How to use Neo4j Tooling in conjunction with Kubernetes

Neo4j Browser

In order to use Neo4j Browser you must follow the external exposure instructions which provide a walk-through of how to make your cluster available on the Internet.

Neo4j browser is available on port 7474 of any of the hostnames described above. However, because of the network environment that the cluster is in, hosts in the neo4j cluster advertise themselves with private internal DNS that is not resolvable from outside of the cluster.

Additionally, to use secure communications, configuration of HTTPS and SSL certificates is recommended.

Cypher Shell

Upon deploying the helm chart, you will be given a command that can be used to connect to the cluster. This will schedule a new Neo4j pod to run called "cypher-shell" and invoke that command to connect. See NOTES.txt for an example.

Please consult standard Neo4j documentation on the many other usage options present, once you have a basic bolt client and cypher shell capability.

Neo4j-Admin Import

Matt Cockayne has published the following blog post about how to use kubernetes initContainers to run neo4j-admin import and pre-load data in images from CSV, rather than backup sets.

More generally - the technique he uses is the one that’s recommended for any and all other Neo4j shell utilities. Rather than building a custom Docker image, it’s recommended that you run a shell script inside of an initContainer to do whatever shell operations are necessary to prepare the data volume prior to the Neo4j’s container start.


The Neo4j Docker container can take an extra environment variable NEO4JLABS_PLUGINS that pre-installs the most common plugins. The helm chart in turn has a parameter plugins that lets you specify this value.

The value must be a valid JSON array of plugin names. The list of valid names can be found here but include APOC, Graph Data Science, Neo4j Streams (Kafka integration) and others.

The way this mechanism works is that each plugin publishes a versions.json file that allows the Neo4j Docker container to determine at runtime which version of the plugin JAR to download and put in place.

This plugin approach requires the ability for your containers to download files, which requires external internet access. If you are in a locked down network environment, you should specify plugins: [] and use the initContainer approach to install APOC manually.


Starting in Neo4j 4.1, a subset of APOC procedures (APOC core) is included with all Neo4j distributions, in a special directory that is not enabled by default. This creates a separation between "APOC Core" and "APOC Full" (all procedures & functions).

APOC Full is included by default; to disable APOC, set the plugins parameter to the empty array []. By adding other plugin names to the default shown below, you can use multiple plugins.

plugins: "[\"apoc\"]"

If you would like to use APOC Core only, set the plugins parameter to the empty array to not install APOC Full automatically, and use an initContainer or other method to move the provided APOC Core library into the plugins folder to enable it.

Take care to use proper syntax and escaping: YAML can interpret JSON, and we are aiming to specify a string of JSON.

An example configuration has been provided in the deployment scenarios folder that shows installation of a standalone instance using Neo4j’s Graph Data Science plugin.

Other/custom plugins still require the use of initContainers to download and install the plugin at runtime.