Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kumactl for openSUSE:Factory checked in at 2026-03-25 21:22:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kumactl (Old) and /work/SRC/openSUSE:Factory/.kumactl.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kumactl" Wed Mar 25 21:22:22 2026 rev:24 rq:1342528 version:2.13.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kumactl/kumactl.changes 2026-02-26 18:58:55.595235431 +0100 +++ /work/SRC/openSUSE:Factory/.kumactl.new.8177/kumactl.changes 2026-03-27 06:42:56.181703114 +0100 @@ -1,0 +2,25 @@ +Wed Mar 25 13:59:06 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.13.3: + * chore(deps): bump scan-docker-image to v6.1.0 (#15991) + * fix(gatewayapi): ensure statuses are deterministic (backport of + #15928) (#15988) + * chore(deps): bump distroless-iptables to v0.8.8 (#15981) + * chore(deps): bump coredns to v1.14.2 (#15976) + * fix(zoneingress): no public address causes DPP reconciliation + failure (backport of #15926) (#15932) + * chore(deps): upgrade envoy from v1.36.4 to 1.36.5 (backport of + #15905) (#15909) + * chore(deps): bump github.com/buger/jsonparser from 1.1.1 to + 1.1.2 (#15903) + * chore(deps/dev): bump go from 1.26.0 to 1.26.1 (#15892) + * chore(deps): security update (#15880) + * chore(deps): security update (#15867) + * chore(deps/dev): bump go to v1.26.0 (#15587) + * fix(matchers): match delegated gw dpps (backport of #15791) + (#15802) + * chore(deps): security update (#15790) + * fix(xds): don't create empty filter chain for a gateway + (backport of #15532) (#15699) + +------------------------------------------------------------------- Old: ---- kumactl-2.13.2.obscpio New: ---- kumactl-2.13.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kumactl.spec ++++++ --- /var/tmp/diff_new_pack.p3izfE/_old 2026-03-27 06:42:58.021779139 +0100 +++ /var/tmp/diff_new_pack.p3izfE/_new 2026-03-27 06:42:58.025779304 +0100 @@ -17,7 +17,7 @@ Name: kumactl -Version: 2.13.2 +Version: 2.13.3 Release: 0 Summary: CLI for the Kuma service mesh License: Apache-2.0 @@ -26,7 +26,7 @@ Source1: vendor.tar.gz BuildRequires: bash-completion BuildRequires: fish -BuildRequires: go1.25 >= 1.25.7 +BuildRequires: go1.26 >= 1.26.1 BuildRequires: zsh %description ++++++ _service ++++++ --- /var/tmp/diff_new_pack.p3izfE/_old 2026-03-27 06:42:58.065780956 +0100 +++ /var/tmp/diff_new_pack.p3izfE/_new 2026-03-27 06:42:58.069781122 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kumahq/kuma</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.13.2</param> + <param name="revision">v2.13.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.p3izfE/_old 2026-03-27 06:42:58.097782279 +0100 +++ /var/tmp/diff_new_pack.p3izfE/_new 2026-03-27 06:42:58.101782444 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kumahq/kuma</param> - <param name="changesrevision">349ef0859217575f43b4812afe638db5d4d63750</param></service></servicedata> + <param name="changesrevision">b8573349f0938b8cc8ba5bc1cc1f90675175f107</param></service></servicedata> (No newline at EOF) ++++++ kumactl-2.13.2.obscpio -> kumactl-2.13.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/.golangci.yml new/kumactl-2.13.3/.golangci.yml --- old/kumactl-2.13.2/.golangci.yml 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/.golangci.yml 2026-03-24 15:13:29.000000000 +0100 @@ -99,9 +99,14 @@ - os gosec: excludes: + - G101 # Potential hardcoded credentials - G104 # Errors unhandled - G115 + - G118 # context cancellation not called - G301 # Expect directory permissions to be 0750 or less + - G602 # slice index out of range + - G703 # path traversal via taint analysis + - G704 # SSRF via taint analysis importas: alias: - pkg: github.com/kumahq/kuma/v2/pkg/core/resources/apis/mesh @@ -175,6 +180,13 @@ - linters: - staticcheck text: 'ST1001: should not use dot imports' + - linters: + - staticcheck + path: 'api/common/v1alpha1/targetref\.go' + text: 'SA5008' + - linters: + - gosec + path: '(_test\.go$|^test/)' paths: - pkg/transparentproxy/iptables/builder warn-unused: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/go.mod new/kumactl-2.13.3/go.mod --- old/kumactl-2.13.2/go.mod 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/go.mod 2026-03-24 15:13:29.000000000 +0100 @@ -1,6 +1,6 @@ module github.com/kumahq/kuma/v2 -go 1.25.7 +go 1.26.1 require ( cirello.io/pglock v1.16.1 @@ -79,7 +79,7 @@ gonum.org/v1/gonum v0.16.0 google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 - google.golang.org/grpc v1.77.0 + google.golang.org/grpc v1.79.3 google.golang.org/protobuf v1.36.10 gopkg.in/natefinch/lumberjack.v2 v2.2.1 helm.sh/helm/v4 v4.0.2 @@ -99,7 +99,7 @@ ) require ( - cel.dev/expr v0.24.0 // indirect + cel.dev/expr v0.25.1 // indirect dario.cat/mergo v1.0.2 // indirect filippo.io/edwards25519 v1.1.1 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect @@ -147,11 +147,11 @@ github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/boombuler/barcode v1.1.0 // indirect - github.com/buger/jsonparser v1.1.1 // indirect + github.com/buger/jsonparser v1.1.2 // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cncf/xds/go v0.0.0-20251110193048-8bfbf64dc13e + github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect @@ -278,7 +278,7 @@ golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 golang.org/x/mod v0.31.0 // indirect golang.org/x/net v0.48.0 // indirect - golang.org/x/oauth2 v0.32.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/term v0.38.0 // indirect golang.org/x/time v0.13.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/go.sum new/kumactl-2.13.3/go.sum --- old/kumactl-2.13.2/go.sum 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/go.sum 2026-03-24 15:13:29.000000000 +0100 @@ -1,5 +1,5 @@ -cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= -cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= +cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4= +cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4= cirello.io/pglock v1.16.1 h1:NKVe133vhtJMnzdL0UlCtyEb9rm3vSnT2/R7MNu6mfA= cirello.io/pglock v1.16.1/go.mod h1:aCm2qCmp8jc2cNSFUW+n94Ie6ZGXmauBBSXVkWSKD/M= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= @@ -113,8 +113,8 @@ github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo= github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/buger/jsonparser v1.1.2 h1:frqHqw7otoVbk5M8LlE/L7HTnIq2v9RX6EJ48i9AxJk= +github.com/buger/jsonparser v1.1.2/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= @@ -123,8 +123,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cilium/ebpf v0.20.0 h1:atwWj9d3NffHyPZzVlx3hmw1on5CLe9eljR8VuHTwhM= github.com/cilium/ebpf v0.20.0/go.mod h1:pzLjFymM+uZPLk/IXZUL63xdx5VXEo+enTzxkZXdycw= -github.com/cncf/xds/go v0.0.0-20251110193048-8bfbf64dc13e h1:gt7U1Igw0xbJdyaCM5H2CnlAlPSkzrhsebQB6WQWjLA= -github.com/cncf/xds/go v0.0.0-20251110193048-8bfbf64dc13e/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= @@ -601,8 +601,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= -golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= -golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -651,8 +651,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= -google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= -google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/mise.toml new/kumactl-2.13.3/mise.toml --- old/kumactl-2.13.2/mise.toml 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/mise.toml 2026-03-24 15:13:29.000000000 +0100 @@ -6,7 +6,7 @@ buf = "1.61.0" container-structure-test = "1.22.0" ginkgo = "2.27.2" -go = "1.25.7" +go = "1.26.1" hadolint = "2.14.0" helm = "4.0.2" helm-docs = "1.14.2" @@ -38,5 +38,5 @@ # .github/workflows/pr-comments.yaml # .github/workflows/transparentproxy-tests.yaml # .github/workflows/update-insecure-dependencies.yaml -golangci-lint = "2.7.2" +golangci-lint = "2.11.3" skaffold = "2.17.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/mk/build.mk new/kumactl-2.13.3/mk/build.mk --- old/kumactl-2.13.2/mk/build.mk 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/mk/build.mk 2026-03-24 15:13:29.000000000 +0100 @@ -20,7 +20,7 @@ # An optional extension to the coredns packages COREDNS_EXT ?= -COREDNS_VERSION = v1.13.1 +COREDNS_VERSION = v1.14.2 # List of binaries that we have build/release build rules for. BUILD_RELEASE_BINARIES := kuma-cp kuma-dp kumactl coredns kuma-cni install-cni envoy diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/mk/dev.mk new/kumactl-2.13.3/mk/dev.mk --- old/kumactl-2.13.2/mk/dev.mk 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/mk/dev.mk 2026-03-24 15:13:29.000000000 +0100 @@ -8,7 +8,7 @@ BUILD_DATE = $(word 4, $(BUILD_INFO)) CI_TOOLS_VERSION = $(word 5, $(BUILD_INFO)) # renovate: datasource=github-tags depName=envoy packageName=kumahq/envoy-builds versioning=semver -ENVOY_VERSION ?= 1.36.4 +ENVOY_VERSION ?= 1.36.5 KUMA_CHARTS_URL ?= https://kumahq.github.io/charts CHART_REPO_NAME ?= kuma PROJECT_NAME ?= kuma diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/api-server/endpoints_table_test.go new/kumactl-2.13.3/pkg/api-server/endpoints_table_test.go --- old/kumactl-2.13.2/pkg/api-server/endpoints_table_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/api-server/endpoints_table_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -88,7 +88,7 @@ DescribeTable("base_endpoints", func(path string) { url := fmt.Sprintf("http://%s%s";, apiServer.Address(), path) - res, err := http.Get(url) //nolint:gosec + res, err := http.Get(url) Expect(err).ToNot(HaveOccurred()) Expect(res).To(HaveHTTPStatus(http.StatusOK)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/config/xds/bootstrap/config_test.go new/kumactl-2.13.3/pkg/config/xds/bootstrap/config_test.go --- old/kumactl-2.13.2/pkg/config/xds/bootstrap/config_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/config/xds/bootstrap/config_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -17,7 +17,7 @@ It("should be loadable from configuration file", func() { // given cfg := BootstrapServerConfig{} - //nolint:gosec + fileError := os.WriteFile("/tmp/corefile", []byte("abc"), 0o600) Expect(fileError).ToNot(HaveOccurred()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/dataplane.go new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/dataplane.go --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/dataplane.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/dataplane.go 2026-03-24 15:13:29.000000000 +0100 @@ -196,7 +196,7 @@ inbounds := util_slices.Map(inboundInterfaces, func(i mesh_proto.InboundInterface) core_rules.InboundListener { return core_rules.InboundListener{Address: i.DataplaneIP, Port: i.DataplanePort} }) - return inbounds, nil, false, nil + return inbounds, nil, dpp.Spec.IsDelegatedGateway(), nil } return []core_rules.InboundListener{}, nil, false, nil case common_api.MeshSubset: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/k8s-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/k8s-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/k8s-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/k8s-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,30 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1_zone-k8s_ns-k8s_mhr-1_ + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1.ns-k8s + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-global.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,30 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1.ns-k8s + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-k8s-on-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,30 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-xc2xb42x66f9v8vc.kuma-system + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-global.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,30 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1.ns-k8s + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-k8s-zone-uni-on-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,30 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-xc2xb42x66f9v8vc + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-global.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1 + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-k8s-on-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-5bz864z925z548df.kuma-system + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-global.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1 + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-global-uni-zone-uni-on-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-5bz864z925z548df + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-k8s.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-k8s.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-k8s.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-k8s.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,31 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1_zone-k8s_ns-k8s_mhr-1_ + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-zz8fwd49v49wzfz8.kuma-system + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-uni.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-uni.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-uni.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-from-k8s-to-uni.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,31 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1_zone-k8s_ns-k8s_mhr-1_ + labels: + k8s.kuma.io/namespace: ns-k8s + kuma.io/display-name: mhr-1 + kuma.io/mesh: mesh-1 + kuma.io/origin: zone + kuma.io/policy-role: producer + kuma.io/zone: zone-k8s + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-zz8fwd49v49wzfz8 + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-global.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1 + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/policy-global-uni-dpp-k8s-on-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,29 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1__kuma-system_mhr-1_ + labels: + k8s.kuma.io/namespace: kuma-system + kuma.io/display-name: mhr-1 + kuma.io/origin: global + kuma.io/policy-role: system + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1-5bz864z925z548df + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/uni-zone.golden.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/uni-zone.golden.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/uni-zone.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels/uni-zone.