fix: prevent GatewayNamespace mode from hijacking pre-existing ServiceAccounts and ConfigMaps

[yuehaii]

What type of PR is this?
fix: prevent GatewayNamespace mode from hijacking pre-existing ServiceAccounts and ConfigMaps

What this PR does / why we need it:
In GatewayNamespace mode, when a Gateway is created, Envoy Gateway provisions a ServiceAccount and ConfigMap in the same namespace as the Gateway, using the Gateway's own name as the resource name.

If a resource with that name already existed in the namespace, the reconciler would silently overwrite it via ServerSideApply with client.ForceOwnership, stealing field ownership and injecting a new ownerReference pointing to the Gateway object. When the Gateway was later deleted, Kubernetes garbage collection followed the ownerReference and deleted the pre-existing resource, causing unrelated components to break.

Fixes #9136

Release Notes: Yes

[netlify]

✅ Deploy Preview for cerulean-figolla-1f9435 ready!

Name	Link
🔨 Latest commit	8a319e5
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/6a2f56dceb9f6d0008317aa4
😎 Deploy Preview	https://deploy-preview-9215--cerulean-figolla-1f9435.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4486073b16

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[codecov]

Codecov Report

❌ Patch coverage is 79.16667% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.90%. Comparing base (332081c) to head (8a319e5).

Files with missing lines	Patch %	Lines
...ternal/infrastructure/kubernetes/infra_resource.go	79.16%	3 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9215      +/-   ##
==========================================
- Coverage   74.90%   74.90%   -0.01%     
==========================================
  Files         252      252              
  Lines       40815    40839      +24     
==========================================
+ Hits        30574    30590      +16     
- Misses       8158     8164       +6     
- Partials     2083     2085       +2     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[zirain]

Can you check the failed e2e test?

[yuehaii]

hi @zirain , good morning. I have fixed the failed test cases. Could you please approve those workflows for verification?

[zirain]

can you add e2e and release notes for this?

[yuehaii]

can you add e2e and release notes for this?

sure. I will add e2e test cases and release notes.