diff --git a/CLAUDE.md b/CLAUDE.md
index 07381ce..213c3a4 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -72,7 +72,10 @@ export TALOSCONFIG=./talos/talosconfig
 - **Namespace race condition**: First `kubectl apply` of a new app often fails because namespace isn't ready. Re-apply once.
 - **Traefik DaemonSet updates**: Requires `updateStrategy.rollingUpdate.maxSurge: 0` because hostPort conflicts prevent surge.
 - **Forgejo Ingress API version**: Chart renders `extensions/v1beta1`, fixed via `ytt/ingress-fix.ytt.yaml` overlay to `networking.k8s.io/v1`.
-- **ArgoCD Phase 3**: Repo not yet pushed to Forgejo, ArgoCD not yet wired.
+- **ArgoCD**: Fully wired to Forgejo via App of Apps. Root Application in `default` project syncs `rendered/argocd/production/`. Deploy key provisioned automatically by `argocd-deploy-key-init` Job in forgejo namespace.
+
+## Container Images
+- **Never use bitnami images.** Use `alpine/k8s` or plain `alpine` for utility Jobs instead.
 
 ## Secrets (not in git)
 - `cert-manager/letsencrypt-account-key` — ACME account key (auto-generated)
diff --git a/envs/_env/argocd/secret.overlay.ytt.yaml b/envs/_env/argocd/secret.overlay.ytt.yaml
deleted file mode 100644
index bcd1cb2..0000000
--- a/envs/_env/argocd/secret.overlay.ytt.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
----
-#@ def secret_fragment():
-kind: Secret
-metadata:
-  labels:
-    argocd.argoproj.io/secret-type: cluster
-#@ end
-
-#@overlay/match by=overlay.subset(secret_fragment()), expects="0+"
----
-stringData:
-  config: ARGOCD_CLUSTER_CONNECT_CONFIG
-  server: ARGOCD_CLUSTER_SERVER_URL
diff --git a/envs/env-data.ytt.yaml b/envs/env-data.ytt.yaml
index e8bb4e0..33eee95 100644
--- a/envs/env-data.ytt.yaml
+++ b/envs/env-data.ytt.yaml
@@ -5,5 +5,13 @@ argocd:
   app:
     prefix: app-
     finalizers: []
+    source:
+      repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+    destination:
+      server: https://kubernetes.default.svc
   project:
     prefix: env-
+    destination:
+      server: https://kubernetes.default.svc
+  env:
+    generateSecret: false
diff --git a/prototypes/argocd/helm/argo-cd.yaml b/prototypes/argocd/helm/argo-cd.yaml
index 439f20f..0960723 100644
--- a/prototypes/argocd/helm/argo-cd.yaml
+++ b/prototypes/argocd/helm/argo-cd.yaml
@@ -9,6 +9,12 @@ global:
 configs:
   params:
     server.insecure: true
+  cm:
+    resource.customizations.ignoreDifferences.all: |
+      managedFieldsManagers:
+        - kube-controller-manager
+      jsonPointers:
+        - /status
 
 server:
   ingress:
diff --git a/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml b/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml
index ceede1d..2b8a02a 100644
--- a/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml
+++ b/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml
@@ -41,6 +41,8 @@ kind: Job
 metadata:
   name: forgejo-admin-secret-init
   namespace: #@ ns
+  annotations:
+    argocd.argoproj.io/sync-options: Replace=true
 spec:
   ttlSecondsAfterFinished: 300
   template:
@@ -49,7 +51,7 @@ spec:
       restartPolicy: OnFailure
       containers:
         - name: init
-          image: bitnami/kubectl:latest
+          image: alpine/k8s:1.32.3
           command:
             - sh
             - -c
diff --git a/prototypes/forgejo/ytt/argocd-deploy-key-job.ytt.yaml b/prototypes/forgejo/ytt/argocd-deploy-key-job.ytt.yaml
new file mode 100644
index 0000000..18014d6
--- /dev/null
+++ b/prototypes/forgejo/ytt/argocd-deploy-key-job.ytt.yaml
@@ -0,0 +1,139 @@
+#@ load("@ytt:data", "data")
+
+#@ ns = data.values.application.namespace
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-deploy-key-init
+  namespace: #@ ns
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argocd-deploy-key-init
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-deploy-key-init
+subjects:
+  - kind: ServiceAccount
+    name: argocd-deploy-key-init
+    namespace: #@ ns
+roleRef:
+  kind: ClusterRole
+  name: argocd-deploy-key-init
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: argocd-deploy-key-init
+  namespace: #@ ns
+  annotations:
+    argocd.argoproj.io/sync-options: Replace=true
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: argocd-deploy-key-init
+      restartPolicy: OnFailure
+      containers:
+        - name: init
+          image: alpine/k8s:1.32.3
+          command:
+            - sh
+            - -c
+            - |
+              set -e
+
+              apk add --no-cache openssh-keygen > /dev/null 2>&1
+
+              ARGOCD_NS="argocd"
+              REPO_SECRET="forgejo-repo"
+              REPO_URL="ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git"
+              FORGEJO_URL="https://git.tr1ceracop.de"
+              REPO_OWNER="gitea_admin"
+              REPO_NAME="k8s-and-chill"
+
+              # Wait for Forgejo to be ready
+              echo "Waiting for Forgejo to be ready..."
+              for i in $(seq 1 60); do
+                if curl -sk "${FORGEJO_URL}/api/v1/version" >/dev/null 2>&1; then
+                  echo "Forgejo HTTPS is ready"
+                  break
+                fi
+                if [ "$i" -eq 60 ]; then
+                  echo "Forgejo did not become ready in time"
+                  exit 1
+                fi
+                sleep 5
+              done
+
+              # Check if ArgoCD repo secret already exists
+              if kubectl get secret "${REPO_SECRET}" -n "${ARGOCD_NS}" >/dev/null 2>&1; then
+                echo "Secret ${REPO_SECRET} already exists in ${ARGOCD_NS}, skipping"
+                exit 0
+              fi
+
+              # Read admin credentials
+              ADMIN_USER=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.username}' | base64 -d)
+              ADMIN_PASS=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.password}' | base64 -d)
+
+              # Generate ed25519 SSH keypair
+              KEYDIR=$(mktemp -d)
+              ssh-keygen -t ed25519 -f "${KEYDIR}/id_ed25519" -N "" -q
+              PRIVKEY=$(cat "${KEYDIR}/id_ed25519")
+              PUBKEY=$(cat "${KEYDIR}/id_ed25519.pub")
+              rm -rf "${KEYDIR}"
+
+              # Register deploy key via Forgejo API
+              echo "Registering deploy key..."
+              HTTP_CODE=$(curl -sk -o /tmp/response.json -w "%{http_code}" \
+                -X POST "${FORGEJO_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/keys" \
+                -H "Content-Type: application/json" \
+                -u "${ADMIN_USER}:${ADMIN_PASS}" \
+                -d "{\"title\":\"argocd-deploy-key\",\"key\":\"${PUBKEY}\",\"read_only\":true}")
+
+              if [ "${HTTP_CODE}" = "201" ]; then
+                echo "Deploy key registered successfully"
+              elif [ "${HTTP_CODE}" = "422" ]; then
+                echo "Deploy key already exists in Forgejo (422), continuing"
+              else
+                echo "Failed to register deploy key: HTTP ${HTTP_CODE}"
+                cat /tmp/response.json
+                exit 1
+              fi
+
+              # Create ArgoCD repository secret with insecure flag (skip host key verification)
+              cat <<EOSECRET | kubectl apply -f -
+              apiVersion: v1
+              kind: Secret
+              metadata:
+                name: ${REPO_SECRET}
+                namespace: ${ARGOCD_NS}
+                labels:
+                  argocd.argoproj.io/secret-type: repository
+              stringData:
+                type: git
+                url: "${REPO_URL}"
+                insecure: "true"
+                sshPrivateKey: |
+              $(echo "${PRIVKEY}" | sed 's/^/            /')
+              EOSECRET
+
+              echo "Created ArgoCD repository secret ${REPO_SECRET} in ${ARGOCD_NS}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
diff --git a/rendered/argocd/production/app-argocd.yaml b/rendered/argocd/production/app-argocd.yaml
index 012582c..5d4b493 100644
--- a/rendered/argocd/production/app-argocd.yaml
+++ b/rendered/argocd/production/app-argocd.yaml
@@ -9,12 +9,12 @@ metadata:
   namespace: argocd
 spec:
   destination:
-    name: production
     namespace: argocd
+    server: https://kubernetes.default.svc
   project: env-production
   source:
     path: rendered/envs/production/argocd
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     targetRevision: main
   syncPolicy:
     automated:
diff --git a/rendered/argocd/production/app-cert-manager.yaml b/rendered/argocd/production/app-cert-manager.yaml
index c789c6e..86409cf 100644
--- a/rendered/argocd/production/app-cert-manager.yaml
+++ b/rendered/argocd/production/app-cert-manager.yaml
@@ -9,12 +9,12 @@ metadata:
   namespace: argocd
 spec:
   destination:
-    name: production
     namespace: cert-manager
+    server: https://kubernetes.default.svc
   project: env-production
   source:
     path: rendered/envs/production/cert-manager
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     targetRevision: main
   syncPolicy:
     automated:
diff --git a/rendered/argocd/production/app-forgejo.yaml b/rendered/argocd/production/app-forgejo.yaml
index bd712f0..aeed240 100644
--- a/rendered/argocd/production/app-forgejo.yaml
+++ b/rendered/argocd/production/app-forgejo.yaml
@@ -9,8 +9,8 @@ metadata:
   namespace: argocd
 spec:
   destination:
-    name: production
     namespace: forgejo
+    server: https://kubernetes.default.svc
   project: env-production
   source:
     path: rendered/envs/production/forgejo
diff --git a/rendered/argocd/production/app-traefik.yaml b/rendered/argocd/production/app-traefik.yaml
index 214ee1a..3a8934b 100644
--- a/rendered/argocd/production/app-traefik.yaml
+++ b/rendered/argocd/production/app-traefik.yaml
@@ -9,12 +9,12 @@ metadata:
   namespace: argocd
 spec:
   destination:
-    name: production
     namespace: traefik
+    server: https://kubernetes.default.svc
   project: env-production
   source:
     path: rendered/envs/production/traefik
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     targetRevision: main
   syncPolicy:
     automated:
diff --git a/rendered/argocd/production/env-production.yaml b/rendered/argocd/production/env-production.yaml
index 25fa023..7d40bd8 100644
--- a/rendered/argocd/production/env-production.yaml
+++ b/rendered/argocd/production/env-production.yaml
@@ -14,24 +14,9 @@ spec:
     kind: '*'
   destinations:
   - namespace: '*'
-    name: production
+    server: https://kubernetes.default.svc
   namespaceResourceWhitelist:
   - group: '*'
     kind: '*'
   sourceRepos:
   - '*'
----
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    argocd.argoproj.io/secret-type: cluster
-  name: production
-  namespace: argocd
-  annotations:
-    myks.dev/environment: production
-stringData:
-  config: ARGOCD_CLUSTER_CONNECT_CONFIG
-  name: production
-  project: env-production
-  server: ARGOCD_CLUSTER_SERVER_URL
diff --git a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml
index 9342d3b..840f90b 100644
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml
index df8375c..13888ec 100644
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml
index 9068ff4..aa551e0 100644
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml
index e73f31b..56e0caf 100644
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml
index d2b36e8..91e0573 100644
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml
index cbb3619..1838cdd 100644
