Access to FlowForge Management App via the host forge
on what ever domain is passed. e.g. if example.com
then http://forge.exmaple.com
This chart can use the Bitnami PostgreSQL Chart to provide an instance of a PostgreSQL Database to store state (forge.localPostgresql: true
).
The chart is currently pinned at the Bitanmi PostgreSQL v14 release, which only supports x86_64 deployments when using a local database
If using an external PostgreSQL Database you will need to create the database and user to pass to the helm chart using the following values:
postgresql.host
postgresql.auth.username
postgresql.auth.password
postgresql.auth.database
For other values please refer to the documentation below.
forge.image
supply a fully qualified container image for the forge app (defaultforge.registry
/flowforge/forge-k8s:)forge.domain
the domain instances will be hosted onforge.entryPoint
the custom Fully Qualified Domain Name (FQDN) for the admin app (defaultforge.[forge.domain]
)forge.https
is the Forge App accessed via HTTPS (defaulttrue
)forge.registry
the hostname for the container registry to find Project stacks (default Docker Hub)forge.localPostrgresql
Deploy a PostgreSQL v14 Database into Kubernetes cluster (defaulttrue
)forge.cloudProvider
currently only acceptsaws
but will include more as needed (default not set)forge.projectSelector
a collection of labels and values to filter nodes that Project Pods will run on (defaultrole: projects
)forge.projectNamespace
namespace Project Pods will run in (defaultflowforge
)forge.projectDeploymentTolerations
tolerations settings for Project instances. Default is[]
.forge.projectNetworkPolicy.enabled
specified if Network Policies should be created for project pods ( defaultfalse
)forge.projectNetworkPolicy.ingress
a list of ingress rules for the Network Policy applied on project pods ( default[]
)forge.projectNetworkPolicy.egress
a list of egress rules for the Network Policy applied in project pods ( default[]
)forge.managementSelector
a collection of labels and values to filter nodes the Forge App will run on (defaultrole: management
)forge.affinity
allows to configure affinity or anti-affinity for the core application podforge.license
FlowForge EE license string (optional, default not set)forge.branding
Object holding branding inserts (default not set)forge.clusterRole.name
custom name for the ClusterRole (defaultcreate-pod
)forge.resources
allows to configure resources for the core application containerforge.podSecurityContext
allows to configure securityContext for the core application podforge.livenessProbe
block with livenessProbe configuration for the core application pod (check here for more details)forge.readinessProbe
block with readinessProbe configuration for the core application pod (check here for more details)forge.startupProbe
block with startupProbe configuration for the core application pod (check here for more details)forge.containerSecurityContext
allows to configure securityContext for the core application containerforge.logPassthrough
Allows Node-RED Project pods to log in JSON format to standard out, allowing this to be ingested by a logging service (defaultfalse
)forge.labels
allows to add custom labels to the core application related objects (e.g. deployment, services, etc.) (default{}
)forge.podLabels
allows to add custom labels to the core application pod (default{}
)forge.replicas
allows the number of instances of the FlowFuse App to be set. Scaling only supported with ingress-nginx controller (default1
)
note: forge.projectSelector
and forge.managementSelector
defaults mean that you must have at least 2 nodes in your cluster and they need to be labeled before installing.
