feat: add support for ssh_endpoint

component/app.jsonnet

@@ -3,7 +3,19 @@ local inv = kap.inventory();
 local params = inv.parameters.lieutenant;
 local argocd = import 'lib/argocd.libjsonnet';
 
-local app = argocd.App('lieutenant', params.namespace);
+local app = argocd.App('lieutenant', params.namespace) {
+  spec+: {
+    ignoreDifferences+: [
+      {
+        group: 'apiextensions.k8s.io',
+        kind: 'CustomResourceDefinition',
+        jsonPointers: [
+          '/spec/preserveUnknownFields',
+        ],
+      },
+    ],
+  },
+};
 
 local appPath =
   local project = std.get(std.get(app, 'spec', {}), 'project', 'syn');

component/githosts.jsonnet

@@ -10,11 +10,13 @@ local params = inv.parameters.lieutenant;
     metadata+: {
       namespace: params.namespace,
     },
-    stringData: {
-      endpoint: params.githosts[name].endpoint,
-      token: params.githosts[name].token,
-      hostKeys: params.githosts[name].host_keys,
-    },
+    stringData:
+      local gh = params.githosts[name];
+      {
+        endpoint: gh.endpoint,
+        token: gh.token,
+        hostKeys: gh.host_keys,
+      } + if std.objectHas(gh, 'ssh_endpoint') then { sshEndpoint: gh.ssh_endpoint } else {},
   }
   for name in std.objectFields(params.githosts)
 }

docs/modules/ROOT/pages/how-tos/setup-githost.adoc

@@ -29,12 +29,16 @@ With the token added to Vault it can now be referenced by the GitHost configurat
 githosts:
   your-gitlab:
     endpoint: https://git.yourdomain.net/
+    ssh_endpoint: ssh://gitlab-ssh.yourdomain.net
     token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}'
     host_keys: |
       git.yourdomain.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt
       git.yourdomain.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9EkPcVdsz/oVTI2VJkBlq8Mv/dg3rhcbgzAEKyiwUG
 ----
 
+`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH.
+Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name.
+
 The `host_keys` need to contain the SSH public keys of your GitLab server.
 You can get these easily with:
 

docs/modules/ROOT/pages/how-tos/vcluster.adoc

@@ -88,6 +88,7 @@ parameters:
     githosts:
       your-gitlab:
         endpoint: https://git.yourdomain.net/
+        ssh_endpoint: ssh://gitlab-ssh.yourdomain.net
         token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/your-gitlab/token}'
         host_keys: |
           git.yourdomain.net ssh-rsa AAAAB3Nz...

docs/modules/ROOT/pages/references/parameters.adoc

@@ -294,10 +294,14 @@ A list of GitLab instances Lieutenant will be able to connect to for repository
 A GitLab token with `api` scope need to be accessible through Vault.
 See the xref:how-tos/setup-githost.adoc[setup githost] how-to for further details.
 
+`ssh_endpoint` is optional. If omitted, the operator uses the same host as `endpoint` for SSH.
+Provide a full SSH URL (for example `ssh://gitlab-ssh.example.com`) or just a host name.
+
 ----
 githosts:
   gitlab-vshn:
     endpoint: https://git.vshn.net/
+    ssh_endpoint: ssh://gitlab-ssh.vshn.net
     token: '?{vaultkv:${cluster:tenant}/${cluster:name}/lieutenant/githosts/gitlab-vshn/token}'
     host_keys: |
       git.vshn.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnE1dMkh+3uHWck+cTvQqeNUW0lj1uVcIC9JX2Tg6gmkKCYA73+o+I7vo4g6nPtSOAfITvYdHJLzwE9GwlSFsXHMR9q0ErWl2wC+w6FawLMz9//5XqiBi2qq/8WnWp3ecY16jDoGRW4eymT+USFHKJVi696XBy3WE/0BBapPZ58WPqkKN6A27qkIK6FehI80f+zN4ZqikdwWuCFs35fsimcmLnWqWPm8zbOkgCiB+ov4O/xmRNHwJWCk/qzU6X/M9YtMXzAa5mjwDvcHSAizFD3a3Fv68G1VsmRZ0THLrRKM/WOxrWNZoimSNgyjTzoCwiKeckvL5+hpNcNSW+eBPt