Application Manager setup
The Application Manager is a backend microservice for managing FlowX applications, libraries, versions, manifests, configurations, and builds. This guide provides detailed instructions for setting up the service and configuring its components through environment variables.
The Application Manager is a backend microservice in FlowX.AI that:
✅ Manages FlowX applications, versions, manifests, and configurations.
✅ Acts as a proxy for front-end resource requests.
Infrastructure prerequisites
Before you start setting up the Application Manager service, ensure the following infrastructure components are in place:
| Component | Purpose |
|---|---|
| PostgreSQL | Storing application data |
| MongoDB | Managing runtime builds |
| Redis | Caching needs |
| Kafka | Event-driven communication |
| OAuth2 Server | Authentication (Keycloak recommended) |
Ensure that the database for storing application data is properly set up and configured before starting the service.
Dependencies
The Application Manager relies on other FlowX services and components to function properly:
- Database configuration: For storing application details, manifests, and configurations.
- Authorization & Access Management: For securing access to resources and managing roles.
- Kafka Event Bus: For enabling event-driven operations.
- Resource Proxy: To forward resource-related requests to appropriate services.
Core configuration environment variables
Basic service configuration
| Environment Variable | Description | Example Value |
|---|---|---|
CONFIG_PROFILE | Spring configuration profiles | k8stemplate_v2,kafka-auth |
MULTIPART_MAX_FILE_SIZE | Maximum file upload size | 25MB |
MULTIPART_MAX_REQUEST_SIZE | Maximum request size | 25MB |
LOGGING_CONFIG_FILE | Logging configuration file | logback-spring.xml |
Database configuration
PostgreSQL configuration
| Environment Variable | Description | Example Value |
|---|---|---|
SPRING_DATASOURCE_URL | PostgreSQL JDBC URL | jdbc:postgresql://postgresql:5432/app_manager |
SPRING_DATASOURCE_USERNAME | Database username | flowx |
SPRING_DATASOURCE_PASSWORD | Database password | password |
SPRING_DATASOURCE_DRIVERCLASSNAME | JDBC driver class | org.postgresql.Driver |
MongoDB configuration
The Application Manager requires MongoDB to store runtime build information. Use the following environment variables for configuration:
| Environment Variable | Description | Example Value |
|---|---|---|
SPRING_DATA_MONGODB_URI | MongoDB connection URI | mongodb://${DB_USERNAME}:${DB_PASSWORD}@mongodb-0.mongodb-headless,mongodb-1.mongodb-headless,mongodb-arbiter-0.mongodb-arbiter-headless:27017/app-runtime?retryWrites=false |
DB_USERNAME | MongoDB username | app-runtime |
DB_PASSWORD | MongoDB password | password |
SPRING_DATA_MONGODB_STORAGE | Storage type (Azure environments only) | mongodb (alternative: cosmosdb) |
Redis configuration
If caching is required, configure Redis using the following environment variables:
| Environment Variable | Description | Example Value |
|---|---|---|
SPRING_DATA_REDIS_HOST | Redis server hostname | redis-master |
SPRING_DATA_REDIS_PASSWORD | Redis password | password |
SPRING_DATA_REDIS_PORT | Redis server port | 6379 |
SPRING_REDIS_TTL | Default Redis TTL in milliseconds | 5000000 |
Kafka configuration
Kafka connection and security variables
| Environment Variable | Description | Example Value |
|---|---|---|
SPRING_KAFKA_BOOTSTRAPSERVERS | Kafka broker addresses | kafka-flowx-kafka-bootstrap:9092 |
SPRING_KAFKA_SECURITY_PROTOCOL | Security protocol | PLAINTEXT |
KAFKA_MESSAGE_MAX_BYTES | Maximum message size | 52428800 (50MB) |
