License: Apache License 2.0
This repository contains Helm charts that supports both Neo4j standalone and Neo4j clusters
Helm charts for Neo4j clusters are supported from version >= 4.4.0
Helm charts can be downloaded from here
Full Documentation can be found here
See the examples directory for common usage patterns of this Helm Chart
I'd like to be able to add custom annotations to the StatefulSet that is generated by the neo4j-standalone chart. The chart currently supports labels on the StatefulSet via the neo4j.labels config value.
I use cert-manager to generate a TLS certificate which can be mounted via the ssl.bolt.* and ssl.https.* config values. Initially, this works great. However, when the certificate is renewed, the new cert is not loaded by neo4j until a redeploy is performed. To solve this, I want to use Reloader to restart the Pods when the certificate secret changes. However, Reloader requires the addition of an annotation on the StatefulSet which is currently not permitted by the chart.
Release 4.4.5
The neo cronjob backup script fails with the error:
Zipped backup size:
209M /backups/historic-2022-05-03-06:02:19.tar.gz
Pushing /backups/historic-2022-05-03-06:02:19.tar.gz -> neo4j/historic/
Azure storage blob copy to neo4j :: historic/historic-2022-05-03-06:02:19.tar.gz
{
"client_request_id": "dc1aca20-caa6-11ec-a236-de4925fddbc0",
"content_crc64": "7Lxu6Kaolbs=",
"content_md5": null,
"date": "2022-05-03T06:04:14+00:00",
"encryption_key_sha256": null,
"encryption_scope": null,
"etag": "\"0x8DA2CCAC0508090\"",
"lastModified": "2022-05-03T06:04:14+00:00",
"request_id": "fb0dc2f9-f01e-0068-62b3-5e8179000000",
"request_server_encrypted": true,
"version": "2020-10-02",
"version_id": null
}
Azure storage blob copy to neo4j :: historic/historic-latest.tar.gz
Alive[############################################################## ] 98.0786%ERROR: The specified blob already exists.
RequestId:4d00c0e7-301e-0058-73b3-5e3fb6000000
Time:2022-05-03T06:04:19.4058415Z
ErrorCode:BlobAlreadyExists
If you want to overwrite the existing one, please add --overwrite in your command.
Storage copy of backup for historic FAILED
It seems there's been a breaking change in the azure cli which means it now requires the --overwrite flag to be specified when the "latest" backup is copied.
Looking at: https://github.com/neo4j/helm-charts/blob/dev/neo4j/templates/neo4j-svc.yaml#L11
and considering : https://neo4j.com/docs/upgrade-migration-guide/current/version-5/migration/breaking-changes/#_configuration_settings_refresh
Specifically : For example, metrics.enabled is renamed server.metrics.enabled
and at neo4j startup : WARN: Use of deprecated setting 'metrics.prometheus.enabled'. It is replaced by 'server.metrics.prometheus.enabled'.
I this the lookup should be prefixed by server.
In this bug template the chart version 5.3.0 is missing in the chart version selector.
neo4j
5.3.0
Issue seen on all the cloud providers (GCP , AWS , AKS)
No response
I'm using neo4j chart as a dependency in my chart. Wanted to use passwordFromSecret but getting error.
Secret specified in "passwordFromSecret" is part of my chart, so both resources are created together. Example chart where this works without any issues: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
Standalone
4.4.17
Local Machine
helm upgrade --install dt -f ../secrets.yaml -n test2 --create-namespace .
Release "dt" does not exist. Installing it now.
Error: execution error at (dt/charts/neo4j-standalone/templates/_helpers.tpl:392:19): Secret neo4j-secret-ext configured in 'neo4j.passwordFromSecret' not foundI followed the documentation to deploy Neo4J using the Helm Chart + Kubernetes.
Everything seems to work fine until the last step. I connect to http://localhost:7475/browser and try to connect Neo4J to the database using the password I set up in my values.yaml file, but it takes a long time and I get end up with an error.
ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket `readyState` is: 3
I get this logs in my console where I run the port-forward after the previous fail in the UI :
E0327 18:52:37.288063 39231 portforward.go:406] an error occurred forwarding 7687 -> 7687: error forwarding port 7687 to pod 58729ca7e766e6effb669ccba80ea819750d9ae8b074bff661b8dd68a12c1ca4, uid : failed to execute portforward in network namespace "/var/run/netns/cni-3e5161ef-b0cf-9dd2-cf84-433ca67fd05c": read tcp4 127.0.0.1:45936->127.0.0.1:7687: read: connection reset by peer
E0327 18:52:37.289441 39231 portforward.go:234] lost connection to podMeanwhile, the logs of the pod seem Ok except they don't output any error :
Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time.
2023-03-27 14:52:02.823+0000 INFO Command expansion is explicitly enabled for configuration
2023-03-27 14:52:02.828+0000 WARN Unrecognized setting. No declared setting with name: server.panic.shutdown_on_panic.
2023-03-27 14:52:02.924+0000 INFO Starting...
2023-03-27 14:52:05.736+0000 INFO This instance is ServerId{b6eb9040} (b6eb9040-44ba-46eb-85f8-1cb4c7e0f760)
2023-03-27 14:52:09.930+0000 INFO ======== Neo4j 5.5.0 ========
2023-03-27 14:52:17.868+0000 INFO Bolt enabled on 0.0.0.0:7687.
2023-03-27 14:52:22.328+0000 INFO Remote interface available at http://localhost:7474/
2023-03-27 14:52:22.332+0000 INFO id: F4D2410117C4D8F1DDCF1FB045D2821BB7E26D8961F763D6BDA3701B75922BDF
2
2023-03-27 14:52:22.333+0000 INFO name: system
2023-03-27 14:52:22.333+0000 INFO creationDate: 2023-03-27T14:52:12.331Z
2023-03-27 14:52:22.334+0000 INFO Started.Here is a list of resources deployed using the chart in ArgoCD (I tried using ingress to avoid the problem but still occurs):
I am using the chart neo4j/neo4j from the .tgz available on your release page.
Do you have any clue on what I did wrong ?
Thank you for your time !
Have a great day
Cluster
5.5.0
Google Cloud Platform
Changed password for user 'neo4j'. IMPORTANT: this change will only take effect if performed before the database is started for the first time.
2023-03-27 14:52:02.823+0000 INFO Command expansion is explicitly enabled for configuration
2023-03-27 14:52:02.828+0000 WARN Unrecognized setting. No declared setting with name: server.panic.shutdown_on_panic.
2023-03-27 14:52:02.924+0000 INFO Starting...
2023-03-27 14:52:05.736+0000 INFO This instance is ServerId{b6eb9040} (b6eb9040-44ba-46eb-85f8-1cb4c7e0f760)
2023-03-27 14:52:09.930+0000 INFO ======== Neo4j 5.5.0 ========
2023-03-27 14:52:17.868+0000 INFO Bolt enabled on 0.0.0.0:7687.
