From 18290e7c79704d6d6cc89dfec583616f91d7ec72 Mon Sep 17 00:00:00 2001 From: Robin Scherrer Date: Thu, 5 Feb 2026 13:42:56 +0100 Subject: [PATCH 1/5] feat: add support for ssh_endpoint --- component/githosts.jsonnet | 12 +++++++----- docs/modules/ROOT/pages/how-tos/setup-githost.adoc | 4 ++++ docs/modules/ROOT/pages/how-tos/vcluster.adoc | 1 + docs/modules/ROOT/pages/references/parameters.adoc | 4 ++++ 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/component/githosts.jsonnet b/component/githosts.jsonnet index 21773f8..ab858b7 100644 --- a/component/githosts.jsonnet +++ b/component/githosts.jsonnet @@ -10,11 +10,13 @@ local params = inv.parameters.lieutenant; metadata+: { namespace: params.namespace, }, - stringData: { - endpoint: params.githosts[name].endpoint, - token: params.githosts[name].token, - hostKeys: params.githosts[name].host_keys, - }, + stringData: + local gh = params.githosts[name]; + { + endpoint: gh.endpoint, + token: gh.token, + hostKeys: gh.host_keys, + } + if std.objectHas(gh, 'ssh_endpoint') then { sshEndpoint: gh.ssh_endpoint } else {}, } for name in std.objectFields(params.githosts) } diff --git a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc index e2cde2b..055f653 100644 --- a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc +++ b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc @@ -29,12 +29,16 @@ With the token added to Vault it can now be referenced by the GitHost configurat githosts: your-gitlab: endpoint: https://git.yourdomain.net/ + ssh_endpoint: ssh://gitlab-ssh.yourdomain.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt git.yourdomain.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9EkPcVdsz/oVTI2VJkBlq8Mv/dg3rhcbgzAEKyiwUG ---- +`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. +Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name. + The `host_keys` need to contain the SSH public keys of your GitLab server. You can get these easily with: diff --git a/docs/modules/ROOT/pages/how-tos/vcluster.adoc b/docs/modules/ROOT/pages/how-tos/vcluster.adoc index 3d76884..6050acb 100644 --- a/docs/modules/ROOT/pages/how-tos/vcluster.adoc +++ b/docs/modules/ROOT/pages/how-tos/vcluster.adoc @@ -88,6 +88,7 @@ parameters: githosts: your-gitlab: endpoint: https://git.yourdomain.net/ + ssh_endpoint: ssh://gitlab-ssh.yourdomain.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3Nz... diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index cc267ca..290cff8 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -294,10 +294,14 @@ A list of GitLab instances Lieutenant will be able to connect to for repository A GitLab token with `api` scope need to be accessible through Vault. See the xref:how-tos/setup-githost.adoc[setup githost] how-to for further details. +`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. +Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name. + ---- githosts: gitlab-vshn: endpoint: https://git.vshn.net/ + ssh_endpoint: ssh://gitlab-ssh.vshn.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/gitlab-vshn/token}' host_keys: | git.vshn.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt From a437acaa2602393218cd01ac2b43359b09d6c2e8 Mon Sep 17 00:00:00 2001 From: Robin Scherrer Date: Mon, 9 Feb 2026 15:12:08 +0100 Subject: [PATCH 2/5] fix: ignore preserveUnknownFields in argocd app --- component/app.jsonnet | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/component/app.jsonnet b/component/app.jsonnet index a25ddd7..4bf1405 100644 --- a/component/app.jsonnet +++ b/component/app.jsonnet @@ -3,7 +3,19 @@ local inv = kap.inventory(); local params = inv.parameters.lieutenant; local argocd = import 'lib/argocd.libjsonnet'; -local app = argocd.App('lieutenant', params.namespace); +local app = argocd.App('lieutenant', params.namespace) { + spec+: { + ignoreDifferences+: [ + { + group: 'apiextensions.k8s.io', + kind: 'CustomResourceDefinition', + jsonPointers: [ + '/spec/preserveUnknownFields', + ], + }, + ], + }, +}; local appPath = local project = std.get(std.get(app, 'spec', {}), 'project', 'syn'); From 794991921df25a3d53493a7812b2b69b1810e20b Mon Sep 17 00:00:00 2001 From: Robin Scherrer <43877944+rxbn@users.noreply.github.com> Date: Thu, 30 Apr 2026 09:09:38 +0200 Subject: [PATCH 3/5] Apply suggestions from code review Co-authored-by: Simon Gerber --- component/githosts.jsonnet | 3 ++- docs/modules/ROOT/pages/how-tos/setup-githost.adoc | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/component/githosts.jsonnet b/component/githosts.jsonnet index ab858b7..8c34cea 100644 --- a/component/githosts.jsonnet +++ b/component/githosts.jsonnet @@ -16,7 +16,8 @@ local params = inv.parameters.lieutenant; endpoint: gh.endpoint, token: gh.token, hostKeys: gh.host_keys, - } + if std.objectHas(gh, 'ssh_endpoint') then { sshEndpoint: gh.ssh_endpoint } else {}, + [if std.objectHas(gh, 'ssh_endpoint') then 'sshEndpoint']: std.get(gh, ssh_endpoint), + }, } for name in std.objectFields(params.githosts) } diff --git a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc index 055f653..7cb5e83 100644 --- a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc +++ b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc @@ -29,14 +29,13 @@ With the token added to Vault it can now be referenced by the GitHost configurat githosts: your-gitlab: endpoint: https://git.yourdomain.net/ - ssh_endpoint: ssh://gitlab-ssh.yourdomain.net + ssh_endpoint: ssh://gitlab-ssh.yourdomain.net <1> token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt git.yourdomain.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9EkPcVdsz/oVTI2VJkBlq8Mv/dg3rhcbgzAEKyiwUG ---- - -`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. +<1> `ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name. The `host_keys` need to contain the SSH public keys of your GitLab server. From 6b09dd5d734c97e50dfe8624de94cd9a27c1a512 Mon Sep 17 00:00:00 2001 From: Robin Scherrer Date: Thu, 30 Apr 2026 09:12:37 +0200 Subject: [PATCH 4/5] apply suggestions --- component/githosts.jsonnet | 2 +- docs/modules/ROOT/pages/how-tos/vcluster.adoc | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/component/githosts.jsonnet b/component/githosts.jsonnet index 8c34cea..9a1b3c7 100644 --- a/component/githosts.jsonnet +++ b/component/githosts.jsonnet @@ -16,7 +16,7 @@ local params = inv.parameters.lieutenant; endpoint: gh.endpoint, token: gh.token, hostKeys: gh.host_keys, - [if std.objectHas(gh, 'ssh_endpoint') then 'sshEndpoint']: std.get(gh, ssh_endpoint), + [if std.objectHas(gh, 'ssh_endpoint') then 'sshEndpoint']: std.get(gh, gh.ssh_endpoint), }, } for name in std.objectFields(params.githosts) diff --git a/docs/modules/ROOT/pages/how-tos/vcluster.adoc b/docs/modules/ROOT/pages/how-tos/vcluster.adoc index 6050acb..3d76884 100644 --- a/docs/modules/ROOT/pages/how-tos/vcluster.adoc +++ b/docs/modules/ROOT/pages/how-tos/vcluster.adoc @@ -88,7 +88,6 @@ parameters: githosts: your-gitlab: endpoint: https://git.yourdomain.net/ - ssh_endpoint: ssh://gitlab-ssh.yourdomain.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3Nz... From 6920600019e79a7a2ab97778daae064f7b9e788c Mon Sep 17 00:00:00 2001 From: Robin Scherrer Date: Thu, 30 Apr 2026 09:24:59 +0200 Subject: [PATCH 5/5] fix: ssh_endpoint --- component/githosts.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/component/githosts.jsonnet b/component/githosts.jsonnet index 9a1b3c7..62b1b8c 100644 --- a/component/githosts.jsonnet +++ b/component/githosts.jsonnet @@ -16,7 +16,7 @@ local params = inv.parameters.lieutenant; endpoint: gh.endpoint, token: gh.token, hostKeys: gh.host_keys, - [if std.objectHas(gh, 'ssh_endpoint') then 'sshEndpoint']: std.get(gh, gh.ssh_endpoint), + [if std.objectHas(gh, 'ssh_endpoint') then 'sshEndpoint']: gh.ssh_endpoint, }, } for name in std.objectFields(params.githosts)