Fleet OTA Orchestration Platform

Overdrive OTA Manager

Enterprise-style OTA: control plane (NATS), data plane (S3-compatible storage + presigned HTTPS), Go orchestrator, and a React command center — split signaling from multi-gigabyte firmware blobs.

NATS JetStream MinIO / S3 Go presign-api Kubernetes Docker Compose Rust vehicle sim (planned)
02 / 06
Architecture

Split-plane design

Low-latency fleet commands over NATS; large firmware binaries over HTTPS directly to object storage — never through the message broker.

React Command Center │ HTTPS ▼ Go Orchestrator ──► PostgreSQL (campaigns) · Redis (live state) │ ├──► NATS JetStream (commands, status per VIN) │ └──► presign-api ──► MinIO / S3 (firmware bucket) Rust Vehicle Simulator (edge) │ subscribe commands (small payload + presigned URL) ├──► HTTPS GET firmware ──► object storage └──► publish status ──► NATS

Control plane

NATS — durable commands and vehicle status. Small messages only.

Data plane

Presigned URLs — time-limited HTTPS downloads from object storage.

Presentation

React + TypeScript command center for campaigns and fleet visibility (Phase 4).

03 / 06
Phase 1 (today)

Data plane running now

Docker Compose stack

MinIO (firmware bucket), init job, presign-api on port 8080. Dev credentials — rotate for shared environments.

Kubernetes

k8s/ manifests for namespace overdrive-ota — same data-plane slice in-cluster.

ServicePortsRole
minio9000 API · 9001 consoleS3-compatible firmware storage
presign-api8080Presigned GET URLs · /healthz · /metrics
docker compose up --build

curl -sS -X POST http://localhost:8080/v1/presign \
  -H "Authorization: Bearer dev-local-key" \
  -H "Content-Type: application/json" \
  -d '{"object_key":"firmware/v1/hello.bin"}'
04 / 06
Roadmap

Phased delivery

P1

Object storage + presign-api

Compose, K8s, smoke scripts — implemented today.

P2

NATS + Rust vehicle simulator

Subscribe, HTTPS download, publish state transitions.

P3

Go orchestrator

Campaigns, state machine, canary — aligns with plan-docs K8s deployment.

P4

React command center

Real-time fleet UI wired to orchestrator + NATS.

P5

Idempotency + chaos

Retry-safe commands, chaos validation.

05 / 06
Presign API

Secure object keys

Auth

Authorization: Bearer or X-API-Key. Keys via PRESIGN_API_KEYS env.

Validation

Strict object_key format — no path traversal, no arbitrary URLs.

Observability

Prometheus metrics: ota_active_campaigns, ota_vehicle_updates_total, ota_nats_processing_latency (orchestrator phases).

06 / 06
Summary

Fleet OTA with the right bytes on the right plane

Signaling stays fast on NATS; firmware stays on object storage with presigned HTTPS — the foundation for safe, scalable vehicle updates.

github.com/vgandhi1/Overdrive-OTA-Manager plan-docs/architecture.md
View Repository →