Upgrade to Kubernetes 1.34 with controller-runtime v0.22.4

[Copilot]

Upgrades all Kubernetes-related dependencies and tooling to support Kubernetes 1.34.

Dependency upgrades

• k8s.io/*: v0.26.1 → v0.34.1
• sigs.k8s.io/controller-runtime: v0.14.6 → v0.22.4
• sigs.k8s.io/controller-tools (controller-gen): v0.14.0 → v0.19.0
• kind: v0.25.0 → v0.30.0, node image: kindest/node:v1.34.2
• ENVTEST_K8S_VERSION: 1.31.0 → 1.34.0

Breaking API migrations (controller-runtime v0.14 → v0.22)

• Webhook validation: webhook.Validator removed; migrated to webhook.CustomValidator with WithValidator() builder pattern. Methods now receive the object as a parameter and return (admission.Warnings, error):

  // Before
  func (r *GameServer) ValidateCreate() error { ... }
  // After
  func (r *GameServer) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { ... }

• Manager options: MetricsBindAddress → Metrics: metricsserver.Options{...}, Port → WebhookServer: webhook.NewServer(webhook.Options{...})
• source.Channel: struct → function, use WatchesRawSource(source.Channel(ch, handler)) instead of Watches(&source.Channel{Source: ch}, handler)
• Client creation: cluster.DefaultNewClient removed; replaced with client.New(config, client.Options{Cache: &client.CacheOptions{Reader: ca}})
• Controller naming: Added Named("allocation-api-server") to AllocationApiServer controller to satisfy new uniqueness requirement
• Fake client: Added WithStatusSubresource for status subresource patch operations in tests
• Admission API: admissionv1beta1 → admissionv1 in test scheme registration

Switch to server-side apply for large CRDs

controller-gen v0.19.0 generates larger CRD schemas (~414 KB each for GameServer and GameServerBuild), which exceed the 262144 byte (256 KB) Kubernetes annotation limit for kubectl.kubernetes.io/last-applied-configuration used by client-side kubectl apply. Switched all kubectl apply commands to kubectl apply --server-side in the operator Makefile (install, deploy, deploye2e targets), e2e/run.sh, and all documentation references. Server-side apply uses managedFields instead of annotations and does not have this size limit.

Note for users upgrading from a previous version: If upgrading from a version that used client-side kubectl apply, you may encounter field ownership conflict errors. Add the --force-conflicts flag to your kubectl apply --server-side commands to resolve this (e.g. kubectl apply --server-side --force-conflicts -f ...). This is documented in the Makefile and installation docs.

Test environment fix

Removed the testEnv.Stop() timeout workaround (controller-runtime#1571) by properly using a cancellable context for the manager and cancelling it in AfterSuite before teardown — matching the pattern already used in webhook_suite_test.go.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[dgkanatsios]

@copilot the "check if install files are modified" step is failing, can you fix it?

[Copilot]

@copilot the "check if install files are modified" step is failing, can you fix it?

The install files were out of date because they weren't regenerated after the CRDs were updated by controller-gen v0.19.0. Fixed in 52caa24 by running make create-install-files and committing the updated install files.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/kubernetes-sigs/kustomize/releases
  • Triggering command: /usr/bin/curl curl -sL REDACTED (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv4.5.7
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv5.3.0
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv5.4.2
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv5.5.0
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv5.6.0
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)
• https://api.github.com/repos/kubernetes-sigs/kustomize/releases/tags/kustomize%2Fv5.8.1
  • Triggering command: /usr/bin/curl curl -s REDACTED --header Authorization: ****** (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[dgkanatsios]

@copilot end to end tests are failing with

"Error from server (Invalid): error when creating "STDIN": CustomResourceDefinition.apiextensions.k8s.io "gameserverbuilds.mps.playfab.com" is invalid: metadata.annotations: Too long: may not be more than 262144 bytes
Error from server (Invalid): error when creating "STDIN": CustomResourceDefinition.apiextensions.k8s.io "gameservers.mps.playfab.com" is invalid: metadata.annotations: Too long: may not be more than 262144 bytes"

Why? This wasn't happening before

[Copilot]

@copilot end to end tests are failing with

"Error from server (Invalid): error when creating "STDIN": CustomResourceDefinition.apiextensions.k8s.io "gameserverbuilds.mps.playfab.co...

controller-gen v0.19.0 generates larger CRD schemas (~414 KB each for GameServer and GameServerBuild). When kubectl apply is used, it stores the full manifest in the kubectl.kubernetes.io/last-applied-configuration annotation, which has a 262144 byte (256 KB) limit. This is a well-known issue with large CRDs.

Fixed in df6df74 by switching all kubectl apply commands to kubectl apply --server-side --force-conflicts, which uses managedFields instead of annotations and doesn't have this size limit. Updated the operator Makefile (install, deploy, deploye2e targets), e2e/run.sh, and all documentation references.

[dgkanatsios]

@copilot do we absolutely need the "--force-conflicts" flag?

[Copilot]

@copilot do we absolutely need the "--force-conflicts" flag?

No, it's not absolutely needed for fresh installs. However, it's needed when upgrading from a previous thundernetes version that used client-side kubectl apply — without it, server-side apply would fail with field ownership conflict errors because the fields were previously owned by kubectl-client-side-apply. Since this PR transitions from client-side to server-side apply, any existing user upgrading would hit this.

That said, if you'd prefer to remove it, I can — users upgrading would just need to add it manually or delete and recreate the CRDs. Let me know your preference.

[dgkanatsios]

@copilot I'd rather you remove the field and set an explicit comment on the docs/comments/anywhere that any users upgrading the CRDs would need to also include this flag.

[Copilot]

@copilot I'd rather you remove the field and set an explicit comment on the docs/comments/anywhere that any users upgrading the CRDs would need to also include this flag.

Removed --force-conflicts from all kubectl apply --server-side commands. Added an upgrade note in the Makefile (comment on the install target) and in the docs (installing-thundernetes.md) explaining that users upgrading from a previous version need to add --force-conflicts manually. Fixed in e0ebb03.