Operations

This section describes various operations that are specific to using Neo4j running on Kubernetes.

1. Using APOC core only

APOC core is shipped with Neo4j, but it is not installed in the Neo4j plugins directory. If APOC core is the only plugin that you want to add to Neo4j, it is not necessary to perform plugin installation as described in Install Plugins. Instead, you can configure the helm deployment to use APOC core by upgrading the deployment with this additional setting in the values.yaml file:

config:
  dbms.directories.plugins: "/var/lib/neo4j/labs"
  dbms.security.procedures.unrestricted: "apoc.*"

Once the helm upgrade rollout is complete, check APOC core by running the following cypher query using cypher-shell or Neo4j Browser:

RETURN apoc.version()

2. Install Plugins

There are two recommended methods for adding Neo4j plugins to Neo4j Helm chart deployments. You can use:

2.1. Add plugins using a custom container image

The best method for adding plugins to Neo4j running in Kubernetes is to create a new Docker container image that contains both Neo4j and the Neo4j plugins. This way, you can ensure when building the container that the correct plugin version for the Neo4j version of the container is used, and the resulting image encapsulates all Neo4j runtime dependencies.

Building a Docker container image that is based on the official Neo4j Docker image and does not override the official image’s ENTRYPOINT and COMMAND is the recommended method to use with the Neo4j Helm chart, as shown in this example Dockerfile:

ARG  NEO4J_VERSION
FROM neo4j:{NEO4J_VERSION}

# copy my-plugins into the Docker image
COPY my-plugins/ /var/lib/neo4j/plugins

# install the apoc core plugin that is shipped with Neo4j
RUN cp /var/lib/neo4j/labs/apoc-* /var/lib/neo4j/plugins

Once the docker image has been built, push it to a container repository that is accessible to your Kubernetes cluster.

CONTAINER_REPOSITORY="my-container-repository.io"
IMAGE_NAME="my-neo4j"

# export this so that it's accessible as a docker build arg
export NEO4J_VERSION=4.3.2-enterprise

docker build --build-arg NEO4J_VERSION --tag ${CONTAINER_REPOSITORY}/${IMAGE_NAME}:${NEO4J_VERSION} .
docker push ${CONTAINER_REPOSITORY}/${IMAGE_NAME}:${NEO4J_VERSION}

To use the image that you have created, in the Neo4j Helm deployment’s values.yaml file, set image.customImage to use the image. For more details, see Configure a custom container image.

Many plugins require additional Neo4j configuration to work correctly. Plugin configuration should be set on the config object in the Helm deployment’s values.yaml file. In some cases, plugin configuration can cause Neo4j’s strict config validation to fail. Strict config validation can be disabled by setting dbms.config.strict_validation: "false".

2.2. Add plugins using a plugins volume

An alternative method for adding Neo4j plugins to a Neo4j Helm deployment uses a plugins volume mount. With this method the plugin jar files are stored on a Persistent Volume that is mounted to the /plugins directory of the Neo4j container.

The simplest way to set up a persistent plugins volume is to share the Persistent Volume that is used for storing Neo4j data. This example shows how to configure that in the Neo4j Helm deployment values.yaml file:

# neo4j-values.yaml
volumes:
  data:
    # your data volume configuration
    ...

  plugins:
    mode: "share"
    share:
      name: "data"

Details of different ways to configure volume mounts are covered in Mapping volume mounts to persistent volumes.

The Neo4j container now has an empty /plugins directory backed by a persistent volume. Plugin jar files can be copied on to the volume using kubectl cp. Because it is backed by a persistent volume, plugin files will still persist even if the Neo4j pod is restarted or moved.

Neo4j only loads plugins on startup. Therefore, you have to restart the Neo4j pod to load them once all plugins are in place. For example:

# Copy plugin files into Neo4j container
kubectl cp my-plugins/* <namespace>/<neo4j-pod-name>:/plugins/

# Restart Neo4j
kubectl rollout restart statefulset/<neo4j-statefulset-name>

# Verify plugins are still present after restart
kubectl exec <neo4j-pod-name> -- ls /plugins