2023-03-27 14:52:22.328+0000 INFO Remote interface available at http://localhost:7474/
2023-03-27 14:52:22.332+0000 INFO id: F4D2410117C4D8F1DDCF1FB045D2821BB7E26D8961F763D6BDA3701B75922BDF
2
2023-03-27 14:52:22.333+0000 INFO name: system
2023-03-27 14:52:22.333+0000 INFO creationDate: 2023-03-27T14:52:12.331Z
2023-03-27 14:52:22.334+0000 INFO Started.Is your feature request related to a problem? Please describe.
I have a JDBC connection string that contains username and password. Therefore, I put it in a Kubernetes Secret. However, when I'm using the Helm Chart neo4j-standalone, I couldn't find a way to configure the apoc.jdbc.<alias>.url to the JDBC connection string in my Secret.
Describe the solution you'd like
Currently, there's a apoc_config in values.yaml. However, it doesn't support referencing values from Secret. If apoc_config could support referencing values from Secret, that would solve my problem.
Describe alternatives you've considered
I will have to manually modify the Helm Chart and hard-code the Secret.
Additional context
None.
I want to include this chart in a bigger chart via chart Dependencies of that kind:
dependencies:
- name: neo4j-standalone
alias: neo4j
condition: neo4j.enabled
version: "4.4.8"
repository: "https://helm.neo4j.com/neo4j"
unfortunately, it looks like the template scripts are broken because of this.
One of the error I am first facing is this one:
helm upgrade --install my-app app -f values.yaml
Error: UPGRADE FAILED: template: cage/charts/neo4j/templates/neo4j-statefulset.yaml:66:33: executing "cage/charts/neo4j/templates/neo4j-statefulset.yaml" at <include "neo4j.initChmodContainer" .>: error calling include: template: cage/charts/neo4j/templates/_volumeTemplate.tpl:102:24: executing "neo4j.initChmodContainer" at <include "neo4j.initChmodScript" .>: error calling include: template: cage/charts/neo4j/templates/_volumeTemplate.tpl:130:8: executing "neo4j.initChmodScript" at <index $spec $spec.mode>: error calling index: value is nil; should be of type string
my values file is like this:
neo4j:
enabled: true
neo4j:
acceptLicenseAgreement: 'yes'
edition: enterprise
password: xxx
volumes:
data:
mode: "dynamic"
dynamic:
accessModes:
- ReadWriteOnce
requests:
storage: 20Gi
storageClassName: persistent
If I remove the alias and rename my value block from "neo4j" to "neo4j-standalone" I can deploy without issues.
It would be good to fix the tempalte for this (rather common) use case.
Standalone
4.4.3
Issue seen on all the cloud providers (GCP , AWS , AKS)
No response
With Neo4j 4.4.12 being released, it fixes a number of important memory bugs in the application. Can we get the charts updated to 4.4.12 when the team has cycles?
https://github.com/neo4j/neo4j/releases/tag/4.4.12
Thank!
In the previous helm neo4j-contrib/neo4j-helm, it seems like we could add an apoc.conf file to the neo4j pod as a ConfigMap, configured via core.additionalVolumes and core.additionalVolumeMounts.
But the new helm documentation doesn't mention these keys anymore.
What would be the appropriate way to specify an apoc settings now ? Wanting to add apoc.trigger.enabled = true to my standalone neo4j server.
Is your feature request related to a problem? Please describe.
Neo4j's nodeSelector implementation is not fully compatible with Karpenter.
Karpenter is a Kubernetes node manager with support for AWS EKS. It works with AWS Spot and On-Demand instance types and is quite flexible. https://karpenter.sh/
The way that Neo4j's nodeSelector is currently implemented it looks for node labels on existing nodes and if it finds a match it will request more nodes, but if it does not find a match it will not request a node with those labels. The result is that if you have defined a Karpenter provisioner but no pods have requested to use it yet, Neo4j with throw an error:
Error: execution error at (neo4j-standalone/templates/_helpers.tpl:52:16): No node exists in the cluster which has all the below labels (.Values.nodeSelector)
If Karpenter has already created a node with that provisioner, Neo4j can add a new node, but Neo4j cannot be the first pod to use the provisioner.
Describe the solution you'd like
It would be great if the nodeSelector mechanism in Neo4j's Helm chart could request new nodes with the specified labels even if no nodes with those labels currently exist.
Describe alternatives you've considered
As a workaround, I created a dummy pod with the labels I wanted which caused Karpenter to create the first node for the provisioner I wanted to use. I then ran the Neo4j chart and Karpenter created a 2nd node using that provisioner. Then I removed the dummy pod.
Some keys like
neo4j
5.2.0
Issue seen on all the cloud providers (GCP , AWS , AKS)
# values.yaml
neo4j:
name: neo-name
password: ""
volumes:
data:
mode: "defaultStorageClass"
services:
neo4j:
enabled: false
jvm:
useNeo4jDefaultJvmArguments: true
# in the output of:
# helm template -n my-namespace -f values.yaml my-graph neo4j/neo4j
# Source: neo4j/templates/neo4j-config.yaml
# Default Neo4j config values, these are overridden by user-provided values in my-graph-user-config
apiVersion: v1
kind: ConfigMap
metadata:
name: "my-graph-default-config"
namespace: "my-namespace"
labels:
app: "neo-name"
data:
# Neo4j defaults
server.directories.import: import
server.bolt.enabled: 'true'
server.http.enabled: 'true'
server.https.enabled: 'false'
db.tx_log.rotation.retention_policy: 1 days
server.jvm.additional: -XX:+UseG1GC
server.jvm.additional: -XX:-OmitStackTraceInFastThrow
server.jvm.additional: -XX:+AlwaysPreTouch
server.jvm.additional: -XX:+UnlockExperimentalVMOptions
server.jvm.additional: -XX:+TrustFinalNonStaticFields
server.jvm.additional: -XX:+DisableExplicitGC
server.jvm.additional: -Djdk.nio.maxCachedBufferSize=1024
server.jvm.additional: -Dio.netty.tryReflectionSetAccessible=true
server.jvm.additional: -Djdk.tls.ephemeralDHKeySize=2048
server.jvm.additional: -Djdk.tls.rejectClientInitiatedRenegotiation=true
server.jvm.additional: -XX:FlightRecorderOptions=stackdepth=256
server.jvm.additional: -XX:+UnlockDiagnosticVMOptions
server.jvm.additional: -XX:+DebugNonSafepoints
server.jvm.additional: --add-opens=java.base/java.nio=ALL-UNNAMED
server.jvm.additional: --add-opens=java.base/java.io=ALL-UNNAMED
server.jvm.additional: --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
server.jvm.additional: -Dlog4j2.disable.jmx=true
server.windows_service_name: neo4j
server.panic.shutdown_on_panic: 'true'
server.logs.config: /config/server-logs.xml/server-logs.xml
server.logs.user.config: /config/user-logs.xml/user-logs.xml
# Helm defaults
# Bolt keep alive
# this helps to ensure that LoadBalancers do not close bolt connections that are in use but appear idle
server.bolt.connection_keep_alive: "30s"
server.bolt.connection_keep_alive_for_requests: "ALL"
server.bolt.connection_keep_alive_streaming_scheduling_interval: "30s"
# If we set default advertised address it over-rides the bolt address used to populate the browser in a really annoying way
# dbms.default_advertised_address: "$(bash -c 'echo ${SERVICE_DOMAIN}')"
# Other
internal.dbms.ssl.system.ignore_dot_files: "true"
# Logging
server.directories.logs: "/logs"
# Import
server.directories.import: "/import"
# Use more reliable defaults SSL / TLS settings for K8s
dbms.ssl.policy.bolt.client_auth: "NONE"
dbms.ssl.policy.https.client_auth: "NONE"Currently, the helm chart only supports pod anti-affinity. It would be nice to support pod affinity, which is useful to schedule Pods and PV within the specific AZ.
