Flask REST framework for role-based access
Project description
apicrud
What is this
Skip the kubernetes / python / React.js learning curve and put your ideas in production!
The apicrud framework was created to make it far easier to get started on full-stack development of REST-based services ranging from a simple CLI wrapper for queries of local APIs to full web-scale consumer-facing applications.
The essential components of a modern full-stack application include a back-end API server, a front-end UI server, a database, a memory-cache and a background worker for performing actions such as emailing, photo uploading or report generation. The challenge of setting up CI testing and microservice deployment is usually daunting; this repo addresses all of those issues by providing a fully-working example you can set up and start modifying in minutes. No prior experience is required.
This is the API back-end and worker, with an example application.
Usage
Clone this repo to your local environment. To start the example application in a shell session (on a Linux or Mac laptop):
- Set environment variables as defined below
- Install docker (desktop for Mac or Linux/Ubuntu and enable kubernetes; if you're on a Mac install homebrew; Linux kubeadm setup is beyond scope of this README
- To run the full example demo in your local kubernetes:
- Make secrets available:
ln -s example/secrets/.gnupg ~
if you don't already use gpg, ormake sops-import-gpg
if gpg is already installed - Invoke
TAG=latest make deploy_local
- Browse http://localhost:32180 as
admin
with passwordp@ssw0rd
once all services are running
- Make secrets available:
- Or, to run only database/cache images for developing on your laptop:
- Invoke
make run_local
to bring up the back-end API with its dependent services mariadb, redis and rabbitmq - Invoke
make messaging_worker
to bring up the email/SMS worker back-end - Clone the instantlinux/apicrud-ui repo to a separate directory and follow the instructions given in its README to start and log into the front-end
- Invoke
- Optional: if setting up to run API within a docker container, configure kubernetes secrets as defined below (need at least the
example-db-password
) - Optional for Linux: a full ansible-based bare-metal k8s cluster management suite is published at instantlinux/docker-tools
- Optional: configure outbound email (via GMail or another provider)
- Head to App Passwords account settings in your GMail account and generate an app password
- Login to the the example demo as
admin
- At upper right, go into Settings and choose Credentials tab
- Add a new entry:
key
is your GMail email address,secret
is the app password - Choose Settings tab, set the smarthost to
smtp.gmail.com
, SMTP port to 587, and select the SMTP credential you just created - Also in Settings tab, update the URL to match the hostname and port number you see in address bar
- At upper right, go into Profile and select Contact Info
- Edit the admin email address to your GMail address
The example MVC application is provided here in this repo is also used as a fixture for its unit tests. You can fork / clone this repo and experiment with your own extensions to the database models, controller logic, and openapi.yaml REST endpoints. See instantlinux/apicrud-ui for definitions of the views (as React.js code).
Environment variables
Variable | Default | Description |
---|---|---|
AMQ_HOST | example-rmq |
IP address or hostname of rabbitMQ |
API_DEV_PORT | 32080 |
TCP port for API service (local dev k8s) |
DB_HOST | 10.101.2.30 |
IP address or hostname of MySQL-compatible database |
DB_NAME | example_local |
Name of the database |
DB_PASS | example |
Password for database |
DOMAIN | Domain for service URLs | |
EXAMPLE_API_PORT | 8080 |
TCP port for API service |
KUBECONFIG | Config credentials filename for k8s | |
RABBITMQ_IP | 10.101.2.20 |
IP address to use for rabbitMQ under k8s |
REDIS_IP | 10.101.2.10 |
IP address for redis under k8s |
Secrets
Kubernetes needs secrets defined. Default values for these are under example/secrets/. See the example/Makefile.sops (and the lengthy kubernetes secrets doc for instructions on modifying them or adding new secrets for multiple namespace environments.
Secret | Description |
---|---|
example-db-aes-secret | Encryption passphrase for secured DB columns (~16 bytes) |
example-db-password | Database password |
example-flask-secret | Session passphrase (32 hex digits) |
example-redis-secret | Encryption passphrase for redis values (~16 bytes) |
mapquest-api-key | API key for address lookups (sign-up: mapquest) |
Background
The rise of Docker and Kubernetes starting around 2017 made it possible to set up these production-grade services directly on the laptop of any developer. Only recently have the tools been easier to configure and set up. This framework provides working example code you can use to get started creating your own secure, web-scale services.
Implementation/design includes these technologies: celery, CloudFront and S3, docker, flask, kubernetes, MapQuest geocoding, mapbox, MariaDB, python 3, RabbitMQ, react.js, react-admin, sqlalchemy, uWSGI.
Contributions
Your pull-requests and bug-reports are welcome here. See CONTRIBUTING.md.
License
Software copyright © 2020 by Richard Braun • Apache 2.0 license
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.