Replace update api invocations with patch api

manifests/supervisorcluster/1.29/cns-csi.yaml

@@ -56,7 +56,7 @@ rules:
     verbs: ["create", "get", "list", "update", "watch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsfilevolumeclients"]
-    verbs: ["get", "list", "update", "create", "delete"]
+    verbs: ["get", "list", "update", "create", "delete", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsregistervolumes", "cnsregistervolumes/status", "cnsunregistervolumes", "cnsunregistervolumes/status"]
     verbs: ["get", "list", "watch", "update", "delete", "patch"]
@@ -68,7 +68,7 @@ rules:
     verbs: ["get", "watch", "list", "delete", "update", "create", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "create", "update"]
+    verbs: ["get", "create", "update", "patch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch", "list", "delete", "update", "create"]
@@ -83,7 +83,7 @@ rules:
     verbs: ["get"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsvolumeoperationrequests"]
-    verbs: ["create", "get", "list", "update", "delete", "watch"]
+    verbs: ["create", "get", "list", "update", "delete", "watch", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["storagepolicyusages"]
     verbs: ["create", "get", "list", "patch", "delete"]

manifests/supervisorcluster/1.30/cns-csi.yaml

@@ -56,7 +56,7 @@ rules:
     verbs: ["create", "get", "list", "update", "watch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsfilevolumeclients"]
-    verbs: ["get", "list", "update", "create", "delete"]
+    verbs: ["get", "list", "update", "create", "delete", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsregistervolumes", "cnsregistervolumes/status", "cnsunregistervolumes", "cnsunregistervolumes/status"]
     verbs: ["get", "list", "watch", "update", "delete", "patch"]
@@ -68,7 +68,7 @@ rules:
     verbs: ["get", "watch", "list", "delete", "update", "create", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "create", "update"]
+    verbs: ["get", "create", "update", "patch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch", "list", "delete", "update", "create"]
@@ -83,7 +83,7 @@ rules:
     verbs: ["get"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsvolumeoperationrequests"]
-    verbs: ["create", "get", "list", "update", "delete", "watch"]
+    verbs: ["create", "get", "list", "update", "delete", "watch", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["storagepolicyusages"]
     verbs: ["create", "get", "list", "patch", "delete"]

manifests/supervisorcluster/1.31/cns-csi.yaml

@@ -56,7 +56,7 @@ rules:
     verbs: ["create", "get", "list", "update", "watch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsfilevolumeclients"]
-    verbs: ["get", "list", "update", "create", "delete"]
+    verbs: ["get", "list", "update", "create", "delete", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsregistervolumes", "cnsregistervolumes/status", "cnsunregistervolumes", "cnsunregistervolumes/status"]
     verbs: ["get", "list", "watch", "update", "delete", "patch"]
@@ -68,7 +68,7 @@ rules:
     verbs: ["get", "watch", "list", "delete", "update", "create", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "create", "update"]
+    verbs: ["get", "create", "update", "patch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch", "list", "delete", "update", "create"]
@@ -83,7 +83,7 @@ rules:
     verbs: ["get"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsvolumeoperationrequests"]
-    verbs: ["create", "get", "list", "update", "delete", "watch"]
+    verbs: ["create", "get", "list", "update", "delete", "watch", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["storagepolicyusages"]
     verbs: ["create", "get", "list", "patch", "delete"]

manifests/supervisorcluster/1.32/cns-csi.yaml

@@ -56,7 +56,7 @@ rules:
     verbs: ["create", "get", "list", "update", "watch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsfilevolumeclients"]
-    verbs: ["get", "list", "update", "create", "delete"]
+    verbs: ["get", "list", "update", "create", "delete", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsregistervolumes", "cnsregistervolumes/status", "cnsunregistervolumes", "cnsunregistervolumes/status"]
     verbs: ["get", "list", "watch", "update", "delete", "patch"]
@@ -68,7 +68,7 @@ rules:
     verbs: ["get", "watch", "list", "delete", "update", "create", "patch"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
-    verbs: ["get", "create", "update"]
+    verbs: ["get", "create", "update", "patch"]
   - apiGroups: ["coordination.k8s.io"]
     resources: ["leases"]
     verbs: ["get", "watch", "list", "delete", "update", "create"]
@@ -83,7 +83,7 @@ rules:
     verbs: ["get"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["cnsvolumeoperationrequests"]
-    verbs: ["create", "get", "list", "update", "delete", "watch"]
+    verbs: ["create", "get", "list", "update", "delete", "watch", "patch"]
   - apiGroups: ["cns.vmware.com"]
     resources: ["storagepolicyusages"]
     verbs: ["create", "get", "list", "patch", "delete"]

pkg/csi/service/common/commonco/k8sorchestrator/k8sorchestrator.go

@@ -2226,7 +2226,21 @@ func (c *K8sOrchestrator) PreLinkedCloneCreateAction(ctx context.Context, pvcNam
 			linkedClonePVC.Labels[common.LinkedClonePVCLabel] = linkedClonePVC.Annotations[common.AttributeIsLinkedClone]
 		}
 
-		_, err = c.k8sClient.CoreV1().PersistentVolumeClaims(pvcNamespace).Update(ctx, linkedClonePVC, metav1.UpdateOptions{})
+		// Patch PVC with updated label
+		restClientConfig, err := k8s.GetKubeConfig(ctx)
+		if err != nil {
+			log.Errorf("failed to get kubeconfig with err:%+v", err)
+			return err
+		}
+		coreV1Client, err := k8s.NewClientForGroup(ctx, restClientConfig, v1.SchemeGroupVersion.Group)
+		if err != nil {
+			log.Errorf("failed to create client with err:%+v", err)
+			return err
+		}
+		originalPVC := linkedClonePVC.DeepCopy()
+		// Reset the label that was added for proper patch
+		delete(originalPVC.Labels, common.LinkedClonePVCLabel)
+		err = k8s.PatchObject(ctx, coreV1Client, originalPVC, linkedClonePVC)
 		if err != nil {
 			log.Errorf("failed to add linked clone label for PVC %s/%s. Error: %+v, retrying...",
 				pvcNamespace, pvcName, err)
@@ -2274,13 +2288,28 @@ func (c *K8sOrchestrator) UpdatePersistentVolumeLabel(ctx context.Context,
 		if err != nil {
 			return fmt.Errorf("error getting PV %s from API server: %w", pvName, err)
 		}
+
+		// Patch PV with updated label
+		restClientConfig, err := k8s.GetKubeConfig(ctx)
+		if err != nil {
+			log.Errorf("failed to get kubeconfig with err:%+v", err)
+			return err
+		}
+		coreV1Client, err := k8s.NewClientForGroup(ctx, restClientConfig, v1.SchemeGroupVersion.Group)
+		if err != nil {
+			log.Errorf("failed to create client with err:%+v", err)
+			return err
+		}
+
+		originalPV := pv.DeepCopy()
 		if pv.Labels == nil {
 			pv.Labels = make(map[string]string)
 		}
 		pv.Labels[key] = value
-		_, err = c.k8sClient.CoreV1().PersistentVolumes().Update(ctx, pv, metav1.UpdateOptions{})
+
+		err = k8s.PatchObject(ctx, coreV1Client, originalPV, pv)
 		if err != nil {
-			errMsg := fmt.Sprintf("error updating PV %s with labels %s/%s. Error: %v", pvName, key, value, err)
+			errMsg := fmt.Sprintf("error patching PV %s with labels %s/%s. Error: %v", pvName, key, value, err)
 			log.Error(errMsg)
 			return err
 		}

pkg/csi/service/common/commonco/k8sorchestrator/k8sorchestrator_helper.go

@@ -32,6 +32,7 @@ import (
 	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service/common"
 	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service/logger"
 	csitypes "sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/types"
+	k8s "sigs.k8s.io/vsphere-csi-driver/v3/pkg/kubernetes"
 )
 
 // getPVCAnnotations fetches annotations from PVC bound to passed volumeID and
@@ -93,9 +94,30 @@ func (c *K8sOrchestrator) updatePVCAnnotations(ctx context.Context,
 				log.Debugf("Updating annotation %s on pvc %s/%s to value: %s", key, pvcNamespace, pvcName, val)
 			}
 		}
-		_, err = c.k8sClient.CoreV1().PersistentVolumeClaims(pvcNamespace).Update(ctx, pvcObj, metav1.UpdateOptions{})
+
+		// Patch PVC with updated annotations
+		restClientConfig, err := k8s.GetKubeConfig(ctx)
 		if err != nil {
-			log.Errorf("failed to update pvc annotations %s/%s with err:%+v", pvcNamespace, pvcName, err)
+			log.Errorf("failed to get kubeconfig with err:%+v", err)
+			return err
+		}
+		coreV1Client, err := k8s.NewClientForGroup(ctx, restClientConfig, v1.SchemeGroupVersion.Group)
+		if err != nil {
+			log.Errorf("failed to create client with err:%+v", err)
+			return err
+		}
+		originalPVC := pvcObj.DeepCopy()
+		// Reset modified annotations to create proper patch
+		for key, val := range annotations {
+			if val == "" {
+				originalPVC.Annotations[key] = "placeholder"
+			} else {
+				delete(originalPVC.Annotations, key)
+			}
+		}
+		err = k8s.PatchObject(ctx, coreV1Client, originalPVC, pvcObj)
+		if err != nil {
+			log.Errorf("failed to patch pvc annotations %s/%s with err:%+v", pvcNamespace, pvcName, err)
 			return err
 		}
 		return nil

pkg/internalapis/cnsoperator/cnsfilevolumeclient/cnsfilevolumeclient.go

@@ -227,11 +227,12 @@ func (f *fileVolumeClient) AddClientVMToIPList(ctx context.Context,
 		}
 	}
 	newClientVMList := append(oldClientVMList, clientVMName)
+	original := instance.DeepCopy()
 	instance.Spec.ExternalIPtoClientVms[clientVMIP] = newClientVMList
 	log.Debugf("Updating cnsfilevolumeclient instance %s with spec: %+v", fileVolumeName, instance)
-	err = f.client.Update(ctx, instance)
+	err = f.client.Patch(ctx, instance, client.MergeFrom(original))
 	if err != nil {
-		log.Errorf("failed to update cnsfilevolumeclient instance %s/%s with error: %+v", fileVolumeName, err)
+		log.Errorf("failed to patch cnsfilevolumeclient instance %s/%s with error: %+v", instance.Namespace, instance.Name, err)
 	}
 	return err
 }
@@ -315,9 +316,10 @@ func (f *fileVolumeClient) RemoveClientVMFromIPList(ctx context.Context,
 				return nil
 			}
 			log.Debugf("Updating cnsfilevolumeclient instance %s with spec: %+v", fileVolumeName, instance)
-			err = f.client.Update(ctx, instance)
+			original := instance.DeepCopy()
+			err = f.client.Patch(ctx, instance, client.MergeFrom(original))
 			if err != nil {
-				log.Errorf("failed to update cnsfilevolumeclient instance %s with error: %+v", fileVolumeName, err)
+				log.Errorf("failed to patch cnsfilevolumeclient instance %s/%s with error: %+v", instance.Namespace, instance.Name, err)
 			}
 			return err
 		}
@@ -415,18 +417,19 @@ func (f *fileVolumeClient) CnsFileVolumeClientExistsForPvc(ctx context.Context,
 
 // removeFinalizer will remove the CNS Finalizer = cns.vmware.com,
 // from a given CnsFileVolumeClient instance.
-func removeFinalizer(ctx context.Context, client client.Client,
+func removeFinalizer(ctx context.Context, c client.Client,
 	instance *v1alpha1.CnsFileVolumeClient) error {
 	log := logger.GetLogger(ctx)
 	for i, finalizer := range instance.Finalizers {
 		if finalizer == cnsoperatortypes.CNSFinalizer {
 			log.Debugf("Removing %q finalizer from CnsFileVolumeClient instance with name: %q on namespace: %q",
 				cnsoperatortypes.CNSFinalizer, instance.Name, instance.Namespace)
+			original := instance.DeepCopy()
 			instance.Finalizers = append(instance.Finalizers[:i], instance.Finalizers[i+1:]...)
-			// Update the instance after removing finalizer
-			err := client.Update(ctx, instance)
+			// Patch the instance after removing finalizer
+			err := c.Patch(ctx, instance, client.MergeFrom(original))
 			if err != nil {
-				log.Errorf("failed to update CnsFileVolumeClient instance with name: %q on namespace: %q",
+				log.Errorf("failed to patch CnsFileVolumeClient instance with name: %q on namespace: %q",
 					instance.Name, instance.Namespace)
 				return err
 			}

pkg/internalapis/cnsvolumeoperationrequest/cnsvolumeoperationrequest.go

@@ -339,11 +339,11 @@ func (or *operationRequestStore) StoreRequestDetails(
 		}
 	}
 
-	// Store the local instance on the API server.
-	err := or.k8sclient.Update(ctx, updatedInstance)
+	// Store the local instance on the API server using patch.
+	err := or.k8sclient.Patch(ctx, updatedInstance, client.MergeFrom(instance))
 	if err != nil {
 		log.Errorf(
-			"failed to update CnsVolumeOperationRequest instance %s/%s with error: %v",
+			"failed to patch CnsVolumeOperationRequest instance %s/%s with error: %v",
 			instanceKey.Namespace,
 			instanceKey.Name,
 			err,

pkg/kubernetes/kubernetes.go

@@ -795,10 +795,22 @@ func AddFinalizerOnPVC(ctx context.Context, k8sClient clientset.Interface, pvcNa
 		return nil
 	}
 
-	// Update the PVC with the new finalizer
-	_, err = k8sClient.CoreV1().PersistentVolumeClaims(pvcNamespace).Update(ctx, pvc, metav1.UpdateOptions{})
+	// Patch the PVC with the new finalizer
+	restClientConfig, err := GetKubeConfig(ctx)
 	if err != nil {
-		log.Errorf("Failed to add finalizer on PVC. Error: %s", err.Error())
+		log.Errorf("Failed to get kubeconfig. Err: %v", err)
+		return err
+	}
+	coreV1Client, err := NewClientForGroup(ctx, restClientConfig, v1.SchemeGroupVersion.Group)
+	if err != nil {
+		log.Errorf("Failed to create client. Err: %v", err)
+		return err
+	}
+	originalPVC := pvc.DeepCopy()
+	controllerutil.RemoveFinalizer(originalPVC, finalizer)
+	err = PatchObject(ctx, coreV1Client, originalPVC, pvc)
+	if err != nil {
+		log.Errorf("Failed to patch finalizer on PVC. Error: %s", err.Error())
 		return err
 	}
 
@@ -829,10 +841,22 @@ func RemoveFinalizerFromPVC(ctx context.Context, k8sClient clientset.Interface,
 		return nil
 	}
 
-	// Update the PVC to remove the finalizer
-	_, err = k8sClient.CoreV1().PersistentVolumeClaims(pvcNamespace).Update(ctx, pvc, metav1.UpdateOptions{})
+	// Patch the PVC to remove the finalizer
+	restClientConfig, err := GetKubeConfig(ctx)
+	if err != nil {
+		log.Errorf("Failed to get kubeconfig. Err: %v", err)
+		return err
+	}
+	coreV1Client, err := NewClientForGroup(ctx, restClientConfig, v1.SchemeGroupVersion.Group)
 	if err != nil {
-		log.Errorf("Failed to remove finalizer from PVC. Error: %s", err.Error())
+		log.Errorf("Failed to create client. Err: %v", err)
+		return err
+	}
+	originalPVC := pvc.DeepCopy()
+	controllerutil.AddFinalizer(originalPVC, finalizer)
+	err = PatchObject(ctx, coreV1Client, originalPVC, pvc)
+	if err != nil {
+		log.Errorf("Failed to patch to remove finalizer from PVC. Error: %s", err.Error())
 		return err
 	}
 
@@ -854,7 +878,9 @@ func AddFinalizer(ctx context.Context, c client.Client, obj client.Object, final
 	}
 
 	log.Info("Adding finalizer to object.")
-	return c.Update(ctx, obj)
+	original := obj.DeepCopyObject().(client.Object)
+	controllerutil.RemoveFinalizer(original, finalizer)
+	return c.Patch(ctx, obj, client.MergeFrom(original))
 }
 
 // RemoveFinalizer removes the specified finalizer from the given Kubernetes object if it is present.
@@ -871,7 +897,9 @@ func RemoveFinalizer(ctx context.Context, c client.Client, obj client.Object, fi
 	}
 
 	log.Info("Removing finalizer from object.")
-	return c.Update(ctx, obj)
+	original := obj.DeepCopyObject().(client.Object)
+	controllerutil.AddFinalizer(original, finalizer)
+	return c.Patch(ctx, obj, client.MergeFrom(original))
 }
 
 // PatchObject patches a Kubernetes object using strategic merge patch.

pkg/syncer/cnsoperator/controller/cnsunregistervolume/controller.go

@@ -632,7 +632,9 @@ func protectInstance(ctx context.Context, c client.Client, obj *v1a1.CnsUnregist
 	}
 
 	log.Info("adding finalizer to instance")
-	return c.Update(ctx, obj)
+	original := obj.DeepCopy()
+	controllerutil.RemoveFinalizer(original, cnsoptypes.CNSUnregisterVolumeFinalizer)
+	return c.Patch(ctx, obj, client.MergeFrom(original))
 }
 
 // removeFinalizer removes finalizer from the CnsUnregisterVolume instance to allow deletion.
@@ -643,7 +645,9 @@ func removeFinalizer(ctx context.Context, c client.Client, obj *v1a1.CnsUnregist
 
 	if controllerutil.RemoveFinalizer(obj, cnsoptypes.CNSUnregisterVolumeFinalizer) {
 		log.Info("removing finalizer from instance")
-		return c.Update(ctx, obj)
+		original := obj.DeepCopy()
+		controllerutil.AddFinalizer(original, cnsoptypes.CNSUnregisterVolumeFinalizer)
+		return c.Patch(ctx, obj, client.MergeFrom(original))
 	}
 
 	log.Info("finalizer does not exist on instance")