This adds support for empty host values in ingress rules, which act as wildcards and will match any hostname (or IP address).
There are many cases where an ingress configured this way can cause destructive or unintended behavior. Because it is very easy to (perhaps mistakenly) omit the host field in an ingress rule, the special annotation ingress.pomerium.io/subtle_allow_empty_host: "true" must be added to any ingress object containing rules with empty host fields.
Summary
This adds support for empty host values in ingress rules, which act as wildcards and will match any hostname (or IP address).
There are many cases where an ingress configured this way can cause destructive or unintended behavior. Because it is very easy to (perhaps mistakenly) omit the host field in an ingress rule, the special annotation
ingress.pomerium.io/subtle_allow_empty_host: "true"must be added to any ingress object containing rules with empty host fields.Related issues
Closes #941
Checklist
improvement/bug/ etc)