build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.35.4 in /controller

[dependabot]

Bumps k8s.io/apimachinery from 0.33.0 to 0.35.4.

Commits

• 475c941 Merge pull request #138356 from dims/update-moby-spdystream-v0.5.1-1.35
• 6c08bb5 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
• 45398ef Merge pull request #137927 from lalitc375/cherry-pick-137864
• b414b94 Fix backport differences for 1.35 (remove WithOrigin and MarkAlpha)
• f933a4d Add slice and map union member support with tests
• 977ad5b Use IsZero instead of IsNil for union ratcheting check
• a128230 Fix union validation ratcheting when oldObj is nil
• 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
• e2a2dbc Bump golang.org/x/crypto to v0.45.0
• 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f3d12841-c708-4685-96bc-054c3a64275a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/controller/k8s.io/apimachinery-0.35.4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[raballew]

Dependabot Review

Recommendation: CLOSE

This PR bumps k8s.io/apimachinery from v0.33.0 to v0.35.4 in controller/go.mod. Multiple issues:

1. Go 1.25 required: k8s.io v0.35.4 requires Go >= 1.25.0, but the project uses Go 1.24.0 and CI runs Go 1.24.x. All CI jobs fail with go: module requires go >= 1.25.0.

2. K8s deps must be updated together: k8s.io/api, k8s.io/apimachinery, k8s.io/apiserver, and k8s.io/client-go must all be at the same version. This PR only bumps apimachinery, leaving the others at v0.33.0.

3. controller-runtime compatibility: sigs.k8s.io/controller-runtime v0.21.0 is built for k8s v0.33.x. Bumping to k8s v0.35.x requires a matching controller-runtime upgrade (likely v0.23.x+).

4. Cross-module sync needed: controller/deploy/operator/go.mod also uses k8s deps (currently v0.34.1) and has a replace directive pointing to ../../. Both modules must be updated together.

5. K8s version jump: This is a jump from Kubernetes 1.33 APIs to 1.35 APIs -- a 2-minor-version jump that may include breaking API changes that require code modifications.

This update needs to be done as a coordinated effort: upgrade Go to 1.25, bump all k8s deps together across both go.mod files, upgrade controller-runtime to a matching version, and fix any API breaking changes.

[raballew]

Closing: k8s.io v0.35.4 requires Go 1.25.0 (project uses Go 1.24.0). K8s deps must be updated in lockstep across both go.mod files with a matching controller-runtime upgrade. This needs a coordinated PR.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.