Merge pull request jfrog#122 from amithins/mission-control-3.3.0

Update Mission Control to Version 3.3.0
k · Nov 19, 2018 · 8c2bbe7 · 8c2bbe7
2 parents ee39e80 + cde2212
commit 8c2bbe7
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 455 deletions.
diff --git a/stable/mission-control/CHANGELOG.md b/stable/mission-control/CHANGELOG.md
@@ -1,6 +1,10 @@
 # JFrog Mission-Control Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [0.7.0] - Nov 16, 2018
+* Updated Mission-Control version to 3.3.0
+* Remove usage of certificates for internal communication
+
 ## [0.6.0] - Oct 18, 2018
 * Updated Mission-Control version to 3.2.0
 * This chart version (0.6.0) cannot be used to deploy older versions of Mission Control (less than or equal to 3.1.2)

diff --git a/stable/mission-control/Chart.yaml b/stable/mission-control/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: mission-control
 description: A Helm chart for JFrog Mission Control
-version: 0.6.0
-appVersion: 3.2.0
+version: 0.7.0
+appVersion: 3.3.0
 home: https://jfrog.com/mission-control/
 icon: https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png
 keywords:

diff --git a/stable/mission-control/README.md b/stable/mission-control/README.md
@@ -25,184 +25,9 @@ Before installing JFrog helm charts, you need to add the [JFrog helm repository]
 helm repo add jfrog https://charts.jfrog.io
 ```
 
-## Create Secret with keys and certs for Mission-Control
-* Create file `generate_keys.sh` with following content:
+### Installing the Chart
 ```bash
-#!/bin/bash
-set -e
-
-usage() {
-    echo "Usage: $0 [store_password]"
-    exit 1
-}
-
-processCommandLine() {
-    if [[ "$1" =~ (help|-h|--help) ]]; then
-        usage
-    fi
-
-    # Set password if not passed
-    if [ -z "$1" ]; then
-        echo "No password passed. Generating a random one..."
-        storePassword=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 16)
-    else
-        storePassword=$1
-    fi
-}
-
-# Check if key generation tools are available
-checkTools() {
-    echo "Checking if required tools exist"
-    for tool in "keytool" "openssl"; do
-        echo "${tool}"
-        hash ${tool} 2>/dev/null
-    done
-}
-
-# Create the file system structure
-createCertsDir() {
-    tmpDir=./certs
-    jfmcSecurity=${tmpDir}/mission-control/etc/security
-    insightSecurity=${tmpDir}/insight-server/etc/security
-    echo "Generating certs in ${tmpDir}"
-    if [ -d ${tmpDir} ]; then
-        echo "Found existing ${tmpDir}. Backing it up to ${tmpDir}-${timeStamp}..."
-        mv ${tmpDir} ${tmpDir}-${timeStamp}
-    fi
-
-    mkdir -pv ${jfmcSecurity} ${insightSecurity}
-}
-
-genJfmcKeyStore() {
-    keytool -genkeypair -alias secure-jfmc -keyalg RSA \
-          -dname "CN=*,OU=JFMC,O=JFrog,L=Toulouse,S=France,C=fr" \
-          -keystore ${tmpDir}/jfmc-keystore.jks \
-          -storepass ${storePassword} \
-          -keypass ${storePassword}
-
-    keytool -exportcert -alias secure-jfmc \
-          -file ${tmpDir}/jfmc-public.cer \
-          -keystore ${tmpDir}/jfmc-keystore.jks \
-          -storepass ${storePassword}
-
-    keytool -importkeystore \
-          -srcalias secure-jfmc \
-          -srckeystore ${tmpDir}/jfmc-keystore.jks \
-          -destkeystore ${tmpDir}/jfmc-keystore.p12 \
-          -deststoretype PKCS12 \
-          -srckeypass ${storePassword} \
-          -srcstorepass ${storePassword} \
-          -deststorepass ${storePassword}
-
-    openssl pkcs12 -in ${tmpDir}/jfmc-keystore.p12 \
-                 -nokeys \
-                 -nodes \
-                 -out ${tmpDir}/jfmc.crt \
-                 -password pass:${storePassword} \
-                 -passin pass:${storePassword}
-}
-
-genInsightKeyStore() {
-    keytool -genkeypair -alias secure-insight -keyalg RSA \
-          -dname "CN=*,OU=Insight,O=JFrog,L=Bengaluru,S=Kan,C=in" \
-          -keystore ${tmpDir}/insight-keystore.jks \
-          -storepass ${storePassword} \
-          -keypass ${storePassword}
-
-    keytool -exportcert -alias secure-insight \
-          -file ${tmpDir}/insight-public.cer \
-          -keystore ${tmpDir}/insight-keystore.jks \
-          -storepass ${storePassword}
-
-    keytool -importkeystore \
-          -srcalias secure-insight \
-          -srckeystore ${tmpDir}/insight-keystore.jks \
-          -destkeystore ${tmpDir}/insight-keystore.p12 \
-          -deststoretype PKCS12 \
-          -noprompt \
-          -srckeypass ${storePassword} \
-          -srcstorepass ${storePassword} \
-          -deststorepass ${storePassword}
-
-
-    openssl pkcs12 -in ${tmpDir}/insight-keystore.p12 \
-                 -nocerts \
-                 -nodes \
-                 -out ${tmpDir}/insight.key \
-                 -password pass:${storePassword} \
-                 -passin pass:${storePassword}
-    openssl pkcs12 -in ${tmpDir}/insight-keystore.p12 \
-                 -nokeys \
-                 -nodes \
-                 -out ${tmpDir}/insight.crt \
-                 -password pass:${storePassword} \
-                 -passin pass:${storePassword}
-}
-
-importInTrustStore() {
-    keytool -importcert -keystore ${tmpDir}/jfmc-truststore.jks \
-          -alias insightcert \
-          -noprompt \
-          -file ${tmpDir}/insight-public.cer \
-          -storepass ${storePassword}
