Added RBAC

fixing permissions
2026-02-05 12:15:47 +02:00 · 2026-02-04 17:57:46 +02:00 · 2026-02-04 17:55:32 +02:00 · 2026-02-04 17:31:32 +02:00 · 2026-02-04 17:25:41 +02:00 · 2026-02-04 17:10:30 +02:00
6 changed files with 142 additions and 32 deletions
--- a/k8s/apps/n8n/kustomization.yaml
+++ b/k8s/apps/n8n/kustomization.yaml
@@ -1,9 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+# Updated: Fixed n8n volume permissions issue

 resources:
  - external-secrets.yaml
  - storage.yaml
+  - rbac.yaml

 helmCharts:
  - name: n8n
@@ -13,10 +15,10 @@ helmCharts:
    namespace: n8n
    valuesFile: values-n8n.yaml
    includeCRDs: true
-  - name: searxng
-    repo: https://unknowniq.github.io/helm-charts/
-    version: 0.1.3
-    releaseName: searxng
+  - name: yacy
+    repo: https://gt.hexor.cy/api/packages/ab/helm
+    version: 0.1.2
+    releaseName: yacy
    namespace: n8n
-    valuesFile: values-searxng.yaml
+    valuesFile: values-yacy.yaml
    includeCRDs: true
--- a/k8s/apps/n8n/rbac.yaml
+++ b/k8s/apps/n8n/rbac.yaml
@@ -0,0 +1,71 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: n8n-readonly
+rules:
+- apiGroups: [""]
+  resources: 
+    - pods
+    - services
+    - endpoints
+    - persistentvolumeclaims
+    - persistentvolumes
+    - configmaps
+    - secrets
+    - nodes
+    - namespaces
+    - events
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources:
+    - deployments
+    - replicasets
+    - statefulsets
+    - daemonsets
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["networking.k8s.io"]
+  resources:
+    - ingresses
+    - networkpolicies
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["extensions"]
+  resources:
+    - ingresses
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["autoscaling"]
+  resources:
+    - horizontalpodautoscalers
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["batch"]
+  resources:
+    - jobs
+    - cronjobs
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["metrics.k8s.io"]
+  resources:
+    - pods
+    - nodes
+  verbs: ["get", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources:
+    - storageclasses
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["policy"]
+  resources:
+    - poddisruptionbudgets
+  verbs: ["get", "list", "watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: n8n-readonly
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: n8n-readonly
+subjects:
+- kind: ServiceAccount
+  name: n8n-readonly
+  namespace: n8n
--- a/k8s/apps/n8n/values-n8n.yaml
+++ b/k8s/apps/n8n/values-n8n.yaml
@@ -17,6 +17,32 @@ main:
    existingClaim: n8n-home
    mountPath: /home/node/.n8n

+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 1000
+  runAsNonRoot: true
+
+# Configure health probes for slow startup
+main:
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: http
+    initialDelaySeconds: 120  # Дать время на запуск
+    periodSeconds: 30
+    timeoutSeconds: 10
+    failureThreshold: 6
+  
+  readinessProbe:
+    httpGet:
+      path: /healthz/readiness
+      port: http
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 10
+
+
 worker:
  mode: regular

@@ -28,6 +54,12 @@ redis:

 existingEncryptionKeySecret: credentials

+serviceAccount:
+  create: true
+  automount: true
+  annotations: {}
+  name: "n8n-readonly"
+
 externalPostgresql:
  existingSecret: credentials
  host: "psql.psql.svc"
--- a/k8s/apps/n8n/values-searxng.yaml
+++ b/k8s/apps/n8n/values-searxng.yaml
@@ -1,25 +0,0 @@
-config:
-  general:
-    instance_name: "HexorSearXNG"
-    debug: true
-  server:
-    limiter: false
-    public_instance: false
-    method: "POST"
-  search:
-    safe_search: 0
-  botdetection:
-    ip_limit:
-      filter_link_local: false
-    http_accept:
-      filter: false
-    http_accept_encoding:
-      filter: false
-    http_accept_language:
-      filter: false
-    http_user_agent:
-      filter: false
-valkey:
-  enabled: true
-nodeSelector:
-  kubernetes.io/hostname: master.tail2fe2d.ts.net
--- a/k8s/apps/n8n/values-yacy.yaml
+++ b/k8s/apps/n8n/values-yacy.yaml
@@ -0,0 +1,24 @@
+nodeSelector:
+  kubernetes.io/hostname: master.tail2fe2d.ts.net
+
+resources:
+  limits:
+    memory: 2Gi
+  requests:
+    memory: 1Gi
+
+persistence:
+  enabled: true
+  size: 10Gi
+
+yacy:
+  network:
+    mode: "intranet"
+  config:
+    network.unit.bootstrap.seedlist: ""
+    network.unit.remotecrawl: "false"
+    network.unit.dhtredundancy.junior: "1"
+    network.unit.dhtredundancy.senior: "1"
+    index.receive.allow: "false"
+    index.distribute.allow: "false"
+    crawl.response.timeout: "10000"
--- a/k8s/core/kube-system-custom/nfs-storage.yaml
+++ b/k8s/core/kube-system-custom/nfs-storage.yaml
@@ -10,5 +10,11 @@ parameters:
 reclaimPolicy: Retain
 volumeBindingMode: Immediate
 mountOptions:
-  - vers=4
-  - hard
+  - nfsvers=4.1
+  - rsize=1048576
+  - wsize=1048576
+  - timeo=14
+  - intr
+  - bg
+  - soft
+  - noatime
Author	SHA1	Message	Date
Ultradesu	a7aaa3e4a5	Added RBAC All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 10s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-02-05 12:15:47 +02:00
Ultradesu	5f882c7beb	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 17:57:46 +02:00
Ultradesu	72cf9902d4	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 17:55:32 +02:00
Ultradesu	a4b2eb8ab9	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 17:31:32 +02:00
Ultradesu	80b7b0a7f7	Drop init cont fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-02-04 17:25:41 +02:00
Ultradesu	ecd475e83d	Added init cont fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 17:10:30 +02:00
ab	69aed3fe23	Update k8s/core/kube-system-custom/nfs-storage.yaml All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 15:07:27 +00:00
Ultradesu	d74479c935	Fixed SC All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 17:04:46 +02:00
Ultradesu	e5ad65b63b	Fix n8n sec context All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 16:46:14 +02:00
Ultradesu	0b143959b9	Fix n8n sec context All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-02-04 16:43:57 +02:00
Ultradesu	d35da03726	Bump yacy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 16s Details	2026-02-04 16:40:58 +02:00
Ultradesu	d5a666ac62	Bump yacy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 11s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 16:38:19 +02:00
ab	cb2a4384f3	Delete k8s/apps/n8n/values-searxng.yaml All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 10s Details	2026-02-04 14:28:39 +00:00
ab	9ec3e8ef56	Update k8s/apps/n8n/kustomization.yaml All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 13s Details	2026-02-04 14:28:02 +00:00
Ultradesu	02986ae5b6	Added YaCy chart All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 15:36:21 +02:00
Ultradesu	be766e24c8	Added YaCy chart All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 8s Details	2026-02-04 14:54:57 +02:00
Ultradesu	4c1f959d62	Added YaCy deploy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 14:27:37 +02:00
Ultradesu	cb9d027757	Added YaCy deploy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 10s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 14:25:20 +02:00
Ultradesu	4981fef85d	Adjusted searxng deploy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 9s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 7s Details	2026-02-04 14:16:00 +02:00
Ultradesu	49515d6081	Adjusted searxng deploy All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 14:14:38 +02:00