fix: skip NodeEvaluation upsert when evaluation did not run

[sahitya-chandra]

Description

processNodeAgainstAllRules unconditionally upserted a NodeEvaluation entry for the current node after evaluateRuleForNode, even on the failure path. When taint patching returned a non-conflict error (e.g. RBAC denial, persistent API failure), evaluateRuleForNode exited before updateNodeEvaluationStatus ran, so the in-memory rule had no evaluation for that node and the upsert wrote a zero-value NodeEvaluation{NodeName: ""}. NodeEvaluation.NodeName is annotated MinLength=1 plus a hostname Pattern, so the API server rejected the whole Status().Patch with 422, and the FailedNodes update bundled into the same patch was lost with it

This change captures the error from evaluateRuleForNode and only runs the NodeEvaluation upsert when the evaluation succeeded. On the failure path the persisted entry is left untouched and only FailedNodes is updated. This also avoids overwriting a fresh persisted entry with a stale one from the rule cache when a separate reconcile has updated status since the cache was last refreshed

Related Issue

Fixes #217

Type of Change

/kind bug

Testing

• make test passes locally (envtest, Kubernetes 1.34); controller package coverage rose from 72.2% to 74.5%.
• make lint passes locally
• Regression test 1: a fake client fails Patch on the node, runs NodeReconciler.Reconcile, and asserts that the FailedNodes entry lands, no empty NodeEvaluation slipped in, and an unrelated pre-existing NodeEvaluation was preserved. Without the fix, the test fails on the empty-NodeName assertion
• Regression test 2 covers the stale-cache case: persisted status has TaintStatus=Absent, the cached rule snapshot has stale TaintStatus=Present, evaluation fails, and the persisted entry must stay Absent

Checklist

• make test passes
• make lint passes

Does this PR introduce a user-facing change?

Fix a bug where a transient taint patch failure on a node could drop the corresponding FailedNodes entry from a NodeReadinessRule's status, or overwrite a fresh persisted NodeEvaluation with a stale one from the controller's rule cache

[netlify]

✅ Deploy Preview for node-readiness-controller canceled.

Name	Link
🔨 Latest commit	339a0ac
🔍 Latest deploy log	https://app.netlify.com/projects/node-readiness-controller/deploys/69faa9b0465afe00084a07da

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sahitya-chandra
Once this PR has been reviewed and has the lgtm label, please assign ajaysundark for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @sahitya-chandra. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.