n8n-helm-chart

n8n Helm Chart

Deploy n8n workflow automation on Kubernetes and Red Hat OpenShift with native AI capabilities, OpenShift MCP Server integration, and Developer Sandbox support.

Get Started View on GitHub

Features

⚙

OpenShift Native

First-class support for Red Hat OpenShift including Routes, SCCs, and Developer Sandbox compatibility with restricted security contexts.

🤖

AI-Powered Workflows

Integrate with OpenShift AI models like IBM Granite 3.1 via LiteLLM proxy and MCP Server for intelligent infrastructure monitoring.

✉

Mailpit Integration

Optional built-in Mailpit SMTP test server for previewing email reports from workflows without external email infrastructure.

🛠

MCP Server Support

Connect to OpenShift and Kubernetes MCP Servers to query cluster state, analyze pods, deployments, routes, and security posture.

📈

Production Ready

Supports queue mode with Valkey/Redis, worker autoscaling, PostgreSQL backend, ServiceMonitor for Prometheus, and HPA.

🔒

Security First

Non-root containers, restricted SCC support, enableServiceLinks control, and proper RBAC with dynamic naming.

Architecture

graph LR subgraph HELM["n8n Helm Chart"] N8N["🔧 n8n
Workflow Engine
n8nio/n8n"] MAIL["✉️ Mailpit
SMTP Test Server
Optional"] PVC["💾 PVC
Persistent Data"] end subgraph AI["AI & MCP Layer"] LITE["🤖 LiteLLM Proxy
OpenAI-compatible"] GRANITE["🧠 IBM Granite 3.1 8B"] QWEN["🧠 Qwen 3 8B"] end subgraph MCP["MCP Servers"] OSMCP["☸️ OpenShift MCP
Server"] K8SMCP["☸️ K8s MCP
Server"] end K8SAPI["☁️ Kubernetes API"] N8N -->|"AI Analysis"| LITE N8N -->|"Email Reports"| MAIL N8N --- PVC LITE --> GRANITE LITE --> QWEN N8N -->|"MCP Tools"| OSMCP N8N -->|"MCP Tools"| K8SMCP OSMCP --> K8SAPI K8SMCP --> K8SAPI

Component	Description
n8n	Workflow automation engine deployed via Helm
LiteLLM	OpenAI-compatible proxy routing to Granite/Qwen models
OpenShift MCP Server	MCP server exposing OpenShift/Kubernetes API as tools
K8s MCP Server	Additional Kubernetes-native MCP tool server
Mailpit	Lightweight SMTP test server with web UI (optional)

Screenshots

All Workflows

n8n - 8 OpenShift MCP Server Workflows Imported

OpenShift MCP Server Workflow Examples

1. Pod Monitor - AI Agent with MCP Tools

2. Pod Monitor - MCP + Granite + Email

3. Deployment Rollout Status

4. Resource Quota Monitor

5. Security Audit

6. Route & TLS Expiry Check

7. Event Anomaly Detector

SMTP Test - Email via Mailpit

Services

n8n Dashboard Overview

Mailpit Inbox - Workflow Email Reports

Pod Status Report - HTML Email via Mailpit

MCP Inspector - Tool Verification

MCP Inspector - monitorDeployments: 11 deployments healthy, 0 issues

Podman Local Development

n8n 1.123.28 via Podman - quay.io/maximilianopizarro/n8n (Red Hat UBI 9 + Node.js 22)

Installation

1

Add the Helm repository

helm repo add n8n-openshift https://maximilianopizarro.github.io/n8n-helm-chart/
helm repo update

2

Install the chart

helm install n8n n8n-openshift/n8n --version 1.16.0

3

Install on OpenShift Developer Sandbox

oc login --token=<your-token> --server=https://api.<cluster>.openshiftapps.com:6443
helm install n8n n8n-openshift/n8n -f values-sandbox.yaml

Developer Sandbox Quick Start

For Red Hat OpenShift Developer Sandbox, use these values to ensure compatibility with restricted SCCs:

image:
  repository: quay.io/maximilianopizarro/n8n
  tag: "1.123.28"
  variant: "ubi"

enableServiceLinks: false

podSecurityContext: {}
securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: false
  runAsNonRoot: true

route:
  enabled: true
  sccRoleDisabled: true

main:
  extraEnvVars:
    N8N_LISTEN_ADDRESS: "0.0.0.0"
    NODE_FUNCTION_ALLOW_BUILTIN: "*"
    NODE_FUNCTION_ALLOW_EXTERNAL: "*"
  config:
    n8n:
      user_folder: "/data"
  persistence:
    enabled: true
    storageClass: gp3-csi
    size: 2Gi
    mountPath: "/data"
  service:
    type: ClusterIP
    port: 5678

mailpit:
  enabled: true
  route:
    enabled: true
  podSecurityContext: {}

workflows:
  autoImport:
    enabled: true

Setting	Value	Reason
image.variant	ubi	Uses Red Hat UBI image with curl for workflow downloads
enableServiceLinks	false	Avoids N8N_PORT env conflict in OpenShift
route.sccRoleDisabled	true	Developer Sandbox users cannot create SCC Roles
main.config.n8n.user_folder	/data	Writable path for random UID assigned by OpenShift
main.persistence.mountPath	/data	Mount PVC at writable path instead of /home/node/.n8n
podSecurityContext	{}	No fsGroup (restricted SCC)
main.persistence.storageClass	gp3-csi	Sandbox default StorageClass

OpenShift MCP Server Workflow Examples

Each workflow follows a 5-node pipeline using the MCP Streamable HTTP protocol with full session handling (initialize → notifications/initialized → tools/call with Mcp-Session-Id), AI-powered analysis via LiteLLM/Granite, and delivers a branded HTML email report through Mailpit:

Manual Trigger → Set Parameters → MCP Tool Call (Streamable HTTP + Session) → AI Format & Explain (LiteLLM/Granite) → Build Report & Send Email (Mailpit API)

1. Deployment Monitor

Calls monitorDeployments via Quarkus MCP Server to retrieve deployment health, replica counts, and rollout status. AI formats and explains the output via LiteLLM/Granite, then delivers a branded HTML email report via Mailpit.

MCP: monitorDeployments Quarkus MCP (8080) AI: Granite Mailpit

2. Pod Status

Calls pods_list_in_namespace via K8s MCP Server to list all pods with status, readiness, restarts, and node placement. AI analyzes the pod inventory and provides health assessment via LiteLLM/Granite.

MCP: pods_list_in_namespace K8s MCP (8085) AI: Granite Mailpit

3. Pod Disruption Analyzer

Calls analyzePodDisruptions via Quarkus MCP Server to detect evictions, OOM kills, and restart patterns in the last 24 hours. AI provides a structured disruption analysis with recommendations via LiteLLM/Granite.

MCP: analyzePodDisruptions Quarkus MCP (8080) AI: Granite Mailpit

4. Event Monitor

Calls events_list via K8s MCP Server to list Kubernetes events (warnings, errors, state changes) for the namespace. AI detects anomalies and highlights critical events via LiteLLM/Granite.

MCP: events_list K8s MCP (8085) AI: Granite Mailpit

5. Route Monitor

Calls resources_list (Route) via K8s MCP Server to inventory OpenShift Routes with hosts, TLS termination, and target services. AI summarizes route configuration and TLS status via LiteLLM/Granite.

MCP: resources_list (Route) K8s MCP (8085) AI: Granite Mailpit

6. Performance Metrics

Calls getPerformanceMetrics via Quarkus MCP Server to retrieve CPU/memory usage metrics for nodes and pods in the namespace. AI analyzes resource utilization and provides optimization recommendations via LiteLLM/Granite.

MCP: getPerformanceMetrics Quarkus MCP (8080) AI: Granite Mailpit

7. Helm Releases

Calls helm_list via K8s MCP Server to inventory all Helm releases in the namespace with chart versions, app versions, and deployment status. AI formats the release inventory with health assessment via LiteLLM/Granite.