ex.
podSpec:
podAntiAffinity: true
podAffinity: # default {}
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: failure-domain.beta.kubernetes.io/zone
operator: In
values:
- us-central1-aIs your feature request related to a problem? Please describe.
Using the deprecated helm chart, it was possible to setup a custom podAntiAffinity rule. with this one it's not possible anymore (at least for 4.4, which is the version we are using)
Describe the solution you'd like
We have a EKS cluster splitted in 3 AZ. Using the deprecated helm chart we used to setup a podAntiAffinity rule to avoid having 2 pods on the same zone:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- neo4j-cluster
topologyKey: "topology.kubernetes.io/zone"
with the limited boolean podAntiAffinity value of this chart, we cannot do that anymore because the topologyKey: kubernetes.io/hostname is not enough for our needs, as 2 pods could be created on different hosts in the same zone
Describe alternatives you've considered
I don't see any alternative except adding a customPodAntiAffinity rule, so it doesn't break the current behavior for backward compatibility
Hi,
I would like to spin up a server for neo4j. I had it actually already running but now I wanted to adopt some config options.
Now when I run helm install server-1 neo4j/neo4j -f server-1.values.yaml or helm upgrade ...
it results in the following error message:
Error: INSTALLATION FAILED: template: neo4j/templates/neo4j-svc.yaml:6:21: executing "neo4j/templates/neo4j-svc.yaml" at <index $.Values.config "dbms.backup.enabled">: error calling index: cannot index slice/array with type string
Obviously the file that is affected is: https://github.com/neo4j/helm-charts/blob/dev/neo4j/templates/neo4j-svc.yaml
and there the lines:
{{- $isEnterprise := required "neo4j.edition must be specified" .Values.neo4j.edition | regexMatch "(?i)enterprise" -}}
{{- $clusterEnabled := false }}
{{- $backupEnabled := false }}
{{- if $isEnterprise }}
{{- $clusterEnabled = eq (include "neo4j.isClusterEnabled" .) "true" }}
{{- $backupEnabled = index $.Values.config "dbms.backup.enabled" | default "true" | regexMatch "(?i)yes|true" }}
{{- end }}
{{- $jmxEnabled := index $.Values.config "server.metrics.jmx.enabled" | default "" | regexMatch "(?i)yes|true" }}
{{- $graphiteEnabled := index $.Values.config "server.metrics.graphite.enabled" | default "" | regexMatch "(?i)yes|true" }}
{{- $prometheusEnabled := index $.Values.config "server.metrics.prometheus.enabled" | default "" | regexMatch "(?i)yes|true" }}There has been a merged commit on the 16th of Feb but it only affects the lower lines (13ba149). Maybe there is a connection that I cannot see.
Any help is greatly appreciated.
Cluster
5.5.0
Local Machine
No response
When I downloaded the release tarball at https://neo4j.com/download-center/#helm and extracted it, I found some broken symlinks in the Helm charts. If I go ahead install the chart, an error will occur:
Error: INSTALLATION FAILED: error evaluating symlink /neo4j-standalone/charts/neo4j-shared-templates: lstat /neo4j-standalone/../neo4j-shared-templates: no such file or directory
The broken symlinks are:
$ ls -l */charts
neo4j-cluster-core/charts:
total 0
lrwxr-xr-x 1 29 Sep 8 03:34 neo4j-shared-templates -> ../../neo4j-shared-templates/
neo4j-cluster-headless-service/charts:
total 0
lrwxr-xr-x 1 29 Sep 8 03:34 neo4j-shared-templates -> ../../neo4j-shared-templates/
neo4j-cluster-loadbalancer/charts:
total 0
lrwxr-xr-x 1 29 Sep 8 03:34 neo4j-shared-templates -> ../../neo4j-shared-templates/
neo4j-cluster-read-replica/charts:
total 0
lrwxr-xr-x 1 28 Sep 8 03:34 neo4j-shared-templates -> ../../neo4j-shared-templates
neo4j-standalone/charts:
total 0
lrwxr-xr-x 1 29 Sep 8 03:34 neo4j-shared-templates -> ../../neo4j-shared-templates/
$ ls neo4j-standalone/charts/neo4j-shared-templates/
ls: neo4j-standalone/charts/neo4j-shared-templates/: No such file or directory
All
4.4.10
Local Machine
I have started using the standalone chart in version 4.4.16 and tried to use the new passwordFromSecret feature, which works fine if you deploy it directly with helm - however if you use the --dry-run flag or the helm template command, it does not work. The reason is that the helm chart template does a lookup to see if the existing secret exists, which is fine normally. However, when using the --dry-run flag or helm template, it does not work as the lookup of the secret yields nothing as there is no comms with the cluster in that mode. Unfortunately when deploying via argocd, argocd does do a dry-run or local template (not sure which one of the two) first before it deploys it and falls over with an Application conditions error as follows: Secret my-secret configured in 'neo4j.passwordFromSecret' not found.
To solve this, the Secret lookup in the chart helper would have to be removed.
Standalone
4.4.3
My environment is not listed
No response
Steps to reproduce:
Using the basic value.yaml with a plugin volume defined as per documents, run helm install neo4j-release neo4j/neo4j-standalone -f values.yaml
copy the apoc jar to the /plugins container on the pod.
restart the pod.
plugins are not loaded
Expected behavior
Plugins should be loaded
Neo4j image tag being used, 4.4.3
Operating system: ubuntu
The helm charts do not provide a means to override the plugins folder configuration, however if I manually edit the neo4j configmap and add dbms.directories.plugins: /plugins, it is loaded correctly.
The default appears to be /var/lib/neo4j/plugins which is not a directory backed by a persistent volume
It also appears not possible to add a volumeMount to the values file for plugins as that is overridden because of the volume definition (see _volumeTemplate.tpl).
We deployed a cluster of three cores using helm, and the default setting for ExternalTrafficPolicy is not working with exposing bolt as external Loadbalancer.
When we manually edit the service and change the traffic Policy to Cluster, it works.
But there is no configuration option for that while deploying the chart.
No response
Hi,
I was just installing the chart locally and testing the passwordFromSecret option.
It appears the error message is giving the wrong advice. It currently says Secret examplepassword must contain key NEO4J_DATA Think that needs to be Secret examplepassword must contain key NEO4J_AUTH.
Not a biggie obviously, but might save someone a bit of head scratching.
Thanks
Cluster
5.5.0
Local Machine
{{- define "neo4j.secretName" -}}
{{- if .Values.neo4j.passwordFromSecret -}}
{{- if not .Values.disableLookups -}}
{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.neo4j.passwordFromSecret) }}
{{- $secretExists := $secret | all }}
{{- if not ( $secretExists ) -}}
{{ fail (printf "Secret %s configured in 'neo4j.passwordFromSecret' not found" .Values.neo4j.passwordFromSecret) }}
{{- else if not (hasKey $secret.data "NEO4J_AUTH") -}}
{{ fail (printf "Secret %s must contain key NEO4J_DATA" .Values.neo4j.passwordFromSecret) }}
{{/*The secret must start with characters 'neo4j/`*/}}
{{- else if not (index $secret.data "NEO4J_AUTH" | b64dec | regexFind "^neo4j\\/\\w*") -}}
{{ fail (printf "Password in secret %s must start with the characters 'neo4j/'" .Values.neo4j.passwordFromSecret) }}
{{- end -}}
{{- end -}}
{{- printf "%s" (tpl .Values.neo4j.passwordFromSecret $) -}}
{{- else -}}
{{- include "neo4j.name" . | printf "%s-auth" -}}
{{- end -}}
{{- end -}}If you render the neo4j helm chart using helm template using a minimal values.yaml (taken from the example):
neo4j:
name: neo4j
resources:
cpu: "0.5"
memory: "2Gi"
# Uncomment to set the initial password
#password: "my-initial-password"
# Uncomment to use enterprise edition
#edition: "enterprise"
#acceptLicenseAgreement: "yes"
volumes:
data:
mode: "dynamic"
dynamic:
# * managed-csi-premium provisions premium SSD disks (recommended)
# * managed-csi provisions standard SSD-backed disks
storageClassName: managed-csi-premiumIt leads to a duplicate mapping key for server.directories.import & server.jvm.additional in the ConfigMap.
apiVersion: v1
kind: ConfigMap
metadata:
name: "my-neo4j-release-default-config"
namespace: "simulation"
labels:
app: "my-standalone"
data:
# Neo4j defaults
server.directories.import: import
[...]
server.jvm.additional: -XX:+UseG1GC
server.jvm.additional: -XX:-OmitStackTraceInFastThrow
server.jvm.additional: -XX:+AlwaysPreTouch
server.jvm.additional: -XX:+UnlockExperimentalVMOptions
server.jvm.additional: -XX:+TrustFinalNonStaticFields
server.jvm.additional: -XX:+DisableExplicitGC
server.jvm.additional: -Djdk.nio.maxCachedBufferSize=1024
server.jvm.additional: -Dio.netty.tryReflectionSetAccessible=true
server.jvm.additional: -Djdk.tls.ephemeralDHKeySize=2048
server.jvm.additional: -Djdk.tls.rejectClientInitiatedRenegotiation=true
server.jvm.additional: -XX:FlightRecorderOptions=stackdepth=256
server.jvm.additional: -XX:+UnlockDiagnosticVMOptions
server.jvm.additional: -XX:+DebugNonSafepoints
server.jvm.additional: --add-opens=java.base/java.nio=ALL-UNNAMED
server.jvm.additional: --add-opens=java.base/java.io=ALL-UNNAMED
server.jvm.additional: --add-opens=java.base/sun.nio.ch=ALL-UNNAMED
server.jvm.additional: -Dlog4j2.disable.jmx=true
[...]
server.directories.import: "/import"When trying to deploy this Chart via FluxCD it leads to Helm install errors.
Standalone
5.5.0
FluxCD, Kustomize
Status: โ
โ Conditions: โ
โ Last Transition Time: 2023-03-30T10:17:39Z โ
โ Message: Helm install failed: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors: โ
โ line 55: mapping key "server.directories.import" already defined at line 14 โ
โ line 20: mapping key "server.jvm.additional" already defined at line 19 โ
โ line 21: mapping key "server.jvm.additional" already defined at line 19Duplicate YAML keys
Unlike Helm, the Kustomize yaml parser (kyaml) does not accept duplicate keys, while Helm drops the duplicates, Kustomize errors out. This impacts helm-controller as it uses kustomize/kyaml to label objects reconciled by a HelmRelease.
For example, a chart that adds the app.kubernetes.io/name more than once, will result in a HelmRelease install failure:
map[string]interface {}(nil): yaml: unmarshal errors:
line 21: mapping key "app.kubernetes.io/name" already defined at line 20
After downloading the neo4j standalone chart for the first time I attempted to put it in my CircleCI build. I'm using...
I pass the following into the set command as recommended here:
analysis.neo4j.services.neo4j.annotations.service.beta.kubernetes.io/do-loadbalancer-certificate-id=<cert id>
as it appears that the services.neo4j.annotations field value is an object. However, I get the following error:
Error: UPGRADE FAILED: YAML parse error on thinkdeep/charts/analysis/charts/neo4j/templates/neo4j-loadbalancer.yaml: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal object into Go struct field .metadata.annotations of type string
Is there something obvious that I'm doing wrong here? Can you provide an example helm set operation usable with the services.neo4j.annotations field? What is it that's expected by the services.neo4j.annotations field? Thanks for your time and help in this matter! :-)
Hi,
I'm trying to change some Neo4j config, not sure if this is a bug or I did something wrong.
config:
metrics.prometheus.enabled: "true"
metrics.prometheus.endpoint: "0.0.0.0:2004"
Then it'll create a configmap like these
$ k get cm -n graph | grep user
core-1-user-config 4 3d3h
core-2-user-config 4 3d3h
core-3-user-config 4 3d3h
rr-1-user-config 3 3d3h
the config is working as expected:
neo4j@neo4j> CALL dbms.listConfig()
YIELD name, value
WHERE name STARTS WITH 'metrics.prometheus'
RETURN name, value
ORDER BY name;
+------------------------------------------------+
| name | value |
+------------------------------------------------+
| "metrics.prometheus.enabled" | "true" |
| "metrics.prometheus.endpoint" | "0.0.0.0:2004" |
+------------------------------------------------+
These configmaps should be the value of volume neo4j-conf and be in neo4j.conf
But I can't find the values there, is that normal?
neo4j@core-1-0:~$ cat conf/neo4j.conf | grep -i prome
neo4j@core-1-0:~$
env:
NEO4j_dbms_memory_pagecache_size: "512M"
after the deployment, I can get ENV within the pod:
neo4j@core-1-0:~$ env | grep -i page
NEO4j_dbms_memory_pagecache_size=512M
even this is the default config from neo4j.conf
neo4j@core-1-0:~$ cat conf/neo4j.conf | grep -i page
# rest for the page cache.
# The default page cache memory assumes the machine is dedicated to running
#dbms.memory.pagecache.size=10g
# Uncomment this line to include page hits and page faults information for the executed queries being logged:
#dbms.logs.query.page_logging_enabled=true
# tells browsers that a webpage should only be accessed using HTTPS instead of HTTP.
# pages. It also reduces the possibility of seeing performance drop
# due to heap-growing GC events, where a decrease in available page
dbms.memory.pagecache.size=512M
but when I tried to get this config from DB, it's not there
neo4j@neo4j> CALL dbms.listConfig()
YIELD name, value
WHERE name STARTS WITH 'dbms.memory.pagecache.size'
RETURN name, value
ORDER BY name;
+-------------------------------------------+
| name | value |
+-------------------------------------------+
| "dbms.memory.pagecache.size" | "No Value" |
+-------------------------------------------+
Cluster
4.4.18
Amazon Web Services
No response
No response
Hi,
I've noticed that clustering is only enabled when neo4j.minimumClusterSize is greater than or equal to 3:
{{- define "neo4j.isClusterEnabled" -}}
{{- $minClusterSize := index $.Values.neo4j "minimumClusterSize" | default 1 | int -}}
{{- if ge $minClusterSize 3 -}}
{{- if not (eq $.Values.neo4j.edition "enterprise") -}}
{{- fail (printf "Please use enterprise edition for clustering. You can set edition via --set neo4j.edition=enterprise") -}}
{{- end -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}Is this intended? I haven't found docs for Neo4J 5.x that state this as a constraint.
Thanks
Note: The Chart Version and Chart Name for the issue template has not been updated for 5.x.
I'm running the latest 5.5.0.
neo4j
5.5.0
Google Cloud Platform
No response
Hello guys !
I little suggestion here :)
Is your feature request related to a problem? Please describe.
When I'm deploying the helm chart using a custom namespace, I expect resources to be created in that namespace
Describe the solution you'd like
I would like the SA, Role and RoleBinding in neo4j-standalone/templates/neo4j-service-account.yaml to register in the proper namespace
Does it make sense to you ?
Thanks !
Is your feature request related to a problem? Please describe.
We're deploying neo4j internally on gke using an internal load balancer. We want to be able to use an already existing ingress-controller to route traffic to our neo4j deployment. Right now, there's no possibility to do that directly from the helm chart. Happy to open PRs if this is something that would be accepted
Describe the solution you'd like
Solution would be to allow creation of ingresses for the services and specify basic configuration values for that ingress. Would probably require separate ingress for each service expose to have proper control. For example, deploy admin on a internal load balancer and the core app on an public facing one.
Describe alternatives you've considered
As alternatives, we've been externally creating ingresses to the services that we want to expose on our internal load balancer.
Additional context
Here are some other helm charts for reference that allow dynamic creation of ingresses from within the chart.
Hello !
Here is the property from the old helm chart I'm talking about
https://github.com/neo4j-contrib/neo4j-helm/blob/master/values.yaml#L153
I was using that to add more volumes to the pod.
With this I was able to mount a configmap script into a init-container that automatically restore the latest neo4j backup taken if the PVC is empty. That was pretty useful to me.
Are you guys thinking of implementing this back in the new one ?
Thanks !
I tried to follow the tutorial for running a Neo4J cluster with 3 core instances using the helm charts.
Each time I tried, the first pod was able to start (however stayed in not-ready mode due to only 1 out of 3 required core instances running). The second and third core instances failed to start (stayed in pending state) with error 1 node(s) didn't match pod anti-affinity rules.
Finally I managed to solve this issue by setting podSpec.podAntiAffinity to false in the value.yaml for starting the helm chart.
As far as I understand the pod anti-affinity rule only allowed one StatefulSet instance with the particular neo4j.name is was using to be deployed, and any other StatefulSet with the same neo4j.name would fail.
However, according to the tutorial, I was meant to run the helm install three times with the same neo4j.name otherwise they would make three different clusters instead of one with 3 core instances.
This furthermore raises a question for me why you would deploy three different statefulsets with each 1 pod, as indeed according to the desired output for kubectl get pods the -0 after the pod name indicates the first pod in a certain deployment/statefulset.
Is this indeed intended to have three different statefulsets and then anti-affinity interfering with this intended deployment strategy?
Thanks in advance!
Cluster
4.4.1
Local Machine
No response
The configmaps are not being properly injected. When I browse to the /config/ directory, the path neo4j.conf is NOT a file, instead it is a directory with the properties as files.
Due to this, any properties added via .Values.config will not be present because the user supplied configuration values cannot be read. I have used both 5.2.0 and 5.5.0 helm charts and both show the same issue.
Standalone
5.5.0
Google Cloud Platform
cd /config
ls
neo4j.conf server-logs.xml user-logs.xml
cat neo4j.conf
cat: neo4j.conf: Is a directory
cd neo4j.conf
ls
db.tx_log.rotation.retention_policy server.bolt.connection_keep_alive server.config.strict_validation.enabled server.http.enabled server.logs.user.config server.metrics.prometheus.endpoint
dbms.ssl.policy.bolt.client_auth server.bolt.connection_keep_alive_for_requests server.default_listen_address server.https.enabled server.metrics.graphite.enabled server.panic.shutdown_on_panic
dbms.ssl.policy.https.client_auth server.bolt.connection_keep_alive_streaming_scheduling_interval server.directories.import server.jvm.additional server.metrics.jmx.enabled server.windows_service_name
internal.dbms.ssl.system.ignore_dot_files server.bolt.enabled server.directories.logs server.logs.config server.metrics.prometheus.enabled
cat server.metrics.prometheus.enabled
trueChart Version:
Caveat: this all might be intentional but I suspect it's not.
I'm noticing that every time new commits are merged to the dev branch, the published artifact for version 5.4.0 of the neo4j chart on https://helm.neo4j.com/neo4j gets overwritten.
At least, I suspect this is what's happening, because on 8 Feb 2023 (2 days ago) I was able to use the .Values.neo4j.nodeSelectorLookup setting in the chart and today I cannot, but suddenly .Values.disableLookups is available to me, and I have been referencing version 5.4.0 of the chart this entire week. As far as I can tell, the only thing that's changed in the meantime is that #140 was merged.
