Skip to content

⚠ Split Helm chart into operator and providers charts #832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

⚠ Split Helm chart into operator and providers charts #832

wants to merge 5 commits into from
+630 −205

Conversation

kahirokunn
Copy link
Member

@kahirokunn kahirokunn commented Jun 19, 2025
edited
Loading

Fixes: #534

What type of PR is this?

/kind bug

What this PR does / why we need it:

This PR fixes the flaky Helm installation issue where provider Custom Resources fail to install due to webhook validation errors. The root cause is that provider CRs are being applied at the same time as the operator deployment, before the webhook service is ready.

Problem:
When installing the cluster-api-operator Helm chart, users frequently encounter errors like:

Error: failed post-install: warning: Hook post-install cluster-api-operator/templates/core-conditions.yaml failed: 1 error occurred:
        * Internal error occurred: failed calling webhook "vcoreprovider.kb.io": failed to call webhook: Post "https://capi-operator-webhook-service.cluster-api-operator-docker.svc:443/mutate-operator-cluster-x-k8s-io-v1alpha2-coreprovider?timeout=10s": no endpoints available for service "capi-operator-webhook-service"

Solution:
Split the Helm chart into two separate charts:

  1. cluster-api-operator - Contains only the operator deployment and its resources
  2. cluster-api-operator-providers - Contains all provider Custom Resources

This ensures the operator is fully running before any provider CRs are applied.

Which issue(s) this PR fixes:

Fixes #[issue-number]

Special notes for your reviewer:

The installation process now requires two steps:

# 1. Install the operator
helm install capi-operator ./cluster-api-operator --namespace capi-operator-system --create-namespace

# 2. Wait for operator to be ready
kubectl wait --for=condition=ready pod -l app=capi-operator -n capi-operator-system --timeout=300s

# 3. Install provider CRs
helm install capi-providers ./cluster-api-operator-providers --namespace capi-operator-system

Release note:

BREAKING CHANGE: The cluster-api-operator Helm chart has been split into two charts to fix webhook validation errors during installation. Users must now install `cluster-api-operator` first, wait for it to be ready, then install `cluster-api-operator-providers`.

Release Strategy and Migration Plan

To minimize the impact on existing users, we propose a phased rollout approach:

Phase 1: Introduce the new chart (Current PR)

  • Release only the new cluster-api-operator-providers chart
  • Keep the existing cluster-api-operator chart unchanged for backward compatibility
  • Users can opt-in to the new architecture when ready

Phase 2: Migration period (Future release)

  • Add deprecation warnings to the existing chart
  • Provide comprehensive migration documentation
  • Announce the breaking change timeline in release notes

Phase 3: Breaking change implementation (Future major release)

  • Remove provider CR templates from the original cluster-api-operator chart
  • Make the two-chart installation the standard approach
  • Provide automated migration tools where possible

This strategy allows users to migrate at their own pace while ensuring the webhook validation issue is resolved for new installations immediately.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Jun 19, 2025
@netlify Netlify
Copy link

netlify bot commented Jun 19, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-cluster-api-operator ready!

Name Link
🔨 Latest commit 18080c7
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-sigs-cluster-api-operator/deploys/685a469bd9f4aa0008729943
😎 Deploy Preview https://deploy-preview-832--kubernetes-sigs-cluster-api-operator.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 19, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign alexander-demicev for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 19, 2025
@kahirokunn kahirokunn changed the title fix: split provider CRs from operator deployment 🐛 Fix flaky Helm installations by separating provider CRs from operator deployment Jun 19, 2025
@kahirokunn kahirokunn marked this pull request as draft June 19, 2025 07:37
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 19, 2025
@kahirokunn kahirokunn marked this pull request as ready for review June 19, 2025 07:41
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 19, 2025
@kahirokunn kahirokunn marked this pull request as draft June 19, 2025 09:03
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 19, 2025
@kahirokunn kahirokunn marked this pull request as ready for review June 19, 2025 15:47
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 19, 2025
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 20, 2025
@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch 9 times, most recently from 2ee1de5 to 51174e4 Compare June 20, 2025 05:35
@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch 5 times, most recently from 996a078 to 097ce06 Compare June 21, 2025 07:20
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jun 21, 2025
@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch 7 times, most recently from 1dbedc6 to 5725787 Compare June 21, 2025 15:04
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Jun 21, 2025
@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch 3 times, most recently from e4c4127 to ea36d6e Compare June 21, 2025 16:15
@kahirokunn
Copy link
Member Author

