From 42c9c505976f1ad7127ae6c7bc88b8f9c86dab8a Mon Sep 17 00:00:00 2001
From: Oyku Yilmaz <oyku.yilmaz@tum.de>
Date: Thu, 3 Dec 2020 14:54:36 +0100
Subject: [PATCH 1/4] fix for docker image pull rate limit during kubernetes
 setup

---
 inventory/cluster/group_vars/k8s-cluster.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inventory/cluster/group_vars/k8s-cluster.yml b/inventory/cluster/group_vars/k8s-cluster.yml
index 19fbc27..a95b350 100644
--- a/inventory/cluster/group_vars/k8s-cluster.yml
+++ b/inventory/cluster/group_vars/k8s-cluster.yml
@@ -409,3 +409,5 @@ kubeadm_enabled: true
 # The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
 #kube_read_only_port: 10255
 
+download_run_once: True
+download_localhost: True

From 949cd6eeceb23a146a9e2d725adfec404d35a1a8 Mon Sep 17 00:00:00 2001
From: Oyku Yilmaz <oyku.yilmaz@tum.de>
Date: Thu, 3 Dec 2020 15:37:30 +0100
Subject: [PATCH 2/4] k8s image pull secret in fabric deployments

---
 .../templates/fabric_template_pod_ca.yaml.j2           |  4 ++++
 .../templates/fabric_template_pod_cli.yaml.j2          |  4 ++++
 .../templates/fabric_template_pod_orderer.yaml.j2      |  5 ++++-
 .../fabric_template_pod_orderer_kafka.yaml.j2          | 10 ++++++++--
 .../templates/fabric_template_pod_peer.yaml.j2         |  4 ++++
 inventory/blockchain/group_vars/blockchain-setup.yaml  |  4 ++++
 6 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
index 2f8842b..2183a5a 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
@@ -46,6 +46,10 @@ spec:
        - name: certificate
          persistentVolumeClaim:
              claimName: $pvName 
+{% if k8s_image_pull_secret.use == true %}
+     imagePullSecrets:
+       - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
 
 --- 
 apiVersion: v1
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
index 2db49da..42f5747 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
@@ -122,5 +122,9 @@ spec:
         - name: crypto-config
           persistentVolumeClaim:
               claimName: $cryptoName
+{% if k8s_image_pull_secret.use == true %}
+      imagePullSecrets:
+        - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
 
 ---
\ No newline at end of file
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
index 23da269..3e824a8 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
@@ -62,7 +62,10 @@ spec:
        - name: orderer-crypto-pv
          persistentVolumeClaim:
              claimName: $pvName
-
+{% if k8s_image_pull_secret.use == true %}
+      imagePullSecrets:
+        - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
 
 ---
 apiVersion: v1
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
index 53ee8c4..d5f9a1b 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
@@ -44,7 +44,10 @@ spec:
           - containerPort: 2181
           - containerPort: 2888
           - containerPort: 3888
-
+{% if k8s_image_pull_secret.use == true %}
+      imagePullSecrets:
+        - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
 
 ---
 apiVersion: v1
@@ -137,7 +140,10 @@ spec:
           value: "{{ fabric_num_kafka|int }}"
         ports:
          - containerPort: 9092
-
+{% if k8s_image_pull_secret.use == true %}
+      imagePullSecrets:
+        - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
 
 ---
 apiVersion: v1
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
index 0d58402..6083f98 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
@@ -125,6 +125,10 @@ spec:
              claimName: $pvName
        - name: dind-graph-storage
          emptyDir: {}
+{% if k8s_image_pull_secret.use == true %}
+      imagePullSecrets:
+        - name: {{ k8s_image_pull_secret.name }}
+{% endif %}
        
 
 ---
diff --git a/inventory/blockchain/group_vars/blockchain-setup.yaml b/inventory/blockchain/group_vars/blockchain-setup.yaml
index 863e48e..c61c095 100644
--- a/inventory/blockchain/group_vars/blockchain-setup.yaml
+++ b/inventory/blockchain/group_vars/blockchain-setup.yaml
@@ -100,3 +100,7 @@ nfs_server_mount_dir: "/opt/share"
 
 # kubernetes kubectl command
 k8s_kubectl_cmd: "{{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/kubectl --kubeconfig={{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/admin.conf"
+
+k8s_image_pull_secret:
+  use: false #Set to true to use image pull secret in fabric deployments
+  name: "regcred"
\ No newline at end of file

From 19e1e4e7f30f9a286eb449f6de56a455283a7d9f Mon Sep 17 00:00:00 2001
From: Oyku Yilmaz <oyku.yilmaz@tum.de>
Date: Thu, 3 Dec 2020 23:09:19 +0100
Subject: [PATCH 3/4] includes kubespray image download mods

---
 hyperledger/roles/network_config/defaults/main.yaml       | 3 +++
 .../templates/fabric_template_pod_ca.yaml.j2              | 4 ++--
 .../templates/fabric_template_pod_cli.yaml.j2             | 4 ++--
 .../templates/fabric_template_pod_orderer.yaml.j2         | 4 ++--
 .../templates/fabric_template_pod_orderer_kafka.yaml.j2   | 8 ++++----
 .../templates/fabric_template_pod_peer.yaml.j2            | 4 ++--
 inventory/blockchain/group_vars/blockchain-setup.yaml     | 5 ++---
 inventory/cluster/group_vars/k8s-cluster.yml              | 7 ++++++-
 8 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/hyperledger/roles/network_config/defaults/main.yaml b/hyperledger/roles/network_config/defaults/main.yaml
index 1191341..92ed5f1 100644
--- a/hyperledger/roles/network_config/defaults/main.yaml
+++ b/hyperledger/roles/network_config/defaults/main.yaml
@@ -65,3 +65,6 @@ nfs_server_mount_dir: "/opt/share"
 # kubernetes kubectl command
 k8s_kubectl_cmd: ""
 
