Admission webhook blocks deletion of unrelated Ingress resources, when the Ingress Class does not exist

[cparadal]

Describe the bug
The AWS Load Balancer Controller admission webhook seems to be blocking deletion of any Ingress resource that is associated with an Ingress Class that has already been deleted.

We have a series of ArgoCD applications on which we perform selective resource deletion, based on a number of requirements. During this resource deletion, ingress classes can get removed before the actual ingress resources referencing them. The removed ingress classes are not related to the AWS Load Balancer Controller.

This wasn't an issue with versions < 2.6.0, as the behaviour of this webhook seems to have changed with this commit

kube-controller-manager-ip-xxxxxxx kube-controller-manager E0509 14:16:52.686392 1 garbagecollector.go:392] error syncing item &garbagecollector.node{identity:garbagecollector.objectReference{OwnerReference:v1.OwnerReference{APIVersion:"networking.k8s.io/v1", Kind:"Ingress", Name:"xxxxxx", UID:"xxxxxxxx", Controller:(*bool)(nil), BlockOwnerDeletion:(*bool)(nil)}, Namespace:"xxxxxxxxx"}, dependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:1}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, dependents:map[*garbagecollector.node]struct {}{}, deletingDependents:true, deletingDependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, beingDeleted:true, beingDeletedLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, virtual:false, virtualLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, owners:[]v1.OwnerReference(nil)}: admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: IngressClass.networking.k8s.io "xxxxxxxx" not found

$ kubectl patch ingress xxxxxx -p '{"metadata":{"finalizers":null}}'
Error from server (invalid ingress class: IngressClass.networking.k8s.io "xxxx" not found): admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: IngressClass.networking.k8s.io "xxxx" not found

Steps to reproduce
From ArgoCD, deploy an application which contains an ingress class and an ingress resource referencing it. Trigger a deletion of both IngressClass and Ingress, making sure that the Ingress Class is removed first.
This could potentially be reproduced without ArgoCD.

Expected outcome
The AWS Load Balancer Controller webhook doesn't randomly block ingress resource deletion within the cluster.

Environment

• AWS Load Balancer controller version
  v2.7.2 (but bug occurs on >= v2.6.0)

• Kubernetes version
  v1.28.9

• Using EKS (yes/no), if so version?
  No - kubeadm based cluster running on AWS

Additional Context:

[aravindsagar]

/kind bug