From 0841b13e37197006d61ea3dfc322e492c212083b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20L=C3=A9vesque-Dion?=
 <mlevesquedion@google.com>
Date: Wed, 2 Dec 2020 14:44:11 -0500
Subject: [PATCH] use deepcopy to actually operate on a copy

---
 cmd/kubelet/app/server.go | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go
index 7567615c0d1..0f2f8d99a8e 100644
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -75,7 +75,6 @@ import (
 	"k8s.io/kubernetes/pkg/credentialprovider"
 	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/kubelet"
-	kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
 	kubeletconfiginternal "k8s.io/kubernetes/pkg/kubelet/apis/config"
 	kubeletscheme "k8s.io/kubernetes/pkg/kubelet/apis/config/scheme"
 	kubeletconfigvalidation "k8s.io/kubernetes/pkg/kubelet/apis/config/validation"
@@ -264,8 +263,13 @@ HTTP server: The kubelet can also listen for HTTP and respond to a simple API
 			// set up signal context here in order to be reused by kubelet and docker shim
 			ctx := genericapiserver.SetupSignalContext()
 
+			// make the kubelet's config safe for logging
+			config := kubeletServer.KubeletConfiguration.DeepCopy()
+			for k := range config.StaticPodURLHeader {
+				config.StaticPodURLHeader[k] = []string{"<redacted>"}
+			}
 			// log the kubelet's config for inspection
-			logConfig(kubeletServer.KubeletConfiguration)
+			klog.V(5).Infof("KubeletConfiguration: %#v", config)
 
 			// run the kubelet
 			if err := Run(ctx, kubeletServer, kubeletDeps, utilfeature.DefaultFeatureGate); err != nil {
@@ -304,15 +308,6 @@ func newFlagSetWithGlobals() *pflag.FlagSet {
 	return fs
 }
 
-// logConfig logs the kubelet's configuration.
-// Special care is taken to avoid logging sensitive parts of the configuration.
-func logConfig(config kubeletconfig.KubeletConfiguration) {
-	for k := range config.StaticPodURLHeader {
-		config.StaticPodURLHeader[k] = []string{"<redacted>"}
-	}
-	klog.V(5).Infof("KubeletConfiguration: %#v", config)
-}
-
 // newFakeFlagSet constructs a pflag.FlagSet with the same flags as fs, but where
 // all values have noop Set implementations
 func newFakeFlagSet(fs *pflag.FlagSet) *pflag.FlagSet {