GatewayAPISupport - Passing additional annotations such as `venafi.cert-manager.io/custom-fields` to generated `Certificate`

[shamusx]

Is your feature request related to a problem? Please describe.
With GatewayAPI feature turned on certmanager will generate certificate resource but for some integrations additional annotations are required, and when creating the Gateway object if we pass the annotations, they don't get created with the certificate. For example, i add venafi.cert-manager.io/custom-fields to my Gateway object:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: dedicated-gateway
  namespace: httpbin
  annotations:
    cert-manager.io/cluster-issuer: selfsigned-ca
    venafi.cert-manager.io/custom-fields: '[{"name": "UUID", "value": "demo23214"}]'  
spec:
  gatewayClassName: teg
  listeners:
    - name: http
      protocol: HTTP
      port: 80
    - name: https
      protocol: HTTPS
      hostname: www.example.com
      port: 443
      tls:
        mode: Terminate
        certificateRefs:
        - kind: Secret
          name: eg-https

The Certificate is created without the annotations venafi.cert-manager.io/custom-fields:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  creationTimestamp: "2025-01-24T18:47:28Z"
  generation: 1
  name: eg-https
  namespace: httpbin
  ownerReferences:
  - apiVersion: gateway.networking.k8s.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: Gateway
    name: dedicated-gateway
    uid: 09bcb294-bd11-4145-8bef-e4016385859b
  resourceVersion: "34132"
  uid: da19c621-bc46-4adf-931b-de4c5c9c4cb4
spec:
  dnsNames:
  - www.example.com
<<--truncated--->

Describe the solution you'd like
Annotations passed to the Gateway for given integrations were read and included in the created Certificate object(https://cert-manager.io/docs/usage/kube-csr/#annotations)

So the above Certificate object would have the annotation venafi.cert-manager.io/custom-fields :

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  annotations:
    venafi.cert-manager.io/custom-fields: '[{"name": "UUID", "value": "demo23214"}]'  # Added
  creationTimestamp: "2025-01-24T18:47:28Z"
  generation: 1
  name: eg-https
  namespace: httpbin
  ownerReferences:
  - apiVersion: gateway.networking.k8s.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: Gateway
    name: dedicated-gateway
    uid: 09bcb294-bd11-4145-8bef-e4016385859b
  resourceVersion: "34132"
  uid: da19c621-bc46-4adf-931b-de4c5c9c4cb4
spec:
  dnsNames:
  - www.example.com
<<--truncated--->

Additional context
https://envoyproxy.slack.com/archives/C03E6NHLESV/p1737669356553169

/kind feature

[arkodg]

hey @k0da will #7083 solve this ?

[k0da]

@arkodg yes, it will

[cert-manager-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
/lifecycle stale

[erikgb]

Should have be fixed by #7083.

/close

[cert-manager-prow]

@erikgb: Closing this issue.

Details

In response to this:

Should have be fixed by #7083.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.