Infrastructure prerequisites
Before setting up the Admin microservice, ensure the following components are properly set up:- Database Instance: The Admin microservice connects to the same database as the FlowX.AI Engine.
- MongoDB: For additional data management.
- Redis: For caching and transient data storage.
- Kafka: For audit logs, events, and messaging (if using FlowX.AI Audit functionality).
Core configuration
Server configuration
Database configuration
The Admin microservice connects to the same PostgreSQL or Oracle database as the FlowX.AI Engine for storing process definitions.The database schema is managed by a Liquibase script provided with the Engine.
MongoDB configuration
The Admin microservice also connects to a MongoDB database instance for additional data management.Ensure that the MongoDB configuration is compatible with the same database requirements as the FlowX.AI Engine, especially if sharing database instances.
Redis and caching configuration
Admin Service uses Redis for caching and storing transient data. Configure Redis connection using the standard Redis environment variables. Quick reference:Both
SPRING_DATA_REDIS_* and SPRING_REDIS_* variable prefixes are supported. The SPRING_DATA_REDIS_* prefix is the modern Spring Boot standard and is recommended for new deployments.For advanced Redis deployment modes (Sentinel, Cluster) and SSL/TLS setup, see the Redis Configuration guide. Note that Sentinel and Cluster modes are only supported by the Events Gateway service.
Kafka configuration
The Admin microservice uses Kafka for sending audit logs, managing scheduled timer events, platform component versions, and start timer event updates.General Kafka settings
Kafka producer configuration
Kafka consumer configuration
Topic naming configuration
Kafka topics configuration
Application topics
Audit topics
Platform Topics
Events gateway topics
Build topics
Resource topics
OAuth authentication for Kafka
When using thekafka-auth profile, the following variables configure OAuth for Kafka:
When using the
kafka-auth profile, the security protocol will automatically be set to SASL_PLAINTEXT and the SASL mechanism will be set to OAUTHBEARER.CAS lib configuration
Logging configuration
The FlowX Admin microservice provides granular control over logging levels for different components:Changing log levels at runtime
You can adjust log levels dynamically without restarting the service using Spring Boot Actuator endpoints. This is particularly useful for troubleshooting and debugging in production environments. Example: Change log level for a specific packageai.flowx.admin- Application-specific logsorg.springframework- Spring Framework logsorg.mongodb.driver- MongoDB driver logsorg.apache.kafka- Kafka client logs
TRACE, DEBUG, INFO, WARN, ERROR, OFF
Localization settings
Health monitoring
Platform health configuration
Multi-edit and undo/redo configuration
Resources usage configuration
Authentication and Authorization Configuration
The FlowX Admin microservice supports authentication and authorization through OpenID Connect (with Keycloak as the default provider) and allows detailed role-based access control.Security type
Service account configuration
The Admin service authenticates to other FlowX services with a dedicated service account (themainIdentity client registration) in the service-accounts realm:
When deploying with the FlowX Helm chart,
SECURITY_OAUTH2_BASESERVERURL is supplied through the chart value flowx.keycloak.baseServerUrl and the service-account client secrets are injected from the chart-managed Keycloak secret. The remaining values ship as image defaults.Designer authentication client
The role-based access control is configured in the application YAML and grants specific permissions for platform management, user management, process management, integrations management, and configuration management.
Ingress and CORS
The Admin service is exposed externally on the admin host. Routing is configured through the FlowX Helm chart, which renders either a Kubernetes Ingress (default) or a Gateway API HTTPRoute per service. CORS handling lives in the service code; only the allowed-origins list is deployment-specific.Service route
The path is set through
services.admin.ingress.admin.path (or services.admin.gateway.admin.paths) in the chart values. Override only if you serve FlowX Admin under a different prefix.
CORS configuration
Allowed methods, allowed headers (including
Authorization, Content-Type, Fx-Workspace-Id), and credential handling are baked into the serviceβs application.yaml with safe defaults. Override these only if you have a non-standard requirement.
For the complete route reference, Gateway API HTTPRoute configuration, and route customization, see the ingress configuration guide.
Troubleshooting
Common issues
Admin service fails to start
Admin service fails to start
Symptoms: Service crashes on startup or fails health checks.Solutions:
- Verify PostgreSQL connection parameters (
SPRING_DATASOURCE_URL, credentials) are correct and the database is reachable - Check that MongoDB is running and the connection URI is valid
- Ensure Kafka brokers are accessible at the configured
SPRING_KAFKA_BOOTSTRAPSERVERSaddress - Review startup logs for specific error messages indicating which dependency is unavailable
Cannot export or import resources
Cannot export or import resources
Symptoms: Import/export operations fail with permission or authentication errors.Solutions:
- Verify the Keycloak service account has the required roles for import/export operations
- Check that
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTIDandSPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTSECRETare configured correctly - Ensure the service account has
canImportaccess rights in the target workspace - Confirm the target application version is in a WIP state
Build creation fails
Build creation fails
Symptoms: Creating a build returns errors or times out.Solutions:
- Check connectivity between Admin and the application-manager service
- Verify that the Kafka topics for build operations (
KAFKA_TOPIC_BUILD_RUNTIMEDATA) are created and accessible - Ensure version compatibility between Admin and application-manager services
- Review Kafka consumer group lag for build-related topics
UI not loading in Designer
UI not loading in Designer
Symptoms: Designer interface fails to render or returns blank pages.Solutions:
- Verify the Designer service is running and healthy
- Check ingress configuration β ensure the Admin ingress (
admin-admin) is correctly routing traffic - Review CORS settings in the Ingress Configuration Guide
- Confirm that the
Fx-Workspace-Idheader is being passed correctly through the ingress
Related resources
Configuring an IAM Solution
Identity and access management setup for Keycloak and Microsoft Entra ID
Redis Configuration
Complete Redis setup including Sentinel and Cluster modes
Ingress Configuration
Centralized ingress guide with CORS configuration and best practices

