Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syz-cluster: steps to CI/CD #5811

Merged
merged 7 commits into from
Feb 26, 2025
Merged

syz-cluster: steps to CI/CD #5811

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
99a950b
syz-cluster: make image prefix and tag configurable
a-nogikh Feb 24, 2025
1435c1e
syz-cluster: move more configs to common
a-nogikh Feb 24, 2025
32c9227
syz-cluster: add qemu fuzzer configs
a-nogikh Feb 24, 2025
80eaf30
syz-cluter: define a service account for services
a-nogikh Feb 25, 2025
f6739c7
syz-cluster: add a DB migration job
a-nogikh Feb 25, 2025
134585d
syz-cluster: reorder kustomize resource order
a-nogikh Feb 26, 2025
6afa3c3
syz-cluster: use correct k8s service accounts
a-nogikh Feb 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 48 additions & 40 deletions syz-cluster/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,66 +1,74 @@
# Copyright 2024 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

build-controller-dev:
eval $$(minikube docker-env);\
docker build -t controller-image-local -f ./controller/Dockerfile ../
IMAGE_TAG ?= latest
IMAGE_PREFIX ?= local/
SHELL := /bin/bash

build-series-tracker-dev:
eval $$(minikube docker-env);\
docker build -t series-tracker-local -f ./series-tracker/Dockerfile ../
define build_image_rules =
image_name_$(2) := $(IMAGE_PREFIX)$(2):$(IMAGE_TAG)
dockerfile_$(2) := $(1)/Dockerfile

deploy-series-tracker-dev: build-series-tracker-dev
@kubectl rollout restart deployment series-tracker
build-$(2):
@echo "Building $$(image_name_$(2)) (Dockerfile: $$(dockerfile_$(2)))"
DOCKER_BUILDKIT=1 docker build -t $$(image_name_$(2)) -f $$(dockerfile_$(2)) ../

run-series-tracker-dev: build-series-tracker-dev
./run-local.sh series-tracker
push-$(2): build-$(2)
@echo "Pushing $$(image_name_$(2))"
docker push $$(image_name_$(2))

build-web-dashboard-dev:
eval $$(minikube docker-env);\
docker build -t web-dashboard-local -f ./dashboard/Dockerfile ../
endef

deploy-web-dashboard-dev: build-web-dashboard-dev
@kubectl rollout restart deployment web-dashboard
$(eval $(call build_image_rules,./controller,controller))
$(eval $(call build_image_rules,./dashboard,web-dashboard))
$(eval $(call build_image_rules,./reporter,reporter))
$(eval $(call build_image_rules,./series-tracker,series-tracker))
$(eval $(call build_image_rules,./db-mgmt,db-mgmt))
$(eval $(call build_image_rules,./workflow/triage-step,triage-step))
$(eval $(call build_image_rules,./workflow/build-step,build-step))
$(eval $(call build_image_rules,./workflow/fuzz-step,fuzz-step))
$(eval $(call build_image_rules,./workflow/boot-step,boot-step))

build-reporter-dev:
eval $$(minikube docker-env);\
docker build -t reporter-image-local -f ./reporter/Dockerfile ../
IMAGES := controller web-dashboard reporter series-tracker db-mgmt triage-step build-step boot-step fuzz-step
BUILD_TARGETS := $(addprefix build-, $(IMAGES))
PUSH_TARGETS := $(addprefix push-, $(IMAGES))

install-dev-config:
minikube kubectl -- apply -f ./overlays/dev/global-config.yaml
.PHONY: build-all push-all deploy-series-tracker run-series-tracker install-dev-config build-go-tests-dev run-go-tests-dev restart-spanner kustomize-dev

build-db-mgmt-dev:
eval $$(minikube docker-env);\
docker build -t db-mgmt-local -f ./db-mgmt/Dockerfile ../
build-all: $(BUILD_TARGETS)

build-triage-step-dev:
eval $$(minikube docker-env);\
docker build -t triage-step-local -f ./workflow/triage-step/Dockerfile ../
push-all: $(PUSH_TARGETS)

build-build-step-dev:
eval $$(minikube docker-env);\
docker build -t build-step-local -f ./workflow/build-step/Dockerfile ../
deploy-series-tracker: build-series-tracker
@kubectl rollout restart deployment series-tracker

build-boot-step-dev:
eval $$(minikube docker-env);\
docker build -t boot-step-local -f ./workflow/boot-step/Dockerfile ../
run-series-tracker: build-series-tracker
./run-local.sh series-tracker

build-fuzz-step-dev:
eval $$(minikube docker-env);\
docker build -t fuzz-step-local -f ./workflow/fuzz-step/Dockerfile ../
deploy-web-dashboard: build-web-dashboard
@kubectl rollout restart deployment web-dashboard

install-dev-config:
minikube kubectl -- apply -f ./overlays/dev/global-config.yaml

build-go-tests-dev:
eval $$(minikube docker-env);\
docker build -t go-tests-local -f Dockerfile.go-tests ../

build-workflow-dev: build-triage-step-dev build-build-step-dev build-boot-step-dev build-fuzz-step-dev

all-containers: build-controller-dev build-series-tracker-dev build-db-mgmt-dev build-web-dashboard-dev build-reporter-dev build-workflow-dev

run-go-tests-dev: build-go-tests-dev
./run-local.sh go-tests

restart-spanner: build-db-mgmt-dev
restart-spanner: build-db-mgmt
minikube addons disable cloud-spanner;
minikube addons enable cloud-spanner;
./run-local.sh db-mgmt migrate

k8s-config-dev:
@kubectl kustomize ./overlays/minikube/ | IMAGE_PREFIX=${IMAGE_PREFIX} IMAGE_TAG=${IMAGE_TAG} envsubst

migrate-job.yaml:
@if [ -z "${SPANNER_DATABASE_URI}" ]; then \
echo "Error: SPANNER_DATABASE_URI must be defined."; \
exit 1; \
fi
@cat db-mgmt/migrate-job.yaml | IMAGE_PREFIX=${IMAGE_PREFIX} IMAGE_TAG=${IMAGE_TAG} envsubst
5 changes: 3 additions & 2 deletions syz-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,14 @@ $ minikube addons enable cloud-spanner
```
3. Build all docker containers (might take a while):
```
$ make all-containers
$ eval $(minikube docker-env)
$ make build-all
```
4. Deploy the cluster:
```
$ make restart-spanner
$ kubectl create namespace argo
$ kubectl apply -k ./overlays/dev/
$ make k8s-config-dev | kubectl apply -f -
```
5. (Optional) Pre-fetch the kernel git repository:
```
Expand Down
3 changes: 2 additions & 1 deletion syz-cluster/controller/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ spec:
labels:
app: controller
spec:
serviceAccountName: gke-service-ksa
containers:
- name: controller-image
image: controller-image # The actual image name is set in overalys.
image: ${IMAGE_PREFIX}controller:${IMAGE_TAG}
envFrom:
- configMapRef:
name: global-config
Expand Down
3 changes: 2 additions & 1 deletion syz-cluster/dashboard/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ spec:
labels:
app: web-dashboard
spec:
serviceAccountName: gke-service-ksa
containers:
- name: web-dashboard-image
image: web-dashboard-image
image: ${IMAGE_PREFIX}web-dashboard:${IMAGE_TAG}
envFrom:
- configMapRef:
name: global-config
Expand Down
23 changes: 0 additions & 23 deletions syz-cluster/db-mgmt/deployment.yaml
View file
Open in desktop

This file was deleted.

19 changes: 19 additions & 0 deletions syz-cluster/db-mgmt/migrate-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright 2025 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

apiVersion: batch/v1
kind: Job
metadata:
name: db-migrate-job
spec:
template:
spec:
serviceAccountName: gke-service-ksa
containers:
- name: migrate
image: ${IMAGE_PREFIX}db-mgmt:${IMAGE_TAG}
env:
- name: SPANNER_DATABASE_URL
value: "${SPANNER_DATABASE_URI}"
args: ["migrate"]
restartPolicy: Never
16 changes: 16 additions & 0 deletions syz-cluster/overlays/common/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,22 @@
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

resources:
- https://github.com/argoproj/argo-workflows/releases/download/v3.6.2/install.yaml
- ../../controller
- ../../dashboard
- ../../series-tracker
- ../../kernel-disk
- ../../reporter
- ../../workflow
- network-deny-all.yaml
- network-policy-controller.yaml
- network-policy-git-access.yaml
- workflow-roles.yaml

patches:
- target:
kind: Deployment
patch: |-
- op: replace
path: /spec/template/spec/containers/0/imagePullPolicy
value: IfNotPresent
4 changes: 2 additions & 2 deletions syz-cluster/overlays/dev/workflow-roles.yaml → ...uster/overlays/common/workflow-roles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ metadata:
namespace: default
subjects:
- kind: ServiceAccount
name: default
name: gke-service-ksa
namespace: default
roleRef:
kind: Role
Expand Down Expand Up @@ -79,7 +79,7 @@ roleRef:
name: executor
subjects:
- kind: ServiceAccount
name: default
name: gke-service-ksa
namespace: default