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml b/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml
index 46ce3c2..2d3356e 100644
--- a/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml
+++ b/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml
@@ -29,7 +29,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: redis
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argocd-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-cm.yaml
index 34cbdec..8d38dff 100644
--- a/rendered/envs/production/argocd/configmap-argocd-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-cm.yaml
@@ -4,6 +4,11 @@ data:
   application.instanceLabelKey: argocd.argoproj.io/instance
   application.sync.impersonation.enabled: "false"
   exec.enabled: "false"
+  resource.customizations.ignoreDifferences.all: |
+    managedFieldsManagers:
+      - kube-controller-manager
+    jsonPointers:
+      - /status
   server.rbac.log.enforce.enable: "false"
   statusbadge.enabled: "false"
   timeout.hard.reconciliation: 0s
@@ -12,7 +17,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml
index 0df3447..d9bc442 100644
--- a/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml
@@ -41,7 +41,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml
index fa65eec..ba5396d 100644
--- a/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: argo-cd
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml
index f2075f7..f24d67c 100644
--- a/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml
@@ -5,7 +5,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml
index fac56f8..efa6c01 100644
--- a/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml
@@ -7,7 +7,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml
index 4bddafd..55310fb 100644
--- a/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml
@@ -18,7 +18,7 @@ data:
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: argo-cd
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml b/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml
index 3640c78..b3db86b 100644
--- a/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: argo-cd
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml b/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml
index 263012d..9c68835 100644
--- a/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/name: applications.argoproj.io
diff --git a/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml b/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml
index b63f3b8..de1f9da 100644
--- a/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/name: applicationsets.argoproj.io
diff --git a/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml b/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml
index a2e0072..4e2fb76 100644
--- a/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app.kubernetes.io/name: appprojects.argoproj.io
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml
index 0b5ac1b..9a1b1c6 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: applicationset-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml
index 8d7ac8b..8d052c8 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: dex-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml
index 7a44963..0b56685 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml
index 0c3b1e9..a812c40 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: redis
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml
index 722eb9e..cf52a3d 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: repo-server
     app.kubernetes.io/instance: argo-cd
@@ -23,7 +23,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
         checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
       labels:
         app.kubernetes.io/component: repo-server
diff --git a/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml
index 2dc6b69..491aa79 100644
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
@@ -23,7 +23,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
         checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
       labels:
         app.kubernetes.io/component: server
diff --git a/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml
index 1e38a55..5248420 100644
--- a/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     cert-manager.io/cluster-issuer: letsencrypt
   labels:
     app.kubernetes.io/component: server
diff --git a/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml b/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml
index 1a21162..0185059 100644
--- a/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml
@@ -2,7 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-delete-policy: before-hook-creation
   labels:
diff --git a/rendered/envs/production/argocd/namespace-argocd.yaml b/rendered/envs/production/argocd/namespace-argocd.yaml
index 8bf8ac0..a44ad41 100644
--- a/rendered/envs/production/argocd/namespace-argocd.yaml
+++ b/rendered/envs/production/argocd/namespace-argocd.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     pod-security.kubernetes.io/enforce: privileged
   name: argocd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml
index e6ce438..855315f 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml
index b2ba07e..12bc650 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: applicationset-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml
index b4d314a..b050018 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: dex-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml
index defe73e..613a6d3 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml
index 3a88166..0d13898 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-delete-policy: before-hook-creation
   labels:
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml
index d8b0818..a282c30 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: repo-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml
index ee08878..ce3fbb3 100644
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml
index c7241de..5b8eea9 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml
index 4a08277..5cd81f6 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: applicationset-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml
index fe3241d..4e048b8 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: dex-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml
index 8745231..91af39a 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml
index 4a0e978..e8340ca 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-delete-policy: before-hook-creation
   labels:
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml
index 30eeae4..4167748 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: repo-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml
index f69efa9..f173434 100644
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml b/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml
index d83047d..e3233dd 100644
--- a/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml
+++ b/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/secret-argocd-secret.yaml b/rendered/envs/production/argocd/secret-argocd-secret.yaml
index ec187cc..4af5feb 100644
--- a/rendered/envs/production/argocd/secret-argocd-secret.yaml
+++ b/rendered/envs/production/argocd/secret-argocd-secret.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml
index fdaf829..d197be8 100644
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: applicationset-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml
index 04659e4..42f28bf 100644
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: dex-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml
index b26a748..52dc627 100644
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: redis
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml
index 5bd0e05..e1afbfa 100644
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: repo-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml b/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml
index 7f95824..f1503b7 100644
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml
index 2ab2117..6c29296 100644
--- a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-delete-policy: before-hook-creation
   labels:
diff --git a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml
index b75d996..686a0b2 100644
--- a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: repo-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml b/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml
index 7ace720..2abb88e 100644
--- a/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml b/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml
index afa1669..a20e707 100644
--- a/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: applicationset-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml b/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml
index b28b82f..dfa74ab 100644
--- a/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: dex-server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml b/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml
index ee9de3c..f091b87 100644
--- a/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: notifications-controller
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml b/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml
index f96781c..d1744ab 100644
--- a/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: server
     app.kubernetes.io/instance: argo-cd
diff --git a/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml b/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml
index a7583f5..3782acf 100644
--- a/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/component: application-controller
     app.kubernetes.io/instance: argo-cd
@@ -24,7 +24,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
         checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
       labels:
         app.kubernetes.io/component: application-controller
diff --git a/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml b/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml
index 936bb10..967327f 100644
--- a/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml
+++ b/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml
@@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   name: letsencrypt
   namespace: cert-manager
 spec:
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml
index e964a3e..4fcf14d 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml
index 8bb4226..3ee32b0 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml
index d640aeb..4a00630 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: cert-manager
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml
index a28d867..74c18c5 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml
index dc79ac7..16a4890 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: cert-manager
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml
index d8b73ca..5fbee97 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml
index 4acb10f..ab0b48f 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml
index 074d933..791797b 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml
index 38553c8..acbd92e 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml
index 01e90a1..8bffebf 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml
index 8782e03..112f2b5 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml
index 0ec4839..ad6b53f 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml b/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml
index 9581587..a08febd 100644
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml
index c98a9da..02fc259 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml
index c3999b9..e182f63 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: cert-manager
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml
index de27065..c578de0 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml
index 45e4987..7e7571e 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: cert-manager
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml
index 6337cce..867bbd1 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml
index 6da2246..7f06c07 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml
index efee985..d9d3be9 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml
index 37a1e49..51718f2 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml
index bb03288..fb689b0 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml
index 907185e..5838c9c 100644
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml
index 706edeb..3c1b992 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml
index 8510ddd..bc83172 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml
index 7071940..24a1e1d 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml
index 0f8e98c..0452b40 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml
index 7b5dda6..de3d752 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml b/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml
index c77786c..495949e 100644
--- a/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/resource-policy: keep
   labels:
     app: cert-manager
diff --git a/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml b/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml
index 066f4fb..1bc4db2 100644
--- a/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml b/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml
index ffc4a68..827f580 100644
--- a/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/deployment-cert-manager.yaml b/rendered/envs/production/cert-manager/deployment-cert-manager.yaml
index 8dc72c8..058cddc 100644
--- a/rendered/envs/production/cert-manager/deployment-cert-manager.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml b/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml
index d55704d..a90eb5a 100644
--- a/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml
+++ b/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml
@@ -2,7 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: post-install
     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
     helm.sh/hook-weight: "1"
diff --git a/rendered/envs/production/cert-manager/mutatingwebhookconfiguration-cert-manager-webhook.yaml b/rendered/envs/production/cert-manager/mutatingwebhookconfiguration-cert-manager-webhook.yaml
index 2fc52c4..07920f0 100644
--- a/rendered/envs/production/cert-manager/mutatingwebhookconfiguration-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/mutatingwebhookconfiguration-cert-manager-webhook.yaml
@@ -2,7 +2,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
   labels:
     app: webhook
diff --git a/rendered/envs/production/cert-manager/namespace-cert-manager.yaml b/rendered/envs/production/cert-manager/namespace-cert-manager.yaml
index 91a3b66..27c9353 100644
--- a/rendered/envs/production/cert-manager/namespace-cert-manager.yaml
+++ b/rendered/envs/production/cert-manager/namespace-cert-manager.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     pod-security.kubernetes.io/enforce: privileged
   name: cert-manager
diff --git a/rendered/envs/production/cert-manager/role-cert-manager-cainjector_leaderelection.yaml b/rendered/envs/production/cert-manager/role-cert-manager-cainjector_leaderelection.yaml
index 04b76eb..0689688 100644
--- a/rendered/envs/production/cert-manager/role-cert-manager-cainjector_leaderelection.yaml
+++ b/rendered/envs/production/cert-manager/role-cert-manager-cainjector_leaderelection.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/role-cert-manager-startupapicheck_create-cert.yaml b/rendered/envs/production/cert-manager/role-cert-manager-startupapicheck_create-cert.yaml
index a75ef51..0106aa1 100644
--- a/rendered/envs/production/cert-manager/role-cert-manager-startupapicheck_create-cert.yaml
+++ b/rendered/envs/production/cert-manager/role-cert-manager-startupapicheck_create-cert.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: post-install
     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
     helm.sh/hook-weight: "-5"
diff --git a/rendered/envs/production/cert-manager/role-cert-manager-tokenrequest.yaml b/rendered/envs/production/cert-manager/role-cert-manager-tokenrequest.yaml
index ce351ff..859178c 100644
--- a/rendered/envs/production/cert-manager/role-cert-manager-tokenrequest.yaml
+++ b/rendered/envs/production/cert-manager/role-cert-manager-tokenrequest.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/role-cert-manager-webhook_dynamic-serving.yaml b/rendered/envs/production/cert-manager/role-cert-manager-webhook_dynamic-serving.yaml
index 6ef5e44..40ca268 100644
--- a/rendered/envs/production/cert-manager/role-cert-manager-webhook_dynamic-serving.yaml
+++ b/rendered/envs/production/cert-manager/role-cert-manager-webhook_dynamic-serving.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/role-cert-manager_leaderelection.yaml b/rendered/envs/production/cert-manager/role-cert-manager_leaderelection.yaml
index c767d55..f278a35 100644
--- a/rendered/envs/production/cert-manager/role-cert-manager_leaderelection.yaml
+++ b/rendered/envs/production/cert-manager/role-cert-manager_leaderelection.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/rolebinding-cert-manager-cainjector_leaderelection.yaml b/rendered/envs/production/cert-manager/rolebinding-cert-manager-cainjector_leaderelection.yaml
index be67160..8801335 100644
--- a/rendered/envs/production/cert-manager/rolebinding-cert-manager-cainjector_leaderelection.yaml
+++ b/rendered/envs/production/cert-manager/rolebinding-cert-manager-cainjector_leaderelection.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/rolebinding-cert-manager-cert-manager-tokenrequest.yaml b/rendered/envs/production/cert-manager/rolebinding-cert-manager-cert-manager-tokenrequest.yaml
index c6e3f6e..01aca37 100644
--- a/rendered/envs/production/cert-manager/rolebinding-cert-manager-cert-manager-tokenrequest.yaml
+++ b/rendered/envs/production/cert-manager/rolebinding-cert-manager-cert-manager-tokenrequest.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/rolebinding-cert-manager-startupapicheck_create-cert.yaml b/rendered/envs/production/cert-manager/rolebinding-cert-manager-startupapicheck_create-cert.yaml
index c0bd36e..5c855fb 100644
--- a/rendered/envs/production/cert-manager/rolebinding-cert-manager-startupapicheck_create-cert.yaml
+++ b/rendered/envs/production/cert-manager/rolebinding-cert-manager-startupapicheck_create-cert.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: post-install
     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
     helm.sh/hook-weight: "-5"
diff --git a/rendered/envs/production/cert-manager/rolebinding-cert-manager-webhook_dynamic-serving.yaml b/rendered/envs/production/cert-manager/rolebinding-cert-manager-webhook_dynamic-serving.yaml
index 01919ee..49beee7 100644
--- a/rendered/envs/production/cert-manager/rolebinding-cert-manager-webhook_dynamic-serving.yaml
+++ b/rendered/envs/production/cert-manager/rolebinding-cert-manager-webhook_dynamic-serving.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/rolebinding-cert-manager_leaderelection.yaml b/rendered/envs/production/cert-manager/rolebinding-cert-manager_leaderelection.yaml
index 77bb7cb..b00a67e 100644
--- a/rendered/envs/production/cert-manager/rolebinding-cert-manager_leaderelection.yaml
+++ b/rendered/envs/production/cert-manager/rolebinding-cert-manager_leaderelection.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/service-cert-manager-cainjector.yaml b/rendered/envs/production/cert-manager/service-cert-manager-cainjector.yaml
index c5a401f..f262513 100644
