OPA deployment and documentation updates

deployment/deployment-opa.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: opa
-        image: openpolicyagent/opa:latest
+        image: openpolicyagent/opa:0.70.0
         ports:
         - name: http
           containerPort: 8181
@@ -33,4 +33,4 @@ spec:
       volumes:
       - name: opa-policy
         persistentVolumeClaim:
-            claimName: opa-policy
\ No newline at end of file
+            claimName: opa-policy

deployment/docker-compose.yaml

 version: '2'
 services:
   opa:
-    image: openpolicyagent/opa:latest
+    image: openpolicyagent/opa:0.70
     ports:
       - 8181:8181
     # WARNING: OPA is NOT running with an authorization policy configured. This

deployment/helm3/templates/deployment-opa.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
       - name: opa
-        image: openpolicyagent/opa:latest
+        image: openpolicyagent/opa:0.7.0
         ports:
         - name: http
           containerPort: 8181

deployment/policy-azure.yaml

@@ -84,7 +84,7 @@ spec:
     spec:
       containers:
       - name: policy-azure-opa
-        image: osdumvpinfycr6y28cr.azurecr.io/openpolicyagent/opa:latest
+        image: osdumvpinfycr6y28cr.azurecr.io/openpolicyagent/opa:0.70.0
         imagePullPolicy: Always
         ports:
         - containerPort: 8181

devops/azure/deprecated-charts/templates/deployment-opa.yaml

@@ -22,7 +22,7 @@ spec:
       {{- end }}
       containers:
       - name: opa
-        image: openpolicyagent/opa:latest
+        image: openpolicyagent/opa:0.70.0
         lifecycle:
           preStop:
             exec:

devops/gc/deploy/values.yaml

@@ -38,7 +38,7 @@ conf:
 opa:
   data:
     requestsMemory: 200Mi
-    image: docker.io/openpolicyagent/opa:latest-rootless
+    image: docker.io/openpolicyagent/opa:0.70.0
     serviceAccountName: opa
   conf:
     envConfig: opa-env-config

docs/docs/opa.md

@@ -14,13 +14,20 @@
 | M22       | v0.68.0 or later*                     |
 | M23       | v0.68.0 or later                      |
 | M24       | v0.68.0 or later                      |
-| M25       | v0.68.0 or later                      |
+| M25       | v0.70.0                               |
+|-----------|---------------------------------------|
+
+For M22 - OPA v0.67.1 has been reported to work well, but general recommendation will be to update this to v0.68.0
+
+!!! warning "OPA v1.0.x"
 
-M22 - OPA v0.67.1 has been reported to work well, but general recommendation will be to update this to v0.68.0
+     M25 and earlier releases of Policy Service are not compatible with OPA version 1.x syntax. Do not use v1.x.x release, `openpolicyagent/opa:latest` container tag or use the `-v1-compatible` flag on v0.x releases.
+
+     The [`--v0-compatible`](https://www.openpolicyagent.org/docs/latest/v0-compatibility/) or the `rego_version` attribute in their manifest might work, however these have not yet been fully tested with OSDU.  To support OPA v1 all default Policies (Rego) will have to be replaced/updated. To learn more about these planned changes to policies please see [upgrading OPA](https://www.openpolicyagent.org/docs/latest/v0-upgrade/).
 
 ## Role
-- Currently Policy Service is not compatible with OPA version 1.x syntax, so do not use the `-v1-compatible` flag.
-In M20, Policy Service now has the ability to update OPA for the purpose of adding additional data partitions.
+
+Since M20, Policy Service now has the ability to update OPA for the purpose of adding additional data partitions.
 To do this policy service requires the ability read and update the confimap of OPA.
 
 Policy Service should be provided a role similar to the following: