Skip to content

Commit 1dedfdd

Browse files
DevinwongCopilot
andcommitted
feat(anc): add check-hotfix subcommand to read hotfix pointer from LPS
Add a fail-open 'check-hotfix' CLI subcommand that reads the base->hotfix pointer map from the live-patching-service (LPS) over the IMDS-attested SNI path that is reachable pre-kubelet, and stages the resolved {hotfixes:{...}} pointer to the path download-hotfix already reads. download-hotfix keeps its unchanged patch-only, strictly-higher gating; check-hotfix only fetches and writes the pointer. - Raw net/http HTTPS GET (no client-go). TLS ServerName pinned to the LPS SNI host while the TCP dial is forced to the apiserver FQDN (curl --resolve trick); Authorization is the IMDS attested-data signature; the server cert is verified against the cluster CA from the provision-config. - FQDN + cluster CA come from the AKSNodeConfig ANC already parses (the only credential source present pre-provisioning); caSource is logged. - Shares the hotfixConfig parser/data contract with download-hotfix. - Always exits 0; emits CheckHotfix telemetry (lpsRead, noHotfixForBase, noHotfixAvailable, customDataFallback, failed). - A reachable LPS with no hotfix published for this node (HTTP 401, 403, 404) is a benign no-op (noHotfixAvailable): no overlay is staged and it is never classified as a failure. Only transport/5xx failures fall back. - PoC cold-start fallback reads a lenient top-level hotfixes object from the node config when the LPS read fails (TODO: typed contract field). - Injectable App fields (checkHotfixFetcher, fetchAttestedToken, nodeConfigPath) for network-free unit tests. - The LPS route + response schema are a planned-maintenance deliverable that is not finalized; lpsHotfixPath is a clearly-marked placeholder with a TODO. The IMDS/LPS client helpers mirror the connectivity prototype and should be de-duplicated into a shared LPS client when that lands. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 5a1778c commit 1dedfdd

3 files changed

Lines changed: 1140 additions & 0 deletions

File tree

aks-node-controller/app.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,11 +43,23 @@ type App struct {
4343
eventLogger *helpers.EventLogger
4444

4545
// hotfixVersionPath overrides the default hotfix version file location for testing.
46+
// It is also the path check-hotfix writes the resolved pointer to.
4647
hotfixVersionPath string
4748
// aptSourcesDir overrides the default APT sources directory for testing.
4849
aptSourcesDir string
4950
// nodeCustomDataPath overrides the default nodecustomdata path for testing.
5051
nodeCustomDataPath string
52+
// nodeConfigPath overrides the default AKSNodeConfig path for testing. It is the
53+
// source for check-hotfix's LPS endpoint (apiserver FQDN + cluster CA) and the
54+
// cold-start fallback pointer.
55+
nodeConfigPath string
56+
// checkHotfixFetcher overrides the real LPS hotfix-pointer GET for testing, letting
57+
// unit tests inject a canned pointer body or errors without real networking.
58+
checkHotfixFetcher func(ctx context.Context) ([]byte, error)
59+
// fetchAttestedToken overrides retrieval of the IMDS attested-data token used as the
60+
// Authorization header for the check-hotfix LPS fetch. When nil, the real IMDS endpoint
61+
// is queried.
62+
fetchAttestedToken func(ctx context.Context) (string, error)
5163
}
5264

5365
// provision.json values are emitted as strings by the shell jq invocation.
@@ -137,6 +149,16 @@ func (a *App) Run(ctx context.Context, args []string) int {
137149
return a.runDownloadHotfixCommand(ctx)
138150
},
139151
},
152+
{
153+
Name: "check-hotfix",
154+
Usage: "Read the hotfix pointer from the live-patching-service and stage it (fail-open)",
155+
Action: func(ctx context.Context, cmd *cli.Command) error {
156+
if len(cmd.Args().Slice()) > 0 {
157+
return fmt.Errorf("unexpected check-hotfix arguments: %s", strings.Join(cmd.Args().Slice(), " "))
158+
}
159+
return a.runCheckHotfixCommand(ctx)
160+
},
161+
},
140162
},
141163
}
142164

0 commit comments

Comments
 (0)