Custom DNS support in istio-csr's istiod certificate

[frauniki]

Currently, only the following dns names are supported for istiod certificates created by istio-csr's helm chart.

• istiod{{$revision}}. {{$namespace}}.svc
• istiod.{{ .Values.app.istio.namespace }}.svc
  https://github.com/cert-manager/istio-csr/blob/main/deploy/charts/istio-csr/templates/certificate.yaml#L15-L31

istio supports external control plane and istiod may be published by an external LB provider or custom DNS.
https://istio.io/latest/docs/setup/install/external-controlplane/

However, the current istio-csr istiod certificate does not allow these custom DNSs to be configured within the certificate, so using istiod webhook with a custom DNS in these environments will result in a certificate error.
Therefore, I would like to add a feature so that istio-csr's istiod certificate can also use custom DNS.

By the way, istiod's built-in ca server already supports the same feature.
It is possible to set custom DNS for istiod certificate using istiod's environment variable ISTIOD_CUSTOM_HOST.
https://istio.io/latest/docs/reference/commands/pilot-discovery/

[frauniki]

I missed this comment.
https://github.com/cert-manager/istio-csr/blob/main/deploy/charts/istio-csr/values.yaml#L100

I thought it would be better to set istiodCertificateEnable to false and create your own certificate if you want to use custom DNS.
I don't think we need to support this feature, so I am closing this issue.