diff --git a/ansible/roles/apps/files/local-path-provisioner.yaml b/ansible/roles/apps/files/local-path-provisioner.yaml
index 95925a1d0fdb0abca807438315c8ca1ee8db9a0b..65bbd53adca9e233aa79fa2e947263e385071565 120000
--- a/ansible/roles/apps/files/local-path-provisioner.yaml
+++ b/ansible/roles/apps/files/local-path-provisioner.yaml
@@ -1 +1 @@
-../../../../flux/oas/local-path-provisioner.yaml
\ No newline at end of file
+../../../../flux/kube-system/local-path-provisioner.yaml
\ No newline at end of file
diff --git a/ansible/roles/apps/tasks/core.yml b/ansible/roles/apps/tasks/core.yml
index f4fe15e78257dbb7fff13b902c8365160883bf0d..5508006291212afffe5e3d9d5446f210e964028d 100644
--- a/ansible/roles/apps/tasks/core.yml
+++ b/ansible/roles/apps/tasks/core.yml
@@ -41,6 +41,36 @@
   #   helm-operator
   shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 1.0.1 --set helm.versions=v3 --set configureRepositories.enable=true --set configureRepositories.repositories[0].name=stable --set configureRepositories.repositories[0].url=https://kubernetes-charts.storage.googleapis.com --set configureRepositories.repositories[1].name=bitnami --set configureRepositories.repositories[1].url=https://charts.bitnami.com/bitnami --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
 
+- name: Create Kubernetes secret with local-path-provisioner settings
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  vars:
+    flux:
+      name: "local-path-provisioner"
+      namespace: "kube-system"
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - local-path-provisioner
+
+# We have to install local-path-provisioner before other charts, otherwise the PVCs
+# created by those charts will not have the right default storageclass assigned
+# to them.
+# It will still be managed by flux afterwards.
+- name: Create local-path-provisioner HelmResource
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  k8s:
+    state: present
+    resource_definition: "{{ lookup('file', 'local-path-provisioner.yaml') | from_yaml }}"
+
 - name: Install flux
   tags:
     - flux
diff --git a/ansible/roles/apps/templates/settings/local-path-provisioner.yaml b/ansible/roles/apps/templates/settings/local-path-provisioner.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a75cfaee23befac831f7fdfd0b69344f0cf26377
--- /dev/null
+++ b/ansible/roles/apps/templates/settings/local-path-provisioner.yaml
@@ -0,0 +1,12 @@
+nodePathMap:
+  - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
+    paths:
+      - "/var/lib/OpenAppStack/local-storage"
+storageClass:
+  defaultClass: true
+  name: "local-storage"
+# We temporarily use our own build in order to use local volumes instead of
+# hostPath.
+image:
+  repository: "open.greenhost.net:4567/openappstack/openappstack/local-path-provisioner"
+  tag: "02b021c-amd64"
diff --git a/ansible/roles/pre-configure/tasks/main.yml b/ansible/roles/pre-configure/tasks/main.yml
index a970022a227badd75157f6809cc6971d28946e10..f6181961a69872622bae4b1f7ea868ad53ae32ef 100644
--- a/ansible/roles/pre-configure/tasks/main.yml
+++ b/ansible/roles/pre-configure/tasks/main.yml
@@ -102,28 +102,5 @@
   command: /usr/local/bin/get-helm --version v{{ helm.version }}
   when: helm_version.stdout != helm.version
 
-- name: Check if kube-bench is installed
-  command: dpkg-query -W kube-bench
-  register: kube_bench_check_deb
-  failed_when: kube_bench_check_deb.rc > 1
-  changed_when: kube_bench_check_deb.rc == 1
-
-- name: Download kube-bench binary
-  tags:
-    - kube-bench
-  get_url:
-    url: "https://github.com/aquasecurity/kube-bench/releases/download/v{{ kube_bench.version }}/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-    checksum: '{{ kube_bench.checksum }}'
-    dest: /tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb
-    force: yes
-    mode: '0755'
-  when: kube_bench_check_deb.rc == 1
-  become: true
-
-- name: Install my_package
-  apt: deb="/tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-  become: true
-  when: kube_bench_check_deb.rc == 1
-
 - name: Configure firewall
   import_tasks: firewall.yml
diff --git a/flux/kube-system/local-path-provisioner.yaml b/flux/kube-system/local-path-provisioner.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b36561ba005d6a521e870ca0f98cfbf962b0c62c
--- /dev/null
+++ b/flux/kube-system/local-path-provisioner.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: local-path-provisioner
+  namespace: kube-system
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: local-path-provisioner
+  chart:
+    git: https://github.com/rancher/local-path-provisioner
+    ref: v0.0.13
+    path: deploy/chart
+  valuesFrom:
+    - secretKeyRef:
+        name: local-path-provisioner-settings
+        key: values.yaml
+  timeout: 120
diff --git a/test/pytest/test_helmreleases.py b/test/pytest/test_helmreleases.py
index ff9f488404430f8bf7a5e33d4ffe194abb357253..ea3aa899f38dd5a07a837a78dde713600cf2ae8e 100644
--- a/test/pytest/test_helmreleases.py
+++ b/test/pytest/test_helmreleases.py
@@ -12,9 +12,8 @@ from kubernetes.client.rest import ApiException
 import pytest
 
 EXPECTED_RELEASES = {
-    'cert-manager': [
-        'cert-manager'
-    ],
+    'cert-manager': ['cert-manager'],
+    'kube-system': ['local-path-provisioner'],
     'oas': [
         'ingress',
         'prometheus',