How can I configure values.yaml for n8n Helm chart to use an external Postgres on AWS RDS in EKS?

Below is an example of a values.yaml that you might use when deploying n8n via the Helm chart with an external Postgres (AWS RDS) and an ingress. Make sure to update the placeholders (like and n8n.example.com) with your actual values. Also, if your RDS instance requires TLS, adjust the TLS settings accordingly.

---

Example values.yaml

YAMLCopied
n8n:
  # Customize environment variables for n8n. These variables override the defaults.
  env:
    # Tell n8n to use PostgresDB as the database.
    - name: DB_TYPE
      value: postgresdb
    # Set your external Postgres (AWS RDS) host endpoint:
    - name: DB_POSTGRESDB_HOST
      value: "<your-aws-rds-endpoint>"  # e.g., mydb.abc123.us-east-1.rds.amazonaws.com
    - name: DB_POSTGRESDB_PORT
      value: "5432"
    - name: DB_POSTGRESDB_USER
      value: "postgres"
    # It’s best to store your password in a Kubernetes secret. Here's an example using valueFrom.
    - name: DB_POSTGRESDB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: n8n-db-secret
          key: DB_POSTGRESDB_PASSWORD
    - name: DB_POSTGRESDB_DATABASE
      value: "n8n"
    - name: DB_POSTGRESDB_SCHEMA
      value: "public"
    # Optional: Configure TLS settings if required by your AWS RDS instance.
    # If you need to provide a CA certificate to validate the server, uncomment and update the next line.
    - name: DB_POSTGRESDB_SSL_CA
      value: "/path/to/ca.crt"
    # Set to false if you want to disable strict TLS verification (not generally recommended).
    - name: DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED
      value: "false"

ingress:
  enabled: true
  # Use appropriate ingress annotations based on your ingress controller.
  annotations:
    kubernetes.io/ingress.class: alb  # Alternatively, "nginx" or your chosen controller
    alb.ingress.kubernetes.io/scheme: internet-facing
  hosts:
    - host: "n8n.example.com"
      paths:
        - path: /
          pathType: Prefix
  tls:
    - hosts:
        - "n8n.example.com"
      secretName: n8n-tls

service:
  type: ClusterIP

---

Additional Considerations

1. AWS RDS & Security:
   The error
   DatabaseError: no pg_hba.conf entry for host "172.31.16.113", user "postgres", database "n8n", no encryption
   indicates that the connecting client (your n8n pod) isn’t allowed in the RDS instance’s pg_hba configuration. With AWS RDS you typically manage access via the security group rules. Make sure that the security group attached to your RDS instance allows inbound connections from the IP range used by your EKS cluster. Also, if your RDS instance mandates encrypted connections, ensure TLS is enabled by providing the CA certificate and setting the reject unauthorized variable.

2. Kubernetes Secrets:
   For security reasons, store sensitive data like the DB password in a secret (here assumed as n8n-db-secret). Create this secret with a command similar to the following:

   BASHCopied
   kubectl create secret generic n8n-db-secret --from-literal=DB_POSTGRESDB_PASSWORD=yourpassword -n n8n

3. Ingress Controller:
   Update the ingress annotations to match your ingress controller. The example above uses ALB (commonly used with AWS EKS) but you might need to adjust if you’re using a different controller.

Adjust the sample values.yaml to your environment, deploy with:

BASHCopied
helm upgrade --install n8n -f values.yaml -n n8n oci://8gears.container-registry.com/library/n8n --version 0.25.2

This sample configuration should help you move past the pg_hba error—provided the AWS RDS instance’s networking and allowed host settings permit the connection.