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,28 @@ +items: +- creationTime: "0001-01-01T00:00:00Z" + kri: kri_mhttpr_mesh-1_zone-uni__mhr-1_ + labels: + kuma.io/display-name: mhr-1 + kuma.io/origin: zone + kuma.io/zone: zone-uni + mesh: mesh-1 + modificationTime: "0001-01-01T00:00:00Z" + name: mhr-1 + spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - rules: + - default: {} + matches: + - path: + type: PathPrefix + value: / + targetRef: + kind: MeshService + name: backend + type: MeshHTTPRoute +next: null +total: 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.dataplane.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.dataplane.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.dataplane.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.dataplane.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,14 @@ +type: Dataplane +mesh: mesh-1 +name: kong +labels: + app: kong-gateway +networking: + address: 10.244.0.13 + admin: + port: 9901 + gateway: + tags: + kuma.io/service: kong_kong_svc_80 + kuma.io/zone: default + type: DELEGATED diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.policies.yaml new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.policies.yaml --- old/kumactl-2.13.2/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.policies.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/core/matchers/testdata/matchedpolicies/dataplane-kind/delegated-gateway-select-by-labels.policies.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,38 @@ +# policies using kind Dataplane selecting delegated gateway by labels +type: MeshHTTPRoute +mesh: mesh-1 +name: mhr-1 +spec: + targetRef: + kind: Dataplane + labels: + app: kong-gateway + to: + - targetRef: + kind: MeshService + name: backend + rules: + - matches: + - path: + type: PathPrefix + value: / + default: {} +--- +type: MeshHTTPRoute +mesh: mesh-1 +name: mhr-2 +spec: + targetRef: + kind: Dataplane + labels: + app: other + to: + - targetRef: + kind: MeshService + name: backend + rules: + - matches: + - path: + type: PathPrefix + value: / + default: {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/meshhttproute/plugin/v1alpha1/plugin_test.go new/kumactl-2.13.3/pkg/plugins/policies/meshhttproute/plugin/v1alpha1/plugin_test.go --- old/kumactl-2.13.2/pkg/plugins/policies/meshhttproute/plugin/v1alpha1/plugin_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/meshhttproute/plugin/v1alpha1/plugin_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -2784,7 +2784,6 @@ ) }) -//nolint:gosec const secureSecret = ` -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA60QMsTAL8jPI+XzWlVv4e7Gc8C5Y5q5SHDMuXGEog2eyA+UB @@ -2834,7 +2833,6 @@ -----END CERTIFICATE----- ` -//nolint:gosec const superSecureSecret = ` -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAy2J1y0ehmGKvF9m1zooZr9UUgg3Y/xrhYXT47BLtKNfok5sI diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/locality_aware.go new/kumactl-2.13.3/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/locality_aware.go --- old/kumactl-2.13.2/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/locality_aware.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/locality_aware.go 2026-03-24 15:13:29.000000000 +0100 @@ -122,11 +122,11 @@ for _, group := range crossZoneGroups { switch group.Type { case api.Only: - builder.WriteString(fmt.Sprintf("%d:%s", group.Priority, strings.Join(util_maps.SortedKeys(group.Zones), ","))) + fmt.Fprintf(&builder, "%d:%s", group.Priority, strings.Join(util_maps.SortedKeys(group.Zones), ",")) case api.Any: - builder.WriteString(fmt.Sprintf("%d:%s", group.Priority, group.Type)) + fmt.Fprintf(&builder, "%d:%s", group.Priority, group.Type) case api.AnyExcept: - builder.WriteString(fmt.Sprintf("%d:%s:%s", group.Priority, group.Type, strings.Join(util_maps.SortedKeys(group.Zones), ","))) + fmt.Fprintf(&builder, "%d:%s:%s", group.Priority, group.Type, strings.Join(util_maps.SortedKeys(group.Zones), ",")) default: continue } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/policies/meshtcproute/plugin/v1alpha1/plugin_test.go new/kumactl-2.13.3/pkg/plugins/policies/meshtcproute/plugin/v1alpha1/plugin_test.go --- old/kumactl-2.13.2/pkg/plugins/policies/meshtcproute/plugin/v1alpha1/plugin_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/policies/meshtcproute/plugin/v1alpha1/plugin_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -1075,7 +1075,6 @@ ) }) -//nolint:gosec const secret = ` -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAqEhj+XS8qgm3raPrP554uXDiPv0np2lCx1wJF4KiwFGJMAV8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status.go new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status.go --- old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status.go 2026-03-24 15:13:29.000000000 +0100 @@ -1,8 +1,10 @@ package gatewayapi import ( + "cmp" "context" "reflect" + "slices" "github.com/pkg/errors" kube_apierrs "k8s.io/apimachinery/pkg/api/errors" @@ -186,6 +188,12 @@ statuses = append(statuses, previousStatus) } + // Sort by listener name to ensure deterministic ordering and avoid + // unnecessary Gateway status patches caused by Go map iteration order. + slices.SortFunc(statuses, func(a, b gatewayapi.ListenerStatus) int { + return cmp.Compare(a.Name, b.Name) + }) + return statuses } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status_test.go new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status_test.go --- old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,161 @@ +package gatewayapi + +import ( + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + kube_meta "k8s.io/apimachinery/pkg/apis/meta/v1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/kumahq/kuma/v2/pkg/plugins/runtime/k8s/controllers/gatewayapi/common" + "github.com/kumahq/kuma/v2/pkg/util/pointer" +) + +var _ = Describe("mergeGatewayListenerStatuses", func() { + makeGateway := func(listenerNames ...string) *gatewayapi.Gateway { + same := gatewayapi_v1.NamespacesFromSame + var listeners []gatewayapi.Listener + for _, name := range listenerNames { + listeners = append(listeners, gatewayapi.Listener{ + Name: gatewayapi.SectionName(name), + Protocol: gatewayapi_v1.HTTPProtocolType, + Port: gatewayapi.PortNumber(80), + AllowedRoutes: &gatewayapi.AllowedRoutes{ + Namespaces: &gatewayapi.RouteNamespaces{ + From: &same, + }, + }, + }) + } + return &gatewayapi.Gateway{ + Spec: gatewayapi.GatewaySpec{ + Listeners: listeners, + }, + } + } + + makeConditions := func(names ...string) ListenerConditions { + conditions := ListenerConditions{} + for _, name := range names { + conditions[gatewayapi.SectionName(name)] = []kube_meta.Condition{ + { + Type: string(gatewayapi_v1.ListenerConditionAccepted), + Status: kube_meta.ConditionTrue, + Reason: string(gatewayapi_v1.ListenerReasonAccepted), + }, + { + Type: string(gatewayapi_v1.ListenerConditionProgrammed), + Status: kube_meta.ConditionTrue, + Reason: string(gatewayapi_v1.ListenerReasonProgrammed), + }, + } + } + return conditions + } + + It("returns listeners sorted by name", func() { + listenerNames := []string{"zebra", "alpha", "middle", "beta"} + gateway := makeGateway(listenerNames...) + conditions := makeConditions(listenerNames...) + attachedRoutes := AttachedRoutesForListeners{} + + statuses := mergeGatewayListenerStatuses(gateway, conditions, attachedRoutes) + + Expect(statuses).To(HaveLen(4)) + Expect(statuses[0].Name).To(Equal(gatewayapi.SectionName("alpha"))) + Expect(statuses[1].Name).To(Equal(gatewayapi.SectionName("beta"))) + Expect(statuses[2].Name).To(Equal(gatewayapi.SectionName("middle"))) + Expect(statuses[3].Name).To(Equal(gatewayapi.SectionName("zebra"))) + }) + + It("preserves attached route counts", func() { + gateway := makeGateway("b-listener", "a-listener") + conditions := makeConditions("b-listener", "a-listener") + attachedRoutes := AttachedRoutesForListeners{ + gatewayapi.SectionName("a-listener"): {num: 3}, + gatewayapi.SectionName("b-listener"): {num: 1}, + } + + statuses := mergeGatewayListenerStatuses(gateway, conditions, attachedRoutes) + + Expect(statuses).To(HaveLen(2)) + // a-listener sorts first + Expect(statuses[0].Name).To(Equal(gatewayapi.SectionName("a-listener"))) + Expect(statuses[0].AttachedRoutes).To(Equal(int32(3))) + Expect(statuses[1].Name).To(Equal(gatewayapi.SectionName("b-listener"))) + Expect(statuses[1].AttachedRoutes).To(Equal(int32(1))) + }) +}) + +var _ = Describe("mergeHTTPRouteStatus", func() { + makeParentRef := func(namespace, name, sectionName string) gatewayapi.ParentReference { + group := gatewayapi.Group(gatewayapi.GroupVersion.Group) + kind := gatewayapi.Kind("Gateway") + ns := gatewayapi.Namespace(namespace) + section := gatewayapi.SectionName(sectionName) + return gatewayapi.ParentReference{ + Group: &group, + Kind: &kind, + Namespace: &ns, + Name: gatewayapi.ObjectName(name), + SectionName: §ion, + } + } + + It("returns parent statuses sorted by parent ref", func() { + route := &gatewayapi.HTTPRoute{} + conditions := ParentConditions{ + makeParentRef("ns-b", "gw-z", "listener-1"): { + {Type: string(gatewayapi.RouteConditionAccepted), Status: kube_meta.ConditionTrue, Reason: "Accepted"}, + }, + makeParentRef("ns-a", "gw-a", "listener-1"): { + {Type: string(gatewayapi.RouteConditionAccepted), Status: kube_meta.ConditionTrue, Reason: "Accepted"}, + }, + makeParentRef("ns-a", "gw-a", "listener-2"): { + {Type: string(gatewayapi.RouteConditionAccepted), Status: kube_meta.ConditionTrue, Reason: "Accepted"}, + }, + } + + mergeHTTPRouteStatus(route, conditions) + + Expect(route.Status.Parents).To(HaveLen(3)) + Expect(route.Status.Parents[0].ParentRef.Name).To(Equal(gatewayapi.ObjectName("gw-a"))) + Expect(pointer.Deref(route.Status.Parents[0].ParentRef.SectionName)).To(Equal(gatewayapi.SectionName("listener-1"))) + Expect(route.Status.Parents[1].ParentRef.Name).To(Equal(gatewayapi.ObjectName("gw-a"))) + Expect(pointer.Deref(route.Status.Parents[1].ParentRef.SectionName)).To(Equal(gatewayapi.SectionName("listener-2"))) + Expect(route.Status.Parents[2].ParentRef.Name).To(Equal(gatewayapi.ObjectName("gw-z"))) + }) + + It("preserves statuses from other controllers unsorted", func() { + otherController := gatewayapi.GatewayController("other-controller") + route := &gatewayapi.HTTPRoute{ + Status: gatewayapi.HTTPRouteStatus{ + RouteStatus: gatewayapi.RouteStatus{ + Parents: []gatewayapi.RouteParentStatus{ + { + ParentRef: makeParentRef("ns-z", "gw-z", "listener-1"), + ControllerName: otherController, + }, + { + ParentRef: makeParentRef("ns-a", "gw-a", "listener-1"), + ControllerName: otherController, + }, + }, + }, + }, + } + conditions := ParentConditions{ + makeParentRef("ns-b", "gw-b", "listener-1"): { + {Type: string(gatewayapi.RouteConditionAccepted), Status: kube_meta.ConditionTrue, Reason: "Accepted"}, + }, + } + + mergeHTTPRouteStatus(route, conditions) + + Expect(route.Status.Parents).To(HaveLen(3)) + // Other controller statuses come first (preserved order), then ours + Expect(route.Status.Parents[0].ControllerName).To(Equal(otherController)) + Expect(route.Status.Parents[1].ControllerName).To(Equal(otherController)) + Expect(route.Status.Parents[2].ControllerName).To(Equal(common.ControllerName)) + }) +}) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_status.go new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_status.go --- old/kumactl-2.13.2/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_status.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_status.go 2026-03-24 15:13:29.000000000 +0100 @@ -1,8 +1,11 @@ package gatewayapi import ( + "cmp" "context" + "fmt" "reflect" + "slices" "github.com/pkg/errors" kube_apierrs "k8s.io/apimachinery/pkg/api/errors" @@ -11,6 +14,7 @@ gatewayapi "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/kumahq/kuma/v2/pkg/plugins/runtime/k8s/controllers/gatewayapi/common" + "github.com/kumahq/kuma/v2/pkg/util/pointer" ) func (r *HTTPRouteReconciler) updateStatus(ctx context.Context, route *gatewayapi.HTTPRoute, conditions ParentConditions) error { @@ -34,7 +38,9 @@ mergedStatuses := []gatewayapi.RouteParentStatus{} var previousStatuses []gatewayapi.RouteParentStatus - // partition statuses based on whether we control them + // Partition existing statuses: keep other controllers' statuses as-is, + // collect our previous statuses separately so we can match them by ref + // below when parentConditions may contain new refs not yet in the status. for _, status := range route.Status.Parents { if status.ControllerName != common.ControllerName { mergedStatuses = append(mergedStatuses, status) @@ -43,8 +49,11 @@ } } - // for each new parentstatus, either add it to the list or update the - // existing one + // For each parent ref in parentConditions, find the matching previous + // status (if any) or create a new one. This cannot be merged with the + // loop above because parentConditions may contain refs that have no + // existing status yet. + var ownedStatuses []gatewayapi.RouteParentStatus for ref, conditions := range parentConditions { previousStatus := gatewayapi.RouteParentStatus{ ParentRef: ref, @@ -64,8 +73,30 @@ kube_apimeta.SetStatusCondition(&previousStatus.Conditions, condition) } - mergedStatuses = append(mergedStatuses, previousStatus) + ownedStatuses = append(ownedStatuses, previousStatus) } - route.Status.Parents = mergedStatuses + // Sort our controlled statuses by parent ref to ensure deterministic + // ordering and avoid unnecessary status patches caused by Go map + // iteration order. + slices.SortFunc(ownedStatuses, func(a, b gatewayapi.RouteParentStatus) int { + return cmp.Compare(parentRefSortKey(a.ParentRef), parentRefSortKey(b.ParentRef)) + }) + + route.Status.Parents = append(mergedStatuses, ownedStatuses...) +} + +func parentRefSortKey(ref gatewayapi.ParentReference) string { + port := "" + if ref.Port != nil { + port = fmt.Sprint(*ref.Port) + } + return fmt.Sprintf("%s/%s/%s/%s/%s/%s", + pointer.Deref(ref.Group), + pointer.Deref(ref.Kind), + pointer.Deref(ref.Namespace), + ref.Name, + pointer.Deref(ref.SectionName), + port, + ) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/test/resources/samples/global_secret_samples.go new/kumactl-2.13.3/pkg/test/resources/samples/global_secret_samples.go --- old/kumactl-2.13.2/pkg/test/resources/samples/global_secret_samples.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/test/resources/samples/global_secret_samples.go 2026-03-24 15:13:29.000000000 +0100 @@ -5,7 +5,6 @@ "github.com/kumahq/kuma/v2/pkg/test/resources/builders" ) -//nolint:gosec const SampleSigningKeyValue = `-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA2hVWqy1JzpbMEIrTr2UTdEsCMrTaUhAqZlhNLJrS8kc0mbPK Z7nT1JErJGUI4/NRHSQQZND3biPEcVktu0P5Ui6Ieum8HH7ENoRaSwLgaV451LOG diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/xds/generator/testdata/transparent-proxy/09.envoy.golden.yaml new/kumactl-2.13.3/pkg/xds/generator/testdata/transparent-proxy/09.envoy.golden.yaml --- old/kumactl-2.13.2/pkg/xds/generator/testdata/transparent-proxy/09.envoy.golden.