Flowise
Deploy Flowise on Kubernetes — an open-source low-code tool for building LLM applications, chatbots, and AI agents with a visual drag-and-drop editor. Supports standalone SQLite mode and scalable queue mode with PostgreSQL, Redis, and S3 shared storage.
Flowise auto-generates 5 secrets on first boot: encryptionKey, jwtAuthTokenSecret, jwtRefreshTokenSecret,
expressSessionSecret, and tokenHashSecret. Without auth.existingSecret, a reinstall generates new values and
invalidates all existing sessions, stored API credentials, and tool configurations. Always provide a stable
auth.existingSecret in production before the first deployment.
Key Features
- Two topologies — standalone (SQLite + local PVC) or queue mode (PostgreSQL + Redis + S3)
- 5-key auth secret — all Flowise security tokens managed via a single
existingSecret - BullMQ queue mode — separate main pod (UI + API) and worker pods (execution) for scale-out
- PostgreSQL bootstrap —
uuid-osspextension injected automatically on first run - S3 shared storage required in queue mode — local PVC is incompatible with multiple replicas
Installation
HTTPS repository:
helm repo add helmforge https://repo.helmforge.dev
helm repo update
helm install flowise helmforge/flowise -f values.yaml
OCI registry:
helm install flowise oci://ghcr.io/helmforgedev/helm/flowise -f values.yaml
Deployment Examples
# values.yaml — Flowise standalone with SQLite (zero database configuration)
architecture:
mode: standalone
flowise:
appUrl: 'https://flowise.example.com'
fileSizeLimit: 50mb
auth:
existingSecret: flowise-auth-secrets # must contain all 5 keys before first deploy
existingSecretEncryptionKeyKey: encryption-key
existingSecretJwtAuthTokenSecretKey: jwt-auth-token-secret
existingSecretJwtRefreshTokenSecretKey: jwt-refresh-token-secret
existingSecretExpressSessionSecretKey: express-session-secret
existingSecretTokenHashSecretKey: token-hash-secret
secureCookies: true # enable when serving via HTTPS
persistence:
enabled: true
size: 10Gi
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: flowise.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: flowise-tls
hosts:
- flowise.example.com# values.yaml — Flowise standalone with bundled PostgreSQL
# NOTE: bundled PostgreSQL auto-injects uuid-ossp extension
architecture:
mode: standalone
flowise:
appUrl: 'https://flowise.example.com'
auth:
existingSecret: flowise-auth-secrets
secureCookies: true
postgresql:
enabled: true
auth:
database: flowise
username: flowise
password: 'strong-db-password'
standalone:
persistence:
enabled: true
size: 20Gi
persistence:
enabled: true
size: 5Gi # tool data and uploads (no SQLite when PostgreSQL active)
ingress:
enabled: true
ingressClassName: traefik
hosts:
- host: flowise.example.com
paths:
- path: /
pathType: Prefix# values.yaml — Flowise in queue mode (PostgreSQL + Redis + S3 mandatory)
# Queue mode: persistence.enabled MUST be false; storage.type MUST be s3
architecture:
mode: queue
flowise:
replicaCount: 2 # main pods (UI + API + job submission)
appUrl: 'https://flowise.example.com'
queue:
name: flowise-queue
worker:
replicaCount: 3 # separate worker pods consuming BullMQ jobs
concurrency: 10 # simultaneous BullMQ jobs per worker
auth:
existingSecret: flowise-auth-secrets
secureCookies: true
postgresql:
enabled: true
auth:
password: 'strong-db-password'
redis:
enabled: true
auth:
enabled: true
password: 'strong-redis-password'
persistence:
enabled: false # local PVC is incompatible with queue mode replicas
storage:
type: s3 # required in queue mode for shared blob storage
s3:
bucketName: flowise-storage
region: us-east-1
endpointUrl: 'https://s3.amazonaws.com'
forcePathStyle: false # set to true for MinIO
existingSecret: flowise-s3-credentials
ingress:
enabled: true
ingressClassName: traefik
hosts:
- host: flowise.example.com
paths:
- path: /
pathType: Prefix# values.yaml — Flowise with external PostgreSQL
# IMPORTANT: External PostgreSQL must have uuid-ossp extension:
# CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
architecture:
mode: standalone
flowise:
appUrl: 'https://flowise.example.com'
auth:
existingSecret: flowise-auth-secrets
postgresql:
enabled: false
database:
mode: external
external:
vendor: postgres
host: postgres.database.svc.cluster.local
name: flowise
username: flowise
existingSecret: flowise-db-credentials
existingSecretPasswordKey: database-password
ssl: false
persistence:
enabled: true
size: 10GiConfiguration Reference
Core
| Parameter | Type | Default | Description |
|---|---|---|---|
nameOverride |
string | "" |
Override the chart name. |
fullnameOverride |
string | "" |
Override the full release name. |
architecture.mode |
string | standalone |
Topology: standalone or queue. |
Image
| Parameter | Type | Default | Description |
|---|---|---|---|
image.repository |
string | docker.io/flowiseai/flowise |
Flowise image. |
image.tag |
string | "3.1.1" |
Image tag. |
Flowise Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
flowise.replicaCount |
integer | 1 |
Main pod replicas. Use queue mode for more than 1. |
flowise.appUrl |
string | "" |
Full public URL. Auto-detected from Ingress if empty. |
flowise.logLevel |
string | info |
Log level: error, warn, info, verbose, debug. |
flowise.fileSizeLimit |
string | 50mb |
Maximum file upload size accepted by Flowise. |
flowise.corsOrigins |
string | * |
Allowed CORS origins. |
flowise.disableTelemetry |
boolean | true |
Disable telemetry reporting. |
flowise.extraEnv |
array | [] |
Extra environment variables for the main container. |
Auth Secrets
| Parameter | Type | Default | Description |
|---|---|---|---|
auth.existingSecret |
string | "" |
Existing secret with all 5 Flowise auth tokens. |
auth.existingSecretEncryptionKeyKey |
string | encryption-key |
Key for FLOWISE_SECRETKEY_OVERWRITE. |
auth.existingSecretJwtAuthTokenSecretKey |
string | jwt-auth-token-secret |
Key for JWT_AUTH_TOKEN_SECRET. |
auth.existingSecretJwtRefreshTokenSecretKey |
string | jwt-refresh-token-secret |
Key for JWT_REFRESH_TOKEN_SECRET. |
auth.existingSecretExpressSessionSecretKey |
string | express-session-secret |
Key for EXPRESS_SESSION_SECRET. |
auth.existingSecretTokenHashSecretKey |
string | token-hash-secret |
Key for TOKEN_HASH_SECRET. |
auth.secureCookies |
boolean | false |
Enable secure cookies. Set true when serving via HTTPS. |
Database
| Parameter | Type | Default | Description |
|---|---|---|---|
database.mode |
string | auto |
Mode: auto, sqlite, external, or postgresql. |
database.sqlite.path |
string | /root/.flowise/database.sqlite |
SQLite file path inside the data volume. |
database.external.vendor |
string | postgres |
External DB vendor: postgres or mysql. |
database.external.host |
string | "" |
External database hostname. |
database.external.existingSecret |
string | "" |
Existing secret with database password. |
database.external.ssl |
boolean | false |
Enable SSL for external database connections. |
Flowise 3.1.1 migrations use uuid_generate_v4(), which requires uuid-ossp. The bundled
PostgreSQL subchart injects this extension automatically via initdb.scripts. For external
PostgreSQL, run manually before installing:
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";PostgreSQL Subchart
| Parameter | Type | Default | Description |
|---|---|---|---|
postgresql.enabled |
boolean | false |
Deploy the bundled PostgreSQL subchart. |
postgresql.auth.database |
string | flowise |
Database name. |
postgresql.auth.password |
string | "" |
Password. Auto-generated if empty. |
postgresql.standalone.persistence.size |
string | 8Gi |
PVC size for PostgreSQL. |
Queue Mode
In queue mode, multiple main and worker pods share the same blob storage. Local PVC (ReadWriteOnce) cannot be shared
across pods. Set persistence.enabled: false and configure storage.type: s3 with a shared S3-compatible bucket.
| Parameter | Type | Default | Description |
|---|---|---|---|
queue.name |
string | flowise-queue |
BullMQ queue name shared by main and workers. |
queue.worker.replicaCount |
integer | 1 |
Number of worker Deployment replicas. |
queue.worker.concurrency |
integer | 100000 |
Simultaneous BullMQ jobs per worker. |
queue.worker.removeOnAge |
integer | 86400 |
Completed job retention in seconds. |
queue.worker.removeOnCount |
integer | 10000 |
Maximum completed job count retained. |
queue.worker.extraEnv |
array | [] |
Extra environment variables for worker pods. |
queue.worker.resources |
object | {} |
CPU/memory requests and limits for workers. |
Storage
| Parameter | Type | Default | Description |
|---|---|---|---|
storage.type |
string | local |
Storage type: local or s3. |
storage.local.path |
string | /root/.flowise/storage |
Local blob storage path. |
storage.s3.bucketName |
string | "" |
S3 bucket name. |
storage.s3.region |
string | us-east-1 |
S3 region. |
storage.s3.endpointUrl |
string | "" |
Custom S3 endpoint URL. |
storage.s3.forcePathStyle |
boolean | false |
Force path-style requests. Set true for MinIO. |
storage.s3.existingSecret |
string | "" |
Existing secret with S3 credentials. |
Persistence
| Parameter | Type | Default | Description |
|---|---|---|---|
persistence.enabled |
boolean | true |
Enable PVC for /root/.flowise. Set false in queue mode. |
persistence.size |
string | 10Gi |
PVC size. |
persistence.storageClass |
string | "" |
StorageClass for the PVC. |
persistence.existingClaim |
string | "" |
Use an existing PVC. |
Backup
Backup runs pg_dump on PostgreSQL only. SQLite and local storage blobs are not included.
| Parameter | Type | Default | Description |
|---|---|---|---|
backup.enabled |
boolean | false |
Enable scheduled pg_dump S3 backup. |
backup.schedule |
string | "0 3 * * *" |
Cron schedule. |
backup.s3.endpoint |
string | "" |
S3-compatible endpoint URL. |
backup.s3.bucket |
string | "" |
Target bucket name. |
backup.s3.existingSecret |
string | "" |
Existing secret with S3 credentials. |