[ ] During the edge node upgrade, the keadm can verify the image digest. If the image is invalid, the edge node cannot be upgraded and an error message is reported;
[ ] If the edge node upgrade confirmation is enabled, the upgrade cannot be executes before the confirmation and the job will always be waiting;
[ ] Users can call the metaserver API or execute command keadm ctl ... to confirm the upgrade;
Why is this needed:
In order to make the edge node more convenient and rapid upgrade, we introduce a remote upgrade scheme OTA (Over-The-Air) into KubeEdge. In the main process of OTA(i.e. make the bundle, download the bundle, verify the bundle and firmware upgrade), we have realized most steps. Our release will generate a new image version called installation-package, then we use the NodeUpgradeJob CRD to obtain the installation tool keadm in the image and run the command to upgrade the edge node. During this process, if the hacker masquerades the image in the edge node, this will result in the untrusted binary keadm. We need to verify the digest of the image before the keadm executes the upgrade, which is the third step of OTA to verify the bundle. And in some business scenarios (Internet of vehicles, Internet of Things), we also need to provide an option to make the node wait for confirmation from a person with permission before upgrading the edge node. In order to fulfill the above requirements, we need you to complete these tasks:
We expect you to complete the validation of the image digest before the edge node upgrade;
We expect you to add a field to define whether the edge node upgrade confirmation is required. If required, wait for the confirmation before upgrade the node;
We expect you to provide an API in MetaService to confirm the edge node upgrade, and provide a command in the subcommand keadm ctl too;
What would you like to be added/modified:
keadm ctl ...
to confirm the upgrade;Why is this needed:
In order to make the edge node more convenient and rapid upgrade, we introduce a remote upgrade scheme OTA (Over-The-Air) into KubeEdge. In the main process of OTA(i.e. make the bundle, download the bundle, verify the bundle and firmware upgrade), we have realized most steps. Our release will generate a new image version called installation-package, then we use the NodeUpgradeJob CRD to obtain the installation tool keadm in the image and run the command to upgrade the edge node. During this process, if the hacker masquerades the image in the edge node, this will result in the untrusted binary keadm. We need to verify the digest of the image before the keadm executes the upgrade, which is the third step of OTA to verify the bundle. And in some business scenarios (Internet of vehicles, Internet of Things), we also need to provide an option to make the node wait for confirmation from a person with permission before upgrading the edge node. In order to fulfill the above requirements, we need you to complete these tasks:
keadm ctl
too;Refer: