Updates Envoy Cert as Wildcard Hostname

danehans · Arko Dasgupta · commit 15af0252ad2d · 2022-09-23T16:32:27.000-07:00
Signed-off-by: danehans &lt;daneyonhansen@gmail.com&gt;
diff --git a/internal/crypto/certgen.go b/internal/crypto/certgen.go
@@ -21,7 +21,7 @@ const (
 	DefaultEnvoyGatewayDNSPrefix = config.EnvoyGatewayServiceName
 
 	// DefaultEnvoyDNSPrefix defines the default Envoy DNS prefix.
-	DefaultEnvoyDNSPrefix = config.EnvoyServiceName
+	DefaultEnvoyDNSPrefix = "*"
 
 	// DefaultNamespace is the default Namespace name where Envoy Gateway is running.
 	DefaultNamespace = config.EnvoyGatewayNamespace
@@ -112,7 +112,7 @@ func GenerateCerts(egCfg *v1alpha1.EnvoyGateway) (*Certificates, error) {
 		switch egProvider {
 		case v1alpha1.ProviderTypeKubernetes:
 			egDNSNames = kubeServiceNames(DefaultEnvoyGatewayDNSPrefix, DefaultNamespace, DefaultDNSSuffix)
-			envoyDNSNames = kubeServiceNames(DefaultEnvoyDNSPrefix, DefaultNamespace, DefaultDNSSuffix)
+			envoyDNSNames = append(envoyDNSNames, fmt.Sprintf("*.%s", DefaultNamespace))
 		default:
 			// Kubernetes is the only supported Envoy Gateway provider.
 			return nil, fmt.Errorf("unsupported provider type %v", egProvider)
diff --git a/internal/crypto/certgen_test.go b/internal/crypto/certgen_test.go
@@ -47,7 +47,7 @@ func TestGenerateCerts(t *testing.T) {
 	run(t, "no configuration - use defaults", testcase{
 		certConfig:              &Configuration{},
 		wantEnvoyGatewayDNSName: "envoy-gateway",
-		wantEnvoyDNSName:        "envoy",
+		wantEnvoyDNSName:        "*.envoy-gateway-system",
 	})
 }
 

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ func TestGenerateCerts(t *testing.T) {`
`47`	`47`	`run(t, "no configuration - use defaults", testcase{`
`48`	`48`	`certConfig: &Configuration{},`
`49`	`49`	`wantEnvoyGatewayDNSName: "envoy-gateway",`
`50`		`- wantEnvoyDNSName: "envoy",`
	`50`	`+ wantEnvoyDNSName: "*.envoy-gateway-system",`
`51`	`51`	`})`
`52`	`52`	`}`
`53`	`53`