diff --git a/staging/src/k8s.io/client-go/discovery/cached/disk/cached_discovery_test.go b/staging/src/k8s.io/client-go/discovery/cached/disk/cached_discovery_test.go
index 2fd46a9dbc3..a8e6da062bf 100644
--- a/staging/src/k8s.io/client-go/discovery/cached/disk/cached_discovery_test.go
+++ b/staging/src/k8s.io/client-go/discovery/cached/disk/cached_discovery_test.go
@@ -34,7 +34,6 @@ import (
 	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/openapi"
-	"k8s.io/client-go/rest"
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/rest/fake"
 	testutil "k8s.io/client-go/util/testing"
@@ -151,7 +150,7 @@ func TestOpenAPIDiskCache(t *testing.T) {
 	require.Greater(t, len(fakeServer.ServedDocuments), 0)
 
 	client, err := NewCachedDiscoveryClientForConfig(
-		&rest.Config{Host: fakeServer.HttpServer.URL},
+		&restclient.Config{Host: fakeServer.HttpServer.URL},
 		discoCache,
 		httpCache,
 		1*time.Nanosecond,
diff --git a/staging/src/k8s.io/client-go/rest/exec.go b/staging/src/k8s.io/client-go/rest/exec.go
index 5f3b43c55a8..8539d5530d7 100644
--- a/staging/src/k8s.io/client-go/rest/exec.go
+++ b/staging/src/k8s.io/client-go/rest/exec.go
@@ -21,7 +21,6 @@ import (
 	"net/http"
 	"net/url"
 
-	"k8s.io/client-go/pkg/apis/clientauthentication"
 	clientauthenticationapi "k8s.io/client-go/pkg/apis/clientauthentication"
 )
 
@@ -50,7 +49,7 @@ func ConfigToExecCluster(config *Config) (*clientauthenticationapi.Cluster, erro
 		}
 	}
 
-	return &clientauthentication.Cluster{
+	return &clientauthenticationapi.Cluster{
 		Server:                   config.Host,
 		TLSServerName:            config.ServerName,
 		InsecureSkipTLSVerify:    config.Insecure,
@@ -63,7 +62,7 @@ func ConfigToExecCluster(config *Config) (*clientauthenticationapi.Cluster, erro
 // ExecClusterToConfig creates a Config with the corresponding fields from the provided
 // clientauthenticationapi.Cluster. The returned Config will be anonymous (i.e., it will not have
 // any authentication-related fields set).
-func ExecClusterToConfig(cluster *clientauthentication.Cluster) (*Config, error) {
+func ExecClusterToConfig(cluster *clientauthenticationapi.Cluster) (*Config, error) {
 	var proxy func(*http.Request) (*url.URL, error)
 	if cluster.ProxyURL != "" {
 		proxyURL, err := url.Parse(cluster.ProxyURL)
diff --git a/staging/src/k8s.io/client-go/rest/exec_test.go b/staging/src/k8s.io/client-go/rest/exec_test.go
index 705b776aa2e..5469c6d037b 100644
--- a/staging/src/k8s.io/client-go/rest/exec_test.go
+++ b/staging/src/k8s.io/client-go/rest/exec_test.go
@@ -28,7 +28,6 @@ import (
 	"github.com/google/go-cmp/cmp"
 	fuzz "github.com/google/gofuzz"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/client-go/pkg/apis/clientauthentication"
 	clientauthenticationapi "k8s.io/client-go/pkg/apis/clientauthentication"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/transport"
@@ -353,7 +352,7 @@ func TestExecClusterToConfigRoundtrip(t *testing.T) {
 		},
 	)
 	for i := 0; i < 100; i++ {
-		expected := &clientauthentication.Cluster{}
+		expected := &clientauthenticationapi.Cluster{}
 		f.Fuzz(expected)
 
 		// Manually set URLs so we don't get an error when parsing these during the roundtrip.
diff --git a/staging/src/k8s.io/client-go/util/certificate/csr/csr.go b/staging/src/k8s.io/client-go/util/certificate/csr/csr.go
index 0017007a2d2..0390d1c02fa 100644
--- a/staging/src/k8s.io/client-go/util/certificate/csr/csr.go
+++ b/staging/src/k8s.io/client-go/util/certificate/csr/csr.go
@@ -27,7 +27,6 @@ import (
 
 	certificatesv1 "k8s.io/api/certificates/v1"
 	certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
@@ -73,7 +72,7 @@ func RequestCertificate(client clientset.Interface, csrData []byte, name, signer
 	case err == nil:
 		return reqName, reqUID, err
 
-	case errors.IsAlreadyExists(err) && len(name) > 0:
+	case apierrors.IsAlreadyExists(err) && len(name) > 0:
 		klog.Infof("csr for this node already exists, reusing")
 		req, err := get(client, name)
 		if err != nil {
@@ -346,8 +345,8 @@ func ensureCompatible(new, orig *certificatesv1.CertificateSigningRequest, priva
 // formatError preserves the type of an API message but alters the message. Expects
 // a single argument format string, and returns the wrapped error.
 func formatError(format string, err error) error {
-	if s, ok := err.(errors.APIStatus); ok {
-		se := &errors.StatusError{ErrStatus: s.Status()}
+	if s, ok := err.(apierrors.APIStatus); ok {
+		se := &apierrors.StatusError{ErrStatus: s.Status()}
 		se.ErrStatus.Message = fmt.Sprintf(format, se.ErrStatus.Message)
 		return se
 	}