kubelet: Do not mutate pods in the pod manager

The pod manager is a cache and modifying objects returned from the pod manager can cause race conditions in the Kubelet. In this case, it causes static pod status from the mirror pod to leak back to the config source, which means a static pod whose mirror pod is set to a terminal phase (succeeded or failed) cannot restart.
2025-08-11 21:12:07 +00:00 · 2023-03-10 13:15:13 -06:00 · 2023-03-10 13:15:13 -06:00 · aadb87bdcd
commit aadb87bdcd
parent fcfe5dfc21
1 changed files with 4 additions and 1 deletions
--- a/pkg/kubelet/kubelet_getters.go
+++ b/pkg/kubelet/kubelet_getters.go
@ -176,11 +176,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod {
 	pods := kl.podManager.GetPods()
 	// a kubelet running without apiserver requires an additional
 	// update of the static pod status. See #57106
-	for _, p := range pods {
+	for i, p := range pods {
 		if kubelettypes.IsStaticPod(p) {
 			if status, ok := kl.statusManager.GetPodStatus(p.UID); ok {
 				klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase)
+				// do not mutate the cache
+				p = p.DeepCopy()
 				p.Status = status
+				pods[i] = p
 			}
 		}
 	}