Is there an existing issue for this?

• I have searched the existing issues

Does this enhancement require public documentation?

• I have added an Acceptance Criteria item for adding and/or adjusting public documentation (if applicable)

Problem Statement

From: Kong/kong-operator#1769
When using KGO to deploy a Gateway and the pods for Dataplane are modified (pod rolled update, deleted, DP scaled up/down), the Ready condition of the DataPlane is set to False and then the Gateway and listeners' Programmed condition are set to False.
In such case, KIC skips extracting certificates from the listeners so the certificates are missing in the translated Kong configuration. This makes an HTTPS breakage in the interval of DP pods gets Ready.

Proposed Solution

• Do not skip the listeners with Programmed set to False when extracting certificates for gateway listeners

Additional information

• Should we only do the change when KIC is under control of KGO and remain the current behavior when KIC is run standalone?

Acceptance Criteria

• When DataPlane is scaled/pod rolled/pod deleted, the certificates does not get deleted in the interval of new DP pods turns ready