Ask questionsMake programmable deny of wildcard hostnames

Let's assume that we had a big organization, having a domain and there are two tenants, gas and oil. Let's also assume, that we are using some type of automatization, in order to publish ingress hosts to DNS automatically (like

Ingresses supports wildcard hostnames (

As a tenant-owner of gas, I create ingress with the host like - host: "*". That can lead to big problems for an oil tenant, which may create ingress with -host: (and for other tenants in a cluster)

So maybe we had to think about a webhook, that can be enabled by cluster-admin in order to deny wildcard names in ingresses.

But on the other hand, guys from gas Tenant can buy a domain like, which will be used only by them. And they want to create a single ingress in order to handle all requests to *

So there should be a list of domains for Tenants, where wildcard ingress host may be created. All other wildcard ingress hosts should be denied by a webhook (if it is enabled)

Originally posted by @MaxFedotov in


Answer questions prometherion

For the v1beta1 (and deprecated v1alpha1) versions, this check can be put in place using the annotation

The default value, since annotation key is not available, is false.


Related questions

No questions were found.
Dario Tranchitella prometherion @HAProxyTech Turin (IT) Former full stack developer, switched to the dark-side of DevOps!
Github User Rank List