Fix: Prevent PodBinding Controller Panic for Infinite NoExecute Tolerations

[WHOIM1205]

Summary

This PR fixes a nil pointer dereference in the PodBinding controller that causes yurt-manager to panic and restart when reconciling pods with infinite (TolerationSeconds=nil) NoExecute tolerations on autonomous edge nodes.

Infinite NoExecute tolerations are valid and common in Kubernetes. The controller previously assumed TolerationSeconds was always set and dereferenced it without a nil check.

---

❗ Problem

In reconcilePod, the controller stored original toleration values by directly dereferencing TolerationSeconds.

When TolerationSeconds == nil (meaning tolerate forever), this resulted in a runtime panic:

This breaks node autonomy, a core OpenYurt feature, and can destabilize the entire control plane.

---

🔁 Steps to Reproduce

1. Deploy OpenYurt with yurt-manager running.
2. Mark an edge node as autonomous:

   kubectl annotate node edge-node-1 node.openyurt.io/autonomy=true

apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
nodeName: edge-node-1
tolerations:

• key: "node.kubernetes.io/not-ready"
  operator: "Exists"
  effect: "NoExecute"

  TolerationSeconds intentionally omitted (nil)

containers:

• name: test
  image: nginx
  kubectl logs -n kube-system deployment/yurt-manager | grep panic

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[WHOIM1205]

hello @zyjhtangtang

This PR fixes a deterministic panic in the PodBinding controller when handling valid Kubernetes pods with infinite (TolerationSeconds=nil) NoExecute tolerations on autonomous edge nodes.

The issue is easy to trigger in real edge deployments and causes yurt-manager to crash repeatedly. The fix is minimal, defensive, and follows the same pattern already used in taint_manager.go, while fully preserving toleration semantics.

I’ve added clear reproduction steps and impact analysis in the PR description.

Would appreciate a review when you have time. Thanks!

[codecov]

Codecov Report

❌ Patch coverage is 36.36364% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 44.08%. Comparing base (b0c90be) to head (50ff98c).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...rtcoordinator/podbinding/pod_binding_controller.go	36.36%	3 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2501      +/-   ##
==========================================
- Coverage   44.08%   44.08%   -0.01%     
==========================================
  Files         399      399              
  Lines       26560    26560              
==========================================
- Hits        11710    11709       -1     
+ Misses      13788    13785       -3     
- Partials     1062     1066       +4     

Flag	Coverage Δ
unittests	44.08% <36.36%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[zyjhtangtang]

@WHOIM1205 Please focus on unit test coverage.