neo4j-kubernetes-operator/examples/end-to-end/complete-deployment.yaml at v1.2.0-alpha · neo4j-partners/neo4j-kubernetes-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
# End-to-End Neo4j Deployment Example
# This example demonstrates a complete production-ready deployment with:
# - Neo4j Enterprise Cluster with TLS
# - Database creation with topology constraints
# - Automated backups to cloud storage
# - Monitoring and alerting setup

---
# Namespace for the deployment
apiVersion: v1
kind: Namespace
metadata:
  name: neo4j-production
---
# Admin credentials secret
apiVersion: v1
kind: Secret
metadata:
  name: neo4j-admin-secret
  namespace: neo4j-production
type: Opaque
stringData:
  username: neo4j
  password: changeme-to-secure-password
---
# Backup credentials for S3
apiVersion: v1
kind: Secret
metadata:
  name: s3-backup-credentials
  namespace: neo4j-production
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: your-access-key
  AWS_SECRET_ACCESS_KEY: your-secret-key
  AWS_DEFAULT_REGION: us-east-1
---
# Neo4j Enterprise Cluster
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jEnterpriseCluster
metadata:
  name: production-cluster
  namespace: neo4j-production
spec:
  image:
    repo: neo4j
    tag: "5.26.0-enterprise"  # or "2025.01.0-enterprise" for CalVer

  # High availability topology
  topology:
    servers: 5  # 5 servers will self-organize into primary/secondary roles
    placement:
      topologyKey: topology.kubernetes.io/zone
      mode: preferred
    availabilityZones:
      - us-east-1a
      - us-east-1b
      - us-east-1c

  # TLS configuration
  tls:
    mode: cert-manager
    issuerRef:
      name: letsencrypt-prod
      kind: ClusterIssuer

  # Authentication
  auth:
    adminSecret: neo4j-admin-secret
    provider: native
    passwordPolicy:
      minLength: 12
      requireDigit: true
      requireSymbol: true

  # Storage configuration
  storage:
    className: fast-ssd
    size: 100Gi

  # Resource allocation
  resources:
    requests:
      cpu: "2"
      memory: "8Gi"
    limits:
      cpu: "4"
      memory: "16Gi"

  # JVM and Neo4j configuration
  configMap:
    data:
      # JVM settings
      server.memory.heap.initial_size: "4G"
      server.memory.heap.max_size: "4G"
      server.memory.pagecache.size: "8G"

      # Query performance
      db.query.timeout: "300s"
      db.transaction.timeout: "300s"

      # Clustering settings
      dbms.cluster.minimum_initial_system_primaries_count: "2"
      dbms.cluster.discovery.log_level: "INFO"

  # Monitoring
  monitoring:
    enabled: true
    endpoints:
      metrics: true
      logs: true
    serviceMonitor:
      enabled: true
      interval: 30s
---
# Create main database with topology constraints
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jDatabase
metadata:
  name: main-database
  namespace: neo4j-production
spec:
  clusterRef: production-cluster
  name: maindb
  wait: true
  ifNotExists: true

  # Topology distribution
  topology:
    primaries: 3
    secondaries: 2

  # Database options
  options:
    txLogEnrichment: "FULL"

  # Initial schema and indexes
  initialData:
    source: cypher
    cypherStatements:
      - "CREATE CONSTRAINT user_email_unique IF NOT EXISTS ON (u:User) ASSERT u.email IS UNIQUE"
      - "CREATE INDEX user_created_index IF NOT EXISTS FOR (u:User) ON (u.createdAt)"
      - "CREATE INDEX product_name_index IF NOT EXISTS FOR (p:Product) ON (p.name)"
---
# Analytics database (Neo4j 2025.x with Cypher 25)
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jDatabase
metadata:
  name: analytics-database
  namespace: neo4j-production
spec:
  clusterRef: production-cluster
  name: analytics
  wait: true
  ifNotExists: true

  # For Neo4j 2025.x - use modern Cypher
  defaultCypherLanguage: "25"

  topology:
    primaries: 2
    secondaries: 1
---
# Automated daily backups
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jBackup
metadata:
  name: daily-backup
  namespace: neo4j-production
spec:
  target:
    kind: Cluster
    name: production-cluster
    namespace: neo4j-production

  # Daily at 2 AM UTC
  schedule:
    cron: "0 2 * * *"

  # S3 storage
  storage:
    type: s3
    bucket: my-neo4j-backups
    path: "production/daily"
    cloud:
      credentialsSecret: s3-backup-credentials
      region: us-east-1

  # Backup options
  options:
    backupType: "AUTO"  # Automatically choose FULL or DIFF
    compress: true
    pageCache: "2G"     # Dedicated page cache for backup

  # Retention policy
  retention:
    maxAge: "30d"
    maxCount: 30
    deletePolicy: Delete
---
# Weekly full backup
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jBackup
metadata:
  name: weekly-full-backup
  namespace: neo4j-production
spec:
  target:
    kind: Cluster
    name: production-cluster
    namespace: neo4j-production

  # Weekly on Sunday at 3 AM UTC
  schedule:
    cron: "0 3 * * 0"

  storage:
    type: s3
    bucket: my-neo4j-backups
    path: "production/weekly"
    cloud:
      credentialsSecret: s3-backup-credentials
      region: us-east-1

  options:
    backupType: "FULL"  # Force full backup
    compress: true

  retention:
    maxAge: "90d"
    maxCount: 12
---
# Install APOC plugin
apiVersion: neo4j.neo4j.com/v1alpha1
kind: Neo4jPlugin
metadata:
  name: apoc-plugin
  namespace: neo4j-production
spec:
  # References the cluster defined above
  clusterRef: production-cluster

  # Plugin configuration
  name: apoc
  version: "5.26.0"
  enabled: true

  # Plugin source
  source:
    type: official

  # APOC configuration (Neo4j 5.26+ uses environment variables)
  config:
    "apoc.export.file.enabled": "true"
    "apoc.import.file.enabled": "true"
    "apoc.trigger.enabled": "true"
---
# Monitoring service
apiVersion: v1
kind: Service
metadata:
  name: neo4j-metrics
  namespace: neo4j-production
  labels:
    app: neo4j
    monitoring: prometheus
spec:
  selector:
    neo4j.com/cluster: production-cluster
  ports:
    - name: metrics
      port: 2004
      targetPort: 2004
---
# ServiceMonitor for Prometheus Operator
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: neo4j-cluster-monitor
  namespace: neo4j-production
spec:
  selector:
    matchLabels:
      app: neo4j
  endpoints:
    - port: metrics
      interval: 30s
      path: /metrics