Merge pull request #53 from phenixblue/master

phenixblue · web-flow · commit 23a3b1bead6f · 2020-10-06T03:49:50.000-04:00
Prepare v2.2.0 release
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,4 +46,19 @@ This release adds new policies and enhances several CI workflow components.
 
 ### Misc Enhancements
 
-- Enhancements for Advanced install workflow with Kustomize
+- Enhancements for Advanced install workflow with Kustomize
+
+## 2.2.0
+
+This release focuses on some security enhancements.
+
+### Enhancements
+
+- Add securityContext and non-root user for pod/containers (#47)
+- Hardcode Gunicorn workers/threads to fix #48 (#49)
+- Add HPA resource for horizontal scaling (#50)
+- Add new framework for executing setup/teardown code between functional tests (#45)
+
+### Misc Notes
+
+- Changes OPA container listening port from `443` to `8443` since a non-root user can't bind to ports below 1000. The OPA container isn't exposed outside of localhost, so this shouldn't present any issues
diff --git a/Makefile b/Makefile
@@ -16,8 +16,8 @@
 # its contributors may be used to endorse or promote products derived from this
 # software without specific prior written permission.
 
-MAGTAPE_VERSION := v2.1.5
-OPA_VERSION := 0.19.2
+MAGTAPE_VERSION := v2.2.0
+OPA_VERSION := 0.23.2
 KUBE_MGMT_VERSION := 0.11
 
 REPO_ROOT := $(CURDIR)
diff --git a/deploy/install.yaml b/deploy/install.yaml
@@ -320,7 +320,7 @@ spec:
         runAsGroup: 1900
       initContainers:
         - name: magtape-init
-          image: tmobile/magtape-init:v2.1.5
+          image: tmobile/magtape-init:v2.2.0
           command: [/app/magtape-init.py]
           imagePullPolicy: Always
           securityContext:
@@ -344,7 +344,7 @@ spec:
             mountPath: /vwc
       containers:
       - name: magtape
-        image: tmobile/magtape:v2.1.5
+        image: tmobile/magtape:v2.2.0
         ports:
         - containerPort: 5000
         command: ["gunicorn", "magtape:app", "--config=config.py"]
@@ -388,7 +388,7 @@ spec:
           - name: magtape-tls
             mountPath: /tls
       - name: opa
-        image: openpolicyagent/opa:0.19.2
+        image: openpolicyagent/opa:0.23.2
         args:
           - "run"
           - "--server"
diff --git a/deploy/manifests/magtape-deploy.yaml b/deploy/manifests/magtape-deploy.yaml
@@ -21,7 +21,7 @@ spec:
         runAsGroup: 1900
       initContainers:
         - name: magtape-init
-          image: tmobile/magtape-init:v2.1.5
+          image: tmobile/magtape-init:v2.2.0
           command: [/app/magtape-init.py]
           imagePullPolicy: Always
           securityContext:
@@ -45,7 +45,7 @@ spec:
             mountPath: /vwc
       containers:
       - name: magtape
-        image: tmobile/magtape:v2.1.5
+        image: tmobile/magtape:v2.2.0
         ports:
         - containerPort: 5000
         command: ["gunicorn", "magtape:app", "--config=config.py"]
@@ -89,7 +89,7 @@ spec:
           - name: magtape-tls
             mountPath: /tls
       - name: opa
-        image: openpolicyagent/opa:0.19.2
+        image: openpolicyagent/opa:0.23.2
         args:
           - "run"
           - "--server"
