cecf
/
deploy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236
							{{- $saName := print (include "neo4j.fullname" .) "-sa" -}}
{{- if not .Values.core.standalone }}
# The ReadReplica deployment only happens for clustered installs.
apiVersion: "apps/v1"
kind: StatefulSet
metadata:
  name: "{{ template "neo4j.replica.fullname" . }}"
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/instance: {{ .Release.Name | quote }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
    app.kubernetes.io/name: {{ template "neo4j.name" . }}
    app.kubernetes.io/component: replica
spec:
  podManagementPolicy: Parallel
  serviceName: "{{ template "neo4j.replica.fullname" . }}"
{{- if not .Values.readReplica.autoscaling.enabled }}
  replicas: {{ .Values.readReplica.numberOfServers }}
{{- end }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "neo4j.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name | quote }}
      app.kubernetes.io/component: replica
  template:
    metadata:
      labels:
        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
        app.kubernetes.io/instance: {{ .Release.Name | quote }}
        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
        app.kubernetes.io/name: {{ template "neo4j.name" . }}
        app.kubernetes.io/component: replica
        {{-  range $key, $value := .Values.podLabels }}
        {{ $key }}: "{{ $value }}"
        {{- end }}
      {{- if .Values.podAnnotations }}
      {{- with .Values.podAnnotations }}
      annotations: {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- end }}
    spec:
      serviceAccountName: {{ default $saName .Values.serviceAccount.name }}
      automountServiceAccountToken: true
      # High value permits checkpointing on Neo4j shutdown.  See: https://neo4j.com/developer/kb/checkpointing-and-log-pruning-interactions/
      terminationGracePeriodSeconds: {{ .Values.readReplica.terminationGracePeriodSeconds }}
      containers:
      - name: neo4j
        image: "{{ .Values.image }}:{{ .Values.imageTag }}"
        imagePullPolicy: "{{ .Values.imagePullPolicy }}"
        securityContext:
          {{ toYaml .Values.containerSecurityContext | indent 10 }}
        # Most pod config is factored into a different configMap, which is user overrideable.
        envFrom:
          - configMapRef:
              name: {{ template "neo4j.commonConfig.fullname" . }}
          - configMapRef:
              name: {{ template "neo4j.replicaConfig.fullname" . }}
          {{- if .Values.readReplica.configMap }}
          - configMapRef:
              name: "{{ .Values.readReplica.configMap }}"
          {{- end }}
          {{- if .Values.readReplica.envFrom }}{{ toYaml .Values.readReplica.envFrom | nindent 10 }}{{- end }}
        env:
          {{- if .Values.authEnabled }}
          - name: NEO4J_SECRETS_PASSWORD
            valueFrom:
              secretKeyRef:
                {{- if .Values.existingPasswordSecret }}
                name: {{ .Values.existingPasswordSecret }}
                {{- else }}
                name: {{ template "neo4j.secrets.fullname" . }}
                {{- end}}
                key: {{ template "neo4j.secrets.key" . }}
          {{- end }}
        command:
          - "/bin/bash"
          - "-c"
          - |
            export replica_idx=$(hostname | sed 's|.*-||')

            # Processes key configuration elements and exports env vars we need.
            . /helm-init/init.sh

            # These settings are *not* overrideable, because they must match the addresses the
            # core members see to avoid akka rejections.
            export NEO4J_causal__clustering_discovery__advertised__address=$HOST:5000
            export NEO4J_causal__clustering_transaction__advertised__address=$HOST:6000
            export NEO4J_causal__clustering_raft__advertised__address=$HOST:7000
            export NEO4J_dbms_routing_advertised__address=$HOST:7688

            echo "Starting Neo4j READ_REPLICA $replica_idx on $HOST"
            exec /docker-entrypoint.sh "neo4j"
        ports:
        - containerPort: 5000
          name: tcp-discovery
        - containerPort: 7000
          name: tcp-raft
        - containerPort: 6000
          name: tcp-tx
        - containerPort: 7474
          name: tcp-browser
        - containerPort: 7687
          name: tcp-bolt
        - containerPort: 7688
          name: tcp-boltrouting
        {{- if .Values.metrics.prometheus.enabled }}
        - containerPort: 2004
          name: tcp-prometheus
        {{- end }}
        {{- if .Values.metrics.graphite.enabled }}
        - containerPort: 2003
          name: tcp-graphite
        {{- end }}
        {{- if .Values.metrics.jmx.enabled }}
        - containerPort: 3637
          name: jmx
        {{- end }}
        volumeMounts:
        - name: init-script
          mountPath: /helm-init
        - name: plugins
          mountPath: /plugins
        - name: datadir
          mountPath: "{{ .Values.readReplica.persistentVolume.mountPath }}"
          {{- if .Values.readReplica.persistentVolume.subPath }}
          subPath: {{ .Values.readReplica.persistentVolume.subPath }}
          {{- end }}
        {{- if .Values.readReplica.additionalVolumeMounts }}
{{ toYaml .Values.readReplica.additionalVolumeMounts | indent 8}}
        {{- end }}
        startupProbe:
{{ toYaml .Values.startupProbe | indent 10 }}
        readinessProbe:
{{ toYaml .Values.readinessProbe | indent 10 }}
        livenessProbe:
{{ toYaml .Values.livenessProbe | indent 10 }}
        resources:
{{ toYaml .Values.readReplica.resources | indent 10 }}
{{- if .Values.core.sidecarContainers }}
{{ toYaml .Values.core.sidecarContainers | indent 6 }}
{{- end }}
      initContainers:
      {{ if .Values.readReplica.restore.enabled }}
      - name: restore-from-backup
        image: "{{ .Values.readReplica.restore.image }}:{{ .Values.readReplica.restore.imageTag }}"
        imagePullPolicy: Always
        volumeMounts:
          - name: datadir
            mountPath: /data
            {{- if .Values.core.persistentVolume.subPath }}
            subPath: {{ .Values.core.persistentVolume.subPath }}
            {{- end }}
          {{- if and .Values.core.restore.enabled .Values.core.restore.secretName }}
          - name: credentials
            mountPath: /credentials
            readOnly: true
          {{- end }}
        env:
          - name: DATABASE
            value: {{ .Values.readReplica.restore.database }}
          - name: CLOUD_PROVIDER
            value: {{ .Values.readReplica.restore.cloudProvider }}
          - name: BUCKET
            value: {{ .Values.readReplica.restore.bucket }}
          - name: TIMESTAMP
            value: "{{ .Values.readReplica.restore.timestamp }}"
          - name: FORCE_OVERWRITE
            value: "{{ .Values.readReplica.restore.forceOverwrite }}"
          - name: PURGE_ON_COMPLETE
            value: "{{ .Values.readReplica.restore.purgeOnComplete }}"
      {{ end }}
{{- if .Values.readReplica.initContainers }}
{{ toYaml .Values.readReplica.initContainers | indent 6 }}
{{- end }}
{{- with .Values.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
      securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
      volumes:
        - name: init-script
          configMap:
            name: "{{ .Release.Name }}-init-script"
        {{- if and .Values.core.restore.enabled .Values.core.restore.secretName }}
        - name: credentials
          secret:
            secretName: {{ .Values.readReplica.restore.secretName }}
            items:
              - key: credentials
                path: credentials
        {{- end }}
        {{- if not .Values.readReplica.persistentVolume.enabled }}
        - name: datadir
          emptyDir: {}
        {{- end }}
        - name: plugins
          emptyDir: {}
        {{- if .Values.readReplica.additionalVolumes }}
{{ toYaml .Values.readReplica.additionalVolumes | indent 8}}
        {{- end }}
{{- if .Values.imagePullSecret }}
      imagePullSecrets:
      - name: {{ .Values.imagePullSecret }}
{{- end -}}
  {{- if .Values.readReplica.persistentVolume.enabled }}
  volumeClaimTemplates:
    - metadata:
        name: datadir
        annotations:
        {{- if .Values.readReplica.persistentVolume.annotations }}
  {{ toYaml .Values.readReplica.persistentVolume.annotations | indent 12 }}
        {{- end }}
      spec:
        accessModes:
          - ReadWriteOnce
      {{- if .Values.readReplica.persistentVolume.storageClass }}
      {{- if (eq "-" .Values.readReplica.persistentVolume.storageClass) }}
        storageClassName: ""
      {{- else }}
        storageClassName: "{{ .Values.readReplica.persistentVolume.storageClass }}"
      {{- end }}
      {{- end }}
        resources:
          requests:
            storage: "{{ .Values.readReplica.persistentVolume.size }}"
  {{- end }}
{{- end }} # if not standalone mode