FLOWX_KAFKA_PAYLOADSIZELIMIT | Payload size limit | 512000 (500KB) |
Kafka producer configuration
| Environment Variable | Description | Example Value |
|---|---|---|
SPRING_KAFKA_PRODUCER_KEYSERIALIZER | Key serializer class | org.apache.kafka.common.serialization.StringSerializer |
SPRING_KAFKA_PRODUCER_PROPERTIES_MAX_REQUEST_SIZE | Maximum request size | 52428800 (50MB) |
OAuth authentication variables (when using SASL_PLAINTEXT)
| Environment Variable | Description | Example Value |
|---|---|---|
KAFKA_OAUTH_CLIENTID | OAuth client ID | flowx-service-client |
KAFKA_OAUTH_CLIENTSECRET | OAuth client secret | flowx-service-client-secret |
KAFKA_OAUTH_TOKEN_ENDPOINT_URI | OAuth token endpoint | {baseUrl}/auth/realms/kafka-authz/protocol/openid-connect/token |
Kafka consumer configuration
| Environment Variable | Description | Default Value |
|---|---|---|
KAFKA_CONSUMER_GROUPID_APPLICATION_RESOURCE_EXPORT | Application export consumer group | appResourceExportGroup |
KAFKA_CONSUMER_GROUPID_APPLICATION_RESOURCE_IMPORT | Application import consumer group | appResourceImportGroup |
KAFKA_CONSUMER_GROUPID_APPLICATION_RESOURCE_USAGES | Resource usages consumer group | appResourceUsagesGroup |
KAFKA_CONSUMER_GROUPID_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATIONRESP | Resource element validation group | appResElemUsageValidationResp |
KAFKA_CONSUMER_GROUPID_APPLICATION_RESOURCE_COPY | Resource copy consumer group | appResourceCopyGroup |
KAFKA_CONSUMER_GROUPID_APPLICATION_MERGE | Application merge consumer group | appMergeItemGroup |
KAFKA_CONSUMER_GROUPID_BUILD_CREATE | Build create consumer group | buildCreateGroup |
KAFKA_CONSUMER_GROUPID_BUILD_UPDATE | Build update consumer group | buildUpdateGroup |
KAFKA_CONSUMER_GROUPID_BUILD_RESOURCE_EXPORT | Build export consumer group | buildResourceExportGroup |
KAFKA_CONSUMER_GROUPID_BUILD_RESOURCE_IMPORT | Build import consumer group | buildResourceImportGroup |
KAFKA_CONSUMER_GROUPID_BUILD_STARTTIMEREVENTS_UPDATES | Build timer events updates consumer | buildStartTimerEventsUpdatesGroup |
KAFKA_CONSUMER_GROUPID_PROCESS_START | Process start consumer group | processStartGroup |
KAFKA_AUTH_EXCEPTION_RETRY_INTERVAL | Auth exception retry interval (seconds) | 10 |
Kafka consumer threads configuration
| Environment Variable | Description | Default Value |
|---|---|---|
KAFKA_CONSUMER_THREADS_APPLICATION_RESOURCE_EXPORT | Application export consumer threads | 3 |
KAFKA_CONSUMER_THREADS_APPLICATION_RESOURCE_IMPORT | Application import consumer threads | 3 |
KAFKA_CONSUMER_THREADS_APPLICATION_RESOURCE_USAGES | Resource usages consumer threads | 3 |
KAFKA_CONSUMER_THREADS_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATIONRESP | Resource validation response threads | 3 |
KAFKA_CONSUMER_THREADS_APPLICATION_RESOURCE_COPY | Resource copy consumer threads | 3 |
KAFKA_CONSUMER_THREADS_APPLICATION_MERGE | Application merge consumer threads | 3 |
KAFKA_CONSUMER_THREADS_BUILD_CREATE | Build create consumer threads | 2 |
KAFKA_CONSUMER_THREADS_BUILD_UPDATE | Build update consumer threads | 4 |
KAFKA_CONSUMER_THREADS_BUILD_RESOURCE_EXPORT | Build export consumer threads | 3 |
KAFKA_CONSUMER_THREADS_BUILD_RESOURCE_IMPORT | Build import consumer threads | 3 |
KAFKA_CONSUMER_THREADS_BUILD_STARTTIMEREVENTS_UPDATES | Build timer events updates consumer threads | 3 |
Topic naming convention and pattern creation
The Application Manager uses a sophisticated topic naming convention that follows a structured pattern. This ensures consistency across environments and makes topics easily identifiable.
Topic naming components
| Component | Default Value | Environment Variable | Description |
|---|---|---|---|
package | ai.flowx. | KAFKA_TOPIC_NAMING_PACKAGE | Base package identifier |
environment | dev. | KAFKA_TOPIC_NAMING_ENVIRONMENT | Deployment environment |
version | .v1 | KAFKA_TOPIC_NAMING_VERSION | Topic version |
separator | . | KAFKA_TOPIC_NAMING_SEPARATOR | Main separator (referred to as dot) |
separator2 | - | KAFKA_TOPIC_NAMING_SEPARATOR2 | Secondary separator (as dash) |
prefix | ${KAFKA_TOPIC_NAMING_PACKAGE}${KAFKA_TOPIC_NAMING_ENVIRONMENT} | KAFKA_TOPIC_NAMING_PREFIX | Combined package and environment |
suffix | ${KAFKA_TOPIC_NAMING_VERSION} | KAFKA_TOPIC_NAMING_SUFFIX | The version suffix |
Topic pattern creation
Topics are constructed using the following pattern:
For example, a typical topic might look like:
Where:
ai.flowx.dev.is the prefix (package + environment)application-versionis the serviceexportis the action.v1is the suffix (version)
For more complex topics, additional components are added:
Where:
resources-usagesrepresents the resource typesub-res-validationrepresents the operation typeresponseindicates it’s a response message
Kafka topic configuration
Application resource topics
| Environment Variable | Description | Default Pattern |
|---|---|---|
KAFKA_TOPIC_APPLICATION_RESOURCE_EXPORT | Application resource export topic | ai.flowx.dev.application-version.export.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_IMPORT | Application resource import topic | ai.flowx.dev.application-version.import.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_IN | Resource usages in topic | ai.flowx.dev.application-version.resources-usages.operations.bulk.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_OUT | Resource usages out topic | ai.flowx.dev.application-version.resources-usages.operations.bulk.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_REFRESH | Resource usages refresh topic | ai.flowx.dev.application-version.resources-usages.refresh.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATION_RESPONSE | Resource element usage validation response | ai.flowx.dev.application-version.resources-usages.sub-res-validation.response.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATION_OUT_INTEGRATION | Resource validation integration topic | ai.flowx.dev.application-version.resources-usages.sub-res-validation.request-integration.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATION_OUT_CMS | Resource validation CMS topic | ai.flowx.dev.application-version.resources-usages.sub-res-validation.cms.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_COPY | Resource copy topic | ai.flowx.dev.application-version.copy-resource.v1 |
KAFKA_TOPIC_APPLICATION_MERGE | Application merge topic | ai.flowx.dev.application-version.merge.v1 |
Build resource topics
| Environment Variable | Description | Default Pattern |
|---|---|---|
KAFKA_TOPIC_BUILD_UPDATE | Build update topic | ai.flowx.dev.build.update.v1 |
KAFKA_TOPIC_BUILD_CREATE | Build create topic | ai.flowx.dev.build.create.v1 |
KAFKA_TOPIC_BUILD_RESOURCE_EXPORT | Build export topic | ai.flowx.dev.build.export.v1 |
KAFKA_TOPIC_BUILD_RESOURCE_IMPORT | Build import topic | ai.flowx.dev.build.import.v1 |
KAFKA_TOPIC_BUILD_STARTTIMEREVENTS_UPDATES | Timer events updates topic | ai.flowx.dev.build.start-timer-events.updates.in.v1 |
Process topics
| Environment Variable | Description | Default Pattern |
|---|---|---|
KAFKA_TOPIC_PROCESS_STARTFOREVENT_IN | Process start for event topic | ai.flowx.dev.core.trigger.start-for-event.process.v1 |
KAFKA_TOPIC_PROCESS_STARTBYNAME_IN | Process start by name topic | ai.flowx.dev.core.trigger.start-by-name.process.v1 |
KAFKA_TOPIC_PROCESS_STARTBYNAME_OUT | Process start by name out topic | ai.flowx.dev.core.trigger.start-by-name.process.out.v1 |
KAFKA_TOPIC_PROCESS_SCHEDULEDTIMEREVENTS_OUT_SET | Set timer schedule topic | ai.flowx.dev.core.trigger.set.timer-event-schedule.v1 |
KAFKA_TOPIC_PROCESS_SCHEDULEDTIMEREVENTS_OUT_STOP | Stop timer schedule topic | ai.flowx.dev.core.trigger.stop.timer-event-schedule.v1 |
Other topics
| Environment Variable | Description | Default Pattern |
|---|---|---|
KAFKA_TOPIC_AUDIT_OUT | Audit topic | ai.flowx.dev.core.trigger.save.audit.v1 |
KAFKA_TOPIC_EVENTSGATEWAY_OUT_MESSAGE | Events gateway messages topic | ai.flowx.dev.eventsgateway.receive.copyresource.v1 |
These Kafka topics use predefined naming conventions for ease of use. Optional adjustments may be made if the desired topic name cannot be achieved with the standard structure.
Authentication configuration
OpenID Connect configuration
| Environment Variable | Description | Default Value |
|---|---|---|
SECURITY_TYPE | Security type | oauth2 |
SECURITY_OAUTH2_CLIENT | Enable OAuth2 client | enabled |
SECURITY_OAUTH2_BASE_SERVER_URL | OAuth2 server base URL | |
SECURITY_OAUTH2_REALM | OAuth2 realm name | |
SECURITY_OAUTH2_CLIENT_CLIENTID | OAuth2 client ID | |
SECURITY_OAUTH2_CLIENT_CLIENTSECRET | OAuth2 client secret | |
SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI | OAuth2 access token URI | ${SECURITY_OAUTH2_BASE_SERVER_URL}/realms/${SECURITY_OAUTH2_REALM}/protocol/openid-connect/token |
Service account configuration
| Environment Variable | Description | Default Value |
|---|---|---|
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENTID | Service account client ID | flowx-runtime-manager-sa |
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENTSECRET | Service account client secret |
Spring security OAuth2 client configuration
| Environment Variable | Description | Default Value |
|---|---|---|
SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_OPAQUE_TOKEN_INTROSPECTION_URI | Token introspection URI | ${SECURITY_OAUTH2_BASE_SERVER_URL}/realms/${SECURITY_OAUTH2_REALM}/protocol/openid-connect/token/introspect |
SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_OPAQUE_TOKEN_CLIENTID | Resource server client ID | ${SECURITY_OAUTH2_CLIENT_CLIENTID} |
SPRING_SECURITY_OAUTH2_RESOURCE_SERVER_OPAQUE_TOKEN_CLIENTSECRET | Resource server client secret | ${SECURITY_OAUTH2_CLIENT_CLIENTSECRET} |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_PROVIDER | Identity provider name | mainAuthProvider |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENT_NAME | Client name | mainIdentity |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTID | Client ID | ${SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENTID} |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTSECRET | Client secret | ${SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENTSECRET} |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_AUTHORIZATION_GRANT_TYPE | Authorization grant type | client_credentials |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENT_AUTHENTICATION_METHOD | Client authentication method | client_secret_post |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MAINAUTHPROVIDER_TOKEN_URI | Provider token URI | ${SECURITY_OAUTH2_BASE_SERVER_URL}/realms/${SECURITY_OAUTH2_REALM}/protocol/openid-connect/token |
The Application Manager requires proper authentication settings to secure access to application resources and APIs. By default, the service is configured to use Keycloak as the OpenID provider, but it can be adapted to work with other OAuth2-compatible providers.
Refer to the dedicated section for configuring user roles and access rights:
Access Management
File storage configuration
S3 is used in the Application Manager for:
- Storing imported and exported resources
- Storing application versions and builds that are imported or exported
| Environment Variable | Description | Example Value | Default |
|---|---|---|---|
APPLICATION_FILESTORAGE_S3_SERVERURL | S3 server URL | http://minio:9000 | None |
APPLICATION_FILESTORAGE_S3_ACCESSKEY | S3 access key | Ha0wvtOE9gQ2NSzghEcs | None |
APPLICATION_FILESTORAGE_S3_SECRETKEY | S3 secret key | jY7nYLVtNh9JzMflliQKu3noPpjxD3prxIkliErX | None |
APPLICATION_FILESTORAGE_TYPE | Storage type | s3 | s3 |
APPLICATION_FILESTORAGE_DELETIONSTRATEGY | File deletion strategy | delete | delete |
APPLICATION_FILESTORAGE_S3_ENABLED | Enable S3 storage | true | true |
APPLICATION_FILESTORAGE_S3_ENCRYPTIONENABLED | Enable S3 encryption | false | false |
APPLICATION_FILESTORAGE_S3_BUCKETPREFIX | S3 bucket name prefix | applications-bucket | applications-bucket |
Monitoring and health check configuration
| Environment Variable | Description | Example Value | Default |
|---|---|---|---|
MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED | Prometheus metrics | true | false |
