/
values.yaml
400 lines (340 loc) · 14.8 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
# Default values for Neo4j.
# This is a YAML-formatted file.
## @param nameOverride String to partially override common.names.fullname
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
fullnameOverride: ""
neo4j:
# A common name for all helm deployments that are part of the same Neo4j Cluster
# To deploy multiple Neo4j clusters in the same Kubernetes namespace each Neo4j cluster should have a different name.
name: "neo4j-cluster"
# If password is not set or empty a random password will be generated during installation
password: ""
# Neo4j Clustering requires Enterprise Edition
edition: "enterprise"
#
# To use Neo4j Enterprise Edition you must have a Neo4j license agreement.
#
# More information is also available at: https://neo4j.com/licensing/
# Email inquiries can be directed to: licensing@neo4j.com
#
# Set acceptLicenseAgreement: "yes" to confirm that you have a Neo4j license agreement.
acceptLicenseAgreement: "no"
#
# set offlineMaintenanceModeEnabled: true to restart the StatefulSet without the Neo4j process running
# this can be used to perform tasks that cannot be performed when Neo4j is running such as `neo4j-admin dump`
offlineMaintenanceModeEnabled: false
#
# set resources for the Neo4j Container. The values set will be used for both "requests" and "limit".
resources:
cpu: "1000m"
memory: "2Gi"
#add labels if required
labels:
# Volumes for Neo4j
volumes:
data:
# REQUIRED: specify a volume mode to use for data
# Valid values are share|selector|defaultStorageClass|volume|volumeClaimTemplate|dynamic
# To get up-and-running quickly, for development or testing, use "defaultStorageClass" for a dynamically provisioned volume of the default storage class.
mode: ""
# Only used if mode is set to "selector"
# Will attach to existing volumes that match the selector
selector:
storageClassName: "manual"
accessModes:
- ReadWriteOnce
requests:
storage: 100Gi
# A helm template to generate a label selector to match existing volumes n.b. both storageClassName and label selector must match existing volumes
selectorTemplate:
matchLabels:
app: "{{ .Values.neo4j.name }}"
helm.neo4j.com/volume-role: "data"
# Only used if mode is set to "defaultStorageClass"
# Dynamic provisioning using the default storageClass
defaultStorageClass:
accessModes:
- ReadWriteOnce
requests:
storage: 10Gi
# Only used if mode is set to "dynamic"
# Dynamic provisioning using the provided storageClass
dynamic:
storageClassName: "neo4j"
accessModes:
- ReadWriteOnce
requests:
storage: 100Gi
# Only used if mode is set to "volume"
# Provide an explicit volume to use
volume:
# If set an init container (running as root) will be added that runs:
# `chown -R <securityContext.fsUser>:<securityContext.fsGroup>` AND `chmod -R g+rwx`
# on the volume. This is useful for some filesystems (e.g. NFS) where Kubernetes fsUser or fsGroup settings are not respected
setOwnerAndGroupWritableFilePermissions: false
# Example (using a specific Persistent Volume Claim)
# persistentVolumeClaim:
# claimName: my-neo4j-pvc
# Only used if mode is set to "volumeClaimTemplate"
# Provide an explicit volumeClaimTemplate to use
volumeClaimTemplate: {}
# provide a volume to use for backups
# n.b. backups will be written to /backups on the volume
# any of the volume modes shown above for data can be used for backups
backups:
mode: "share" # share an existing volume (e.g. the data volume)
share:
name: "data"
# provide a volume to use for logs
# n.b. logs will be written to /logs/$(POD_NAME) on the volume
# any of the volume modes shown above for data can be used for logs
logs:
mode: "share" # share an existing volume (e.g. the data volume)
share:
name: "data"
# provide a volume to use for csv metrics (csv metrics are only available in Neo4j Enterprise Edition)
# n.b. metrics will be written to /metrics/$(POD_NAME) on the volume
# any of the volume modes shown above for data can be used for metrics
metrics:
mode: "share" # share an existing volume (e.g. the data volume)
share:
name: "data"
# provide a volume to use for import storage
# n.b. import will be mounted to /import on the underlying volume
# any of the volume modes shown above for data can be used for import
import:
mode: "share" # share an existing volume (e.g. the data volume)
share:
name: "data"
# provide a volume to use for licenses
# n.b. licenses will be mounted to /licenses on the underlying volume
# any of the volume modes shown above for data can be used for licenses
licenses:
mode: "share" # share an existing volume (e.g. the data volume)
share:
name: "data"
#add additional volumes and their respective mounts
#additionalVolumes:
# - name: neo4j1-conf
# emptyDir: {}
#
#additionalVolumeMounts:
# - mountPath: "/config/neo4j1.conf"
# name: neo4j1-conf
#nodeSelector labels
#please ensure the respective labels are present on one of the cluster nodes or else helm charts will throw an error
nodeSelector:
# label1: value1
# label2: value2
# Services for Neo4j
services:
# A ClusterIP service with the same name as the Helm Release name should be used for Neo4j Driver connections originating inside the
# Kubernetes cluster.
default:
# Annotations for the K8s Service object
annotations: { }
# A LoadBalancer Service for external Neo4j driver applications and Neo4j Browser
neo4j:
enabled: false
# if selectCluster=true the neo4j service will select any Neo4j instance with the same neo4j.name and dbms.mode.
# if selectCluster=false the neo4j service will only select this Neo4j instance.
selectCluster: false
# Annotations for the K8s Service object
annotations: { }
spec:
# Type of service.
type: LoadBalancer
# in most cloud environments LoadBalancer type will receive an ephemeral public IP address automatically. If you need to specify a static ip here use:
# loadBalancerIP: ...
# ports to include in neo4j service
ports:
http:
enabled: true #Set this to false to remove HTTP from this service (this does not affect whether http is enabled for the neo4j process)
https:
enabled: true #Set this to false to remove HTTPS from this service (this does not affect whether https is enabled for the neo4j process)
bolt:
enabled: true #Set this to false to remove BOLT from this service (this does not affect whether https is enabled for the neo4j process)
backup:
enabled: false #Set this to true to expose backup port externally (n.b. this could have security implications. Backup is not authenticated by default)
# A service for admin/ops tasks including taking backups
# This service is available even if the deployment is not "ready"
admin:
enabled: true
# Annotations for the admin service
annotations: { }
spec:
type: ClusterIP
# n.b. there is no ports object for this service. Ports are autogenerated based on the neo4j configuration
# A "headless" service for admin/ops and Neo4j cluster-internal communications
# This service is available even if the deployment is not "ready"
internals:
enabled: false
# Annotations for the internals service
annotations: { }
# n.b. there is no ports object for this service. Ports are autogenerated based on the neo4j configuration
# Neo4j Configuration (yaml format)
config:
dbms.mode: "CORE"
dbms.config.strict_validation: "false"
causal_clustering.middleware.akka.allow_any_core_to_bootstrap: "true"
# The amount of memory to use for mapping the store files.
# The default page cache memory assumes the machine is dedicated to running
# Neo4j, and is heuristically set to 50% of RAM minus the Java heap size.
#dbms.memory.pagecache.size: "74m"
#The number of Cypher query execution plans that are cached.
#dbms.query_cache_size: "10"
# Java Heap Size: by default the Java heap size is dynamically calculated based
# on available system resources. Uncomment these lines to set specific initial
# and maximum heap size.
#dbms.memory.heap.initial_size: "317m"
#dbms.memory.heap.max_size: "317m"
#apoc_config:
# apoc.trigger.enabled: "true"
# apoc.jdbc.apoctest.url: "jdbc:foo:bar"
# securityContext defines privilege and access control settings for a Pod or Container. Making sure that we dont run Neo4j as root user.
securityContext:
runAsNonRoot: true
runAsUser: 7474
runAsGroup: 7474
fsGroup: 7474
fsGroupChangePolicy: "Always"
# Readiness probes are set to know when a container is ready to be used.
# Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure.
# These values should mark Neo4j as not ready after at most 5 minutes of problems (20 attempts * max 15 seconds between probes)
readinessProbe:
failureThreshold: 20
timeoutSeconds: 10
periodSeconds: 5
# Liveness probes are set to know when to restart a container.
# Because Neo4j uses Java these values are large to distinguish between long Garbage Collection pauses (which don't require a restart) and an actual failure.
# These values should trigger a restart after at most 10 minutes of problems (40 attempts * max 15 seconds between probes)
livenessProbe:
failureThreshold: 40
timeoutSeconds: 10
periodSeconds: 5
# Startup probes are used to know when a container application has started.
# If such a probe is configured, it disables liveness and readiness checks until it succeeds
# When restoring Neo4j from a backup it's important that startup probe gives time for Neo4j to recover and/or upgrade store files
# When using Neo4j clusters it's important that startup probe give the Neo4j cluster time to form
startupProbe:
failureThreshold: 1000
periodSeconds: 5
# top level setting called ssl to match the "ssl" from "dbms.ssl.policy"
ssl:
# setting per "connector" matching neo4j config
bolt:
privateKey:
secretName: # we set up the template to grab `private.key` from this secret
subPath: # we specify the privateKey value name to get from the secret
publicCertificate:
secretName: # we set up the template to grab `public.crt` from this secret
subPath: # we specify the publicCertificate value name to get from the secret
trustedCerts:
sources: [ ] # a sources array for a projected volume - this allows someone to (relatively) easily mount multiple public certs from multiple secrets for example.
revokedCerts:
sources: [ ] # a sources array for a projected volume
https:
privateKey:
secretName:
subPath:
publicCertificate:
secretName:
subPath:
trustedCerts:
sources: [ ]
revokedCerts:
sources: [ ]
# Kubernetes cluster domain suffix
clusterDomain: "cluster.local"
# Override image settings in Neo4j pod
image:
imagePullPolicy: IfNotPresent
# set a customImage if you want to use your own docker image
# customImage: my-image:my-tag
#imagePullSecrets list
# imagePullSecrets:
# - "demo"
#imageCredentials list for which secret of type docker-registry will be created automatically using the details provided
# registry , username , password , email are compulsory field for an imageCredential , without any , helm chart will throw an error
# imageCredential name should be part of the imagePullSecrets list or else the respective imageCredential will be ignored and no secret creation will be done
# imageCredentials:
# - registry: ""
# username: ""
# password: ""
# email: ""
# name: ""
statefulset:
metadata:
#Annotations for Neo4j StatefulSet
annotations:
# imageregistry: "https://hub.docker.com/"
# demo: alpha
# additional environment variables for the Neo4j Container
env: {}
# Other K8s configuration to apply to the Neo4j pod
podSpec:
#Annotations for Neo4j pod
annotations:
#imageregistry: "https://hub.docker.com/"
#demo: alpha
nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: topology.kubernetes.io/zone
# operator: In
# values:
# - antarctica-east1
# - antarctica-west1
# preferredDuringSchedulingIgnoredDuringExecution:
# - weight: 1
# preference:
# matchExpressions:
# - key: another-node-label-key
# operator: In
# values:
# - another-node-label-value
# Anti Affinity
# If set to true then an anti-affinity rule is applied to prevent database pods with the same `neo4j.name` running on a single Kubernetes node.
# If set to false then no anti-affinity rules are applied
# If set to an object then that object is used for the Neo4j podAntiAffinity
podAntiAffinity: true
#Add tolerations to the Neo4j pod
tolerations:
# - key: "key1"
# operator: "Equal"
# value: "value1"
# effect: "NoSchedule"
# - key: "key2"
# operator: "Equal"
# value: "value2"
# effect: "NoSchedule"
#Priority indicates the importance of a Pod relative to other Pods.
# More Information : https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
priorityClassName: ""
#This indicates that the neo4j instance be included to the loadbalancer. Can be set to exclude to not add the stateful set to loadbalancer
loadbalancer: "include"
# Name of service account to use for the Neo4j Pod (optional)
# this is useful if you want to use Workload Identity to grant permissions to access cloud resources e.g. cloud object storage (AWS S3 etc.)
serviceAccountName: ""
# How long the Neo4j pod is permitted to keep running after it has been signalled by Kubernetes to stop. Once this timeout elapses the Neo4j process is forcibly terminated.
# A large value is used because Neo4j takes time to flush in-memory data to disk on shutdown.
terminationGracePeriodSeconds: 3600
# initContainers for the Neo4j pod
initContainers: [ ]
# additional runtime containers for the Neo4j pod
containers: [ ]
# print the neo4j user password set during install to the `helm install` log
logInitialPassword: true
# Jvm configuration for Neo4j
jvm:
# If true any additional arguments are added after the Neo4j default jvm arguments.
# If false Neo4j default jvm arguments are not used.
useNeo4jDefaultJvmArguments: true
# additionalJvmArguments is a list of strings. Each jvm argument should be a separate element:
additionalJvmArguments: []
# - "-XX:+HeapDumpOnOutOfMemoryError"
# - "-XX:HeapDumpPath=/logs/neo4j.hprof"
# - "-XX:MaxMetaspaceSize=180m"
# - "-XX:ReservedCodeCacheSize=40m"