GitOps repository for n8n multi-tenant deployment on Azure Kubernetes Service (AKS) using Flux CD.
.
├── apps/ # Application workloads
│ ├── base/ # Base manifests (templates)
│ │ └── customer1/ # Per-customer n8n deployment
│ └── staging/ # Staging environment overlays
├── infrastructure/ # Cluster infrastructure
│ ├── configs/ # Infrastructure configurations
│ │ ├── base/
│ │ └── staging/
│ └── controllers/ # Infrastructure controllers (Helm releases)
│ ├── base/
│ │ ├── cert-manager/
│ │ ├── cnpg/
│ │ └── traefik/
│ └── staging/
├── monitoring/ # Observability stack
│ ├── configs/ # Alerting rules and dashboards
│ │ └── staging/
│ │ └── grafana/
│ └── controllers/ # Monitoring controllers
│ ├── base/
│ │ └── kube-prometheus-stack/
│ └── staging/
└── README.md
| Component | Description | Namespace |
|---|---|---|
| Traefik | Ingress controller and load balancer | traefik |
| cert-manager | TLS certificate management with Let's Encrypt | cert-manager |
| CNPG | CloudNativePG operator for PostgreSQL databases | cnpg-system |
| Component | Description | Namespace |
|---|---|---|
| kube-prometheus-stack | Prometheus, Grafana, and Alertmanager | monitoring |
| Component | Description | Namespace |
|---|---|---|
| n8n | Workflow automation platform (per-customer) | customer-<name> |
| Environment | Branch | Path Suffix |
|---|---|---|
| Staging | main |
/staging |
| Production | main |
/production |
infra-controllers
│
├── infra-configs
│ │
│ └── apps
│
└── monitoring-controllers
│
└── monitoring-configs
- Copy the base customer template:
cp -r apps/base/customer1 apps/base/<customer-name>-
Update the namespace and resource names in the new directory.
-
Create the staging overlay:
mkdir -p apps/staging/<customer-name>- Create
apps/staging/<customer-name>/kustomization.yaml:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/<customer-name>- Add the customer to
apps/staging/kustomization.yaml:
resources:
- customer1
- <customer-name>-
Create required secrets in Azure Key Vault (via Terraform).
-
Commit and push. Flux will reconcile automatically.
- Create the environment directories:
mkdir -p apps/production
mkdir -p infrastructure/configs/production
mkdir -p infrastructure/controllers/production
mkdir -p monitoring/configs/production
mkdir -p monitoring/controllers/production-
Create kustomization overlays referencing base manifests.
-
Update Terraform Flux configuration with new kustomizations.
Secrets are managed via Azure Key Vault and synced to Kubernetes using the CSI Secrets Store Driver.
| Secret | Key Vault Name | Description |
|---|---|---|
| Database credentials | customer1-db-user, customer1-db-password |
PostgreSQL credentials |
| Backup SAS token | customer1-blob-sas |
Azure Blob storage access |
| Grafana admin | grafana-admin-user, grafana-admin-password |
Grafana credentials |
| Bot token | bot-token, bot-chat-id |
Alerting notifications |
kubectlconfigured for the clusterfluxCLI installed- Azure CLI authenticated
# Validate all kustomizations
find . -name kustomization.yaml -execdir kubectl kustomize . \;
# Validate specific environment
kubectl kustomize apps/staging# Reconcile all
flux reconcile kustomization flux-system --with-source
# Reconcile specific kustomization
flux reconcile kustomization apps# Flux status
flux get all
# Kustomization status
flux get kustomizations
# Helm releases
flux get helmreleases -AThe underlying AKS cluster and Azure resources are managed in a separate Terraform repository:
- Repository:
azure-k8s-deployment - Resources: AKS cluster, Key Vault, Storage Account, Flux configuration
flux logs --level=error
flux get sources gitflux get helmreleases -A
kubectl describe helmrelease <name> -n <namespace>kubectl get certificates -A
kubectl describe certificate <name> -n <namespace>
kubectl get challenges -Akubectl get clusters -A # CNPG clusters
kubectl describe cluster <name> -n <namespace>- Create a feature branch
- Make changes
- Validate locally with
kubectl kustomize - Create pull request
- Merge to
mainafter review - Flux auto-deploys changes