add wildcard ingress host indexing support

gcleroux · gcleroux · commit da3d1f360ef9 · 2025-01-20T16:02:27.000-05:00
diff --git a/charts/k8s-gateway/Chart.yaml b/charts/k8s-gateway/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: k8s-gateway
 description: A fork of the k8s_gateway CoreDNS plugin to allow TXT records
 type: application
-version: 3.0.0
-appVersion: 0.5.0
+version: 3.1.0
+appVersion: 0.6.0
 maintainers:
   - email: guillaume@pinax.network
     name: Guillaume
diff --git a/charts/k8s-gateway/values.yaml b/charts/k8s-gateway/values.yaml
@@ -1,7 +1,7 @@
 image:
   registry: ghcr.io
   repository: pinax-network/k8s_gateway
-  tag: v0.5.0
+  tag: v0.6.0
   pullPolicy: IfNotPresent
 
 # Delegated domain
diff --git a/kubernetes.go b/kubernetes.go
@@ -735,8 +735,27 @@ func lookupIngressIndex(ctrl cache.SharedIndexInformer) func([]string) []interfa
 	return func(indexKeys []string) (result []interface{}) {
 		var objs []interface{}
 		for _, key := range indexKeys {
-			obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, strings.ToLower(key))
+			key := strings.ToLower(key)
+			// Ingress is not responsible for _acme-challenge.* FQDN
+			if strings.HasPrefix(key, "_acme-challenge.") {
+				continue
+			}
+
+			obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, key)
 			objs = append(objs, obj...)
+
+			log.Debugf("No exact matches found for %s, looking for wildcard ingress host", key)
+			for len(objs) == 0 {
+				_, after, found := strings.Cut(key, ".")
+				if !found {
+					// No more wildcard recursion
+					break
+				}
+				key = after
+				log.Debugf("Looking for *.%s", key)
+				obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, "*."+key)
+				objs = append(objs, obj...)
+			}
 		}
 		log.Debugf("Found %d matching Ingress objects", len(objs))
 		for _, obj := range objs {
diff --git a/test/dual-stack/ingress-services.yml b/test/dual-stack/ingress-services.yml
@@ -18,6 +18,31 @@ spec:
                 port:
                   number: 80
 ---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myservice-wildcard
+  namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-dns-01
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "*.myservice.foo.org"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: backend
+                port:
+                  number: 80
+  tls:
+  - hosts:
+    - "*.myservice.foo.org"
+    secretName: ingress-wildcard-cert
+---
 apiVersion: v1
 kind: Service
 metadata:
