Gang-termination breach formula rework + E2E scenarios (GT-1 through GT-6)

[danbar2]

Follow-up to #561 (which fixed the initial cordon-then-kill regression) — picks up the open
questions that PR left behind. Refs #277.

Summary

Two related changes, one commit each:

1. c8820c9 Rework MinAvailableBreached semantics. Drops the scheduledReplicas == 0
   suppression that Fix gang termination when scheduled replicas regress below MinAvailable #561 introduced as a churn-loop guard, and rewrites the PCSG-level
   breach formula to match the spec-implied definition.
2. 7f151af + 294882b Add gang-termination E2E scenarios GT-1 through GT-6.

Operator changes (commit c8820c9)

Drop the scheduled==0 suppression

The previous suppression made it impossible to recover when a PodClique lost every
scheduled pod — gang termination never fired even after the workload had once been
healthy. The new rule: scheduledReplicas < MinAvailable always breaches.

The natural debounce is TerminationDelay (default 4h). During a normal startup the
breach flickers True briefly and resolves; a workload still below MinAvailable past
TerminationDelay is genuinely stuck and recycling it gives the scheduler a fresh
PodGang against the current cluster state.

Rework PCSG breach formula

Replaces `availableReplicas = scheduledReplicas - breachedReplicas` with
`notInBreachReplicas = existingReplicas - breachedReplicas`. The previous formula
double-counted: a PCSG replica that failed to schedule was excluded from
`scheduledReplicas` AND counted again in `breachedReplicas`, flipping the PCSG into
breach unnecessarily and causing PCS-level gang termination to fire when only the
PCSG-replica-scoped restart was warranted.

Matches the canonical definition:

• A PCSG replica is in breach if at least one of its PodCliques is in breach.
• A PCSG replica in breach > TerminationDelay → PCSG-scoped restart (just that
  replica's PCLQs).
• The PCSG itself is in breach when (replicas not in breach) < MinAvailable.
• Standalone PCLQ in breach → PCS-level restart.
• PCSG-level in breach → PCS-level restart.

Unit tests rewritten around the new formula; sanity-pin cases for "1 of 2 replicas
breached with MinAvailable=1 — not in breach (PCSG-scoped restart only)" and "both
replicas breached — escalates to PCS-level" capture the GT-4 / GT-5 expectations.

E2E scenarios (commits 7f151af + 294882b)

Test	Workload	What it exercises
GT-1	WL1 (full replicas)	Cordon + kill a PCS-owned pod → full-workload gang term
GT-2	WL1 (full replicas)	Cordon + kill a PCSG-owned pod → full-workload gang term
GT-3	WL2 (min replicas)	Incremental kill of pc-a; first kill no-op, second triggers term
GT-4	WL2 (min replicas)	Multi-stage PCSG-owned: PCSG-scoped restart then full term
GT-5	WL5 (pc-c min=3)	Kill all of one PCSG replica's pc-c → that PCSG replica only
GT-6	WL2	Kill a scaled-PodGang pod → no PCS-level term (pc-a survives)

All six pass locally against an operator running with this PR's changes.

Test plan

• `go test ./...` clean (operator + scheduler/api + api modules)
• `go vet ./...` clean
• gofmt clean
• E2E: `make run-e2e TEST_PATTERN=Test_GT` — 6 PASS in ~9 minutes against k3d/Kai
• Recommend a CI run on `prod-grove-e2e-v1` before merge

Out of scope (for a follow-up)

The original test plan also lists GT-7/9/10/11 (crash-loop variants), GT-12 (readiness
probe failure), GT-13 (no gang term during rolling update), and GT-14 (recovery before
TerminationDelay). These are not in this PR — each needs new test infrastructure that
doesn't exist in `operator/e2e` today:

• GT-7/9/10/11 + GT-12: pod-exec from Go (`client-go/tools/remotecommand` + SPDY) plus
  workload variants with a toggleable liveness/readiness probe keyed on a file in an
  emptyDir volume.
• GT-13: a `PatchPCSTemplate` helper in `testctx` so a test can trigger a rolling
  update mid-run.
• GT-14 actually works against this PR's operator changes, but its assertion shape is
  different enough from GT-1..6 that I'd rather pull it in once the infra above lands.

🤖 Generated with Claude Code

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[shayasoolin]

@danbar2 I'd like to know if the new decision of breaching even when scheduled == 0 only means setting the condition, or actually recreating resources like Pods and PogGangs.
Considering the simplest case where gang-scheduling doesn't take place due to insufficient resources, I'm okay with having the breach condition set, but reluctant to recreating resources indefinitely every terminationDelay seconds. Grove should be silent in such cases, only the scheduler should do this kind of polling after its pending resources.