Create Kustomization manifests (#28)

### Overview

We need to create new Kustomize manifests that can be used to deploy the
Datum APIServer and Datum Controller manager components so that these
components can be used by the community to deploy the software and by
our FluxCD pipeline.

### Acceptance Criteria

- Two new kustomize programs should be created in the repo to support
deploying the API Server and the controller manager
- Flux is used to published the kustomize manifests to an OCI repository
with the same tagging conventions used by the container image used for
the operator binary.
- Kustomize folder structure is documented in the repo. 

### Potential Folder Structure 

I'd recommend we organize the repo to support kustomize manifests by
using the following folder structure:

```shell
config
├── apiserver
│   └── kustomization.yaml
└── controller-manager
    └── kustomization.yaml
```


### Note

The Kustomize manifests we expose in this repo should only be ones that
are used to deploy the application in a way that can also be used by the
open source community. Any additional manifests (e.g. kubeconfig) that
we use to deploy the operator in our own specific way should be kept in
datum-infra.

Author: OscarLlamas6

.github/workflows/publish.yaml

@@ -0,0 +1,25 @@
+name: Publish Artifacts
+
+on:
+  push:
+  release:
+    types: ['published']
+
+jobs:
+  publish-kustomize-bundles:
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        bundles:
+          - name: ghcr.io/datum-cloud/apiserver
+            path: config/apiserver
+          - name: ghcr.io/datum-cloud/controller-manager
+            path: config/controller-manager
+    uses: datum-cloud/actions/.github/workflows/publish-kustomize-bundle.yaml@v1.1.0
+    with:
+      bundle-name: ${{ matrix.bundles.name }}
+      bundle-path: ${{ matrix.bundles.path }}
+    secrets: inherit

config/apiserver/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: datum-apiserver
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: datum-apiserver
+      app.kubernetes.io/part-of: datum-control-plane
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: datum-apiserver
+        app.kubernetes.io/part-of: datum-control-plane
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        image: us-east4-docker.pkg.dev/datum-cloud-prod/datum-internal-images/datum-apiserver:v0.0.1-v1alpha12-amd64
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 15
+        name: datum-apiserver
+        ports:
+        - containerPort: 6443
+          name: https
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /readyz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 15
+        resources: {}
+        startupProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /livez
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 15
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30

config/apiserver/httpproxy.yaml

@@ -0,0 +1,20 @@
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  name: datum-apiserver
+  labels:
+    app: datum-apiserver
+spec:
+  ingressClassName: contour
+  routes:
+  - conditions:
+    - prefix: /apis/resourcemanager.datumapis.com/v1alpha/projects/
+    pathRewritePolicy:
+      replacePrefix:
+      - replacement: /
+    services:
+    - name: datum-apiserver
+      port: 6443
+      protocol: tls
+    timeoutPolicy:
+      response: infinity

config/apiserver/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml
+  - httpproxy.yaml

config/apiserver/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: datum-apiserver
+  labels:
+    app: datum-apiserver
+spec:
+  type: ClusterIP
+  selector:
+    app: datum-apiserver
+  ports:
+  - name: https
+    port: 6443
+    protocol: TCP
+    targetPort: https

config/controller-manager/deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: datum-controller-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: datum-controller-manager
+      app.kubernetes.io/part-of: datum-control-plane
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: datum-controller-manager
+        app.kubernetes.io/part-of: datum-control-plane
+    spec:
+      automountServiceAccountToken: false
+      containers:
+      - name: datum-controller-manager
+        image: us-east4-docker.pkg.dev/datum-cloud-prod/datum-internal-images/datum-controller-manager:v0.0.1-v1alpha2-amd64
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 6443
+          name: https
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+        startupProbe:
+          httpGet:
+            path: /healthz
+            port: https
+            scheme: HTTPS
+          initialDelaySeconds: 10
+          periodSeconds: 10
+      restartPolicy: Always

config/controller-manager/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml

docs/README.md

@@ -0,0 +1,75 @@
+# Kustomize Manifests for Datum APIServer and Controller Manager
+
+## Overview
+This repository provides Kustomize manifests to deploy the Datum APIServer and Datum Controller Manager components. These manifests are structured for ease of use by the community and integration with FluxCD pipelines.
+
+## Repository Structure
+```
+config
+├── api-server
+│   ├── deployment.yaml
+│   ├── httpproxy.yaml
+│   ├── kustomization.yaml
+│   ├── service.yaml
+├── controller-manager
+│   ├── deployment.yaml
+│   ├── kustomization.yaml
+docs
+```
+
+### API Server
+The `api-server` folder contains the Kustomize manifests required to deploy the Datum APIServer, including:
+- **deployment.yaml**: Defines the Kubernetes Deployment for the API Server.
+- **httpproxy.yaml**: Configuration for HTTP routing (if applicable).
+- **kustomization.yaml**: Kustomize configuration for managing API Server resources.
+- **service.yaml**: Defines the Kubernetes Service for the API Server.
+
+### Controller Manager
+The `controller-manager` folder contains the Kustomize manifests required to deploy the Datum Controller Manager, including:
+- **deployment.yaml**: Defines the Kubernetes Deployment for the Controller Manager.
+- **kustomization.yaml**: Kustomize configuration for managing Controller Manager resources.
+
+## Pushing Manifests using Flux CLI
+We utilize `flux push artifact` to publish Kustomize manifests to an OCI repository.
+
+### Example Workflow
+To push the manifests to an OCI registry, use the following command:
+```sh
+flux push artifact oci://ghcr.io/your-org/datum-kustomize:latest \
+  --path=./config --source=your-repository-url
+```
+
+## GitHub Actions Integration
+A GitHub Action is set up to automatically push these manifests upon changes. The workflow is defined as follows:
+
+```yaml
+name: Publish Kustomize Manifests
+
+on:
+  push:
+    branches:
+      - main
+  release:
+    types: [published]
+
+jobs:
+  push-kustomize:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+      
+      - name: Install Flux CLI
+        run: |
+          curl -s https://fluxcd.io/install.sh | sudo bash
+      
+      - name: Push Manifests
+        run: |
+          flux push artifact oci://ghcr.io/your-org/datum-kustomize:latest \
+            --path=./config --source=\$(git remote get-url origin)
+```
+
+This ensures that any updates to the `config` directory are automatically pushed to the OCI registry.
+
+This setup enables both community users and internal automation (e.g., FluxCD) to deploy the Datum APIServer and Controller Manager efficiently.
+