chore(deps): upgrade kuma-net to version with iptables output chain f…

…ix (#5513)

Signed-off-by: Łukasz Dziedziak <lukidzi@gmail.com>

app/kumactl/cmd/install/testdata/install-transparent-proxy.excludedports.txt

@@ -4,9 +4,9 @@
 -N KUMA_MESH_INBOUND_REDIRECT
 -N KUMA_MESH_OUTBOUND_REDIRECT
 -A PREROUTING -p tcp -j KUMA_MESH_INBOUND
--A OUTPUT -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
--A OUTPUT -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
--A OUTPUT -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
+-I OUTPUT 1 -p tcp --dport 1900,1902,1000-2000 -m owner --uid-owner 103,104,106-108 -j RETURN
+-I OUTPUT 2 -p tcp --dport 2900,2902,3000-5000 -m owner --uid-owner 203,204,206-208 -j RETURN
+-I OUTPUT 3 -p udp --dport 3900,3902,4000-6000 -m owner --uid-owner 303,304,306-308 -j RETURN
 -A OUTPUT -p tcp -j KUMA_MESH_OUTBOUND
 -A KUMA_MESH_INBOUND -p tcp -j KUMA_MESH_INBOUND_REDIRECT
 -A KUMA_MESH_OUTBOUND -s (.*) -o (.*) -j RETURN

go.mod

@@ -27,7 +27,7 @@ require (
 	github.com/gruntwork-io/terratest v0.41.4
 	github.com/hoisie/mustache v0.0.0-20160804235033-6375acf62c69
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/kumahq/kuma-net v0.8.9
+	github.com/kumahq/kuma-net v0.8.10
 	github.com/kumahq/protoc-gen-kumadoc v0.3.1
 	github.com/lib/pq v1.10.7
 	github.com/miekg/dns v1.1.50

go.sum

@@ -1019,8 +1019,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a h1:szFGMVdySxtKAjCxO3JUncfr1JGWOIlQaqWnrTUJsBc=
 github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
-github.com/kumahq/kuma-net v0.8.9 h1:Zx00WbE0J1dLtgsUy1QAvoQYvRYVBosoW3c/AWEI5dU=
-github.com/kumahq/kuma-net v0.8.9/go.mod h1:aqhBHsY3LQCTvBOr7oU1r2hwjTn9vhXUKDJXJokkSCM=
+github.com/kumahq/kuma-net v0.8.10 h1:0Hd6dNYPbsSCe6YQFGG6796tFUB6gw0QiCOXqSDGZAA=
+github.com/kumahq/kuma-net v0.8.10/go.mod h1:kFh8+bzRAUMdMVCfXU8apDMcBxwWDzOxImlEEJ/4cy4=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1 h1:tY2dGQJTYVGkhxAHN154fddcWDRy55Pl4+oLT+FhsHo=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1/go.mod h1:F+c9RjgKlv1Q3UEoPJCtMJw8Fd+X5PfG5jlkTSfZOMA=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=

pkg/transparentproxy/transparentproxy_experimental.go

@@ -164,7 +164,8 @@ func (tp *ExperimentalTransparentProxy) Setup(tpConfig *config.TransparentProxyC
 				ExcludePortsForUIDs: excludePortsForUIDs,
 			},
 			DNS: kumanet_config.DNS{
-				Enabled:            tpConfig.RedirectAllDNSTraffic,
+				Enabled:            tpConfig.RedirectDNS,
+				CaptureAll:         tpConfig.RedirectAllDNSTraffic,
 				Port:               agentDNSListenerPort,
 				ConntrackZoneSplit: !tpConfig.SkipDNSConntrackZoneSplit,
 			},

tools/releases/distros.sh

@@ -30,7 +30,7 @@ ENVOY_VERSION=$(echo "$BUILD_INFO" | cut -d " " -f 5)
 KUMA_VERSION=$(echo "$BUILD_INFO" | cut -d " " -f 1)
 [ -z "$KUMA_CONFIG_PATH" ] && KUMA_CONFIG_PATH=pkg/config/app/kuma-cp/kuma-cp.defaults.yaml
 CTL_NAME="kumactl"
-[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.9"
+[ -z "$EBPF_PROGRAMS_IMAGE" ] && EBPF_PROGRAMS_IMAGE="kumahq/kuma-net-ebpf:0.8.10"
 
 function get_ebpf_programs() {
   local arch=$1

tools/releases/dockerfiles/Dockerfile.kuma-init

@@ -1,5 +1,5 @@
 # When updatinng image version, remember to update it in tools/releases/distros.sh and enterprise version
-FROM kumahq/kuma-net-ebpf:0.8.9 as ebpf
+FROM kumahq/kuma-net-ebpf:0.8.10 as ebpf
 # until there is a distroless iptables image we have to use something else
 FROM ubuntu:jammy
 ARG ARCH