feat: upgrade cluster-api to v1.10.10

[schegi]

Summary

• Bump `sigs.k8s.io/cluster-api` and `cluster-api/test` v1.8.12 → v1.10.10
• Bump `sigs.k8s.io/controller-runtime` v0.18.7 → v0.20.4 and `k8s.io/*` v0.30.x → v0.32.3
• Fix CAPI v1.9 predicate signatures: `ResourceNotPaused` and `ClusterUnpaused` now require scheme argument
• Fix CAPI v1.10 API rename: `E2EConfig.GetVariable` → `MustGetVariable` (2 call sites in e2e tests)
• Fix import path change: `exp/addons/api/v1beta1` → `api/addons/v1beta1` (addons graduated from experimental)
• Add `--skip-crd-migration-phases` flag and wire `CRDMigrator` controller for all provider CRDs per CAPI v1.10 migration guide
• Remove deprecated `FailureReason`/`FailureMessage` fields from `IonosCloudMachineStatus`
• Update e2e clusterctl config: component URLs → v1.10.10
• Add `test/e2e/data/shared/v1.10/metadata.yaml` for clusterctl compatibility
• Update README compatibility table with CAPI v1.9 and v1.10 columns
• Update golangci-lint config for `+list` marker support

Migration Guides Implemented

• v1.8 to v1.9
• v1.9 to v1.10

Explicitly Not Included

• No v1beta2 conditions adoption
• No `metav1.Condition` migration

Release Notes

Important: The CRD migrator adds the `crd-migration.cluster.x-k8s.io/observed-generation` annotation to CRD objects. If CRDs are managed by a GitOps tool such as kapp, Argo CD, or Flux, ensure this annotation is not continuously removed (e.g. by configuring the tool to ignore it), otherwise the migrator will re-run on every reconciliation.

Test plan

• `make unit-test` passes
• `make integration-test` passes (90/90 specs)
• `make lint` passes
• `make verify` passes
• `make build` passes

🤖 Generated with Claude Code

[schegi]

@copilot review

[Copilot]

@copilot review

Here's my review of the PR changes:

Overall: The PR correctly implements all required migration steps from CAPI v1.8.12 → v1.10.10. The changes are well-scoped and follow the upstream migration guides.

---

✅ Migration Guide Compliance

v1.8 → v1.9 (predicate signatures) — cmd/internal/controller/ionoscloudcluster_controller.go correctly adds the mgr.GetScheme() argument to both predicates.ResourceNotPaused and predicates.ClusterUnpaused, which now require a scheme parameter.

v1.9 → v1.10 (API renames) — E2EConfig.GetVariable → MustGetVariable correctly updated in both suite_test.go call sites.

Addons graduation — exp/addons/api/v1beta1 → api/addons/v1beta1 correctly updated in finalizers.go and ownerreference.go.

CRDMigrator — All four CRD types (IonosCloudCluster, IonosCloudClusterTemplate, IonosCloudMachine, IonosCloudMachineTemplate) are registered. UseCache: true for the types that have dedicated reconcilers using the cache, UseCache: false for template types. RBAC markers, scheme registration, and the --skip-crd-migration-phases flag are all wired up correctly.

---

✅ Code Quality

• Test code modernized with t.Context(), wg.Go() (Go 1.25), and testing/synctest (stabilized in Go 1.25) — all consistent with the go 1.25.0 requirement in go.mod.
• slices.Delete() replaces the manual append(s[:i], s[i+1:]...) pattern in network.go, avoiding the slice aliasing footgun.
• setupControllers() extracted as a helper function, returning errors instead of calling os.Exit directly — improves testability.

---

⚠️ Minor Observations

1. Go version mismatch: go.mod specifies go 1.25.0 but Dockerfile uses golang:1.25.9 (bumped for CVE-2026-32282). This is intentional and fine — the go directive is a minimum version floor, not the exact build version.

