add ASO install

config/aso/credentials.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aso-controller-settings
+type: Opaque
+data:
+  AZURE_SUBSCRIPTION_ID: ${AZURE_SUBSCRIPTION_ID_B64:=""}
+  AZURE_TENANT_ID: ${AZURE_TENANT_ID_B64:=""}
+  AZURE_CLIENT_ID: ${AZURE_CLIENT_ID_B64:=""}
+  AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET_B64:=""}

config/aso/kustomization.yaml

@@ -0,0 +1,53 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+namespace: capz-system
+resources:
+- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_v2.0.0.yaml
+- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_customresourcedefinitions_v2.0.0.yaml
+- credentials.yaml
+
+patches:
+  - patch: |- # default kustomization includes a namespace already
+      $patch: delete
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: capz-system
+  - patch: |- # CAPZ will manage ASO's CRDs
+      - op: test
+        path: /spec/template/spec/containers/0/args/4
+        value: --crd-pattern=*
+      - op: remove
+        path: /spec/template/spec/containers/0/args/4
+    target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: azureserviceoperator-controller-manager
+
+replacements:
+  - source:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: azureserviceoperator-serving-cert
+      fieldPath: metadata.namespace
+    targets:
+      - select:
+          version: v1
+        fieldPaths:
+          - metadata.annotations.cert-manager\.io/inject-ca-from
+        options:
+          delimiter: /
+          index: 0
+      - select:
+          group: cert-manager.io
+          version: v1
+          kind: Certificate
+          name: azureserviceoperator-serving-cert
+        fieldPaths:
+          - spec.dnsNames.0
+          - spec.dnsNames.1
+        options:
+          delimiter: .
+          index: 1

config/capz/kustomization.yaml

@@ -0,0 +1,53 @@
+namespace: capz-system
+
+namePrefix: capz-
+
+resources:
+  - namespace.yaml
+  - credentials.yaml
+  - aad-pod-identity-deployment.yaml  
+
+bases:
+  - ../crd
+  - ../rbac
+  - ../manager
+  - ../webhook
+  - ../certmanager
+
+patchesStrategicMerge:
+  - manager_image_patch.yaml
+  - manager_pull_policy.yaml
+  - manager_credentials_patch.yaml
+  - manager_webhook_patch.yaml
+  - webhookcainjection_patch.yaml
+
+vars:
+  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: serving-cert # this name should match the one in certificate.yaml
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: CERTIFICATE_NAME
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1
+      name: serving-cert # this name should match the one in certificate.yaml
+  - name: SERVICE_NAMESPACE # namespace of the service
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: SERVICE_NAME
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+
+configurations:
+  - kustomizeconfig.yaml

config/default/kustomization.yaml

@@ -1,57 +1,6 @@
-namespace: capz-system
-
-namePrefix: capz-
-
 # Labels to add to all resources and selectors.
 commonLabels:
   cluster.x-k8s.io/provider: "infrastructure-azure"
 
 resources:
-  - namespace.yaml
-  - credentials.yaml
-  - aad-pod-identity-deployment.yaml  
-
-bases:
-  - ../crd
-  - ../rbac
-  - ../manager
-  - ../webhook
-  - ../certmanager
-
-patchesStrategicMerge:
-  - manager_image_patch.yaml
-  - manager_pull_policy.yaml
-  - manager_credentials_patch.yaml
-  - manager_webhook_patch.yaml
-  - webhookcainjection_patch.yaml
-
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-
-configurations:
-  - kustomizeconfig.yaml
+  - ../capz