Expose Neo4j cluster in Kubernetes

Question

I am attempting to deploy a Neo4j causal cluster in Kubernetes. I've followed this guide on Github, and deployed the cluster in Google Kubernetes Engine and it works as expected, i.e., the cluster replicates writes in the followers, and catch up in case of failure (deleting pods).

What I want to do next is to expose this cluster to accessed from outside of it.

The challenge I'm facing is that, in order to connect to a remote causal cluster, I need to have a static name/IP address of any of the CORE servers, using the bolt+routing URI, so that the driver can route the requests accordingly (read, write, etc.).

As it's shown here, the service is exposed as ClusterIP mode, so it's only accessible from within the cluster. I have attempted to change it to NodePort and LoadBalancer modes, and in those cases, the CORE Neo4j cluster members cannot find each other.

How can I keep the internal communication of the required ports (Raft, Transactions, etc.) and expose the 7687 (and possibly 7474 for browser) for external communication?

Answer 1

You can have multiple Services for the same deployment in Kubernetes.

• have a ClusterIP Service, so nodes can continue to communicate with each oter.
• have a LoadBalancer Service, so you can expose the public port to the Internet.

If you’re looking to restrict internal communication further, you should look at Kubernetes Network Policies (but I doubt that's what you need). Some resources on this:

• https://github.com/ahmetb/kubernetes-networkpolicy-tutorial
• https://kubernetes.io/docs/concepts/services-networking/network-policies/
• https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy