From 7ececb3fc5d85343d008660a66db17c092393412 Mon Sep 17 00:00:00 2001
From: Clayton Coleman <smarterclayton@gmail.com>
Date: Fri, 10 Mar 2023 13:15:13 -0600
Subject: [PATCH] kubelet: Do not mutate pods in the pod manager

The pod manager is a cache and modifying objects returned from the
pod manager can cause race conditions in the Kubelet. In this case,
it causes static pod status from the mirror pod to leak back to
the config source, which means a static pod whose mirror pod is
set to a terminal phase (succeeded or failed) cannot restart.
---
 pkg/kubelet/kubelet_getters.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/kubelet/kubelet_getters.go b/pkg/kubelet/kubelet_getters.go
index a963409a1831d..ea719d1dddd6f 100644
--- a/pkg/kubelet/kubelet_getters.go
+++ b/pkg/kubelet/kubelet_getters.go
@@ -170,11 +170,14 @@ func (kl *Kubelet) GetPods() []*v1.Pod {
 	pods := kl.podManager.GetPods()
 	// a kubelet running without apiserver requires an additional
 	// update of the static pod status. See #57106
-	for _, p := range pods {
+	for i, p := range pods {
 		if kubelettypes.IsStaticPod(p) {
 			if status, ok := kl.statusManager.GetPodStatus(p.UID); ok {
 				klog.V(2).InfoS("Pod status updated", "pod", klog.KObj(p), "status", status.Phase)
+				// do not mutate the cache
+				p = p.DeepCopy()
 				p.Status = status
+				pods[i] = p
 			}
 		}
 	}