Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSPP] OTA(Over-The-Air) Upgrades For Edge Node #5589

Open
4 tasks
WillardHu opened this issue May 7, 2024 · 0 comments
Open
4 tasks

[OSPP] OTA(Over-The-Air) Upgrades For Edge Node #5589

WillardHu opened this issue May 7, 2024 · 0 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@WillardHu
Copy link
Collaborator

WillardHu commented May 7, 2024
edited

What would you like to be added/modified:

  • Update the proposal of the NodeUpgradeJob;
  • During the edge node upgrade, the keadm can verify the image digest. If the image is invalid, the edge node cannot be upgraded and an error message is reported;
  • If the edge node upgrade confirmation is enabled, the upgrade cannot be executes before the confirmation and the job will always be waiting;
  • Users can call the metaserver API or execute command keadm ctl ... to confirm the upgrade;

Why is this needed:

In order to make the edge node more convenient and rapid upgrade, we introduce a remote upgrade scheme OTA (Over-The-Air) into KubeEdge. In the main process of OTA(i.e. make the bundle, download the bundle, verify the bundle and firmware upgrade), we have realized most steps. Our release will generate a new image version called installation-package, then we use the NodeUpgradeJob CRD to obtain the installation tool keadm in the image and run the command to upgrade the edge node. During this process, if the hacker masquerades the image in the edge node, this will result in the untrusted binary keadm. We need to verify the digest of the image before the keadm executes the upgrade, which is the third step of OTA to verify the bundle. And in some business scenarios (Internet of vehicles, Internet of Things), we also need to provide an option to make the node wait for confirmation from a person with permission before upgrading the edge node. In order to fulfill the above requirements, we need you to complete these tasks:

  1. We expect you to complete the validation of the image digest before the edge node upgrade;
  2. We expect you to add a field to define whether the edge node upgrade confirmation is required. If required, wait for the confirmation before upgrade the node;
  3. We expect you to provide an API in MetaService to confirm the edge node upgrade, and provide a command in the subcommand keadm ctl too;

Refer:
@WillardHu WillardHu added the kind/feature Categorizes issue or PR as related to a new feature. label May 7, 2024
@WillardHu WillardHu changed the title [OSPP] OTA(Over-The-Air) Upgrades for edge node [OSPP] OTA(Over-The-Air) Upgrades For Edge Node May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@WillardHu