The reason why I suspect this behavior is unintentional is because the tag accompanying this version of the chart no longer reflects the artifact which is published to https://helm.neo4j.com/neo4j.
Standalone
5.4.0 (wasn't a choice in the issue template)
Microsoft Azure
No response
Hi, I am deploying a standalone instance of neo4j as per instructed here -> https://neo4j.com/docs/operations-manual/current/kubernetes/quickstart-standalone/. Everything install successfully .
helm install my-neo4j-release neo4j/neo4j-standalone -f my-neo4j.values.yaml
I want to install some third party plugins in my neo4j container and want them to persist after restarting the container ( in order for them to apply successfully ) To be more precise i am following this -> https://neo4j.com/labs/neosemantics/4.0/install/ installation. But after restarting the container , all JAR vanishes .
So I mounted the "plugin" volume to "data" volume with "share" mode. My neo4j.values.yaml looks like this ->
neo4j:
resources:
cpu: "0.5"
memory: "2Gi"
volumes:
data:
mode: "defaultStorageClass"
defaultStorageClass:
requests:
storage: 2Gi
plugins:
mode: "share"
share:
name: "data"
It seems like helm-neo4j deployment create all Volume mount at root path , as per document -> https://neo4j.com/docs/operations-manual/current/kubernetes/persistent-volumes/ . But neo4j container is taking "var/lib/neo4j/plugins" or "${NEO4J_HOME}/plugins" mount point into consideration for any plugins installation and also restarting the container isn't persisting any plugins in that mount point, cause volume plugins is referring to "/plugins" instead of "var/lib/neo4j/plugins"
Do we have any workaround for such kind of situation ?
Standalone
4.3.9 (Standalone only)
Local Machine
No response
Is your feature request related to a problem? Please describe.
We create umbrella charts to compose and deploy multiple charts(chart dependencies) as part of one release. Within the scope of the Umbrella Chart we tend to deploy multiple instances the same chart. As example imagine deployment of two separate Neo4J instances dedicated to specific purpose within deployed within one release. To enable such use case charts usually provide possibility to override resource names through fullNameOverride and nameOverride values.
Describe the solution you'd like
Enable the use case by providing resource name overrides through fullNameOverride and nameOverride values. As a reference
you could refer to this feature request in neo4j-helm Labs Helm chart that introduced the same functionality.
Hello,
I'm looking for documentation on how to migrate from the deprecated Neo4j-contrib chart to this chart. I've spent some time searching but I can't seem to find anything. Am I overlooking something?
Thank you!
No response
Hi :)),
it seem's like I am not able to define an existing imagePullSecret. What I did was creating an imagePullSecret first, which I actually use for all my image pulls (which are working), and providing the name of the secret in the version: 4.4.18 neo4j-helm-charts/neo4j-standalone:
image:
imagePullPolicy: IfNotPresent
customImage: "neo4j:4.4.17-enterprise"
imagePullSecrets:
- "gitlab-pull-secret"`
k get secrets gitlab-pull-secret -o yamlapiVersion: v1
data:
.dockerconfigjson: ...
kind: Secret
metadata:
name: gitlab-pull-secret
namespace: staging
type: kubernetes.io/dockerconfigjsonI am getting following error:
Error: Failed to render chart: exit status 1: Error: execution error at (neo4j-standalone/templates/neo4j-imagePullSecret.yaml:27:13): No docker-registry secret exists for imagePullSecret "gitlab-pull-secret" in the cluster.
Missing imageCredential entry for "gitlab-pull-secret"
Use --debug flag to render out invalid YAML
Error: plugin "diff" exited with errorI don't understand why I would need to specify additional imageCredential entries since I am already having a prepared and working imagePullSecret.
PS: I don't need the secret for image.customImage but for an additional initContainer to add a custom plugin which I'd like to copy to an additional volume.
Cheers,
Szop
Standalone
4.4.18
Microsoft Azure
No response
Hey guys,
thanks for providing the new helm charts, we're still missing some features though, which were kinda handy in the old (now deprecated) helm chart:
Again: thanks a lot for your work!
Hi,
This is not a bug, just some issue
I'm migrating a 4.4 Cluster (with core and replica nodes) from neo4j-contrib chart to this chart following this guide:
https://neo4j.com/docs/operations-manual/current/kubernetes/maintenance/#_migrate_neo4j_from_the_labs_helm_charts_to_the_neo4j_helm_charts_offline
The first step:
I need to create a 4.4 cluster with this chart:
(1) From the doc, I need to deploy this cluster with multiple charts (https://neo4j.com/docs/operations-manual/5/kubernetes/quickstart-cluster/ )
But there is no neo4j/neo4j in chart version 4.4
How should I deploy the cluster, is there any deployment doc?
(2) About data migration, the migration doc only provide an offline solution, is that possible to migrate data from original cluster with an alive mode to decrease downtime?
Cluster
4.4.16
Amazon Web Services
No response
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Right now, there is no slack integration for this neo4j/helm-charts repo, we cannot get the new release by slack.
Describe the solution you'd like
A clear and concise description of what you want to happen.
The repo admin can add slack integration for external developers.
Like this: https://github.com/integrations/slack
Thanks!
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Is your feature request related to a problem? Please describe.
I can't use the cluster headless version for community and I need to run a community version for testing.
Describe the solution you'd like
I want to have a headless service for Community
Describe alternatives you've considered
I tried this but I still get connect issues from my Python client which is inside a pod. It should connect with uri = "neo4j://192.100.4.100"
apiVersion: v1
kind: Service
metadata:
name: neo4j
namespace: default
spec:
clusterIP: None
ports:
- name: neo4j
port: 7687
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: neo4j
namespace: default
subsets:
- addresses:
- ip: 192.100.4.100 # your node's IP address
ports:
- port: 7687
name: neo4j
protocol: TCP```
**Additional context**
Add any other context or screenshots about the feature request here.
I followed this documentation, but my pods ended in a permanent pending stage.
cat <<EOF | kubectl apply -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: neo4j-data
provisioner: ebs.csi.aws.com
parameters:
type: gp3
reclaimPolicy: Retain
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
EOFVerification was kubectl get storageclass neo4j-data resulted in:
storage-class-values.yamlneo4j:
name: standalone-with-storage-class
volumes:
data:
mode: dynamic
dynamic:
storageClassName: "neo4j-data"
requests:
storage: 10Gihelm install neo4j-test neo4j/neo4j -n n4j-test --create-namespace --set neo4j.name=neo4j --set neo4j.password=xxx -f storage-class-values.yml
PVC check kubectl get pvc -n n4j-test
Waiting for the pod end-up with a timeout kubectl --namespace "n4j-test" rollout status --watch --timeout=600s statefulset/neo4j-test
I can see an error said "timeout waiting for condition"
And the pod stays in a pending stage.
helm repo list
neo4j https://helm.neo4j.com/neo4j
Cluster
4.4.3
Issue seen on all the cloud providers (GCP , AWS , AKS)
No response
It appears the Neo4j service resouce is created with type: ClusterIP hardcoded. Was this intentional? I assume this should be respecting the configuration values specified at time of helm install.
https://github.com/neo4j/helm-charts/blob/dev/neo4j/templates/neo4j-svc.yaml#L30
I want to be able to create a type: LoadBalancer service for my database, which I used to be able to do in the previous helm charts for 4.3. Can only do this now by editing the k8s yaml after deploy manually.
Let me know if this should be updated, and I'd be happy to put up a PR.
Thanks,
Cam
Standalone
4.4.3
Google Cloud Platform
No response
At the end of the landing page, the following link is broken:
https://neo4j.com/docs/operations-manual/current/kubernetes/
Cluster
4.4.3
Issue seen on all the cloud providers (GCP , AWS , AKS)
No response
Getting this error while installting any version of the chart using helm versions 3.2.xx and any later version than that, up to latest version. I think the chart needs update for new versions of helm.
Error: INSTALLATION FAILED: template: neo4j-standalone/templates/neo4j-svc.yaml:10:103: executing "neo4j-standalone/templates/neo4j-svc.yaml" at <"(?i)yes|true">: wrong type for value; expected string; got bool
Standalone
4.4.3
Issue seen on all the cloud providers (GCP , AWS , AKS)
Error: INSTALLATION FAILED: template: neo4j-standalone/templates/neo4j-svc.yaml:10:103: executing "neo4j-standalone/templates/neo4j-svc.yaml" at <"(?i)yes|true">: wrong type for value; expected string; got boolI deployed Neo4j in my AKS cluster using the standalone Helm chart.
It all gets deployed and my Node.js server connects to Neo4j correctly.
However queries throw the Neo4jError: Unknown function 'apoc.convert.fromJsonMap' error, so apoc is clearly missing.
I followed the procedure described here https://neo4j.com/docs/operations-manual/current/kubernetes/configuration/#operations-installing-plugins and my Values are here below.
The only difference I find is that in the guide apoc core is actually enabled afterwards by upgrading the helm chart, while I'm installing it with the option enabled already.
Looking at https://neo4j.com/docs/apoc/current/config/ I saw
As of Neo4j v.5.0, APOC config settings are no longer supported in the neo4j.conf file. Please move all apoc.* settings to apoc.conf. It is also possible to set the config settings using environment variables.
so as neo4j-standalone is using version 4.4.16 I moved the apoc configurations from apoc.config to neo4.config but still apoc procedures are not found by the queries.
Is there something I'm missing out to configure in order to enable apoc?
Thank you very much.
neo4j-db:
# neo4j-standalone:
nameOverride: "neo4j"
fullnameOverride: 'neo4j'
neo4j:
# Name of your cluster
name: "fixit-neo4j" # this will be the label: app: value for the service selector
password: "password"
##
passwordFromSecret: ""
passwordFromSecretLookup: false
edition: "community"
acceptLicenseAgreement: "yes"
offlineMaintenanceModeEnabled: false
resources:
cpu: "1000m"
memory: "2Gi"
volumes:
data:
mode: 'volumeClaimTemplate'
volumeClaimTemplate:
accessModes:
- ReadWriteOnce
storageClassName: neo4j-sc-data
resources:
requests:
storage: 4Gi
backups:
mode: 'share' # share an existing volume (e.g. the data volume)
share:
name: 'logs'
logs:
mode: 'volumeClaimTemplate'
volumeClaimTemplate:
accessModes:
- ReadWriteOnce
storageClassName: neo4j-sc-logs
resources:
requests:
storage: 4Gi
services:
# A ClusterIP service with the same name as the Helm Release name should be used for Neo4j Driver connections originating inside the
# Kubernetes cluster.
default:
# Annotations for the K8s Service object
annotations: { }
# A LoadBalancer Service for external Neo4j driver applications and Neo4j Browser
neo4j:
### this would create cluster-neo4j svc
enabled: false
# env:
# NEO4J_PLUGINS: '["graph-data-science"]'
config:
server.bolt.enabled : "true"
server.bolt.tls_level: "REQUIRED"
server.bolt.listen_address: "0.0.0.0:7687"
dbms.ssl.policy.bolt.client_auth: "NONE"
dbms.ssl.policy.bolt.enabled: "true"
server.directories.plugins: "/var/lib/neo4j/labs"
dbms.security.procedures.unrestricted: "apoc.*"
server.config.strict_validation.enabled: "false"
dbms.security.procedures.allowlist: "gds.*,apoc.*"
apoc_config:
apoc.trigger.enabled: "true"
apoc.jdbc.neo4j.url: "jdbc:foo:bar"
apoc.import.file.enabled: "true"
startupProbe:
failureThreshold: 1000
periodSeconds: 50
ssl:
# setting per "connector" matching neo4j config
bolt:
privateKey:
secretName: tls-secret
subPath: tls.key
publicCertificate:
secretName: tls-secret
subPath: tls.crt
trustedCerts:
sources: [ ]
revokedCerts:
sources: [ ]
Standalone
4.4.1
Microsoft Azure
Neo4jError: Unknown function 'apoc.convert.fromJsonMap' (line 2, column 6 (offset: 10))
"WITH `apoc`.`convert`.`fromJsonMap`(($`json`)) AS `json`"
^
at captureStacktrace (/usr/app/node_modules/neo4j-driver-core/lib/result.js:611:17)
at new Result (/usr/app/node_modules/neo4j-driver-core/lib/result.js:105:23)
at newCompletedResult (/usr/app/node_modules/neo4j-driver-core/lib/transaction.js:501:12)
at Object.run (/usr/app/node_modules/neo4j-driver-core/lib/transaction.js:333:20)
at Transaction.run (/usr/app/node_modules/neo4j-driver-core/lib/transaction.js:174:34)
at ManagedTransaction.run (/usr/app/node_modules/neo4j-driver-core/lib/transaction-managed.js:56:21)
at /usr/app/api/src/neo4j/user_neo4j.js:40:10
at TransactionExecutor._safeExecuteTransactionWork (/usr/app/node_modules/neo4j-driver-core/lib/internal/transaction-executor.js:141:26)
at TransactionExecutor.<anonymous> (/usr/app/node_modules/neo4j-driver-core/lib/internal/transaction-executor.js:128:46)
at step (/usr/app/node_modules/neo4j-driver-core/lib/internal/transaction-executor.js:52:23) {
constructor: [Function: Neo4jError] { isRetriable: [Function (anonymous)] },
code: 'Neo.ClientError.Statement.SyntaxError',
retriable: false
}Hello
Currently we cannot set up Neo4j on our Kubernetes cluster because we have a restriction from Kyverno where the capabilities have to be dropped.
