feat: Wire ArgoCD to Forgejo for GitOps management

Configure myks with global repoURL pointing to Forgejo, in-cluster destination, and disabled placeholder cluster Secret. Implement App of Apps pattern with a root Application that syncs all child apps. Add argocd-deploy-key-init Job that generates an ed25519 SSH keypair, registers it as a deploy key via Forgejo API, and creates the ArgoCD repository secret with insecure host key verification (avoids chicken-and-egg with ArgoCD managing its own known hosts ConfigMap). Additional changes: - Ignore /status field diffs globally (K8s 1.32 compat) - Add Replace=true sync option on Jobs (immutable resource compat) - Switch job images from bitnami/kubectl to alpine/k8s - Update CLAUDE.md with ArgoCD status and no-bitnami rule Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 23:09:50 +02:00 · 2026-03-30 23:09:50 +02:00 · c7bfd4953c
parent 14cb67369d
commit c7bfd4953c
161 changed files with 464 additions and 188 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -72,7 +72,10 @@ export TALOSCONFIG=./talos/talosconfig
 - **Namespace race condition**: First `kubectl apply` of a new app often fails because namespace isn't ready. Re-apply once.
 - **Traefik DaemonSet updates**: Requires `updateStrategy.rollingUpdate.maxSurge: 0` because hostPort conflicts prevent surge.
 - **Forgejo Ingress API version**: Chart renders `extensions/v1beta1`, fixed via `ytt/ingress-fix.ytt.yaml` overlay to `networking.k8s.io/v1`.
- **ArgoCD Phase 3**: Repo not yet pushed to Forgejo, ArgoCD not yet wired.
+- **ArgoCD**: Fully wired to Forgejo via App of Apps. Root Application in `default` project syncs `rendered/argocd/production/`. Deploy key provisioned automatically by `argocd-deploy-key-init` Job in forgejo namespace.
+
+## Container Images
+- **Never use bitnami images.** Use `alpine/k8s` or plain `alpine` for utility Jobs instead.

 ## Secrets (not in git)
 - `cert-manager/letsencrypt-account-key` — ACME account key (auto-generated)
--- a/envs/_env/argocd/secret.overlay.ytt.yaml
+++ b/envs/_env/argocd/secret.overlay.ytt.yaml
@ -1,14 +0,0 @@
-#@ load("@ytt:overlay", "overlay")
---
-#@ def secret_fragment():
-kind: Secret
-metadata:
-  labels:
-    argocd.argoproj.io/secret-type: cluster
-#@ end
-
-#@overlay/match by=overlay.subset(secret_fragment()), expects="0+"
---
-stringData:
-  config: ARGOCD_CLUSTER_CONNECT_CONFIG
-  server: ARGOCD_CLUSTER_SERVER_URL
--- a/envs/env-data.ytt.yaml
+++ b/envs/env-data.ytt.yaml
@ -5,5 +5,13 @@ argocd:
  app:
    prefix: app-
    finalizers: []
+    source:
+      repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+    destination:
+      server: https://kubernetes.default.svc
  project:
    prefix: env-
+    destination:
+      server: https://kubernetes.default.svc
+  env:
+    generateSecret: false
--- a/prototypes/argocd/helm/argo-cd.yaml
+++ b/prototypes/argocd/helm/argo-cd.yaml
@ -9,6 +9,12 @@ global:
 configs:
  params:
    server.insecure: true
+  cm:
+    resource.customizations.ignoreDifferences.all: |
+      managedFieldsManagers:
+        - kube-controller-manager
+      jsonPointers:
+        - /status

 server:
  ingress:
--- a/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml
+++ b/prototypes/forgejo/ytt/admin-secret-job.ytt.yaml
@ -41,6 +41,8 @@ kind: Job
 metadata:
  name: forgejo-admin-secret-init
  namespace: #@ ns
+  annotations:
+    argocd.argoproj.io/sync-options: Replace=true
 spec:
  ttlSecondsAfterFinished: 300
  template:
@ -49,7 +51,7 @@ spec:
      restartPolicy: OnFailure
      containers:
        - name: init
-          image: bitnami/kubectl:latest
+          image: alpine/k8s:1.32.3
          command:
            - sh
            - -c
--- a/prototypes/forgejo/ytt/argocd-deploy-key-job.ytt.yaml
+++ b/prototypes/forgejo/ytt/argocd-deploy-key-job.ytt.yaml
@ -0,0 +1,139 @@
+#@ load("@ytt:data", "data")
+
+#@ ns = data.values.application.namespace
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-deploy-key-init
+  namespace: #@ ns
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argocd-deploy-key-init
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argocd-deploy-key-init
+subjects:
+  - kind: ServiceAccount
+    name: argocd-deploy-key-init
+    namespace: #@ ns
+roleRef:
+  kind: ClusterRole
+  name: argocd-deploy-key-init
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: argocd-deploy-key-init
+  namespace: #@ ns
+  annotations:
+    argocd.argoproj.io/sync-options: Replace=true
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: argocd-deploy-key-init
+      restartPolicy: OnFailure
+      containers:
+        - name: init
+          image: alpine/k8s:1.32.3
+          command:
+            - sh
+            - -c
+            - |
+              set -e
+
+              apk add --no-cache openssh-keygen > /dev/null 2>&1
+
+              ARGOCD_NS="argocd"
+              REPO_SECRET="forgejo-repo"
+              REPO_URL="ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git"
+              FORGEJO_URL="https://git.tr1ceracop.de"
+              REPO_OWNER="gitea_admin"
+              REPO_NAME="k8s-and-chill"
+
+              # Wait for Forgejo to be ready
+              echo "Waiting for Forgejo to be ready..."
