA links, and includes reviewer/approver mentions via /cc and /assign.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jcantrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jcantrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 9: The RUN conditional in the Dockerfile uses an unquoted variable in the
shell test ([ -n $CACHE_DEPS ]), which can mis-evaluate when CACHE_DEPS is
empty; update the test to quote the variable (e.g. [ -n "$CACHE_DEPS" ]) so the
condition is evaluated correctly and the go mod download step only runs when
CACHE_DEPS is set.

In `@go.mod`:
- Line 124: The go.mod currently pins google.golang.org/grpc to v1.72.2 which
contains a critical auth bypass; update the grpc module requirement to v1.79.3
or later (replace the line referencing google.golang.org/grpc v1.72.2) and then
run go get google.golang.org/grpc@v1.79.3 (or newer) followed by go mod tidy to
refresh indirect dependencies; ensure the module entry for
google.golang.org/grpc in go.mod and go.sum are updated accordingly and run
tests to validate no breakage.
- Line 107: Update the vulnerable dependency go.opentelemetry.io/otel/sdk from
v1.36.0 to v1.40.0 or later in go.mod (the module name is
go.opentelemetry.io/otel/sdk) and re-resolve the module graph so transitive OTel
modules are upgraded as well; after changing the version run your project’s Go
module resolution (e.g., re-fetch and tidy modules) to ensure the new version is
recorded and the lockfile / go.sum are updated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: cd1b40f5-1409-45d6-9370-44bab0de27fe

📥 Commits

Reviewing files that changed from the base of the PR and between 30295d6 and 27a90d8.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• Dockerfile
• cmd/main.go
• go.mod

💤 Files with no reviewable changes (1)

• cmd/main.go

[jcantrill]

/label tide/merge-method-squash

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 9: The RUN conditional currently tests only for a non-empty CACHE_DEPS
which treats "false" as true; change the test to an explicit boolean equality
check against the intended truthy value (e.g., test CACHE_DEPS = "true" or =
"1") so go mod download only runs when CACHE_DEPS is explicitly enabled; update
the RUN line that references CACHE_DEPS and runs go mod download accordingly and
ensure any documentation or CI that sets CACHE_DEPS uses the chosen true value.

In `@go.mod`:
- Around line 103-108: The go.mod pins vulnerable OpenTelemetry modules
(go.opentelemetry.io/otel, go.opentelemetry.io/otel/sdk and related packages) at
v1.40.0; update the affected module versions in go.mod so they use patched
releases (e.g., set go.opentelemetry.io/otel to v1.41.0 and
go.opentelemetry.io/otel/sdk to v1.43.0, and align related
exporters/metric/trace modules to compatible patched versions such as v1.41.0+
or v1.43.0+), then run `go get`/`go mod tidy` to resolve and verify the
dependency graph and ensure no breakages in functions that initialize or use
OpenTelemetry components (look for code referencing go.opentelemetry.io/otel,
go.opentelemetry.io/otel/sdk, go.opentelemetry.io/otel/metric,
go.opentelemetry.io/otel/trace, and
go.opentelemetry.io/otel/exporters/otlp/otlptrace).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: e366fcf3-7137-43a7-9d81-d72e86a781ce

📥 Commits

Reviewing files that changed from the base of the PR and between 27a90d8 and 3d8bf3e.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• Dockerfile
• go.mod
• internal/auth/rbac_test.go
• test/helpers_test.go

💤 Files with no reviewable changes (1)

• internal/auth/rbac_test.go

[jcantrill]

/test e2e-target

[jcantrill]

/test functional-target

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

bundle/manifests/cluster-logging.clusterserviceversion.yaml (1)

2554-2555: 💤 Low value

Add a comment explaining why WatchListClient is disabled.

The environment variable KUBE_FEATURE_WatchListClient=false disables a Kubernetes 1.35+ feature for efficient list-watch operations. Since the commit only states "fix unit tests," clarify in a code comment or commit message whether this is a temporary workaround for test compatibility or a permanent stability measure, and reference any related issues.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@bundle/manifests/cluster-logging.clusterserviceversion.yaml` around lines
2554 - 2555, Add a concise code comment next to the KUBE_FEATURE_WatchListClient
environment variable explaining why WatchListClient is disabled (e.g., "disabled
for Kubernetes 1.35+ list-watch incompatibility; temporary workaround for unit
test failures" or "disabled for stability — permanent"), reference any related
issue/PR number if available, and update the commit message to mirror that
rationale; locate the env var named KUBE_FEATURE_WatchListClient in the
cluster-logging.clusterserviceversion.yaml manifest and insert the explanatory
comment immediately above or beside the "- name: KUBE_FEATURE_WatchListClient"
entry so future readers know whether this is a temporary test compatibility fix
or an intentional product decision.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 90: The go.mod currently pins github.com/moby/spdystream at v0.5.0 which
has a HIGH-severity DOS vulnerability; update the dependency to v0.5.1 by either
changing the module version entry for github.com/moby/spdystream to v0.5.1 or,
if k8s.io/client-go@v0.35.1 prevents a direct upgrade, add an explicit replace
directive in go.mod forcing github.com/moby/spdystream =>
github.com/moby/spdystream v0.5.1 and run go mod tidy to refresh the lockfile
and verify the indirect dependency is resolved.

---

Nitpick comments:
In `@bundle/manifests/cluster-logging.clusterserviceversion.yaml`:
- Around line 2554-2555: Add a concise code comment next to the
KUBE_FEATURE_WatchListClient environment variable explaining why WatchListClient
is disabled (e.g., "disabled for Kubernetes 1.35+ list-watch incompatibility;
temporary workaround for unit test failures" or "disabled for stability —
permanent"), reference any related issue/PR number if available, and update the
commit message to mirror that rationale; locate the env var named
KUBE_FEATURE_WatchListClient in the cluster-logging.clusterserviceversion.yaml
manifest and insert the explanatory comment immediately above or beside the "-
name: KUBE_FEATURE_WatchListClient" entry so future readers know whether this is
a temporary test compatibility fix or an intentional product decision.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bf704667-6dbe-47fe-8da6-0364c410d642

📥 Commits

Reviewing files that changed from the base of the PR and between 3fbf67b and 0c52149.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (18)

• .bingo/bingo.mod
• .bingo/controller-gen.mod
• .bingo/gen-crd-api-reference-docs.mod
• .bingo/go.mod
• .bingo/golangci-lint.mod
• .bingo/junitreport.mod
• .bingo/kustomize.mod
• .bingo/operator-sdk.mod
• .bingo/opm.mod
• Makefile
• bundle/manifests/cluster-logging.clusterserviceversion.yaml
• bundle/manifests/logging.openshift.io_logfilemetricexporters.yaml
• config/crd/bases/logging.openshift.io_logfilemetricexporters.yaml
• config/manager/manager.yaml
• go.mod
• internal/metrics/dashboard/dashboards_test.go
• internal/reconcile/scc_test.go
• test/client/client.go

✅ Files skipped from review due to trivial changes (9)

• .bingo/controller-gen.mod
• .bingo/kustomize.mod
• .bingo/operator-sdk.mod
• .bingo/golangci-lint.mod
• .bingo/bingo.mod
• .bingo/go.mod
• .bingo/gen-crd-api-reference-docs.mod
• config/manager/manager.yaml
• .bingo/opm.mod

[vparfonov]

/lgtm

[openshift-ci]

@jcantrill: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.