aura inspired improvements (#40)

neo4j · Jun 10, 2021 · 32b5d4f · 32b5d4f
1 parent 0b93d59
commit 32b5d4f
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 3 deletions.
diff --git a/neo4j/templates/_helpers.tpl b/neo4j/templates/_helpers.tpl
@@ -21,7 +21,7 @@ If no password is set in `Values.neo4j.password` generates a new random password
 {{- define "neo4j.password" -}}
   {{- if not .Values.neo4j.password }}
     {{- $password :=  randAlphaNum 14 }}
-    {{- $secretName := printf "%s-auth" .Release.Name }}
+    {{- $secretName := include "neo4j.appName" . | printf "%s-auth" }}
     {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 
     {{- if $secret }}

diff --git a/neo4j/templates/neo4j-config.yaml b/neo4j/templates/neo4j-config.yaml
@@ -59,6 +59,7 @@ data:
 
   # Other
   dbms.config.strict_validation: "true"
+  dbms.logs.user.stdout_enabled: "false"
 
   {{- if $clusterEnabled }}
   # Clustering
@@ -72,6 +73,9 @@ data:
   causal_clustering.raft_advertised_address: "$(bash -c 'echo ${SERVICE_ADMIN}')"
   causal_clustering.transaction_advertised_address: "$(bash -c 'echo ${SERVICE_ADMIN}')"
   dbms.routing.advertised_address: "$(bash -c 'echo ${SERVICE_ADMIN}')"
+
+  # Other stuff
+  causal_clustering.server_groups: "$(bash -c 'echo pod-${POD_NAME}')"
   {{- end }}
 
   # Logging

diff --git a/neo4j/templates/neo4j-service-account.yaml b/neo4j/templates/neo4j-service-account.yaml
@@ -9,7 +9,7 @@ metadata:
     name: "{{ .Release.Name }}-service-reader"
 rules:
     - apiGroups: [""] # "" indicates the core API group
-      resources: ["services"]
+      resources: ["services", "endpoints"]
       verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/neo4j/templates/neo4j-statefulset.yaml b/neo4j/templates/neo4j-statefulset.yaml
@@ -18,10 +18,25 @@ spec:
     metadata:
       labels:
         app: "{{ template "neo4j.appName" . }}"
+        helm.neo4j.com/pod_category: "neo4j-instance" # used for anti affinity rules
         helm.neo4j.com/instance: "{{ .Release.Name }}"
       annotations:
         "checksum/{{ .Release.Name }}-config": {{ include (print $.Template.BasePath "/neo4j-config.yaml") . | sha256sum }}
     spec:
+      {{- if .Values.podAntiAffinity }}
+      affinity:
+        {{- if kindIs "bool" .Values.podAntiAffinity }}
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchLabels:
+                  app: "{{ template "neo4j.appName" . }}"
+                  helm.neo4j.com/pod_category: "neo4j-instance"
+              topologyKey: kubernetes.io/hostname
+        {{- else }}
+        podAntiAffinity: {{  toYaml .Values.podAntiAffinity | nindent 10 }}
+        {{- end }}
+      {{- end }}
       serviceAccountName: "{{ .Release.Name }}"
       securityContext: {{toYaml .Values.securityContext | nindent 8 }}
       containers:

diff --git a/neo4j/values.yaml b/neo4j/values.yaml
@@ -43,7 +43,6 @@ securityContext:
   runAsGroup: 7474
   fsGroup: 7474
 
-
 # Readiness probes will send a kill signal to the container if
 # it fails enough times.  It's therefore very important
 # that initialDelaySeconds give the cluster time to form, because
@@ -130,3 +129,5 @@ externalService:
       enabled: false #Set this to true to expose backup port externally (n.b. this could have security implications. Backup is not authenticated by default)
 
 clusterDomain: "cluster.local"
+
+podAntiAffinity: true