This document outlines the implementation plan for 4 major features:
- Multi-Cluster Support - Manage multiple Kubernetes clusters
- RBAC Integration - Role-based access control
- Helm Chart Deployment UI - Visual Helm management
- Cost Analysis Dashboard - Resource cost monitoring
┌─────────────────────────────────────────────────────────┐
│ Frontend │
│ ┌─────────────────────────────────────────────────┐ │
│ │ ClusterContext (active cluster, available list) │ │
│ └─────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ ClusterSwitcher (header dropdown) │ │
│ └─────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Backend │
│ ┌─────────────────────────────────────────────────┐ │
│ │ ClusterService (manages multiple K8s clients) │ │
│ └─────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ /api/v1/clusters/* endpoints │ │
│ └─────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
New Files:
backend/app/services/cluster_service.py- Multi-cluster managementbackend/app/schemas/cluster.py- Cluster schemasbackend/app/api/routes/clusters.py- Cluster endpoints
Changes:
backend/app/core/config.py- Add cluster configurationbackend/app/services/kubernetes_service.py- Accept cluster parameter- All existing K8s routes - Add
cluster_idquery parameter
Cluster Configuration (config.py):
CLUSTERS: List[Dict] = [
{
"id": "default",
"name": "Local Cluster",
"kubeconfig_path": "~/.kube/config",
"context": None, # Use default context
"is_default": True
}
]API Endpoints:
| Endpoint | Method | Description |
|---|---|---|
/api/v1/clusters |
GET | List all configured clusters |
/api/v1/clusters/{id} |
GET | Get cluster details & status |
/api/v1/clusters/{id}/health |
GET | Check cluster connectivity |
/api/v1/clusters/active |
GET | Get current active cluster |
/api/v1/clusters/active |
PUT | Set active cluster |
New Files:
frontend/src/contexts/ClusterContext.tsx- Cluster state managementfrontend/src/components/common/ClusterSwitcher.tsx- Header dropdown
Changes:
frontend/src/App.tsx- Add ClusterProviderfrontend/src/components/common/Layout.tsx- Add ClusterSwitcher to headerfrontend/src/services/api.ts- Add cluster parameter to all K8s calls
ClusterContext Interface:
interface ClusterContextType {
clusters: Cluster[];
activeCluster: Cluster | null;
setActiveCluster: (clusterId: string) => void;
refreshClusters: () => void;
loading: boolean;
}┌─────────────────────────────────────────────────────────┐
│ Authentication Flow │
│ │
│ Login → JWT Token → Store in localStorage → API Header │
│ │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Authorization Flow │
│ │
│ Request → JWT Validation → Role Check → Action Guard │
│ │
└─────────────────────────────────────────────────────────┘
| Role | Permissions |
|---|---|
| viewer | Read-only access to all resources |
| operator | Viewer + scale, restart, view logs |
| developer | Operator + deploy, exec, kubectl |
| admin | Full access including RBAC management |
New Files:
backend/app/services/auth_service.py- Authentication logicbackend/app/schemas/auth.py- Auth schemasbackend/app/api/routes/auth.py- Auth endpointsbackend/app/core/security.py- JWT utilitiesbackend/app/middleware/auth.py- Auth middlewarebackend/app/models/user.py- User model (SQLite/JSON storage)
API Endpoints:
| Endpoint | Method | Description |
|---|---|---|
/api/v1/auth/login |
POST | User login, returns JWT |
/api/v1/auth/logout |
POST | Invalidate token |
/api/v1/auth/me |
GET | Current user info |
/api/v1/auth/refresh |
POST | Refresh JWT token |
/api/v1/users |
GET | List users (admin only) |
/api/v1/users |
POST | Create user (admin only) |
/api/v1/users/{id} |
PUT | Update user (admin only) |
/api/v1/users/{id} |
DELETE | Delete user (admin only) |
/api/v1/audit |
GET | Get audit logs |
Permission Guard Decorator:
@require_permission("deployments:scale")
async def scale_deployment(...):
...New Files:
frontend/src/contexts/AuthContext.tsx- Auth state managementfrontend/src/components/auth/LoginPage.tsx- Login formfrontend/src/components/auth/ProtectedRoute.tsx- Route guardfrontend/src/components/admin/UserManagement.tsx- User CRUD
Changes:
frontend/src/App.tsx- Add AuthProvider, protected routesfrontend/src/services/api.ts- Add auth header interceptor- All action buttons - Check permissions before rendering
AuthContext Interface:
interface AuthContextType {
user: User | null;
token: string | null;
login: (username: string, password: string) => Promise<void>;
logout: () => void;
hasPermission: (permission: string) => boolean;
isAuthenticated: boolean;
}Every user action logged with:
- Timestamp
- User ID
- Action type
- Resource affected
- Request details
- Response status
┌─────────────────────────────────────────────────────────┐
│ Helm UI Flow │
│ │
│ Browse Repos → Select Chart → Configure Values → Deploy │
│ │
└─────────────────────────────────────────────────────────┘
New Files:
backend/app/services/helm_service.py- Helm operationsbackend/app/schemas/helm.py- Helm schemasbackend/app/api/routes/helm.py- Helm endpoints
Helm Operations (using subprocess with helm CLI):
class HelmService:
async def list_repos(self) -> List[HelmRepo]
async def add_repo(self, name: str, url: str) -> bool
async def search_charts(self, keyword: str) -> List[HelmChart]
async def get_chart_values(self, chart: str) -> dict
async def list_releases(self, namespace: str) -> List[HelmRelease]
async def install(self, release: str, chart: str, values: dict) -> HelmRelease
async def upgrade(self, release: str, chart: str, values: dict) -> HelmRelease
async def rollback(self, release: str, revision: int) -> HelmRelease
async def uninstall(self, release: str, namespace: str) -> bool
async def get_release_history(self, release: str) -> List[HelmRevision]API Endpoints:
| Endpoint | Method | Description |
|---|---|---|
/api/v1/helm/repos |
GET | List configured repos |
/api/v1/helm/repos |
POST | Add new repo |
/api/v1/helm/repos/{name} |
DELETE | Remove repo |
/api/v1/helm/charts |
GET | Search charts |
/api/v1/helm/charts/{name}/values |
GET | Get default values |
/api/v1/helm/releases |
GET | List installed releases |
/api/v1/helm/releases |
POST | Install chart |
/api/v1/helm/releases/{name} |
GET | Get release details |
/api/v1/helm/releases/{name} |
PUT | Upgrade release |
/api/v1/helm/releases/{name} |
DELETE | Uninstall release |
/api/v1/helm/releases/{name}/rollback |
POST | Rollback to revision |
/api/v1/helm/releases/{name}/history |
GET | Get revision history |
New Files:
frontend/src/components/helm/HelmDashboard.tsx- Main Helm viewfrontend/src/components/helm/ChartBrowser.tsx- Browse/search chartsfrontend/src/components/helm/ReleaseList.tsx- Installed releasesfrontend/src/components/helm/InstallChart.tsx- Install wizardfrontend/src/components/helm/ValuesEditor.tsx- YAML values editorfrontend/src/components/helm/ReleaseDetail.tsx- Release info & history
Changes:
frontend/src/App.tsx- Add /helm routesfrontend/src/components/common/Layout.tsx- Add Helm nav itemfrontend/src/services/api.ts- Add helmApifrontend/src/types/index.ts- Add Helm types
UI Components:
- Chart Browser - Search, filter by repo, view chart info
- Values Editor - Monaco/CodeMirror YAML editor with validation
- Release Manager - List, upgrade, rollback, uninstall
- Install Wizard - Step-by-step: Select chart → Configure → Review → Deploy
┌─────────────────────────────────────────────────────────┐
│ Cost Data Sources │
│ │
│ K8s Metrics → Resource Usage → Cost Calculation │
│ │
│ Cloud Provider APIs (optional) → Actual Billing Data │
│ │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ Cost Dashboard │
│ │
│ Overview → By Namespace → By Workload → Recommendations │
│ │
└─────────────────────────────────────────────────────────┘
Resource Pricing (configurable):
DEFAULT_PRICING = {
"cpu_per_core_hour": 0.031, # $ per CPU core per hour
"memory_per_gb_hour": 0.004, # $ per GB RAM per hour
"storage_per_gb_month": 0.10, # $ per GB storage per month
"network_egress_per_gb": 0.12, # $ per GB egress
}New Files:
backend/app/services/cost_service.py- Cost calculationsbackend/app/schemas/cost.py- Cost schemasbackend/app/api/routes/cost.py- Cost endpoints
Cost Service Methods:
class CostService:
async def get_cluster_cost(self, period: str) -> ClusterCost
async def get_namespace_costs(self, period: str) -> List[NamespaceCost]
async def get_workload_costs(self, namespace: str) -> List[WorkloadCost]
async def get_cost_trends(self, days: int) -> CostTrends
async def get_recommendations(self) -> List[CostRecommendation]
async def get_idle_resources(self) -> List[IdleResource]API Endpoints:
| Endpoint | Method | Description |
|---|---|---|
/api/v1/cost/overview |
GET | Cluster cost summary |
/api/v1/cost/namespaces |
GET | Cost by namespace |
/api/v1/cost/namespaces/{ns}/workloads |
GET | Cost by workload |
/api/v1/cost/trends |
GET | Historical cost data |
/api/v1/cost/recommendations |
GET | Optimization suggestions |
/api/v1/cost/idle |
GET | Idle/underutilized resources |
/api/v1/cost/settings |
GET/PUT | Pricing configuration |
New Files:
frontend/src/components/cost/CostDashboard.tsx- Main cost viewfrontend/src/components/cost/CostOverview.tsx- Summary cardsfrontend/src/components/cost/NamespaceCosts.tsx- Namespace breakdownfrontend/src/components/cost/CostTrends.tsx- Charts/graphsfrontend/src/components/cost/Recommendations.tsx- Optimization tipsfrontend/src/components/cost/CostSettings.tsx- Pricing config
Changes:
frontend/src/App.tsx- Add /cost routesfrontend/src/components/common/Layout.tsx- Add Cost nav itemfrontend/src/services/api.ts- Add costApifrontend/src/types/index.ts- Add Cost types
Dashboard Components:
- Overview Cards - Total cost, cost change %, top spenders
- Namespace Chart - Pie/bar chart of costs by namespace
- Trend Graph - Line chart of daily/weekly costs (using Chart.js or Recharts)
- Recommendations - Actionable cards with "Apply" buttons
- Settings - Configure pricing per resource type
- Backend cluster service & endpoints
- Frontend ClusterContext & switcher
- Modify existing K8s calls to support cluster parameter
- Backend auth service & JWT
- User storage (SQLite/JSON)
- Permission decorators on routes
- Frontend auth context & login
- Protected routes & permission checks
- Audit logging
- Backend Helm service
- API endpoints
- Frontend chart browser
- Install wizard & values editor
- Release management UI
- Backend cost service
- Cost calculation logic
- API endpoints
- Frontend dashboard components
- Charts integration (Recharts)
backend/app/
├── services/
│ ├── cluster_service.py
│ ├── auth_service.py
│ ├── helm_service.py
│ └── cost_service.py
├── schemas/
│ ├── cluster.py
│ ├── auth.py
│ ├── helm.py
│ └── cost.py
├── api/routes/
│ ├── clusters.py
│ ├── auth.py
│ ├── helm.py
│ └── cost.py
├── core/
│ └── security.py
├── middleware/
│ └── auth.py
└── models/
└── user.py
frontend/src/
├── contexts/
│ ├── ClusterContext.tsx
│ └── AuthContext.tsx
├── components/
│ ├── common/
│ │ └── ClusterSwitcher.tsx
│ ├── auth/
│ │ ├── LoginPage.tsx
│ │ └── ProtectedRoute.tsx
│ ├── admin/
│ │ └── UserManagement.tsx
│ ├── helm/
│ │ ├── HelmDashboard.tsx
│ │ ├── ChartBrowser.tsx
│ │ ├── ReleaseList.tsx
│ │ ├── InstallChart.tsx
│ │ ├── ValuesEditor.tsx
│ │ └── ReleaseDetail.tsx
│ └── cost/
│ ├── CostDashboard.tsx
│ ├── CostOverview.tsx
│ ├── NamespaceCosts.tsx
│ ├── CostTrends.tsx
│ ├── Recommendations.tsx
│ └── CostSettings.tsx
PyJWT>=2.8.0 # JWT token handling
passlib[bcrypt]>=1.7.4 # Password hashing
python-jose>=3.3.0 # JWT with more algorithms
{
"dependencies": {
"recharts": "^2.10.0", // Charts for cost dashboard
"@monaco-editor/react": "^4.6.0" // YAML editor for Helm values
}
}| Feature | Backend | Frontend | Total |
|---|---|---|---|
| Multi-Cluster | 4 hrs | 3 hrs | 7 hrs |
| RBAC | 6 hrs | 5 hrs | 11 hrs |
| Helm UI | 5 hrs | 6 hrs | 11 hrs |
| Cost Dashboard | 4 hrs | 5 hrs | 9 hrs |
| Total | 19 hrs | 19 hrs | 38 hrs |
- Multi-Cluster: Should clusters be configured via env/config file or through UI?
- RBAC: Should we use SQLite for user storage or simple JSON file?
- Helm: Should we support private Helm repos with authentication?
- Cost: Do you want integration with cloud provider APIs (AWS Cost Explorer, GCP Billing)?