MCP: helm_list K8s MCP (8085) AI: Granite Mailpit

#	Workflow	MCP Tool	MCP Server	AI Model	Protocol
1	Deployment Monitor	monitorDeployments	Quarkus MCP (8080)	Granite (LiteLLM)	Streamable HTTP
2	Pod Status	pods_list_in_namespace	K8s MCP (8085)	Granite (LiteLLM)	Streamable HTTP + SSE
3	Pod Disruption Analyzer	analyzePodDisruptions	Quarkus MCP (8080)	Granite (LiteLLM)	Streamable HTTP
4	Event Monitor	events_list	K8s MCP (8085)	Granite (LiteLLM)	Streamable HTTP + SSE
5	Route Monitor	resources_list	K8s MCP (8085)	Granite (LiteLLM)	Streamable HTTP + SSE
6	Performance Metrics	getPerformanceMetrics	Quarkus MCP (8080)	Granite (LiteLLM)	Streamable HTTP
7	Helm Releases	helm_list	K8s MCP (8085)	Granite (LiteLLM)	Streamable HTTP + SSE

Find all workflow JSON files in the workflows directory or in the n8n-sandbox repository.

Mailpit Email Output

When Mailpit is enabled, n8n workflows can send branded HTML email reports that are captured and viewable in the Mailpit web UI. Configure n8n SMTP credentials to point to the Mailpit service:

main:
  config:
    n8n:
      smtp_host: "<release-name>-mailpit"
      smtp_port: "1025"
      smtp_ssl: "false"

Access the Mailpit web UI via its OpenShift Route to view all captured email reports from your workflows.

Mailpit Inbox - Workflow Email Reports

Pod Status Report - Rendered HTML Email

OpenShift MCP Server

The workflows above require the OpenShift MCP Server Helm chart deployed in your cluster. It provides a dual MCP server deployment: a custom Quarkus server (19 operational tools) and the official openshift/openshift-mcp-server (20+ Kubernetes tools), plus an MCP Inspector UI and LiteLLM proxy.

1

Add the Helm repository

helm repo add openshift-mcp https://maximilianoPizarro.github.io/openshift-mcp-server
helm repo update

2

Install the OpenShift MCP Server

helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  --namespace openshift-lightspeed \
  --create-namespace \
  --set namespace=openshift-lightspeed

3

Install on Developer Sandbox (same namespace as n8n)

helm install openshift-mcp-server openshift-mcp/openshift-mcp-server \
  --set namespace=<your-sandbox-namespace>

Component	Port	Description
Quarkus MCP Server	8080	19 tools: monitoring, deployment, performance testing
K8s MCP Server	8085	20+ tools: CRUD, pods, helm, events, nodes
MCP Inspector	8080	Web UI for testing MCP tools interactively
LiteLLM Proxy	4000	OpenAI-compatible proxy for Granite/Qwen3 models

Full documentation: maximilianopizarro.github.io/openshift-mcp-server

Configuration

N8n Configuration via Values

Configuration under main.config: and main.secret: in values.yaml is transformed 1:1 into Kubernetes ENV variables:

main:
  config:
    n8n:
      encryption_key: "my_secret"  # => N8N_ENCRYPTION_KEY=my_secret
    db:
      type: postgresdb             # => DB_TYPE=postgresdb
      postgresdb:
        host: 192.168.0.52         # => DB_POSTGRESDB_HOST=192.168.0.52

Consult the n8n Environment Variables Documentation.

Enabling Mailpit

mailpit:
  enabled: true
  route:
    enabled: true  # Expose web UI via OpenShift Route
  smtp:
    port: 1025
  ui:
    port: 8025

Basic Deployment with Ingress

ingress:
  enabled: true
  hosts:
    - host: n8n.mydomain.com
      paths:
        - path: /
          pathType: Prefix

Queue Mode with External Redis

db:
  type: postgresdb

externalPostgresql:
  host: "postgresql.example.com"
  username: "n8nuser"
  password: "secure-password"
  database: "n8n"

worker:
  mode: queue

externalRedis:
  host: "redis.example.com"
  username: "default"
  password: "secure-password"

Container Image

A Red Hat UBI 9-based container image is available at quay.io/maximilianopizarro/n8n. It uses a 3-stage build that extracts n8n from the official Docker Hub image, rebuilds native modules (sqlite3) for Node.js 22 + glibc, and packages everything on registry.access.redhat.com/ubi9/nodejs-22-minimal.

image:
  repository: quay.io/maximilianopizarro/n8n
  tag: "1.123.28"

The image is built automatically via GitHub Actions on every push to main and published to Quay.io.

