feat(kite): add bridge operator manifests

components/konflux-kite/base/kustomization.yaml

@@ -2,11 +2,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  # All
   - ns.yaml
-  - rbac.yaml
-  - deployment.yaml
-  - service.yaml
-  - routes.yaml
+  # Backend
+  - backend/rbac.yaml
+  - backend/deployment.yaml
+  - backend/service.yaml
+  - backend/routes.yaml
+  # Operator
+  - operator/service-account.yaml
+  - operator/role.yaml
+  - operator/role-binding.yaml
+  - operator/cluster-role.yaml
+  - operator/cluster-role-binding.yaml
+  - operator/manager.yaml
 
 namespace: konflux-kite
 
@@ -17,6 +26,14 @@ images:
   - name: quay.io/konflux-ci/kite-init
     newTag: b25314f9c17124eed9dd1a1f7f243e6f88071010
 
+  - name: quay.io/konflux-ci/kite-operator
+    newTag: b93ea4b
+
+commonLabels:
+  app.kubernetes.io/name: konflux-kite
+  app.kubernetes.io/part-of: kite
+  app.kubernetes.io/version: v0.0.1
+
 configMapGenerator:
   - name: kite-config
     namespace: konflux-kite

components/konflux-kite/base/operator/cluster-role-binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: operator
+  name: kite-bridge-operator-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kite-bridge-operator-manager-role
+subjects:
+- kind: ServiceAccount
+  name: kite-bridge-operator-controller-manager
+  namespace: konflux-kite

components/konflux-kite/base/operator/cluster-role.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kite-bridge-operator-manager-role
+rules:
+- apiGroups:
+  - tekton.dev
+  resources:
+  - pipelineruns
+  verbs:
+  - get
+  - list
+  - watch

components/konflux-kite/base/operator/manager.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: operator
+    control-plane: controller-manager
+  name: kite-bridge-operator-controller-manager
+  namespace: konflux-kite
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: operator
+      control-plane: controller-manager
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        app.kubernetes.io/name: operator
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --leader-elect
+        - --health-probe-bind-address=:8081
+        command:
+        - /manager
+        env:
+        # Use service discovery via DNS to automatically resolve within the cluster
+        - name: KITE_API_URL
+          value: "http://konflux-kite"
+        image: quay.io/konflux-ci/kite-operator:latest
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        ports: []
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts: []
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: kite-bridge-operator-controller-manager
+      terminationGracePeriodSeconds: 10
+      volumes: []

components/konflux-kite/base/operator/role-binding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: operator
+  name: kite-bridge-operator-leader-election-rolebinding
+  namespace: konflux-kite
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kite-bridge-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: kite-bridge-operator-controller-manager
+  namespace: konflux-kite

components/konflux-kite/base/operator/role.yaml

@@ -0,0 +1,42 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: operator
+  name: kite-bridge-operator-leader-election-role
+  namespace: konflux-kite
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+

components/konflux-kite/base/operator/service-account.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: operator
+  name: kite-bridge-operator-controller-manager
+  namespace: konflux-kite