From aadb87bdcdbc57317e23c753b5683bee192bb5a1 Mon Sep 17 00:00:00 2001
From: Clayton Coleman <smarterclayton@gmail.com>
Date: Fri, 10 Mar 2023 13:15:13 -0600
Subject: [PATCH] kubelet: Do not mutate pods in the pod manager

The pod manager is a cache and modifying objects returned from the
pod manager can cause race conditions in the Kubelet. In this case,
it causes static pod status from the mirror pod to leak back to
the config source, which means a static pod whose mirror pod is
set to a terminal phase (succeeded or failed) cannot restart.
---
 pkg/kubelet/kubelet_getters.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/kubelet/kubelet_getters.go b/pkg/kubelet/kubelet_getters.go
index eed312ceb15..561d5201a32 100644
--- a/pkg/kubelet/kubelet_getters.go
+++ b/pkg/kubelet/kubelet_getters.go
@@ -176,11 +176,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod {
 	pods := kl.podManager.GetPods()
 	// a kubelet running without apiserver requires an additional
 	// update of the static pod status. See #57106
-	for _, p := range pods {
+	for i, p := range pods {
 		if kubelettypes.IsStaticPod(p) {
 			if status, ok := kl.statusManager.GetPodStatus(p.UID); ok {
 				klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase)
+				// do not mutate the cache
+				p = p.DeepCopy()
 				p.Status = status
+				pods[i] = p
 			}
 		}
 	}