Configuration Reference
Environment Variables
Core
| Variable | Default | Description |
|---|---|---|
REDIS_HOST | localhost | Redis hostname |
REDIS_PORT | 6379 | Redis port |
API_GATEWAY_PORT | 3001 | API Gateway listen port |
CORS_ORIGIN | http://localhost:3000 | Allowed CORS origin |
NODE_ENV | development | Node environment |
WEB_PORT | 3000 | Next.js dev server port |
API_GATEWAY_URL | http://localhost:3001 | Gateway URL used by rewrites for /auth/* and /graphql |
Keycloak (api-gateway)
| Variable | Default | Description |
|---|---|---|
KEYCLOAK_ISSUER | - | Keycloak realm issuer URL |
KEYCLOAK_JWKS_URI | - | Keycloak JWKS endpoint |
KEYCLOAK_CLIENT_ID | luckyplans-frontend | Keycloak client ID |
KEYCLOAK_CLIENT_SECRET | - | Client secret from Keycloak |
KEYCLOAK_ADMIN_URL | http://localhost:8080 | Base URL for Keycloak Admin API |
Session Management (api-gateway)
| Variable | Default | Description |
|---|---|---|
SESSION_SECRET | - | Secret for signing session cookies |
WORKER_CREDENTIAL_PEPPER | - | Secret pepper used when hashing and verifying worker credentials |
SESSION_TTL_SECONDS | 36000 | Session TTL in seconds |
Database
| Variable | Default | Description |
|---|---|---|
DATABASE_URL | - | PostgreSQL connection string for Prisma |
MinIO
| Variable | Default | Description |
|---|---|---|
MINIO_ENDPOINT | localhost | MinIO hostname |
MINIO_PORT | 9000 | MinIO API port |
MINIO_ACCESS_KEY | minioadmin | MinIO access key |
MINIO_SECRET_KEY | minioadmin | MinIO secret key |
MINIO_BUCKET | luckyplans-uploads | Bucket name |
MINIO_USE_SSL | false | Enable SSL for MinIO |
Environment variables are accessed through getEnvVar(key, defaultValue?) from @luckyplans/shared. Required variables throw when missing.
The product web app uses a relative
/graphqlURL in local development. The landing SPA has separate build-time URLs for app and docs navigation.
Helm Values
Helm values are defined in infrastructure/helm/luckyplans/values.yaml.
Key Sections
| Section | Purpose |
|---|---|
config.* | Application config rendered into the ConfigMap |
secrets | Plain-text dev secrets rendered into a Kubernetes Secret |
sealedSecrets.* | Encrypted prod secrets rendered as a SealedSecret |
image.* | Container registry and pull policy |
ingress.* | Traefik ingress configuration |
certManager.* | Let's Encrypt TLS automation |
redis.* | Redis deployment config |
postgresql.* | PostgreSQL deployment config |
keycloak.* | Keycloak deployment config |
apiGateway.* | API gateway deployment config |
landing.* | Landing SPA deployment config and baked build args |
serviceCore.* | Core service deployment config |
web.* | Product web deployment config |
Production Overrides
Production-specific values live in infrastructure/helm/luckyplans/values.prod.yaml.
Production Secrets
Production secrets are encrypted in values.prod.yaml under sealedSecrets.encryptedData. The Sealed Secrets controller decrypts them at runtime.
Example scaling
apiGateway:
replicas: 3
landing:
replicas: 2
web:
replicas: 2