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kumactl-2.13.3/pkg/xds/generator/testdata/transparent-proxy/09.envoy.golden.yaml 2026-03-24 15:13:29.000000000 +0100 @@ -0,0 +1,114 @@ +resources: +- name: self_transparentproxy_no_destination_inbound + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + altStatName: self_transparentproxy_no_destination_inbound + connectTimeout: 5s + name: self_transparentproxy_no_destination_inbound + type: STATIC +- name: self_transparentproxy_passthrough_inbound_ipv4 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: self_transparentproxy_passthrough_inbound_ipv4 + type: ORIGINAL_DST + upstreamBindConfig: + sourceAddress: + address: 127.0.0.6 + portValue: 0 +- name: self_transparentproxy_passthrough_inbound_ipv6 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: self_transparentproxy_passthrough_inbound_ipv6 + type: ORIGINAL_DST + upstreamBindConfig: + sourceAddress: + address: ::6 + portValue: 0 +- name: self_transparentproxy_passthrough_outbound_ipv4 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: self_transparentproxy_passthrough_outbound_ipv4 + type: ORIGINAL_DST +- name: self_transparentproxy_passthrough_outbound_ipv6 + resource: + '@type': type.googleapis.com/envoy.config.cluster.v3.Cluster + connectTimeout: 5s + lbPolicy: CLUSTER_PROVIDED + name: self_transparentproxy_passthrough_outbound_ipv6 + type: ORIGINAL_DST +- name: self_transparentproxy_passthrough_inbound_ipv4 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 0.0.0.0 + portValue: 15006 + enableReusePort: false + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: self_transparentproxy_passthrough_inbound_ipv4 + statPrefix: self_transparentproxy_passthrough_inbound_ipv4 + name: self_transparentproxy_passthrough_inbound_ipv4 + trafficDirection: INBOUND + useOriginalDst: true +- name: self_transparentproxy_passthrough_inbound_ipv6 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: '::' + portValue: 15006 + enableReusePort: false + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: self_transparentproxy_passthrough_inbound_ipv6 + statPrefix: self_transparentproxy_passthrough_inbound_ipv6 + name: self_transparentproxy_passthrough_inbound_ipv6 + trafficDirection: INBOUND + useOriginalDst: true +- name: self_transparentproxy_passthrough_outbound_ipv4 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: 0.0.0.0 + portValue: 15001 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: self_transparentproxy_passthrough_outbound_ipv4 + statPrefix: self_transparentproxy_passthrough_outbound_ipv4 + name: self_transparentproxy_passthrough_outbound_ipv4 + trafficDirection: OUTBOUND + useOriginalDst: true +- name: self_transparentproxy_passthrough_outbound_ipv6 + resource: + '@type': type.googleapis.com/envoy.config.listener.v3.Listener + address: + socketAddress: + address: '::' + portValue: 15001 + filterChains: + - filters: + - name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: self_transparentproxy_passthrough_outbound_ipv6 + statPrefix: self_transparentproxy_passthrough_outbound_ipv6 + name: self_transparentproxy_passthrough_outbound_ipv6 + trafficDirection: OUTBOUND + useOriginalDst: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/xds/generator/transparent_proxy_generator.go new/kumactl-2.13.3/pkg/xds/generator/transparent_proxy_generator.go --- old/kumactl-2.13.2/pkg/xds/generator/transparent_proxy_generator.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/xds/generator/transparent_proxy_generator.go 2026-03-24 15:13:29.000000000 +0100 @@ -134,7 +134,7 @@ WithOverwriteName(listenerName). Configure(envoy_listeners.OriginalDstForwarder()) - if useStrictInboundPorts { + if useStrictInboundPorts && len(proxy.Dataplane.Spec.Networking.Inbound) > 0 { for _, inbound := range proxy.Dataplane.Spec.Networking.Inbound { // if service doesn't have any port we don't need to expose listener if inbound.Port == mesh_proto.TCPPortReserved { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/xds/generator/transparent_proxy_generator_test.go new/kumactl-2.13.3/pkg/xds/generator/transparent_proxy_generator_test.go --- old/kumactl-2.13.2/pkg/xds/generator/transparent_proxy_generator_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/xds/generator/transparent_proxy_generator_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -274,5 +274,40 @@ tlsMode: mesh_proto.CertificateAuthorityBackend_PERMISSIVE.Enum(), expected: "08.envoy.golden.yaml", }), + Entry("transparent_proxying=true,unified_naming=true,inbound_filter,strict,gateway", testCase{ + proxy: &model.Proxy{ + Metadata: &model.DataplaneMetadata{Features: map[string]bool{ + types.FeatureUnifiedResourceNaming: true, + types.FeatureStrictInboundPorts: true, + }}, + Id: *model.BuildProxyId("", "side-car"), + Dataplane: &core_mesh.DataplaneResource{ + Meta: &test_model.ResourceMeta{ + Version: "v1", + }, + Spec: &mesh_proto.Dataplane{ + Networking: &mesh_proto.Dataplane_Networking{ + Gateway: &mesh_proto.Dataplane_Networking_Gateway{ + Tags: map[string]string{ + "app": "test-gateway", + }, + Type: mesh_proto.Dataplane_Networking_Gateway_DELEGATED, + }, + TransparentProxying: &mesh_proto.Dataplane_Networking_TransparentProxying{ + IpFamilyMode: mesh_proto.Dataplane_Networking_TransparentProxying_DualStack, + RedirectPortOutbound: 15001, + RedirectPortInbound: 15006, + }, + }, + }, + }, + APIVersion: envoy_common.APIV3, + Policies: model.MatchedPolicies{}, + InternalAddresses: DummyInternalAddresses, + }, + meshServicesMode: mesh_proto.Mesh_MeshServices_Exclusive, + tlsMode: mesh_proto.CertificateAuthorityBackend_STRICT.Enum(), + expected: "09.envoy.golden.yaml", + }), ) }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/xds/topology/outbound.go new/kumactl-2.13.3/pkg/xds/topology/outbound.go --- old/kumactl-2.13.2/pkg/xds/topology/outbound.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/xds/topology/outbound.go 2026-03-24 15:13:29.000000000 +0100 @@ -197,6 +197,13 @@ continue } + if !zi.HasPublicAddress() { + // Zone Ingress is not reachable yet from other clusters. + // This may happen when Ingress Service is pending waiting on + // External IP on Kubernetes. + continue + } + ziAddress := zi.Spec.GetNetworking().GetAdvertisedAddress() ziPort := zi.Spec.GetNetworking().GetAdvertisedPort() ziCoordinates := buildCoordinates(ziAddress, ziPort) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/pkg/xds/topology/outbound_test.go new/kumactl-2.13.3/pkg/xds/topology/outbound_test.go --- old/kumactl-2.13.2/pkg/xds/topology/outbound_test.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/pkg/xds/topology/outbound_test.go 2026-03-24 15:13:29.000000000 +0100 @@ -1603,6 +1603,20 @@ }, }, }), + Entry("remote MeshService without Zone Ingress public address is not included", testCase{ + zoneIngresses: []*core_mesh.ZoneIngressResource{ + builders.ZoneIngress(). + WithZone("east"). + // No AdvertisedAddress/AdvertisedPort - simulates pending external IP + Build(), + }, + meshServices: []*meshservice_api.MeshServiceResource{ + samples.MeshServiceSyncedBackend(), // remote MeshService from "east" zone + }, + mesh: defaultMeshWithMTLS, + // No endpoints should be generated because Zone Ingress has no public address + expected: core_xds.EndpointMap{}, + }), ) Describe("BuildEgressEndpointMap()", func() { type testCase struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/test/framework/docker.go new/kumactl-2.13.3/test/framework/docker.go --- old/kumactl-2.13.2/test/framework/docker.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/test/framework/docker.go 2026-03-24 15:13:29.000000000 +0100 @@ -292,7 +292,7 @@ addr, err := networking.PortForward(remoteAddress, stopChan) if err != nil { return nil, fmt.Errorf("could not establish ssh port forwarding to remote host %q: %w", - networking.RemoteHost, err) + networking.RemoteHost.Address, err) } pf := &VmPortForward{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/test/server/cmd/echo.go new/kumactl-2.13.3/test/server/cmd/echo.go --- old/kumactl-2.13.2/test/server/cmd/echo.go 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/test/server/cmd/echo.go 2026-03-24 15:13:29.000000000 +0100 @@ -131,7 +131,7 @@ secondInboundMux := http.NewServeMux() secondInboundMux.HandleFunc("/", handleEcho) go func() { - _ = http.ListenAndServe(net.JoinHostPort(args.ip, strconv.Itoa(secondaryInboundPort)), secondInboundMux) //nolint:gosec + _ = http.ListenAndServe(net.JoinHostPort(args.ip, strconv.Itoa(secondaryInboundPort)), secondInboundMux) }() return srv.ListenAndServe() }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kumactl-2.13.2/tools/releases/dockerfiles/kuma-init.Dockerfile new/kumactl-2.13.3/tools/releases/dockerfiles/kuma-init.Dockerfile --- old/kumactl-2.13.2/tools/releases/dockerfiles/kuma-init.Dockerfile 2026-02-20 11:48:42.000000000 +0100 +++ new/kumactl-2.13.3/tools/releases/dockerfiles/kuma-init.Dockerfile 2026-03-24 15:13:29.000000000 +0100 @@ -1,4 +1,4 @@ -FROM gcr.io/k8s-staging-build-image/distroless-iptables:v0.8.6@sha256:4e0a77d0973618ce2a76e65fa2dc97694eb690ac8baf69cefe6e20f17957d9dd +FROM gcr.io/k8s-staging-build-image/distroless-iptables:v0.8.8@sha256:d3586afb735e4e9cb2810ef9bfb5548a7cff8cbc2d53ae555352cdc408ee4f05 ARG ARCH COPY /build/artifacts-linux-$ARCH/kumactl/kumactl /usr/bin ++++++ kumactl.obsinfo ++++++ --- /var/tmp/diff_new_pack.p3izfE/_old 2026-03-27 06:43:01.433920115 +0100 +++ /var/tmp/diff_new_pack.p3izfE/_new 2026-03-27 06:43:01.437920281 +0100 @@ -1,5 +1,5 @@ name: kumactl -version: 2.13.2 -mtime: 1771584522 -commit: 349ef0859217575f43b4812afe638db5d4d63750 +version: 2.13.3 +mtime: 1774361609 +commit: b8573349f0938b8cc8ba5bc1cc1f90675175f107 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kumactl/vendor.tar.gz /work/SRC/openSUSE:Factory/.kumactl.new.8177/vendor.tar.gz differ: char 13, line 1