If forge.cloudProvider
is set to aws
then the following should be set
forge.aws.IAMRole
The ARN of the IAM Role which the forge app will run with
forge.email.from
the email address FlowForge will use to send email
To use STMP to send email
forge.email.from
email address to send mail as can include name e.g. ""FlowForge" flowforge@example.com"forge.email.smtp.host
if not set email is disabledforge.email.smtp.port
(default587
)forge.email.smtp.tls
(defaultfalse
)forge.email.smtp.user
If no set no credentials passed (required if password set)forge.email.smtp.password
(required if user set)forge.email.smtp.existingSecret
the name of an Kubernetes secret object with email credentials (Ifforge.email.smtp.existingSecret
is set,forge.email.smtp.password
value is ignored; default not set)
Note: External secret must contain following keys:
smtp-password
- the password to use to connect to the database (equivalent toforge.email.smtp.password
key)
To use AWS SES to send email
forge.email.ses.region
the AWS region the SES service is enabled
forge.broker.enabled
(defaultfalse
)forge.broker.url
URL to access the broker from inside the cluster (defaultmqtt://flowforge-broker.[namespace]:1883
)forge.broker.public_url
URL to access the broker from outside the cluster (defaultws://mqtt.[forge.domain]
, useswss://
ifforge.https
istrue
)forge.broker.hostname
the custom Fully Qualified Domain Name (FQDN) where the broker will be hosted (defaultmqtt.[forge.domain]
)forge.broker.affinity
allows to configure affinity or anti-affinity for the broker podforge.broker.resources
allows to configure resources for the broker containerforge.broker.podSecurityContext
allows to configure securityContext for the broker podforge.broker.containerSecurityContext
allows to configure securityContext for the broker containerforge.broker.livenessProbe
block with livenessProbe configuration for the broker pod (check here for more details)forge.broker.readinessProbe
block with readinessProbe configuration for the broker pod (check here for more details)forge.broker.startupProbe
block with startupProbe configuration for the broker pod (check here for more details)forge.broker.labels
allows to add custom labels to the broker related objects (e.g. deployment, services, etc.) (default{}
)forge.broker.podLabels
allows to add custom labels to the broker pod (default{}
)forge.broker.ingress.annotations
broker ingress annotations (default is{}
)
forge.broker.ingress.annotations
values can contain the following tokens that will be replaced as follows:
{{ instanceHost }}
replaced by the hostname of the instance{{ serviceName }}
replaced by the service name of the instance
Enables FlowForge Telemetry
forge.telemetry.enabled
enables anonymized usage reporting (defaulttrue
)forge.telemetry.posthog.apikey
enables posthog logging if set (not default)forge.telemetry.posthog.apiurl
sets posthog target host (defaulthttps://app.posthog.com
)forge.telemetry.posthog.capture_pageview
(defaulttrue
)forge.telemetry.sentry.frontend_dsn
enables sentry reporting if set (default unset)forge.telemetry.sentry.backend_dsn
enables sentry reporting if set (default unset)forge.telemetry.sentry.production_mode
rate limit reporting (defaulttrue
)forge.telemetry.sentry.environment
set SENTRY_ENV environment variable, which overrides NODE_ENV for the reported environment (default unset)forge.telemetry.google.tag
a Google Analytics Tag Account ID (default unset)forge.telemetry.google.events
an object containing keys matching events to track and values to be included (default unset)forge.telemetry.backend.prometheus.enabled
enables the/metrics
endpoint on the forge app for scraping by Prometheus
Enables HubSpot support widget in the FlowForge app
forge.support.enabled
enables support widget (defaultfalse
)forge.support.hubspot
HubSpot tracking code
Enables FlowForge billing features using Stripe
forge.ee.billing.stripe.key
Stripe API Keyforge.ee.billing.stripe.wh_secret
Stripe Web Hook callback secretforge.ee.billing.stripe.team_price
Stripe price id for default Teamforge.ee.billing.stripe.team_product
Stripe product id for default Teamforge.ee.billing.stripe.project_price
Stripe price id for default Project Typeforge.ee.billing.stripe.project_product
Stripe product id for default Project Typeforge.ee.billing.stripe.device_price