+              for i in $(seq 1 60); do
+                if curl -sk "${FORGEJO_URL}/api/v1/version" >/dev/null 2>&1; then
+                  echo "Forgejo HTTPS is ready"
+                  break
+                fi
+                if [ "$i" -eq 60 ]; then
+                  echo "Forgejo did not become ready in time"
+                  exit 1
+                fi
+                sleep 5
+              done
+
+              # Check if ArgoCD repo secret already exists
+              if kubectl get secret "${REPO_SECRET}" -n "${ARGOCD_NS}" >/dev/null 2>&1; then
+                echo "Secret ${REPO_SECRET} already exists in ${ARGOCD_NS}, skipping"
+                exit 0
+              fi
+
+              # Read admin credentials
+              ADMIN_USER=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.username}' | base64 -d)
+              ADMIN_PASS=$(kubectl get secret forgejo-admin-secret -n "${NAMESPACE}" -o jsonpath='{.data.password}' | base64 -d)
+
+              # Generate ed25519 SSH keypair
+              KEYDIR=$(mktemp -d)
+              ssh-keygen -t ed25519 -f "${KEYDIR}/id_ed25519" -N "" -q
+              PRIVKEY=$(cat "${KEYDIR}/id_ed25519")
+              PUBKEY=$(cat "${KEYDIR}/id_ed25519.pub")
+              rm -rf "${KEYDIR}"
+
+              # Register deploy key via Forgejo API
+              echo "Registering deploy key..."
+              HTTP_CODE=$(curl -sk -o /tmp/response.json -w "%{http_code}" \
+                -X POST "${FORGEJO_URL}/api/v1/repos/${REPO_OWNER}/${REPO_NAME}/keys" \
+                -H "Content-Type: application/json" \
+                -u "${ADMIN_USER}:${ADMIN_PASS}" \
+                -d "{\"title\":\"argocd-deploy-key\",\"key\":\"${PUBKEY}\",\"read_only\":true}")
+
+              if [ "${HTTP_CODE}" = "201" ]; then
+                echo "Deploy key registered successfully"
+              elif [ "${HTTP_CODE}" = "422" ]; then
+                echo "Deploy key already exists in Forgejo (422), continuing"
+              else
+                echo "Failed to register deploy key: HTTP ${HTTP_CODE}"
+                cat /tmp/response.json
+                exit 1
+              fi
+
+              # Create ArgoCD repository secret with insecure flag (skip host key verification)
+              cat <<EOSECRET | kubectl apply -f -
+              apiVersion: v1
+              kind: Secret
+              metadata:
+                name: ${REPO_SECRET}
+                namespace: ${ARGOCD_NS}
+                labels:
+                  argocd.argoproj.io/secret-type: repository
+              stringData:
+                type: git
+                url: "${REPO_URL}"
+                insecure: "true"
+                sshPrivateKey: |
+              $(echo "${PRIVKEY}" | sed 's/^/            /')
+              EOSECRET
+
+              echo "Created ArgoCD repository secret ${REPO_SECRET} in ${ARGOCD_NS}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
--- a/rendered/argocd/production/app-argocd.yaml
+++ b/rendered/argocd/production/app-argocd.yaml
@ -9,12 +9,12 @@ metadata:
  namespace: argocd
 spec:
  destination:
-    name: production
    namespace: argocd
+    server: https://kubernetes.default.svc
  project: env-production
  source:
    path: rendered/envs/production/argocd
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    targetRevision: main
  syncPolicy:
    automated:
--- a/rendered/argocd/production/app-cert-manager.yaml
+++ b/rendered/argocd/production/app-cert-manager.yaml
@ -9,12 +9,12 @@ metadata:
  namespace: argocd
 spec:
  destination:
-    name: production
    namespace: cert-manager
+    server: https://kubernetes.default.svc
  project: env-production
  source:
    path: rendered/envs/production/cert-manager
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    targetRevision: main
  syncPolicy:
    automated:
--- a/rendered/argocd/production/app-forgejo.yaml
+++ b/rendered/argocd/production/app-forgejo.yaml
@ -9,8 +9,8 @@ metadata:
  namespace: argocd
 spec:
  destination:
-    name: production
    namespace: forgejo
+    server: https://kubernetes.default.svc
  project: env-production
  source:
    path: rendered/envs/production/forgejo
--- a/rendered/argocd/production/app-traefik.yaml
+++ b/rendered/argocd/production/app-traefik.yaml
@ -9,12 +9,12 @@ metadata:
  namespace: argocd
 spec:
  destination:
-    name: production
    namespace: traefik
+    server: https://kubernetes.default.svc
  project: env-production
  source:
    path: rendered/envs/production/traefik
-    repoURL: ""
+    repoURL: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    targetRevision: main
  syncPolicy:
    automated:
--- a/rendered/argocd/production/env-production.yaml
+++ b/rendered/argocd/production/env-production.yaml
@ -14,24 +14,9 @@ spec:
    kind: '*'
  destinations:
  - namespace: '*'
-    name: production
+    server: https://kubernetes.default.svc
  namespaceResourceWhitelist:
  - group: '*'
    kind: '*'
  sourceRepos:
  - '*'
---
-apiVersion: v1
-kind: Secret
-metadata:
-  labels:
-    argocd.argoproj.io/secret-type: cluster
-  name: production
-  namespace: argocd
-  annotations:
-    myks.dev/environment: production
-stringData:
-  config: ARGOCD_CLUSTER_CONNECT_CONFIG
-  name: production
-  project: env-production
-  server: ARGOCD_CLUSTER_SERVER_URL
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-application-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-notifications-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/clusterrole-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-application-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-notifications-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/clusterrolebinding-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml
+++ b/rendered/envs/production/argocd/configmap-argo-cd-argocd-redis-health-configmap.yaml
@ -29,7 +29,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: redis
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argocd-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-cm.yaml
@ -4,6 +4,11 @@ data:
  application.instanceLabelKey: argocd.argoproj.io/instance
  application.sync.impersonation.enabled: "false"
  exec.enabled: "false"
+  resource.customizations.ignoreDifferences.all: |
+    managedFieldsManagers:
+      - kube-controller-manager
+    jsonPointers:
+      - /status
  server.rbac.log.enforce.enable: "false"
  statusbadge.enabled: "false"
  timeout.hard.reconciliation: 0s
@ -12,7 +17,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-cmd-params-cm.yaml
@ -41,7 +41,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-gpg-keys-cm.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
--- a/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-notifications-cm.yaml
@ -5,7 +5,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-rbac-cm.yaml
@ -7,7 +7,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-ssh-known-hosts-cm.yaml
@ -18,7 +18,7 @@ data:
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
--- a/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml
+++ b/rendered/envs/production/argocd/configmap-argocd-tls-certs-cm.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/instance: argo-cd
    app.kubernetes.io/managed-by: Helm
--- a/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-applications.argoproj.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app.kubernetes.io/name: applications.argoproj.io
--- a/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-applicationsets.argoproj.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app.kubernetes.io/name: applicationsets.argoproj.io
--- a/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml
+++ b/rendered/envs/production/argocd/customresourcedefinition-appprojects.argoproj.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app.kubernetes.io/name: appprojects.argoproj.io
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-applicationset-controller.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: applicationset-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-dex-server.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: dex-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-notifications-controller.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-redis.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: redis
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-repo-server.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
@ -23,7 +23,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
        checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
      labels:
        app.kubernetes.io/component: repo-server
--- a/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/deployment-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
@ -23,7 +23,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
        checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
      labels:
        app.kubernetes.io/component: server
--- a/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/ingress-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    cert-manager.io/cluster-issuer: letsencrypt
  labels:
    app.kubernetes.io/component: server
--- a/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/job-argo-cd-argocd-redis-secret-init.yaml
@ -2,7 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
  labels:
--- a/rendered/envs/production/argocd/namespace-argocd.yaml
+++ b/rendered/envs/production/argocd/namespace-argocd.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    pod-security.kubernetes.io/enforce: privileged
  name: argocd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-application-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-applicationset-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: applicationset-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-dex-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: dex-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-notifications-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-redis-secret-init.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
  labels:
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-repo-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/role-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-application-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-applicationset-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: applicationset-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-dex-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: dex-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-notifications-controller.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-redis-secret-init.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
  labels:
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-repo-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/rolebinding-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml
+++ b/rendered/envs/production/argocd/secret-argocd-notifications-secret.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/secret-argocd-secret.yaml
+++ b/rendered/envs/production/argocd/secret-argocd-secret.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-applicationset-controller.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: applicationset-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-dex-server.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: dex-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-redis.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: redis
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-repo-server.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml
+++ b/rendered/envs/production/argocd/service-argo-cd-argocd-server.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-redis-secret-init.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: pre-install,pre-upgrade
    helm.sh/hook-delete-policy: before-hook-creation
  labels:
--- a/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argo-cd-argocd-repo-server.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: repo-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-application-controller.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-applicationset-controller.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: applicationset-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-dex-server.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: dex-server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-notifications-controller.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: notifications-controller
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml
+++ b/rendered/envs/production/argocd/serviceaccount-argocd-server.yaml
@ -3,7 +3,7 @@ automountServiceAccountToken: true
 kind: ServiceAccount
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: server
    app.kubernetes.io/instance: argo-cd
--- a/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml
+++ b/rendered/envs/production/argocd/statefulset-argo-cd-argocd-application-controller.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app.kubernetes.io/component: application-controller
    app.kubernetes.io/instance: argo-cd
@ -24,7 +24,7 @@ spec:
  template:
    metadata:
      annotations:
-        checksum/cm: 52c5a2727dab153bcfd45d15790886f8ec029f5dde02ec94a383c60583bcbb2e
+        checksum/cm: 3583210793db8d1abf108262c051079800349bbfb09cb52450b6dd436e4523f1
        checksum/cmd-params: f46fb4747491e33ef19e957952ce838b6507690ddf03e01967ec0b131af9b595
      labels:
        app.kubernetes.io/component: application-controller
--- a/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml
+++ b/rendered/envs/production/cert-manager/clusterissuer-letsencrypt.yaml
@ -2,7 +2,7 @@ apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  name: letsencrypt
  namespace: cert-manager
 spec:
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cainjector.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cainjector
    app.kubernetes.io/component: cainjector
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-cluster-view.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-approve_cert-manager-io.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: cert-manager
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificates.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: cert-manager
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-challenges.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-clusterissuers.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-issuers.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-controller-orders.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-edit.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-view.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml
+++ b/rendered/envs/production/cert-manager/clusterrole-cert-manager-webhook_subjectaccessreviews.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: webhook
    app.kubernetes.io/component: webhook
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-cainjector.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cainjector
    app.kubernetes.io/component: cainjector
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-approve_cert-manager-io.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: cert-manager
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificates.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-certificatesigningrequests.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: cert-manager
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-challenges.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-clusterissuers.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-ingress-shim.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-issuers.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-controller-orders.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml
+++ b/rendered/envs/production/cert-manager/clusterrolebinding-cert-manager-webhook_subjectaccessreviews.yaml
@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: webhook
    app.kubernetes.io/component: webhook
--- a/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-certificaterequests.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-certificates.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-challenges.acme.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-clusterissuers.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-issuers.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml
+++ b/rendered/envs/production/cert-manager/customresourcedefinition-orders.acme.cert-manager.io.yaml
@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/resource-policy: keep
  labels:
    app: cert-manager
--- a/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager-cainjector.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cainjector
    app.kubernetes.io/component: cainjector
--- a/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager-webhook.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: webhook
    app.kubernetes.io/component: webhook
--- a/rendered/envs/production/cert-manager/deployment-cert-manager.yaml
+++ b/rendered/envs/production/cert-manager/deployment-cert-manager.yaml
@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
  labels:
    app: cert-manager
    app.kubernetes.io/component: controller
--- a/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml
+++ b/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml
@ -2,7 +2,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
  annotations:
-    a8r.io/repository: ""
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "1"
--- a/Show more
+++ b/Show more