OCDP/ocdp-go
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
7f238a3168efa28d3b6254e4d0291f117c565986
ocdp-go/tasks/lessons.md
Ivan087 7f238a3168 refactor: full-stack restructure with multi-tenancy, workspace management, and K8s diagnostics 
- Add Workspace domain (entity, repository, service, handler, DTO)
- Add multi-tenant K8s client with tenant binding and quota management
- Add K8s diagnostics client (instance diagnostics)
- Add authorization middleware (authz package)
- Restructure frontend to feature-based architecture (features/)
- Add User Management page in configuration
- Add AccessDenied page and route guards
- Refactor shared components (form inputs, layout, UI)
- Update Tailwind config for new design system
- Add comprehensive documentation (docs/, tasks/, plans)
- Improve cluster service with better kubeconfig handling
- Add tests for crypto, config, helm client, tenant binding
2026-05-12 16:15:14 +08:00

1.5 KiB
Raw Blame History

Lessons

  • Do not leave real bootstrap credentials, cluster endpoints, certificates, or passwords in code fallbacks. Bootstrap defaults must be empty/disabled; real data must come only from .env, BOOTSTRAP_CONFIG_JSON, or explicit config files.
  • Keep backend permission names aligned with frontend route guards. Returning legacy domain permissions like clusters:manage:own without UI permissions such as configuration:clusters:manage_own makes ordinary users appear logged in but blocked by every page.
  • Treat requests.nvidia.com/gpumem as a vendor integer MB scalar in this project. Do not normalize it through Kubernetes memory units such as M, G, or Gi; use values like 10000.
  • Multi-cluster tenant resources must be scoped by (workspace_id, cluster_id). Do not infer the target cluster from list order; user/workspace defaults, kubeconfig issuance, namespace creation, ResourceQuota, and deploy must all use the same selected cluster.
  • For real Helm smoke tests, wait for platform instance deletion to remove the DB record before deleting the Kubernetes namespace manually. Deleting the namespace too early can make the async Helm uninstall mark the instance failed.
  • When embedding Helm, setting actionConfig.Init(..., namespace, ...) and Install.Namespace is not enough. The custom RESTClientGetter must also override the raw kubeconfig loader namespace, or manifests without metadata.namespace can be created in the kubeconfig context namespace such as default.