---
Expand Down
44 changes: 0 additions & 44 deletions syz-cluster/overlays/dev/kustomization.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion syz-cluster/overlays/dev/fake-gcs.yaml → syz-cluster/overlays/minikube/fake-gcs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
initContainers:
- name: create-test-bucket
image: busybox
command: ["sh", "-c", "mkdir -p /data/test-bucket /data/blobs"]
command: ["sh", "-c", "mkdir -p /data/workflow-artifacts /data/blobs"]
volumeMounts:
- name: data-volume
mountPath: /data
Expand Down
0 syz-cluster/overlays/dev/global-config.yaml → ...ster/overlays/minikube/global-config.yaml
View file
Open in desktop
File renamed without changes.
23 changes: 23 additions & 0 deletions syz-cluster/overlays/minikube/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Copyright 2025 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

resources:
- service-accounts.yaml
- ../common
- global-config.yaml
- fake-gcs.yaml
- network-policy-spanner.yaml
- workflow-artifacts.yaml

patches:
- target:
kind: ConfigMap
name: workflow-controller-configmap
patch: |-
- op: replace
path: /data
value:
executor: |
env:
- name: STORAGE_EMULATOR_HOST
value: http://fake-gcs-server.default.svc.cluster.local:4443
0 .../overlays/dev/network-policy-spanner.yaml → ...lays/minikube/network-policy-spanner.yaml
View file
Open in desktop
File renamed without changes.
8 changes: 8 additions & 0 deletions syz-cluster/overlays/minikube/service-accounts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Copyright 2025 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

apiVersion: v1
kind: ServiceAccount
metadata:
name: gke-service-ksa
namespace: default
2 changes: 1 addition & 1 deletion ...ster/overlays/dev/workflow-artifacts.yaml → ...overlays/minikube/workflow-artifacts.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ metadata:
data:
gcs-repo: |
gcs:
bucket: test-bucket
bucket: workflow-artifacts
5 changes: 4 additions & 1 deletion syz-cluster/pkg/db/spanner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,10 @@ func RunMigrations(ctx context.Context, uri string) error {
return err
}
m, err := migrate.NewWithInstance("iofs", sourceDriver, "spanner", dbDriver)
if err != nil {
if err == migrate.ErrNoChange {
// This is not a problem.
return nil
} else if err != nil {
return err
}
return m.Up()
Expand Down
3 changes: 2 additions & 1 deletion syz-cluster/reporter/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,10 @@ spec:
labels:
app: reporter
spec:
serviceAccountName: gke-service-ksa
containers:
- name: reporter-image
image: reporter-image # The actual image name is set in overalys.
image: ${IMAGE_PREFIX}reporter:${IMAGE_TAG}
envFrom:
- configMapRef:
name: global-config
Expand Down
2 changes: 1 addition & 1 deletion syz-cluster/run-local.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ alias kubectl="minikube kubectl --"
# Clean up in case the run comand was prematurely aborted.
# TODO: find out how to rely on envs from overlays/dev/global-config.yaml.
kubectl delete pod run-local >/dev/null 2>&1 || true
kubectl run run-local --image="$name-local" \
kubectl run run-local --image="local/$name" \
--image-pull-policy=Never \
--restart=Never \
--env="SPANNER_EMULATOR_HOST=cloud-spanner-emulator:9010" \
Expand Down
2 changes: 1 addition & 1 deletion syz-cluster/series-tracker/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: series-tracker-image
image: series-tracker-image
image: ${IMAGE_PREFIX}series-tracker:${IMAGE_TAG}
envFrom:
- configMapRef:
name: global-config
Expand Down
2 changes: 1 addition & 1 deletion syz-cluster/workflow/boot-step/workflow-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
- name: kernel
path: /base
container:
image: boot-step-local
image: ${IMAGE_PREFIX}boot-step:${IMAGE_TAG}
imagePullPolicy: IfNotPresent
command: ["/bin/boot-step"]
args: [
Expand Down
2 changes: 1 addition & 1 deletion syz-cluster/workflow/build-step/workflow-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ spec:
capabilities:
add: ["SYS_ADMIN"]
container:
image: build-step-local
image: ${IMAGE_PREFIX}build-step:${IMAGE_TAG}
imagePullPolicy: IfNotPresent
command: ["/bin/build-step"]
args: [
Expand Down
Loading