2. e2e config version inconsistency (pre-existing, now fixed): The old config had name: "v1.8.5" but downloaded from v1.8.1 URLs. Now both name and URL are consistently v1.10.10.

3. golangci-lint suppressions: The SA1019 suppression for sigs.k8s.io/cluster-api/errors is necessary since FailureReason/FailureMessage removal is deferred to the follow-up PR — this is correctly documented in the PR description.

4. Docs plan files: docs/superpowers/plans/ and docs/superpowers/specs/ add ~1,900 lines of implementation notes. These are fine as architecture decision records, but worth confirming the team wants them committed vs. kept in an external tracker.

---

No blocking issues found. The PR is ready for merge once the follow-up FailureReason/FailureMessage removal PR is planned.

[schegi]

Replaces: #352
#353

[Copilot]

Pull request overview

Upgrades this provider to Cluster API v1.10.10 (and aligned Kubernetes/controller-runtime deps), and applies the required API/migration-guide changes so controllers and e2e infrastructure continue to work with CAPI v1.10.

Changes:

• Bump sigs.k8s.io/cluster-api (+ test framework) to v1.10.10 and align controller-runtime/k8s.io/* dependencies.
• Wire up CAPI’s CRDMigrator controller (plus RBAC + flag) and update controller predicate calls to match new signatures.
• Update e2e wiring (clusterctl config/metadata, addon import path, E2EConfig API rename) and refresh docs/tooling config.

Reviewed changes

Copilot reviewed 16 out of 17 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
go.mod	Updates core deps to CAPI v1.10.10 / controller-runtime v0.20.4 / k8s v0.32.3 and adds new indirects.
go.sum	Module checksum updates corresponding to the dependency bump.
cmd/main.go	Adds CRDMigrator controller setup, CRD scheme registration, and --skip-crd-migration-phases flag + RBAC markers.
config/rbac/role.yaml	Grants CRD read/patch permissions needed by CRDMigrator.
internal/controller/ionoscloudcluster_controller.go	Updates pause predicates to new CAPI signatures requiring scheme.
config/crd/bases/infrastructure.cluster.x-k8s.io_ionoscloudclusters.yaml	Regenerated CRD schema updates from newer tooling/deps.
config/crd/bases/infrastructure.cluster.x-k8s.io_ionoscloudmachines.yaml	Regenerated CRD schema updates from newer tooling/deps.
config/crd/bases/infrastructure.cluster.x-k8s.io_ionoscloudclustertemplates.yaml	Regenerated CRD schema updates from newer tooling/deps.
config/crd/bases/infrastructure.cluster.x-k8s.io_ionoscloudmachinetemplates.yaml	Regenerated CRD schema updates from newer tooling/deps.
test/e2e/suite_test.go	Updates to MustGetVariable per CAPI v1.10 E2EConfig API rename.
test/e2e/helpers/ownerreference.go	Updates addons API import path to graduated location.
test/e2e/helpers/finalizers.go	Updates addons API import path to graduated location.
test/e2e/config/ionoscloud.yaml	Updates clusterctl component URLs and metadata reference to v1.10.10.
test/e2e/data/shared/v1.10/metadata.yaml	Adds clusterctl metadata for CAPI v1.10 compatibility.
README.md	Extends compatibility matrix to include a CAPI v1.10 column.
Dockerfile	Bumps Go builder image patch version.
.golangci.yml	Adjusts lint exclusions for deprecated CAPI errors package and +list marker handling.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[piepmatz]

1 more thing: The CAPI migration docs contain this important bit:

Note: The CRD migrator will add the crd-migration.cluster.x-k8s.io/observed-generation annotation on the CRD object, please ensure that if these CRD objects are deployed with a tool like kapp / Argo / Flux the annotation is not continuously removed.

Please add that do the PR description. We must not forget putting this into the release notes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Parental leave, @gauravgahlot checked and approved.