diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e963646..de709b6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,18 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
-## [0.4.1] - 2021-10-27
+### Changed
+- `operator-rs` `0.3.0` → `0.4.0` ([#119]).
+- Adapted pod image and container command to docker image ([#119]). 
+- BREAKING CRD: Fixed typos `Reporule` to `Regorule` ([#119]).
+- Adapted documentation to represent new workflow with docker images ([#119]).
+
+### Removed
+- BREAKING monitoring: container port `metrics` temporarily removed (cannot assign the same port to `client` and `metrics`). This will not work with the current monitoring approach ([#119]).
+
+[#119]: https://github.com/stackabletech/opa-operator/pull/119
 
+## [0.4.1] - 2021-10-27
 
 ### Added
 
diff --git a/Cargo.lock b/Cargo.lock
index 9f7833ca..2addef8b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -117,9 +117,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.0.71"
+version = "1.0.72"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79c2681d6594606957bbb8631c4b90a7fcaaa72cdb714743a437b156d6a7eedd"
+checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee"
 dependencies = [
  "jobserver",
 ]
@@ -760,9 +760,9 @@ dependencies = [
 
 [[package]]
 name = "kube"
-version = "0.63.1"
+version = "0.63.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c19c08adecde7d68052bfccf9f8ae663f680380e297f20249cef7943df66f54"
+checksum = "75e877325e5540a3041b519bd7ee27a858691f9f816cf533d652cbb33cbfea45"
 dependencies = [
  "k8s-openapi",
  "kube-client",
@@ -773,9 +773,9 @@ dependencies = [
 
 [[package]]
 name = "kube-client"
-version = "0.63.1"
+version = "0.63.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da7ca26f7b912055aec302c376de4f3e1c749d121fbed91088203848e3dbd978"
+checksum = "bb8e1a36f17c63e263ba0ffa2c0658de315c75decad983d83aaeafeda578cc78"
 dependencies = [
  "base64",
  "bytes",
@@ -812,9 +812,9 @@ dependencies = [
 
 [[package]]
 name = "kube-core"
-version = "0.63.1"
+version = "0.63.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56229a53d7ce86e3e31c4aaf18a957b6f68305126ebfb12523312b2c8a43f19c"
+checksum = "a91e572d244436fbc0d0b5a4829d96b9d623e08eb6b5d1e80418c1fab10b162a"
 dependencies = [
  "chrono",
  "form_urlencoded",
@@ -829,9 +829,9 @@ dependencies = [
 
 [[package]]
 name = "kube-derive"
-version = "0.63.1"
+version = "0.63.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45a9c6f93a170382c384eddf05ba165a96b38ecc63db8814d750db2ee349bd89"
+checksum = "2034f57f3db36978ef366f45f1e263e623d9a6a8fcc6a6b1ef8879a213e1d2c4"
 dependencies = [
  "darling",
  "proc-macro2",
@@ -842,9 +842,9 @@ dependencies = [
 
 [[package]]
 name = "kube-runtime"
-version = "0.63.1"
+version = "0.63.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a168bfeebab8913a0fca198c1f30d8d8c5f04d3eee1645aa5619a27a0a656c14"
+checksum = "6018cf8410f9d460be3a3ac35deef63b71c860c368016d7bf6871994343728b4"
 dependencies = [
  "dashmap",
  "derivative",
@@ -870,9 +870,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
 [[package]]
 name = "libc"
-version = "0.2.105"
+version = "0.2.107"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "869d572136620d55835903746bcb5cdc54cb2851fd0aeec53220b4bb65ef3013"
+checksum = "fbe5e23404da5b4f555ef85ebed98fb4083e55a00c317800bc2a50ede9f3d219"
 
 [[package]]
 name = "libgit2-sys"
@@ -1020,9 +1020,9 @@ checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56"
 
 [[package]]
 name = "openssl"
-version = "0.10.36"
+version = "0.10.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d9facdb76fec0b73c406f125d44d86fdad818d66fef0531eec9233ca425ff4a"
+checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95"
 dependencies = [
  "bitflags",
  "cfg-if",
@@ -1040,9 +1040,9 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.67"
+version = "0.9.70"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69df2d8dfc6ce3aaf44b40dec6f487d5a886516cf6879c49e98e0710f310a058"
+checksum = "c6517987b3f8226b5da3661dad65ff7f300cc59fb5ea8333ca191fc65fde3edf"
 dependencies = [
  "autocfg",
  "cc",
@@ -1164,8 +1164,8 @@ dependencies = [
 
 [[package]]
 name = "product-config"
-version = "0.2.0-nightly"
-source = "git+https://github.com/stackabletech/product-config.git?branch=main#97734dfa78c5e96922b2fc99bbd0cf2a1b7ac89d"
+version = "0.2.0"
+source = "git+https://github.com/stackabletech/product-config.git?tag=0.2.0#e32e33d9094e09b1af29045e05a4ab17c511cedb"
 dependencies = [
  "java-properties",
  "regex",
@@ -1477,9 +1477,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.68"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f690853975602e1bfe1ccbf50504d67174e3bcf340f23b5ea9992e0587a52d8"
+checksum = "e466864e431129c7e0d3476b92f20458e5879919a0596c6472738d9fa2d342f8"
 dependencies = [
  "indexmap",
  "itoa",
@@ -1620,8 +1620,8 @@ dependencies = [
 
 [[package]]
 name = "stackable-operator"
-version = "0.3.0"
-source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.3.0#a0a1d10260f7921d436a0cd7ba6ce957368e42fb"
+version = "0.4.0"
+source = "git+https://github.com/stackabletech/operator-rs.git?tag=0.4.0#50c3ee9564b1d3eb9d6e43c5e87c2102afbacc27"
 dependencies = [
  "async-trait",
  "backoff",
@@ -1757,9 +1757,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec"
-version = "1.5.0"
+version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f83b2a3d4d9091d0abd7eba4dc2710b1718583bd4d8992e2190720ea38f391f7"
+checksum = "2c1c1d5a42b6245520c249549ec267180beaffcc0615401ac8e31853d4b6d8d2"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -1799,9 +1799,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-macros"
-version = "1.5.0"
+version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2dd85aeaba7b68df939bd357c6afb36c87951be9e80bf9c859f2fc3e9fca0fd"
+checksum = "114383b041aa6212c579467afa0075fbbdd0718de036100bc0ba7961d8cb9095"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1831,9 +1831,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-util"
-version = "0.6.8"
+version = "0.6.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d3725d3efa29485e87311c5b699de63cde14b00ed4d256b8318aa30ca452cd"
+checksum = "9e99e1983e5d376cd8eb4b66604d2e99e79f5bd988c3055891dcd8c9e2604cc0"
 dependencies = [
  "bytes",
  "futures-core",
diff --git a/README.adoc b/README.adoc
index 89b81466..ef8a1742 100644
--- a/README.adoc
+++ b/README.adoc
@@ -2,6 +2,4 @@
 
 This is a Kubernetes Operator to manage OPA servers.
 
-It is written by https://www.stackable.de[Stackable] in Rust, and it is supposed to be used with the https://github.com/stackabletech/agent[Stackable Agent] instead of the Kubernetes kubelet.
-
 The docs can be found in the `docs` subdirectory, and they are published together with docs for all other Stackable products at https://docs.stackable.tech.
diff --git a/deploy/crd/openpolicyagent.crd.yaml b/deploy/crd/openpolicyagent.crd.yaml
index 2771eb1d..d864ec6d 100644
--- a/deploy/crd/openpolicyagent.crd.yaml
+++ b/deploy/crd/openpolicyagent.crd.yaml
@@ -37,10 +37,10 @@ spec:
                           minimum: 0.0
                           nullable: true
                           type: integer
-                        repoRuleReference:
+                        regoRuleReference:
                           type: string
                       required:
-                        - repoRuleReference
+                        - regoRuleReference
                       type: object
                     configOverrides:
                       additionalProperties:
@@ -70,10 +70,10 @@ spec:
                                 minimum: 0.0
                                 nullable: true
                                 type: integer
-                              repoRuleReference:
+                              regoRuleReference:
                                 type: string
                             required:
-                              - repoRuleReference
+                              - regoRuleReference
                             type: object
                           configOverrides:
                             additionalProperties:
diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc
index 2e7f60dd..18eb4b4d 100644
--- a/docs/modules/ROOT/pages/index.adoc
+++ b/docs/modules/ROOT/pages/index.adoc
@@ -2,4 +2,9 @@
 
 This is an operator for Kubernetes that can manage https://www.openpolicyagent.org/[OpenPolicyAgent] servers.
 
-WARNING: This operator does _not_ work with containers/container images. It relies on the https://github.com/stackabletech/agent/[Stackable Agent] to run on "bare metal" via systemd.
+WARNING: This operator only works with images from the https://repo.stackable.tech/#browse/browse:docker:v2%2Fstackable%2Fopa[Stackable] repository
+
+[source]
+----
+docker pull docker.stackable.tech/stackable/opa:<version>
+----
diff --git a/docs/modules/ROOT/pages/usage.adoc b/docs/modules/ROOT/pages/usage.adoc
index 4d0fd3d7..e3e89ed5 100644
--- a/docs/modules/ROOT/pages/usage.adoc
+++ b/docs/modules/ROOT/pages/usage.adoc
@@ -19,10 +19,10 @@ To create a single node OPA (v0.27.1) cluster with Prometheus metrics exposed on
           default:
             selector:
               matchLabels:
-                kubernetes.io/arch: stackable-linux
+                kubernetes.io/os: linux
             replicas: 1
             config:
               port: 8181
-              repoRuleReference: "http://mdesktop:3030/opa/v1"
+              regoRuleReference: "http://localhost:3030/opa/v1"
     EOF
 
diff --git a/examples/simple-opacluster.yaml b/examples/simple-opacluster.yaml
index e523c7c5..92b6ed7f 100644
--- a/examples/simple-opacluster.yaml
+++ b/examples/simple-opacluster.yaml
@@ -9,7 +9,7 @@ spec:
       default:
         selector:
           matchLabels:
-            kubernetes.io/arch: stackable-linux
+            kubernetes.io/os: linux
         config:
           port: 8181
-          repoRuleReference: "http://mdesktop:3030/opa/v1"
+          regoRuleReference: "http://10.101.106.208:3030/opa/v1"
diff --git a/rust/crd/Cargo.toml b/rust/crd/Cargo.toml
index 7ad5378b..58de5dc5 100644
--- a/rust/crd/Cargo.toml
+++ b/rust/crd/Cargo.toml
@@ -8,7 +8,7 @@ repository = "https://github.com/stackabletech/opa-operator"
 version = "0.5.0-nightly"
 
 [dependencies]
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.3.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.4.0" }
 
 rand = "0.8"
 semver = "1.0"
diff --git a/rust/crd/src/discovery.rs b/rust/crd/src/discovery.rs
index c1e9c671..e4177560 100644
--- a/rust/crd/src/discovery.rs
+++ b/rust/crd/src/discovery.rs
@@ -369,7 +369,6 @@ mod tests {
     use indoc::indoc;
     use rstest::rstest;
     use stackable_operator::k8s_openapi::api::core::v1::Pod;
-    use std::ops::Deref;
 
     #[test]
     fn test_clean_url() {
@@ -394,7 +393,7 @@ mod tests {
                   kubernetes.io/hostname: debian
               replicas: 1
               config:
-                repoRuleReference: http://debian:3030/opa/v1
+                regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -426,7 +425,7 @@ mod tests {
               replicas: 1
               config:
                 port: 12345
-                repoRuleReference: http://debian:3030/opa/v1
+                regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -458,7 +457,7 @@ mod tests {
               replicas: 1
               config:
                 port: 12345
-                repoRuleReference: http://debian:3030/opa/v1
+                regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -511,7 +510,7 @@ mod tests {
                   kubernetes.io/hostname: debian
               replicas: 1
               config:
-                repoRuleReference: http://debian:3030/opa/v1
+                regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -573,7 +572,7 @@ mod tests {
         )
         .expect("should not fail");
 
-        for res in expected_result.deref() {
+        for res in expected_result {
             assert!(conn_string.contains(res));
         }
     }
@@ -590,7 +589,7 @@ mod tests {
                   kubernetes.io/hostname: debian
               replicas: 1
               config:
-                 repoRuleReference: http://debian:3030/opa/v1
+                 regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -621,7 +620,7 @@ mod tests {
                   kubernetes.io/hostname: debian
               replicas: 1
               config:
-                 repoRuleReference: http://debian:3030/opa/v1
+                 regoRuleReference: http://debian:3030/opa/v1
       "},
     indoc! {"
         - apiVersion: v1
@@ -676,7 +675,7 @@ mod tests {
                   kubernetes.io/hostname: debian
               replicas: 1
               config:
-                 repoRuleReference: http://debian:3030/opa/v1
+                 regoRuleReference: http://debian:3030/opa/v1
       "},
     8181
     )]
@@ -692,7 +691,7 @@ mod tests {
               replicas: 1
               config:
                  port: 12345
-                 repoRuleReference: http://debian:3030/opa/v1
+                 regoRuleReference: http://debian:3030/opa/v1
       "},
     12345
     )]
diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs
index 9d5de737..4c676053 100644
--- a/rust/crd/src/lib.rs
+++ b/rust/crd/src/lib.rs
@@ -23,7 +23,7 @@ pub const APP_NAME: &str = "opa";
 pub const MANAGED_BY: &str = "opa-operator";
 
 pub const CONFIG_FILE: &str = "config.yaml";
-pub const REPO_RULE_REFERENCE: &str = "repoRuleReference";
+pub const REGO_RULE_REFERENCE: &str = "repoRuleReference";
 pub const PORT: &str = "port";
 
 #[derive(Clone, CustomResource, Debug, Deserialize, JsonSchema, Serialize)]
@@ -140,7 +140,7 @@ impl Conditions for OpaStatus {
 #[serde(rename_all = "camelCase")]
 pub struct OpaConfig {
     pub port: Option<u16>,
-    pub repo_rule_reference: String,
+    pub rego_rule_reference: String,
 }
 
 impl Configuration for OpaConfig {
@@ -174,8 +174,8 @@ impl Configuration for OpaConfig {
 
         if file == CONFIG_FILE {
             config.insert(
-                REPO_RULE_REFERENCE.to_string(),
-                Some(self.repo_rule_reference.clone()),
+                REGO_RULE_REFERENCE.to_string(),
+                Some(self.rego_rule_reference.clone()),
             );
         } else {
             error!(
diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml
index ad14eaa7..d18a5973 100644
--- a/rust/operator-binary/Cargo.toml
+++ b/rust/operator-binary/Cargo.toml
@@ -9,7 +9,7 @@ repository = "https://github.com/stackabletech/opa-operator"
 version = "0.5.0-nightly"
 
 [dependencies]
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.3.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.4.0" }
 stackable-opa-crd = { path = "../crd" }
 stackable-opa-operator = { path = "../operator" }
 
@@ -20,7 +20,7 @@ tracing = "0.1"
 
 [build-dependencies]
 built = { version =  "0.5", features = ["chrono", "git2"] }
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.3.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.4.0" }
 stackable-opa-crd = { path = "../crd" }
 
 [package.metadata.deb]
diff --git a/rust/operator/Cargo.toml b/rust/operator/Cargo.toml
index c0fa75ee..5e9fa2b6 100644
--- a/rust/operator/Cargo.toml
+++ b/rust/operator/Cargo.toml
@@ -9,7 +9,7 @@ version = "0.5.0-nightly"
 
 [dependencies]
 stackable-opa-crd = { path = "../crd" }
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.3.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "0.4.0" }
 
 async-trait = "0.1"
 futures = "0.3"
diff --git a/rust/operator/src/lib.rs b/rust/operator/src/lib.rs
index acc231eb..c0a5686c 100644
--- a/rust/operator/src/lib.rs
+++ b/rust/operator/src/lib.rs
@@ -4,11 +4,9 @@ use crate::error::Error;
 use async_trait::async_trait;
 use futures::Future;
 use stackable_opa_crd::{
-    OpaRole, OpenPolicyAgent, APP_NAME, CONFIG_FILE, PORT, REPO_RULE_REFERENCE,
-};
-use stackable_operator::builder::{
-    ContainerBuilder, ContainerPortBuilder, ObjectMetaBuilder, PodBuilder,
+    OpaRole, OpenPolicyAgent, APP_NAME, CONFIG_FILE, PORT, REGO_RULE_REFERENCE,
 };
+use stackable_operator::builder::{ContainerBuilder, ObjectMetaBuilder, PodBuilder, VolumeBuilder};
 use stackable_operator::client::Client;
 use stackable_operator::controller::{Controller, ControllerStrategy, ReconciliationState};
 use stackable_operator::error::OperatorResult;
@@ -48,6 +46,10 @@ use std::time::Duration;
 use strum::IntoEnumIterator;
 use tracing::{debug, info, trace, warn};
 
+/// The docker image we default to. This needs to be adapted if the operator does not work
+/// with images 0.0.1, 0.1.0 etc. anymore and requires e.g. a new major version like 1(.0.0).
+const DEFAULT_IMAGE_VERSION: &str = "0";
+
 const FINALIZER_NAME: &str = "opa.stackable.tech/cleanup";
 const SHOULD_BE_SCRAPED: &str = "monitoring.stackable.tech/should_be_scraped";
 const CONFIG_MAP_TYPE_CONFIG: &str = "config";
@@ -256,7 +258,7 @@ impl OpaState {
             )?;
 
             let mut cm_config_data = BTreeMap::new();
-            if let Some(repo_reference) = config.get(REPO_RULE_REFERENCE) {
+            if let Some(repo_reference) = config.get(REGO_RULE_REFERENCE) {
                 cm_config_data.insert(CONFIG_FILE.to_string(), build_config_file(repo_reference));
             }
 
@@ -333,17 +335,20 @@ impl OpaState {
 
         let mut container_builder = ContainerBuilder::new(pod_id.app());
         container_builder.image(format!(
-            "{}:{}",
-            pod_id.app(),
-            &self.context.resource.spec.version.to_string()
+            "docker.stackable.tech/stackable/opa:{}-stackable{}",
+            self.context.resource.spec.version.to_string(),
+            DEFAULT_IMAGE_VERSION
         ));
         container_builder.command(start_command);
         container_builder.add_env_vars(env_vars);
 
+        let mut pod_builder = PodBuilder::new();
+
         // Add one mount for the config directory
         if let Some(config_map_data) = config_maps.get(CONFIG_MAP_TYPE_CONFIG) {
             if let Some(name) = config_map_data.metadata.name.as_ref() {
-                container_builder.add_configmapvolume(name, "conf".to_string());
+                container_builder.add_volume_mount("config", "/stackable/conf");
+                pod_builder.add_volume(VolumeBuilder::new("config").with_config_map(name).build());
             } else {
                 return Err(error::Error::MissingConfigMapNameError {
                     cm_type: CONFIG_MAP_TYPE_CONFIG,
@@ -358,21 +363,16 @@ impl OpaState {
 
         let mut annotations = BTreeMap::new();
         // only add metrics container port and annotation if available
-        if let Some(metrics_port) = port {
+        if let Some(port) = port {
             annotations.insert(SHOULD_BE_SCRAPED.to_string(), "true".to_string());
-            let parsed_port = metrics_port.parse()?;
-            // with OPA, there is only one port available
-            // we expose that port twice: once for metrics and once for the clients
-            container_builder.add_container_port(
-                ContainerPortBuilder::new(parsed_port)
-                    .name("metrics")
-                    .build(),
-            );
-            container_builder.add_container_port(
-                ContainerPortBuilder::new(parsed_port)
-                    .name("client")
-                    .build(),
-            );
+            let parsed_port = port.parse()?;
+            // with OPA the client and metrics port are shared
+            // TODO: we need to expose that port twice:
+            //  once for metrics and once for the clients
+            //  This is now allowed so we deactivate the metrics port for now because
+            //  we require the client port for discovery
+            //container_builder.add_container_port("metrics", parsed_port);
+            container_builder.add_container_port("client", parsed_port);
         }
 
         let mut pod_labels = get_recommended_labels(
@@ -384,7 +384,7 @@ impl OpaState {
         );
         pod_labels.insert(ID_LABEL.to_string(), pod_id.id().to_string());
 
-        let pod = PodBuilder::new()
+        let pod = pod_builder
             .metadata(
                 ObjectMetaBuilder::new()
                     .generate_name(pod_name)
@@ -394,9 +394,10 @@ impl OpaState {
                     .ownerreference_from_resource(&self.context.resource, Some(true), Some(true))?
                     .build()?,
             )
-            .add_stackable_agent_tolerations()
             .add_container(container_builder.build())
             .node_name(node_id.name.as_str())
+            // TODO: first iteration we are using host network
+            .host_network(true)
             .build()?;
 
         Ok(self.context.client.create(&pod).await?)
@@ -559,7 +560,7 @@ pub async fn create_controller(client: Client, product_config_path: &str) -> Ope
     Ok(())
 }
 
-fn build_config_file(repo_rule_reference: &str) -> String {
+fn build_config_file(rego_rule_reference: &str) -> String {
     format!(
         "
 services:
@@ -574,23 +575,21 @@ bundles:
     polling:
       min_delay_seconds: 10
       max_delay_seconds: 20",
-        repo_rule_reference
+        rego_rule_reference
     )
 }
 
 fn build_opa_start_command(port: Option<&String>) -> Vec<String> {
-    let mut command = vec![String::from("./opa run")];
-
-    // --server
+    let mut command = vec!["/stackable/opa/opa".to_string(), "run".to_string()];
     command.push("-s".to_string());
 
     if let Some(port) = port {
-        // --addr
-        command.push(format!("-a 0.0.0.0:{}", port))
+        command.push("-a".to_string());
+        command.push(format!("0.0.0.0:{}", port))
     }
 
-    // --config-file
-    command.push("-c {{configroot}}/conf/config.yaml".to_string());
+    command.push("-c".to_string());
+    command.push("/stackable/conf/config.yaml".to_string());
 
     command
 }