From 3d45fa32a0876963380a9a50a3c9183b6cfc261d Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Sun, 7 Dec 2025 15:21:39 +0000
Subject: [PATCH] save

---
 .github/workflows/n8n.yml | 82 ++++++++++++++++++++++++++++++++++++
 n8n/n8n.yml               | 89 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 171 insertions(+)
 create mode 100644 .github/workflows/n8n.yml
 create mode 100644 n8n/n8n.yml

diff --git a/.github/workflows/n8n.yml b/.github/workflows/n8n.yml
new file mode 100644
index 0000000..cde7d9d
--- /dev/null
+++ b/.github/workflows/n8n.yml
@@ -0,0 +1,82 @@
+name: Deploy n8n
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
+env:
+  IMAGE_NAME: "docker.io/kimjunte/n8n"
+  MANIFEST_PATH: "k8s/n8n.yml"
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Inject slug variables
+        uses: rlespinasse/github-slug-action@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Build n8n image
+        run: |
+          docker build \
+            -t $IMAGE_NAME:$GITHUB_REF_SLUG \
+            n8n/   # <--- update if your Dockerfile lives somewhere else
+
+      - name: Push image
+        run: |
+          docker push $IMAGE_NAME:$GITHUB_REF_SLUG
+
+  deploy:
+    runs-on: mealcraft-runners
+    needs: build-and-push
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      # Install kubectl
+      - name: Install kubectl
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y curl ca-certificates
+          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          sudo install -m 0755 kubectl /usr/local/bin/kubectl
+
+      # Install envsubst
+      - name: Install envsubst
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gettext
+
+      # Configure kubeconfig from ARC pod service account
+      - name: Configure kubeconfig
+        run: |
+          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
+          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+          kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
+          kubectl config set-credentials runner --token="$SA_TOKEN"
+          kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
+          kubectl config use-context runner-context
+
+      - name: Deploy n8n to Kubernetes
+        env:
+          IMAGE: "${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
+        run: |
+          echo "Deploying n8n with IMAGE=$IMAGE"
+          export IMAGE
+          envsubst < $MANIFEST_PATH | kubectl apply -f -
diff --git a/n8n/n8n.yml b/n8n/n8n.yml
new file mode 100644
index 0000000..fb99f35
--- /dev/null
+++ b/n8n/n8n.yml
@@ -0,0 +1,89 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: n8n
+  namespace: default
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 5678
+      targetPort: 5678
+  selector:
+    app: n8n
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: n8n
+  namespace: default
+  labels:
+    app: n8n
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: n8n
+  template:
+    metadata:
+      labels:
+        app: n8n
+    spec:
+      containers:
+        - name: n8n
+          image: n8nio/n8n:latest
+          ports:
+            - name: web
+              containerPort: 5678
+          env:
+            - name: N8N_HOST
+              value: "n8n.juntekim.com"
+            - name: N8N_PORT
+              value: "5678"
+            - name: N8N_PROTOCOL
+              value: "https"
+            - name: WEBHOOK_URL
+              value: "https://n8n.juntekim.com/"
+            - name: GENERIC_TIMEZONE
+              value: "Europe/London"
+            - name: NODE_ENV
+              value: "production"
+          volumeMounts:
+            - name: n8n-data
+              mountPath: /home/node/.n8n
+      volumes:
+        - name: n8n-data
+          persistentVolumeClaim:
+            claimName: n8n-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: n8n-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: microk8s-hostpath
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: n8n-ingressroute
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`n8n.juntekim.com`)
+      kind: Rule
+      services:
+        - name: n8n
+          port: 5678
+  tls:
+    certResolver: myresolver
+    domains:
+      - main: n8n.juntekim.com