Transitioning from Ingress-nginx to Gateway API: Seeking Advice on Authentication and Features

Hey everyone! Our team is planning to switch from Ingress as we're approaching the end of support for ingress-nginx next month. This feels like a great opportunity to move to the Gateway API to take advantage of its richer feature set and more standardized configuration model, moving away from our reliance on heavy annotations.

Currently, our ingress-nginx setup uses a variety of complex annotations, such as regex usage, SSL settings, external authentication with mTLS, and several timeout configurations. I'm particularly struggling to find a Gateway API controller that offers equivalents for all of these features. I've tried using Envoy-based controllers but found limitations especially around external auth scenarios. Also, we have an nginx sidecar that's part of our application pod which needs to stay accessible, but that has posed challenges, too.

So, I'm looking for insights on a few points:
* Are there any Gateway API controllers that can support most or all of these features like regex rewrites, external auth with mTLS, header injections, timeouts, and HTTPS backends?
* How are other developers managing complex nginx authentication annotations when switching to Gateway API?
* Do you have any recommended approaches for migrating from a heavily annotated ingress-nginx setup like ours?

Any practical tips or controller suggestions from anyone who has made a similar transition would be really helpful. Thanks a lot!