From 0f4be7c331b68242b0ed6db79ed17c528b82d167 Mon Sep 17 00:00:00 2001
From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com>
Date: Thu, 27 Feb 2025 17:25:34 +0100
Subject: [PATCH 1/2] Allow wildcard suffix

---
 apis/v1/shared_types.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apis/v1/shared_types.go b/apis/v1/shared_types.go
index 226c776372..e34578866c 100644
--- a/apis/v1/shared_types.go
+++ b/apis/v1/shared_types.go
@@ -503,15 +503,17 @@ type RouteStatus struct {
 }
 
 // Hostname is the fully qualified domain name of a network host. This matches
-// the RFC 1123 definition of a hostname with 2 notable exceptions:
+// the RFC 1123 definition of a hostname with 3 notable exceptions:
 //
 //  1. IPs are not allowed.
 //  2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
 //     label must appear by itself as the first label.
+//  3. A hostname may be suffixed with a wildcard label ( `.*`). The wildcard
+//     label must appear by itself as the last label.
 //
 // Hostname can be "precise" which is a domain name without the terminating
 // dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
-// domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+// domain name prefixed or suffixed with a single wildcard label (e.g. `*.example.com` or `example.*`).
 //
 // Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
 // alphanumeric characters or '-', and must start and end with an alphanumeric
@@ -519,7 +521,7 @@ type RouteStatus struct {
 //
 // +kubebuilder:validation:MinLength=1
 // +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
+// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\.\*)?$`
 type Hostname string
 
 // PreciseHostname is the fully qualified domain name of a network host. This

From 37a6a9312bd045475c7a96993f3f2d60984781b5 Mon Sep 17 00:00:00 2001
From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com>
Date: Thu, 27 Feb 2025 17:57:41 +0100
Subject: [PATCH 2/2] don't match the *.example.* case, only '.example.com and
 example.*

---
 apis/v1/shared_types.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apis/v1/shared_types.go b/apis/v1/shared_types.go
index e34578866c..6b0dfeda6c 100644
--- a/apis/v1/shared_types.go
+++ b/apis/v1/shared_types.go
@@ -521,7 +521,7 @@ type RouteStatus struct {
 //
 // +kubebuilder:validation:MinLength=1
 // +kubebuilder:validation:MaxLength=253
-// +kubebuilder:validation:Pattern=`^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\.\*)?$`
+// +kubebuilder:validation:Pattern=`(^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)|(^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(\.\*)?$)`
 type Hostname string
 
 // PreciseHostname is the fully qualified domain name of a network host. This