+# kubernetes image pull secret
+k8s_image_pull_secret: ""
+
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
index 2183a5a..84861dc 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_ca.yaml.j2
@@ -46,9 +46,9 @@ spec:
        - name: certificate
          persistentVolumeClaim:
              claimName: $pvName 
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
      imagePullSecrets:
-       - name: {{ k8s_image_pull_secret.name }}
+       - name: {{ k8s_image_pull_secret }}
 {% endif %}
 
 --- 
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
index 42f5747..8e2e366 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_cli.yaml.j2
@@ -122,9 +122,9 @@ spec:
         - name: crypto-config
           persistentVolumeClaim:
               claimName: $cryptoName
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
       imagePullSecrets:
-        - name: {{ k8s_image_pull_secret.name }}
+        - name: {{ k8s_image_pull_secret }}
 {% endif %}
 
 ---
\ No newline at end of file
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
index 3e824a8..f2c2bea 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer.yaml.j2
@@ -62,9 +62,9 @@ spec:
        - name: orderer-crypto-pv
          persistentVolumeClaim:
              claimName: $pvName
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
       imagePullSecrets:
-        - name: {{ k8s_image_pull_secret.name }}
+       - name: {{ k8s_image_pull_secret }}
 {% endif %}
 
 ---
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
index d5f9a1b..cdeeb6d 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_orderer_kafka.yaml.j2
@@ -44,9 +44,9 @@ spec:
           - containerPort: 2181
           - containerPort: 2888
           - containerPort: 3888
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
       imagePullSecrets:
-        - name: {{ k8s_image_pull_secret.name }}
+        - name: {{ k8s_image_pull_secret }}
 {% endif %}
 
 ---
@@ -140,9 +140,9 @@ spec:
           value: "{{ fabric_num_kafka|int }}"
         ports:
          - containerPort: 9092
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
       imagePullSecrets:
-        - name: {{ k8s_image_pull_secret.name }}
+        - name: {{ k8s_image_pull_secret }}
 {% endif %}
 
 ---
diff --git a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2 b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
index 6083f98..eb9955a 100644
--- a/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
+++ b/hyperledger/roles/network_config/templates/fabric_template_pod_peer.yaml.j2
@@ -125,9 +125,9 @@ spec:
              claimName: $pvName
        - name: dind-graph-storage
          emptyDir: {}
-{% if k8s_image_pull_secret.use == true %}
+{% if k8s_image_pull_secret|length %}
       imagePullSecrets:
-        - name: {{ k8s_image_pull_secret.name }}
+       - name: {{ k8s_image_pull_secret }}
 {% endif %}
        
 
diff --git a/inventory/blockchain/group_vars/blockchain-setup.yaml b/inventory/blockchain/group_vars/blockchain-setup.yaml
index c61c095..f1489d1 100644
--- a/inventory/blockchain/group_vars/blockchain-setup.yaml
+++ b/inventory/blockchain/group_vars/blockchain-setup.yaml
@@ -101,6 +101,5 @@ nfs_server_mount_dir: "/opt/share"
 # kubernetes kubectl command
 k8s_kubectl_cmd: "{{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/kubectl --kubeconfig={{ lookup('env', 'INVENTORY_DIR_PATH') }}/cluster/artifacts/admin.conf"
 
-k8s_image_pull_secret:
-  use: false #Set to true to use image pull secret in fabric deployments
-  name: "regcred"
\ No newline at end of file
+# kubernetes image pull secret
+k8s_image_pull_secret: ""
diff --git a/inventory/cluster/group_vars/k8s-cluster.yml b/inventory/cluster/group_vars/k8s-cluster.yml
index a95b350..9685c87 100644
--- a/inventory/cluster/group_vars/k8s-cluster.yml
+++ b/inventory/cluster/group_vars/k8s-cluster.yml
@@ -409,5 +409,10 @@ kubeadm_enabled: true
 # The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
 #kube_read_only_port: 10255
 
+# Setting download_run_once: True will make kubespray download container images and binaries only once and then push 
+# them to the cluster nodes. The default download delegate node is the first kube-master.
+# Set download_localhost: True to make localhost the download delegate. This can be useful if cluster nodes cannot 
+# access external addresses. To use this requires that docker is installed and running on the ansible master and that 
+# the current user is either in the docker group or can do passwordless sudo, to be able to access docker.
 download_run_once: True
-download_localhost: True
+download_localhost: False

From 257a9e650e20fe917987134faf7285cb611cbc38 Mon Sep 17 00:00:00 2001
From: Oyku Yilmaz <oyku.yilmaz@tum.de>
Date: Fri, 4 Dec 2020 09:23:47 +0100
Subject: [PATCH 4/4] delegate localhost for downloading images

---
 inventory/cluster/group_vars/k8s-cluster.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/cluster/group_vars/k8s-cluster.yml b/inventory/cluster/group_vars/k8s-cluster.yml
index 9685c87..b1fad45 100644
--- a/inventory/cluster/group_vars/k8s-cluster.yml
+++ b/inventory/cluster/group_vars/k8s-cluster.yml
@@ -415,4 +415,4 @@ kubeadm_enabled: true
 # access external addresses. To use this requires that docker is installed and running on the ansible master and that 
 # the current user is either in the docker group or can do passwordless sudo, to be able to access docker.
 download_run_once: True
-download_localhost: False
+download_localhost: True