[Experimental] OPA Mutation

[Experimental] OPA Mutation

KKP release 2.18 includes upgrading Gatekeeper to v3.5.2 to support K8s 1.22, and also introduces the new Experimental Mutation feature, which is not integrated with KKP(yet), but users can still use it on the user clusters.

How to activate Mutation on Gatekeeper The mutation is Disabled by default, but users can opt-in by setting the flag experimentalEnableMutation in the Cluster spec. By setting this flag experimentalEnableMutation to true, Kubermatic deploys Mutation Webhook on the user cluster.

apiVersion: kubermatic.k8c.io/v1
kind: Cluster
metadata:
  name: bpc9nstqvk
spec:
  humanReadableName: suspicious-mcnulty
  oidc: {}
  opaIntegration:
    enabled: true
    experimentalEnableMutation: true