--- a/rendered/envs/production/cert-manager/service-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/service-cert-manager-cainjector.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/service-cert-manager-webhook.yaml b/rendered/envs/production/cert-manager/service-cert-manager-webhook.yaml
index 804ba6e..2c2671e 100644
--- a/rendered/envs/production/cert-manager/service-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/service-cert-manager-webhook.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/service-cert-manager.yaml b/rendered/envs/production/cert-manager/service-cert-manager.yaml
index a6cc35e..7bfa0a5 100644
--- a/rendered/envs/production/cert-manager/service-cert-manager.yaml
+++ b/rendered/envs/production/cert-manager/service-cert-manager.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-cainjector.yaml b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-cainjector.yaml
index 64472f6..7138f93 100644
--- a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-cainjector.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cainjector
     app.kubernetes.io/component: cainjector
diff --git a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-startupapicheck.yaml b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-startupapicheck.yaml
index efe700b..fee4956 100644
--- a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-startupapicheck.yaml
+++ b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-startupapicheck.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     helm.sh/hook: post-install
     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
     helm.sh/hook-weight: "-5"
diff --git a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-webhook.yaml b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-webhook.yaml
index 6e4a049..fd24591 100644
--- a/rendered/envs/production/cert-manager/serviceaccount-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/serviceaccount-cert-manager-webhook.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: webhook
     app.kubernetes.io/component: webhook
diff --git a/rendered/envs/production/cert-manager/serviceaccount-cert-manager.yaml b/rendered/envs/production/cert-manager/serviceaccount-cert-manager.yaml
index 41548ba..3383ae7 100644
--- a/rendered/envs/production/cert-manager/serviceaccount-cert-manager.yaml
+++ b/rendered/envs/production/cert-manager/serviceaccount-cert-manager.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app: cert-manager
     app.kubernetes.io/component: controller
diff --git a/rendered/envs/production/cert-manager/validatingwebhookconfiguration-cert-manager-webhook.yaml b/rendered/envs/production/cert-manager/validatingwebhookconfiguration-cert-manager-webhook.yaml
index 1c3cd47..31a4367 100644
--- a/rendered/envs/production/cert-manager/validatingwebhookconfiguration-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/validatingwebhookconfiguration-cert-manager-webhook.yaml
@@ -2,7 +2,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
   labels:
     app: webhook
diff --git a/rendered/envs/production/forgejo/clusterrole-argocd-deploy-key-init.yaml b/rendered/envs/production/forgejo/clusterrole-argocd-deploy-key-init.yaml
new file mode 100644
index 0000000..d24d89f
--- /dev/null
+++ b/rendered/envs/production/forgejo/clusterrole-argocd-deploy-key-init.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+  name: argocd-deploy-key-init
+  namespace: forgejo
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - create
diff --git a/rendered/envs/production/forgejo/clusterrolebinding-argocd-deploy-key-init.yaml b/rendered/envs/production/forgejo/clusterrolebinding-argocd-deploy-key-init.yaml
new file mode 100644
index 0000000..2b7b7ea
--- /dev/null
+++ b/rendered/envs/production/forgejo/clusterrolebinding-argocd-deploy-key-init.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+  name: argocd-deploy-key-init
+  namespace: forgejo
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argocd-deploy-key-init
+subjects:
+  - kind: ServiceAccount
+    name: argocd-deploy-key-init
+    namespace: forgejo
diff --git a/rendered/envs/production/forgejo/job-argocd-deploy-key-init.yaml b/rendered/envs/production/forgejo/job-argocd-deploy-key-init.yaml
new file mode 100644
index 0000000..76763a9
--- /dev/null
+++ b/rendered/envs/production/forgejo/job-argocd-deploy-key-init.yaml
@@ -0,0 +1,104 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  annotations:
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+    argocd.argoproj.io/sync-options: Replace=true
+  name: argocd-deploy-key-init
+  namespace: forgejo
+spec:
+  template:
+    spec:
+      containers:
+        - command:
+            - sh
+            - -c
+            - |
+              set -e
+
+              apk add --no-cache openssh-keygen > /dev/null 2>&1
+
+              ARGOCD_NS="argocd"
+              REPO_SECRET="forgejo-repo"
+              REPO_URL="ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git"
+              FORGEJO_URL="https://git.tr1ceracop.de"
+              REPO_OWNER="gitea_admin"
+              REPO_NAME="k8s-and-chill"
+
+              # Wait for Forgejo to be ready
+              echo "Waiting for Forgejo to be ready..."
+              for i in $(seq 1 60); do
+                if curl -sk "${FORGEJO_URL}/api/v1/version" >/dev/null 2>&1; then
+                  echo "Forgejo HTTPS is ready"
+                  break
+                fi
+                if [ "$i" -eq 60 ]; then
+                  echo "Forgejo did not become ready in time"
+                  exit 1
+                fi
+                sleep 5
+              done
+
+              # Check if ArgoCD repo secret already exists
+              if kubectl get secret "${REPO_SECRET}" -n "${ARGOCD_NS}" >/dev/null 2>&1; then
+                echo "Secret ${REPO_SECRET} already exists in ${ARGOCD_NS}, skipping"
+                exit 0
+              fi
+
+              # Read admin credentials
+              ADMIN_USER=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.username}' | base64 -d)
+              ADMIN_PASS=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.password}' | base64 -d)
+
+              # Generate ed25519 SSH keypair
+              KEYDIR=$(mktemp -d)
+              ssh-keygen -t ed25519 -f "${KEYDIR}/id_ed25519" -N "" -q
+              PRIVKEY=$(cat "${KEYDIR}/id_ed25519")
+              PUBKEY=$(cat "${KEYDIR}/id_ed25519.pub")
+              rm -rf "${KEYDIR}"
+
+              # Register deploy key via Forgejo API
+              echo "Registering deploy key..."
+              HTTP_CODE=$(curl -sk -o /tmp/response.json -w "%{http_code}" \
+                -X POST "${FORGEJO_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/keys" \
+                -H "Content-Type: application/json" \
+                -u "${ADMIN_USER}:${ADMIN_PASS}" \
+                -d "{\"title\":\"argocd-deploy-key\",\"key\":\"${PUBKEY}\",\"read_only\":true}")
+
+              if [ "${HTTP_CODE}" = "201" ]; then
+                echo "Deploy key registered successfully"
+              elif [ "${HTTP_CODE}" = "422" ]; then
+                echo "Deploy key already exists in Forgejo (422), continuing"
+              else
+                echo "Failed to register deploy key: HTTP ${HTTP_CODE}"
+                cat /tmp/response.json
+                exit 1
+              fi
+
+              # Create ArgoCD repository secret with insecure flag (skip host key verification)
+              cat <<EOSECRET | kubectl apply -f -
+              apiVersion: v1
+              kind: Secret
+              metadata:
+                name: ${REPO_SECRET}
+                namespace: ${ARGOCD_NS}
+                labels:
+                  argocd.argoproj.io/secret-type: repository
+              stringData:
+                type: git
+                url: "${REPO_URL}"
+                insecure: "true"
+                sshPrivateKey: |
+              $(echo "${PRIVKEY}" | sed 's/^/            /')
+              EOSECRET
+
+              echo "Created ArgoCD repository secret ${REPO_SECRET} in ${ARGOCD_NS}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          image: alpine/k8s:1.32.3
+          name: init
+      restartPolicy: OnFailure
+      serviceAccountName: argocd-deploy-key-init
+  ttlSecondsAfterFinished: 300
diff --git a/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml b/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml
index b6cbe06..59c8de7 100644
--- a/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml
+++ b/rendered/envs/production/forgejo/job-forgejo-admin-secret-init.yaml
@@ -3,6 +3,7 @@ kind: Job
 metadata:
   annotations:
     a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+    argocd.argoproj.io/sync-options: Replace=true
   name: forgejo-admin-secret-init
   namespace: forgejo
 spec:
@@ -28,7 +29,7 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-          image: bitnami/kubectl:latest
+          image: alpine/k8s:1.32.3
           name: init
       restartPolicy: OnFailure
       serviceAccountName: forgejo-admin-secret-init
diff --git a/rendered/envs/production/forgejo/serviceaccount-argocd-deploy-key-init.yaml b/rendered/envs/production/forgejo/serviceaccount-argocd-deploy-key-init.yaml
new file mode 100644
index 0000000..7f92ef4
--- /dev/null
+++ b/rendered/envs/production/forgejo/serviceaccount-argocd-deploy-key-init.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+  name: argocd-deploy-key-init
+  namespace: forgejo
diff --git a/rendered/envs/production/traefik/clusterrole-traefik-traefik.yaml b/rendered/envs/production/traefik/clusterrole-traefik-traefik.yaml
index fd001f0..9b1f4e6 100644
--- a/rendered/envs/production/traefik/clusterrole-traefik-traefik.yaml
+++ b/rendered/envs/production/traefik/clusterrole-traefik-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: traefik-traefik
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/traefik/clusterrolebinding-traefik-traefik.yaml b/rendered/envs/production/traefik/clusterrolebinding-traefik-traefik.yaml
index 1225bb2..0cb768e 100644
--- a/rendered/envs/production/traefik/clusterrolebinding-traefik-traefik.yaml
+++ b/rendered/envs/production/traefik/clusterrolebinding-traefik-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: traefik-traefik
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/traefik/customresourcedefinition-accesscontrolpolicies.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-accesscontrolpolicies.hub.traefik.io.yaml
index 3a77010..4cf9199 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-accesscontrolpolicies.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-accesscontrolpolicies.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: accesscontrolpolicies.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-aiservices.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-aiservices.hub.traefik.io.yaml
index 229e459..02eecfc 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-aiservices.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-aiservices.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: aiservices.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiauths.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiauths.hub.traefik.io.yaml
index 85abe74..201873e 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiauths.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiauths.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiauths.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apibundles.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apibundles.hub.traefik.io.yaml
index c3e50e6..9dfd03f 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apibundles.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apibundles.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apibundles.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apicatalogitems.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apicatalogitems.hub.traefik.io.yaml
index c792860..231c27e 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apicatalogitems.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apicatalogitems.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apicatalogitems.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiplans.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiplans.hub.traefik.io.yaml
index 219672b..c54fd87 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiplans.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiplans.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiplans.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiportalauths.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiportalauths.hub.traefik.io.yaml
index 468f2f6..523ea69 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiportalauths.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiportalauths.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiportalauths.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiportals.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiportals.hub.traefik.io.yaml
index 57cdb34..b68ebe8 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiportals.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiportals.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiportals.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiratelimits.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiratelimits.hub.traefik.io.yaml
index a8acff3..66e1334 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiratelimits.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiratelimits.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiratelimits.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apis.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apis.hub.traefik.io.yaml
index bee114d..08d5d16 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apis.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apis.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apis.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-apiversions.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-apiversions.hub.traefik.io.yaml
index c484af8..fa0b18a 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-apiversions.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-apiversions.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: apiversions.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-backendtlspolicies.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-backendtlspolicies.gateway.networking.k8s.io.yaml
index 3a2eac8..6b5e6cf 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-backendtlspolicies.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-backendtlspolicies.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-gatewayclasses.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-gatewayclasses.gateway.networking.k8s.io.yaml
index 976c041..21cdaa4 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-gatewayclasses.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-gatewayclasses.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-gateways.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-gateways.gateway.networking.k8s.io.yaml
index fb23a72..b4aa474 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-gateways.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-gateways.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-grpcroutes.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-grpcroutes.gateway.networking.k8s.io.yaml
index 10c3724..a069483 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-grpcroutes.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-grpcroutes.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-httproutes.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-httproutes.gateway.networking.k8s.io.yaml
index 60ff46b..901facc 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-httproutes.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-httproutes.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-ingressroutes.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-ingressroutes.traefik.io.yaml
index 79bdca7..0b8a6df 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-ingressroutes.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-ingressroutes.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: ingressroutes.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-ingressroutetcps.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-ingressroutetcps.traefik.io.yaml
index ee349f5..c1a71f7 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-ingressroutetcps.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-ingressroutetcps.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: ingressroutetcps.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-ingressrouteudps.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-ingressrouteudps.traefik.io.yaml
index 1467307..4fe0ff5 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-ingressrouteudps.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-ingressrouteudps.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: ingressrouteudps.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-managedapplications.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-managedapplications.hub.traefik.io.yaml
index 18459fc..dadbba6 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-managedapplications.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-managedapplications.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: managedapplications.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-managedsubscriptions.hub.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-managedsubscriptions.hub.traefik.io.yaml
index 84e5b04..ef5af6f 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-managedsubscriptions.hub.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-managedsubscriptions.hub.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.17.1
   name: managedsubscriptions.hub.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-middlewares.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-middlewares.traefik.io.yaml
index 111f9bb..2700c49 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-middlewares.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-middlewares.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: middlewares.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-middlewaretcps.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-middlewaretcps.traefik.io.yaml
index 01db37c..5f220af 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-middlewaretcps.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-middlewaretcps.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: middlewaretcps.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-referencegrants.gateway.networking.k8s.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-referencegrants.gateway.networking.k8s.io.yaml
index 08a578f..56156f1 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-referencegrants.gateway.networking.k8s.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-referencegrants.gateway.networking.k8s.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/3328
     gateway.networking.k8s.io/bundle-version: v1.4.0
     gateway.networking.k8s.io/channel: standard
diff --git a/rendered/envs/production/traefik/customresourcedefinition-serverstransports.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-serverstransports.traefik.io.yaml
index 430d70b..71bc9d7 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-serverstransports.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-serverstransports.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: serverstransports.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-serverstransporttcps.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-serverstransporttcps.traefik.io.yaml
index 26460bb..cd5b609 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-serverstransporttcps.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-serverstransporttcps.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: serverstransporttcps.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-tlsoptions.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-tlsoptions.traefik.io.yaml
index e5e0c60..eb872f6 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-tlsoptions.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-tlsoptions.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: tlsoptions.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-tlsstores.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-tlsstores.traefik.io.yaml
index c9adb37..2540f95 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-tlsstores.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-tlsstores.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: tlsstores.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/customresourcedefinition-traefikservices.traefik.io.yaml b/rendered/envs/production/traefik/customresourcedefinition-traefikservices.traefik.io.yaml
index 2c98500..9c8f1a0 100644
--- a/rendered/envs/production/traefik/customresourcedefinition-traefikservices.traefik.io.yaml
+++ b/rendered/envs/production/traefik/customresourcedefinition-traefikservices.traefik.io.yaml
@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     controller-gen.kubebuilder.io/version: v0.19.0
   name: traefikservices.traefik.io
   namespace: traefik
diff --git a/rendered/envs/production/traefik/daemonset-traefik.yaml b/rendered/envs/production/traefik/daemonset-traefik.yaml
index 1828cdc..c4a22de 100644
--- a/rendered/envs/production/traefik/daemonset-traefik.yaml
+++ b/rendered/envs/production/traefik/daemonset-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: traefik-traefik
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/traefik/ingressclass-traefik.yaml b/rendered/envs/production/traefik/ingressclass-traefik.yaml
index 47a8090..538ca69 100644
--- a/rendered/envs/production/traefik/ingressclass-traefik.yaml
+++ b/rendered/envs/production/traefik/ingressclass-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
     ingressclass.kubernetes.io/is-default-class: "true"
   labels:
     app.kubernetes.io/instance: traefik-traefik
diff --git a/rendered/envs/production/traefik/namespace-traefik.yaml b/rendered/envs/production/traefik/namespace-traefik.yaml
index e790f0e..ce84e38 100644
--- a/rendered/envs/production/traefik/namespace-traefik.yaml
+++ b/rendered/envs/production/traefik/namespace-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     pod-security.kubernetes.io/enforce: privileged
   name: traefik
diff --git a/rendered/envs/production/traefik/service-traefik.yaml b/rendered/envs/production/traefik/service-traefik.yaml
index 15eb471..ba0e6db 100644
--- a/rendered/envs/production/traefik/service-traefik.yaml
+++ b/rendered/envs/production/traefik/service-traefik.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: traefik-traefik
     app.kubernetes.io/managed-by: Helm
diff --git a/rendered/envs/production/traefik/serviceaccount-traefik.yaml b/rendered/envs/production/traefik/serviceaccount-traefik.yaml
index b0b9aa3..e0f7d5b 100644
--- a/rendered/envs/production/traefik/serviceaccount-traefik.yaml
+++ b/rendered/envs/production/traefik/serviceaccount-traefik.yaml
@@ -3,7 +3,7 @@ automountServiceAccountToken: false
 kind: ServiceAccount
 metadata:
   annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
   labels:
     app.kubernetes.io/instance: traefik-traefik
     app.kubernetes.io/managed-by: Helm