K
Q

Neo4j cluster: Expose Neo4j cluster to external world

9/28/2019

I've installed neo4j enterprise from Google cloud market place and it is accessible from within the Kubernetes network but I want to access it from my external application which is not on the same network. Following this guide from Neo4j I'm able to connect the browser using port forwarding;

MY_CLUSTER_LEADER_POD=mygraph-neo4j-core-0
kubectl port-forward $MY_CLUSTER_LEADER_POD 7687:7687 7474:7474

In the user guide, they suggest that I should not use a load balancer on the server side. I should expose each pod in the cluster separately and use bolt+routing from my application to handle request routing. This is described in Limitations section of the guide.

It should be exposed using Nodeports but I am unable to do it properly. I've tried doing it like this;

kubectl expose pod neo-cluster-neo4j-core-0 --port=7687 --name=neo-leader-pod

But I'm unable to connect using this exposed IP. I'm not good with cloud technologies so I can't figure out what I'm doing wrong.

I went through this article Neo4j Considerations in Orchestration Environments, tells what I should do but not how to do. It assumes prior knowledge of gcloud/kubernaties.

Anyone could guide me in the right direction? Thanks

-- tahir waseer
google-cloud-platform
google-kubernetes-engine
neo4j
service-node-port-range

Similar Questions

standalone network endpoint group (NEG) on GKE not working
How to send AKS logs into eventhub?
How to add a static ip to istio ingress?
How does Kubernetes deal with node resource changes at run time?
Mongo shell doesn't work through kubectl cli
Running Velero CLI in a container to interact with Azure AKS Velero deployment
Azure Kubernetes Nginx Ingress: How do I properly route to an API service and an Nginx web server with HTTPS and avoid 502?
Overriding Docker ENTRYPOINT in Kubernetes

1 Answer

10/7/2019

If I’m not wrong, you create a GKE cluster for neo4j enterprise.

And it works perfectly inside of the cluster network, but not from outside.

Check if you have opened the firewall for these ports.

To create rules or see the existing rules:

  1. Go to cloud.google.com

  2. Go to my Console

  3. Choose your Project

  4. Choose Networking > VPC network

  5. Choose "Firewalls rules"

  6. Choose "Create Firewall Rule" to create the rule if doesn't exist.

  7. To apply the rule to select VM instances, select Targets > "Specified target tags", and enter into "Target tags" the name of the tag. This tag will be used to apply the new firewall rule onto whichever instance you'd like. Then, make sure the instances have the network tag applied.

  8. To allow incoming TCP connections to port 7687 for example, in "Protocols and Ports" enter tcp:7687

  9. Click Create

Check the GKE documentation for a better clue:

https://cloud.google.com/solutions/prep-kubernetes-engine-for-prod

https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy

https://cloud.google.com/kubernetes-engine/docs/how-to/exposing-apps

:)

-- Toni
Source: StackOverflow