better support for multizone scenarios

[jijiechen]

Kuma Version

2.10.0 preview

Describe the bug

When applying the pre-built YAML onto a zone cluster from the main branch on a multizone mesh, I received some errors, we should build better support for this scenario.

To Reproduce

kubectl apply -f https://raw.githubusercontent.com/kumahq/kuma-counter-demo/refs/heads/main/k8s/002-with-gateway.yaml
namespace/kuma-demo created
service/demo-app created
service/demo-app-v1 created
service/demo-app-v2 created
service/kv created
deployment.apps/demo-app created
deployment.apps/demo-app-v2 created
deployment.apps/kv created
meshgateway.kuma.io/edge-gateway created
meshgatewayinstance.kuma.io/edge-gateway created
Warning: MeshSubset value for 'targetRef.kind' is deprecated, use Dataplane with labels instead
meshtrafficpermission.kuma.io/demo-app created
meshtrafficpermission.kuma.io/kv created

Error from server (Forbidden): error when creating "./demo.yaml": admission webhook "mesh.defaulter.kuma-admission.kuma.io" denied the request: Operation not allowed. Applying policies on Zone CP requires 'kuma.io/origin' label to be set to 'zone'.

Expected behavior

No errors are reported and policies work as expected.

Additional context (optional)

The actual issue was that the MeshHTTPRoute should either be created on the global CP or be marked as originated from zone with the label kuma.io/origin: zone

[github-actions]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[github-actions]

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

[lahabana]

We should build examples for multizone with zone and global maybe somehting terraform based would be helpful here.