Has anyone had any luck using mutating admission controllers

Question

Has anyone had any luck using mutating admission controllers with flyte and finalizers enabled true I m not sure it s just finalizers that are messed up by updating the pod specs but they all get stuck terminating and we see a lot of logs from flytepropeller like Failed to clear finalizers for Resource with name data operations development dataops000000000053x n0 0 Error Pod dataops000000000053x n0 0 is invalid spec Forbidden pod updates may not change fields other than `spec containers image` `spec initContainers image` `spec activeDeadlineSeconds` `spec tolerations` only additions to existing tolerations or `spec terminationGracePeriodSeconds` allow it to be set to 1 if it was previously negative or Pod is invalid Error Pod Forbidden pod updates may not change

Ketan (kumare3) · Answer

We have used mutating we hooks in the past Seems like a race

Olivier Sevin · Answer

Maybe it happens to every pod that gets updated

Olivier Sevin · Answer

For now we ll be using pod templates to work around the issues we wanted to use this for but would eventually really like to use mutating web hooks IIUC this is something that we d need to fix in flyte propeller if so should I file an issue in GH another example of user wanting to use mutating webhooks <https flyte org slack com archives C01P3B761A6 p1689257419244439>