diff --git a/component/app.jsonnet b/component/app.jsonnet index a25ddd7..4bf1405 100644 --- a/component/app.jsonnet +++ b/component/app.jsonnet @@ -3,7 +3,19 @@ local inv = kap.inventory(); local params = inv.parameters.lieutenant; local argocd = import 'lib/argocd.libjsonnet'; -local app = argocd.App('lieutenant', params.namespace); +local app = argocd.App('lieutenant', params.namespace) { + spec+: { + ignoreDifferences+: [ + { + group: 'apiextensions.k8s.io', + kind: 'CustomResourceDefinition', + jsonPointers: [ + '/spec/preserveUnknownFields', + ], + }, + ], + }, +}; local appPath = local project = std.get(std.get(app, 'spec', {}), 'project', 'syn'); diff --git a/component/githosts.jsonnet b/component/githosts.jsonnet index 21773f8..ab858b7 100644 --- a/component/githosts.jsonnet +++ b/component/githosts.jsonnet @@ -10,11 +10,13 @@ local params = inv.parameters.lieutenant; metadata+: { namespace: params.namespace, }, - stringData: { - endpoint: params.githosts[name].endpoint, - token: params.githosts[name].token, - hostKeys: params.githosts[name].host_keys, - }, + stringData: + local gh = params.githosts[name]; + { + endpoint: gh.endpoint, + token: gh.token, + hostKeys: gh.host_keys, + } + if std.objectHas(gh, 'ssh_endpoint') then { sshEndpoint: gh.ssh_endpoint } else {}, } for name in std.objectFields(params.githosts) } diff --git a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc index e2cde2b..055f653 100644 --- a/docs/modules/ROOT/pages/how-tos/setup-githost.adoc +++ b/docs/modules/ROOT/pages/how-tos/setup-githost.adoc @@ -29,12 +29,16 @@ With the token added to Vault it can now be referenced by the GitHost configurat githosts: your-gitlab: endpoint: https://git.yourdomain.net/ + ssh_endpoint: ssh://gitlab-ssh.yourdomain.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt git.yourdomain.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9EkPcVdsz/oVTI2VJkBlq8Mv/dg3rhcbgzAEKyiwUG ---- +`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. +Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name. + The `host_keys` need to contain the SSH public keys of your GitLab server. You can get these easily with: diff --git a/docs/modules/ROOT/pages/how-tos/vcluster.adoc b/docs/modules/ROOT/pages/how-tos/vcluster.adoc index 3d76884..6050acb 100644 --- a/docs/modules/ROOT/pages/how-tos/vcluster.adoc +++ b/docs/modules/ROOT/pages/how-tos/vcluster.adoc @@ -88,6 +88,7 @@ parameters: githosts: your-gitlab: endpoint: https://git.yourdomain.net/ + ssh_endpoint: ssh://gitlab-ssh.yourdomain.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}' host_keys: | git.yourdomain.net ssh-rsa AAAAB3Nz... diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index cc267ca..290cff8 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -294,10 +294,14 @@ A list of GitLab instances Lieutenant will be able to connect to for repository A GitLab token with `api` scope need to be accessible through Vault. See the xref:how-tos/setup-githost.adoc[setup githost] how-to for further details. +`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH. +Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name. + ---- githosts: gitlab-vshn: endpoint: https://git.vshn.net/ + ssh_endpoint: ssh://gitlab-ssh.vshn.net token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/gitlab-vshn/token}' host_keys: | git.vshn.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt