This directory contains examples for creating and managing Neo4j databases using the Neo4j Kubernetes Operator.
- Simple Database: See
../database/database-with-topology.yaml- Database with specified topology - Neo4j 2025.x Database: See
../database/database-2025x.yaml- Database using Neo4j 2025.x features - Note: Basic database creation examples are shown in the main user guide
The seed URI feature allows creating databases from existing backups stored in cloud storage or accessible via HTTP/FTP.
database-from-s3-seed.yaml- Amazon S3 with explicit credentialsdatabase-from-gcs-seed.yaml- Google Cloud Storage with workload identitydatabase-from-azure-seed.yaml- Azure Blob Storage (key + SAS token methods)
database-from-http-seed.yaml- HTTP/HTTPS/FTP with authentication
database-dump-vs-backup-seed.yaml- Performance comparison between .dump and .backup formats
-
System-Wide Authentication (Recommended)
- AWS: IAM roles, instance profiles
- GCP: Workload identity, service accounts
- Azure: Managed identities
-
Explicit Credentials
- Kubernetes secrets with cloud credentials
- HTTP basic authentication
- Point-in-time recovery (Neo4j 2025.x)
- Compression options (gzip, lz4, none)
- Validation modes (strict, lenient)
- Custom buffer sizes
- Primary/secondary server distribution
- Capacity validation against cluster topology
- Performance optimization warnings
kubectl apply -f ../clusters/minimal-cluster.yaml# Create credentials secret (replace with your values)
kubectl create secret generic s3-credentials \
--from-literal=AWS_ACCESS_KEY_ID=your-access-key \
--from-literal=AWS_SECRET_ACCESS_KEY=your-secret-key
# Create database from seed
kubectl apply -f database-from-s3-seed.yaml# Check database status
kubectl get neo4jdatabase sales-database-from-s3
# View detailed status
kubectl describe neo4jdatabase sales-database-from-s3
# Connect to Neo4j and verify
kubectl port-forward svc/production-cluster-client 7474:7474 &
# Open http://localhost:7474 and run: SHOW DATABASES- Restoring large datasets (>1GB)
- Need point-in-time recovery
- Performance is critical
- Using Neo4j Enterprise exclusively
- Cross-version compatibility needed
- Human-readable format preferred
- Small datasets (<100MB)
- Migrating from Community Edition
-
Prefer System-Wide Authentication
# Good: No explicit credentials seedURI: "s3://my-backups/database.backup" # seedCredentials: null (uses IAM roles)
-
Use Least Privilege Permissions
- Grant minimal S3/GCS/Azure permissions
- Use read-only access for backup restoration
- Implement bucket/container policies
-
Rotate Credentials Regularly
- Update Kubernetes secrets periodically
- Use temporary credentials when possible
- Monitor credential usage
-
Optimize Seed Configuration
seedConfig: config: compression: "lz4" # Fast compression bufferSize: "256MB" # Large buffer for big files validation: "lenient" # Skip intensive validation
-
Choose Appropriate Topology
topology: primaries: 2 # Multiple primaries for write scale secondaries: 2 # Read replicas for query scale
-
Monitor Resource Usage
options: "dbms.memory.heap.max_size": "4g" "dbms.memory.pagecache.size": "2g"
- Credential errors: Check secret contents and IAM permissions
- URI access failures: Verify backup file exists and is accessible
- Topology validation: Ensure database topology fits cluster capacity
- Performance issues: Consider .backup format and larger buffer sizes
# View operator logs
kubectl logs -n neo4j-operator-system -l app.kubernetes.io/name=neo4j-operator
# Check database events
kubectl get events --field-selector involvedObject.name=my-database
# Test backup access
kubectl run test-pod --rm -it --image=amazon/aws-cli \
-- aws s3 ls s3://my-bucket/backup.backup- Seed URI Feature Guide - Comprehensive feature documentation
- Neo4j CloudSeedProvider Documentation - Official Neo4j documentation
- Cluster Examples - Neo4j cluster configuration examples