add wildcard ingress host indexing support

Author: gcleroux

kubernetes.go

@@ -735,8 +735,27 @@ func lookupIngressIndex(ctrl cache.SharedIndexInformer) func([]string) []interfa
 	return func(indexKeys []string) (result []interface{}) {
 		var objs []interface{}
 		for _, key := range indexKeys {
-			obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, strings.ToLower(key))
+			key := strings.ToLower(key)
+			// Ingress is not responsible for _acme-challenge.* FQDN
+			if strings.HasPrefix(key, "_acme-challenge.") {
+				continue
+			}
+
+			obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, key)
 			objs = append(objs, obj...)
+
+			log.Debugf("No exact matches found for %s, looking for wildcard ingress host", key)
+			for len(objs) == 0 {
+				_, after, found := strings.Cut(key, ".")
+				if !found {
+					// No more wildcard recursion
+					break
+				}
+				key = after
+				log.Debugf("Looking for *.%s", key)
+				obj, _ := ctrl.GetIndexer().ByIndex(ingressHostnameIndex, "*."+key)
+				objs = append(objs, obj...)
+			}
 		}
 		log.Debugf("Found %d matching Ingress objects", len(objs))
 		for _, obj := range objs {

test/dual-stack/ingress-services.yml

@@ -18,6 +18,31 @@ spec:
                 port:
                   number: 80
 ---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myservice-wildcard
+  namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-dns-01
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "*.myservice.foo.org"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: backend
+                port:
+                  number: 80
+  tls:
+  - hosts:
+    - "*.myservice.foo.org"
+    secretName: ingress-wildcard-cert
+---
 apiVersion: v1
 kind: Service
 metadata: