Description
we were on OPA 0.68.0 earlier and now planning to upgrade to 1.2.0. We have made changes to rego so that it is compatible with v1 version of rego. OPA pods came up fine. But noticed that any other operation on cluster is not happening after OPA was upgraded like deletion of pods, deletion of helm chart etc.,
we are seeing below errors in the events
9s Warning FailedCreate replicaset/urm-6556468b66 Error creating: Internal error occurred: failed calling webhook "captureagent.openpolicyagent.org": failed to call webhook: converting (v1.AdmissionReview) to (v1beta1.AdmissionReview): unknown conversion
Can OPA provide some solution to address this webhook conversion error.
Mutatingwebhook that we have:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
caBundle: <cert>
service:
name: opa
namespace: fed-opa
path: /v0/data/captureagent/main
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: captureagent.openpolicyagent.org
namespaceSelector:
matchLabels:
capture-agent: enabled
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
scope: '*'
sideEffects: None
timeoutSeconds: 10