From 1b626def2418cceb66f2182399fcf470db31655a Mon Sep 17 00:00:00 2001 From: Morten Olsen Date: Fri, 2 Jan 2026 11:41:01 +0100 Subject: [PATCH] migate n8n --- apps/charts/n8n/Chart.yaml | 4 + apps/charts/n8n/templates/client.yaml | 11 +- apps/charts/n8n/templates/database.yaml | 7 +- apps/charts/n8n/templates/deployment.yaml | 106 +------------- apps/charts/n8n/templates/pvc.yaml | 12 +- .../templates/secret-external-secrets.yaml | 1 + .../templates/secret-password-generators.yaml | 1 + apps/charts/n8n/templates/secret.yaml | 10 -- apps/charts/n8n/templates/service.yaml | 34 +---- .../charts/n8n/templates/virtual-service.yaml | 40 +---- apps/charts/n8n/values.yaml | 137 +++++++++++++++++- apps/charts/ollama/templates/client.yaml | 10 -- 12 files changed, 144 insertions(+), 229 deletions(-) create mode 100644 apps/charts/n8n/templates/secret-external-secrets.yaml create mode 100644 apps/charts/n8n/templates/secret-password-generators.yaml delete mode 100644 apps/charts/n8n/templates/secret.yaml delete mode 100644 apps/charts/ollama/templates/client.yaml diff --git a/apps/charts/n8n/Chart.yaml b/apps/charts/n8n/Chart.yaml index 2a9c098..319f2c7 100644 --- a/apps/charts/n8n/Chart.yaml +++ b/apps/charts/n8n/Chart.yaml @@ -1,3 +1,7 @@ apiVersion: v2 version: 1.0.0 name: n8n +dependencies: + - name: common + version: 1.0.0 + repository: file://../../common diff --git a/apps/charts/n8n/templates/client.yaml b/apps/charts/n8n/templates/client.yaml index 4c88d9b..c13745f 100644 --- a/apps/charts/n8n/templates/client.yaml +++ b/apps/charts/n8n/templates/client.yaml @@ -1,10 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: '{{ .Release.Name }}' -spec: - environment: '{{ .Values.globals.environment }}' - redirectUris: - - path: /rest/oauth2-credential/callback - subdomain: '{{ .Values.subdomain }}' - matchingMode: strict +{{ include "common.oidc" . }} diff --git a/apps/charts/n8n/templates/database.yaml b/apps/charts/n8n/templates/database.yaml index 6a30b53..8a7fad4 100644 --- a/apps/charts/n8n/templates/database.yaml +++ b/apps/charts/n8n/templates/database.yaml @@ -1,6 +1 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: PostgresDatabase -metadata: - name: '{{ .Release.Name }}' -spec: - environment: '{{ .Values.globals.environment }}' +{{ include "common.database" . }} diff --git a/apps/charts/n8n/templates/deployment.yaml b/apps/charts/n8n/templates/deployment.yaml index da9d785..7bc1197 100644 --- a/apps/charts/n8n/templates/deployment.yaml +++ b/apps/charts/n8n/templates/deployment.yaml @@ -1,110 +1,6 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: "{{ .Release.Name }}" -spec: - strategy: - type: RollingUpdate - replicas: 1 - revisionHistoryLimit: 0 - selector: - matchLabels: - app: "{{ .Release.Name }}" - template: - metadata: - labels: - app: "{{ .Release.Name }}" - spec: - containers: - - name: "{{ .Release.Name }}" - image: "{{ .Values.service.image.repository }}:{{ .Values.service.image.tag }}" - imagePullPolicy: "{{ .Values.service.image.pullPolicy }}" - ports: - - name: http - containerPort: 5678 - protocol: TCP - - name: http-broker - containerPort: 5679 - protocol: TCP - livenessProbe: - httpGet: - port: http - path: /healthz - readinessProbe: - httpGet: - port: http - path: /healthz - volumeMounts: - - mountPath: /home/node/.n8n - name: data - env: - - name: TZ - value: "{{ .Values.globals.timezone }}" - - name: GENERIC_TIMEZONE - value: "{{ .Values.globals.timezone }}" - - name: N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS - value: "true" - - name: OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS - value: "true" - - name: N8N_EDITOR_BASE_URL - value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }} - - name: WEBHOOK_URL - value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }} - - name: VUE_APP_URL_BASE_API - value: https://{{ .Values.subdomain }}.{{ .Values.globals.domain }} - - name: N8N_HOST - value: "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - name: N8N_DIAGNOSTICS_ENABLED - value: "false" - - name: DB_TYPE - value: postgresdb - - name: DB_POSTGRESDB_DATABASE - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: database - - name: DB_POSTGRESDB_HOST - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: host - - name: DB_POSTGRESDB_PORT - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: port - - name: DB_POSTGRESDB_USER - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: user - - name: DB_POSTGRESDB_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-pg-connection" - key: password - - name: N8N_RUNNERS_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-secret" - key: password - - name: N8N_RUNNERS_ENABLED - value: 'true' - - name: N8N_RUNNERS_MODE - value: external - - name: N8N_NATIVE_PYTHON_RUNNER - value: 'true' - - name: N8N_NATIVE_PYTHON_RUNNER - value: 'true' - - name: N8N_RUNNERS_BROKER_LISTEN_ADDRESS - value: '0.0.0.0' - volumes: - - name: data - persistentVolumeClaim: - claimName: "{{ .Release.Name }}-data" +{{ include "common.deployment" . }} --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/apps/charts/n8n/templates/pvc.yaml b/apps/charts/n8n/templates/pvc.yaml index bc1d0a6..379bad9 100644 --- a/apps/charts/n8n/templates/pvc.yaml +++ b/apps/charts/n8n/templates/pvc.yaml @@ -1,11 +1 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: '{{ .Release.Name }}-data' -spec: - accessModes: - - 'ReadWriteOnce' - resources: - requests: - storage: '1Gi' - storageClassName: '{{ .Values.globals.environment }}' +{{ include "common.pvc" . }} diff --git a/apps/charts/n8n/templates/secret-external-secrets.yaml b/apps/charts/n8n/templates/secret-external-secrets.yaml new file mode 100644 index 0000000..de340c4 --- /dev/null +++ b/apps/charts/n8n/templates/secret-external-secrets.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.externalSecrets" . }} diff --git a/apps/charts/n8n/templates/secret-password-generators.yaml b/apps/charts/n8n/templates/secret-password-generators.yaml new file mode 100644 index 0000000..2183e0a --- /dev/null +++ b/apps/charts/n8n/templates/secret-password-generators.yaml @@ -0,0 +1 @@ +{{ include "common.externalSecrets.passwordGenerators" . }} diff --git a/apps/charts/n8n/templates/secret.yaml b/apps/charts/n8n/templates/secret.yaml deleted file mode 100644 index bce9c76..0000000 --- a/apps/charts/n8n/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: GenerateSecret -metadata: - name: "{{ .Release.Name }}-secret" -spec: - fields: - - name: password - encoding: hex - length: 64 - diff --git a/apps/charts/n8n/templates/service.yaml b/apps/charts/n8n/templates/service.yaml index 713fbb3..f024c64 100644 --- a/apps/charts/n8n/templates/service.yaml +++ b/apps/charts/n8n/templates/service.yaml @@ -1,33 +1 @@ -apiVersion: v1 -kind: Service -metadata: - name: '{{ .Release.Name }}' - labels: - app: '{{ .Release.Name }}' -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 5678 - protocol: TCP - name: http - selector: - app: '{{ .Release.Name }}' - ---- - -apiVersion: v1 -kind: Service -metadata: - name: '{{ .Release.Name }}-broker' - labels: - app: '{{ .Release.Name }}-broker' -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: 5679 - protocol: TCP - name: http - selector: - app: '{{ .Release.Name }}' +{{ include "common.service" . }} diff --git a/apps/charts/n8n/templates/virtual-service.yaml b/apps/charts/n8n/templates/virtual-service.yaml index 36e9d43..766f6b9 100644 --- a/apps/charts/n8n/templates/virtual-service.yaml +++ b/apps/charts/n8n/templates/virtual-service.yaml @@ -1,39 +1 @@ -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-public" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.public }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - ---- -apiVersion: networking.istio.io/v1 -kind: VirtualService -metadata: - name: "{{ .Release.Name }}-private" - namespace: "{{ .Release.Namespace }}" -spec: - gateways: - - "{{ .Values.globals.istio.gateways.private }}" - - mesh - hosts: - - "{{ .Values.subdomain }}.{{ .Values.globals.domain }}" - - mesh - http: - - route: - - destination: - host: "{{ .Release.Name }}" - port: - number: 80 - +{{ include "common.virtualService" . }} diff --git a/apps/charts/n8n/values.yaml b/apps/charts/n8n/values.yaml index 6a063ef..f0c66db 100644 --- a/apps/charts/n8n/values.yaml +++ b/apps/charts/n8n/values.yaml @@ -1,11 +1,138 @@ -service: - image: - repository: n8nio/n8n - tag: 2.2.1@sha256:ee59276d9d5c7daa97462830cfae12d71cea55adcad705e1756e0c616fcf26b9 - pullPolicy: IfNotPresent +image: + repository: n8nio/n8n + tag: 2.2.1@sha256:ee59276d9d5c7daa97462830cfae12d71cea55adcad705e1756e0c616fcf26b9 + pullPolicy: IfNotPresent + runner: image: repository: n8nio/runners tag: 2.2.1@sha256:5493a0abe36a0b0e6cca4b3eb6a4d73c2af60db87a8310181f3aea6447a71114 pullPolicy: IfNotPresent + subdomain: n8n + +# Deployment configuration +deployment: + strategy: RollingUpdate + replicas: 1 + revisionHistoryLimit: 0 + +# Container configuration (multiple ports) +container: + ports: + - name: http + port: 5678 + protocol: TCP + - name: http-broker + port: 5679 + protocol: TCP + healthProbe: + type: httpGet + path: /healthz + port: http # Use named port + +# Service configuration (multiple services) +service: + ports: + - name: http + port: 80 + targetPort: 5678 + type: ClusterIP + - name: broker + port: 80 + targetPort: 5679 + serviceName: broker + type: ClusterIP + +# Volume configuration +volumes: + - name: data + mountPath: /home/node/.n8n + persistentVolumeClaim: data + +# Persistent volume claims +persistentVolumeClaims: + - name: data + size: 1Gi + +# VirtualService configuration +virtualService: + enabled: true + gateways: + public: true + private: true + +# OIDC client configuration +oidc: + enabled: true + redirectUris: + - "/rest/oauth2-credential/callback" + subjectMode: user_username + +# Database configuration +database: + enabled: true + +# External Secrets configuration +externalSecrets: + - name: "{release}-secret" + passwords: + - name: password + length: 64 + allowRepeat: true + encoding: hex + secretKeys: + - password + +# Environment variables +env: + TZ: + value: "{timezone}" + GENERIC_TIMEZONE: + value: "{timezone}" + N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: "true" + OFFLOAD_MANUAL_EXECUTIONS_TO_WORKERS: "true" + N8N_EDITOR_BASE_URL: + value: "https://{subdomain}.{domain}" + WEBHOOK_URL: + value: "https://{subdomain}.{domain}" + VUE_APP_URL_BASE_API: + value: "https://{subdomain}.{domain}" + N8N_HOST: + value: "{subdomain}.{domain}" + N8N_DIAGNOSTICS_ENABLED: "false" + DB_TYPE: postgresdb + DB_POSTGRESDB_DATABASE: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: database + DB_POSTGRESDB_HOST: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: host + DB_POSTGRESDB_PORT: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: port + DB_POSTGRESDB_USER: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: user + DB_POSTGRESDB_PASSWORD: + valueFrom: + secretKeyRef: + name: "{release}-connection" + key: password + N8N_RUNNERS_AUTH_TOKEN: + valueFrom: + secretKeyRef: + name: "{release}-secret" + key: password + N8N_RUNNERS_ENABLED: "true" + N8N_RUNNERS_MODE: external + N8N_NATIVE_PYTHON_RUNNER: "true" + N8N_RUNNERS_BROKER_LISTEN_ADDRESS: "0.0.0.0" diff --git a/apps/charts/ollama/templates/client.yaml b/apps/charts/ollama/templates/client.yaml deleted file mode 100644 index 8299b34..0000000 --- a/apps/charts/ollama/templates/client.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: homelab.mortenolsen.pro/v1 -kind: OidcClient -metadata: - name: '{{ .Release.Name }}' -spec: - environment: '{{ .Values.globals.environment }}' - redirectUris: - - path: /oauth/oidc/callback - subdomain: '{{ .Values.subdomain }}' - matchingMode: strict