Stripe price id for Device (optional)forge.ee.billing.stripe.device_product
Stripe product id for Device (optional)forge.ee.billing.stripe.deviceCost
Set the displayed price for a Device (optional)forge.ee.billing.stripe.new_customer_free_credit
Value in cents to be awarded as credit to new usersforge.ee.billing.stripe.teams
a map containing Stripe Product & Price ids for named Team Types
forge.fileStore.enabled
(defaultfalse
)forge.fileStore.image
supply a fully qualified container image for the File Storage app (defaultforge.registry
/flowforge/file-server:)forge.fileStore.type
Choice of backends to store fileslocalfs
ors3
(defaultlocalfs
)forge.fileStore.options
Options to pass to the backend storage driver (See file-server for details)forge.fileStore.quota
Sets the maximum number of bytes that a project can store as files (default104857600
)forge.fileStore.context.type
Choice of backends for Persistent Contextsequelize
forge.fileStore.context.options
Options to pass to Persistent Context Driver (See file-server for details)forge.fileStore.context.quota
Sets the maximum number of bytes that a project can store in Persistent Context (default1048576
)forge.fileStore.resources
allows to configure resources for the file-server containerforge.fileStore.podSecurityContext
allows to configure securityContext for the flowforge-file podforge.fileStore.containerSecurityContext
allows to configure securityContext for the flowforge-file containerforge.fileStore.livenessProbe
block with livenessProbe configuration for the flowforge-file pod (check here for more details)forge.fileStore.readinessProbe
block with readinessProbe configuration for the flowforge-file pod (check here for more details)forge.fileStore.startupProbe
block with startupProbe configuration for the flowforge-file pod (check here for more details)forge.fileStore.labels
allows to add custom labels to the file-server related objects (e.g. deployment, services, etc.) (default{}
)forge.fileStore.podLabels
allows to add custom labels to the file-server pod (default{}
)
forge.privateCA.configMapName
name of ConfigMap to store the CA Cert bundle (defaultff-ca-certs
)forge.privateCA.certs
base64 encoded CA certificate PEM bundle of trusted certificates. This needs to be generated without line breaks e.g.base64 -w 0 certs.pem
(default not set)
forge.rate_limits.enabled
(defaultfalse
)forge.rate_limits.global
(defaulttrue
)forge.rate_limits.timeWindow
Time in milliseconds to evaluate requests over (default 60000)forge.rate_limits.max
Max requests per timeWindow (default 1000)forge.rate_limits.maxAnonymous
Max anonymous requests per timeWindow (defaultforge.rate_limits.max
)
forge.contentSecurityPolicy.enabled
Enabled HTTP header from Forge app (defaultfalse
)forge.contentSecurityPolicy.reportOnly
Disables enforcing and only reports in browser console (defaultfalse
)forge.contentSecurityPolicy.reportUri
ifreportOnly
enabled causes browser to POST report to URI (default not set)forge.contentSecurityPolicy.directives
a JSON object that overrides the platform defaults. Uses format defined by HelmetJS here
Everything under forge.rate_limits
is used as input to Fastify Rate Limit plugin, further options can be found here and can be included.
ingress.annotations
ingress annotations (default is{}
). This value is also applied to Editor instances created by FlowForge.ingress.className
ingress class name (default is"""
). This value is also applied to Editor instances created by FlowForge.ingress.certManagerIssuer
the name of the CertManager Issuer to use to create HTTPS certificates. (default is not set)
ingress.annotations
values can contain the following tokens that will be replaced as follows:
{{ instanceHost }}
replaced by the hostname of the instance{{ instanceURL }}
replaced by the URL for the instance{{ instanceProtocol }}
replaced by eitherhttp
orhttps
{{ serviceName }}
replaced by the service name of the instance
Provision default service account for Editors if editors.serviceAccount.create
is true
.
editors.serviceAccount.create
flag, indicates whether default Editors service account is going to be provisioned.editors.serviceAccount.annotations
k8s service account annotations.editors.serviceAccount.name
name of the service account for Editors.
