feat: add Kustomize manifests for Kubernetes deployment

[Copilot]

Adds Kustomize-based Kubernetes deployment manifests for crd-wizard. Container images are now available at ghcr.io/pehlicd/crd-wizard, enabling in-cluster deployment.

Changes

Kubernetes manifests (deploy/base/):

• Namespace, ServiceAccount, and ClusterRole/Binding for RBAC
• Deployment with security hardening (non-root, read-only rootfs, dropped capabilities)
• ClusterIP Service exposing port 80
• Kustomization config with labels and image references

RBAC permissions:

• Read-only access (get, list, watch) to CRDs, all custom resources, and events
• Wildcard API group access required for dynamic CRD discovery

Documentation:

• Deploy instructions in main README
• Comprehensive deployment guide in deploy/README.md covering customization, ingress, and version pinning

Usage

git clone https://github.com/pehlicd/crd-wizard.git
cd crd-wizard
kubectl apply -k deploy/base
kubectl port-forward -n crd-wizard service/crd-wizard 8080:80

Overlay support enables version pinning, resource tuning, and ingress configuration without modifying base manifests.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>feat: add kubernetes deployment manifests</issue_title>
<issue_description>Container images for crd-wizard is finally available. It would be super cool if we could have kustomize resources for kubernetes deployment.</issue_description>

Comments on the Issue (you are @copilot in this section)

@pehlicd Hey @kquinsland, are you still interested on contributing on this topic 🙂 @pehlicd > > Hey [@kquinsland](https://github.com/kquinsland), are you still interested on contributing on this topic 🙂 > > I've got the basics + linting in place. > Can PR but wanted to ask you about a few things: > > - Is there an endpoint I can use for a `readinessProbe` > - Does this need any external network connections? By default `NetworkPolicy` allows all ingress, the implementation that I have now denies all egress. >

Unfortunately there is no health endpoint right now but i should definitely add it.

Regarding the other question, crd-wizard doesn't communicate with any other network. It basically lives in the cluster.

I hope it answers your questions, please let me know if any further questions pop up.</comment_new>
<comment_new>@pehlicd

Thought so. I was shaping things up to support multiple configurations (that's the whole point of kustomize, after all!) so i've got two right now: one with network policy and one without.

I would say lets keep as simple as possible. Once we had the scaffold then we can build on top of that.</comment_new>

• Fixes feat: add kubernetes deployment manifests #65

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.