Auto-update README with current k8s applications

Generated by CI/CD workflow on 2026-02-05 10:16:22 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.
Added RBAC
2026-02-05 10:16:22 +00:00 · 2026-02-05 12:15:47 +02:00 · 2026-02-04 17:57:46 +02:00 · 2026-02-04 17:55:32 +02:00 · 2026-02-04 17:31:32 +02:00 · 2026-02-04 17:25:41 +02:00
3 changed files with 101 additions and 23 deletions
--- a/k8s/apps/n8n/kustomization.yaml
+++ b/k8s/apps/n8n/kustomization.yaml
@@ -5,6 +5,7 @@ kind: Kustomization
 resources:
  - external-secrets.yaml
  - storage.yaml
+  - rbac.yaml

 helmCharts:
  - name: n8n
--- a/k8s/apps/n8n/rbac.yaml
+++ b/k8s/apps/n8n/rbac.yaml
@@ -0,0 +1,71 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: n8n-readonly
+rules:
+- apiGroups: [""]
+  resources: 
+    - pods
+    - services
+    - endpoints
+    - persistentvolumeclaims
+    - persistentvolumes
+    - configmaps
+    - secrets
+    - nodes
+    - namespaces
+    - events
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources:
+    - deployments
+    - replicasets
+    - statefulsets
+    - daemonsets
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["networking.k8s.io"]
+  resources:
+    - ingresses
+    - networkpolicies
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["extensions"]
+  resources:
+    - ingresses
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["autoscaling"]
+  resources:
+    - horizontalpodautoscalers
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["batch"]
+  resources:
+    - jobs
+    - cronjobs
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["metrics.k8s.io"]
+  resources:
+    - pods
+    - nodes
+  verbs: ["get", "list"]
+- apiGroups: ["storage.k8s.io"]
+  resources:
+    - storageclasses
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["policy"]
+  resources:
+    - poddisruptionbudgets
+  verbs: ["get", "list", "watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: n8n-readonly
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: n8n-readonly
+subjects:
+- kind: ServiceAccount
+  name: n8n-readonly
+  namespace: n8n
--- a/k8s/apps/n8n/values-n8n.yaml
+++ b/k8s/apps/n8n/values-n8n.yaml
@@ -18,30 +18,30 @@ main:
    mountPath: /home/node/.n8n

 podSecurityContext:
-  fsGroup: 1000
-  fsGroupChangePolicy: "OnRootMismatch"
+  runAsUser: 1000
+  runAsGroup: 1000
+  runAsNonRoot: true
+
+# Configure health probes for slow startup
+main:
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: http
+    initialDelaySeconds: 120  # Дать время на запуск
+    periodSeconds: 30
+    timeoutSeconds: 10
+    failureThreshold: 6
+  
+  readinessProbe:
+    httpGet:
+      path: /healthz/readiness
+      port: http
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 10

-# Fix NFS permission issues - required for NFS volumes
-initContainers:
-  - name: fix-permissions
-    image: busybox:1.35
-    command:
-      - sh
-      - -c  
-      - |
-        echo "Fixing permissions for NFS volume..."
-        if [ ! -d "/home/node/.n8n" ]; then
-          mkdir -p /home/node/.n8n
-        fi
-        chown -R 1000:1000 /home/node/.n8n
-        chmod -R 775 /home/node/.n8n
-        echo "Permissions fixed: $(ls -ld /home/node/.n8n)"
-    volumeMounts:
-      - name: node-modules  
-        mountPath: /home/node/.n8n
-    securityContext:
-      runAsUser: 0
-      runAsGroup: 0

 worker:
  mode: regular
@@ -54,6 +54,12 @@ redis:

 existingEncryptionKeySecret: credentials

+serviceAccount:
+  create: true
+  automount: true
+  annotations: {}
+  name: "n8n-readonly"
+
 externalPostgresql:
  existingSecret: credentials
  host: "psql.psql.svc"
Author	SHA1	Message	Date
Gitea Actions Bot	cda11ba36e	Auto-update README with current k8s applications All checks were successful Terraform / Terraform (pull_request) Successful in 20s Details Generated by CI/CD workflow on 2026-02-05 10:16:22 This PR updates the README.md file with the current list of applications found in the k8s/ directory structure.	2026-02-05 10:16:22 +00:00
Ultradesu	a7aaa3e4a5	Added RBAC All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 10s Details Check with kubeconform / lint (push) Successful in 7s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-02-05 12:15:47 +02:00
Ultradesu	5f882c7beb	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 5s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 17:57:46 +02:00
Ultradesu	72cf9902d4	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 5s Details	2026-02-04 17:55:32 +02:00
Ultradesu	a4b2eb8ab9	fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 6s Details	2026-02-04 17:31:32 +02:00
Ultradesu	80b7b0a7f7	Drop init cont fixing permissions All checks were successful Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 8s Details Check with kubeconform / lint (push) Successful in 6s Details Auto-update README / Generate README and Create MR (push) Successful in 12s Details	2026-02-04 17:25:41 +02:00