DEV Community

Cover image for πŸ—οΈ Kubernetes Automation Stack (n8n + Postgres + Redis + Observability + Centralized Secrets)
kamlesh merugu
kamlesh merugu

Posted on • Edited on

πŸ—οΈ Kubernetes Automation Stack (n8n + Postgres + Redis + Observability + Centralized Secrets)

#debian #k3s #containers

πŸ“Œ Project Overview

This project sets up a production-ready MicroK8s Kubernetes environment for hosting:

  • n8n β€” workflow automation platform
  • Postgres β€” relational database for n8n
  • Redis β€” cache & queue backend for n8n
  • Observability Stack β€” Prometheus + Grafana + Loki
  • Centralized Secrets β€” Bitwarden (SaaS) as single source of truth

Backup & restore is included for all critical services to ensure disaster recovery.

πŸ”‘ Project Goals

  1. Centralized Secrets Management
  • Secrets live in Bitwarden only.
  • Auto-sync into Kubernetes via External Secrets Operator (ESO).
  1. Clean, Modular Deployment
  • Each service has its own namespace & manifest/Helm structure.
  • Independent lifecycle per service.
  1. Observability & Health Checks
  • Metrics for cluster nodes, Postgres, Redis, n8n workflows.
  • Alerts & dashboards via Grafana.
  1. Production-Ready Infrastructure
  • Persistent storage (PV/PVC) for Postgres + Redis.
  • Ingress with HTTPS (cert-manager / Let’s Encrypt).
  • Scalable and maintainable architecture.
  1. Backup & Restore Strategy
  • Backup Postgres, Redis, and n8n workflows.
  • Cluster-level snapshot for disaster recovery.
  • Easy restore procedure for production incidents.

πŸ›οΈ Architecture Diagram 

                 β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                 β”‚ MicroK8s Cluster        β”‚
                 β”‚  (Namespaces & PVs)     β”‚
                 └─────────┬──────────────-β”˜
                           β”‚
   β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
   β”‚                       β”‚                        β”‚
   β–Ό                       β–Ό                        β–Ό
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”           β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”             β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ n8n     β”‚           β”‚ Postgresβ”‚             β”‚ Redis    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜           β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜             β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
     β”‚                     β”‚                        β”‚
     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                   β–Ό                       β–Ό
             β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”           β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
             β”‚ Prometheus β”‚           β”‚ Grafana    β”‚
             β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜           β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
Enter fullscreen mode Exit fullscreen mode

πŸ› οΈ Tech Stack

Component Version / Tool Purpose
Kubernetes MicroK8s v1.28+ Lightweight production-grade K8s
Secrets Bitwarden SaaS Centralized secrets vault
Secrets Sync External Secrets Operator Sync secrets from Bitwarden β†’ K8s
Database PostgreSQL Primary n8n DB
Cache Redis Queue & cache for n8n
Workflow n8n Automation engine
Observability Prometheus + Grafana + Loki Monitoring & dashboards
Ingress NGINX + cert-manager HTTPS routing & certificates
Backup Velero / Custom CronJobs Backup & restore critical components

πŸ—‚οΈ Project Structure 

k8s-project/
β”œβ”€β”€ 01-cluster-setup/           # MicroK8s setup scripts & configs
β”œβ”€β”€ 02-secrets/                 # Bitwarden + ExternalSecrets configs
β”œβ”€β”€ 03-postgres/                # Postgres manifests / Helm / PVs
β”œβ”€β”€ 04-redis/                   # Redis manifests / Helm / PVs
β”œβ”€β”€ 05-n8n/                     # n8n manifests / Helm
β”œβ”€β”€ 06-observability/           # Prometheus, Grafana, Loki
β”œβ”€β”€ 07-ingress/                 # Ingress & cert-manager setup
β”œβ”€β”€ 08-backup-restore/          # Backup & restore scripts / Velero configs
└── README.md
Enter fullscreen mode Exit fullscreen mode

πŸš€ Setup Plan

Step 1 β€” Prepare Cluster

  • Update Debian nodes, disable swap, configure networking.
  • Install MicroK8s (single or multi-node).
  • Enable addons: dns, storage, ingress, metrics-server.

Step 2 β€” Configure Centralized Secrets

  • Setup Bitwarden Vault for all sensitive keys.
  • Install External Secrets Operator.
  • Create ExternalSecret manifests to sync secrets into K8s namespaces.

Step 3 β€” Deploy Databases

  • Deploy Postgres with PVCs and secrets from Bitwarden.
  • Deploy Redis with PVCs and secrets from Bitwarden.

Step 4 β€” Deploy n8n

  • Deploy n8n using manifests or Helm.
  • Configure secrets via ESO.
  • Expose via Ingress with HTTPS.

Step 5 β€” Deploy Observability Stack

  • Prometheus, Grafana, Loki.

  • Collect metrics from:

    • MicroK8s nodes
    • n8n, Postgres, Redis

  • Setup dashboards & alerts.

Step 6 β€” Validate & Harden

  • Test app workflows, DB connectivity, and secret sync.
  • Apply network policies, resource limits, and backup schedules.

Step 7 β€” Backup & Restore Strategy

  • Postgres: Scheduled pg_dump + store in PVC or external S3 bucket.
  • Redis: Scheduled RDB/AOF snapshots.
  • n8n workflows: Export via n8n API cronjobs.
  • Cluster state: Use Velero for cluster snapshots (PV + resources).
  • Provide restore scripts to recover from disaster with minimal downtime.

πŸ”‘ End Goal

By the end of this project:

  1. Fully functional MicroK8s cluster running n8n + Redis + Postgres + Observability stack.
  2. All secrets centralized in Bitwarden.
  3. Safe, repeatable deployments with Helm/manifests.
  4. Scalable, production-ready architecture with monitoring, backups, and HTTPS ingress.
  5. Disaster recovery plan via backup & restore strategy.

Link to part 1

Top comments (0)