syz-cluster: use kubectl for one-off fetch kernels run

Refactor the cron job that pulls the base kernels once in a while to
enable its manual triggering without installing the Argo CLI utility.

Author: a-nogikh

syz-cluster/Makefile

@@ -87,6 +87,9 @@ k8s-config-gke: ensure-spanner-database-uri-env ensure-blob-storage-env ensure-w
 migrate-job.yaml: ensure-spanner-database-uri-env
 	@cat db-mgmt/migrate-job.yaml | IMAGE_PREFIX=${IMAGE_PREFIX} IMAGE_TAG=${IMAGE_TAG} envsubst
 
+fetch-kernels-once.yaml:
+	@cat kernel-disk/fetch-kernels-once.yaml
+
 ensure-spanner-database-uri-env:
 	@if [ -z "${SPANNER_DATABASE_URI}" ]; then \
                 echo "Error: SPANNER_DATABASE_URI must be defined."; \

syz-cluster/README.md

@@ -27,7 +27,7 @@ $ make k8s-config-dev | kubectl apply -f -
 ```
 5. (Optional) Pre-fetch the kernel git repository:
 ```
-$ argo submit --from cronwf/fetch-kernels-cron
+$ make fetch-kernels-once.yaml | kubectl create -f -
 ```
 
 ## Developmental tips

syz-cluster/kernel-disk/fetch-kernels-cron.yaml

@@ -11,65 +11,5 @@ spec:
   concurrencyPolicy: "Replace"
   startingDeadlineSeconds: 0
   workflowSpec:
-    entrypoint: main
-    podMetadata:
-      labels:
-        tier: workflow
-    serviceAccountName: argo-executor-ksa
-    templates:
-    - name: main
-      parallelism: 1
-      steps:
-        - - name: query-trees
-            template: query-trees-template
-        - - name: iterate-trees
-            template: process-tree
-            arguments:
-              parameters:
-                - name: tree
-                  value: "{{item}}"
-            withParam: "{{=jsonpath(steps['query-trees'].outputs.result, '$.trees')}}"
-            continueOn:
-              failed: true
-    - name: query-trees-template
-      http:
-        url: "http://controller-service:8080/trees"
-        method: "GET"
-    - name: process-tree
-      inputs:
-        parameters:
-          - name: tree
-      volumes:
-        - name: git-repo
-          persistentVolumeClaim:
-            claimName: base-kernel-repo-pv-claim
-      container:
-        image: alpine/git:latest
-        imagePullPolicy: IfNotPresent
-        volumeMounts:
-          - name: git-repo
-            mountPath: /repo.git
-        resources:
-          requests:
-            cpu: 4
-            memory: 8G
-          limits:
-            cpu: 8
-            memory: 16G
-        command:
-          - "/bin/sh"
-          - "-c"
-          - |
-            cd /repo.git
-            if [ ! -d "refs" ]; then
-              git init --bare
-            fi
-            NAME="{{=jsonpath(inputs.parameters.tree, '$.name')}}"
-            REPO="{{=jsonpath(inputs.parameters.tree, '$.URL')}}"
-            BRANCH="{{=jsonpath(inputs.parameters.tree, '$.branch')}}"
-            echo "${NAME}: ${REPO}/${BRANCH}"
-            if ! git config --get remote.${NAME}.url > /dev/null; then
-              git remote add ${NAME} ${REPO}
-            fi
-            git fetch ${NAME} ${BRANCH} --tags
-            git tag -f ${NAME}-head ${NAME}/${BRANCH}
+    workflowTemplateRef:
+      name: fetch-kernels-workflow-template

syz-cluster/kernel-disk/fetch-kernels-once.yaml

@@ -0,0 +1,10 @@
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: fetch-kernels-manual-
+spec:
+  workflowTemplateRef:
+    name: fetch-kernels-workflow-template

syz-cluster/kernel-disk/fetch-kernels-template.yaml

@@ -0,0 +1,70 @@
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+apiVersion: argoproj.io/v1alpha1
+kind: WorkflowTemplate
+metadata:
+  name: fetch-kernels-workflow-template
+spec:
+  entrypoint: main
+  podMetadata:
+    labels:
+      tier: workflow
+  serviceAccountName: argo-executor-ksa
+  templates:
+    - name: main
+      parallelism: 1
+      steps:
+        - - name: query-trees
+            template: query-trees-template
+        - - name: iterate-trees
+            template: process-tree
+            arguments:
+              parameters:
+                - name: tree
+                  value: "{{item}}"
+            withParam: "{{=jsonpath(steps['query-trees'].outputs.result, '$.trees')}}"
+            continueOn:
+              failed: true
+    - name: query-trees-template
+      http:
+        url: "http://controller-service:8080/trees"
+        method: "GET"
+    - name: process-tree
+      inputs:
+        parameters:
+          - name: tree
+      volumes:
+        - name: git-repo
+          persistentVolumeClaim:
+            claimName: base-kernel-repo-pv-claim
+      container:
+        image: alpine/git:latest
+        imagePullPolicy: IfNotPresent
+        volumeMounts:
+          - name: git-repo
+            mountPath: /repo.git
+        resources:
+          requests:
+            cpu: 4
+            memory: 8G
+          limits:
+            cpu: 8
+            memory: 16G
+        command:
+          - "/bin/sh"
+          - "-c"
+          - |
+            cd /repo.git
+            if [ ! -d "refs" ]; then
+              git init --bare
+            fi
+            NAME="{{=jsonpath(inputs.parameters.tree, '$.name')}}"
+            REPO="{{=jsonpath(inputs.parameters.tree, '$.URL')}}"
+            BRANCH="{{=jsonpath(inputs.parameters.tree, '$.branch')}}"
+            echo "${NAME}: ${REPO}/${BRANCH}"
+            if ! git config --get remote.${NAME}.url > /dev/null; then
+              git remote add ${NAME} ${REPO}
+            fi
+            git fetch ${NAME} ${BRANCH} --tags
+            git tag -f ${NAME}-head ${NAME}/${BRANCH}

syz-cluster/kernel-disk/kustomization.yaml

@@ -2,4 +2,5 @@
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
 resources:
+  - fetch-kernels-template.yaml
   - fetch-kernels-cron.yaml