MANAGEMENT_HEALTH_KUBERNETES_ENABLED | Kubernetes health check | false | true |
MANAGEMENT_HEALTH_REDIS_ENABLED | Redis health check | false | true |
MANAGEMENT_HEALTH_KAFKA_ENABLED | Kafka health check | true | true |
MANAGEMENT_HEALTH_LIVENESSSTATE_ENABLED | Liveness state | true | false |
MANAGEMENT_HEALTH_READINESSSTATE_ENABLED | Readiness state | true | false |
MANAGEMENT_ENDPOINT_HEALTH_GROUP_LIVENESS_INCLUDE | Liveness probes | ping,diskSpace,accessInfo,buildInfo,db,mongo,kafkaClusterHealthCheckIndicator | ping |
MANAGEMENT_ENDPOINT_HEALTH_GROUP_READINESS_INCLUDE | Readiness probes | ping,diskSpace,accessInfo,buildInfo | ping |
Resource proxy configuration
The Resource Proxy module forwards resource-related requests to appropriate services, handling CRUD operations on the manifest. It requires proper configuration of proxy endpoints:
| Environment Variable | Description | Example Value | Default |
|---|---|---|---|
RESOURCE_PROXY_MANIFEST_URL | Manifest URL for resource proxy | URL value | None |
RESOURCE_PROXY_TARGET_URL | Target URL for resource forwarding | URL value | None |
FLOWX_RESOURCEPROXY_RETRYGETRESOURCETIMEOUTMS | Resource retrieval timeout | 500 | 500 |
FLOWX_RESOURCEPROXY_RETRYGETRESOURCEMAXCOUNT | Maximum resource retrieval retries | 10 | 10 |
FLOWX_RESOURCEPROXY_WEBCLIENT_RETRYATTEMPTS | Web client retry attempts | 2 | 2 |
FLOWX_RESOURCEPROXY_WEBCLIENT_RETRYBACKOFF | Retry backoff time (seconds) | 1 | 1 |
FLOWX_RESOURCEPROXY_WEBCLIENT_MAXINMEMORYSIZE | Maximum in-memory size | 5MB | 5MB |
FLOWX_RUNTIMEEXECUTIONPROXY_WEBCLIENT_MAXINMEMORYSIZE | Maximum REST request size | 5242880 (5 MB) | 5242880 |
FLOWX_RUNTIMEEXECUTIONPROXY_WEBCLIENT_MAXINMEMORYSIZE - Specifies the maximum size (in bytes) of in-memory data for REST requests. This is particularly useful when dealing with large payloads to prevent excessive memory consumption.
- Default Value: 5242880 (5 MB)
- Usage Example: Set to 10485760 (10 MB) to allow larger in-memory request sizes.
Scheduler configuration
The Application Manager scheduler supports retrying failed deployments and master election for better coordination of tasks across instances:
| Environment Variable | Description | Example Value | Default |
|---|---|---|---|
FLOWX_SCHEDULER_RETRYFAILEDDEPLOYMENTSCRON | Failed deployment retry cron | 0 * * * * * | None |
FLOWX_SCHEDULER_MASTERELECTION_ENABLED | Enable master election | true | false |
FLOWX_SCHEDULER_MASTERELECTION_CRONEXPRESSION | Master election cron | */30 * * * * * | None |
FLOWX_SCHEDULER_MASTERELECTION_PROVIDER | Election provider | redis | None |
Retry failed deployments
Configures a cron job to retry updating builds in the runtime database every minute when previous attempts have failed.
Master election
Enables master election for improved scheduling coordination when multiple instances of the Application Manager are running, ensuring that scheduled tasks are only executed once.
Configuring logging
To control the logging levels for the Application Manager, use the following environment variables:
| Environment Variable | Description | Example Value |
|---|---|---|
LOGGING_LEVEL_ROOT | Root Spring Boot logs level | INFO |
LOGGING_LEVEL_APP | Application-level logs level | INFO |
LOGGING_LEVEL_DB | Database interactions log level | INFO |
Data model overview
The Application Manager stores application data using a relational database schema, with key entities such as application, application_version, and application_manifest. Below are descriptions of primary entities:
- Application - Defines an application with its details like name, type, and metadata.
- Application Branch - Represents branches for versioning within an application.
- Application Version - Keeps track of each version of an application, including committed and WIP statuses.
- Application Manifest - Contains the list of resources associated with a specific application version.
Ingress configuration
Configure ingress to control external access to Application Manager: