change n8n to external runner

apps/charts/n8n/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: v2
 version: 1.0.0
-name: Jellyfin
+name: n8n

apps/charts/n8n/templates/deployment.yaml

@@ -17,18 +17,23 @@ spec:
     spec:
       containers:
         - name: "{{ .Release.Name }}"
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ .Values.service.image.repository }}:{{ .Values.service.image.tag }}"
-          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          imagePullPolicy: "{{ .Values.service.image.pullPolicy }}"
           ports:
             - name: http
               containerPort: 5678
               protocol: TCP
+            - name: http-broker
+              containerPort: 5679
+              protocol: TCP
           livenessProbe:
-            tcpSocket:
+            httpGet:
               port: http
+              path: /healthz
           readinessProbe:
-            tcpSocket:
+            httpGet:
               port: http
+              path: /healthz
           volumeMounts:
             - mountPath: /home/node/.n8n
               name: data
@@ -39,10 +44,12 @@ spec:
               value: "{{ .Values.globals.timezone }}"
             - name: N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS
               value: "true"
-            - name: N8N_RUNNERS_ENABLED
+            - name: OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS
               value: "true"
             - name: N8N_EDITOR_BASE_URL
               value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
+            - name: WEBHOOK_URL
+              value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
             - name: VUE_APP_URL_BASE_API
               value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }}
             - name: N8N_HOST
@@ -76,7 +83,76 @@ spec:
                 secretKeyRef:
                   name: "{{ .Release.Name }}-pg-connection"
                   key: password
+            - name: N8N_RUNNERS_AUTH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-secret"
+                  key: password
+            - name: N8N_RUNNERS_ENABLED
+              value: 'true'
+            - name: N8N_RUNNERS_MODE
+              value: external
+            - name: N8N_NATIVE_PYTHON_RUNNER
+              value: 'true'
+            - name: N8N_NATIVE_PYTHON_RUNNER
+              value: 'true'
+            - name: N8N_RUNNERS_BROKER_LISTEN_ADDRESS
+              value: '0.0.0.0'
       volumes:
         - name: data
           persistentVolumeClaim:
             claimName: "{{ .Release.Name }}-data"
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Release.Name }}-runner"
+spec:
+  strategy:
+    type: RollingUpdate
+  replicas: 1
+  revisionHistoryLimit: 0
+  selector:
+    matchLabels:
+      app: "{{ .Release.Name }}-runner"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Release.Name }}-runner"
+    spec:
+      containers:
+        - name: "{{ .Release.Name }}-runner"
+          image: "{{ .Values.runner.image.repository }}:{{ .Values.runner.image.tag }}"
+          imagePullPolicy: "{{ .Values.runner.image.pullPolicy }}"
+          ports:
+            - name: http
+              containerPort: 5680
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              port: http
+              path: /healthz
+          readinessProbe:
+            httpGet:
+              port: http
+              path: /healthz
+          env:
+            - name: TZ
+              value: "{{ .Values.globals.timezone }}"
+            - name: N8N_RUNNERS_AUTH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-secret"
+                  key: password
+            - name: N8N_RUNNERS_TASK_BROKER_URI
+              value: 'http://{{ .Release.Name }}-broker:80'
+          volumeMounts:
+            - mountPath: /etc/n8n-task-runners.json
+              name: config
+              subPath: n8n-task-runners.json
+      volumes:
+        - name: config
+          configMap:
+            name: "{{ .Release.Name }}-runner-config"

apps/charts/n8n/templates/runner-config.yaml

@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ .Release.Name }}-runner-config"
+  labels:
+    app: "{{ .Release.Name }}"
+data:
+  n8n-task-runners.json: |
+    {
+      "task-runners": [
+        {
+          "runner-type": "javascript",
+          "workdir": "/home/runner",
+          "command": "/usr/local/bin/node",
+          "args": [
+            "--disallow-code-generation-from-strings",
+            "--disable-proto=delete",
+            "/opt/runners/task-runner-javascript/dist/start.js"
+          ],
+          "health-check-server-port": "5681",
+          "allowed-env": [
+            "PATH",
+            "GENERIC_TIMEZONE",
+            "NODE_OPTIONS",
+            "N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT",
+            "N8N_RUNNERS_TASK_TIMEOUT",
+            "N8N_RUNNERS_MAX_CONCURRENCY",
+            "N8N_SENTRY_DSN",
+            "N8N_VERSION",
+            "ENVIRONMENT",
+            "DEPLOYMENT_NAME",
+            "HOME"
+          ],
+          "env-overrides": {
+            "NODE_FUNCTION_ALLOW_BUILTIN": "crypto",
+            "NODE_FUNCTION_ALLOW_EXTERNAL": "moment",
+            "N8N_RUNNERS_HEALTH_CHECK_SERVER_HOST": "0.0.0.0"
+          }
+        },
+        {
+          "runner-type": "python",
+          "workdir": "/home/runner",
+          "command": "/opt/runners/task-runner-python/.venv/bin/python",
+          "args": ["-m", "src.main"],
+          "health-check-server-port": "5682",
+          "allowed-env": [
+            "PATH",
+            "N8N_RUNNERS_LAUNCHER_LOG_LEVEL",
+            "N8N_RUNNERS_AUTO_SHUTDOWN_TIMEOUT",
+            "N8N_RUNNERS_TASK_TIMEOUT",
+            "N8N_RUNNERS_MAX_CONCURRENCY",
+            "N8N_SENTRY_DSN",
+            "N8N_VERSION",
+            "ENVIRONMENT",
+            "DEPLOYMENT_NAME"
+          ],
+          "env-overrides": {
+            "PYTHONPATH": "/opt/runners/task-runner-python",
+            "N8N_RUNNERS_STDLIB_ALLOW": "socket",
+            "N8N_RUNNERS_EXTERNAL_ALLOW": ""
+          }
+        }
+      ]
+    }

apps/charts/n8n/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: homelab.mortenolsen.pro/v1
+kind: GenerateSecret
+metadata:
+  name: "{{ .Release.Name }}-secret"
+spec:
+  fields:
+    - name: password
+      encoding: hex
+      length: 64
+

apps/charts/n8n/templates/service.yaml

@@ -13,3 +13,21 @@ spec:
       name: http
   selector:
     app: '{{ .Release.Name }}'
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: '{{ .Release.Name }}-broker'
+  labels:
+    app: '{{ .Release.Name }}-broker'
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 5679
+      protocol: TCP
+      name: http
+  selector:
+    app: '{{ .Release.Name }}'

apps/charts/n8n/values.yaml

@@ -1,5 +1,11 @@
-image:
+service:
-  repository: docker.n8n.io/n8nio/n8n
+  image:
-  tag: 1.123.1@sha256:cbb838c888f8d849afcb855d34390c6644ebad2c51010a0a12c3b83960a5b3f7
+    repository: n8nio/n8n
-  pullPolicy: IfNotPresent
+    tag: 1.123.1@sha256:cbb838c888f8d849afcb855d34390c6644ebad2c51010a0a12c3b83960a5b3f7
+    pullPolicy: IfNotPresent
+runner:
+  image:
+    repository: n8nio/runners
+    tag: 1.123.1
+    pullPolicy: IfNotPresent
 subdomain: n8n