feat(helm): extract muster CRDs into a standalone muster-crds chart#750
Merged
Conversation
Extract the MCPServer and Workflow CRDs into a standalone muster-crds chart so the CRD lifecycle can be owned independently by a downstream agentic-platform-crds umbrella (install muster-crds before muster). CRDs ship under files/crds/ and render via templates/crds.yaml (NOT a crds/ folder), so they remain upgradable on 'helm upgrade', and carry helm.sh/resource-policy: keep so they survive 'helm uninstall'. Signed-off-by: Pau Rosello <pau@giantswarm.io>
templates/crds.yaml is removed; the muster app chart renders no CRDs. crds.install now defaults to false and is a deprecated compatibility shim (kept so a downstream that sets muster.crds.install=false still validates against the schema); scheduled for removal next release. Install the muster-crds chart first. Signed-off-by: Pau Rosello <pau@giantswarm.io>
Add parallel push-to-app-catalog jobs for the muster-crds chart (build, ATS tests, branch push, tag push), mirroring muster's job shape and versioned in lockstep off the same git tag. Repoint make generate-crds and the CI CRD-drift check at helm/muster-crds/files/crds/. Signed-off-by: Pau Rosello <pau@giantswarm.io>
Signed-off-by: Pau Rosello <pau@giantswarm.io>
QuentinBisson
approved these changes
May 27, 2026
The architect orb's push-to-app-catalog verifies the chart name matches the repo (muster / muster-app). muster-crds is a second chart from this repo, so set explicit_allow_chart_name_mismatch: true on its three push-to-app-catalog jobs. Signed-off-by: Pau Rosello <pau@giantswarm.io>
The C0001:HasTeamLabel app-build-suite validator is a static text check
requiring the team label and 'index .Chart.Annotations' on a single line.
The {{- with ... }} wrapper rendered '{{ . | quote }}' instead, failing
the regex. Inline the label and reference the actual annotation key
(io.giantswarm.application.team) so it both passes the validator and
renders the real team value.
Contributor
Author
|
Downstream consumer PR: giantswarm/agentic-platform#12 (adds |
Renovate pins GitHub Actions to full commit SHAs with a trailing '# vN' comment, producing 88-char lines that exceed yamllint's 80-char default and fail 'make check' (lint-yaml). Add a .yamllint config raising line-length to 120 and relaxing comment spacing to match that style.
paurosello
added a commit
to giantswarm/management-cluster-bases
that referenced
this pull request
May 28, 2026
## What
Add the Flux deploy unit for the new `agentic-platform-crds` Helm chart
alongside the existing `agentic-platform` release in
`extras/agentic-platform/`.
`giantswarm/agentic-platform` v0.3.0 splits the CRDs out of the umbrella
chart into a dedicated sibling chart `agentic-platform-crds` that
bundles `agentgateway-crds` and `muster-crds` as sub-chart dependencies.
Operators install the crds release first, then the platform release.
## Changes
- **New** `extras/agentic-platform/oci-repository-crds.yaml` —
`OCIRepository` for
`oci://gsoci.azurecr.io/charts/giantswarm/agentic-platform-crds`,
`semver: ">=0.3.0"`, `interval: 10m`, `provider: generic`. The explicit
`>=0.3.0` floor is so the dep does not resolve until the new chart
actually lands in the catalog.
- **New** `extras/agentic-platform/helm-release-crds.yaml` —
`HelmRelease` named `agentic-platform-crds` in `flux-giantswarm`,
`releaseName: agentic-platform-crds`, `targetNamespace: muster`,
referencing the new `OCIRepository`. Remediation policy mirrored from
the platform `HelmRelease` (`retries: 10`, `remediateLastFailure: false`
on both install and upgrade), `interval: 10m`, `timeout: 10m`. No
`valuesFrom` and no `Konfiguration` — the crds chart is a thin umbrella
with no per-installation configuration.
- **Edit** `extras/agentic-platform/helm-release.yaml` — add
`spec.dependsOn` referencing `agentic-platform-crds` in
`flux-giantswarm` so Flux does not reconcile the platform release until
the crds release reports Ready.
- **Edit** `extras/agentic-platform/kustomization.yaml` — register the
two new files in `resources`.
