A comprehensive Kubernetes-based microservices application using Traefik as an API Gateway with advanced routing, authentication, and monitoring capabilities.
This project is a test/demo application. All secrets, keys, and environment variables used here are for testing purposes only.
- β Do NOT reuse any credentials in this Project, it has been completely deleted after testing.
- β All infrastructure (Kubernetes clusters, databases, services, secrets, etc.) has been completely deleted after testing.
- β This repository is shared strictly for educational and demonstration purposes.
This project implements a microservices architecture with:
- API Gateway: Traefik v3.0 with advanced middleware
- Authentication Service: JWT-based authentication (Port 9000)
- Jobs Listing Service: Job management endpoints (Port 5000)
- Applications Service: Job application management (Port 8000)
- Redis: Storing of revoked JTI
- PostgreSQL: Primary database storage
- Intelligent Routing: Path-based routing to microservices
- JWT Authentication: Secure token-based authentication
- Rate Limiting: Configurable request throttling (100 burst, 1min period)
- Circuit Breaker: Automatic failure detection and recovery
- CORS Support: Cross-origin resource sharing
- Request/Response Transformation: Header manipulation
- Compression: Automatic response compression
- Retry Logic: Automatic request retries (3 attempts)
- Health Checks: Built-in service monitoring
- Metrics: Prometheus integration for monitoring
- JWT token validation middleware
- Protected and public route separation
- IP-based rate limiting
- Circuit breaker for resilience
- Secure header management
job-microservice-app/
βββ auth-service/
βββ eks-deployment-setup/
β βββ auth/
β βββ jobs-applications/
β βββ jobs-listing/
β βββ traefik/
β βββ apply-db-migrations.sh
β βββ apply-k8s-configs.sh
β βββ apply-traefik.sh
β βββ delete-traefik.sh
β βββ eks-cluster.yaml
β βββ namespace.yaml
β βββ redis-deployment.yaml
β βββ redis-service.yaml
βββ job-apply-service/
βββ job-listing-service/
βββ .env
βββ .env.sample
βββ .gitignore
βββ docker-compose.yaml
βββ Jenkinsfile
βββ service-config.yaml
βββ update-deployment.sh
βββ README.md
GET /api- API statusPOST /api/v1/auth/register- User registrationPOST /api/v1/auth/login- User loginPOST /api/v1/auth/validate-token- Token validation
GET /api/v1/me- User profilePOST /api/v1/auth/refresh- Token refreshPOST /api/v1/auth/logout- User logoutGET|POST|PUT|DELETE /api/v1/jobs/*- Jobs managementGET|POST|PUT|DELETE /api/v1/applications/*- Applications management
To deploy this application, navigate to the eks-deployment-setup directory and run the following scripts in order:
cd eks-deployment-setup eksctl create cluster --name micro-eks-cluster --region eu-north-1 --node-type t3.medium kubectl apply -f namespace.yaml ./apply-traefik.sh ./apply-k8s-configs.sh ./apply-db-migrations.sh ./apply-argo-cd.shβ οΈ Login into ArgoCD UIhttps://localhost:{PORT}, check your terminal for username and password
kubectl apply -f argo.yaml kubectl exec -it debug-pod -n job-application-microservices -- /bin/sh apt update && apt install -y redis-tools redis-cli -h redis-service -p 6379 pingExpected Output: PONG
- Validates tokens via auth service
- Forwards user context headers
- Supports authorization header passthrough
- Burst: 100 requests
- Period: 1 minute
- Strategy: IP-based limiting
- Network Error Threshold: 30%
- HTTP Error Threshold: 25% (5xx responses)
- Auto-recovery: Built-in
- Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
- Origins: Configurable (currently set to *)
- Credentials: Supported
- Max Age: 3600 seconds
- Endpoint:
/pingon port 8080 - Liveness Probe: 10s intervals
- Readiness Probe: 5s intervals
- Prometheus Integration: Built-in metrics export
- Custom Buckets: 0.1, 0.3, 1.2, 5.0 seconds
- ServiceMonitor: Automatic Prometheus discovery
- Access Logs: Enabled
- Log Level: INFO
- Structured Logging: JSON format
- Authentication: JWT tokens required for protected routes
- Rate Limiting: Prevents abuse and DDoS attacks
- Circuit Breaker: Protects against cascade failures
- CORS: Configurable cross-origin policies
- Header Security: Custom security headers added
- Kubernetes cluster (EKS recommended)
- kubectl configured
- Docker for container management
- Clone the repository
- Follow deployment instructions above
- Access Traefik dashboard at
http://localhost:8080 - Monitor services and routing rules
# Test public endpoint
curl http://your-loadbalancer/api/v1/auth/login
# Test protected endpoint (with JWT)
curl -H "Authorization: Bearer your-jwt-token" http://your-loadbalancer/api/v1/jobs- traefik-deployment.yaml: Main Traefik deployment with middlewares
- ingress-configs.yaml: Route definitions and service mappings
- RBAC: Cluster roles and permissions for Traefik
- JWT Authentication
- CORS Headers
- Rate Limiting
- Circuit Breaker
- Retry Logic
- Compression
- API Headers
This is a demonstration project. For educational purposes:
- Fork the repository
- Create feature branches
- Test thoroughly
- Document changes
- Submit pull requests
This project is for educational and demonstration purposes only. Please ensure you understand the security implications before adapting for production use.