The Application Manager is a backend microservice in FlowX.AI that:
✅ Manages FlowX applications, versions, manifests, and configurations.
✅ Acts as a proxy for front-end resource requests.
The Application Manager and Runtime Manager share the same container image and Helm chart. Check the Deployment Guidelines in the release notes for version compatibility.
Infrastructure prerequisites
Before you start setting up the Application Manager service, ensure the following infrastructure components are in place:
| Component | Version | Purpose |
|---|
| PostgreSQL | 13+ | Storing application data |
| MongoDB | 4.4+ | Managing runtime builds |
| Redis | 6.0+ | Caching needs |
| Kafka | 2.8+ | Event-driven communication |
| OAuth2 Server | - | Authentication (Keycloak recommended) |
Dependencies
The Application Manager relies on other FlowX services and components to function properly:
Core configuration environment variables
Basic service configuration
| Environment Variable | Description | Example Value | Required |
|---|
CONFIG_PROFILE | Spring configuration profiles | k8stemplate_v2,kafka-auth | Yes |
MULTIPART_MAX_FILE_SIZE | Maximum file upload size | 25MB | No |
MULTIPART_MAX_REQUEST_SIZE | Maximum request size | 25MB | No |
LOGGING_CONFIG_FILE | Logging configuration file | logback-spring.xml | No |
Database configuration
PostgreSQL configuration
| Environment Variable | Description | Example Value | Required |
|---|
SPRING_DATASOURCE_URL | PostgreSQL JDBC URL | jdbc:postgresql://postgresql:5432/app_manager | Yes |
SPRING_DATASOURCE_USERNAME | Database username | flowx | Yes |
SPRING_DATASOURCE_PASSWORD | Database password | password | Yes |
SPRING_DATASOURCE_DRIVER_CLASS_NAME | JDBC driver class | org.postgresql.Driver | No |
MongoDB configuration
| Environment Variable | Description | Example Value | Required |
|---|
SPRING_DATA_MONGODB_URI | MongoDB connection URI | mongodb://${DB_USERNAME}:${DB_PASSWORD}@mongodb-0.mongodb-headless:27017/app-runtime?retryWrites=false | Yes |
DB_USERNAME | MongoDB username | app-runtime | Yes |
DB_PASSWORD | MongoDB password | password | Yes |
SPRING_DATA_MONGODB_STORAGE | Storage type (Azure environments only) | mongodb (alternative: cosmosdb) | No |
Redis configuration
| Environment Variable | Description | Example Value | Required |
|---|
SPRING_REDIS_HOST | Redis server hostname | redis-master | Yes |
SPRING_REDIS_PASSWORD | Redis password | password | Yes |
SPRING_REDIS_PORT | Redis server port | 6379 | No |
Kafka configuration
Kafka connection and security variables
| Environment Variable | Description | Example Value | Required |
|---|
SPRING_KAFKA_BOOTSTRAP_SERVERS | Kafka broker addresses | kafka-flowx-kafka-bootstrap:9092 | Yes |
KAFKA_TOPIC_NAMING_ENVIRONMENT | Environment prefix | dev. | Yes |
KAFKA_MESSAGE_MAX_BYTES | Maximum message size | 52428800 (50MB) | No |
OAuth authentication variables (when using SASL_PLAINTEXT)
| Environment Variable | Description | Example Value | Required |
|---|
KAFKA_OAUTH_CLIENT_ID | OAuth client ID | flowx-service-client | Conditional |
KAFKA_OAUTH_CLIENT_SECRET | OAuth client secret | flowx-service-client-secret | Conditional |
KAFKA_OAUTH_TOKEN_ENDPOINT_URI | OAuth token endpoint | https://auth-pr1180.dev3.flowxai.dev/auth/realms/kafka-authz/protocol/openid-connect/token | Conditional |
Kafka consumer configuration
| Environment Variable | Description | Default Value |
|---|
KAFKA_CONSUMER_GROUP_ID_APPLICATION_RESOURCE_EXPORT | Application export consumer group | appResourceExportGroup |
KAFKA_CONSUMER_GROUP_ID_APPLICATION_RESOURCE_IMPORT | Application import consumer group | appResourceImportGroup |
KAFKA_CONSUMER_GROUP_ID_BUILD_CREATE | Build create consumer group | buildCreateGroup |
KAFKA_CONSUMER_GROUP_ID_BUILD_UPDATE | Build update consumer group | buildUpdateGroup |
