Requirements

What you need to run Rediflow: system requirements, optional components, and deployment options.

Container runtime

  • Podman (rootless or root) with Compose: podman-compose or Podman 4.1+ with built-in podman compose.
  • Docker is supported: use docker compose with DOCKER=1 in the Makefile.

Most organisations already run Podman or Docker. Rediflow works with both.

Database

  • PostgreSQL 18+ — The app uses containerised PostgreSQL only. It will not start with SQLite or other backends.
  • The database runs in a container (via compose) or can be external if you provide DATABASE_URL.

Operating system

Required configuration

Item Description
DATABASE_URL PostgreSQL connection URL (e.g. postgresql://user:pass@host:5432/dbname).
SECRET_KEY Flask secret; required in QA and production. Use a strong value.

See Configuration for the full list of environment variables.

Optional: authentication (OIDC / OpenID Connect)

If you want login and project visibility by group:

  • OIDC (OpenID Connect) provider — Authentik or Keycloak (or any OIDC-compliant provider).
  • Environment variables: OIDC_ISSUER, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET.
  • Groups in token: The app expects a groups claim as a list of strings (e.g. ["rediflow-admins", "rediflow-org-ACR"]). Configure your IdP to include groups in the token.

See Authentik setup for Authentik, or configure Keycloak to send groups as a JSON array.

Deployment options

Customers host the service themselves. All deployment options require you to operate the infrastructure.

Option Description
Deployment overview Podman/Docker, build vs pre-built, which path to choose.
Run with Podman or Docker Build image locally, run with compose.
Deploy QA and production Use pre-built image from registry; no local build.
Deploy on Ubuntu Nested containers on Ubuntu 24.04.
Deploy on Rocky Linux Nested containers on Rocky Linux 10.1.

Network and ports

  • App: HTTP on port 5000 (dev) or 5001 (QA) by default.
  • Database: PostgreSQL on port 5432 (or POSTGRES_PORT).
  • Registry: If using the private GitLab image, ensure access to registry.gitlab.com.