The Application Manager and Runtime Manager share the same container image and Helm chart. Refer to the Deployment Guidelines in the release notes to ensure compatibility and verify the correct version.

Infrastructure prerequisites

The Runtime Manager service requires the following components to be set up before it can be started:

  • PostgreSQL - version 13 or higher for managing application data
  • MongoDB - version 4.4 or higher for managing runtime data
  • Redis - version 6.0 or higher (if required)
  • Kafka - version 2.8 or higher for event-driven communication between services
  • OAuth2 Authentication - Ensure a compatible OAuth2 authorization server is configured.

Dependencies

Change the application name

Environment VariableDescriptionExample Value
SPRING_APPLICATION_NAMEService identifier used for service discovery and loggingruntime-manager

Default Value: application-manager -> must be changed to runtime-manager

Core service configuration

Environment VariableDescriptionExample Value
CONFIG_PROFILESpring configuration profiles to activatek8stemplate_v2
FLOWX_ENVIRONMENT_NAMEEnvironment identifier (dev, staging, prod, etc.)pr
LOGGING_CONFIG_FILEPath to logging configuration filelogback-spring.xml
MULTIPART_MAX_FILE_SIZEMaximum file size for uploads25MB
MULTIPART_MAX_REQUEST_SIZEMaximum total request size25MB

Database configuration

The Runtime Manager uses the same PostgreSQL (to store application data) and MongoDB (to manage runtime data) as application-manager. Configure these database connections with the following environment variables:

PostgreSQL (Application data)

Environment VariableDescriptionExample Value
SPRING_DATASOURCE_URLJDBC URL for PostgreSQL connectionjdbc:postgresql://postgresql:5432/app_manager
SPRING_DATASOURCE_USERNAMEPostgreSQL usernameflowx
SPRING_DATASOURCE_PASSWORDPostgreSQL passwordsensitive

MongoDB (Runtime data)

Environment VariableDescriptionExample Value
SPRING_DATA_MONGODB_URIURI for MongoDB connectionmongodb://${DB_USERNAME}:${DB_PASSWORD}@mongodb-0.mongodb-headless,mongodb-1.mongodb-headless,mongodb-arbiter-0.mongodb-headless:27017/${DB_NAME}?retryWrites=false
DB_NAMEMongoDB database nameapp-runtime
DB_USERNAMEMongoDB usernameapp-runtime
DB_PASSWORDMongoDB passwordsensitive

Redis configuration

Environment VariableDescriptionExample Value
SPRING_DATA_REDIS_HOSTRedis server hostnameredis-master
SPRING_DATA_REDIS_PASSWORDRedis passwordsensitive
SPRING_DATA_REDIS_PORTRedis server port6379
SPRING_REDIS_TTLDefault Redis TTL in milliseconds5000000

Kafka configuration

Kafka connection

Environment VariableDescriptionExample Value
SPRING_KAFKA_BOOTSTRAPSERVERSKafka broker addresseskafka-flowx-kafka-bootstrap:9092
KAFKA_TOPIC_NAMING_ENVIRONMENTEnvironment prefix for Kafka topics

Kafka OAuth Authentication

Environment VariableDescriptionExample Value
KAFKA_OAUTH_CLIENT_IDOAuth client ID for Kafkaflowx-service-client
KAFKA_OAUTH_CLIENT_SECRETOAuth client secret for Kafkaflowx-service-client-secret
KAFKA_OAUTH_TOKEN_ENDPOINT_URIOAuth token endpoint for Kafka{baseUrl}/auth/realms/kafka-authz/protocol/openid-connect/token

Kafka OAuth authentication secures communication between services using the Kafka message broker. The client ID and secret are used to obtain an access token from the token endpoint.

Authentication configuration

OpenID Connect configuration

Environment VariableDescriptionExample Value
SECURITY_OAUTH2_BASE_SERVER_URLOAuth2 server base URL{baseUrl}/auth
SECURITY_OAUTH2_REALMOAuth2 realm nameflowx
SECURITY_OAUTH2_CLIENT_CLIENT_IDOAuth2 client IDflowx-platform-authorize
SECURITY_OAUTH2_CLIENT_CLIENT_SECRETOAuth2 client secretsensitive
SECURITY_OAUTH2_SERVICE_ACCOUNT_ADMIN_CLIENT_SECRETAdmin service account secretsensitive

The service account configuration approach is deprecated but still supported for backward compatibility. In newer deployments, consider using the standard OAuth2 client configuration.

File storage configuration

Environment VariableDescriptionExample Value
APPLICATION_FILE_STORAGE_S3_SERVER_URLS3-compatible storage server URLhttp://minio:9000
APPLICATION_FILE_STORAGE_S3_ACCESS_KEYS3 access keysensitive
APPLICATION_FILE_STORAGE_S3_SECRET_KEYS3 secret keysensitive

S3-compatible storage is used for storing application files, exports, and imports. The Runtime Manager supports MinIO, AWS S3, and other S3-compatible storage solutions.

Ingress configuration

For exposing the Runtime manager service, configure public, admin and adminInstances ingress settings:

ingress:
  enabled: true
  public:
    enabled: true
    hostname: "{{ .Values.flowx.ingress.public }}"
    path: /rtm/api/runtime(/|$)(.*)
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /api/runtime/$2
      nginx.ingress.kubernetes.io/cors-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,platform,Flowx-Platform
  admin:
    enabled: true
    hostname: "{{ .Values.flowx.ingress.admin }}"
    path: /rtm/api/build-mgmt(/|$)(.*)
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /api/build-mgmt/$2
      nginx.ingress.kubernetes.io/cors-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,platform,Flowx-Platform
  adminInstances:
    enabled: true
    hostname: "{{ .Values.flowx.ingress.admin }}"
    path: /rtm/api/(runtime|runtime-internal)/(.*)
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /api/$1/$2
      nginx.ingress.kubernetes.io/cors-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-

Note: Replace placeholders in environment variables with the appropriate values for your environment before starting the service.