Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Neo4J browser #768

Merged
merged 7 commits into from
Sep 11, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions applications/neo4j/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
helm-charts
22 changes: 22 additions & 0 deletions applications/neo4j/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Neo4j browser helm chart

Enable this application to deploy a Neo4j server with the neo4j browser enabled.

## How to use
The browser will be enabled at neo4j.[DOMAIN].
filippomc marked this conversation as resolved.
Show resolved Hide resolved

![Neo4j browser login](docs/browser-login.png)

The default credentials are set in the [application configuration file](deploy/values.yaml).

It is recommended to change the password during the first login, such as:

```
ALTER USER default SET PASSWORD '<new-password>'
```

## Implementation
This implementation uses the Neo4j reverse proxy server to enable usage via Ingress and http(s).

For more information, see https://neo4j.com/docs/operations-manual/current/kubernetes/accessing-neo4j-ingress/

37 changes: 37 additions & 0 deletions applications/neo4j/deploy/templates/reverseProxyServer.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.apps.neo4j.harness.deployment.name }}
labels:
app: {{ .Values.apps.neo4j.harness.deployment.name }}
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Values.apps.neo4j.harness.deployment.name }}
template:
metadata:
name: {{ .Values.apps.neo4j.harness.deployment.name }}
labels:
name: {{ .Values.apps.neo4j.harness.deployment.name }}
app: {{ .Values.apps.neo4j.harness.deployment.name }}
spec:
securityContext: {{ toYaml .Values.apps.neo4j.reverseProxy.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Values.apps.neo4j.harness.deployment.name }}
image: {{ .Values.apps.neo4j.reverseProxy.image }}
imagePullPolicy: Always
securityContext: {{ toYaml .Values.apps.neo4j.reverseProxy.containerSecurityContext | nindent 12 }}
ports:
- containerPort: {{ .Values.apps.neo4j.harness.deployment.port }}
env:
- name: SERVICE_NAME
value: {{ .Values.apps.neo4j.harness.database.name }}
- name: PORT
value: {{ .Values.apps.neo4j.harness.deployment.port | quote }}
- name: DOMAIN
value: {{ .Values.apps.neo4j.reverseProxy.domain | default "cluster.local" }}
- name: NAMESPACE
value: {{ .Release.Namespace }}
---
41 changes: 41 additions & 0 deletions applications/neo4j/deploy/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
harness:
subdomain: neo4j
database:
auto: true
name: neo4j-db
type: neo4j
user: default
pass: default
deployment:
auto: false
service:
auto: true
# Parameters for reverse proxy
reverseProxy:
image: "neo4j/helm-charts-reverse-proxy:5.23"

# Name of the kubernetes service. This service should have the ports 7474 and 7687 open.
# This could be the admin service ex: "standalone-admin" or the loadbalancer service ex: "standalone" created via the neo4j helm chart
# serviceName , namespace , domain together will form the complete k8s service url. Ex: standalone-admin.default.svc.cluster.local
# When used against a cluster ensure the service being used is pointing to all the cluster instances.
# This could be the loadbalancer from neo4j helm chart or the headless service installed via neo4j-headless-service helm chart
serviceName: ""
# default is set to cluster.local
domain: "cluster.local"

# securityContext defines privilege and access control settings for a Container. Making sure that we dont run Neo4j as root user.
containerSecurityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 7474
runAsGroup: 7474
capabilities:
drop:
- all

podSecurityContext:
runAsNonRoot: true
runAsUser: 7474
runAsGroup: 7474
fsGroup: 7474
fsGroupChangePolicy: "Always"
Binary file added applications/neo4j/docs/browser-login.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,6 @@
value: {{ .app.harness.database.neo4j.memory.heap.max }}
- name: NEO4J_dbms_security_auth__enabled
value: {{ .app.harness.database.neo4j.dbms_security_auth_enabled | quote }}
- name: NEO4J_auth
value: {{ .app.harness.database.user }}/{{ .app.harness.database.pass }}
{{- end }}
2 changes: 1 addition & 1 deletion deployment-configuration/helm/templates/auto-database.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ metadata:
app: {{ .app.harness.deployment.name | quote }}
{{ include "deploy_utils.labels" .root | indent 4 }}
spec:
type: ClusterIP
type: {{ if .app.harness.database.expose }}LoadBalancer{{ else }}ClusterIP{{ end }}
selector:
app: {{ .app.harness.database.name | quote }}
ports:
Expand Down
4 changes: 3 additions & 1 deletion deployment-configuration/value-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,8 @@ harness:
pass: metacell
# -- image ref for referencing images from the build, e.g. image_ref: myownpgimage
image_ref:
# -- expose database to the public with ingress
expose: false
# -- settings for mongo database (for type==mongo)
mongo:
image: mongo:5
Expand All @@ -90,7 +92,7 @@ harness:
port: 5432
# -- settings for neo4j database (for type==neo4j)
neo4j:
image: neo4j:4.1.9
image: neo4j:5
memory:
size: 256M
pagecache:
Expand Down
22 changes: 21 additions & 1 deletion docs/applications/databases.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ harness:

`image_ref`: Optional setting, used for referencing a base/static image from the build. The complete image name with tag will automagically being generated from the values.yaml file. This setting overrides the `image` setting specific for the database type (e.g. postgres/image). Note: the referenced image must be included as a build dependency in order to be built by the pipelines.

`expose`: This option allows you to expose the database port through a load balancer.
Do not use on production!


### Specific database settings

Expand Down Expand Up @@ -91,7 +94,24 @@ harness

#### Neo4j

Not yet supported!
Defaults:
```yaml
harness
database:
neo4j:
dbms_security_auth_enabled: "false"
image: neo4j:5
memory:
heap: { initial: 64M, max: 128M }
pagecache: { size: 64M }
size: 256M
ports:
- { name: http, port: 7474 }
- { name: bolt, port: 7687 }
```

Not that the default resource values are not optimized and increasing the default memory is recommended for production.
Mapping memory configuration with Kubernetes resource requests is also recommended.

## Programmatic API

Expand Down
Loading