Secret validation error in TLS termination mode with Envoy Gateway Standalone

[arminabf]

What type of PR is this?

Fix: Fix secret validation error in TLS termination mode with Envoy Gateway Standalone.

What this PR does / why we need it:

Envoy Gateway Standalone fails to validate TLS secrets for HTTPS listeners configured with TLS termination. The validation logic at https://github.com/envoyproxy/gateway/blob/main/internal/gatewayapi/validate.go#L501-L510 expects the type field to be set to corev1.SecretTypeTLS, but the type is not populated when loading KindSecret resources from the Gateway configuration.

Example configuration

---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: eg
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: eg
spec:
  gatewayClassName: eg
  listeners:
    - name: https
      protocol: HTTPS
      port: 11443
      tls:
        mode: Terminate
        certificateRefs:
          - name: gateway-cert-secret
            kind: Secret
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: backend
spec:
  parentRefs:
    - name: eg
  hostnames:
    - "eg-test.local"
  rules:
    - backendRefs:
        - group: "gateway.envoyproxy.io"
          kind: Backend
          name: backend
      matches:
        - path:
            type: PathPrefix
            value: /
---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
metadata:
  name: backend
spec:
  endpoints:
    - fqdn:
        hostname: httpbin.local
        port: 80
---
kind: Secret
apiVersion: v1
metadata:
  name: gateway-cert-secret
type: kubernetes.io/tls
data:
  tls.crt:  <ommited>
  tls.key: <ommited>

Release Notes: Yes

[arkodg]

thanks, this is great !

1. can you sign your commit and force push to fix DCO
2. can you add a test file similar to the one in Load EnvoyExtensionPolicy in standalone mode #5460

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.30%. Comparing base (953ccc1) to head (1620e63).
Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5575      +/-   ##
==========================================
+ Coverage   65.26%   65.30%   +0.03%     
==========================================
  Files         213      213              
  Lines       34073    34076       +3     
==========================================
+ Hits        22237    22252      +15     
+ Misses      10501    10491      -10     
+ Partials     1335     1333       -2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.