make servername configurable

neonvm/apis/neonvm/v1/virtualmachine_types.go

@@ -179,6 +179,9 @@ type TLSProvisioning struct {
 
 	// This is required to set the duration before certificate expiration that the certificate is renewed
 	RenewBefore metav1.Duration `json:"renewBefore,omitempty"`
+
+	// This is the common name for the TLS certificate
+	ServerName string `json:"serverName,omitempty"`
 }
 
 func (spec *VirtualMachineSpec) Resources() VirtualMachineResources {

neonvm/config/crd/bases/vm.neon.tech_virtualmachines.yaml

@@ -3008,6 +3008,9 @@ spec:
                     description: This is required to set the duration before certificate
                       expiration that the certificate is renewed
                     type: string
+                  serverName:
+                    description: This is the common name for the TLS certificate
+                    type: string
                 type: object
               tolerations:
                 items:

pkg/neonvm/controllers/vm_cert_controller.go

@@ -229,12 +229,9 @@ func (r *VMReconciler) deleteTmpSecret(ctx context.Context, vm *vmv1.VirtualMach
 }
 
 func certSpecCSR(vm *vmv1.VirtualMachine) (*x509.CertificateRequest, error) {
-	// TODO: configurable?
-	commonName := fmt.Sprintf("%s.%s.svc.cluster.local", vm.Name, vm.Namespace)
-
 	certSpec := certv1.CertificateSpec{
-		CommonName: commonName,
-		DNSNames:   []string{commonName},
+		CommonName: vm.Spec.TLS.ServerName,
+		DNSNames:   []string{vm.Spec.TLS.ServerName},
 		PrivateKey: &certv1.CertificatePrivateKey{
 			// TODO: can we support Ed25519?
 			Algorithm:      certv1.ECDSAKeyAlgorithm,

tests/e2e/vm-tls/00-create-vm.yaml

@@ -26,3 +26,4 @@ spec:
     renewBefore: 1h
     expireAfter: 24h
     certificateIssuer: "neon-ca-issuer"
+    serverName: "vm.neon.local"