running ~10k pods on unique subdomains, the main bottleneck we hit is that browsers don't support wildcard subdomains in the Access-Control-Allow-Origin header. we had to handle this at the ingress layer by validating the origin against a regex and reflecting it back dynamically. static headers just don't work for this.
running ~10k pods on unique subdomains, the main bottleneck we hit is that browsers don't support wildcard subdomains in the Access-Control-Allow-Origin header. we had to handle this at the ingress layer by validating the origin against a regex and reflecting it back dynamically. static headers just don't work for this.
this is also a standard approach for nginx: