Skip to content

adding support for workload identity in neo4j admin backup #1131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 24, 2023
Merged

adding support for workload identity in neo4j admin backup #1131

merged 4 commits into from
Oct 24, 2023

Conversation

@renetapopova
Copy link
Collaborator

No description provided.

@neo-technology-commit-status-publisher
Copy link
Collaborator

neo-technology-commit-status-publisher commented Oct 20, 2023
edited
Loading

Thanks for the documentation updates.

The preview documentation has now been torn down - reopening this PR will republish it.

harshitsinghvi22
harshitsinghvi22 suggested changes Oct 20, 2023
View reviewed changes
harshitsinghvi22
harshitsinghvi22 suggested changes Oct 20, 2023
View reviewed changes
harshitsinghvi22
harshitsinghvi22 suggested changes Oct 20, 2023
View reviewed changes
@renetapopova renetapopova force-pushed the 5.13-workload-identity branch from 4271d00 to a60b0f2 Compare October 21, 2023 15:21
harshitsinghvi22
harshitsinghvi22 suggested changes Oct 24, 2023
View reviewed changes
modules/ROOT/pages/kubernetes/operations/backup-restore.adoc Outdated
==== Configure the _backup-values.yaml_ file using service account workload identity integration

In some deployment situations, it may be desirable to assign a Kubernetes Service Account to the Neo4j backup pod.
For example, if processes in the pod want to connect to services that require Service Account authorization.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For example , a service account with workload identity if you want to use workload identity integration to access the cloud provider bucket.

You can use the above line instead of if processes....

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it doesn't say why it is desirable... How about something like this:
"In certain situations, it may be useful to assign a Kubernetes Service Account with workload identity integration to the Neo4j backup pod. This is particularly relevant when you want to improve security and have more precise access control for the pod. Doing so ensures that secure access to resources is granted based on the pod's identity within the cloud ecosystem."

modules/ROOT/pages/kubernetes/operations/backup-restore.adoc

[.tabbed-example]
=====
[.include-with-gke]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

serviceAccountName field is not part of neo4j ..and keep secretNAme and secretKeyName empty for serviceAccount with workload identity examples

neo4j:
  image: "neo4j/helm-charts-backup"
  imageTag: "5.13.0"
  jobSchedule: "* * * * *"
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 1
  backoffLimit: 3
backup:
  bucketName: "my-bucket"
  databaseAdminServiceName:  "standalone-admin" #This is the Neo4j Admin Service name.
  database: "neo4j,system"
  cloudProvider: "gcp"
  secretName: ""
  secretKeyName: ""
consistencyCheck:
  enabled: true
serviceAccountName: "demo-service-account"

@renetapopova renetapopova merged commit 0825b29 into neo4j:dev Oct 24, 2023
@renetapopova renetapopova deleted the 5.13-workload-identity branch October 24, 2023 10:26
renetapopova added a commit to renetapopova/docs-operations that referenced this pull request Oct 24, 2023
@renetapopova
adding support for workload identity in neo4j admin backup (neo4j#1131)
cbbf86e
@renetapopova renetapopova mentioned this pull request Oct 24, 2023
Merged
renetapopova added a commit that referenced this pull request Oct 24, 2023
@renetapopova
adding support for workload identity in neo4j admin backup (#1131) (#…
c393a8c 
…1154)

Cherry-picks #1131
renetapopova added a commit to renetapopova/docs-operations that referenced this pull request Oct 24, 2023
@renetapopova
adding support for workload identity in neo4j admin backup (neo4j#1131)
1e6ad08
@renetapopova renetapopova mentioned this pull request Oct 24, 2023
Merged
renetapopova added a commit that referenced this pull request Oct 25, 2023
@renetapopova
4.4 workload identity (#1157)
c763e5e 
Cherry-picks #1131 and updates the version and the yaml file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@harshitsinghvi22 harshitsinghvi22 harshitsinghvi22 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

5.13 cherry-pick-this-to-4.4 cherry-pick-this-to-5.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renetapopova @neo-technology-commit-status-publisher @harshitsinghvi22