fix: split provider CRs from operator deployment

This commit splits the cluster-api-operator Helm chart into two
separate charts to resolve flaky installations caused by webhook
validation timing issues.

Problem:
- Provider Custom Resources (CoreProvider, BootstrapProvider, etc.)
  were applied at the same time as the operator deployment.
- The webhook service was not yet ready, leading to validation errors:
  "no endpoints available for service 'capi-operator-webhook-service'".

Solution:
- Create two charts:
  1. cluster-api-operator: contains only the operator deployment and
     its resources.
  2. cluster-api-operator-providers: contains all provider Custom
     Resources.
- Installing the operator first allows the webhook to start before
  provider CRs are applied.

Installation now requires:
1. Install operator:
   helm install capi-operator capi-operator/cluster-api-operator \
     --create-namespace -n capi-operator-system --wait --timeout 90s
2. Install providers:
   helm install capi-providers \
     capi-operator/cluster-api-operator-providers \
     -n capi-operator-system \
     --set infrastructure.docker.enabled=true \
     --set cert-manager.enabled=true \
     --set configSecret.name=${CREDENTIALS_SECRET_NAME} \
     --set configSecret.namespace=${CREDENTIALS_SECRET_NAMESPACE}

Fixes: #534
Signed-off-by: kahirokunn <[email protected]>

Author: kahirokunn

Makefile

@@ -180,6 +180,7 @@ endif
 RELEASE_ALIAS_TAG ?= $(PULL_BASE_REF)
 RELEASE_DIR := $(ROOT)/out
 CHART_DIR := $(RELEASE_DIR)/charts/cluster-api-operator
+CHART_PROVIDERS_DIR := $(RELEASE_DIR)/charts/cluster-api-operator-providers
 CHART_PACKAGE_DIR := $(RELEASE_DIR)/package
 
 # Set --output-base for conversion-gen if we are not within GOPATH
@@ -455,6 +456,9 @@ $(CHART_DIR):
 $(CHART_PACKAGE_DIR):
 	mkdir -p $(CHART_PACKAGE_DIR)
 
+$(CHART_PROVIDERS_DIR):
+	mkdir -p $(CHART_PROVIDERS_DIR)/templates
+
 .PHONY: release
 release: clean-release $(RELEASE_DIR)  ## Builds and push container images using the latest git tag for the commit.
 	@if [ -z "${RELEASE_TAG}" ]; then echo "RELEASE_TAG is not set"; exit 1; fi
@@ -485,11 +489,16 @@ release-manifests: $(KUSTOMIZE) $(RELEASE_DIR) ## Builds the manifests to publis
 	$(KUSTOMIZE) build ./config/default > $(RELEASE_DIR)/operator-components.yaml
 
 .PHONY: release-chart
-release-chart: $(HELM) $(KUSTOMIZE) $(RELEASE_DIR) $(CHART_DIR) $(CHART_PACKAGE_DIR) ## Builds the chart to publish with a release
+release-chart: $(HELM) $(KUSTOMIZE) $(RELEASE_DIR) $(CHART_DIR) $(CHART_PROVIDERS_DIR) $(CHART_PACKAGE_DIR) ## Builds the chart to publish with a release
+	# cluster-api-operator チャートの処理
 	cp -rf $(ROOT)/hack/charts/cluster-api-operator/. $(CHART_DIR)
 	$(KUSTOMIZE) build ./config/chart > $(CHART_DIR)/templates/operator-components.yaml
 	$(HELM) package $(CHART_DIR) --app-version=$(HELM_CHART_TAG) --version=$(HELM_CHART_TAG) --destination=$(CHART_PACKAGE_DIR)
 
+	# cluster-api-operator-providers チャートの処理
+	cp -rf $(ROOT)/hack/charts/cluster-api-operator-providers/. $(CHART_PROVIDERS_DIR)
+	$(HELM) package $(CHART_PROVIDERS_DIR) --app-version=$(HELM_CHART_TAG) --version=$(HELM_CHART_TAG) --destination=$(CHART_PACKAGE_DIR)
+
 .PHONY: release-staging
 release-staging: ## Builds and push container images and manifests to the staging bucket.
 	$(MAKE) docker-build-all

hack/charts/cluster-api-operator-providers/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

hack/charts/cluster-api-operator-providers/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cluster-api-operator-providers
+description: Cluster API Provider Custom Resources
+type: application
+version: 0.0.0
+appVersion: "0.0.0"

hack/charts/cluster-api-operator-providers/templates/_helpers.tpl

@@ -0,0 +1,24 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "capi-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "capi-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}