Fix missing TLS ServerName in HelmRepository

Add ServerName configuration to TLS config in HelmRepository client
options to ensure proper SNI (Server Name Indication) support for
virtual hosting environments. This addresses the regression introduced
when migrating from internal/tls to runtime/secrets, where ServerName
was not being set automatically.

Without ServerName, TLS handshakes fail with certificate mismatch
errors when connecting to Helm repositories using virtual hosting
where multiple repositories are hosted on the same IP address.

Signed-off-by: cappyzawa <[email protected]>

Author: cappyzawa

internal/helm/getter/client_opts.go

@@ -21,6 +21,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	neturl "net/url"
 	"os"
 	"path"
 
@@ -155,6 +156,20 @@ func configureAuthentication(ctx context.Context, c client.Client, obj *sourcev1
 		}
 	}
 
+	// Set ServerName for proper virtual hosting support.
+	// This is crucial for Helm repositories that use virtual hosting where multiple
+	// repositories are hosted on the same IP address. Without ServerName, the TLS
+	// handshake would fail with a certificate mismatch error.
+	// Note: runtime/secrets does not set ServerName, so this must be done at the
+	// controller level to ensure proper TLS SNI (Server Name Indication) support.
+	if opts.TlsConfig != nil {
+		u, err := neturl.Parse(url)
+		if err != nil {
+			return false, nil, nil, fmt.Errorf("cannot parse repository URL: %w", err)
+		}
+		opts.TlsConfig.ServerName = u.Hostname()
+	}
+
 	return deprecatedTLS, certSecret, authSecret, nil
 }