feat(k8s): remove CPU limit from init/sidecar container

[lukidzi]

Motivation

CPU limits cause throttling even when CPU is available, which increases latency under load. Removing the limit allows the containers to burst during startup and high-traffic periods.

Implementation information

The default CPU limit for injected kuma-init and kuma-sidecar containers has been removed (set to 0, meaning no limit). Previously the defaults were 100m and 1000m respectively. New configuration options were introduced and user is able to set them manually.

[Copilot]

Pull request overview

This PR removes default CPU limits from the kuma-init and kuma-sidecar containers to prevent CPU throttling that increases latency under load. The limits are set to 0 (no limit), while users can manually configure them through new configuration options. The change includes comprehensive updates to configuration, Helm charts, test data, and test infrastructure.

Changes:

• Default CPU limits removed from both init and sidecar containers (previously 100m and 1000m)
• New configuration structures added for init container resource limits/requests with full validation
• Test infrastructure simplified by removing the E2EKuma() function and WithKumaInitNoCPULimit() test helper (no longer needed since limits are removed by default)
• All golden files and test data updated to reflect new defaults
• Helm values and templates updated with new configuration options
• Migration guide added to UPGRADE.md

Reviewed changes

Copilot reviewed 164 out of 166 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
UPGRADE.md	Documents the breaking change and provides migration instructions
pkg/config/plugins/runtime/k8s/config.go	Adds new InitContainerResources, InitContainerResourceLimits, and InitContainerResourceRequests config types with proper validation and environment variable support
pkg/plugins/runtime/k8s/webhooks/injector/injector.go	Implements initContainerLimits() and initContainerRequests() helper functions to handle resource configuration, properly handling zero CPU limits
pkg/plugins/runtime/k8s/containers/factory.go	Adds sidecarLimits() helper function and updates sidecar concurrency calculation to handle zero CPU limits
test/framework/	Removes E2EKuma() function and WithKumaInitNoCPULimit() option since CPU limits are now removed by default
test/e2e/	Updates all test files to use Kuma() instead of E2EKuma()
deployments/charts/kuma/	Updates Helm values, templates, and documentation to include resource configuration options
Test data files	Updates ~200+ golden files and configuration testdata files to reflect new resource defaults

[github-actions]

Reviewer Checklist

🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
If something doesn't apply please check the box and add a justification if the reason is non obvious.

• Is the PR title satisfactory? Is this part of a larger feature and should be grouped using > Changelog?
• PR description is clear and complete. It Links to relevant issue as well as docs and UI issues
• This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as an image registry)
• IPv6 is taken into account (.e.g: no string concatenation of host port)
• Tests (Unit test, E2E tests, manual test on universal and k8s)
  • Don't forget ci/ labels to run additional/fewer tests
• Does this contain a change that needs to be notified to users? In this case, UPGRADE.md should be updated.
• Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label)