- **Edit** `extras/agentic-platform/README.md` — rewrite the
Prerequisites section. Drop the now-incorrect claim that muster's CRDs
ship "inside the umbrella via the muster sub-chart's
`templates/crds.yaml`". Note that the `agentic-platform-crds` chart is
deployed alongside via this same kustomization, with ordering enforced
by the platform's `dependsOn`.
## Verification
`kubectl kustomize extras/agentic-platform` rendered locally:
- `HelmRelease` count: **2** (agentic-platform, agentic-platform-crds)
- `OCIRepository` count: **2** (agentic-platform, agentic-platform-crds)
- `agentic-platform` `.spec.dependsOn`: `[{name: agentic-platform-crds,
namespace: flux-giantswarm}]`
- `agentic-platform-crds` `.spec.ref.semver`: `>=0.3.0`
YAML validates via `yq` on all changed files. `pre-commit` is not
installed on this host; the only configured hook is `gitleaks-docker`
and the changes contain no secrets.
## Merge gate
**Do NOT merge until `agentic-platform` v0.3.0 is released to the prod
catalog (`gsoci.azurecr.io/charts/giantswarm/agentic-platform-crds`).**
If merged before v0.3.0 ships:
- The new `agentic-platform-crds` `OCIRepository` cannot resolve (no
chart matches `>=0.3.0`).
- The `agentic-platform-crds` `HelmRelease` stays NotReady.
- The platform `HelmRelease` `dependsOn` will hold reconciliation, so
the platform release stops rolling forward to new versions.
- The currently-running 0.2.0 release keeps serving, but no new applies
happen until 0.3.0 lands and the floor resolves.
## Related
- `giantswarm/agentic-platform#12` — chart split (merged, awaiting
v0.3.0 tag)
- `giantswarm/muster#750` — muster CRDs extracted into `muster-crds`
(released as `muster-crds 0.1.213`, consumed as a sub-chart by
`agentic-platform-crds`)
---------
Signed-off-by: Pau Rosello <pau@giantswarm.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Extracts muster's CRDs (
MCPServer,Workflow) into a new standalone charthelm/muster-crds/. The muster app chart no longer renders CRDs.Why
A downstream
agentic-platform-crdsumbrella (ingiantswarm/agentic-platform) needs to bundle the agentgateway and muster CRDs as sub-chart dependencies, so operators install one CRDs release first and the workload releases after — Flux/Argo-agnostic ordering, with CRD and workload lifecycles decoupled.Changes
helm/muster-crds/—Chart.yaml,files/crds/{mcpservers,workflows}(git-renamed from the app chart, content unchanged,controller-genv0.21.0 preserved),templates/crds.yamlloader (noinstallguard — installing this chart is how you install the CRDs), keep-annotation default, schema/docs/tests.templates/crds.yamlremoved;crds.installnow defaultsfalseand is a deprecated compatibility shim (kept so a downstream settingmuster.crds.install=falsestill validates; removal scheduled next release)..circleci/config.ymlgains parallel*-muster-crds-*publish jobs (build, ATS tests, branch push, tag push) mirroring muster's shape, versioned in lockstep off the same tag;make generate-crds+ the CI drift check repointed tohelm/muster-crds/files/crds/.helm/muster/crds/...paths indocs/operations/installation.md(that path was already non-existent).Operator impact
Install/upgrade
muster-crdsbeforemuster. Existing installs that relied on the muster app chart shipping CRDs must add themuster-crdsrelease.Verification (local)
helm lintpasses for both charts.helm template helm/muster-crds→ 2 CRDs, bothhelm.sh/resource-policy: keep.helm template helm/muster→ 0 CRDs.make generate-crds(controller-gen) → no schema drift; v0.21.0 annotation preserved.helm package helm/muster-crds→ ok.TODO / follow-up
helm/muster-crds/values.schema.jsonis hand-authored (compact draft-07, matching the existing checked-in muster schema). Adevctl genpass may rewrite it into the canonical bundled draft-2020 form — same divergence as the current muster chart. Flagging for a devctl regen.helm-test/ unittest CI currently runs onlyhelm/muster; the movedhelm/muster-crds/tests/crds_test.yamlshould be added to that run.Paired with the
giantswarm/agentic-platformCRDs-split PR (link to follow).