Add support for wildcard specifiers anywhere in SNI pattern#1693
Closed
fristonio wants to merge 1 commit intocilium:mainfrom
Closed
Add support for wildcard specifiers anywhere in SNI pattern#1693fristonio wants to merge 1 commit intocilium:mainfrom
fristonio wants to merge 1 commit intocilium:mainfrom
Conversation
fristonio
commented
Jan 11, 2026
This commit adds support for specifying wildcard('*') anywhere in the
server names match pattern. This allow users to write more compressed
network policies and is inline with what cilium/cilium supports for FQDN
match patterns.
With this change users can now write allowed server names as:
- '**.cilium.io': Existing behavior which matches any number of
subdomain levels in the prefix. "test.cilium.io" and
"test.app.cilium.io" matches but "cilium.io" does not.
- '*.cilium.io': Existing behavior which matches all subdomains of
cilium.io on a single level. "test.cilium.io" matches but
"test.app.cilium.io" and "cilium.io" do not.
- 'sub*.cilium.io': Matches subdomains of cilium.io where the subdomain
component begins with "sub"(only one level). "sub.cilium.io" and
"subdomain.cilium.io" matches wile "www.cilium.io", "cilium.io" and
"test.subdomain.cilium.io" do not.
SNI match patterns are now implemented using regular expressions. The
required regex is derived and compiled once during xDS configuration
update.
If the match pattern doesn't contain any wildcard specifier the
implementation relies on explicit full string match.
Signed-off-by: Deepesh Pathak <deepesh.pathak@isovalent.com>
fristonio
force-pushed
the
pr/fristonio/sni-pattern-wildcarding
branch
from
4bc4d2f to
d9c7a5e
Compare
fristonio
changed the title
Member
Author
|
Closing in favor of - #1698 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See commit message for more details.
Extends: #1242
Fixes: cilium/cilium#43597