Infrastructure prerequisites

Dependencies

It has the following dependencies:

  • Postgres database - the License Engine uses a Postgres database to store license-related data. The database should be set up with basic configuration properties specified in the helm values.yaml file, these properties include the name of the database, username and password, and resources such as CPU and memory limits
  • Connection to the same Kafka instance as the engine - the License Engine needs to be able to communicate with the FLOWX.AI Engine using Kafka; the Kafka instance used by the engine should be the same one used by the License Engine
  • Routing of requests through NGINX - requests made to the License Engine should be routed through the FLOWX.AI Designer using NGINX, the configuration for the Designer should be updated to also expose the REST API of the License Engine by adding a path in flowx-admin-plugins-subpaths

Configuration

The service comes with most of the needed configuration properties filled in, but there are a few that need to be set up using some custom environment variables.

Configuring Postgres database

The basic Postgres configuration is specified in the helm values.yaml file. This file includes properties such as the name of the database, username and password, and resources such as CPU and memory limits.

  licencedb:
    existingSecret: {{secretName}}
    metrics:
      enabled: true
      service:
        annotations:
          prometheus.io/port: {{prometheus port}}
          prometheus.io/scrape: "true"
        type: ClusterIP
      serviceMonitor:
        additionalLabels:
          release: prometheus-operator
        enabled: true
        interval: 30s
        scrapeTimeout: 10s
    persistence:
      enabled: true
      size: 1Gi
    postgresqlDatabase: license-coredb
    postgresqlExtendedConf:
      maxConnections: 200
      sharedBuffers: 128MB
    postgresqlUsername: postgres
    resources:
      limits:
        cpu: 6000m
        memory: 2048Mi
      requests:
        cpu: 200m
        memory: 512Mi

OpenID connect settings

  • SECURITY_TYPE: Indicates that OAuth 2.0 is the chosen security type, default value: oauth2.
security:
  type: oauth2
  • SECURITY_PATHAUTHORIZATIONS_0_PATH: Defines a security path or endpoint pattern. It specifies that the security settings apply to all paths under the “/api/” path. The ** is a wildcard that means it includes all subpaths under “/api/**“.
  • SECURITY_PATHAUTHORIZATIONS_0_ROLESALLOWED: Specifies the roles allowed for accessing the specified path. In this case, the roles allowed are empty (""). This might imply that access to the “/api/**” paths is open to all users or that no specific roles are required for authorization.
   pathAuthorizations:
    - path: "/api/**" 
      rolesAllowed: "ANY_AUTHENTICATED_USER"
  • SECURITY_OAUTH2_BASE_SERVER_URL: This setting specifies the base URL of the OpenID server, which is used for authentication and authorization.
  • SECURITY_OAUTH2_CLIENT_CLIENT_ID: Specifies the client ID associated with the application registered on the OpenID server for authentication and authorization.
  • SECURITY_OAUTH2_REALM: Defines the realm for the OAuth 2.0 authorization server. The realm is a protected space where the client’s resources are stored. It provides additional context for the authentication process.

Configuring License datasource

The License Engine uses a Postgres/Oracle database to store license-related data. The following environment variables need to be set in order to connect to the database:

  • SPRING_DATASOURCE_JDBCURL
  • SPRING_DATASOURCE_USERNAME
  • SPRING_DATASOURCE_PASSWORD

Configuring Engine datasource

The License service needs to retrieve the data for a process instance from the engine database. So it needs to have all the correct information to connect to the engine database.

The following configuration details need to be added in configuration files or overwritten using environment variables:

  • ENGINE_DATASOURCE_JDBCURL
  • ENGINE_DATASOURCE_USERNAME
  • ENGINE_DATASOURCE_PASSWORD

Configuring Kafka

Kafka handles all communication between the License Engine and the FLOWX Engine. Both a producer and a consumer must be configured. The following environment variables need to be set:

  • SPRING_KAFKA_BOOTSTRAP_SERVERS - address of the Kafka server
  • SPRING_KAFKA_CONSUMER_GROUP_ID - group of consumers
  • KAFKA_CONSUMER_THREADS - the number of Kafka consumer threads
  • KAFKA_AUTH_EXCEPTION_RETRY_INTERVAL - the interval between retries after AuthorizationException is thrown by KafkaConsumer

The configured license topic KAFKA_TOPIC_LICENSE_IN should be the same as the KAFKA_TOPIC_LICENSE_OUT from the engine

Configuring logging

The following environment variables could be set in order to control log levels:

  • LOGGING_LEVEL_ROOT - root spring boot microservice logs
  • LOGGING_LEVEL_APP - app level logs

Configuring NGINX

The configuration for the FlowX Designer should be updated to also expose the REST API of the license engine by adding a path in flowx-admin-plugins-subpaths

      - path: /license(/|$)(.*)
        backend:
          serviceName: license-core
          servicePort: 80