Build & Run Locally with Podman

You can build and test the UBI container image locally using Podman (or Docker) before deploying to a cluster:

n8n 1.123.28 running locally via Podman - quay.io/maximilianopizarro/n8n (Red Hat UBI 9)

Build the image

podman build -t quay.io/maximilianopizarro/n8n:1.123.28 \
  -f container/Containerfile \
  --build-arg N8N_VERSION=1.123.28 .

Run n8n

podman run -d --name n8n \
  -p 5678:5678 \
  -v n8n-data:/data \
  quay.io/maximilianopizarro/n8n:1.123.28

Open http://localhost:5678 in your browser to access the n8n editor.

Run with pre-built image from Quay.io

podman run -d --name n8n \
  -p 5678:5678 \
  -v n8n-data:/data \
  quay.io/maximilianopizarro/n8n:1.123.28

Run with Mailpit for email testing

# Start Mailpit (SMTP on 1025, Web UI on 8025)
podman run -d --name mailpit \
  -p 8025:8025 -p 1025:1025 \
  docker.io/axllent/mailpit:latest

# Start n8n connected to Mailpit
podman run -d --name n8n \
  -p 5678:5678 \
  -v n8n-data:/data \
  -e NODE_FUNCTION_ALLOW_BUILTIN="*" \
  -e NODE_FUNCTION_ALLOW_EXTERNAL="*" \
  quay.io/maximilianopizarro/n8n:1.123.28

Access Mailpit at http://localhost:8025 to view captured emails.

Useful commands

# Check n8n version
podman exec n8n n8n --version

# View logs
podman logs -f n8n

# Health check
curl http://localhost:5678/healthz

# Stop and remove
podman stop n8n && podman rm n8n

Build Stage	Base Image	Purpose
1. Source	n8nio/n8n:1.123.28	Extract n8n node_modules
2. Builder	ubi9/nodejs-22	Rebuild sqlite3 native module for Node.js 22 + glibc
3. Runtime	ubi9/nodejs-22-minimal	Minimal production image (~350MB)

Requirements

Requirement	Version
Kubernetes	>= 1.20.0
Helm	>= 3.8
Database	SQLite (embedded) or PostgreSQL

Dependency	Version	Condition
Valkey (Bitnami)	2.4.7	valkey.enabled

Release Notes

v1.16.0 (n8n 1.123.28)

Added

• OpenShift MCP Server integration — 7 workflows using MCP Streamable HTTP protocol with full session handling (monitorDeployments, pods_list_in_namespace, analyzePodDisruptions, events_list, resources_list, getPerformanceMetrics, helm_list) and branded HTML email reports via Mailpit API
• Workflow auto-import via initContainers — Deployment initContainers download and import workflow JSON files before n8n starts, avoiding PVC RWO Multi-Attach conflicts
• Mailpit — Optional SMTP test server with web UI for previewing email reports without external email infrastructure
• Developer Sandbox compatibility — enableServiceLinks: false to avoid N8N_PORT env conflict, route.sccRoleDisabled for restricted RBAC, empty podSecurityContext for random UID
• Red Hat UBI container image — Built on registry.access.redhat.com/ubi9/nodejs-22, published at quay.io/maximilianopizarro/n8n via GitHub Actions
• Configurable volume mount path — main.persistence.mountPath for writable paths in restricted environments
• Chart Verifier CI — GitHub Actions workflow runs Red Hat Community Helm Chart verification on every push

Changed

• Updated n8n app version to 1.123.28
• Dynamic naming in RBAC resources using chart naming helpers
• Architecture diagram updated to Mermaid with MCP Server and AI layer
• GitHub Pages documentation redesigned with n8n-inspired style, lightbox image viewer, and MCP workflow pipeline documentation

Fixed

• Fixed ClusterIP_ typo in service template
• Fixed hardcoded names in role.yaml to use chart naming helpers (supports n8n-dev-east style release names)

Email Report Screenshots

Actual email reports generated by the MCP workflows and captured in Mailpit:

Mailpit Inbox — Resource Quota, Security Audit, Pod Status reports

Pod Status Report — Red Hat branded HTML with pod health table, AI analysis by Granite 3.1 8B

Upgrade

helm repo update
helm upgrade [RELEASE_NAME] n8n-openshift/n8n --version 1.16.0

Uninstall

helm uninstall [RELEASE_NAME]

×

This site is open source. Improve this page.