[P1BIGROCKS-2214](https://jira.il2.dso.mil/browse/P1BIGROCKS-2214) As a user of BigBang, I would like a consistent, safe set of objects that define how a tenant should be able to run applications in my cluster: * ImagePullSecret * NetworkPolicies * Gatekeeper Policies * ServiceAccounts * VirtualServices * Namespace labels (istio injection) * HelmRelease for Application Chart deployment * Kustomize for Application manifests * LimitRanges and Resource Quotas * Authorization Policies * Peer Authentication * etc @adam.toy @brian.rexrode Do you have other objects you would provide to all tenants? # Format Some GitOps for applications are managed exclusively via `Kustomizations` while others could be managed by `HelmRelease`. Since we can't have a Kustomize wait for a HelmRelease to be complete via `dependsOn` we need to think about how different teams would use this. ## Kustomize: * This repo could be a remote Kustomize base in the app repo, or managed by a Flux `Kustomization` and overlayed with app specific values (e.g. virtualService hostname) ## Helm * Cluster Bootstrap repo could create new HelmRelease objects for each App team when onboarding and overlay the approved configurations for the app (e.g. hostname). * Allows for shared secret that could be used to inject ImagePullSecrets or other HelmValues unique to the cluster