TLSRoute - hostname (SNI) with wildcard not applied to Gateway - router flavor set to expressions

[piotrgasior]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Kong Gateway version: 3.9
Kong Ingress Controller version: 3.4.1

Gateway env router_flavor: expressions is set.

The config with TLSRoute with hostname incldues wildcard cannot be applied to Gateway, there is following error in the Controller logs:

error    dataplane-synchronizer    Could not update kong admin    {"error": "performing update for https://<ip>:8444 failed: HTTP status 400 (message: \"failed posting new config to /config\")"}

Events - KongConfigurationApplyFailed:

invalid expression: length must be at least 1

invalid route:tlsroute.somenamespace.somename.0.0: must set snis when 'protocols' is 'tls_passthrough'

Expected Behavior

Kong Gateway route should be configured with wildcard SNI.

Steps To Reproduce

Kong deployment via Helm charts with FeatureGate and Router Flvaor env:

feature_gates: GatewayAlpha=true
router_flavor: expressions  

Gateway:

apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: somename
  namespace: somenamespace
spec:
  gatewayClassName: gatewayclassname
  listeners:
  - allowedRoutes:
      namespaces:
        from: All
    hostname: '*.example.net'
    name: tls
    port: 443
    protocol: TLS
    tls:
      mode: Passthrough

TLSRoute:

apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TLSRoute
metadata:
  name: somename
  namespace: somenamespace
spec:
  hostnames:
  - '*.example.net'
  parentRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: gatewayname
    sectionName: tls
  rules:
  - backendRefs:
    - kind: Service
      name: gateway-proxy
      port: 9443

Kong Ingress Controller version

3.4.1

Kubernetes version

Anything else?

No response