KAFKA_CONSUMER_GROUP_ID_BUILD_RESOURCE_EXPORT | Build export consumer group | buildResourceExportGroup |
KAFKA_CONSUMER_GROUP_ID_BUILD_RESOURCE_IMPORT | Build import consumer group | buildResourceImportGroup |
KAFKA_CONSUMER_GROUP_ID_PROCESS_START | Process start consumer group | processStartGroup |
KAFKA_CONSUMER_GROUP_ID_APPLICATION_MERGE | Application merge consumer group | appMergeItemGroup |
Kafka topic configuration
Application resource topics
| Environment Variable | Description | Default Pattern |
|---|
KAFKA_TOPIC_APPLICATION_RESOURCE_EXPORT | Application resource export topic | ai.flowx.dev.application-version.export.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_IMPORT | Application resource import topic | ai.flowx.dev.application-version.import.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_IN | Resource usages in topic | ai.flowx.dev.application-version.resources-usages.operations.bulk.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_OUT | Resource usages out topic | ai.flowx.dev.application-version.resources-usages.operations.bulk.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_USAGES_REFRESH | Resource usages refresh topic | ai.flowx.dev.application-version.resources-usages.refresh.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATION_RESPONSE | Resource element usage validation response | ai.flowx.dev.application-version.resources-usages.sub-res-validation.response.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_RESELEMUSAGEVALIDATION_OUT_INTEGRATION | Resource validation integration topic | ai.flowx.dev.application-version.resources-usages.sub-res-validation.request-integration.v1 |
KAFKA_TOPIC_APPLICATION_RESOURCE_COPY | Resource copy topic | ai.flowx.dev.application-version.copy-resource.v1 |
KAFKA_TOPIC_MERGE | Application merge topic | ai.flowx.dev.application-version.merge.v1 |
Build resource topics
| Environment Variable | Description | Default Pattern |
|---|
KAFKA_TOPIC_BUILD_RESOURCE_EXPORT | Build export topic | ai.flowx.dev.build.export.v1 |
KAFKA_TOPIC_BUILD_RESOURCE_IMPORT | Build import topic | ai.flowx.dev.build.import.v1 |
KAFKA_TOPIC_BUILD_RESOURCE_CREATE | Build create topic | ai.flowx.dev.build.create.v1 |
KAFKA_TOPIC_BUILD_RESOURCE_UPDATE | Build update topic | ai.flowx.dev.build.update.v1 |
KAFKA_TOPIC_START_TIMER_EVENTS_UPDATES | Timer events updates topic | ai.flowx.dev.build.start-timer-events.updates.in.v1 |
Process topics
| Environment Variable | Description | Default Pattern |
|---|
KAFKA_TOPIC_PROCESS_START_FOR_EVENT | Process start for event topic | ai.flowx.dev.core.trigger.start-for-event.process.v1 |
KAFKA_TOPIC_PROCESS_START_BY_NAME | Process start by name topic | ai.flowx.dev.core.trigger.start-by-name.process.v1 |
KAFKA_TOPIC_PROCESS_START_BY_NAME_OUT | Process start by name out topic | ai.flowx.dev.core.trigger.start-by-name.process.out.v1 |
KAFKA_TOPIC_PROCESS_SCHEDULED_TIMER_EVENTS_SET | Set timer schedule topic | ai.flowx.dev.core.trigger.set.timer-event-schedule.v1 |
KAFKA_TOPIC_PROCESS_SCHEDULED_TIMER_EVENTS_STOP | Stop timer schedule topic | ai.flowx.dev.core.trigger.stop.timer-event-schedule.v1 |
Other topics
| Environment Variable | Description | Default Pattern |
|---|
KAFKA_TOPIC_AUDIT_OUTPUT | Audit topic | ai.flowx.dev.core.trigger.save.audit.v1 |
KAFKA_TOPIC_EVENTS_GATEWAY_OUT_MESSAGE | Events gateway messages topic | ai.flowx.dev.eventsgateway.receive.copyresource.v1 |
Authentication configuration
| Environment Variable | Description | Example Value |
|---|
SECURITY_OAUTH2_BASE_SERVER_URL | OAuth2 server base URL | https://auth-pr1180.dev3.flowxai.dev/auth |
SECURITY_OAUTH2_CLIENT_CLIENT_ID | Client ID | flowx-platform-authorize |
SECURITY_OAUTH2_CLIENT_CLIENT_SECRET | Client secret | secret |
SECURITY_OAUTH2_REALM | Authentication realm | flowx |
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_SECRET | Admin service account secret | secret |
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_ID | Admin service account ID | flowx-runtime-manager-sa |
File storage configuration
| Environment Variable | Description | Example Value | Default |
|---|
APPLICATION_FILE_STORAGE_S3_SERVER_URL | S3 server URL | http://minio:9000 | None |
APPLICATION_FILE_STORAGE_S3_ACCESS_KEY | S3 access key | Ha0wvtOE9gQ2NSzghEcs | None |
APPLICATION_FILE_STORAGE_S3_SECRET_KEY | S3 secret key | jY7nYLVtNh9JzMflliQKu3noPpjxD3prxIkliErX | None |
APPLICATION_FILE_STORAGE_TYPE | Storage type | s3 | s3 |
APPLICATION_FILE_STORAGE_DELETION_STRATEGY | File deletion strategy | delete | delete |
APPLICATION_FILE_STORAGE_S3_ENABLED | Enable S3 storage | true | true |
APPLICATION_FILE_STORAGE_S3_ENCRYPTION_ENABLED | Enable S3 encryption | false | false |
APPLICATION_FILE_STORAGE_S3_BUCKET_PREFIX | S3 bucket name prefix | applications-bucket | applications-bucket |
Monitoring and health check configuration
| Environment Variable | Description | Example Value | Default |
|---|
MANAGEMENT_METRICS_EXPORT_PROMETHEUS_ENABLED | Prometheus metrics | true | false |
MANAGEMENT_HEALTH_KUBERNETES_ENABLED | Kubernetes health check | false | true |
MANAGEMENT_HEALTH_REDIS_ENABLED | Redis health check | false | true |
MANAGEMENT_HEALTH_KAFKA_ENABLED | Kafka health check | true | true |
MANAGEMENT_HEALTH_LIVENESSSTATE_ENABLED | Liveness state | true | false |
MANAGEMENT_HEALTH_READINESSSTATE_ENABLED | Readiness state | true | false |
MANAGEMENT_ENDPOINT_HEALTH_GROUP_LIVENESS_INCLUDE | Liveness probes | ping,diskSpace,accessInfo,buildInfo,db,mongo,kafkaClusterHealthCheckIndicator | ping |
MANAGEMENT_ENDPOINT_HEALTH_GROUP_READINESS_INCLUDE | Readiness probes | ping,diskSpace,accessInfo,buildInfo | ping |
Resource proxy configuration
| Environment Variable | Description | Example Value | Default |
|---|
RESOURCE_PROXY_MANIFEST_URL | Manifest URL for resource proxy | URL value | None |
RESOURCE_PROXY_TARGET_URL | Target URL for resource forwarding | URL value | None |
FLOWX_RESOURCE_PROXY_RETRY_GET_RESOURCE_TIMEOUT_MS | Resource retrieval timeout | 500 | 500 |
FLOWX_RESOURCE_PROXY_RETRY_GET_RESOURCE_MAX_COUNT | Maximum resource retrieval retries | 10 | 10 |
FLOWX_RESOURCE_PROXY_WEB_CLIENT_RETRY_ATTEMPTS | Web client retry attempts | 2 | 2 |
FLOWX_RESOURCE_PROXY_WEB_CLIENT_RETRY_BACKOFF | Retry backoff time (seconds) | 1 | 1 |
FLOWX_RESOURCE_PROXY_WEB_CLIENT_MAX_IN_MEMORY_SIZE | Maximum in-memory size | 5MB | 5MB |
FLOWX_RUNTIMEEXECUTIONPROXY_WEBCLIENT_MAXINMEMORYSIZE | Maximum REST request size | 5242880 (5 MB) | 5242880 |
Scheduler configuration
| Environment Variable | Description | Example Value | Default |
|---|
FLOWX_SCHEDULER_RETRY_FAILED_DEPLOYMENTS_CRON | Failed deployment retry cron | 0 * * * * * | None |
FLOWX_SCHEDULER_MASTER_ELECTION_ENABLED | Enable master election | true | false |
FLOWX_SCHEDULER_MASTER_ELECTION_CRON_EXPRESSION | Master election cron | */30 * * * * * | None |
FLOWX_SCHEDULER_MASTER_ELECTION_PROVIDER | Election provider | redis | None |
Kafka topic naming convention
The Application Manager uses a structured topic naming convention with the following components:
| Component | Default Value | Environment Variable | Description |
|---|
package | ai.flowx. | KAFKA_TOPIC_NAMING_PACKAGE | Base package identifier |
environment | dev. | KAFKA_TOPIC_NAMING_ENVIRONMENT | Deployment environment |
version | .v1 | KAFKA_TOPIC_NAMING_VERSION | Topic version |
separator | . | KAFKA_TOPIC_NAMING_SEPARATOR | Main separator |
separator2 | - | KAFKA_TOPIC_NAMING_SEPARATOR2 | Secondary separator |
The topics follow a pattern like:
Ingress configuration
Configure ingress to control external access to Application Manager:
