kumactl 2.6.0

[crunchtime-ali]

action-homebrew-bump-formula

---

Created with brew bump-formula-pr.

release notes

Get ready to elevate your Kuma experience with the release of Kuma 2.6.0, a jam-packed update that brings a myriad of exciting features to the table. From introducing a new MeshMetric policy to expanding policy targeting capabilities for MeshGateways, this minor release is packed with enhancements that will transform your network connectivity.
Upgrading
We strongly suggest upgrading to Kuma 2.6.0. Upgrading is straightforward through kumactl or Helm.

Be sure to carefully read the Upgrade Guide before upgrading Kuma.
Notable Changes


🚀 Expanded Policy Targeting
Kuma now allows a wider range of policies, including MeshCircuitBreaker, MeshFaultInjection, and MeshAccessLog, to target MeshGateways. This expands the granularity of policy enforcement and enables more fine-grained control over network traffic at the gateway level.


🚀 MeshMetric Policy for Comprehensive Traffic Metrics
Kuma introduces the new MeshMetric policy, which provides a centralized and consistent approach to collecting traffic metrics across all data plane proxies in a mesh. This policy simplifies the management of metrics configurations and ensures that all traffic data is captured uniformly.


🚀 Streamlined MeshGateway Routing
MeshHTTPRoute and MeshTCPRoute can now replace MeshGatewayRoute for configuring how a MeshGateway should process network traffic. This change provides greater flexibility and control over gateway routing rules.


🚀 Modernized Default Policies
The default legacy policies automatically created during mesh creation have been replaced with new, more streamlined and efficient policies.


🚀 Enhanced Traffic Flow without mTLS
When mTLS is not enabled for a mesh, traffic now flows by default, eliminating the need for a MeshTrafficPermission policy.


🚀 Improved GUI Experience
Kuma 2.6.0 introduces a number of enhancements to the graphical user interface (GUI), making it more user-friendly and intuitive.


🚀 Effortless Single-Zone to Multi-Zone Migration
Kuma's zone federation allows you to effortlessly migrate from a single-zone deployment to a multi-zone configuration. This means you can start small with a single zone and gradually federate additional zones as your network grows, ensuring a smooth and controlled scaling process.


Changelog

chore(deps): bump actions/cache from 3.3.2 to 4.0.0 #8865 #8985 @dependabot
chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 #8862 @dependabot
chore(deps): bump actions/download-artifact and actions/upload-artifact from 3 to 4 #8701 @michaelbeaumont
chore(deps): bump actions/github-script from 6 to 7 #8422 #8530 @dependabot
chore(deps): bump actions/setup-go from 4 to 5 #8586 @dependabot
chore(deps): bump actions/upload-artifact from 3.1.0 to 4.2.0 #8863 #8986 @dependabot
chore(deps): bump debian from fab22df to b16cef8 #8465 #8685 #8853 @dependabot
chore(deps): bump distroless/base-nossl-debian11 from 1ae8df5 to 61c9d7a #8659 @dependabot
chore(deps): bump distroless/static-debian11 from cdb2034 to 1e5b9bb #8657 @dependabot
chore(deps): bump github.com/bakito/go-log-logr-adapter from v0.0.2 to latest #8646 @michaelbeaumont
chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 #8693 @dependabot
chore(deps): bump github.com/containernetworking/plugins from 1.3.0 to 1.4.0 #8588 @dependabot
chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.0 to 3.11.2 #8791 @dependabot
chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.1 to 0.12.0 #8738 @dependabot
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.2 to 1.0.4 #8857 #8971 @dependabot
chore(deps): bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.8.1 #8883 @dependabot
chore(deps): bump github.com/exaring/otelpgx from 0.5.2 to 0.5.3 #8975 @dependabot
chore(deps): bump github.com/go-logr/logr from 1.3.0 to 1.4.1 #8726 @dependabot
chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.0 #8724 @dependabot
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.6.0 #8644 #9018 @dependabot
chore(deps): bump github.com/gruntwork-io/terratest from 0.46.7 to 0.46.11 #8589 #8790 #8968 @dependabot
chore(deps): bump github.com/jackc/pgx/v5 from 5.5.0 to 5.5.2 #8587 #8860 @dependabot
chore(deps): bump github.com/miekg/dns from 1.1.56 to 1.1.58 #8421 #8970 @dependabot
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.15.0 #8520 #8859 #8973 @dependabot
chore(deps): bump github.com/onsi/gomega from 1.30.0 to 1.31.1 #8976 @dependabot
chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 #8728 @dependabot
chore(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 #8858 @dependabot
chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.6 to 2.1.7 #8974 @dependabot
chore(deps): bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.27.0 #8725 @dependabot
chore(deps): bump github/codeql-action from 2 to 3.23.1 #8662 #8864 #8984 @dependabot
chore(deps): bump golang from 1.21.4 to 1.21.6 #8616 #8944 @jakubdyszkiewicz,@michaelbeaumont
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 #8665 @dependabot
chore(deps): bump golang.org/x/net from 0.18.0 to 0.20.0 #8519 #8789 @dependabot
chore(deps): bump golang.org/x/sys from 0.14.1-0.20231108175955-e4099bfacb8c to 0.16.0 #8521 #8774 @dependabot
chore(deps): bump google.golang.org/grpc from 1.59.0 to 1.61.0 #8645 #8686 #9017 @dependabot
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 #8727 @dependabot
chore(deps): bump helm.sh/helm/v3 from 3.13.2 to 3.14.0 #8643 #8969 @dependabot
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 #8861 @dependabot
chore(deps): bump postgres from e213539 to 49c276f #8785 #8842 #8866 @dependabot
chore(deps): bump sigs.k8s.io/controller-runtime from 0.16.3 to 0.17.0 #8972 @dependabot
chore(deps): bump sigs.k8s.io/controller-tools from 0.13.0 to 0.14.0 #8856 @dependabot
chore(deps): bump the go-opentelemetry-io group #8420 @dependabot #8967 @dependabot
chore(deps): bump the k8s-libs group from 0.28.3 to 0.29.1 #8419 @dependabot #8854 @dependabot #8642 @dependabot

#8966 @dependabot
chore(deps): bump ubuntu from 2b7412e to 6042500 #8518 #8658 @dependabot
chore(deps): fix update insecure dependencies by setting bigger swap #8677 @slonka
chore(deps): more explicit image tag in envoy.Dockerfile #8482 @michaelbeaumont
chore(deps): security update #8696 #9104 @kumahq
chore(deps): tag ubuntu image more explicitly #8988 @michaelbeaumont
chore(deps): use latest kumahq/kuma-gui #8400 #8401 #8405 #8418 #8425 #8434 #8440 #8441 #8446 #8452 #8453 #8454 #8470 #8480 #8481 #8488 #8496 #8501 #8504 #8507 #8531 #8534 #8538 #8546 #8550 #8554 #8561 #8564 #8577 #8579 #8583 #8585 #8590 #8592 #8594 #8600 #8601 #8619 #8620 #8637 #8638 #8684 #8709 #8712 #8714 #8735 #8751 #8758 #8779 #8784 #8794 #8797 #8802 #8803 #8810 #8835 #8841 #8848 #8850 #8869 #8870 #8871 #8886 #8895 #8899 #8903 #8910 #8914 #8917 #8941 #8948 #8987 #9003 #9004 #9008 #9040 #9052 #9055 @kumahq
feat(ExternalService): make ExternalServices independent of TrafficPermission #8745 @lukidzi
feat(ExternalService): validate same value for service and address #8641 @jakubdyszkiewicz
feat(MeshAccessLog): select gateway listeners #8560 @michaelbeaumont
feat(MeshCircuitBreaker): select MeshGateway listeners #8562 @michaelbeaumont
feat(MeshFaultInjection): select MeshGateway listeners #8574 @michaelbeaumont
feat(MeshFaultInjection): support ExternalServices with ZoneEgress #8742 @lukidzi
feat(MeshHTTPRoute): add basic gRPC support #8752 @lukidzi
feat(MeshHTTPRoute): add hostToBackendHostname rewrite with MeshGateway #8772 @michaelbeaumont
feat(MeshHTTPRoute): basic MeshGateway support #8402 @michaelbeaumont
feat(MeshHTTPRoute): support hostnames with MeshGateway #8663 @michaelbeaumont
feat(MeshHealthCheck): select MeshGateway listeners #8570 @michaelbeaumont
feat(MeshLoadBalancingStrategy): add option to configure ActiveRequestBias #8553 @lukidzi
feat(MeshLoadBalancingStrategy): select MeshGateway listeners #8571 @michaelbeaumont
feat(MeshLoadBalancingStrategy): support kind MeshGateway #8889 @michaelbeaumont
feat(MeshMetric): add create conflicts to the metric #8894 @jakubdyszkiewicz
feat(MeshMetric): implement OpenTelemetry API for MeshMetric #8874 @Automaat
feat(MeshRateLimit): select MeshGateway listeners #8733 @michaelbeaumont
feat(MeshRateLimit): support ExternalServices with ZoneEgress #8743 @lukidzi
feat(MeshRetry): select MeshGateway listeners #8734 @michaelbeaumont
feat(MeshTCPRoute): add kafka protocol support #8781 @lukidzi
feat(MeshTCPRoute): support MeshGateway #8817 @michaelbeaumont
feat(MeshTimeout): add RequestHeadersTimeout option and configure MeshGateway #8896 @lukidzi
feat(MeshTimeout): select MeshGateway listeners #8573 @michaelbeaumont
feat(MeshTrace): select MeshGateway listeners #8595 @michaelbeaumont
feat(MeshTrace): support kind MeshGateway #8888 @michaelbeaumont
feat(api-server): add /_resources endpoint #8529 @lahabana
feat(api-server): add _rules api to MeshGateways #8540 @lahabana
feat(api-server): add dataplanes/_rules new inspect api #8442 @lahabana
feat(api-server): skip auth on specific endpoints #8458 @jakubdyszkiewicz
feat(bootstrap): support customizing corefile template from kuma-cp #8634 @jijiechen
feat(dataplane): ignored listeners with ignored labels in selector #8463 @jakubdyszkiewicz
feat(grafana): change fixed interval to rate interval variable #8713 @jakubdyszkiewicz
feat(gui): add disabled in the index.html and remove disabled page #8813 @lahabana
feat(injector): add ephemeral-storage resource request/limit for sidecars #8882 @jijiechen
feat(intercp): drop leader on cp shutdown #9046 @jakubdyszkiewicz
feat(k8s): show ZoneEgress zone as column #8913 @michaelbeaumont
feat(k8s): show ZoneIngress zone as column #8906 @michaelbeaumont
feat(kds): add zoneCP info in zone-insights #8720 @lahabana
feat(kds): log additional gRPC status codes at info level #8502 @michaelbeaumont
feat(kuma-cp): added comment and more explicit structure #8753 @lukidzi
feat(kuma-cp): create default target ref policies #8920 @lukidzi
feat(kuma-cp): deprecate standalone mode #8478 @jakubdyszkiewicz
feat(kuma-cp): disable the default creation of TrafficPermission and TrafficRoute #8964 @lukidzi
feat(kuma-cp): enable zone-originated MeshGateway #8919 @lobkovilya
feat(kuma-cp): enable zone-originated policies #8801 @lobkovilya
feat(kuma-cp): hash-suffix remove feature flag #8461 @lobkovilya
feat(kuma-cp): move protocol information to mesh context #8479 @lukidzi
feat(kuma-cp): require kuma.io/origin: zone label when creating zone-origination policies #8873 @lobkovilya
feat(kuma-cp): support cross-zone MeshTCPRoute #8509 @michaelbeaumont
feat(kuma-cp): support labels in ResourceMeta #8516 @lobkovilya
feat(kuma-cp): use labels for KDS sync #8762 @lobkovilya
feat(kuma-dp): add coredns logging flag #8485 @timothy-spencer
feat(kumactl): basic export command #8718 #9009 @jakubdyszkiewicz,@slonka
feat(kumactl): export in kube format #8747 @jakubdyszkiewicz
feat(kumactl): make k8s resources applicable on other clusters #8775 @jakubdyszkiewicz
feat(kumactl): more profiles in export #8780 @jakubdyszkiewicz
feat(mads): extend MADS service to use data from MeshMetric policy #8608 @slonka
feat(policy): Add MeshMetric api #8576 @Automaat
feat(policy): Implement dynamic DPP configuration based on MeshMetric policy #8793 @Automaat
feat(policy): add OpenTelemetry support for MeshMetric #8893 @Automaat
feat(policy): add MeshMetric policy e2e tests #8750 @Automaat
feat(policy): add possibility to target only gateways/sidecars #8868 @lukidzi
feat(policy): add tags to backends for support VirtualOutbounds #8744 @lukidzi
feat(policy): allow policies with from and to configuring egress #8739 @lukidzi
feat(policy): implement MeshMetric xds #8617 @Automaat
feat(policy): support MeshGateway listener matching #8551 @michaelbeaumont
feat(resources): add kuma.io/display-name label #8705 @jakubdyszkiewicz
feat(routes): handle routing if there are no TrafficRoutes #8614 @michaelbeaumont
feat(universal): add VIP_REFRESH_INTERVAL #9042 @nicoche
feat(vip): record generation metrics #9047 @nicoche
feat(xds): do not generate independent listener for vips, use additional_addresses instead #8796 @jijiechen
feat(zone): create Zone resources on zone cp automatically and generate ZoneInsights #8584 @jakubdyszkiewicz
fix(MeshCircuitBreaker): revert validator and check if config is empty #9028 @lukidzi
fix(MeshFaultInjection): handle listener protocol correctly #8815 @michaelbeaumont
fix(MeshHTTPRoute): generate better resources when using HTTPS #9038 @michaelbeaumont
fix(MeshHTTPRoute): make ordering more consistent #8715 @michaelbeaumont
fix(MeshHTTPRoute): use 302 as default status code on Universal to match Kubernetes #8409 @michaelbeaumont
fix(MeshHealthCheck): handle gateway listener protocol correctly #8812 @michaelbeaumont
fix(MeshRateLimit): remove validation of Mesh type and proxyTypes for… #9041 @lukidzi
fix(MeshRetry): handle gateway listener protocol correctly #8811 @michaelbeaumont
fix(ZoneEgress): rewrite host header on ExternalService requests #8403 @michaelbeaumont
fix(ZoneIngress): subset routing when tag is present on all subsets #8443 @michaelbeaumont
fix(ZoneWatch): stop watching Zone if ZoneInsight not found #8766 @michaelbeaumont
fix(api): secret in k8s format #8741 @jakubdyszkiewicz
fix(gateway): check if external service from context when no trafficpermission #8957 @lukidzi
fix(gateway): isolate routes to SNI matches #9054 @michaelbeaumont
fix(k8s): support injection with label kuma.io/sidecar-injection: 'true' #8464 @michaelbeaumont
fix(kds): avoid rare cases where onStreamClosed is called with no state #8703 @lahabana
fix(kds): fix deletion of previous zones in components #8867 @lahabana
fix(kds): fix resource sync #9014 @lukidzi
fix(kds): make status tracker work when there's no metadata #8711 @lahabana
fix(kds): race condition on fill metadata #8872 @jakubdyszkiewicz
fix(kuma-cp): assign extensions in ZoneInsightSink constructor #8940 @bartsmykla
fix(kuma-cp): don't remove Service if MeshGateway is absent for a while (i.e. due to renaming) #8450 @lobkovilya
fix(kuma-cp): don't run outbound proxy generator when there is no TrafficRoute #9082 @michaelbeaumont
fix(kuma-cp): enable hash-suffix only if Zone has KDS feature #8460 @lobkovilya
fix(kuma-cp): failure during the migration from non-federated to federated zone #8938 @lobkovilya
fix(kuma-cp): fix address check to not be loopback ipv4 and ipv6 #8490 @lukidzi
fix(kuma-cp): global upgrade #8890 @lobkovilya
fix(kuma-cp): make metadata retrieve method public #8918 @lukidzi
fix(kuma-cp): return sorted list of k8s secrets #9030 @lukidzi
fix(kuma-cp): set creationTime on KDS sync #8945 @lobkovilya
fix(kuma-cp): treat envoy admin errors as 4xx #8615 @lobkovilya
fix(kuma-cp): upgrade from Zone CP without labels to new one #8839 @lobkovilya
fix(kuma-cp): use column names in sql insert #8688 @lobkovilya
fix(kuma-cp): use pagination store for secret store #9033 @lukidzi
fix(metrics): fix kds metrics for simple watchdog #8428 @slonka
fix(metrics): unify zone name in metrics for k8s and universal #8435 @slonka
fix(policy): allow period in targetRef names #8754 @michaelbeaumont
fix(policy): first lexicographically wins, kind MeshGateway with tags over kind MeshGateway #8691 @michaelbeaumont
fix(policy): improve validator messages, allow string failoverthreshold #8929 @lahabana
fix(policy): support delegated gateways #8740 @michaelbeaumont
fix(vips): skip ignored listeners #8937 @jakubdyszkiewicz

[chenrui333]

  ==> go run tools/docs/generate.go
  stat tools/docs/generate.go: no such file or directory

[chenrui333]

• ci(make): remove old version of docs kumahq/kuma#8690

[chenrui333]

   url "https://github.com/kumahq/kuma/archive/refs/tags/2.6.0.tar.gz"
-  sha256 "78474a36343ea56af0e97452ab63f2a121ed3ad11532fa21c1e3e32685f460b1"
+  sha256 "5fa180d5773f8a5916205fa12f36a9cf45ab723453690247942b6e843a244e9b"

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.