container lifecycle management

deploy/k8s/base/kustomization.yaml

@@ -1,5 +1,26 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-resources: []
-  # ingress.yaml - removed until we have services to expose
+resources:
+  # Core initialization (runtime classes)
+  - init.yaml
+  # Namespace definitions with PodSecurity labels
+  - namespaces.yaml
+  # RBAC for gateway to create agents (creation only)
+  - gateway-rbac.yaml
+  # RBAC for lifecycle sidecar (self-deletion)
+  - lifecycle-sidecar-rbac.yaml
+  # Admission policies (image restriction, security requirements)
+  - admission-policy.yaml
+  # Resource quotas and limits for agents namespace
+  - agent-quotas.yaml
+  # Network isolation policies
+  - network-policies.yaml
+  # Gateway service (uncomment when ready)
+  # - gateway.yaml
+  # Example agent deployment (for reference, not applied by default)
+  # - agent-deployment-example.yaml
+  # Services (uncomment as needed)
+  # - backend.yaml
+  # - web.yaml
+  # - ingress.yaml