From 654261474253c8f69392866cc1006ded28cac210 Mon Sep 17 00:00:00 2001
From: Ryan VanGundy <ryan.vangundy+rmvangun@gmail.com>
Date: Sun, 9 Feb 2025 15:41:23 -0500
Subject: [PATCH 1/2] Add openebs dynamic pv

---
 contexts/colima/blueprint.yaml                |  7 ++++
 contexts/docker-desktop/blueprint.yaml        |  7 ++++
 kustomize/csi/kustomization.yaml              |  2 +
 kustomize/csi/namespace.yaml                  |  9 ++++
 .../dynamic-localpv/kustomization.yaml        |  6 +++
 .../dynamic-localpv/patches/helm-release.yaml | 12 ++++++
 .../openebs/dynamic-localpv/storageclass.yaml | 31 ++++++++++++++
 kustomize/csi/openebs/helm-release.yaml       | 42 +++++++++++++++++++
 kustomize/csi/openebs/helm-repository.yaml    | 10 +++++
 kustomize/csi/openebs/kustomization.yaml      |  5 +++
 10 files changed, 131 insertions(+)
 create mode 100644 kustomize/csi/kustomization.yaml
 create mode 100644 kustomize/csi/namespace.yaml
 create mode 100644 kustomize/csi/openebs/dynamic-localpv/kustomization.yaml
 create mode 100644 kustomize/csi/openebs/dynamic-localpv/patches/helm-release.yaml
 create mode 100644 kustomize/csi/openebs/dynamic-localpv/storageclass.yaml
 create mode 100644 kustomize/csi/openebs/helm-release.yaml
 create mode 100644 kustomize/csi/openebs/helm-repository.yaml
 create mode 100644 kustomize/csi/openebs/kustomization.yaml

diff --git a/contexts/colima/blueprint.yaml b/contexts/colima/blueprint.yaml
index b7ab0e18..5b4d22c8 100644
--- a/contexts/colima/blueprint.yaml
+++ b/contexts/colima/blueprint.yaml
@@ -25,6 +25,13 @@ kustomize:
   path: policy/resources
   dependsOn:
   - policy-base
+- name: csi
+  path: csi
+  dependsOn:
+  - policy-resources
+  components:
+  - openebs
+  - openebs/dynamic-localpv
 - name: lb-base
   path: lb/base
   dependsOn:
diff --git a/contexts/docker-desktop/blueprint.yaml b/contexts/docker-desktop/blueprint.yaml
index 9aab89ca..b0104af4 100644
--- a/contexts/docker-desktop/blueprint.yaml
+++ b/contexts/docker-desktop/blueprint.yaml
@@ -25,6 +25,13 @@ kustomize:
   path: policy/resources
   dependsOn:
   - policy-base
+- name: csi
+  path: csi
+  dependsOn:
+  - policy-resources
+  components:
+  - openebs
+  - openebs/dynamic-localpv
 - name: ingress-base
   path: ingress/base
   dependsOn:
diff --git a/kustomize/csi/kustomization.yaml b/kustomize/csi/kustomization.yaml
new file mode 100644
index 00000000..e8aa5f88
--- /dev/null
+++ b/kustomize/csi/kustomization.yaml
@@ -0,0 +1,2 @@
+resources: 
+  - namespace.yaml
diff --git a/kustomize/csi/namespace.yaml b/kustomize/csi/namespace.yaml
new file mode 100644
index 00000000..40b538b3
--- /dev/null
+++ b/kustomize/csi/namespace.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: system-csi
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
diff --git a/kustomize/csi/openebs/dynamic-localpv/kustomization.yaml b/kustomize/csi/openebs/dynamic-localpv/kustomization.yaml
new file mode 100644
index 00000000..541829b7
--- /dev/null
+++ b/kustomize/csi/openebs/dynamic-localpv/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+patches:
+  - path: patches/helm-release.yaml
+resources:
+  - storageclass.yaml
diff --git a/kustomize/csi/openebs/dynamic-localpv/patches/helm-release.yaml b/kustomize/csi/openebs/dynamic-localpv/patches/helm-release.yaml
new file mode 100644
index 00000000..6f44c6ec
--- /dev/null
+++ b/kustomize/csi/openebs/dynamic-localpv/patches/helm-release.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openebs
+  namespace: system-csi
+spec:
+  values:
+    localpv-provisioner:
+      localpv:
+        enabled: true
+        basePath: ${LOCAL_VOLUME_PATH}
diff --git a/kustomize/csi/openebs/dynamic-localpv/storageclass.yaml b/kustomize/csi/openebs/dynamic-localpv/storageclass.yaml
new file mode 100644
index 00000000..a6364fde
--- /dev/null
+++ b/kustomize/csi/openebs/dynamic-localpv/storageclass.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: local
+  annotations:
+    openebs.io/cas-type: local
+    cas.openebs.io/config: |
+      - name: StorageType
+        value: hostpath
+      - name: BasePath
+        value: ${LOCAL_VOLUME_PATH}
+provisioner: openebs.io/local
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: single
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+    openebs.io/cas-type: local
+    cas.openebs.io/config: |
+      - name: StorageType
+        value: hostpath
+      - name: BasePath
+        value: ${LOCAL_VOLUME_PATH}
+provisioner: openebs.io/local
+reclaimPolicy: Delete
+volumeBindingMode: WaitForFirstConsumer
diff --git a/kustomize/csi/openebs/helm-release.yaml b/kustomize/csi/openebs/helm-release.yaml
new file mode 100644
index 00000000..e440deb0
--- /dev/null
+++ b/kustomize/csi/openebs/helm-release.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: openebs
+  namespace: system-csi
+spec:
+  interval: 5m
+  timeout: 5m
+  chart:
+    spec:
+      chart: openebs
+      # renovate: datasource=helm depName=openebs package=openebs helmRepo=https://openebs.github.io/openebs
+      version: 4.1.1
+      sourceRef:
+        kind: HelmRepository
+        name: openebs
+        namespace: system-gitops
+  values:
+    localpv-provisioner:
+      localpv:
+        enabled: false
+      hostpathClass:
+        enabled: false
+    zfs-localpv:
+      enabled: false
+    lvm-localpv:
+      enabled: false
+    mayastor:
+      enabled: false
+      base:
+        metrics:
+          enabled: false
+    engines:
+      local:
+        lvm:
+          enabled: false
+        zfs:
+          enabled: false
+      replicated:
+        mayastor:
+          enabled: false
diff --git a/kustomize/csi/openebs/helm-repository.yaml b/kustomize/csi/openebs/helm-repository.yaml
new file mode 100644
index 00000000..f459804a
--- /dev/null
+++ b/kustomize/csi/openebs/helm-repository.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: openebs
+  namespace: system-gitops
+spec:
+  interval: 10m
+  timeout: 5m
+  url: https://openebs.github.io/openebs
diff --git a/kustomize/csi/openebs/kustomization.yaml b/kustomize/csi/openebs/kustomization.yaml
new file mode 100644
index 00000000..e768af5d
--- /dev/null
+++ b/kustomize/csi/openebs/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - helm-repository.yaml
+  - helm-release.yaml

From df851cd00e2f5cd429bcae765e4f5e804b5c9555 Mon Sep 17 00:00:00 2001
From: Ryan VanGundy <ryan.vangundy+rmvangun@gmail.com>
Date: Sun, 9 Feb 2025 20:45:39 -0500
Subject: [PATCH 2/2] Add local volume mounts

---
 contexts/colima/terraform/cluster/talos.tfvars         | 3 +++
 contexts/docker-desktop/terraform/cluster/talos.tfvars | 3 +++
 windsor.yaml                                           | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/contexts/colima/terraform/cluster/talos.tfvars b/contexts/colima/terraform/cluster/talos.tfvars
index 7d619af7..af495fa2 100644
--- a/contexts/colima/terraform/cluster/talos.tfvars
+++ b/contexts/colima/terraform/cluster/talos.tfvars
@@ -17,6 +17,9 @@ controlplanes = [{
   node     = "10.5.0.2"
 }]
 
+// A YAML string of worker config patches to apply
+worker_config_patches = "\"machine\":\n  \"kubelet\":\n    \"extraMounts\":\n    - \"destination\": \"/var/local\"\n      \"options\":\n      - \"rbind\"\n      - \"rw\"\n      \"source\": \"/var/local\"\n      \"type\": \"bind\""
+
 // Machine config details for workers
 workers = [{
   endpoint = "10.5.0.11:50000"
diff --git a/contexts/docker-desktop/terraform/cluster/talos.tfvars b/contexts/docker-desktop/terraform/cluster/talos.tfvars
index c2530918..8ba55817 100644
--- a/contexts/docker-desktop/terraform/cluster/talos.tfvars
+++ b/contexts/docker-desktop/terraform/cluster/talos.tfvars
@@ -17,6 +17,9 @@ controlplanes = [{
   node     = "127.0.0.1"
 }]
 
+// A YAML string of worker config patches to apply
+worker_config_patches = "\"machine\":\n  \"kubelet\":\n    \"extraMounts\":\n    - \"destination\": \"/var/local\"\n      \"options\":\n      - \"rbind\"\n      - \"rw\"\n      \"source\": \"/var/local\"\n      \"type\": \"bind\""
+
 // Machine config details for workers
 workers = [{
   endpoint = "127.0.0.1:50001"
diff --git a/windsor.yaml b/windsor.yaml
index 81ea47e4..cc9cb797 100644
--- a/windsor.yaml
+++ b/windsor.yaml
@@ -42,6 +42,8 @@ contexts:
         count: 1
         cpu: 4
         memory: 4
+        volumes:
+        - ${WINDSOR_PROJECT_ROOT}/.volumes:/var/local
     network:
       cidr_block: 10.5.0.0/16
       loadbalancer_ips:
@@ -99,6 +101,8 @@ contexts:
         - 8443:30443/tcp
         - 9292:30292/tcp
         - 8053:30053/udp
+        volumes:
+        - ${WINDSOR_PROJECT_ROOT}/.volumes:/var/local
     network:
       cidr_block: 10.5.0.0/16
     dns: