Has anyone had any luck using mutating admission controllers Flyte #ask-the-community

Has anyone had any luck using mutating admission c...

Olivier Sevin

10/03/2023, 2:40 PM

Has anyone had any luck using mutating admission controllers with flyte and finalizers-enabled: true? I'm not sure it's just finalizers that are messed up by updating the pod specs, but they all get stuck terminating and we see a lot of logs from flytepropeller like "Failed to clear finalizers for Resource with name: data-operations-development/dataops000000000053x-n0-0. Error: Pod \"dataops000000000053x-n0-0\" is invalid: spec: Forbidden: pod updates may not change fields other than

spec.containers[*].image

spec.initContainers[*].image

spec.activeDeadlineSeconds

spec.tolerations

(only additions to existing tolerations) or

spec.terminationGracePeriodSeconds

(allow it to be set to 1 if it was previously negative)" or "Pod is invalid. Error Pod ... Forbidden pod updates may not change..."

Ketan (kumare3)

10/03/2023, 2:51 PM

We have used mutating we hooks in the past. Seems like a race?

Olivier Sevin

10/03/2023, 3:29 PM

Maybe, it happens to every pod that gets updated

Olivier Sevin

10/18/2023, 4:03 PM

For now, we'll be using pod templates to work around the issues we wanted to use this for, but would eventually really like to use mutating web hooks. IIUC this is something that we'd need to fix in flyte propeller, if so should I file an issue in GH? (another example of user wanting to use mutating webhooks: https://flyte-org.slack.com/archives/C01P3B761A6/p1689257419244439)

2 Views

Open in Slack

Previous Next