A fix would be to add 'capabilities' in values.yaml. Here for example 'dropping all':
securityContext:
runAsNonRoot: true
runAsUser: 7474
runAsGroup: 7474
fsGroup: 7474
fsGroupChangePolicy: "Always"
capabilities:
drop: ["ALL"]https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
The securityContext is used at both the pod and container level. When I add the capabilities, I get the error message that this configuration does not exist at the pod level. Because of that the template neo4j-statefulset.yaml would have to be adjusted, because the capabilities are only on the container level. Therefore, those at the pod level must be omitted. Maybe like this:
apiVersion: apps/v1
kind: StatefulSet
metadata:
template:
metadata:
securityContext: {{ omit .Values.securityContext "capabilities" | toYaml | nindent 8 }}
[...]Thanks
Hi colleagues,
A very good soul worked on this PR #118 and I need this in the company I'm working on. I have not seen any move from dev branch into 4.4 branch after that got merged and I'm willing to contribute time to get this feature on 4.4 if human help is needed.
How can I help, or, is there something I can do to help to get this feature on 4.4?
Is your feature request related to a problem? Please describe.
Context : in our production cluster, some workloads such as neo4j database are more critical than others so we need that reflected in terms of priority classes for pods. We need to ensure those workloads have very high priority so our cluster is functional. Unfortunately the Neo4J helm charts do not expose priorityClassName attribute, which is not blocking but forces us to find workarounds.
Describe the solution you'd like
Something like neo4j-contrib/neo4j-helm#250 and #1
Official documentation: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
Describe alternatives you've considered
Using kustomize to post-render Neo4j helm chart.
Additional context
Related issue : neo4j-contrib/neo4j-helm#227
Related PRs :
From this commit: 32b5d4f#diff-5f1690e1379565586b0ae118fb743df383b6d3059d83e9d9ee3ec558ba511e07R62 ( Line 62 )
Currently, it is impossible to override stdout_enabled to be true. This makes it very difficult to track logs on the neo4j pod, as the logs are written to a file instead of stdout which is natively picked up by Docker.
Either this option should be configurable as a dedicated value in ".Values.*" or left to the user to set explicitly in ".Values.config" if they desire to disable it, otherwise, leave it to the application default of true
Standalone
4.4.3
Amazon Web Services
No response
With Plugins installed and loaded successfully
RETURN apoc.version()
apoc.version()
--
1 | "4.4.0.7"
I try and set apoc.export.file.enabled: "true" using apoc_config as well as env: in my helm chart but neither one seems to affect the running config.
CALL dbms.listConfig()
YIELD name, value, dynamic
WHERE name STARTS WITH 'apoc'
RETURN name, value, dynamic
ORDER BY name;
// LIMIT 3;
name | value | dynamic
-- | -- | --
1 | "apoc.export.file.enabled" | "false" | false
2 | "apoc.import.file.enabled" | "false" | false
3 | "apoc.import.file.use_neo4j_config" | "true" | false
I have verified the environment variable is set:
$ env | grep apoc
NEO4J_apoc_import_file_enabled=true
NEO4J_apoc_export_file_enabled=true
and verified that apoc.conf is generated and mounted in the pod:
$ ls /config
apoc.conf neo4j.conf
$ cat /config/apoc.conf
apoc.export.file.enabled=true
apoc.jdbc.apoctest.url=jdbc:foo:bar
Here is a snippet of the values.yaml that have so far.
config:
dbms.directories.plugins: "/plugins"
dbms.security.procedures.unrestricted: "jwt.security.*,apoc.*,gds.*,n10s.*"
dbms.security.procedures.allowlist: "jwt.security.*,apoc.*,gds.*,n10s.*"
server.config.strict_validation.enabled: "false"
apoc_config:
apoc.export.file.enabled: "true"
apoc.jdbc.apoctest.url: "jdbc:foo:bar"
env:
NEO4J_apoc_import_file_enabled: "true"
NEO4J_apoc_export_file_enabled: "true"Am I missing a key config?
Standalone
4.4.18
Amazon Web Services
No response
If you render the neo4j-standalone helm chart using helm template -f values.yaml neo4j-test .
using a minimal values.yaml:
neo4j:
enabled: true
volumes:
data:
mode: "volume"
volume:
emptyDir:
medium: Memory
it leads to a duplicate mapping key for dbms.directories.import in the ConfigMap
# Source: neo4j-test/charts/neo4j/templates/neo4j-config.yaml
# Default Neo4j config values, these are overridden by user-provided values in neo4j-test-user-config
apiVersion: v1
kind: ConfigMap
metadata:
name: "neo4j-test-default-config"
namespace: "default"
labels:
app: "neo4j"
data:
# Neo4j defaults
dbms.directories.import: import # <---- DUPLICATE
dbms.tx_state.memory_allocation: ON_HEAP
dbms.connector.bolt.enabled: 'true'
dbms.connector.http.enabled: 'true'
dbms.connector.https.enabled: 'false'
dbms.tx_log.rotation.retention_policy: 1 days
dbms.windows_service_name: neo4j
# ...
# Import
dbms.directories.import: "/import" # <---- DUPLICATEwhich is invalid according to the yaml spec and leads to the following error at the cd tool flux:
Helm install failed: error while running post render on files:
map[string]interface {}(nil): yaml: unmarshal errors:
line 38: mapping key "dbms.directories.import" already defined at line 14
(Similar issues at other helm charts with flux: fluxcd/helm-controller#283)
Expected behavior:
Valid yaml with single dbms.directories.import entry in the ConfigMap to allow deplyoment with cd tool flux.
Relevant parts at the helm chart:
helm-charts/neo4j-standalone/templates/neo4j-config.yaml
Lines 74 to 76 in c9c9bcf
helm-charts/neo4j-standalone/templates/neo4j-config.yaml
Lines 130 to 133 in c9c9bcf
helm-charts/neo4j-standalone/neo4j-community.conf
Lines 19 to 22 in c9c9bcf
As a workaround I tried to disable the "import volume" with the following values.yaml entry without any luck, due to merging behavior of helm and the template conditional.
neo4j:
volumes:
import:
enabled: falseor
neo4j:
volumes:
import: {}Tested with neo4j-standalone version 4.4.3 and 4.4.5.
Standalone
4.4.3
Microsoft Azure
Helm install failed: error while running post render on files:
map[string]interface {}(nil): yaml: unmarshal errors:
line 38: mapping key "dbms.directories.import" already defined at line 14The Helm chart doesn't support Tolerations.
On our side, we did a quick fix until then: RecoLabs@1cdf141
I set podSpec.priorityClassName to db-priority, which exists in the cluster, but the chart fails with the following error: PriorityClass db-priority is missing in the cluster
Looks like the current check is trying to find the PriorityClass inside a namespace when it shouldn't:
I'm using the 4.4.11 version of the neo4j-cluster-core chart.
Standalone
4.4.3
Microsoft Azure
No response
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.