Hi @dtzar and @furkatgofurov7,

When you have a moment, could you please review ?

This update splits the chart into operator and provider components, ensuring the operator’s webhook is fully ready before provider CRs are applied. As a result, the no endpoints available for service "capi-operator-webhook-service" validation error has been resolved.

Also, since this PR would result in a breaking change, I think it would be best to either create a new helm chart and gradually migrate to it, or continue to use both. I would appreciate your feedback on this as well.

Thank you for your time and feedback.

Best regards,
@kahirokunn

@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch from ea36d6e to cb5a66d Compare June 21, 2025 16:18
@kahirokunn
⚠ Split Helm chart into operator and providers charts
0c30552 
Separate cluster-api-operator into two charts to fix webhook timing issues:
- cluster-api-operator: operator deployment only
- cluster-api-operator-providers: provider Custom Resources

This ensures webhook readiness before applying provider CRs, preventing
"no endpoints available" errors during installation.

Breaking: Requires two-step installation:

```sh
helm install capi-operator capi-operator/cluster-api-operator \
  --create-namespace -n capi-operator-system --wait

helm install capi-providers capi-operator/cluster-api-operator-providers \
  -n capi-operator-system --set infrastructure.docker.enabled=true
```

Signed-off-by: kahirokunn <[email protected]>
@kahirokunn
🌱 Remove unused enableHelmHook feature from Helm chart
03f3fa8 
Signed-off-by: kahirokunn <[email protected]>
@kahirokunn
✨ Add support for multiple helm charts in chart-update tool
b4b8b77 
Update hack/chart-update/main.go to process both cluster-api-operator
and cluster-api-operator-providers charts when updating index.yaml.
This ensures all charts are properly registered in the helm repository
index during the release process.

Signed-off-by: kahirokunn <[email protected]>
@kahirokunn
🌱 Add smoke test workflow
206056c 
Add a new GitHub Actions workflow for smoke testing.

Signed-off-by: kahirokunn <[email protected]>
@kahirokunn kahirokunn force-pushed the fix-flaky-install2 branch from cb5a66d to 206056c Compare June 24, 2025 00:44
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Jun 24, 2025
@kahirokunn kahirokunn changed the title 🐛 Fix flaky Helm installations by separating provider CRs from operator deployment ⚠ Split Helm chart into operator and providers charts Jun 24, 2025
@kahirokunn
feat: Add provider-specific configSecret support
18080c7 
Providers can now define their own configSecret:
  core:
    cluster-api:
      configSecret:
        name: core-secret
        namespace: capi-system

If not specified, providers will use the global configSecret.

Signed-off-by: kahirokunn <[email protected]>
@k8s-ci-robot
Copy link
Contributor

@kahirokunn: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cluster-api-operator-verify-main 18080c7 link true /test pull-cluster-api-operator-verify-main
pull-cluster-api-operator-e2e-main 18080c7 link true /test pull-cluster-api-operator-e2e-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Danil-Grigorev Danil-Grigorev Awaiting requested review from Danil-Grigorev

@neolit123 neolit123 Awaiting requested review from neolit123

@Fedosin Fedosin Awaiting requested review from Fedosin

@timothysc timothysc Awaiting requested review from timothysc

@alexander-demicev alexander-demicev Awaiting requested review from alexander-demicev

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Helm Chart CRDs Placement Causes Flaky Installations
2 participants
@kahirokunn @k8s-ci-robot