eitco
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 1 deletion b/‎.gitignore‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎Dockerfile‎
Lines changed: 6 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎Makefile‎
Lines changed: 2 additions & 2 deletions b/‎Makefile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/v1alpha1/cdk8sappproxy_types.go‎
Lines changed: 11 additions & 5 deletions b/‎api/v1alpha1/cdk8sappproxy_types.go‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎api/v1alpha1/cdk8sappproxy_webook.go‎
Lines changed: 0 additions & 8 deletions b/‎api/v1alpha1/cdk8sappproxy_webook.go‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 1 addition & 7 deletions b/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎config/crd/bases/addons.cluster.x-k8s.io_cdk8sappproxies.yaml‎
Lines changed: 10 additions & 4 deletions b/‎config/crd/bases/addons.cluster.x-k8s.io_cdk8sappproxies.yaml‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎config/default/manager_image_patch.yaml‎
Lines changed: 1 addition & 1 deletion b/‎config/default/manager_image_patch.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/default/manager_image_patch.yaml-e‎
Lines changed: 1 addition & 1 deletion b/‎config/default/manager_image_patch.yaml-e‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/default/manager_pull_policy.yaml‎
Lines changed: 1 addition & 1 deletion b/‎config/default/manager_pull_policy.yaml‎
Lines changed: 1 addition & 1 deletion
@@ -40,4 +40,7 @@ _artifacts
 tmp/
 
 # Release Files
-out/
+out/
+
+*-cdk8sappproxy.yaml
+hack/ssh_known_hosts
@@ -50,6 +50,9 @@ RUN --mount=type=secret,id=netrc,required=false,target=/root/.netrc \
 # Copy the sources
 COPY ./ ./
 
+# Known Hosts
+RUN ./hack/update-ssh-known-hosts.sh
+
 # Cache the go build into the Go’s compiler cache folder so we take benefits of compiler caching across docker build calls
 RUN --mount=type=secret,id=netrc,required=false,target=/root/.netrc \
     --mount=type=cache,target=/root/.cache/go-build \
@@ -77,8 +80,8 @@ ARG ARCH
 # Set shell with pipefail option for better error handling
 SHELL ["/bin/sh", "-o", "pipefail", "-c"]
 
-RUN apk add --no-cache ca-certificates=20250619-r0 curl=8.12.1-r0 nodejs=20.15.1-r0 npm=10.9.1-r0 \
-    && npm install -g cdk8s-cli@2.200.152 \
+RUN apk add --no-cache ca-certificates=20250911-r0 curl=8.14.1-r2 nodejs=22.16.0-r2 npm=11.3.0-r1 \
+    && npm install -g cdk8s-cli@2.202.3 \
     && curl -fsSL -o go1.25.0.linux-${ARCH}.tar.gz https://go.dev/dl/go1.25.0.linux-${ARCH}.tar.gz \
     && tar -C /usr/local -xzf go1.25.0.linux-${ARCH}.tar.gz \
     && rm go1.25.0.linux-${ARCH}.tar.gz \
@@ -90,6 +93,7 @@ ENV GOROOT=/usr/local/go
 
 WORKDIR /
 COPY --from=builder /workspace/manager .
+COPY --from=builder /workspace/hack/ssh_known_hosts /etc/ssh/ssh_known_hosts
 
 # Create non-root user
 RUN adduser -u 65532 -D -h /home/nonroot -s /bin/sh nonroot
 
@@ -44,7 +44,7 @@ export GO111MODULE=on
 
 DOCKERFILE_CONTAINER_IMAGE ?= docker.io/docker/dockerfile:1.4
 DEPLOYMENT_BASE_IMAGE ?= alpine
-DEPLOYMENT_BASE_IMAGE_TAG ?= 3.20
+DEPLOYMENT_BASE_IMAGE_TAG ?= 3.22.2
 BUILD_CONTAINER_ADDITIONAL_ARGS ?=
 
