🏗️ Kubernetes Automation Stack (n8n + Postgres + Redis + Observability + Centralized Secrets)

📌 Project Overview

This project sets up a production-ready MicroK8s Kubernetes environment for hosting:

• n8n — workflow automation platform
• Postgres — relational database for n8n
• Redis — cache & queue backend for n8n
• Observability Stack — Prometheus + Grafana + Loki
• Centralized Secrets — Bitwarden (SaaS) as single source of truth

Backup & restore is included for all critical services to ensure disaster recovery.

---

🔑 Project Goals

1. Centralized Secrets Management

• Secrets live in Bitwarden only.
• Auto-sync into Kubernetes via External Secrets Operator (ESO).

1. Clean, Modular Deployment

• Each service has its own namespace & manifest/Helm structure.
• Independent lifecycle per service.

1. Observability & Health Checks

• Metrics for cluster nodes, Postgres, Redis, n8n workflows.
• Alerts & dashboards via Grafana.

1. Production-Ready Infrastructure

• Persistent storage (PV/PVC) for Postgres + Redis.
• Ingress with HTTPS (cert-manager / Let’s Encrypt).
• Scalable and maintainable architecture.

1. Backup & Restore Strategy

• Backup Postgres, Redis, and n8n workflows.
• Cluster-level snapshot for disaster recovery.
• Easy restore procedure for production incidents.

---

🏛️ Architecture Diagram

                 ┌─────────────────────────┐
                 │ MicroK8s Cluster        │
                 │  (Namespaces & PVs)     │
                 └─────────┬──────────────-┘
                           │
   ┌───────────────────────┼────────────────────────┐
   │                       │                        │
   ▼                       ▼                        ▼
┌─────────┐           ┌─────────┐             ┌──────────┐
│ n8n     │           │ Postgres│             │ Redis    │
└─────────┘           └─────────┘             └──────────┘
     │                     │                        │
     └─────────────┬───────┴───────────────┬────────┘
                   ▼                       ▼
             ┌────────────┐           ┌────────────┐
             │ Prometheus │           │ Grafana    │
             └────────────┘           └────────────┘

---

🛠️ Tech Stack

Component	Version / Tool	Purpose
Kubernetes	MicroK8s v1.28+	Lightweight production-grade K8s
Secrets	Bitwarden SaaS	Centralized secrets vault
Secrets Sync	External Secrets Operator	Sync secrets from Bitwarden → K8s
Database	PostgreSQL	Primary n8n DB
Cache	Redis	Queue & cache for n8n
Workflow	n8n	Automation engine
Observability	Prometheus + Grafana + Loki	Monitoring & dashboards
Ingress	NGINX + cert-manager	HTTPS routing & certificates
Backup	Velero / Custom CronJobs	Backup & restore critical components

---

🗂️ Project Structure

k8s-project/
├── 01-cluster-setup/           # MicroK8s setup scripts & configs
├── 02-secrets/                 # Bitwarden + ExternalSecrets configs
├── 03-postgres/                # Postgres manifests / Helm / PVs
├── 04-redis/                   # Redis manifests / Helm / PVs
├── 05-n8n/                     # n8n manifests / Helm
├── 06-observability/           # Prometheus, Grafana, Loki
├── 07-ingress/                 # Ingress & cert-manager setup
├── 08-backup-restore/          # Backup & restore scripts / Velero configs
└── README.md

---

🚀 Setup Plan

Step 1 — Prepare Cluster

• Update Debian nodes, disable swap, configure networking.
• Install MicroK8s (single or multi-node).
• Enable addons: dns, storage, ingress, metrics-server.

Step 2 — Configure Centralized Secrets

• Setup Bitwarden Vault for all sensitive keys.
• Install External Secrets Operator.
• Create ExternalSecret manifests to sync secrets into K8s namespaces.

Step 3 — Deploy Databases

• Deploy Postgres with PVCs and secrets from Bitwarden.
• Deploy Redis with PVCs and secrets from Bitwarden.

Step 4 — Deploy n8n

• Deploy n8n using manifests or Helm.
• Configure secrets via ESO.
• Expose via Ingress with HTTPS.

Step 5 — Deploy Observability Stack

• Prometheus, Grafana, Loki.

• Collect metrics from:

  • MicroK8s nodes
  • n8n, Postgres, Redis

• Setup dashboards & alerts.

Step 6 — Validate & Harden

• Test app workflows, DB connectivity, and secret sync.
• Apply network policies, resource limits, and backup schedules.

Step 7 — Backup & Restore Strategy

• Postgres: Scheduled pg_dump + store in PVC or external S3 bucket.
• Redis: Scheduled RDB/AOF snapshots.
• n8n workflows: Export via n8n API cronjobs.
• Cluster state: Use Velero for cluster snapshots (PV + resources).
• Provide restore scripts to recover from disaster with minimal downtime.

---

🔑 End Goal

By the end of this project:

1. Fully functional MicroK8s cluster running n8n + Redis + Postgres + Observability stack.
2. All secrets centralized in Bitwarden.
3. Safe, repeatable deployments with Helm/manifests.
4. Scalable, production-ready architecture with monitoring, backups, and HTTPS ingress.
5. Disaster recovery plan via backup & restore strategy.

Link to part 1