Access the Neo4j cluster from outside Kubernetes

By default, server-side routing is used for accessing a Neo4j cluster from outside Kubernetes.

Access the Neo4j cluster using a load balancer and Cypher Shell

A LoadBalancer service is created to access a Neo4j cluster from outside Kubernetes.

  1. Check that the LoadBalancer service is available using the neo4j.name used for installation:

    export NEO4J_NAME=my-cluster
    kubectl get service ${NEO4J_NAME}-lb-neo4j
    NAME                  TYPE           CLUSTER-IP     EXTERNAL-IP      PORT(S)                                        AGE
    my-cluster-lb-neo4j   LoadBalancer   10.28.12.119   82.21.42.42      7474:32169/TCP,7473:32145/TCP,7687:32624/TCP   2m1s
  2. Use kubectl describe service to see the service details:

    kubectl describe service ${NEO4J_NAME}-lb-neo4j
    Name:                     my-cluster-lb-neo4j
    Namespace:                neo4j
    Labels:                   app=my-cluster
                              app.kubernetes.io/managed-by=Helm
                              helm.neo4j.com/neo4j.name=my-cluster
                              helm.neo4j.com/service=neo4j
    Annotations:              cloud.google.com/neg: {"ingress":true}
                              meta.helm.sh/release-name: server-1
                              meta.helm.sh/release-namespace: neo4j
    Selector:                 app=my-cluster,helm.neo4j.com/clustering=true,helm.neo4j.com/neo4j.loadbalancer=include
    Type:                     LoadBalancer
    IP Family Policy:         SingleStack
    IP Families:              IPv4
    IP:                       10.28.12.119
    IPs:                      10.28.12.119
    LoadBalancer Ingress:     82.21.42.42
    Port:                     http  7474/TCP
    TargetPort:               7474/TCP
    NodePort:                 http  32169/TCP
    Endpoints:                10.24.0.131:7474,10.24.1.3:7474,10.24.1.67:7474
    Port:                     https  7473/TCP
    TargetPort:               7473/TCP
    NodePort:                 https  32145/TCP
    Endpoints:                10.24.0.131:7473,10.24.1.3:7473,10.24.1.67:7473
    Port:                     tcp-bolt  7687/TCP
    TargetPort:               7687/TCP
    NodePort:                 tcp-bolt  32624/TCP
    Endpoints:                10.24.0.131:7687,10.24.1.3:7687,10.24.1.67:7687
    Session Affinity:         None
    External Traffic Policy:  Local
    HealthCheck NodePort:     30621
    Events:
      Type    Reason                Age    From                Message
      ----    ------                ----   ----                -------
      Normal  EnsuringLoadBalancer  3m11s  service-controller  Ensuring load balancer
      Normal  EnsuredLoadBalancer   2m36s  service-controller  Ensured load balancer

    The load-balancer service can send requests to all cluster servers.

  3. Run cypher-shell from the local machine and connect to the LoadBalancer Ingress address, in the example 82.21.42.42:

    ./cypher-shell -a neo4j://82.21.42.42 -u neo4j -p my-password
    If you don't see a command prompt, try pressing enter.
    Connected to Neo4j using Bolt protocol version 5 at neo4j://82.21.42.42:7687 as user neo4j.
    Type :help for a list of available commands or :exit to exit the shell.
    Note that Cypher queries must end with a semicolon.
  4. Run the Cypher command SHOW DATABASES to verify that all cluster members are online:

    SHOW DATABASES;
    +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | name     | type       | aliases | access       | address                                 | role      | writer | requestedStatus | currentStatus | statusMessage | default | home  | constituents |
    +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    | "neo4j"  | "standard" | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
    | "neo4j"  | "standard" | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
    | "neo4j"  | "standard" | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
    | "system" | "system"   | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
    | "system" | "system"   | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
    | "system" | "system"   | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
    +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
    
    6 rows
    ready to start consuming query after 110 ms, results consumed after another 109 ms
  5. Run the Cypher command SHOW SERVERS to verify that all cluster members are enabled:

    SHOW SERVERS;
    +----------------------------------------------------------------------------------------------------------------------------------+
    | name                                   | address                                 | state     | health      | hosting             |
    +----------------------------------------------------------------------------------------------------------------------------------+
    | "ad5c3cf1-541a-44f8-a19b-28bc36030914" | "server-3.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
    | "cbdebc59-64c2-4542-a041-24a1f051e64f" | "server-1.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
    | "f37e98a7-15ec-4dc4-a6bf-df9e418a7488" | "server-2.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
    +----------------------------------------------------------------------------------------------------------------------------------+
    
    3 rows
    ready to start consuming query after 27 ms, results consumed after another 363 ms

    You can see that the nodes are advertising their internal addresses, but since you connected without using internal addresses, you use server-side routing.

Access the Neo4j cluster using a load balancer and Neo4j Browser

  1. Open a web browser and point it to the LoadBalancer Ingress address and port 7474, in this example, http://82.21.42.42:7474/browser.

  2. Once connected, verify that all databases are up and running using :sysinfo in the Browser Editor:

    :sysinfo

    helm sysinfo