 #
@@ -220,7 +220,7 @@ CAPI_KIND_CLUSTER_NAME ?= capi-test
 # It is set by Prow GIT_TAG, a git-based tag of the form vYYYYMMDD-hash, e.g., v20210120-v0.3.10-308-gc61521971
 
 #TAG ?= dev
-TAG ?= v1.0.0-alpha.8
+TAG ?= v1.0.0-alpha.9-28
 ARCH ?= $(shell go env GOARCH)
 ALL_ARCH = amd64 arm64 #ppc64le s390 arm
 
 
@@ -24,22 +24,28 @@ import (
 // GitRepositorySpec defines the desired state of a Git repository source.
 type GitRepositorySpec struct {
 	// URL is the git repository URL.
+	// If the Repository is private,
+	// the URL needs to be provided in the form of '[email protected]:...'
 	// +kubebuilder:validation:Required
 	URL string `json:"url"`
 
 	// Reference is the git reference (branch, tag, or commit).
 	// +kubebuilder:validation:Required
 	Reference string `json:"reference"`
 
-	// ReferencePollInterval polls the defined git repository for changes.
-	// Defaults to 5 min.
-	// +kubebuilder:validation:optional
-	ReferencePollInterval *metav1.Duration `json:"referencePollInterval,omitempty"`
-
 	// Path is the path within the repository where the cdk8s application is located.
 	// Defaults to the root of the repository.
 	// +kubebuilder:validation:Required
 	Path string `json:"path"`
+
+	// SecretRef references to a secret with the 
+	// needed token, used to pull from a private repository.
+	// +kubebuilder:validation:optional
+	SecretRef string `json:"secretRef,omitempty"`
+
+	// SecretKey is the key within the SecretRef secret.
+	// +kubebuilder:validation:optional
+	SecretKey string `json:"secretKey,omitempty"`
 }
 
 // Cdk8sAppProxySpec defines the desired state of Cdk8sAppProxy.
 
@@ -18,9 +18,7 @@ package v1alpha1
 
 import (
 	"fmt"
-	"time"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -51,12 +49,6 @@ func (c *Cdk8sAppProxy) Default() {
 		c.Spec.GitRepository.Reference = "main"
 	}
 
-	if c.Spec.GitRepository != nil && c.Spec.GitRepository.ReferencePollInterval == nil {
-		c.Spec.GitRepository.ReferencePollInterval = &metav1.Duration{
-			Duration: 5 * time.Minute,
-		}
-	}
-
 	// Set the default path if not specified
 	if c.Spec.GitRepository != nil && c.Spec.GitRepository.Path == "" {
 		c.Spec.GitRepository.Path = "."
 
@@ -114,13 +114,19 @@ spec:
                   reference:
                     description: Reference is the git reference (branch, tag, or commit).
                     type: string
-                  referencePollInterval:
+                  secretKey:
+                    description: SecretKey is the key within the SecretRef secret.
+                    type: string
+                  secretRef:
                     description: |-
-                      ReferencePollInterval polls the defined git repository for changes.
-                      Defaults to 5 min.
+                      SecretRef references to a secret with the
+                      needed token, used to pull from a private repository.
                     type: string
                   url:
-                    description: URL is the git repository URL.
+                    description: |-
+                      URL is the git repository URL.
+                      If the Repository is private,
+                      the URL needs to be provided in the form of '[email protected]:...'
                     type: string
                 required:
                 - path
 
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/eitco/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v1.0.0-alpha.8
+      - image: ghcr.io/eitco/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v1.0.0-alpha.9-28
         name: manager
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/eitco/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller-arm64:v1.0.0-alpha.8
+      - image: ghcr.io/eitco/cluster-api-addon-provider-cdk8s/cluster-api-cdk8s-controller:v1.0.0-alpha.9-28
         name: manager
@@ -8,4 +8,4 @@ spec:
     spec:
       containers:
       - name: manager
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent