import ( "k8s.io/apimachinery/pkg/runtime" admission "k8s.io/kubernetes/pkg/admission" ) func mutatePod(ar *admission.AdmissionRequest) *admission.AdmissionResponse { pod := &corev1.Pod{} if err := json.Unmarshal(ar.Object.Raw, pod); err != nil { return admission.ErrorResponse(http.StatusBadRequest, err) } gvr, err := admission.Attributes(ar).GetResource() if err != nil { return admission.ErrorResponse(http.StatusInternalServerError, err) } // mutate the pod based on the GVR if gvr.Resource == "pods" && gvr.Group == "" && gvr.Version == "v1" { pod.Spec.RestartPolicy = corev1.RestartPolicyNever } mar := &admission.AdmissionResponse{ UID: ar.Request.UID, Allowed: true, } mar.Patch, err = createPatch(ar.Object.Raw, pod) if err != nil { return admission.ErrorResponse(http.StatusInternalServerError, err) } return mar }In this example, we use GetResource to obtain the GVR for the object being mutated (a Pod). We check the GVR to see if it matches the Pod resource in the v1 API group, and if so, we modify the Pod's RestartPolicy to "Never". Finally, we generate a patch representing the changes to the Pod, and return an AdmissionResponse indicating that the mutation is allowed, along with the patch. Overall, the k8s.io/kubernetes/pkg/admission package provides a powerful set of tools for writing admission controllers that can enforce custom validation and mutation rules on Kubernetes resources.