github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/syz-cluster/workflow/fuzz-step/workflow-template.yaml (about) 1 # Copyright 2025 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 apiVersion: argoproj.io/v1alpha1 5 kind: WorkflowTemplate 6 metadata: 7 name: fuzz-step-template 8 spec: 9 templates: 10 - name: fuzz-step 11 inputs: 12 parameters: 13 - name: base-build-id 14 value: "" 15 - name: patched-build-id 16 value: "" 17 artifacts: 18 - name: base-kernel 19 path: /base 20 - name: patched-kernel 21 path: /patched 22 - name: config 23 path: /tmp/config.json 24 timeout: 4h 25 container: 26 image: ${IMAGE_PREFIX}fuzz-step:${IMAGE_TAG} 27 imagePullPolicy: IfNotPresent 28 command: ["/bin/fuzz-step"] 29 args: [ 30 "--config", "/tmp/config.json", 31 "--session", "{{workflow.parameters.session-id}}", 32 "--base_build", "{{inputs.parameters.base-build-id}}", 33 "--patched_build", "{{inputs.parameters.patched-build-id}}", 34 "--time", "3h", 35 "--workdir", "/workdir", 36 "--vv", "1" 37 ] 38 resources: 39 requests: 40 cpu: 24 41 memory: 90G 42 limits: 43 cpu: 30 44 memory: 96G 45 volumeMounts: 46 - name: workdir 47 mountPath: /workdir 48 - name: dev-kvm 49 mountPath: /dev/kvm 50 # Needed for /dev/kvm. 51 # TODO: there's a "device plugin" mechanism in k8s that can share it more safely. 52 securityContext: 53 privileged: true 54 volumes: 55 - name: workdir 56 emptyDir: {} 57 - name: output 58 emptyDir: {} 59 - name: dev-kvm 60 hostPath: 61 path: /dev/kvm 62 type: CharDevice