diff --git a/modules/ROOT/pages/kubernetes/accessing-neo4j.adoc b/modules/ROOT/pages/kubernetes/accessing-neo4j.adoc index 4539004b4..60adbbad9 100644 --- a/modules/ROOT/pages/kubernetes/accessing-neo4j.adoc +++ b/modules/ROOT/pages/kubernetes/accessing-neo4j.adoc @@ -292,7 +292,7 @@ kubectl get service `-lb-neo4j` -ocustom-columns=ip:.status.loadB kubectl get service -l helm.neo4j.com/service=neo4j,helm.neo4j.com/name= -ocustom-columns=ip:.status.loadBalancer.ingress[].ip ---- -If the Kubernetes `LoadBalancer` implementation that you are using supports setting a static IP, the IP address of the `LoadBalancer` can be configured in the Neo4j Helm release by setting `externalService.loadBalancerIP`. +If the Kubernetes `LoadBalancer` implementation that you are using supports setting a static IP, the IP address of the `LoadBalancer` can be configured in the Neo4j Helm release by setting `services.neo4j.spec.loadBalancerIP`. If a static IP address is not explicitly set, then Kubernetes does not guarantee that a dynamically assigned IP address will not change. When exposing a Neo4j database on the Internet, it is recommended to use a static IP and configure SSL on the exposed services. @@ -307,33 +307,40 @@ The default values are: ---- services: neo4j: - annotations: { } - loadBalancerIP: NULL - ports: - http: - enabled: true - # uncomment to publish http on port 80 (neo4j default is 7474) - # port: 80 - # targetPort: 7474 - # name: http - https: - enabled: true + enabled: true + annotations: { } + spec: + type: LoadBalancer + loadBalancerIP: NULL + ports: + http: + enabled: true # Set this to false to remove HTTP from this service (this does not affect whether http is enabled for the neo4j process) + # uncomment to publish http on port 80 (neo4j default is 7474) + #port: 80 + #targetPort: 7474 + #name: http + #nodePort: , enabled only when type set to NodePort + https: + enabled: true # Set this to false to remove HTTPS from this service (this does not affect whether https is enabled for the neo4j process) # uncomment to publish http on port 443 (neo4j default is 7473) - # port: 443 - # targetPort: 7473 - # name: https - bolt: - enabled: true + #port: 443 + #targetPort: 7473 + #name: https + #nodePort: , enabled only when type set to NodePort + bolt: + enabled: true # Set this to false to remove BOLT from this service (this does not affect whether https is enabled for the neo4j process) # Uncomment to explicitly specify the port to publish Neo4j Bolt (7687 is the default) - # port: 7687 - # targetPort: 7687 - # name: tcp-bolt - backup: - enabled: false + #port: 7687 + #targetPort: 7687 + #name: tcp-bolt + #nodePort: , enabled only when type set to NodePort + backup: + enabled: false # Set this to true to expose backup port externally (n.b. this could have security implications. Backup is not authenticated by default) # Uncomment to explicitly specify the port to publish Neo4j Backup (6362 is the default) - # port: 6362 - # targetPort: 6362 - # name: tcp-backup + #port: 6362 + #targetPort: 6362 + #name: tcp-backup + #nodePort: , enabled only when type set to NodePort ---- Disabling/enabling a port on the `services.neo4j` object removes it from the load balancer but does not affect whether it is disabled/enabled in Neo4j. diff --git a/modules/ROOT/pages/kubernetes/configuration.adoc b/modules/ROOT/pages/kubernetes/configuration.adoc index 18caeb388..5a9c69bd7 100644 --- a/modules/ROOT/pages/kubernetes/configuration.adoc +++ b/modules/ROOT/pages/kubernetes/configuration.adoc @@ -211,7 +211,7 @@ For more information, see xref:kubernetes/security.adoc[Configure SSL]. Some examples of possible K8s configurations:: -* Configure (or disable completely) the Kubernetes LoadBalancer that exposes Neo4j outside the Kubernetes cluster by modifying the `externalService` object in the _values.yml_ file. +* Configure (or disable completely) the Kubernetes LoadBalancer that exposes Neo4j outside the Kubernetes cluster by modifying the `services.neo4j.spec.loadBalancerIP` object in the _values.yml_ file. * Set the `securityContext` used by Neo4j Pods by modifying the `securityContext` object in the _values.yml_ file. * Configure manual persistent volume provisioning or set the `StorageClass` to be used as the Neo4j persistent storage. @@ -269,7 +269,7 @@ neo4j: # The operations pod ends successfully if the server is enabled, or it was already enabled operations: enableServer: false - image: "neo4j/helm-charts-operations:5.25.1" + image: "neo4j/helm-charts-operations:5.26.9" # protocol can be "neo4j or "neo4j+ssc" or "neo4j+s". Default set to neo4j # Note: Do not specify bolt protocol here...it will FAIL. protocol: "neo4j" @@ -283,6 +283,7 @@ neo4j: # Email inquiries can be directed to: licensing@neo4j.com # # Set acceptLicenseAgreement: "yes" to confirm that you have a Neo4j license agreement. + # Set acceptLicenseAgreement: "eval" to use Neo4j Enterprise Edition for evaluation purposes. acceptLicenseAgreement: "no" # # set offlineMaintenanceModeEnabled: true to restart the StatefulSet without the Neo4j process running @@ -508,6 +509,9 @@ services: # If enabled: is set to false, the LoadBalancer will be orphaned and will have to manually deleted post uninstall and the hook job will not be created cleanup: enabled: true + # Pod annotations for the cleanup job + podAnnotations: + sidecar.istio.io/inject: "false" image: registry: docker.io repository: bitnami/kubectl @@ -600,6 +604,8 @@ containerSecurityContext: # Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure. # These values should mark Neo4j as not ready after at most 5 minutes of problems (20 attempts * max 15 seconds between probes) readinessProbe: + tcpSocket: + port: 7687 failureThreshold: 20 timeoutSeconds: 10 periodSeconds: 5 @@ -608,6 +614,8 @@ readinessProbe: # Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure. # These values should trigger a restart after at most 10 minutes of problems (40 attempts * max 15 seconds between probes) livenessProbe: + tcpSocket: + port: 7687 failureThreshold: 40 timeoutSeconds: 10 periodSeconds: 5 @@ -617,6 +625,8 @@ livenessProbe: # When restoring Neo4j from a backup it's important that startup probe gives time for Neo4j to recover and/or upgrade store files # When using Neo4j clusters it's important that startup probe give the Neo4j cluster time to form startupProbe: + tcpSocket: + port: 7687 failureThreshold: 1000 periodSeconds: 5