Merge pull request #619 from mimowo/dont-use-ssa-for-podgc

Don't use SSA in gcp-controller manager PodGC

Author: k8s-ci-robot

cmd/gcp-controller-manager/BUILD

@@ -77,7 +77,6 @@ go_library(
         "//vendor/k8s.io/apiserver/pkg/server/options",
         "//vendor/k8s.io/apiserver/pkg/util/feature",
         "//vendor/k8s.io/apiserver/pkg/util/webhook",
-        "//vendor/k8s.io/client-go/applyconfigurations/core/v1:core",
         "//vendor/k8s.io/client-go/informers",
         "//vendor/k8s.io/client-go/informers/core/v1:core",
         "//vendor/k8s.io/client-go/kubernetes",
@@ -98,11 +97,13 @@ go_library(
         "//vendor/k8s.io/controller-manager/pkg/clientbuilder",
         "//vendor/k8s.io/klog/v2:klog",
         "//vendor/k8s.io/kubernetes/pkg/api/legacyscheme",
+        "//vendor/k8s.io/kubernetes/pkg/api/v1/pod",
         "//vendor/k8s.io/kubernetes/pkg/apis/certificates/install",
         "//vendor/k8s.io/kubernetes/pkg/apis/certificates/v1:certificates",
         "//vendor/k8s.io/kubernetes/pkg/controller",
         "//vendor/k8s.io/kubernetes/pkg/controller/certificates",
         "//vendor/k8s.io/kubernetes/pkg/features",
+        "//vendor/k8s.io/kubernetes/pkg/util/pod",
         "//vendor/k8s.io/kubernetes/pkg/util/taints",
     ],
 )

cmd/gcp-controller-manager/node_csr_approver.go

@@ -48,14 +48,15 @@ import (
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/apiserver/pkg/util/webhook"
-	corev1apply "k8s.io/client-go/applyconfigurations/core/v1"
 	"k8s.io/cloud-provider-gcp/pkg/csrmetrics"
 	"k8s.io/cloud-provider-gcp/pkg/nodeidentity"
 	"k8s.io/cloud-provider-gcp/pkg/tpmattest"
 	"k8s.io/klog/v2"
+	apipod "k8s.io/kubernetes/pkg/api/v1/pod"
 	certutil "k8s.io/kubernetes/pkg/apis/certificates/v1"
 	"k8s.io/kubernetes/pkg/controller/certificates"
 	"k8s.io/kubernetes/pkg/features"
+	utilpod "k8s.io/kubernetes/pkg/util/pod"
 )
 
 const (
@@ -1040,22 +1041,15 @@ func markFailedAndDeletePodWithCondition(ctx *controllerContext, pod *v1.Pod) er
 		// is orphaned, in which case the pod would remain in the Running phase
 		// forever as there is no kubelet running to change the phase.
 		if pod.Status.Phase != v1.PodSucceeded && pod.Status.Phase != v1.PodFailed {
-			podApply := corev1apply.Pod(pod.Name, pod.Namespace).WithStatus(corev1apply.PodStatus())
-			// we don't need to extract the pod apply configuration and can send
-			// only phase and the DisruptionTarget condition as GCPControllerManager would not
-			// own other fields. If the DisruptionTarget condition is owned by
-			// GCPControllerManager it means that it is in the Failed phase, so sending the
-			// condition will not be re-attempted.
-			podApply.Status.WithPhase(v1.PodFailed)
-			podApply.Status.WithConditions(
-				corev1apply.PodCondition().
-					WithType(v1.DisruptionTarget).
-					WithStatus(v1.ConditionTrue).
-					WithReason("DeletionByGCPControllerManager").
-					WithMessage(fmt.Sprintf("%s: node no longer exists", fieldManager)).
-					WithLastTransitionTime(metav1.Now()))
-
-			if _, err := ctx.client.CoreV1().Pods(pod.Namespace).ApplyStatus(context.TODO(), podApply, metav1.ApplyOptions{FieldManager: fieldManager, Force: true}); err != nil {
+			newStatus := pod.Status.DeepCopy()
+			newStatus.Phase = v1.PodFailed
+			apipod.UpdatePodCondition(newStatus, &v1.PodCondition{
+				Type:    v1.DisruptionTarget,
+				Status:  v1.ConditionTrue,
+				Reason:  "DeletionByGCPControllerManager",
+				Message: fmt.Sprintf("%s: node no longer exists", fieldManager),
+			})
+			if _, _, _, err := utilpod.PatchPodStatus(context.TODO(), ctx.client, pod.Namespace, pod.Name, pod.UID, pod.Status, *newStatus); err != nil {
 				return err
 			}
 		}

cmd/gcp-controller-manager/node_csr_approver_test.go

@@ -1806,16 +1806,16 @@ func TestDeleteAllPodsBoundToNode(t *testing.T) {
 				Status: v1.PodStatus{
 					Phase: v1.PodFailed,
 					Conditions: []v1.PodCondition{
+						{
+							Type:   v1.PodReady,
+							Status: v1.ConditionTrue,
+						},
 						{
 							Type:    v1.DisruptionTarget,
 							Status:  v1.ConditionTrue,
 							Reason:  "DeletionByGCPControllerManager",
 							Message: "GCPControllerManager: node no longer exists",
 						},
-						{
-							Type:   v1.PodReady,
-							Status: v1.ConditionTrue,
-						},
 					},
 				},
 			},

vendor/k8s.io/kubernetes/pkg/util/pod/BUILD

@@ -1443,6 +1443,7 @@ k8s.io/kubernetes/pkg/features
 k8s.io/kubernetes/pkg/fieldpath
 k8s.io/kubernetes/pkg/util/hash
 k8s.io/kubernetes/pkg/util/parsers
+k8s.io/kubernetes/pkg/util/pod
 k8s.io/kubernetes/pkg/util/taints
 # k8s.io/metrics v0.28.0 => k8s.io/metrics v0.28.0
 ## explicit; go 1.20