Protect CSI driver node pods to avoid storage workload scheduling

[alikdell]

Description

The CSI node driver when not running on a WN (worker node). the CSI controller should check and taint that node so that pods are not scheduled on that node.

GitHub Issues

List the GitHub issues impacted by this PR:

GitHub Issue #
#dell/csm#145

Checklist:

• I have performed a self-review of my own code to ensure there are no formatting, vetting, linting, or security issues
• I have verified that new and existing unit tests pass locally with my changes
• I have not allowed coverage numbers to degenerate
• I have maintained at least 90% code coverage
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• Backward compatibility is not broken

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration

• Unit test added
• Test run integration test

time="2022-05-19T14:00:25-04:00" level=info msg="Node-mode test finished"
--- PASS: TestNodeMode (1.84s)
=== RUN TestMapEqualsMap
--- PASS: TestMapEqualsMap (0.00s)
=== RUN TestPowerFlexShortCheck
time="2022-05-19T14:00:25-04:00" level=info msg="Skipping short integration test. To enable short integration test: export RESILIENCY_SHORT_INT_TEST=true"
--- PASS: TestPowerFlexShortCheck (0.00s)
=== RUN TestUnityShortCheck
time="2022-05-19T14:00:25-04:00" level=info msg="Skipping short integration test. To enable short integration test: export RESILIENCY_SHORT_INT_TEST=true"
--- PASS: TestUnityShortCheck (0.00s)
=== RUN TestPowerFlexShortIntegration
time="2022-05-19T14:00:25-04:00" level=info msg="Skipping integration test. To enable integration test: export RESILIENCY_SHORT_INT_TEST=true"
--- PASS: TestPowerFlexShortIntegration (0.00s)
=== RUN TestUnityShortIntegration
time="2022-05-19T14:00:25-04:00" level=info msg="Skipping integration test. To enable integration test: export RESILIENCY_SHORT_INT_TEST=true"
--- PASS: TestUnityShortIntegration (0.00s)
PASS
coverage: 92.9% of statements
status 0
ok podmon/internal/monitor 8.292s coverage: 92.9% of statements

[rbo54]

A few small changes I think would make it better but overall very good work!

[rbo54]

I don't think the call to cm.PodKeyToControllerPodInfo.Delete and cm.PodKeyToCrashLoopBackOffCount.Delete are needed, because you correctly intercept the pod before the are added into these maps. Look at controllerModePodHandler and you will see your driver pods get break out into the separate function before they can be added.

[alikdell]

Fixed

[rbo54]

Maybe you want to break lines 679 through 688 into a subroutine that given a pod returns booleans for each of the conditions, as this code is cut and pasted from controllerModPodHandler.

[alikdell]

fixed

[rbo54]

This comment is incorrect now?

[alikdell]

fixed

[rbo54]

Do you check the untaint conditions? You could has a boolean indicated when it is expected to be tainted or not. In the examples, wouldn't the "Ready" line remove the taint?

[alikdell]

fixed

[rbo54]

Pass the boolean in here and then you can check both the addition of the taint as well as the removal of the taint.

[alikdell]

fixed

[rbo54]

I'm not sure why you moved this from below the for loop; looks like it doesn't make any difference. Doesn't really matter.

[alikdell]

I moved that when I thought I needed to check in this function also if pod is driver node pod, forgot to move it down back to original place.

[alikdell]

reverted

Fixed

[rbo54]

Thanks for the changes Alik! Approved.