[Gateway API] Support syncing Kubernetes secrets into ACM

[starlightromero]

Describe the feature you are requesting

Currently, the documentation states:

The caveat is that configuration of TLS certificates can not be done via the certificateRefs field of a Gateway Listener, as the controller only supports certificate references via an ARN. In the future, we may support syncing Kubernetes secrets into ACM.

This issue is to request and track the support of syncing Kubernetes secrets into ACM.

Motivation

When using cert-manager to generate AWS PCA certificates, a Kubernetes secret of type kubernetes.io/tls is produced. Currently, the secrets has be be copied to a new secret of type opaque (a limitation of the ACK ACM Controller; related issue). Then imported into ACM, potentially utilizing ACK ACM's certificate import.

This workaround is very cumbersome and can be completely negated if the AWS Load Balancer Controller supported syncing Kubernetes secrets into ACM.

Describe the proposed solution you'd like

AWS ALB Controller is able to import Kubernetes secrets into ACM

Describe alternatives you've considered

n/a

Contribution Intention (Optional)

-[ ] Yes, I am willing to contribute a PR to implement this feature
-[x] No, I cannot work on a PR at this time

[iAnomaly]

I would love this feature as well but until then we are using this to sync cert-manager TLS secrets to AWS ACM: https://github.com/robertlestak/cert-manager-sync?tab=readme-ov-file#aws-acm

[starlightromero]

I would love this feature as well but until then we are using this to sync cert-manager TLS secrets to AWS ACM: https://github.com/robertlestak/cert-manager-sync?tab=readme-ov-file#aws-acm

Yeah my current workaround is a Kyverno Policy that generates a new opaque secret from the TLS secret. Then using ACK ACM to import the certificate from the opaque secret

[zac-nixon]

We're working with the AWS security team on getting a solution approved for this project. Stay tuned 🚀