Compare commits
1 Commits
main
...
auto-updat
| Author | SHA1 | Date | |
|---|---|---|---|
|
b9ca31b9a3 |
@@ -44,6 +44,7 @@ ArgoCD homelab project
|
|||||||
| **jellyfin** | [](https://ag.hexor.cy/applications/argocd/jellyfin) |
|
| **jellyfin** | [](https://ag.hexor.cy/applications/argocd/jellyfin) |
|
||||||
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
| **k8s-secrets** | [](https://ag.hexor.cy/applications/argocd/k8s-secrets) |
|
||||||
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
| **khm** | [](https://ag.hexor.cy/applications/argocd/khm) |
|
||||||
|
| **n8n** | [](https://ag.hexor.cy/applications/argocd/n8n) |
|
||||||
| **ollama** | [](https://ag.hexor.cy/applications/argocd/ollama) |
|
| **ollama** | [](https://ag.hexor.cy/applications/argocd/ollama) |
|
||||||
| **paperless** | [](https://ag.hexor.cy/applications/argocd/paperless) |
|
| **paperless** | [](https://ag.hexor.cy/applications/argocd/paperless) |
|
||||||
| **pasarguard** | [](https://ag.hexor.cy/applications/argocd/pasarguard) |
|
| **pasarguard** | [](https://ag.hexor.cy/applications/argocd/pasarguard) |
|
||||||
|
|||||||
@@ -5,7 +5,6 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- external-secrets.yaml
|
- external-secrets.yaml
|
||||||
- storage.yaml
|
- storage.yaml
|
||||||
- rbac.yaml
|
|
||||||
|
|
||||||
helmCharts:
|
helmCharts:
|
||||||
- name: n8n
|
- name: n8n
|
||||||
|
|||||||
@@ -1,71 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: n8n-readonly
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- pods
|
|
||||||
- services
|
|
||||||
- endpoints
|
|
||||||
- persistentvolumeclaims
|
|
||||||
- persistentvolumes
|
|
||||||
- configmaps
|
|
||||||
- secrets
|
|
||||||
- nodes
|
|
||||||
- namespaces
|
|
||||||
- events
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["apps"]
|
|
||||||
resources:
|
|
||||||
- deployments
|
|
||||||
- replicasets
|
|
||||||
- statefulsets
|
|
||||||
- daemonsets
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["networking.k8s.io"]
|
|
||||||
resources:
|
|
||||||
- ingresses
|
|
||||||
- networkpolicies
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["extensions"]
|
|
||||||
resources:
|
|
||||||
- ingresses
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["autoscaling"]
|
|
||||||
resources:
|
|
||||||
- horizontalpodautoscalers
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["batch"]
|
|
||||||
resources:
|
|
||||||
- jobs
|
|
||||||
- cronjobs
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["metrics.k8s.io"]
|
|
||||||
resources:
|
|
||||||
- pods
|
|
||||||
- nodes
|
|
||||||
verbs: ["get", "list"]
|
|
||||||
- apiGroups: ["storage.k8s.io"]
|
|
||||||
resources:
|
|
||||||
- storageclasses
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: ["policy"]
|
|
||||||
resources:
|
|
||||||
- poddisruptionbudgets
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: n8n-readonly
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: n8n-readonly
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: n8n-readonly
|
|
||||||
namespace: n8n
|
|
||||||
@@ -18,30 +18,30 @@ main:
|
|||||||
mountPath: /home/node/.n8n
|
mountPath: /home/node/.n8n
|
||||||
|
|
||||||
podSecurityContext:
|
podSecurityContext:
|
||||||
runAsUser: 1000
|
fsGroup: 1000
|
||||||
runAsGroup: 1000
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
runAsNonRoot: true
|
|
||||||
|
|
||||||
# Configure health probes for slow startup
|
|
||||||
main:
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz
|
|
||||||
port: http
|
|
||||||
initialDelaySeconds: 120 # Дать время на запуск
|
|
||||||
periodSeconds: 30
|
|
||||||
timeoutSeconds: 10
|
|
||||||
failureThreshold: 6
|
|
||||||
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
path: /healthz/readiness
|
|
||||||
port: http
|
|
||||||
initialDelaySeconds: 60
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 5
|
|
||||||
failureThreshold: 10
|
|
||||||
|
|
||||||
|
# Fix NFS permission issues - required for NFS volumes
|
||||||
|
initContainers:
|
||||||
|
- name: fix-permissions
|
||||||
|
image: busybox:1.35
|
||||||
|
command:
|
||||||
|
- sh
|
||||||
|
- -c
|
||||||
|
- |
|
||||||
|
echo "Fixing permissions for NFS volume..."
|
||||||
|
if [ ! -d "/home/node/.n8n" ]; then
|
||||||
|
mkdir -p /home/node/.n8n
|
||||||
|
fi
|
||||||
|
chown -R 1000:1000 /home/node/.n8n
|
||||||
|
chmod -R 775 /home/node/.n8n
|
||||||
|
echo "Permissions fixed: $(ls -ld /home/node/.n8n)"
|
||||||
|
volumeMounts:
|
||||||
|
- name: node-modules
|
||||||
|
mountPath: /home/node/.n8n
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsGroup: 0
|
||||||
|
|
||||||
worker:
|
worker:
|
||||||
mode: regular
|
mode: regular
|
||||||
@@ -54,12 +54,6 @@ redis:
|
|||||||
|
|
||||||
existingEncryptionKeySecret: credentials
|
existingEncryptionKeySecret: credentials
|
||||||
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
automount: true
|
|
||||||
annotations: {}
|
|
||||||
name: "n8n-readonly"
|
|
||||||
|
|
||||||
externalPostgresql:
|
externalPostgresql:
|
||||||
existingSecret: credentials
|
existingSecret: credentials
|
||||||
host: "psql.psql.svc"
|
host: "psql.psql.svc"
|
||||||
|
|||||||
Reference in New Issue
Block a user