syz-cluster: enforce pod to node assignment

On GKE, we use a separate node pool that supports nested virtualization. Taints and tolerations (that were used before) only make sure that no other pods are scheduled there, but are not enough to make sure that the pods that do need nested virtualization will end up there. Use nodeSelector to force the affinity.
author: Aleksandr Nogikh <nogikh@google.com> 2025-04-16 12:25:32 +0200
committer: Aleksandr Nogikh <nogikh@google.com> 2025-04-17 08:16:37 +0000
commit: 2a6ededbf54a9f8ac036ad0ebfc673934f93fde9 (patch)
tree: f861c782b9e6799aa6cb88ef8d6e38051c2d08bf
parent: 229db4cff1245e6c493ba0cb4d53e799a041015e (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/syz-cluster/overlays/gke/kustomization.yaml b/syz-cluster/overlays/gke/kustomization.yaml
index bdf53c431..ed2846a29 100644
--- a/syz-cluster/overlays/gke/kustomization.yaml
+++ b/syz-cluster/overlays/gke/kustomization.yaml
@@ -13,7 +13,7 @@ resources:
 patches:
   - target:
       kind: WorkflowTemplate
-      name: boot-step-template
+      name: (boot|fuzz)-step-template
     patch: |-
       - op: replace
         path: /spec/templates/0/tolerations
@@ -24,12 +24,9 @@ patches:
               effect: "NoSchedule"
   - target:
       kind: WorkflowTemplate
-      name: fuzz-step-template
+      name: (boot|fuzz)-step-template
     patch: |-
       - op: replace
-        path: /spec/templates/0/tolerations
+        path: /spec/templates/0/nodeSelector
         value:
-            - key: "workload"
-              operator: "Equal"
-              value: "nested-vm"
-              effect: "NoSchedule"
+          cloud.google.com/gke-nodepool: nested-vm-pool
author	Aleksandr Nogikh <nogikh@google.com>	2025-04-16 12:25:32 +0200
committer	Aleksandr Nogikh <nogikh@google.com>	2025-04-17 08:16:37 +0000
commit	2a6ededbf54a9f8ac036ad0ebfc673934f93fde9 (patch)
tree	f861c782b9e6799aa6cb88ef8d6e38051c2d08bf
parent	229db4cff1245e6c493ba0cb4d53e799a041015e (diff)