allow namespace-scoped parametersRef

This patch adds a namespace field to the parametersRef reference.
This allows cluster-scoped GatewayClass resource to reference a
namespaced-scoped parameters resource.

This is in-line with upstream KEP 2365:
https://github.com/kubernetes/enhancements/blob/master/keps/prod-readiness/sig-network/2365.yaml

Why is it done the way it is done?
- Namespace field was not added to LocalObjectReference because that
type is referenced in a lot of places. We don't want to add in an
optional namespace field in all these places and increase security
issues with cross-namespace references.
- ObjectReference was not used because upstream discourages its use:
https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference. Instead, a new type was
introduced as per upstream's guidance.
- A new "Cluster" field was added as advised upstream:
kubernetes/enhancements#2366 (comment)

Author: hbagdi

apis/v1alpha1/gatewayclass_types.go

@@ -62,20 +62,59 @@ type GatewayClassSpec struct {
 	// +kubebuilder:validation:MaxLength=253
 	Controller string `json:"controller"`
 
-	// ParametersRef is a controller-specific resource containing the
-	// configuration parameters corresponding to this class. This is optional if
-	// the controller does not require any additional configuration.
+	// ParametersRef is a reference to a resource that contains the configuration
+	// parameters corresponding to the GatewayClass. This is optional if the
+	// controller does not require any additional configuration.
 	//
-	// Parameters resources are implementation specific custom resources. These
-	// resources must be cluster-scoped.
+	// ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,
+	// or an implementation-specific custom resource. The resource can be
+	// cluster-scoped or namespace-scoped.
 	//
 	// If the referent cannot be found, the GatewayClass's "InvalidParameters"
 	// status condition will be true.
 	//
 	// Support: Custom
 	//
 	// +optional
-	ParametersRef *LocalObjectReference `json:"parametersRef,omitempty"`
+	ParametersRef *ParametersReference `json:"parametersRef,omitempty"`
+}
+
+// ParametersReference identifies an API object containing controller-specific
+// configuration resource within the cluster.
+type ParametersReference struct {
+	// Group is the group of the referent.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	Group string `json:"group"`
+
+	// Kind is kind of the referent.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	Kind string `json:"kind"`
+
+	// Name is the name of the referent.
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	Name string `json:"name"`
+
+	// Scope represents if the referent is a Cluster or Namespace scoped resource.
+	// This may be set to "Cluster" or "Namespace".
+	// +kubebuilder:validation:Enum=Cluster;Namespace
+	// +kubebuilder:default=Cluster
+	// +optional
+	Scope string `json:"scope,omitempty"`
+
+	// Namespace is the namespace of the referent.
+	// This field is required when scope is set to "Namespace" and ignored when
+	// scope is set to "Cluster".
+	//
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=253
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
 }
 
 // GatewayClassConditionType is the type of status conditions. This

apis/v1alpha1/local_object_reference_types.go

@@ -16,7 +16,8 @@ limitations under the License.
 
 package v1alpha1
 
-// LocalObjectReference identifies an API object within a known namespace.
+// LocalObjectReference identifies an API object within the namespace of the
+// referrer.
 type LocalObjectReference struct {
 	// Group is the group of the referent.
 	//