Create ready-to-install kustomizations

As described in #729, there is a desire to install kro
with a plain kubectl apply (or kustomize)

This commit is the first step to achieve this goal.

It enables installing kro with and without prometheus metrics
directly with kubectl.

The simplest way to achieve the whole experience is to
upload the generated manifests to the github release.

Alternatively, there can be an automation to update the manifests
as part of the release process.

Manifests are generated with

```
kubectl kustomize  ./manifests/core-install/
kubectl kustomize  ./manifests/core-install-with-metrics
```

Author: tjamet

config/default/deployment_image_patch.yaml

@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kro
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+        app.kubernetes.io/instance: kro
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/version: "0.4.1"
+        app.kubernetes.io/managed-by: kustomize
+        app.kubernetes.io/instance: kro

config/default/kustomization.yaml

@@ -30,7 +30,17 @@ patches:
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- path: manager_auth_proxy_patch.yaml
+- path: deployment_image_patch.yaml
+
+images:
+- name: ghcr.io/kro-run/kro/controller
+  newName: ghcr.io/kro-run/kro/controller
+  newTag: "0.4.1"
+
+commonLabels:
+  app.kubernetes.io/version: "0.4.1"
+  app.kubernetes.io/managed-by: kustomize
+  app.kubernetes.io/instance: kro
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml

config/default/manager_auth_proxy_patch.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kro-metrics
+  namespace: default
+spec:
+  selector:
+    app.kubernetes.io/instance: kro

config/default/manager_config_patch.yaml

@@ -1,2 +1,3 @@
 resources:
 - manager.yaml
+- namespace.yaml

config/default/service_monitor_patch.yaml

@@ -1,102 +1,105 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: namespace
-    app.kubernetes.io/instance: system
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: kro
-    app.kubernetes.io/part-of: kro
-    app.kubernetes.io/managed-by: kustomize
-  name: system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: kro
+  namespace: default
   labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: deployment
-    app.kubernetes.io/instance: controller-manager
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: kro
+    app.kubernetes.io/instance: kro
+    app.kubernetes.io/component: controller
     app.kubernetes.io/part-of: kro
-    app.kubernetes.io/managed-by: kustomize
 spec:
+  replicas: 1
   selector:
     matchLabels:
-      control-plane: controller-manager
-  replicas: 1
+      app.kubernetes.io/name: kro
+      app.kubernetes.io/component: controller
   template:
     metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
       labels:
-        control-plane: controller-manager
+        app.kubernetes.io/name: kro
+        app.kubernetes.io/component: controller
+        app.kubernetes.io/part-of: kro
     spec:
-      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
-      # according to the platforms which are supported by your solution.
-      # It is considered best practice to support multiple architectures. You can
-      # build your manager image using the makefile target docker-buildx.
-      # affinity:
-      #   nodeAffinity:
-      #     requiredDuringSchedulingIgnoredDuringExecution:
-      #       nodeSelectorTerms:
-      #         - matchExpressions:
-      #           - key: kubernetes.io/arch
-      #             operator: In
-      #             values:
-      #               - amd64
-      #               - arm64
-      #               - ppc64le
-      #               - s390x
-      #           - key: kubernetes.io/os
-      #             operator: In
-      #             values:
-      #               - linux
+      serviceAccountName: kro
       securityContext:
-        runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
-      - command:
-        - /manager
-        args:
-        - --leader-elect
-        image: controller:latest
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - "ALL"
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
-      serviceAccountName: controller-manager
-      terminationGracePeriodSeconds: 10
+        - name: kro
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            privileged: false
+            runAsNonRoot: true
+            runAsUser: 1000
+          image: "ghcr.io/kro-run/kro/controller:latest"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: metricsport
+              containerPort: 8078
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 1024Mi
+            requests:
+              cpu: 256m
+              memory: 128Mi
+          env:
+            - name: KRO_METRICS_BIND_ADDRESS
+              value: ":8078"
+            - name: KRO_HEALTH_PROBE_BIND_ADDRESS
+              value: ":8079"
+            - name: KRO_RESOURCE_GROUP_CONCURRENT_RECONCILES
+              value: "1"
+            - name: KRO_DYNAMIC_CONTROLLER_CONCURRENT_RECONCILES
+              value: "1"
+            - name: KRO_LOG_LEVEL
+              value: "3"
+            - name: KRO_DYNAMIC_CONTROLLER_DEFAULT_RESYNC_PERIOD
+              value: "36000"
+            - name: KRO_DYNAMIC_CONTROLLER_DEFAULT_QUEUE_MAX_RETRIES
+              value: "20"
+            - name: KRO_GRACEFUL_SHUTDOWN_TIMEOUT
+              value: "60s"
+            - name: KRO_CLIENT_QPS
+              value: "100"
+            - name: KRO_CLIENT_BURST
+              value: "150"
+          args:
+            - --metrics-bind-address
+            - "$(KRO_METRICS_BIND_ADDRESS)"
+            - --health-probe-bind-address
+            - "$(KRO_HEALTH_PROBE_BIND_ADDRESS)"
+            - --resource-graph-definition-concurrent-reconciles
+            - "$(KRO_RESOURCE_GROUP_CONCURRENT_RECONCILES)"
+            - --dynamic-controller-concurrent-reconciles
+            - "$(KRO_DYNAMIC_CONTROLLER_CONCURRENT_RECONCILES)"
+            - --log-level
+            - "$(KRO_LOG_LEVEL)"
+            - --graceful-shutdown-timeout
+            - "$(KRO_GRACEFUL_SHUTDOWN_TIMEOUT)"
+            - --dynamic-controller-default-resync-period
+            - "$(KRO_DYNAMIC_CONTROLLER_DEFAULT_RESYNC_PERIOD)"
+            - --dynamic-controller-default-queue-max-retries
+            - "$(KRO_DYNAMIC_CONTROLLER_DEFAULT_QUEUE_MAX_RETRIES)"
+            - --client-qps
+            - "$(KRO_CLIENT_QPS)"
+            - --client-burst
+            - "$(KRO_CLIENT_BURST)"
+            - --leader-elect
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8079
+            initialDelaySeconds: 15
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8079
+            initialDelaySeconds: 10
+            periodSeconds: 10
+      nodeSelector:
+        kubernetes.io/os: linux

config/manager/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/name: kro
+    app.kubernetes.io/part-of: kro
+  name: kro

config/manager/manager.yaml

@@ -1,2 +1,3 @@
 resources:
 - monitor.yaml
+- service.yaml

config/manager/namespace.yaml

@@ -1,25 +1,23 @@
-# Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
+  name: kro
+  namespace: default
   labels:
-    control-plane: controller-manager
-    app.kubernetes.io/name: servicemonitor
-    app.kubernetes.io/instance: controller-manager-metrics-monitor
+    app.kubernetes.io/instance: kro
     app.kubernetes.io/component: metrics
-    app.kubernetes.io/created-by: kro
     app.kubernetes.io/part-of: kro
-    app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-monitor
-  namespace: system
 spec:
-  endpoints:
-    - path: /metrics
-      port: https
-      scheme: https
-      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-      tlsConfig:
-        insecureSkipVerify: true
+  jobLabel: kro
+  namespaceSelector:
+    matchNames:
+      - default
   selector:
     matchLabels:
-      control-plane: controller-manager
+      app.kubernetes.io/name: kro
+      app.kubernetes.io/instance: kro
+  endpoints:
+    - port: metrics
+      path: /metrics
+      interval: 1m
+      scrapeTimeout: 10s