What happened:
When a user makes a modifying request to an object through the /scale subresource, the /scale admission chain is called, but mutating and validating admission for the underlying resource are not. This introduces some unexpected behavior and also makes certain valid use cases impossible to enforce consistently.

For example, if a user wants to register a webhook on Deployments which prevents the total resource limits of the deployment from exceeding a certain amount, by validating that the product of replicas*memory is below a certain amount, this is not possible. Because a user could always increase the replicas through /deployments/scale, and bypass the validating webhooks registered for /deployments.

What you expected to happen:
The mutating and validating admission for the underlying resource would be called when making a request to the /scale subresource

How to reproduce it (as minimally and precisely as possible):
Register a webhook for /deployments which prevents changing replicas
Make a request to /deployments/scale

See also discussion in #113594

/cc @apelisse