From 99de33582711157ff417f740c8d74db3c445367b Mon Sep 17 00:00:00 2001 From: davidlrosenblum Date: Mon, 4 Dec 2023 13:31:14 -0500 Subject: [PATCH 1/2] Update plugins.adoc Removed the section where we installed apoc with the env ["apoc"]. This is not needed if we are just pointing to the file in labs. --- modules/ROOT/pages/kubernetes/plugins.adoc | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/plugins.adoc b/modules/ROOT/pages/kubernetes/plugins.adoc index 014446f71..6866ee483 100644 --- a/modules/ROOT/pages/kubernetes/plugins.adoc +++ b/modules/ROOT/pages/kubernetes/plugins.adoc @@ -3,7 +3,7 @@ [[operations-using-apoc-core]] == Configure and install APOC core only -APOC core is shipped with Neo4j, but it is not installed in the Neo4j _plugins_ directory. +APOC core is shipped with Neo4j, but it is not installed in the Neo4j _plugins_ directory. In this example we will merely point to the location of the core apoc library in the labs directory. If APOC core is the _only_ plugin that you want to add to Neo4j, it is not necessary to perform plugin installation as described in xref:kubernetes/configuration.adoc#operations-installing-plugins[Install Plugins]. Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with these additional settings in the _values.yaml_ file: @@ -14,12 +14,12 @@ For example: ---- config: server.directories.plugins: "/var/lib/neo4j/labs" - dbms.security.procedures.unrestricted: "apoc.cypher.doIt" + dbms.security.procedures.unrestricted: "apoc.*" server.config.strict_validation.enabled: "false" - dbms.security.procedures.allowlist: "apoc.math.maxInteger,apoc.cypher.doIt" + dbms.security.procedures.allowlist: "apoc.math.*,apoc.cypher.*" ---- + -. Under `apoc_config`, configure the APOC settings that you want, for example: +. Under `apoc_config`, configure the APOC (i.e apoc.conf) settings that you want, for example: + [source, yaml] ---- @@ -29,14 +29,6 @@ apoc_config: apoc.import.file.enabled: "true" ---- -. Under `env`, set the `NEO4J_PLUGINS` variable to `'["apoc"]'`, for example: -+ -[source, yaml] ----- -env: - NEO4J_PLUGINS: '["apoc"]' ----- - . Run `helm upgrade` to apply the changes: + [source, shell] From 6e687b24f0d9963af47d5210c7ffddeb95a35a1e Mon Sep 17 00:00:00 2001 From: Reneta Popova Date: Wed, 6 Dec 2023 12:03:53 +0000 Subject: [PATCH 2/2] editorial updates --- modules/ROOT/pages/kubernetes/plugins.adoc | 158 ++++++++++----------- 1 file changed, 78 insertions(+), 80 deletions(-) diff --git a/modules/ROOT/pages/kubernetes/plugins.adoc b/modules/ROOT/pages/kubernetes/plugins.adoc index 6866ee483..cc109c77b 100644 --- a/modules/ROOT/pages/kubernetes/plugins.adoc +++ b/modules/ROOT/pages/kubernetes/plugins.adoc @@ -1,80 +1,5 @@ = Plugins -[[operations-using-apoc-core]] -== Configure and install APOC core only - -APOC core is shipped with Neo4j, but it is not installed in the Neo4j _plugins_ directory. In this example we will merely point to the location of the core apoc library in the labs directory. -If APOC core is the _only_ plugin that you want to add to Neo4j, it is not necessary to perform plugin installation as described in xref:kubernetes/configuration.adoc#operations-installing-plugins[Install Plugins]. -Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with these additional settings in the _values.yaml_ file: - -. Configure APOC core by loading and unresticting the functions and procedures you need (for more details see link:{neo4j-docs-base-uri}/apoc/{page-version}/installation/#restricted[APOC installation guide]). -For example: -+ -[source, yaml] ----- -config: - server.directories.plugins: "/var/lib/neo4j/labs" - dbms.security.procedures.unrestricted: "apoc.*" - server.config.strict_validation.enabled: "false" - dbms.security.procedures.allowlist: "apoc.math.*,apoc.cypher.*" ----- -+ -. Under `apoc_config`, configure the APOC (i.e apoc.conf) settings that you want, for example: -+ -[source, yaml] ----- -apoc_config: - apoc.trigger.enabled: "true" - apoc.jdbc.neo4j.url: "jdbc:foo:bar" - apoc.import.file.enabled: "true" ----- - -. Run `helm upgrade` to apply the changes: -+ -[source, shell] ----- -helm upgrade neo4j/neo4j -f values.yaml ----- - -. After the Helm upgrade rollout is complete, verify that APOC core has been configured by running the following Cypher query using `cypher-shell` or Neo4j Browser: -+ -[source, cypher] ----- -RETURN apoc.version() ----- - -== Configure credentials for plugin's aliases using APOC-extended - -From 5.11, the Neo4j Helm chart supports configuring credentials for the plugin's aliases using a Kubernetes secret mounted on the provided path. -This feature is available `apoc.jdbc..url` and `apoc.es..url` via -APOC-extended. - -[NOTE] -==== -The secret must be created beforehand and must contain the key-named `URL`, otherwise, the Helm chart throws an error. For example: -`kubectl create secret generic jdbcsecret --from-literal=URL="jdbc:mysql://30.0.0.0:3306/Northwind?user=root&password=password"` -==== - -Under `apoc_credentials`, configure `aliasName`, `secretName`, and `secretMountPath`. -For example: - -[source, yaml] ----- -apoc_credentials: {} -# jdbc: -# aliasName: "jdbc" -# secretName: "jdbcsecret" -# secretMountPath: "/secret/jdbcCred" -# -# elasticsearch: -# aliasName: "es" -# secretName: "essecret" -# secretMountPath: "/secret/esCred" ----- - -[[operations-installing-plugins]] -== Install Plugins - There are three recommended methods for adding Neo4j plugins to Neo4j Helm chart deployments. You can use: @@ -83,12 +8,12 @@ You can use: * <>. [[automatic-plugin-download]] -=== Add plugins using an automatic plugin download +== Add plugins using an automatic plugin download You can configure the Neo4j deployment to automatically download and install plugins. If licenses are required for the plugins, you must provide the licenses in a secret. -==== Install GDS Community Edition (CE) +=== Install GDS Community Edition (CE) GDS Community Edition does not require a license. To add the GDS CE, configure the Neo4j _values.yaml_ and set the `env` to download the plugins: @@ -108,7 +33,7 @@ config: dbms.security.procedures.unrestricted: "gds.*" ---- -==== Install GDS Enterprise Edition (EE) and Bloom plugins +=== Install GDS Enterprise Edition (EE) and Bloom plugins To install GDS EE and Bloom, you must provide a license for each plugin. You provide the licenses in a Kubernetes secret. @@ -152,7 +77,7 @@ config: ---- [[custom-container]] -=== Add plugins using a custom container image +== Add plugins using a custom container image The best method for adding plugins to Neo4j running in Kubernetes is to create a new Docker container image that contains both Neo4j and the Neo4j plugins. This way, you can ensure when building the container that the correct plugin version for the Neo4j version of the container is used and that the resulting image encapsulates all Neo4j runtime dependencies. @@ -203,7 +128,7 @@ Strict config validation can be disabled by setting `server.config.strict_valida ==== [[plugins-volume]] -=== Add plugins using a plugins volume +== Add plugins using a plugins volume An alternative method for adding Neo4j plugins to a Neo4j Helm deployment uses a `plugins` volume mount. With this method, the plugin jar files are stored on a Persistent Volume that is mounted to the `/plugins` directory of the Neo4j container. @@ -256,3 +181,76 @@ kubectl rollout restart statefulset/ # Verify plugins are still present after restart kubectl exec -- ls /plugins ---- + +[[operations-using-apoc-core]] +== Configure and install APOC core only + +APOC core library is shipped with Neo4j and is located in the _labs_ folder. + +If APOC core is the _only_ plugin that you want to add to Neo4j, it is not necessary to perform plugin installation as described above. +Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with these additional settings in the _values.yaml_ file: + +. Configure APOC core by directly pointing to the location of the APOC core library in the _labs_ folder and by loading and unrestricting the functions and procedures you need (for more details see link:{neo4j-docs-base-uri}/apoc/{page-version}/installation/#restricted[APOC installation guide]). +For example: ++ +[source, yaml] +---- +config: + server.directories.plugins: "/var/lib/neo4j/labs" + dbms.security.procedures.unrestricted: "apoc.*" + server.config.strict_validation.enabled: "false" + dbms.security.procedures.allowlist: "apoc.math.*,apoc.cypher.*" +---- ++ +. Under `apoc_config`, configure the APOC settings that you want, for example: ++ +[source, yaml] +---- +apoc_config: + apoc.trigger.enabled: "true" + apoc.jdbc.neo4j.url: "jdbc:foo:bar" + apoc.import.file.enabled: "true" +---- + +. Run `helm upgrade` to apply the changes: ++ +[source, shell] +---- +helm upgrade neo4j/neo4j -f values.yaml +---- + +. After the Helm upgrade rollout is complete, verify that APOC core has been configured by running the following Cypher query using `cypher-shell` or Neo4j Browser: ++ +[source, cypher] +---- +RETURN apoc.version() +---- + +== Configure credentials for the plugin's aliases using APOC-extended + +From 5.11, the Neo4j Helm chart supports configuring credentials for the plugin's aliases using a Kubernetes secret mounted on the provided path. +This feature is available `apoc.jdbc..url` and `apoc.es..url` via +APOC-extended. + +[NOTE] +==== +The secret must be created beforehand and must contain the key-named `URL`, otherwise, the Helm chart throws an error. For example: +`kubectl create secret generic jdbcsecret --from-literal=URL="jdbc:mysql://30.0.0.0:3306/Northwind?user=root&password=password"` +==== + +Under `apoc_credentials`, configure `aliasName`, `secretName`, and `secretMountPath`. +For example: + +[source, yaml] +---- +apoc_credentials: {} +# jdbc: +# aliasName: "jdbc" +# secretName: "jdbcsecret" +# secretMountPath: "/secret/jdbcCred" +# +# elasticsearch: +# aliasName: "es" +# secretName: "essecret" +# secretMountPath: "/secret/esCred" +---- \ No newline at end of file