kumactl 2.10.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

release notes

We are excited to announce the latest release!
Notable Changes
Improvement of OpenAPI
Improved OpenAPI specs with additional definitions, fixed mappings and defaults, documented 404 responses, and properly marked read-only fields.
New rules in targetRef
A new "rules" API has been introduced for inbound policy application, overcoming limitations of the previous "from" syntax, enabling finer control over ports, proxies, services, and HTTP routes.
Introducing new kind Dataplane in targetRef
This unblocks us to use Dataplane labels instead of inbound tags when selecting the proxy that policies should be configured on. Also, it provides a way to select a single port on the DPP when configuring inbounds (by using sectionName).
MeshService improvements
A few improvements are introduced to the MeshService feature.
Changelog

chore(deps): align forked go-control-plane version with upstream #12000 @lukidzi
chore(deps): bump bitnami/kubectl from 1.27.5 to 1.32.2 #12305 #12399 #12868 @dependabot
chore(deps): bump cirello.io/pglock from 1.14.2 to 1.16.0 #11892 @dependabot
chore(deps): bump coredns from v1.11.3 to v1.12.0 #12034 #12472 @bartsmykla,@michaelbeaumont
chore(deps): bump debian from 27586f4 to 3528682 #11810 #12071 #12168 #12412 #12621 #12802 #13000 @dependabot
chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 #12101 @dependabot
chore(deps): bump github.com/bakito/go-log-logr-adapter from bfa42fa to de85860 #12538 @renovate
chore(deps): bump github.com/cilium/ebpf from 0.16.0 to 0.17.3 #12396 #12699 #12875 @dependabot,@renovate
chore(deps): bump github.com/containernetworking/plugins from 1.5.1 to 1.6.2 #11811 #12171 #12524 @dependabot
chore(deps): bump github.com/emicklei/go-restful/v3 from 3.12.1 to 3.12.2 #12991 @dependabot
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 #12674 @dependabot
chore(deps): bump github.com/exaring/otelpgx from 0.6.2 to 0.9.0 #12074 #12678 #12701 @dependabot,@renovate
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 #11970 @dependabot
chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.18.1 to 4.18.2 #12675 @dependabot
chore(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 #12924 @dependabot
chore(deps): bump github.com/gruntwork-io/terratest from 0.47.2 to 0.48.2 #12240 #12397 #12797 @dependabot
chore(deps): bump github.com/invopop/jsonschema from 0.12.0 to 0.13.0 #12427 @dependabot
chore(deps): bump github.com/jackc/pgx/v5 from 5.7.1 to 5.7.2 #12392 @dependabot
chore(deps): bump github.com/miekg/dns from 1.1.62 to 1.1.63 #12679 @dependabot
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.20.2 to 2.22.2 #11969 #12102 #12395 #12426 @dependabot
chore(deps): bump github.com/onsi/gomega from 1.34.2 to 1.36.2 #11971 #12103 #12239 #12410 @dependabot
chore(deps): bump github.com/prometheus/client_golang from 1.20.4 to 1.21.1 #11813 #12923 #13016 @dependabot,@renovate
chore(deps): bump github.com/prometheus/common from 0.60.0 to 0.62.0 #11891 #12202 #12606 @dependabot,@renovate
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 #12873 @dependabot
chore(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 #12737 @dependabot
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0 #12736 @dependabot
chore(deps): bump github.com/testcontainers/testcontainers-go from 0.33.0 to 0.35.0 #11812 #12525 @dependabot
chore(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 #12012 @dependabot
chore(deps): bump go-control-plane from 0.13.1 to 0.13.4 #12654 @lukidzi
chore(deps): bump go.opentelemetry.io/proto/otlp from 1.3.1 to 1.5.0 #12170 #12522 @dependabot
chore(deps): bump golang.org/x/net from 0.30.0 to 0.36.0 #12011 #12203 #12527 #12874 #13017 @dependabot,@renovate
chore(deps): bump golang.org/x/sync from 0.8.0 to 0.11.0 #12013 #12201 #12800 @dependabot
chore(deps): bump golang.org/x/sys from 0.26.0 to 0.30.0 #12015 #12200 #12428 #12796 @dependabot
chore(deps): bump golang.org/x/text from 0.19.0 to 0.22.0 #12014 #12205 #12798 @dependabot
chore(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0 #12871 @dependabot
chore(deps): bump google.golang.org/genproto/googleapis/* from 1a7da9e to 29210b9 #12684 @renovate
chore(deps): bump google.golang.org/grpc from 1.67.1 to 1.71.0 #12010 #12204 #12281 #12393 #12526 #12677 #13018 @dependabot,@renovate
chore(deps): bump google.golang.org/protobuf from 1.35.1 to 1.36.5 #12072 #12304 #12394 #12523 #12676 #12799 @dependabot
chore(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.17.1 #12073 #12303 #12607 #12872 @dependabot,@renovate
chore(deps): bump k8s-staging-build-image/distroless-iptables from v0.6.4 to v0.7.3 #12070 #12401 #12620 #12803 #12869 #12934 @dependabot
chore(deps): bump kumahq/ubuntu-netools from 4243009 to 5417a86 #12016 #12196 #12400 #12533 #12556 @dependabot,@renovate
chore(deps): bump module github.com/josephburnett/jd/v2 from 7b2e87c to 6125a15 #12690 @renovate
chore(deps): bump postgres from 4ec37d2 to 81f32a8 #11817 #12068 #12105 #12197 #12411 #12619 #12801 #12867 #12933 #12999 @dependabot
chore(deps): bump the go-opentelemetry-io group with 9 updates #12009 #12280 @dependabot
chore(deps): bump the k8s-libs group #11890 #12100 #12169 #12238 #12279 #12425 #12521 #12605 #12628 #12629 #12673 #12795 #12870 @dependabot,@renovate
chore(deps): pin distroless-iptables image #12459 @lahabana
chore(deps): remove deprecated protobuf dependency #12038 @Icarus9913
chore(deps): security update #12250 #12328 #12969 @kumahq
chore(deps): update golang.org/x/exp digest from e7e105d to e0ece0d #12539 #12698 @renovate
chore(deps): update module github.com/evanphx/json-patch/v5 from v5.9.0 to v5.9.11 #12689 #12700 @renovate
chore(deps): update opentelemetry-go monorepo #12600 @renovate
chore(deps): update opentelemetry-go-contrib monorepo to v0.59.0 #12614 @renovate
chore(deps): upgrade envoy from 1.30.6 to 1.32.3 #11615 #11831 #11962 #12215 #12458 @lukidzi
chore(deps): upgrade go from 1.23.2 to 1.23.6 #12083 #12220 #12582 #12781 @Icarus9913,@kumahq,@lukidzi
chore(deps): use latest kumahq/kuma-gui #11803 #11814 #11818 #11829 #11830 #11863 #11864 #11867 #11912 #11913 #11914 #11916 #11919 #11929 #11935 #11964 #11965 #11977 #11989 #11990 #11992 #11999 #12004 #12019 #12020 #12031 #12035 #12036 #12039 #12046 #12053 #12058 #12060 #12063 #12065 #12066 #12069 #12075 #12076 #12077 #12078 #12079 #12081 #12082 #12088 #12089 #12090 #12092 #12094 #12106 #12138 #12139 #12150 #12151 #12153 #12172 #12178 #12179 #12184 #12186 #12187 #12192 #12193 #12194 #12211 #12213 #12214 #12225 #12227 #12228 #12237 #12242 #12271 #12296 #12302 #12306 #12316 #12317 #12318 #12323 #12417 #12418 #12422 #12462 #12469 #12490 #12499 #12520 #12537 #12604 #12608 #12622 #12632 #12638 #12640 #12643 #12645 #12651 #12656 #12662 #12681 #12687 #12694 #12706 #12720 #12726 #12745 #12750 #12758 #12772 #12807 #12808 #12813 #12823 #12824 #12833 #12835 #12836 #12838 #12850 #12851 #12876 #12884 #12887 #12888 #12896 #12899 #12902 #12905 #12907 #12918 #12942 #12945 #12949 #12959 #12962 #12973 #12974 #12981 #13001 #13006 #13007 #13011 #13013 #13019 #13027 #13055 #13086 @kumahq
feat(MeshAccessLog): add possibility to configure gateway using rules api #12815 @Automaat
feat(MeshAccessLog): add possibility to configure inbound using rules api #12708 @Automaat
feat(MeshCircuitBreaker): add possibility to configure inbound using rules api #12771 @Automaat
feat(MeshCircuitBreaker): supplement HealthyPanicThreshold property #12860 @Icarus9913
feat(MeshCircuitBreaker): track remaining connections before opening circuit breaker #12206 @lukidzi
feat(MeshFaultInjection): support GRPC protocol #12715 @lukidzi
feat(MeshHealthCheck): deprecate healthyPanicThreshold property #12878 @Icarus9913
feat(MeshMetrics): add dns statistics to the basic profile #12226 @lukidzi
feat(MeshPassthrough): add support for MySQL protocol #12839 @lukidzi
feat(MeshRateLimit): add possibility to configure inbound using rules api  #12722 @Automaat
feat(MeshService): add option to selectively ignore conversion to MeshService #11833 @jakubdyszkiewicz
feat(MeshTLS): add possibility to configure gateway using rules api  #12818 @Automaat
feat(MeshTLS): add possibility to configure inbound using rules api  #12752 @Automaat
feat(MeshTimeout): add possibility to configure inbound using rules api #12500 #12696 #12757 #12769 @lobkovilya
feat(api): add kuma resources and policies short name support #12109 @lahabana
feat(api): apply default configurations for k8s & universal by using k8s defaulter #12829 @slonka
feat(api-server): add inspect-api for retrieving service hostnames #11865 @jakubdyszkiewicz
feat(api-server): add support for inbound rules in inspect-api #12713 @lobkovilya
feat(api-server): add support for inspect api for new kind Dataplane and section name for selecting single inbound #12644 @Automaat
feat(api-server): add support for label filters #12840 @lahabana
feat(api-server): allow listing Dataplanes matching given MeshService #11850 @jakubdyszkiewicz
feat(api-server): respond with 200/201 with empty json for successful PUT #12642 @slonka
feat(api-server): return empty json on successful delete response #12669 @slonka
feat(helm): add ServiceMonitor for controlplane metrics scraping #12843 @synthe102
feat(helm): add priorityClassName to Helm Chart #12652 @jmromanos
feat(helm): expose CNI affinity setting #13080 @lukidzi
feat(kds): add option to disable KDS traces #11847 @michaelbeaumont
feat(kds): add support for Secrets creation on the zone #12768 @lukidzi
feat(kds): add support for kuma.io/kds-sync label #13008 @lahabana
feat(kds): use compressor to make requests and responses smaller #12339 @slonka
feat(kuma-cp): add new targetRef kind Dataplane #12470 @Automaat
feat(kuma-cp): add pod labels on dataplane and use proxy type labels #12453 @Automaat
feat(kuma-cp): allow missing transparent proxy ConfigMap or empty in k8s #11988 @bartsmykla
feat(kuma-cp): allow skipping certain label propagation on multizone #11918 @michaelbeaumont
feat(kuma-cp): cleanup ZoneIngress/ZoneEgress resources #12787 @lukidzi
feat(kuma-cp): clock skew for generated certs #11807 @jakubdyszkiewicz
feat(kuma-cp): take inbound name from pod instead of service #12783 @Automaat
feat(kuma-dp): disable application probe proxy by default on Universal #12002 @jijiechen
feat(kumactl): update install observability components #12862 @bartsmykla
feat(openapi): generate a spec with all resources #12006 #12272 #12329 #12330 #12336 #12497 #12665 #12666 #12680 #12697 #12903 #12936 @schogges,@slonka
feat(policy): add InboundRules to GatewayRules #12791 @Automaat
feat(policy): allow sectionName and labels in targetRef #11819 @Neyaz
feat(policy): allow using Dataplane kind in top level targetRef in all policies #12659 @Automaat
feat(policy): deprecate MeshSubset kind in top level targetRef #12660 @Automaat
feat(policy): deprecate from section for policies supported by section rules #12789 @Automaat
feat(policy): implement algorithm for inbound rules #12560 @lobkovilya
feat(policy): implement possibility to select proxies in policies by new kind Dataplane #12573 @Automaat
feat(policy): support Labels with SectionName in ResolveTargetRef function #12743 @lobkovilya
feat(resource): add deprecation for resources whose name breaks RFC-1035 #13003 #13028 @Icarus9913,@lukidzi
feat(resource): add isProxy flag to resource descriptor #12414 @Automaat
feat(transparentproxy): fail injection if custom ConfigMap missing #13012 @bartsmykla
feat(xds): add internal address config onto HttpConnectionManager #12986 @jijiechen
fix(MeshExternalService): set correct TLS context #12162 @lukidzi
fix(MeshExternalService): skip invalid resources during configuration generation #12919 @lukidzi
fix(MeshInsights): skip error on mesh insight creation race condition #12549 @Automaat
fix(MeshLoadBalancingStrategy): deprecate SourceIP and use Connection #12111 @lukidzi
fix(MeshLoadBalancingStrategy): set all priorities equal if localityAware is disabled #11980 @michaelbeaumont
fix(MeshPassthrough): refactor implementation to generate correct route #12054 @lukidzi
fix(MeshService): skip generation for invalid kuma.io/service name #12751 #13014 @Icarus9913,@lukidzi
fix(MeshService): use Protocol from the resource #12709 @lukidzi
fix(MeshTLS): fix shadow policy effect #12731 @Automaat
fix(MeshTimeout): set default inbound timeouts correctly #12692 @lobkovilya
fix(MeshTrace): add support for real resources #12173 @lukidzi
fix(MeshTrafficPermission): prevent nil pointer error for AutoReachableService when no top targetRef #12152 @lukidzi
fix(Secret): return proper typed errors on conflict in secret store #13002 @lahabana
fix(api): compute labels on resource update #11861 @lukidzi
fix(api): return 499 when client cancel context #11821 @lukidzi
fix(api): update the resources properties to be compatible with Terraform and OpenAPI generator #12735 #12742 #12747 #12844 #12895 #13004 @slonka
fix(api-server): order inbounds when returning resources from inspect api #12909 @Automaat
fix(api-server): return early when there is error on delete #12749 @lukidzi
fix(api-server): skip display-name label for service insight #11508 @Icarus9913
fix(cni): delegated gateway was not correctly injected #11922 @jakubdyszkiewicz
fix(cni): support bound service account token by reloading periodically #12592 @jijiechen
fix(gateway): change MeshGateway tags validation to be consistent with MeshRoute tags validation #11808 @Automaat
fix(k8s): fix scope assignment to the resource #12879 @lukidzi
fix(k8s): only run necessary controllers on global #11715 @michaelbeaumont
fix(k8s): prevent reconciling all namespaces on label change #12906 @bartsmykla
fix(k8s): set annotation kuma.io/display-name for Secrets and Configs #11923 @michaelbeaumont
fix(kds): do not log error when context canceled #11820 @lukidzi
fix(kds): fix an issue in KDS causing valid resources not being synced when there is a invalid resource #12776 @lukidzi
fix(kds): remove context from map on stream close #12243 @lukidzi
fix(kds): rework cross zone syncing #12893 @lahabana
fix(kuma-cp): avoid concurrent access on resource meta #11997 @lahabana
fix(kuma-cp): change usage of deprecated global_downstream_max_connections on envoy #13051 @lukidzi
fix(kuma-cp): don't override existing dataplane labels by pod labels #12589 @Automaat
fix(kuma-cp): fix an issue caused by concurrent map operations #12908 @lukidzi
fix(kuma-cp): handle conn closed issue when creating saving stream connection #12557 @Automaat
fix(kuma-cp): move global log variable to struct to avoid data race #12980 @lukidzi
fix(kuma-cp): save and update labels from Dataplane resource on Universal #12975 @Automaat
fix(kumactl): mark valid-for as required for command kumactl generate dataplane-token #11849 @jijiechen
fix(kumactl): remove metrics, logging, tracing columns in get meshes #11895 @michaelbeaumont
fix(policy): a bug in ResolveTargetRef that caused creating excessive entries in ResourceRules #12710 @lobkovilya
fix(policy): fix merging pointers to slices of struct #12859 @slonka
fix(policy): improve message when no proxyTypes #12754 @lukidzi
fix(policy): use new compute for rules and fix rules intersect #12340 @Icarus9913
fix(postgres-leader): add proper error logging in postgres leader elector #12484 @Automaat
fix(xds): ignore watchdog error on context cancelled #12664 @jakubdyszkiewicz
fix(xds): only auth once per xds gRPC stream in kuma-cp. Revoking a dataplane token on Unversal mesh clusters now requires restarting the mesh control plane. #12788 @jijiechen
fix(xds): prevent watchers from being cleaned up unexpectedly #12886 @jijiechen
perf(xds): add x-kuma-tags conditionally #11076 @jakubdyszkiewicz

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.