Support multiple GatewayClasses for one Tenant

[csengerszabo]

User Story

As a platform engineer, I want to configure multiple GatewayClasses per tenant cluster (e.g., one for internal traffic and one for external traffic) so that I can expose services with different network policies through KubeLB without needing multiple CCM instances.

Use Case

A common pattern in Kubernetes is to have separate GatewayClasses for internal and external traffic:

• kubelb-external — routes traffic from the public internet through an external load balancer
• kubelb-internal — routes traffic within the corporate network through an internal load balancer

Currently, the KubeLB CCM hardcodes a single GatewayClass name kubelb (internal/controllers/ccm/gateway_controller.go:53) and the --use-gateway-class flag is a boolean that either filters for that exact name or disables filtering entirely. This means a tenant cluster cannot distinguish between internal and external Gateways — it is all-or-nothing.

Acceptance criteria

• The CCM supports configuring multiple GatewayClass names to watch (e.g., via a flag like --gateway-classes=kubelb-external,kubelb-internal replacing the current --use-gateway-class boolean)
• The CCM only reconciles Gateways and routes whose parent Gateway matches one of the configured GatewayClass names
• The GatewayClass distinction is propagated to the management cluster so that different classes can map to different infrastructure (e.g., different Envoy Gateway classes or different load balancer configurations)
• The Tenant CRD and Config CRD support mapping tenant-side GatewayClass names to management-cluster GatewayClass names (e.g., kubelb-external -> envoy-external, kubelb-internal -> envoy-internal)