- Introduction
- Features
- Architecture
- Local Development
- Deployment on Azure Kubernetes Service (AKS)
- Configuration
- Monitoring and Logging
- Scaling
- Security Considerations
- Troubleshooting
- Contributing
- License
TentaGate is a high-performance API gateway built with FastAPI, designed to handle high loads in production environments. It serves as a central entry point for microservices architecture, providing essential features such as authentication, rate limiting, caching, and circuit breaking.
The name "TentaGate" is inspired by the multiple "tentacles" (connections) it manages, much like an octopus, while serving as a gateway for API requests.
- JWT Authentication: Secure your APIs with JSON Web Token authentication.
- Rate Limiting: Protect your backend services from overload with configurable rate limiting.
- Response Caching: Improve performance by caching responses with Redis.
- Circuit Breaking: Prevent cascading failures with a circuit breaker pattern.
- Prometheus Metrics: Monitor your gateway with built-in Prometheus metrics.
- CORS Support: Configure Cross-Origin Resource Sharing as needed.
- Health Check Endpoint: Easily monitor the health of your gateway.
- Azure Kubernetes Service (AKS) Ready: Deployment configurations for AKS included.
TentaGate is designed with a modular architecture:
main.py
: The core FastAPI application.config.py
: Configuration management using environment variables.auth.py
: JWT authentication logic.cache.py
: Redis-based caching implementation.rate_limiter.py
: Rate limiting functionality.circuit_breaker.py
: Circuit breaker pattern implementation.
The application is containerized using Docker and deployed on Azure Kubernetes Service for scalability and ease of management.
- Clone the repository:
git clone https://github.com/pythopus/tentagate.git cd tentagate
- Set up a virtual environment:
python -m venv venv source venv/bin/activate # On Windows use venv\Scripts\activate
- Install dependencies:
pip install -r requirements.txt
- Set up environment variables in a
.env
file:JWT_SECRET_KEY=your_secret_key REDIS_URL=redis://localhost:6379 ALLOWED_ORIGINS=http://localhost:3000,https://yourdomain.com
- Run the application:
uvicorn src.main:app --reload
- Access the API documentation at
http://localhost:8000/docs
- Azure CLI installed and configured
- kubectl installed
- Docker installed
- Create an AKS cluster:
az aks create --resource-group myResourceGroup --name myAKSCluster --node-count 3 --enable-addons monitoring --generate-ssh-keys
- Connect to the AKS cluster:
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
- Create an Azure Container Registry (ACR):
az acr create --resource-group myResourceGroup --name myACRRegistry --sku Basic
- Build and push the Docker image:
docker build -t myACRRegistry.azurecr.io/tentagate:v1 . az acr login --name myACRRegistry docker push myACRRegistry.azurecr.io/tentagate:v1
- Create Kubernetes secrets:
kubectl create secret generic tentagate-secrets --from-literal=jwt-secret-key=your_secret_key
- Apply Kubernetes manifests:
kubectl apply -f kubernetes/
- Set up Ingress Controller:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update helm install nginx-ingress ingress-nginx/ingress-nginx
- Configure DNS and SSL (if needed)
TentaGate can be configured using environment variables or a .env
file. Key configurations include:
JWT_SECRET_KEY
: Secret key for JWT authenticationREDIS_URL
: URL of the Redis server for caching and rate limitingALLOWED_ORIGINS
: Comma-separated list of allowed origins for CORSBACKEND_SERVICES
: JSON-formatted dictionary of backend service URLs
- Use Azure Monitor for containers to monitor your AKS cluster and TentaGate pods.
- Enable Prometheus metrics in your AKS cluster and scrape metrics from TentaGate's
/metrics
endpoint. - Use Azure Log Analytics for centralized logging.
- Horizontal Pod Autoscaler (HPA) can be used to automatically scale TentaGate based on CPU or custom metrics.
- Consider using Azure Container Instances (ACI) for burst scaling.
- Keep your JWT secret key secure and rotate it regularly.
- Use Azure Key Vault for managing secrets instead of Kubernetes secrets for production deployments.
- Implement network policies to control traffic between pods.
- Regularly update dependencies and the base Docker image.
- Check pod logs:
kubectl logs <pod-name>
- Describe pods for events:
kubectl describe pod <pod-name>
- Use
kubectl get events
to see cluster-wide events - Check TentaGate's health endpoint:
/health
Contributions to TentaGate are welcome! Please refer to the CONTRIBUTING.md file for guidelines.
This project is licensed under the MIT License. See the LICENSE file for details.