diff --git a/hyperledger/roles/network_config/defaults/main.yaml b/hyperledger/roles/network_config/defaults/main.yaml index 1191341..92ed5f1 100644 --- a/hyperledger/roles/network_config/defaults/main.yaml +++ b/hyperledger/roles/network_config/defaults/main.yaml @@ -65,3 +65,6 @@ nfs_server_mount_dir: "/opt/share" # kubernetes kubectl command k8s_kubectl_cmd: "" +# kubernetes image pull secret +k8s_image_pull_secret: "" + diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 index 2f8842b..84861dc 100644 --- a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 +++ b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 @@ -46,6 +46,10 @@ spec: - name: certificate persistentVolumeClaim: claimName: $pvName +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- apiVersion: v1 diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 index 2db49da..8e2e366 100644 --- a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 +++ b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 @@ -122,5 +122,9 @@ spec: - name: crypto-config persistentVolumeClaim: claimName: $cryptoName +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- \ No newline at end of file diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 index 23da269..f2c2bea 100644 --- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 +++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 @@ -62,7 +62,10 @@ spec: - name: orderer-crypto-pv persistentVolumeClaim: claimName: $pvName - +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- apiVersion: v1 diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 index 53ee8c4..cdeeb6d 100644 --- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 +++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 @@ -44,7 +44,10 @@ spec: - containerPort: 2181 - containerPort: 2888 - containerPort: 3888 - +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- apiVersion: v1 @@ -137,7 +140,10 @@ spec: value: "{{ fabric_num_kafka|int }}" ports: - containerPort: 9092 - +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- apiVersion: v1 diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 index 0d58402..eb9955a 100644 --- a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 +++ b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 @@ -125,6 +125,10 @@ spec: claimName: $pvName - name: dind-graph-storage emptyDir: {} +{% if k8s_image_pull_secret|length %} + imagePullSecrets: + - name: {{ k8s_image_pull_secret }} +{% endif %} --- diff --git a/inventory/blockchain/group_vars/blockchain-setup.yaml b/inventory/blockchain/group_vars/blockchain-setup.yaml index 863e48e..f1489d1 100644 --- a/inventory/blockchain/group_vars/blockchain-setup.yaml +++ b/inventory/blockchain/group_vars/blockchain-setup.yaml @@ -100,3 +100,6 @@ nfs_server_mount_dir: "/opt/share" # kubernetes kubectl command k8s_kubectl_cmd: "{{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/kubectl --kubeconfig={{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/admin.conf" + +# kubernetes image pull secret +k8s_image_pull_secret: "" diff --git a/inventory/cluster/group_vars/k8s-cluster.yml b/inventory/cluster/group_vars/k8s-cluster.yml index 19fbc27..b1fad45 100644 --- a/inventory/cluster/group_vars/k8s-cluster.yml +++ b/inventory/cluster/group_vars/k8s-cluster.yml @@ -409,3 +409,10 @@ kubeadm_enabled: true # The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable. #kube_read_only_port: 10255 +# Setting download_run_once: True will make kubespray download container images and binaries only once and then push +# them to the cluster nodes. The default download delegate node is the first kube-master. +# Set download_localhost: True to make localhost the download delegate. This can be useful if cluster nodes cannot +# access external addresses. To use this requires that docker is installed and running on the ansible master and that +# the current user is either in the docker group or can do passwordless sudo, to be able to access docker. +download_run_once: True +download_localhost: True