infrapuzzle/k8s/n8n/n8n.secret.yml

#small deployment with nodeport for local testing or small deployments
image:
  repository: n8nio/n8n
  tag: 1.123.4
  pullPolicy: Always
  # Overrides the image tag whose default is the chart appVersion.
  #tag: "stable"


main:
  config:
    generic:
      timezone: Europe/Berlin
    n8n:
      editor_base_url: https://n8n.moritzgraf.de
    webhook_url: https://n8n.moritzgraf.de
    extra:
      node_modules:
      - axios
    node:
      function_allow_builtin: '*'
      function_allow_external: '*'
    db:
      type: postgresdb
      postgresdb:
        host: db-rw
        user: n8n
#        password: password is read from cnpg db-app secretKeyRef
# Moritz: Assuming the db-app secret is created by cnpg operator
        pool:
          size: 10
        ssl:
          enabled: true
          reject_Unauthorized: true
          ca_file: "/home/ssl/certs/postgresql/ca.crt"
  secret:
    n8n:
      encryption_key: "iHiquee6joibooK1aj9doh8wieliehua5ni6oSheix4oopheiz"
  extraEnv:
    DB_POSTGRESDB_PASSWORD:
      valueFrom:
        secretKeyRef:
          name: db-app
          key: password
  # Mount the CNPG CA Cert into N8N container
  extraVolumeMounts:
    - name: db-ca-cert
      mountPath: /home/ssl/certs/postgresql
      readOnly: true

  extraVolumes:
    - name: db-ca-cert
      secret:
        secretName: db-ca
        items:
          - key: ca.crt
            path: ca.crt
  resources:
    limits:
      memory: 2048Mi
    requests:
      memory: 512Mi
  service:
    type: NodePort
    port: 5678


ingress:
  # Enable ingress for home assistant
  enabled: true
  className: "nginx"
  annotations:
    kubernetes.io/ingress.class: "nginx"    
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-buffering: "off"
    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
  hosts:
    - host: n8n.moritzgraf.de
      paths:
        - path: /
          pathType: Prefix
  tls:
  - hosts:
    - "n8n.moritzgraf.de"
    secretName: n8n-moritzgraf-de

# cnpg DB cluster request
extraManifests:
  - apiVersion: postgresql.cnpg.io/v1
    kind: Cluster
    metadata:
      name: db
    spec:
      instances: 1
      bootstrap:
        initdb:
          database: n8n
          owner: n8n
      postgresql:
        parameters:
          shared_buffers: "64MB"
      resources:
        requests:
          memory: "512Mi"
        limits:
          memory: "512Mi"
      storage:
        size: 1Gi