Workflow Automation

How to Run n8n on Kubernetes: A Production-Ready Guide

J
James Eriksson
··12 min read
Deploy n8n on Kubernetes for high availability and scale. Learn to configure PostgreSQL, Redis Queue mode, and worker scaling for production-ready n8n hosting.
TL;DR
  • Kubernetes allows n8n to scale horizontally by decoupling the main UI from background workers.\n- A production-ready setup requires PostgreSQL for data and Redis for queue management.\n- Proper resource limits and PersistentVolumeClaims (PVCs) are essential to prevent data loss and system crashes.\n- Security should be enforced via TLS Ingress, non-root users, and Kubernetes Secrets.

To run n8n on Kubernetes, you must deploy the n8n container image alongside a persistent PostgreSQL database and a Redis instance for queue management. This architectural approach allows you to scale worker nodes independently, ensuring that heavy automation workflows do not bottleneck the main application interface or disrupt critical execution triggers in a high-traffic environment.

Why Deploy n8n on Kubernetes?

Deploying n8n on Kubernetes is the gold standard for organizations that require high availability, seamless scalability, and strict resource isolation for their automation infrastructure. Unlike a simple Docker Compose setup on a single VPS, a Kubernetes deployment allows you to distribute the workload across multiple physical or virtual nodes, protecting your workflows from single points of failure while providing a declarative way to manage your entire automation stack.

For enterprise teams, Kubernetes provides a unified control plane where they can manage n8n alongside other microservices. This is particularly beneficial when you are building a complex ai automation platform that requires tight integration with vector databases, LLM APIs, and internal tools. By using Kubernetes, you gain access to advanced networking features, such as Ingress controllers for TLS termination and NetworkPolicies for restricting traffic between n8n and sensitive internal databases.

Furthermore, Kubernetes simplifies the process of horizontal scaling. When you notice that your workflow executions are slowing down due to high concurrency, you can simply increase the replica count of your n8n workers. Kubernetes will automatically provision new pods, attach the necessary secrets and configurations, and begin processing the queue. This level of operational flexibility is hard to achieve with traditional virtual machines without significant manual intervention or complex custom scripting.

Essential Prerequisites for K8s Deployment

Before you begin the deployment process, you must have a functional Kubernetes cluster (version 1.22+) and the kubectl command-line tool configured to interact with it. While you can use local development environments like Minikube or K3s for testing, a production-grade deployment should ideally reside on a managed service like GKE, EKS, or a specialized managed n8n hosting europe provider that understands the specific resource demands of n8n.

You will also need a container registry to pull the official n8n image, though the public Docker Hub registry is usually sufficient for most setups. Knowledge of Helm is highly recommended, as it is the industry-standard package manager for Kubernetes. Helm charts for n8n simplify the management of complex manifests, including Deployments, Services, ConfigMaps, and Secrets. Without Helm, you will find yourself manually managing hundreds of lines of YAML code, which increases the risk of configuration drift and deployment errors over time.

Finally, ensure that your cluster has a StorageClass configured that supports dynamic volume provisioning. n8n requires persistent storage for binary data and local files, and your database (PostgreSQL) definitely requires a PersistentVolumeClaim (PVC) to ensure data survives pod restarts. If you are operating in a multi-zone cluster, make sure your storage provider can handle cross-zone volume attachments or use a regional storage solution to avoid "node-affinity" errors during pod scheduling.

Step-by-Step: Architecting Your n8n Cluster

To architect a production-ready n8n cluster, you must move away from the default SQLite database and toward a decoupled architecture using PostgreSQL and Redis. In this configuration, the n8n "Main" process handles the UI and webhook triggers, while the "Worker" processes handle the actual execution of workflow nodes. Redis acts as the message broker that coordinates tasks between the main process and the workers, ensuring that no execution is lost even if a pod crashes.

Begin by creating a dedicated namespace for n8n to isolate its resources from other applications. Within this namespace, you will deploy a PostgreSQL StatefulSet. A StatefulSet is preferred over a standard Deployment for databases because it provides stable network identities and persistent storage mapping. Once the database is running, you must create a Kubernetes Secret to store your database credentials and the n8n encryption key. This ensures that sensitive information is not hardcoded in your YAML manifests, which is a critical security requirement for any enterprise environment.

Next, deploy Redis. While you can use a simple one-pod Redis deployment for small workloads, larger installations benefit from a Redis Sentinel or Cluster setup for high availability. Once your backend services are ready, you can deploy the n8n pods. In "Queue Mode," you will have two distinct deployment types: one for the n8n main instance and another for n8n workers. The main instance should be exposed via a Kubernetes Service and an Ingress, allowing external traffic (like webhooks) to reach the platform. The workers, however, do not need to be exposed to the internet, as they only communicate with Redis and the database.

Managing Resources: CPU, Memory, and Autoscaling

Proper resource management is the most frequent point of failure for self-hosted n8n instances on Kubernetes. Because n8n is a Node.js application, it can be memory-intensive, especially when processing large JSON datasets or binary files. You must define explicit CPU and memory requests and limits for every pod in your cluster. If you fail to set limits, a single runaway workflow could consume all available memory on a node, causing the Kubernetes Kubelet to kill critical system processes or other application pods.

For a standard n8n main pod, we recommend starting with a memory request of 512MB and a limit of 1GB. Workers often require more headroom; starting with 1GB memory and 1 vCPU is a safe baseline. However, you should monitor your usage patterns using Prometheus and Grafana to fine-tune these values. If you see frequent OOMKilled (Out of Memory) errors, it is a clear sign that your memory limits are too low or that your workflows are not optimized for memory efficiency (e.g., passing large files between nodes instead of using local storage references).

Kubernetes also allows for Horizontal Pod Autoscaling (HPA), which can automatically adjust the number of worker pods based on CPU or memory utilization. While HPA is powerful, it should be used with caution in n8n environments. Rapidly scaling workers up and down can put significant stress on your PostgreSQL database connections. Before enabling HPA, ensure that your database is tuned to handle the maximum number of concurrent connections that your workers might require, and consider using a connection pooler like PgBouncer if you plan to scale beyond 10 workers.

Data Persistence and Backups in Kubernetes

In a Kubernetes environment, data persistence is not guaranteed unless you explicitly use PersistentVolumes. For n8n, there are two primary types of data you must protect: the database state and the n8n binary data. The database contains all your workflow definitions, execution history, and credentials. If you lose this volume, your entire automation setup is gone. Therefore, your PostgreSQL PVC should use a high-durability storage class that performs regular snapshots at the infrastructure level.

Beyond infrastructure-level snapshots, you should implement an application-level backup strategy. This involves running a Kubernetes CronJob that executes a pg_dump of your n8n database and uploads the resulting file to an off-site S3-compatible bucket. This provides a second layer of defense against accidental deletion or cluster-wide failures. For n8n's binary data (files downloaded during workflows), you should use a ReadWriteMany (RWX) volume if you are running multiple workers, as they may all need to access the same files simultaneously. Alternatively, you can configure n8n to use an S3 bucket for binary storage, which is more scalable than managing local PVCs.

Disaster recovery testing is just as important as the backups themselves. Periodically, you should attempt to spin up a new n8n instance in a different namespace or cluster using only your backup files. This ensures that your encryption keys are correctly stored and that your database dumps are not corrupted. Remember that n8n's encryption key is vital; if you lose it, you will not be able to decrypt the credentials stored in your database, effectively rendering your workflows useless even if the database itself is recovered.

Securing Your Self-Hosted n8n Instance

Security in Kubernetes is a multi-layered responsibility. First, ensure that your n8n Ingress is configured with a valid TLS certificate, which can be easily automated using cert-manager and Let's Encrypt. This encrypts the traffic between your users and the n8n UI, as well as the data sent via webhooks. Within the cluster, you should use Kubernetes Secrets for all sensitive environment variables, such as N8N_ENCRYPTION_KEY, DB_POSTGRESDB_PASSWORD, and WEBHOOK_TUNNEL_URL.

From a network perspective, you should implement NetworkPolicies to enforce a "least privilege" communication model. For example, you can create a policy that only allows the n8n pods to talk to the PostgreSQL and Redis pods, while blocking all other internal traffic. This limits the lateral movement of a potential attacker who might compromise a different application in the same cluster. Additionally, avoid running n8n as the root user. The official n8n Docker image is designed to run as a non-root user, and you should enforce this in your pod's SecurityContext to prevent container breakout attacks.

Finally, keep your n8n version updated. Kubernetes makes this easy through rolling updates, which replace old pods with new ones one by one, ensuring zero downtime. However, always check the n8n vs zapier pricing comparison and release notes before updating, as major versions may include breaking changes in the database schema. Having a staging environment that mirrors your production Kubernetes setup is the best way to test these updates before applying them to your live automation workflows.

Common Challenges in K8s Environments

While Kubernetes offers immense power, it also introduces specific challenges for n8n users. One common issue is network latency between the n8n pods and the database. If your PostgreSQL instance is under-provisioned or geographically distant from your worker nodes, you will see significant delays in workflow execution. This is because n8n frequently writes execution metadata to the database. To mitigate this, always keep your database and workers in the same availability zone whenever possible.

Another challenge is pod volatility. Kubernetes is designed to move pods around to optimize resource usage. If an n8n worker pod is evicted while it is in the middle of a long-running execution, that execution might fail or end up in a "zombie" state. To handle this, you should configure n8n's execution timeout settings and ensure your workflows are idempotent, meaning they can be safely re-run without causing duplicate data entries or side effects. This is especially important for financial transactions or communications workflows.

Lastly, debugging n8n on Kubernetes is more complex than on a single server. You can no longer just "check the logs" in one place. You must use tools like kubectl logs -l app=n8n to aggregate logs from multiple pods or, better yet, implement a centralized logging solution like Fluentd or Loki. Without centralized logging, troubleshooting a transient error that occurred on one of ten worker pods becomes a needle-in-a-haystack problem. If these operational burdens feel overwhelming for your team, it might be worth considering a managed service that handles the K8s orchestration for you.

Frequently Asked Questions

Does n8n support high availability on Kubernetes?

Yes, n8n supports high availability through its "Queue Mode" architecture. By running multiple worker pods and a redundant Redis/PostgreSQL backend, you can ensure that workflow executions continue even if individual pods fail. However, the main n8n instance (which handles the UI and webhooks) usually runs as a single pod to avoid session conflicts, though it can be quickly restarted by Kubernetes if it crashes.

Do I need a separate database like Postgres for Kubernetes?

Absolutely. While n8n can run with an internal SQLite database, this is not suitable for Kubernetes because SQLite is a file-based database that does not support concurrent access from multiple worker pods. Using PostgreSQL is mandatory for any n8n deployment that requires persistence, scalability, and multi-worker support in a containerized environment.

How do I handle persistent data when pods restart?

In Kubernetes, you handle persistence by using PersistentVolumeClaims (PVCs). These claims request a specific amount of storage from the cluster's storage provider. When an n8n or PostgreSQL pod restarts, Kubernetes ensures that the same volume is re-attached to the new pod, preserving your workflows, credentials, and execution history across restarts.

Can I use auto-scaling to handle high workflow volume?

Yes, you can use the Horizontal Pod Autoscaler (HPA) to scale your n8n worker pods based on CPU or memory usage. This allows your cluster to handle sudden bursts of automation activity by spinning up more workers. However, you must ensure your PostgreSQL database is sized correctly to handle the increased number of concurrent connections from those extra workers.

Is it better to use Helm charts or manual manifests for n8n?

Helm charts are significantly better for managing n8n on Kubernetes. They allow you to package all the necessary components--Deployments, Services, ConfigMaps, and Secrets--into a single versioned unit. This makes deployments more repeatable, simplifies updates, and allows you to easily roll back to a previous configuration if something goes wrong during a version upgrade.

Conclusion: When to Self-Host vs. Managed Hosting

Running n8n on Kubernetes provides unparalleled control over your automation infrastructure, allowing you to scale workers independently and integrate deeply with your existing cloud-native ecosystem. However, this power comes with significant operational responsibility. You must manage database backups, resource limits, security patches, and the underlying Kubernetes cluster itself. For many teams, the time spent maintaining this infrastructure is time taken away from building the actual automations that drive business value.

If your organization requires the benefits of n8n--such as data residency and no per-execution fees--but lacks the dedicated DevOps resources to manage a complex Kubernetes cluster, a managed solution is often the more cost-effective choice. By choosing a managed n8n hosting europe provider, you get the production-ready architecture (Postgres, Redis, and Scaling) without the manual overhead. This allows you to focus on creating sophisticated workflows while experts handle the 24/7 availability and security of the underlying platform. Whether you choose to self-host on K8s or move to a managed environment, the key is to ensure your architecture is robust enough to grow with your automation needs.

Scale Your n8n Automations Without the K8s Overhead
Get a production-ready, managed n8n environment in minutes.
Deploy Now

Ready to self-host your own apps?

One server. Multiple apps. No per-app fees.

Get started →
Run n8n on Kubernetes: Production Deployment Guide