Simple Multi Tenancy Service

Deployment and Setup Guide

Overview

Purpose and Functionality

“Simple Multitenancy” is a service designed to implement regional multi-tenancy, ensuring that client data is stored in different regional data centers. The service is written in Python and is designed to run efficiently in a Kubernetes environment, though it can also operate on other platforms.

Environment Requirements

• Operating System: Linux (recommended), but it can run on any OS that supports Python.

• Host Requirements: At least 1 CPU and 128 MB of RAM.

• Container Orchestration: Kubernetes (recommended).

• Ingress Configuration: Uses cert-manager for TLS certificates.

• Configuration Management: Uses ConfigMap and Secret for environment settings.

Instance Requirements

• The service interacts with the target instances that must be properly configured:

  • The target instance must permit CORS for the defined service URL

  • The target instance should provide the service account with the view user profile permission

Installation and Environment Setup

Python Version and Dependencies

• The service requires Python 3.x.

• Dependencies are managed via pip using the requirements.txt file.

• The requirements.txt file includes necessary libraries for running the service

To install dependencies, run:

Environment Variables and Configuration Files

• Configuration is managed through a config.yaml file, which is mounted from a Kubernetes ConfigMap.

  log_level: DEBUG
data_centers:
dc1:
name: "EU region" #The name displayed on UI
base_url: "https://individual-eu.multitenancy.techfin.dev" #The base URL to redirect
api_url: "https://api-eu.multitenancy.techfin.dev" #The base URL to send API requests
auth_path: "/api/v1/authorization" #API Path to authenticate service user
user_lookup_path: "/api/v1/users/view" #API Path to search for the user
redirect_path: "/manual" #Path to redirect user for login
registration_path: "/registration" #Path to redirect user for registration
service_account:
username: "service_user1" #The login of the service user
password: "pwd" #The password of the service user
dc2:
name: "US region"
base_url: "https://individual-us.multitenancy.techfin.dev"
api_url: "https://api-us.multitenancy.techfin.dev"
auth_path: "/api/v1/authorization"
user_lookup_path: "/api/v1/users/view"
redirect_path: "/manual"
registration_path: "/registration"
service_account:
username: "service_user2"
password: "pwd"
search:
user_type: business #The type of the user to search
token:
secret_key: "verystrongsecret"
algorithm: "HS512"


• The logging level is controlled by the log_level variable in the configuration file (default: INFO). For debugging, it can be set to DEBUG.

Build and Preparation for Deployment

Build and Preparation Steps

• Ensure Python dependencies are installed.

• Validate the configuration in config.yaml.

• Generate any necessary artifacts (if applicable).

Deployment

Local Deployment

To run the service locally, execute:

Docker Deployment

The service can be containerized using Docker. To build and run:

Or user docker-compose file to run:

Kubernetes Deployment

• Configuration is mounted via ConfigMap (config.yaml).

• Ingress is managed using cert-manager.

• Ensure that the target instances allows CORS for the specified URL.

Deploying to Kubernetes

To deploy the service manually, use the Kubernetes manifests located in deploy/k8s/.

Debugging and Troubleshooting

Common Issues and Solutions

1. Incorrect Service Account credentials

   • Check for misconfigured ConfigMaps.

2. Logging and Debugging

   • Logs can be monitored using:

     kubectl logs -f <pod_name>

   • Set log_level to DEBUG in config.yaml for more detailed logs.

3. Ingress Issues

   • Verify that cert-manager is correctly issuing certificates.

   • Ensure the Ingress rules match the expected domain routing.

4. Pod Resource Limits

   • If the service is not respecting resource limits, check the Kubernetes resource requests/limits configuration.