Skip to content

Prefect Installation

The Prefect API and Application is installed via Helm Chart.
This helm chart constitutes the ConfigMap, Secrets, Deployments, Services, and Ingress resources necessary to deploy the full application.
Due to the number of components and configuration, details are listed below for installation and input values necessary.

Helm Charts

Helm charts will be versioned and provided through Google Artifact Registry. A full deploy requires both the Prefect helm chart necessary for deploying the services, and Istio for cluster and service routing configuration.

Values.yaml

Sections are provided below detailing the various inputs required for a successful deployment. Note that not all fields are required. For example, only one auth mechanism should be used, while leaving the other blank or empty.

Auth

Used to provide values for your ADFS or Okta application groups. These values should be provided through your Security or IAM provider. The Okta callback URL should be UI_BASE_URL/auth/okta-callback, where UI_BASE_URL is your designated DNS name for accessing the environment. 

  authProvider:
    # -- set the auth provider for the application
    # eg. okta, adfs
    type: okta

    okta:
      clientID: ""
      clientSecret: ""
      authServerURL: ""
      apiKey: ""

    adfs:
      clientID: ""
      clientSecret: ""
      clientAuthority: ""
      # True or False
      clientVerifySSL: ""

PostgreSQL

The main data store for the application.

use_embedded - A setting to test deploying an embedded Postgres server to the Kubernetes cluster. Used for testing - NOT RECOMMENDED for production workloads. superuser - should be a user that has sufficient roles and permissions to create, drop, and alter schemas, roles, and databases. serviceuser - is a secondary user created during initialization of the databases. A username (prefect by default) and password should be supplied. host should be the primary endpoint for your respective cloud database, such as RDS, Cloud SQL, or Azure SQL. If using embedded, this should be db-primary for the primary, and db-read for the replica.

  db:
    # -- set Postgres installation type (eg. embedded vs. external)
    # @default -- true
    use_embedded: true
    # -- name of the default schema used when first connecting to create Prefect schemas/tables
    # @default -- postgres
    defaultSchema: postgres
    serviceuser:
      # -- name of the Postgres user for the backend application services
      # @default -- prefect
      username: prefect
      # -- password for the Postgres user for the backend application services
      password: ""
    superuser:
      # -- name of the Postgres superuser, used to run migrations and create databases
      # @default -- postgres
      username: postgres
      # -- password for the Postgres superuser
      password: ""
    host:
      # -- host name of primary Postgres instance
      primary: db-primary
      # -- host name of replica Postgres instance
      replica: db-read
    port:
      # -- port of primary Postgres instance
      # @default -- 5432
      primary: "5432"
      # -- port of replica Postgres instance
      # @default -- 5432
      replica: "5432"

Redis

use_embedded - A setting to test deploying an embedded Redis server to the Kubernetes cluster. Used for testing - NOT RECOMMENDED for production workloads. host - The primary endpoint for your cloud hosted Redis server. port - 6379 by default password - (Optional) if you choose not to set a password on your Redis server/cluster, leave blank ssl - To toggle between TLS encrypted connections `

  redis:
    # -- set Redis installation type (eg. embedded vs. external)
    # @default -- true
    use_embedded: true
    # -- when configured as an external Redis install, specify the host
    host: ""
    # -- when configured as an external Redis install, specify the port
    # @default -- 6379
    port: 6379
    # -- when configured as an external Redis install, specify the password
    password: ""
    # -- connect to Redis using SSL
    ssl: false

Backend Configuration

There are number of values and default settings available. Only the image, repository, and optionally pullSecrets are required to successfully deploy.

  backend:
    app:
      image:
        # -- set prefect-cloud image for all services
        # will be overridden by helm-chart.yaml values
        repository: us-docker.pkg.dev/prefect-dev-self-hosted/prefect-cloud/server
        # -- set prefect-cloud image tag for all services
        tag: latest
        # -- set prefect-cloud image pull secrets for all services
        pullSecrets: []
    extraEnv: []

SMTP

  smtp:
    host: ""
    port: ""
    username: ""
    password: ""
    tls: false