From 52b7b7a8b6b7c4c385d55c06e896e89ada77f637 Mon Sep 17 00:00:00 2001
From: Suyog Shinde <64534620+SuyogShinde942@users.noreply.github.com>
Date: Thu, 5 Dec 2024 22:39:16 +0530
Subject: [PATCH] Use PV and PVC backed volumes to store application charts
 (#1378)

PV and PVC for helmer container and add permission in provider-kubeconfig.py for PV and PVC.
---
 .../templates/kubeplus-components-6.yaml      | 34 ++++++++++++++++++-
 provider-kubeconfig.py                        | 13 +++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/deploy/kubeplus-chart/templates/kubeplus-components-6.yaml b/deploy/kubeplus-chart/templates/kubeplus-components-6.yaml
index f5537963..d536df6e 100644
--- a/deploy/kubeplus-chart/templates/kubeplus-components-6.yaml
+++ b/deploy/kubeplus-chart/templates/kubeplus-components-6.yaml
@@ -280,6 +280,37 @@ spec:
   selector:
     app: kubeplus
 ---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: kubeplus-pv  
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: "keep" 
+spec:
+  capacity:
+    storage: 1Gi  # Adjust the size as needed
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  hostPath:
+    path: /kubeplus  # This can be a path on the host system where charts will be stored.
+  volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: kubeplus-pvc  
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/resource-policy: "keep" 
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi  # Make sure this matches the PV size
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -387,7 +418,8 @@ spec:
         - name: shared-data
           emptyDir: {}
         - name: chart-volume
-          emptyDir: {}
+          persistentVolumeClaim:
+            claimName: kubeplus-pvc
         - name: webhook-certs
           secret:
             secretName: webhook-tls-certificates
diff --git a/provider-kubeconfig.py b/provider-kubeconfig.py
index 7903c17c..d41c7d29 100644
--- a/provider-kubeconfig.py
+++ b/provider-kubeconfig.py
@@ -460,6 +460,18 @@ def _apply_provider_rbac(self, sa, namespace, kubeconfig):
                 ruleGroup22["verbs"] = verbsGroup22
                 all_resources.extend(resourceGroup22)
 
+                # PersistentVolumes and PersistentVolumeClaims for charts storage in helmer container 
+                ruleGroup23 = {}
+                apiGroup23 = [""]
+                resourceGroup23 = ["persistentvolumes", "persistentvolumeclaims"]
+                verbsGroup23 = ["get", "watch", "list", "create", "delete", "update", "patch"]
+                ruleGroup23["apiGroups"] = apiGroup23
+                ruleGroup23["resources"] = resourceGroup23
+                ruleGroup23["verbs"] = verbsGroup23
+                all_resources.extend(resourceGroup23)
+
+                
+
                 ruleList = []
                 ruleList.append(ruleGroup1)
                 ruleList.append(ruleGroup2)
@@ -483,6 +495,7 @@ def _apply_provider_rbac(self, sa, namespace, kubeconfig):
                 ruleList.append(ruleGroup20)
                 ruleList.append(ruleGroup21)
                 ruleList.append(ruleGroup22)
+                ruleList.append(ruleGroup23)
 
                 role["rules"] = ruleList