Manifests to deploy n8n on OpenShift

[giofontana]

Pull Request

Description

This PR adds OpenShift manifests to deploy n8n with a PostgreSQL backend, persistent storage, service exposure, and an OpenShift Route.
It also updates the OpenShift README.md with deployment steps, required pre-deploy edits, and verification/cleanup commands.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Example/configuration update
• CI/CD improvements

Related Issues

Fixes # (issue)
Relates to # (issue)

Changes Made

• Added/updated OpenShift manifests for namespace, PVCs, PostgreSQL, n8n deployment, services, and route.
• Added Kustomize wiring for one-command apply/delete flow.
• Replaced generic folder README with OpenShift-specific setup and operations guidance.

Testing Performed

Chart Validation

• helm lint charts/n8n passes
• ./scripts/validate-examples.sh passes
• Template rendering works with all examples

Deployment Testing (if applicable)

• Tested with minimal configuration
• Tested with production configuration
• Tested upgrade path from previous version
• All pods start successfully
• Application is accessible

Specific Testing for Changes

Describe any specific testing you performed for your changes:

• Applied manifests with oc apply -k . in an OpenShift cluster.
• Verified resources, rollout, PVC binding, and route availability using oc get all/pvc/route and oc rollout status.
• Tested successfully some n8n workflows, including agents and webhooks.

Breaking Changes

If this includes breaking changes, describe what they are and provide migration instructions:

• None.

Documentation Updates

• Updated Chart.yaml version (if needed)
• Updated CHANGELOG.md
• Updated README.md (if needed)
• Updated examples (if needed)
• Updated CONTRIBUTING.md (if needed)

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings or errors
• I have added examples that demonstrate the changes (if applicable)
• All new and existing tests pass

Screenshots (if applicable)

N/A (infrastructure/configuration change).

Additional Notes

• Before deploy, set real values for PostgreSQL credentials, route host, and WEBHOOK_URL.

---

Summary by cubic

Add OpenShift manifests to deploy n8n with a PostgreSQL backend, persistent storage, and public access via an OpenShift Route. Also fixes password quoting in the Postgres init script so non-root passwords with quotes work.

• New Features

  • Namespaced deployment in n8n with PVCs for n8n (2Gi) and PostgreSQL (300Gi).
  • PostgreSQL Deployment with non-root DB user via ConfigMap and Secret.
  • n8n Deployment wired to PostgreSQL and exposed through a TLS edge-terminated Route.
  • One-command apply/delete using kustomization.yaml (oc apply -k . / oc delete -k .).
  • OpenShift README with deploy, verify, and cleanup instructions.

• Migration

  • Set real PostgreSQL creds in postgres-secret.yaml.
  • Set Route host in n8n-route.yaml.
  • Set WEBHOOK_URL in n8n-deployment.yaml to match the Route.

^{Written for commit 46d1bf0. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 13 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="openshift/postgres-configmap.yaml">

<violation number="1" location="openshift/postgres-configmap.yaml:12">
P1: Unescaped password interpolation can break `CREATE USER` when password contains a single quote, aborting initialization.</violation>
</file>

Architecture diagram

sequenceDiagram
    participant Op as Operator (oc client)
    participant OCP as OpenShift API
    participant Route as OpenShift Route (TLS Edge)
    participant n8n as n8n Pod
    participant SVC as n8n/Postgres Services
    participant DB as PostgreSQL Pod
    participant Storage as Persistent Volumes

    Note over Op,Storage: Deployment & Resource Provisioning
    Op->>OCP: NEW: oc apply -k . (Kustomize)
    OCP->>Storage: NEW: Claim storage via PVC (2Gi & 300Gi)
    OCP->>DB: Deploy Postgres with Secret/ConfigMap refs
    OCP->>n8n: Deploy n8n with Environment Variables

    Note over DB,Storage: Database Initialization
    DB->>DB: NEW: Load init-data.sh from ConfigMap
    DB->>DB: NEW: Create non-root user using Secret credentials
    DB->>Storage: NEW: Persist DB data to /var/lib/postgresql/data
    
    Note over n8n,DB: Application Startup & Connectivity
    n8n->>n8n: NEW: sleep 5 (wait for DB readiness)
    n8n->>SVC: NEW: Connect to postgres-service:5432
    SVC->>DB: Forward DB traffic
    n8n->>Storage: NEW: Persist application data to /data

    Note over Route,n8n: External Request Flow
    participant User as External User
    User->>Route: NEW: Request https://n8n.example.com
    Route->>Route: NEW: Terminate TLS (Edge)
    Route->>SVC: NEW: Forward to n8n-service:5678
    SVC->>n8n: Deliver request to n8n container
    n8n-->>User: Response (Webhook/UI)

Loading

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Add one-off context when rerunning by tagging @cubic-dev-ai with guidance or docs links (including llms.txt)
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[giofontana]

Fixed the "password interpolation" issue reported by cubic AI.