Gateway routes - why namespace matters when explicitly defined everywhere?

what’s the functional difference between (just changed namespace of the route) and why does the latter throw 500

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: route
  namespace: apps
spec:
  parentRefs:
  - name: gateway
    namespace: net
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: service
      port: 8080
      namespace: apps

and

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: route
  namespace: net
spec:
  parentRefs:
  - name: gateway
    namespace: net
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: service
      port: 8080
      namespace: apps

It’s because Gateway objects can be in a variety of different namespaces, depending on what underlying gateway controller you’re using. So the route needs to point back to wherever the gateway class object resides. This is completely independent from where you’d want to put the route object, which needs to reside in the namespace where the route’s services are.

Ok, I get it, but then why namespace parameter for the backend service even exists if the route has to be in the same namespace?

You misunderstand – the gateway class and the gateway controller implementation can be anywhere in the cluster. They don’t have to be unique either. And route needs to be in the same namespace as the services the route uses – NOT the gateway class. So the route needs to say which gateway class it’s using, and that will include the namespace of where the gateway class is actually located.

Again, I’m asking about this part specifically Standard - Kubernetes Gateway API there’s a namespace field.

But nevertheless found the answer in ReferenceGrant: ReferenceGrant - Kubernetes Gateway API - which sounds like a very confusing concept that is not related to RBAC