From 6a9b6c35150b6267dd6bfae21f4f27c64db9ef19 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Fri, 29 May 2020 16:31:02 +0200
Subject: [PATCH] re-add local path provisioner installation

---
 .../apps/files/local-path-provisioner.yaml    |  2 +-
 ansible/roles/apps/tasks/core.yml             | 30 +++++++++++++++++++
 .../settings/local-path-provisioner.yaml      | 12 ++++++++
 ansible/roles/pre-configure/tasks/main.yml    | 23 --------------
 flux/kube-system/local-path-provisioner.yaml  | 19 ++++++++++++
 test/pytest/test_helmreleases.py              |  5 ++--
 6 files changed, 64 insertions(+), 27 deletions(-)
 create mode 100644 ansible/roles/apps/templates/settings/local-path-provisioner.yaml
 create mode 100644 flux/kube-system/local-path-provisioner.yaml

diff --git a/ansible/roles/apps/files/local-path-provisioner.yaml b/ansible/roles/apps/files/local-path-provisioner.yaml
index 95925a1d0..65bbd53ad 120000
--- a/ansible/roles/apps/files/local-path-provisioner.yaml
+++ b/ansible/roles/apps/files/local-path-provisioner.yaml
@@ -1 +1 @@
-../../../../flux/oas/local-path-provisioner.yaml
\ No newline at end of file
+../../../../flux/kube-system/local-path-provisioner.yaml
\ No newline at end of file
diff --git a/ansible/roles/apps/tasks/core.yml b/ansible/roles/apps/tasks/core.yml
index f4fe15e78..550800629 100644
--- a/ansible/roles/apps/tasks/core.yml
+++ b/ansible/roles/apps/tasks/core.yml
@@ -41,6 +41,36 @@
   #   helm-operator
   shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 1.0.1 --set helm.versions=v3 --set configureRepositories.enable=true --set configureRepositories.repositories[0].name=stable --set configureRepositories.repositories[0].url=https://kubernetes-charts.storage.googleapis.com --set configureRepositories.repositories[1].name=bitnami --set configureRepositories.repositories[1].url=https://charts.bitnami.com/bitnami --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
 
+- name: Create Kubernetes secret with local-path-provisioner settings
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  vars:
+    flux:
+      name: "local-path-provisioner"
+      namespace: "kube-system"
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - local-path-provisioner
+
+# We have to install local-path-provisioner before other charts, otherwise the PVCs
+# created by those charts will not have the right default storageclass assigned
+# to them.
+# It will still be managed by flux afterwards.
+- name: Create local-path-provisioner HelmResource
+  tags:
+    - config
+    - flux
+    - local-path-provisioner
+  k8s:
+    state: present
+    resource_definition: "{{ lookup('file', 'local-path-provisioner.yaml') | from_yaml }}"
+
 - name: Install flux
   tags:
     - flux
diff --git a/ansible/roles/apps/templates/settings/local-path-provisioner.yaml b/ansible/roles/apps/templates/settings/local-path-provisioner.yaml
new file mode 100644
index 000000000..a75cfaee2
--- /dev/null
+++ b/ansible/roles/apps/templates/settings/local-path-provisioner.yaml
@@ -0,0 +1,12 @@
+nodePathMap:
+  - node: DEFAULT_PATH_FOR_NON_LISTED_NODES
+    paths:
+      - "/var/lib/OpenAppStack/local-storage"
+storageClass:
+  defaultClass: true
+  name: "local-storage"
+# We temporarily use our own build in order to use local volumes instead of
+# hostPath.
+image:
+  repository: "open.greenhost.net:4567/openappstack/openappstack/local-path-provisioner"
+  tag: "02b021c-amd64"
diff --git a/ansible/roles/pre-configure/tasks/main.yml b/ansible/roles/pre-configure/tasks/main.yml
index a970022a2..f6181961a 100644
--- a/ansible/roles/pre-configure/tasks/main.yml
+++ b/ansible/roles/pre-configure/tasks/main.yml
@@ -102,28 +102,5 @@
   command: /usr/local/bin/get-helm --version v{{ helm.version }}
   when: helm_version.stdout != helm.version
 
-- name: Check if kube-bench is installed
-  command: dpkg-query -W kube-bench
-  register: kube_bench_check_deb
-  failed_when: kube_bench_check_deb.rc > 1
-  changed_when: kube_bench_check_deb.rc == 1
-
-- name: Download kube-bench binary
-  tags:
-    - kube-bench
-  get_url:
-    url: "https://github.com/aquasecurity/kube-bench/releases/download/v{{ kube_bench.version }}/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-    checksum: '{{ kube_bench.checksum }}'
-    dest: /tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb
-    force: yes
-    mode: '0755'
-  when: kube_bench_check_deb.rc == 1
-  become: true
-
-- name: Install my_package
-  apt: deb="/tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
-  become: true
-  when: kube_bench_check_deb.rc == 1
-
 - name: Configure firewall
   import_tasks: firewall.yml
diff --git a/flux/kube-system/local-path-provisioner.yaml b/flux/kube-system/local-path-provisioner.yaml
new file mode 100644
index 000000000..b36561ba0
--- /dev/null
+++ b/flux/kube-system/local-path-provisioner.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: local-path-provisioner
+  namespace: kube-system
+  annotations:
+    flux.weave.works/automated: "false"
+spec:
+  releaseName: local-path-provisioner
+  chart:
+    git: https://github.com/rancher/local-path-provisioner
+    ref: v0.0.13
+    path: deploy/chart
+  valuesFrom:
+    - secretKeyRef:
+        name: local-path-provisioner-settings
+        key: values.yaml
+  timeout: 120
diff --git a/test/pytest/test_helmreleases.py b/test/pytest/test_helmreleases.py
index ff9f48840..ea3aa899f 100644
--- a/test/pytest/test_helmreleases.py
+++ b/test/pytest/test_helmreleases.py
@@ -12,9 +12,8 @@ from kubernetes.client.rest import ApiException
 import pytest
 
 EXPECTED_RELEASES = {
-    'cert-manager': [
-        'cert-manager'
-    ],
+    'cert-manager': ['cert-manager'],
+    'kube-system': ['local-path-provisioner'],
     'oas': [
         'ingress',
         'prometheus',
-- 
GitLab