Ingress V1: wildcard should match only a single subdomain level

[mflendrich]

Kubernetes 1.19 API and Ingress V1 KEP say the following about wildcard host matches:

The wildcard character '*' must appear by itself as the first DNS label and matches only a single label.

Specifically:

• "*.foo.com" matches "bar.foo.com" because they share an the same suffix "foo.com".
• "*.foo.com" does not match "aaa.bbb.foo.com" as the wildcard only matches a single label.
• "*.foo.com" does not match "foo.com", as the wildcard must match a single label.

Today, if KIC gets an Ingress stating Host: *.foo.com, it will configure Kong to match multiple levels of subdomains (where it should match only one). In other words, Kong will match aaa.bbb.foo.com (from the example above) where it shouldn't.

[hbagdi]

This is not supported by Kong and hence blocked. Feature request in Kong: Kong/kong#6334.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[shaneutt]

Looks like Kong/kong#6334 is resolved and we are unblocked, where are we at with this one?

[mflendrich]

Kong/kong#6334 is closed as not fixed.
We rely on that resolution in order to bring this feature to KIC.

Community users: if you're interested in this feature, please bring this up in Kong/kong#7327

[hbagdi]

I think this should be left open and we should work towards a resolution. I understand it hasn't happened in over a year but that doesn't mean we should label as 'wontfix'.
Most networking stacks expect * to match a single DNS label and we should make sure that we are not the exception in this case.

[shaneutt]

It sounds like you're advocating that we get priority for this to put it on the roadmap for upcoming releases. @scseanchow please take a look and let's discuss the impact and whether this would fit into an upcoming release.