Example for AWS:
editors:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::${ACCOUNT_ID}:role/${ROLE_NAME}
create: true
name: editors
postgresql.host
- the hostname of an external PostgreSQL database (default not set)postgresql.port
- the port of an external PostgreSQL database (default5432
)postgresql.ssl
- sets the connection to the database to use SSL/TLS (defaultfalse
)postgresql.auth.username
- the username to use to connect to the database (defaultforge
)postgresql.auth.password
- the password to use to connect to the database (defaultZai1Wied
)postgresql.auth.database
- the database to use (defaultflowforge
)postgresql.auth.postgresPassword
- the password to use for the postgres user (defaultMoomiet0
)postgresql.auth.existingSecret
- the name of an Kubernetes secret object with database credentials (Ifpostgresql.auth.existingSecret
is set,postgresql.auth.password
andpostgresql.auth.postgresPassword
values are ignored; default not set)
Note: External secret must contain following keys:
password
- the password to use to connect to the database (equivalent topostgresql.auth.password
key)postgress-password
- the password to use for the postgres user (equivalent topostgresql.auth.postgresPassword
key)
Following values can be used to configure the liveness, readiness and startup probes for all pods:
initialDelaySeconds
- number of seconds after the container has started before liveness or readiness probes are initiatedperiodSeconds
- how often (in seconds) to perform the probetimeoutSeconds
- number of seconds after which the probe times outsuccessThreshold
- minimum consecutive successes for the probe to be considered successful after having failedfailureThreshold
- minimum consecutive failures for the probe to be considered failed after having succeeded
Example for readiness probe:
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
Following database-related values have been removed from the chart:
forgedbName
forge.dbUsername
forge.dbPassword
forge.postgres.host
forge.postgres.port
All database configuration is maintained in the postgresql
configuration block.
Before upgrading to this version, please ensure that the postgresql
block is correctly configured.
Please pay attention to forge.dbUsername
and forge.dbPassword
values, as they are now part of the postgresql.auth
block - postgresql.auth.username
and postgresql.auth.password
respectively.
Together with new application features, this release updates the Helm sub-chart, Bitnami's Postgresql, version. If local PostgreSQL database instance is used, upgrading to this version, using our Helm chart, requires additional steps.
-
Backup the database (yq and ghead (part of
coreutils
package, MacOS only) tools are required)For linux:
DBPASSWORD=$(kubectl get cm flowforge-config -o jsonpath='{.data.flowforge\.yml}' | yq ".db.password") kubectl run -it --rm db-backup --env="PGPASSWORD=$DBPASSWORD" --image ubuntu/postgres:14-22.04_edge -- bash -c "pg_dump -h flowforge-postgresql -U forge flowforge" | head -n -2 > db.sql
For macOS/BSD:
DBPASSWORD=$(kubectl get cm flowforge-config -o jsonpath='{.data.flowforge\.yml}' | yq ".db.password") kubectl run -it --rm db-backup --env="PGPASSWORD=$DBPASSWORD" --image ubuntu/postgres:14-22.04_edge -- bash -c "pg_dump -h flowforge-postgresql -U forge flowforge" | ghead -n -2 > db.sql
-
Obtain the PVC name which stores the database data Ó
export POSTGRESQL_PVC=$(kubectl --namespace default get pvc -l app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}")
-
Delete postgresql statefulset and secret
kubectl --namespace default delete statefulset.app flowforge-postgresql kubectl --namespace default delete secret flowforge-postgresql
-
Get database image version and perform the upgrade
CURRENT_VERSION=$(kubectl --namespace defualt exec postgresql-postgresql-0 -- bash -c 'echo $BITNAMI_IMAGE_VERSION') helm upgrade --install --atomic \ --namespace default \ --values $path/to/your/values.yaml \ --set postgresql.primary.persistance.existingClaim=$POSTGRESQL_PVC \ --set postgresql.image.tag=$CURRENT_VERSION \ flowforge flowforge/flowforge
As of FlowFuse v1.12.0 the URL used to host the helm chart changed, so in order to upgrade from a previous version you will need to update the repo.
- Run
helm repo remove flowforge
- Run
helm repo add flowforge https://flowfuse.github.io/helm
You can then run the following:
- Run
helm repo update flowforge
to pull the latest version - Check the README.md for any new options to configure in
customization.yml
- Run the
helm upgrade --install flowforge flowforge -f customization.yml