-
-    keytool -importcert -keystore ${tmpDir}/insight-truststore.jks \
-          -alias jfmccert \
-          -noprompt \
-          -file ${tmpDir}/jfmc-public.cer \
-          -storepass ${storePassword}
-}
-
-# Put the generated files in their intended structure
-arrangeFiles() {
-    echo "Moving certs to their final location"
-    mv -f ${tmpDir}/jfmc-truststore.jks ${jfmcSecurity}
-    mv -f ${tmpDir}/jfmc-keystore.jks ${jfmcSecurity}
-    mv -f ${tmpDir}/jfmc.crt ${insightSecurity}
-    mv -f ${tmpDir}/insight-truststore.jks ${insightSecurity}
-    mv -f ${tmpDir}/insight-keystore.jks ${insightSecurity}
-    mv -f ${tmpDir}/insight.key ${insightSecurity}
-    mv -f ${tmpDir}/insight.crt ${insightSecurity}
-    cat ${jfmcSecurity}/jfmc-truststore.jks | base64 > ${jfmcSecurity}/jfmc-truststore.jks-b64
-    cat ${jfmcSecurity}/jfmc-keystore.jks | base64 > ${jfmcSecurity}/jfmc-keystore.jks-b64
-    echo "${storePassword}" | base64 > ${jfmcSecurity}/jfmc-store-passwd-b64
-}
-
-summary() {
-    echo -e "\nAll keys and certificates are ready!"
-    echo -e "\n- Mission Control files"
-    find ${jfmcSecurity} -type f
-    echo -e "\n- Insight Server files"
-    find ${insightSecurity} -type f
-}
-
-############ Main ############
-
-echo -e "\nCreating keys and certificates for JFrog Mission Control"
-echo "========================================================"
-
-timeStamp=$(date +%Y%m%d-%H%M%S)
-
-processCommandLine $*
-checkTools
-createCertsDir
-genInsightKeyStore
-genJfmcKeyStore
-importInTrustStore
-arrangeFiles
-summary
-echo -e "========================================================\n"
-```
-* Run `./generate_keys.sh` to create certs and keys.
-
-* Create secret for certs and keys
-```bash
-kubectl create secret generic mission-control-certs --from-file=./certs/insight-server/etc/security/insight.key --from-file=./certs/insight-server/etc/security/insight.crt --from-file=./certs/insight-server/etc/security/jfmc.crt  --from-file=./certs/mission-control/etc/security/jfmc-truststore.jks-b64 --from-file=./certs/mission-control/etc/security/jfmc-keystore.jks-b64
-```
-
-### Installing the Chart with certificate secret
-```bash
-helm install --name mission-control --set existingCertsSecret=mission-control-certs jfrog/mission-control
+helm install --name mission-control jfrog/mission-control
 ```
 
 ## Set Mission Control base URL
@@ -213,7 +38,7 @@ helm install --name mission-control --set existingCertsSecret=mission-control-ce
 
 * Set mission-control by running helm upgrade command:
 ```
-helm upgrade --name mission-control --set existingCertsSecret=mission-control-certs --set missionControl.missionControlUrl=$MISSION_CONTROL_URL jfrog/mission-control
+helm upgrade --name mission-control --set missionControl.missionControlUrl=$MISSION_CONTROL_URL jfrog/mission-control
 ```
 
 ### Accessing Mission Control
@@ -267,7 +92,6 @@ The following table lists the configurable parameters of the distribution chart
 | `elasticsearch.env.clusterName`              | Elasticsearch Cluster Name                      | `es-cluster`                          |
 | `elasticsearch.env.esUsername`               | Elasticsearch User Name                         | `elastic`                             |
 | `elasticsearch.env.esPassword`               | Elasticsearch User Name                         | `changeme`                            |
-| `existingCertsSecret`                        | Mission Control certificate secret name         |                                       |
 | `missionControl.name`                        | Mission Control name                            | `mission-control`                     |
 | `missionControl.replicaCount`                | Mission Control replica count                   | `1`                                   |
 | `missionControl.image`                       | Container image                                 | `docker.jfrog.io/jfrog/mission-control`     |
@@ -292,8 +116,7 @@ The following table lists the configurable parameters of the distribution chart
 | `insightServer.service.type`                 | Insight Server service type                     | `ClusterIP`                           |
 | `insightServer.externalHttpPort`             | Insight Server service external port            | `8082`                                |
 | `insightServer.internalHttpPort`             | Insight Server service internal port            | `8082`                                |
-| `insightServer.externalHttpsPort`            | Insight Server service external port            | `8091`                                |
-| `insightServer.internalHttpsPort`            | Insight Server service internal port            | `8091`                                |
+| `insightServer.allowIP`                      | Range of IPs allowed to be served by Insight Server service  | `"0.0.0.0/0"`            |
 | `insightScheduler.name`                      | Insight Scheduler name                          | `insight-scheduler`                   |
 | `insightScheduler.replicaCount`              | Insight Scheduler replica count                 | `1`                                   |
 | `insightScheduler.image`                     | Container image                                 | `docker.jfrog.io/jfrog/insight-scheduler`  |