nginx · shaun-nx · Aug 29, 2022 · Jul 25, 2022 · Jul 25, 2022 · Jul 25, 2022
@@ -4,8 +4,8 @@ metadata:
   name: nginx-ingress
   namespace: nginx-ingress
   annotations:
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
-    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
 spec:
   type: LoadBalancer
   ports:

@@ -51,7 +51,7 @@ spec:
 {{% table %}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
-|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. Wildcard domains like ``*.example.com`` are not allowed.  The ``host`` value needs to be unique among all Ingress and VirtualServer resources. See also [Handling Host and Listener Collisions](/nginx-ingress-controller/configuration/handling-host-and-listener-collisions). | ``string`` | Yes |
+|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes.  The ``host`` value needs to be unique among all Ingress and VirtualServer resources. See also [Handling Host and Listener Collisions](/nginx-ingress-controller/configuration/handling-host-and-listener-collisions). | ``string`` | Yes |
 |``tls`` | The TLS termination configuration. | [tls](#virtualservertls) | No |
 |``externalDNS`` | The externalDNS configuration for a VirtualServer. | [externalDNS](#virtualserverexternaldns) | No |
 |``dos`` | A reference to a DosProtectedResource, setting this enables DOS protection of the VirtualServer. | ``string`` | No |
@@ -249,7 +249,7 @@ Note that each subroute must have a `path` that starts with the same prefix (her
 {{% table %}}
 |Field | Description | Type | Required |
 | ---| ---| ---| --- |
-|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. Wildcard domains like ``*.example.com`` are not allowed. Must be the same as the ``host`` of the VirtualServer that references this resource. | ``string`` | Yes |
+|``host`` | The host (domain name) of the server. Must be a valid subdomain as defined in RFC 1123, such as ``my-app`` or ``hello.example.com``. When using a wildcard domain like ``*.example.com`` the domain must be contained in double quotes. Must be the same as the ``host`` of the VirtualServer that references this resource. | ``string`` | Yes |
 |``upstreams`` | A list of upstreams. | [[]upstream](#upstream) | No |
 |``subroutes`` | A list of subroutes. | [[]subroute](#virtualserverroutesubroute) | No |
 |``ingressClassName`` | Specifies which Ingress Controller must handle the VirtualServerRoute resource. Must be the same as the ``ingressClassName`` of the VirtualServer that references this resource. | ``string``_ | No |

@@ -142,7 +142,7 @@ func buildDNSEndpoint(extdnsLister []extdnslisters.DNSEndpointLister, vs *vsapi.
 	var existingDNSEndpoint *extdnsapi.DNSEndpoint
 	var err error
 	for _, el := range extdnsLister {
-		existingDNSEndpoint, err = el.DNSEndpoints(vs.Namespace).Get(vs.Spec.Host)
+		existingDNSEndpoint, err = el.DNSEndpoints(vs.Namespace).Get(vs.ObjectMeta.Name)
 		if err == nil {
 			break
 		}
@@ -154,7 +154,7 @@ func buildDNSEndpoint(extdnsLister []extdnslisters.DNSEndpointLister, vs *vsapi.
 
 	dnsEndpoint := &extdnsapi.DNSEndpoint{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:            vs.Spec.Host,
+			Name:            vs.ObjectMeta.Name,
 			Namespace:       vs.Namespace,
 			Labels:          vs.Labels,
 			OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(vs, controllerGVK)},

@@ -92,15 +92,19 @@ func (vsv *VirtualServerValidator) validateVirtualServerSpec(spec *v1.VirtualSer
 	return allErrs
 }
 
+const wildcardHost = "*."
+
 func validateHost(host string, fieldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 
 	if host == "" {
 		return append(allErrs, field.Required(fieldPath, ""))
 	}
 
-	for _, msg := range validation.IsDNS1123Subdomain(host) {
-		allErrs = append(allErrs, field.Invalid(fieldPath, host, msg))
+	if !strings.HasPrefix(host, wildcardHost) {
+		for _, msg := range validation.IsDNS1123Subdomain(host) {
+			allErrs = append(allErrs, field.Invalid(fieldPath, host, msg))
+		}
 	}
 
 	return allErrs

@@ -74,6 +74,7 @@ func TestValidateHost(t *testing.T) {
 		"hello",
 		"example.com",
 		"hello-world-1",
+		"*.example.com",
 	}
 
 	for _, h := range validHosts {

@@ -0,0 +1,20 @@
+apiVersion: k8s.nginx.org/v1
+kind: VirtualServer
+metadata:
+  name: virtual-server-wildcard
+spec:
+  host: "*.example.com"
+  upstreams:
+  - name: backend2
+    service: backend2-svc
+    port: 80
+  - name: backend1
+    service: backend1-svc
+    port: 80
+  routes:
+  - path: "/backend1"
+    action:
+      pass: backend1
+  - path: "/backend2"
+    action:
+      pass: backend2
@@ -4,7 +4,7 @@
 from suite.custom_resources_utils import is_dnsendpoint_present
 from suite.resources_utils import get_events, wait_before_test
 from suite.vs_vsr_resources_utils import patch_virtual_server_from_yaml
-from suite.yaml_utils import get_first_host_from_yaml, get_namespace_from_yaml
+from suite.yaml_utils import get_name_from_yaml, get_namespace_from_yaml
 
 VS_YAML = f"{TEST_DATA}/virtual-server-external-dns/standard/virtual-server.yaml"
 
@@ -27,11 +27,11 @@ def test_responses_after_setup(
         self, kube_apis, crd_ingress_controller_with_ed, create_externaldns, virtual_server_setup
     ):
         print("\nStep 1: Verify DNSEndpoint exists")
-        dns_name = get_first_host_from_yaml(VS_YAML)
+        dns_ep_name = get_name_from_yaml(VS_YAML)
         retry = 0
-        dep = is_dnsendpoint_present(kube_apis.custom_objects, dns_name, virtual_server_setup.namespace)
+        dep = is_dnsendpoint_present(kube_apis.custom_objects, dns_ep_name, virtual_server_setup.namespace)
         while dep == False and retry <= 60:
-            dep = is_dnsendpoint_present(kube_apis.custom_objects, dns_name, virtual_server_setup.namespace)
+            dep = is_dnsendpoint_present(kube_apis.custom_objects, dns_ep_name, virtual_server_setup.namespace)
             retry += 1
             wait_before_test(1)
             print(f"DNSEndpoint not created, retrying... #{retry}")

@@ -0,0 +1,54 @@
+import pytest
+from settings import TEST_DATA
+from suite.custom_assertions import wait_and_assert_status_code
+from suite.custom_resources_utils import read_custom_resource
+from suite.resources_utils import wait_before_test
+from suite.vs_vsr_resources_utils import create_virtual_server_from_yaml, delete_virtual_server
+
+
+@pytest.mark.vs
+@pytest.mark.parametrize(
+    "crd_ingress_controller, virtual_server_setup",
+    [
+        (
+            {"type": "complete", "extra_args": [f"-enable-custom-resources"]},
+            {"example": "virtual-server", "app_type": "simple"},
+        )
+    ],
+    indirect=True,
+)
+class TestVirtualServerWildcard:
+    def test_vs_status(self, kube_apis, crd_ingress_controller, virtual_server_setup):
+
+        wait_and_assert_status_code(200, virtual_server_setup.backend_1_url, virtual_server_setup.vs_host)
+        wait_and_assert_status_code(200, virtual_server_setup.backend_2_url, virtual_server_setup.vs_host)
+        wait_and_assert_status_code(404, virtual_server_setup.backend_1_url, "test.example.com")
+        wait_and_assert_status_code(404, virtual_server_setup.backend_2_url, "test.example.com")
+
+        # create virtual server with wildcard hostname
+        manifest_vs_wc = f"{TEST_DATA}/virtual-server-wildcard/virtual-server-wildcard.yaml"
+        vs_wc_name = create_virtual_server_from_yaml(
+            kube_apis.custom_objects, manifest_vs_wc, virtual_server_setup.namespace
+        )
+        wait_before_test()
+        response = read_custom_resource(
+            kube_apis.custom_objects,
+            virtual_server_setup.namespace,
+            "virtualservers",
+            vs_wc_name,
+        )
+        while not response["status"]:
+            response = read_custom_resource(
+                kube_apis.custom_objects,
+                virtual_server_setup.namespace,
+                "virtualservers",
+                vs_wc_name,
+            )
+
+        assert response["status"]["reason"] == "AddedOrUpdated" and response["status"]["state"] == "Valid"
+        wait_and_assert_status_code(200, virtual_server_setup.backend_1_url, "test.example.com")
+        wait_and_assert_status_code(200, virtual_server_setup.backend_2_url, "test.example.com")
+        wait_and_assert_status_code(404, virtual_server_setup.backend_1_url, "test.xexample.com")
+        wait_and_assert_status_code(404, virtual_server_setup.backend_2_url, "test.xexample.com")
+
+        delete_virtual_server(kube_apis.custom_objects, vs_wc_name, virtual_server_setup.namespace)