Enterprise-style OTA: control plane (NATS), data plane (S3-compatible storage + presigned HTTPS), Go orchestrator, and a React command center — split signaling from multi-gigabyte firmware blobs.
Low-latency fleet commands over NATS; large firmware binaries over HTTPS directly to object storage — never through the message broker.
NATS — durable commands and vehicle status. Small messages only.
Presigned URLs — time-limited HTTPS downloads from object storage.
React + TypeScript command center for campaigns and fleet visibility (Phase 4).
MinIO (firmware bucket), init job, presign-api on port 8080. Dev credentials — rotate for shared environments.
k8s/ manifests for namespace overdrive-ota — same data-plane slice in-cluster.
| Service | Ports | Role |
|---|---|---|
| minio | 9000 API · 9001 console | S3-compatible firmware storage |
| presign-api | 8080 | Presigned GET URLs · /healthz · /metrics |
docker compose up --build
curl -sS -X POST http://localhost:8080/v1/presign \
-H "Authorization: Bearer dev-local-key" \
-H "Content-Type: application/json" \
-d '{"object_key":"firmware/v1/hello.bin"}'
Compose, K8s, smoke scripts — implemented today.
Subscribe, HTTPS download, publish state transitions.
Campaigns, state machine, canary — aligns with plan-docs K8s deployment.
Real-time fleet UI wired to orchestrator + NATS.
Retry-safe commands, chaos validation.
Authorization: Bearer or X-API-Key. Keys via PRESIGN_API_KEYS env.
Strict object_key format — no path traversal, no arbitrary URLs.
Prometheus metrics: ota_active_campaigns, ota_vehicle_updates_total, ota_nats_processing_latency (orchestrator phases).
Signaling stays fast on NATS; firmware stays on object storage with presigned HTTPS — the foundation for safe, scalable vehicle updates.