FastAPI

Python web application with dynamic module loading, Prometheus instrumentation, and Kaniko/BuildKit container builds.

Architecture

                main.py - Uvicorn entrypoint, module discovery, lifespan management

                api.py - Router aggregation, auto-imports per linked service + custom APIs

                config.py - Environment variable parsing, service endpoint resolution

                Prometheus - prometheus-fastapi-instrumentator on /metrics

                Kaniko / BuildKit - In-cluster container image builds

Attributes

Attribute	Example	Description
`namespace` REQ	`fastapi`	Kubernetes namespace - used in all generated manifests and service DNS
`port` REQ	`8080`	Container port - written to Dockerfile EXPOSE, fastapi.yaml containerPort, and Service targetPort
`user_id`	`1000`	Non-root UID/GID in Dockerfile USER directive and securityContext runAsUser/runAsGroup
`service_type`	`ClusterIP`	Kubernetes Service type in fastapi.yaml (ClusterIP / NodePort / LoadBalancer)
`pvc`	`true`	When enabled, generates pvc.yaml PersistentVolumeClaim and volume mount in fastapi.yaml
`hpa`	`true`	When enabled, generates hpa.yaml HorizontalPodAutoscaler
`rbac`	`true`	Generates rbac.yaml with Role and RoleBinding for the service account
`probes`	`true`	Generates probes-patch.yaml with liveness and readiness probe definitions
`securityContext`	`true`	Container-level security context (readOnlyRootFilesystem, drop capabilities)
`pod_level_security`	`true`	Pod-level security settings (runAsNonRoot, fsGroup, seccompProfile)
`cpu_request` / `cpu_limit`	`100m` / `500m`	CPU requests and limits in patch/resource-patch.yaml
`mem_request` / `mem_limit`	`128Mi` / `512Mi`	Memory requests and limits in patch/resource-patch.yaml
`ephemeral_storage`	`1Gi`	Ephemeral storage limit in patch/resource-patch.yaml
`writable_directory` / `directory`	`true` / `/tmp/data`	Adds emptyDir volume mount at specified directory path in fastapi.yaml
`add_custom_api`	`true`	Injects custom API router imports into src/api.py for sub-component modules

Sub-Components

custom_api - Custom API Module

Each custom_api generates a full Python module: src/{name}_module/__init__.py, routes.py, services.py, models.py. Router is auto-registered in api.py at /api/v1/{name}/.

Attribute	Example	Impact
`fastapi_init`	`from .routes import router`	Written to src/{name}_module/__init__.py
`fastapi_custom_route`	Route definitions	Written to src/{name}_module/routes.py
`fastapi_custom_service`	Business logic	Written to src/{name}_module/services.py
`fastapi_custom_model`	Pydantic models	Written to src/{name}_module/models.py
`requirements`	`httpx==0.27.0`	Appended to requirements.txt

Links

Link	Direction	Generated Output
FastAPI → PostgreSQL	Outbound	Connection env vars in secret/cloud.env, psycopg2 in requirements.txt, src/postgresql_module/ kept
FastAPI → RabbitMQ	Outbound	Connection env vars in secret/cloud.env, aio-pika in requirements.txt, src/rabbitmq_module/ kept
FastAPI → exchange (parent: rabbitmq)	Outbound	RABBITMQ_EXCHANGES env var, src/rabbitmq_module/ kept
FastAPI → queue (parent: rabbitmq)	Outbound	RABBITMQ_QUEUES env var, src/rabbitmq_module/ kept
FastAPI → database (parent: postgresql)	Outbound	POSTGRES_HOST + POSTGRES_DATABASES env vars, src/postgresql_module/ kept
FastAPI → mongo_db (parent: mongodb)	Outbound	MONGODB_HOST + MONGODB_DATABASES env vars, src/mongodb_module/ kept
FastAPI → bucket (parent: minio)	Outbound	MINIO_HOST + MINIO_BUCKETS env vars, src/minio_module/ kept
FastAPI → db (parent: cnpg)	Outbound	CNPG_HOST + CNPG_DATABASES env vars, src/postgresql_module/ kept
FastAPI → topic (parent: kafka)	Outbound	KAFKA_BOOTSTRAP_SERVERS + KAFKA_TOPICS env vars, aiokafka in requirements.txt
FastAPI → Celery	Outbound	Celery worker integration, resolves celery-redis broker for CELERY_BROKER_URL
Prometheus → FastAPI	Inbound	Generates service-monitor.yaml ServiceMonitor CR, adds prometheus libs to requirements.txt, exposes /metrics
Kong gateway → FastAPI	Inbound	Generates ingress.yaml + cors.yaml + rate-limit.yaml for external access
Istio → FastAPI	Inbound	Enables sidecar injection + mTLS via namespace label in namespace.yaml
APISIX → FastAPI	Inbound	APISIX route/upstream YAML generated on the APISIX side
APISIX gateway → FastAPI	Inbound	Gateway sub-component reference from APISIX

Conditional module cleanup:
No PostgreSQL/CNPG link: src/postgresql_module/ removed
No MongoDB link: src/mongodb_module/ removed
No RabbitMQ link: src/rabbitmq_module/ removed
No MinIO link: src/minio_module/ removed
No gateway link: ingress.yaml, cors.yaml, rate-limit.yaml removed

Generated Files

File	Condition	Content
k8s/deploy/base/fastapi.yaml	Always	Deployment, Service, ServiceAccount, ConfigMap
k8s/deploy/base/namespace.yaml	Always	Namespace definition
k8s/deploy/base/kustomization.yaml	Always	Kustomize resources, secretGenerator, patches
k8s/deploy/base/rbac.yaml	rbac enabled	Role and RoleBinding for the service account
k8s/deploy/base/ingress.yaml	Kong gateway linked	Kong Ingress route for external access
k8s/deploy/base/cors.yaml	Kong gateway linked	Kong CORS plugin configuration
k8s/deploy/base/rate-limit.yaml	Kong gateway linked	Kong rate limiting plugin configuration
k8s/deploy/base/service-monitor.yaml	Prometheus linked	Prometheus ServiceMonitor CR for /metrics scraping
k8s/deploy/base/pvc.yaml	pvc enabled	PersistentVolumeClaim definition
k8s/deploy/base/hpa.yaml	hpa enabled	HorizontalPodAutoscaler definition
k8s/deploy/base/patch/resource-patch.yaml	Always	CPU, memory, ephemeral storage requests and limits
k8s/deploy/base/patch/probes-patch.yaml	probes enabled	Liveness and readiness probe definitions
k8s/deploy/base/files/startup.sh	Always	Container startup script
k8s/deploy/base/files/test_file.text	Always	Static test file mounted via ConfigMap
k8s/deploy/base/secret/registry.json	Always	Docker registry credentials (SOPS encrypted)
k8s/deploy/base/secret/cloud.env	Always	Service connection env vars (SOPS encrypted)
k8s/build/base/kaniko.yaml	Always	Kaniko in-cluster container build Job
k8s/build/base/buildkit.yaml	Always	BuildKit in-cluster container build Job
Dockerfile	Always	Multi-stage Python image with non-root user (user_id), EXPOSE port
Dockerfile.test	Always	Test runner Dockerfile for CI pipeline
requirements.txt	Always	Python deps (fastapi, uvicorn, + link-specific: psycopg2, aio-pika, aiokafka, etc.)
src/main.py	Always	Uvicorn app entrypoint, lifespan hooks, module discovery
src/config.py	Always	Settings class, env var parsing, endpoint resolution
src/api.py	Always	Router aggregation - auto-includes linked service modules + custom_api routers
src/postgresql_module/*	PostgreSQL or CNPG linked	PostgreSQL connection pool, CRUD routes, models
src/mongodb_module/*	MongoDB linked	MongoDB client, collection routes, models
src/rabbitmq_module/*	RabbitMQ linked	aio-pika connection, publisher/consumer routes
src/minio_module/*	MinIO linked	MinIO/S3 client, upload/download routes
day2/fastapi-test-job.yaml	Always	Day-2 test Job manifest for validation

Ports

Port	Target	Protocol
port attr (8080)	Container (Dockerfile EXPOSE, containerPort)	HTTP
80	Service port (maps to containerPort)	HTTP

API Endpoints

                GET /health                   - Liveness check

                GET /info                     - Component info

                GET /metrics                  - Prometheus metrics

                GET /api/v1/                  - Base API router

                GET /api/v1/postgresql/        - PostgreSQL/CNPG routes (when linked)

                GET /api/v1/mongodb/           - MongoDB routes (when linked)

                GET /api/v1/rabbitmq/          - RabbitMQ routes (when linked)

                GET /api/v1/minio/             - MinIO routes (when linked)

                GET /api/v1/kafka/             - Kafka routes (when linked)

                GET /api/v1/{custom_api}/      - Custom API module routes (per sub-component)