Use lookup to check for an existing Secret before generating a new
random key. Priority order:
1. values.yaml n8n.encryptionKey (explicit)
2. Existing Secret in the cluster (upgrade-safe)
3. randAlphaNum 32 (first install only)
This prevents the "Mismatching encryption keys" error caused by
randAlphaNum generating a new key on every helm upgrade.
Same stable-value pattern applied to basicAuth password.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Set N8N_SECURE_COOKIE=true only when ingress.enabled=true AND ingress.tls
is configured. All other cases (LoadBalancer, HTTP Ingress) default to false,
eliminating the secure cookie error without manual configuration.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- README.md: full chart documentation (install, config reference,
persistence, DB options, Ingress example, version history)
- CLAUDE.md: add rule requiring README update on every change
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
claude
pieter