Optional CRDs skipped when discovery errors are treated as “absent” #7871
Description
Description:
Kubernetes discovery can time out or hit other unrecoverable errors. crdExists treats these errors as if the CRD is missing, so optional CRDs such as SecurityPolicy never reconcile. Envoy Gateway continues with incomplete input, and connected Envoys can retain partial XDS state, causing traffic/auth disruption.
Expected behaviors: if unrecoverable discovery errors (timeouts, connection failures, etc.) happen when the controller starts watching resources, it should fail fast and exit so the EG pod restarts, and only explicit NotFound/NoMatch should be treated as “CRD absent” for optional resources.