neo4j
Less than 1 minute
neo4j
prepare
- k8s is ready
- argocd is ready and logged in
- ingress is ready
- cert-manager is ready
- the clusterissuer named
self-signed-ca-issueris ready
- the clusterissuer named
installation
- prepare
neo4j.yamlapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: neo4j spec: syncPolicy: syncOptions: - CreateNamespace=true project: default source: repoURL: https://helm.neo4j.com/neo4j chart: neo4j targetRevision: 5.17.0 helm: releaseName: neo4j values: | # This should be set to true when using ArgoCD # since ArgoCD uses helm template and the helm lookups will fail disableLookups: true neo4j: name: "neo4j" passwordFromSecret: "neo4j-credentials" edition: "community" minimumClusterSize: 1 acceptLicenseAgreement: "yes" resources: cpu: "500m" memory: "2Gi" volumes: data: mode: "volume" dynamic: storageClassName: "nfs-external" accessModes: - ReadWriteOnce requests: storage: 8Gi volume: setOwnerAndGroupWritableFilePermissions: false emptyDir: sizeLimit: 8Gi backups: disableSubPathExpr: false mode: "share" share: name: "data" logs: disableSubPathExpr: false mode: "share" share: name: "data" metrics: disableSubPathExpr: false mode: "share" share: name: "data" import: disableSubPathExpr: false mode: "share" share: name: "data" licenses: labels: {} disableSubPathExpr: false mode: "share" share: name: "data" services: neo4j: enabled: true spec: type: ClusterIP ports: http: enabled: true https: enabled: true bolt: enabled: true backup: enabled: false multiCluster: false cleanup: enabled: true image: registry: docker.io repository: bitnami/kubectl imagePullPolicy: IfNotPresent admin: enabled: true spec: type: ClusterIP internals: enabled: false config: server.config.strict_validation.enabled: "false" image: imagePullPolicy: IfNotPresent customImage: docker.io/library/neo4j:5.18.0-community-bullseye env: NEO4J_PLUGINS: '["apoc"]' analytics: enabled: false type: name: primary destination: server: https://kubernetes.default.svc namespace: database
- prepare credentials secret
- admin username must be
neo4j kubectl get namespaces database > /dev/null 2>&1 || kubectl create namespace database kubectl -n database create secret generic neo4j-credentials \ --from-literal=NEO4J_AUTH=neo4j/$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)
- admin username must be
- apply to k8s
kubectl -n argocd apply -f neo4j.yaml
- sync by argocd
argocd app sync argocd/neo4j
- expose service with ingress
- prepare
neo4j-reverse-proxy.yamlapiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: neo4j-reverse-proxy spec: syncPolicy: syncOptions: - CreateNamespace=true project: default source: repoURL: https://helm.neo4j.com/neo4j chart: neo4j-reverse-proxy targetRevision: 5.17.0 helm: releaseName: neo4j-reverse-proxy values: | reverseProxy: image: "docker.io/neo4j/helm-charts-reverse-proxy:5.17.0" serviceName: "neo4j-lb-neo4j" domain: "cluster.local" ingress: enabled: true className: nginx annotations: cert-manager.io/cluster-issuer: self-signed-ca-issuer host: neo4j.dev.geekcity.tech tls: enabled: true config: - secretName: "neo4j.dev.geekcity.tech-tls" hosts: - neo4j.dev.geekcity.tech destination: server: https://kubernetes.default.svc namespace: database
- apply to k8s
kubectl -n argocd apply -f neo4j-reverse-proxy.yaml
- sync by argocd
argocd app sync argocd/neo4j-reverse-proxy
- prepare
tests
- extract neo4j credentials
kubectl -n database get secret neo4j-credentials -o jsonpath='{.data.NEO4J_AUTH}' | base64 -d
- with http
- neo4j.dev.geekcity.tech should be resolved to nginx-ingress
- for example, add
$K8S_MASTER_IP neo4j.dev.geekcity.techto/etc/hosts
- for example, add
- open browser and visit
https://neo4j.dev.geekcity.tech:32443
- neo4j.dev.geekcity.tech should be resolved to nginx-ingress