Access the Neo4j cluster from outside Kubernetes
By default, server-side routing is used for accessing a Neo4j cluster from outside Kubernetes.
Access the Neo4j cluster using a load balancer and Cypher Shell
A LoadBalancer service is created to access a Neo4j cluster from outside Kubernetes.
-
Check that the LoadBalancer service is available using the
neo4j.nameused for installation:export NEO4J_NAME=my-cluster kubectl get service ${NEO4J_NAME}-lb-neo4jNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE my-cluster-lb-neo4j LoadBalancer 10.28.12.119 82.21.42.42 7474:32169/TCP,7473:32145/TCP,7687:32624/TCP 2m1s -
Use
kubectl describe serviceto see the service details:kubectl describe service ${NEO4J_NAME}-lb-neo4jName: my-cluster-lb-neo4j Namespace: neo4j Labels: app=my-cluster app.kubernetes.io/managed-by=Helm helm.neo4j.com/neo4j.name=my-cluster helm.neo4j.com/service=neo4j Annotations: cloud.google.com/neg: {"ingress":true} meta.helm.sh/release-name: server-1 meta.helm.sh/release-namespace: neo4j Selector: app=my-cluster,helm.neo4j.com/clustering=true,helm.neo4j.com/neo4j.loadbalancer=include Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 10.28.12.119 IPs: 10.28.12.119 LoadBalancer Ingress: 82.21.42.42 Port: http 7474/TCP TargetPort: 7474/TCP NodePort: http 32169/TCP Endpoints: 10.24.0.131:7474,10.24.1.3:7474,10.24.1.67:7474 Port: https 7473/TCP TargetPort: 7473/TCP NodePort: https 32145/TCP Endpoints: 10.24.0.131:7473,10.24.1.3:7473,10.24.1.67:7473 Port: tcp-bolt 7687/TCP TargetPort: 7687/TCP NodePort: tcp-bolt 32624/TCP Endpoints: 10.24.0.131:7687,10.24.1.3:7687,10.24.1.67:7687 Session Affinity: None External Traffic Policy: Local HealthCheck NodePort: 30621 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuringLoadBalancer 3m11s service-controller Ensuring load balancer Normal EnsuredLoadBalancer 2m36s service-controller Ensured load balancerThe load-balancer service can send requests to all cluster servers.
-
Run
cypher-shellfrom the local machine and connect to theLoadBalancer Ingressaddress, in the example82.21.42.42:./cypher-shell -a neo4j://82.21.42.42 -u neo4j -p my-passwordIf you don't see a command prompt, try pressing enter. Connected to Neo4j using Bolt protocol version 2025.06 at neo4j://82.21.42.42:7687 as user neo4j. Type :help for a list of available commands or :exit to exit the shell. Note that Cypher queries must end with a semicolon. -
Run the Cypher command
SHOW DATABASESto verify that all cluster members are online:SHOW DATABASES;+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | name | type | aliases | access | address | role | writer | requestedStatus | currentStatus | statusMessage | default | home | constituents | +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | "neo4j" | "standard" | [] | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | TRUE | "online" | "online" | "" | TRUE | TRUE | [] | | "neo4j" | "standard" | [] | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | | "neo4j" | "standard" | [] | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | FALSE | "online" | "online" | "" | TRUE | TRUE | [] | | "system" | "system" | [] | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | | "system" | "system" | [] | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE | "online" | "online" | "" | FALSE | FALSE | [] | | "system" | "system" | [] | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | TRUE | "online" | "online" | "" | FALSE | FALSE | [] | +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 6 rows ready to start consuming query after 110 ms, results consumed after another 109 ms -
Run the Cypher command
SHOW SERVERSto verify that all cluster members are enabled:SHOW SERVERS;+----------------------------------------------------------------------------------------------------------------------------------+ | name | address | state | health | hosting | +----------------------------------------------------------------------------------------------------------------------------------+ | "ad5c3cf1-541a-44f8-a19b-28bc36030914" | "server-3.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] | | "cbdebc59-64c2-4542-a041-24a1f051e64f" | "server-1.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] | | "f37e98a7-15ec-4dc4-a6bf-df9e418a7488" | "server-2.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] | +----------------------------------------------------------------------------------------------------------------------------------+ 3 rows ready to start consuming query after 27 ms, results consumed after another 363 msYou can see that the nodes are advertising their internal addresses, but since you connected without using internal addresses, you use server-side routing.
Access the Neo4j cluster using a load balancer and Neo4j Browser
-
Open a web browser and point it to the
LoadBalancer Ingressaddress and port7474, in this example, http://82.21.42.42:7474/browser. -
Once connected, verify that all databases are up and running using
:sysinfoin the Browser Editor::sysinfo