re-add local path provisioner installation

ansible/roles/apps/files/local-path-provisioner.yaml

-../../../../flux/oas/local-path-provisioner.yaml
\ No newline at end of file
+../../../../flux/kube-system/local-path-provisioner.yaml
\ No newline at end of file

ansible/roles/apps/tasks/core.yml

@@ -41,6 +41,36 @@
   #   helm-operator
   shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 1.0.1 --set helm.versions=v3 --set configureRepositories.enable=true --set configureRepositories.repositories[0].name=stable --set configureRepositories.repositories[0].url=https://kubernetes-charts.storage.googleapis.com --set configureRepositories.repositories[1].name=bitnami --set configureRepositories.repositories[1].url=https://charts.bitnami.com/bitnami --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
 
+- name: Create Kubernetes secret with local-path-provisioner settings
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  vars:
+    flux:
+      name: "local-path-provisioner"
+      namespace: "kube-system"
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - local-path-provisioner
+
+# We have to install local-path-provisioner before other charts, otherwise the PVCs
+# created by those charts will not have the right default storageclass assigned
+# to them.
+# It will still be managed by flux afterwards.
+- name: Create local-path-provisioner HelmResource
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  k8s:
+    state: present
+    resource_definition: "{{ lookup('file', 'local-path-provisioner.yaml') | from_yaml }}"
+
 - name: Install flux
   tags:
     - flux

ansible/roles/apps/templates/settings/local-path-provisioner.yaml

+nodePathMap:
+  - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
+    paths:
+      - "/var/lib/OpenAppStack/local-storage"
+storageClass:
+  defaultClass: true
+  name: "local-storage"
+# We temporarily use our own build in order to use local volumes instead of
+# hostPath.
+image:
+  repository: "open.greenhost.net:4567/openappstack/openappstack/local-path-provisioner"
+  tag: "02b021c-amd64"

ansible/roles/pre-configure/tasks/main.yml

@@ -102,28 +102,5 @@
   command: /usr/local/bin/get-helm --version v{{ helm.version }}
   when: helm_version.stdout != helm.version
 
-- name: Check if kube-bench is installed
-  command: dpkg-query -W kube-bench
-  register: kube_bench_check_deb
-  failed_when: kube_bench_check_deb.rc > 1
-  changed_when: kube_bench_check_deb.rc == 1
-
-- name: Download kube-bench binary
-  tags:
-    - kube-bench
-  get_url:
-    url: "https://github.com/aquasecurity/kube-bench/releases/download/v{{ kube_bench.version }}/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-    checksum: '{{ kube_bench.checksum }}'
-    dest: /tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb
-    force: yes
-    mode: '0755'
-  when: kube_bench_check_deb.rc == 1
-  become: true
-
-- name: Install my_package
-  apt: deb="/tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-  become: true
-  when: kube_bench_check_deb.rc == 1
-
 - name: Configure firewall
   import_tasks: firewall.yml

flux/kube-system/local-path-provisioner.yaml

+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: local-path-provisioner
+  namespace: kube-system
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: local-path-provisioner
+  chart:
+    git: https://github.com/rancher/local-path-provisioner
+    ref: v0.0.13
+    path: deploy/chart
+  valuesFrom:
+    - secretKeyRef:
+        name: local-path-provisioner-settings
+        key: values.yaml
+  timeout: 120

test/pytest/test_helmreleases.py

@@ -12,9 +12,8 @@ from kubernetes.client.rest import ApiException
 import pytest
 
 EXPECTED_RELEASES = {
-    'cert-manager': [
-        'cert-manager'
-    ],
+    'cert-manager': ['cert-manager'],
+    'kube-system': ['local-path-provisioner'],
     'oas': [
         'ingress',
         'prometheus',