templates/neo4j.yaml

prompts:
  - $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/core-prompts.yaml):
      {}
  - $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/{{ $cndi.get_prompt_response(deployment_target_provider) }}/core-prompts.yaml):
      {}

  - name: neo4j_password
    default: letmeinplease
    message: >-
      What will be your default password for your 'neo4j' user?
    type: Secret

  - name: deploy_neo4j_ingress
    default: true
    message: >-
      Do you want to expose Neo4j to the web?
    type: Confirm

  - name: neo4j_hostname
    default: neo4j.example.com
    message: >-
      What hostname should Neo4j be accessible at?
    type: Input
    validators:
      - hostname # FQDN
      - min_length: 3
    condition:
      - "{{ $cndi.get_prompt_response(deploy_neo4j_ingress) }}"
      - ==
      - true

outputs:
  cndi_config:
    project_name: "{{ $cndi.get_prompt_response(project_name) }}"
    cndi_version: v2
    provider: "{{ $cndi.get_prompt_response(deployment_target_provider) }}"
    distribution: "{{ $cndi.get_prompt_response(deployment_target_distribution) }}"
    # this is a Template comment
    infrastructure:
      cndi:
        $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/observability-config.yaml):
          condition:
            - "{{ $cndi.get_prompt_response(deploy_grafana_ingress) }}"
            - ==
            - true

        $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/argocd-config.yaml):
          condition:
            - "{{ $cndi.get_prompt_response(deploy_argocd_ingress) }}"
            - ==
            - true

        cert_manager:
          email: "{{ $cndi.get_prompt_response(cert_manager_email) }}"

        external_dns:
          $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/external-dns/config/{{ $cndi.get_prompt_response(dns_provider) }}.yaml):
            condition:
              - "{{ $cndi.get_prompt_response(enable_external_dns) }}"
              - ==
              - true

        nodes:
          $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/{{ $cndi.get_prompt_response(deployment_target_provider) }}/basic-node-pool.yaml):
            {}

        open_ports:
          - name: tcp-bolt
            number: 7687
            service: neo4j
            namespace: neo4j

    cluster_manifests:
      $cndi.comment(neo4j-auth-secret): Neo4j Credentials
      neo4j-auth-secret:
        apiVersion: v1
        kind: Secret
        metadata:
          name: neo4j-auth-secret
          namespace: neo4j
        type: Opaque
        stringData:
          NEO4J_AUTH: $cndi_on_ow.seal_secret_from_env_var(NEO4J_PASSWORD)

      neo4j-ingress:
        $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/default-ingress.yaml):
          args:
            ingress_name: neo4j-ingress
            ingress_class_name: public
            hostname: "{{ $cndi.get_prompt_response(neo4j_hostname) }}"
            service_name: neo4j
            service_port: 7473
            namespace: neo4j
          condition:
            - "{{ $cndi.get_prompt_response(deploy_neo4j_ingress) }}"
            - ==
            - true

      external-dns-secret:
        $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/external-dns/secret/{{ $cndi.get_prompt_response(dns_provider) }}.yaml):
          condition:
            - "{{ $cndi.get_prompt_response(enable_external_dns) }}"
            - ==
            - true

      neo4j-ns:
        apiVersion: v1
        kind: Namespace
        metadata:
          name: neo4j

    applications:
      neo4j:
        targetRevision: 5.9.0
        destinationNamespace: neo4j
        repoURL: "https://helm.neo4j.com/neo4j"
        chart: neo4j
        values:
          disableLookups: true
          neo4j:
            name: neo4j
            passwordFromSecret: neo4j-auth-secret
            acceptLicenseAgreement: "yes"
          volumes:
            data:
              mode: defaultStorageClass
          services:
            neo4j:
              enabled: false
          ssl:
            bolt:
              privateKey:
                secretName: cluster-issuer-private-key
                subPath: tls.key
              publicCertificate:
                secretName: cluster-issuer-private-key
                subPath: tls.crt
            https:
              privateKey:
                secretName: cluster-issuer-private-key
                subPath: tls.key
              publicCertificate:
                secretName: cluster-issuer-private-key
                subPath: tls.crt
            cluster:
              privateKey:
                secretName: cluster-issuer-private-key
                subPath: tls.key
              publicCertificate:
                secretName: cluster-issuer-private-key
                subPath: tls.crt

  env:
    $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/git-credentials-{{ $cndi.get_prompt_response(git_credentials_mode) }}-env.yaml):
      {}
    $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/{{ $cndi.get_prompt_response(deployment_target_provider) }}/env.yaml):
      {}
    $cndi.get_block(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/env.yaml):
      {}

    $cndi.comment(neo4j-heading): Neo4j Credentials
    NEO4J_USERNAME: neo4j
    $cndi.comment(neo4j-password-comment): "'neo4j/' prefix is required for the password"
    NEO4J_PASSWORD: "neo4j/{{ $cndi.get_prompt_response(neo4j_password) }}"

  readme:
    project_name: "# {{ $cndi.get_prompt_response(project_name) }}"
    $cndi.get_string(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/common/cluster/core-readme.md):
      {}
    $cndi.get_string(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/{{ $cndi.get_prompt_response(deployment_target_provider) }}/core.md):
      {}
    $cndi.get_string(https://raw.githubusercontent.com/polyseam/cndi/main/blocks/{{ $cndi.get_prompt_response(deployment_target_provider) }}/{{ $cndi.get_prompt_response(deployment_target_distribution) }}.md):
      {}
    neo4j: |
      # Neo4j Deployment Guide

      This Template deploys a standalone production-ready Neo4j database on a Kubernetes cluster using Helm.
      Neo4j is a highly powerful, open-source graph database management system, known for its ability to efficiently manage and query highly connected data.
       With its graph-based model, Neo4j is especially suited for applications requiring complex queries and data relationships, such as social networks, recommendation systems, and fraud detection.

      ## Customizing Your Deployment

      You can customize your Neo4j deployment to suit your specific needs by altering the `values.yaml` file in the Helm chart. Essential configuration options to consider include:

      - **Persistence:** Enable persistent storage to protect your graph data across pod restarts and deployments.
      - **Replication:** Configure replication settings to ensure data redundancy and high availability.
      - **Resources:** Define CPU and memory limits and requests to manage the resource utilization of Neo4j pods efficiently.
      - **Authentication:** Implement authentication mechanisms to secure access to your graph database.

      Refer to the Helm chart's documentation or the `values.yaml` file for a comprehensive list of all configurable parameters and their descriptions.

      ## Verifying Neo4j Accessibility

      After deploying Neo4j and configuring external access (either through port forwarding, Ingress, or ExternalDNS), ensure that the database is properly accessible:

      **Connect to the Database**:
        - Use a web browser to navigate to the Neo4j browser interface, typically at `https://neo4j.yourdomain.com:7474`.

      ## Connecting to the Database UI Step-by-Step

      To connect to your Neo4j database, follow these steps:

      1. **Open a Web Browser:** Start by opening your preferred web browser.

      2. **Navigate to the Neo4j Browser:** Enter the URL for your Neo4j browser interface, which is usually formatted as `https://neo4j.yourdomain.com:7474`. Adjust the protocol (`http` or `https`) and port (`7474` for HTTP, `7473` for HTTPS) as necessary, based on your deployment configuration.

      3. **Enter Credentials:** Upon reaching the Neo4j browser login page, input the default or configured credentials. The default credentials are often `neo4j` for both the username and password, unless you've changed them during setup.

      4. **Explore Your Database:** Once logged in, you can start executing Cypher queries, explore the graph, and manage your Neo4j database directly from the browser interface.

      5. **Troubleshooting:** If you encounter any issues accessing the Neo4j browser, check your Kubernetes service and ingress configurations to ensure they are correctly set up for external access. Additionally, verify that any firewall or network settings allow traffic to the appropriate ports.

      Remember to adjust the URL and credentials based on your specific Neo4j deployment and security settings.

      ## Connect to the Database from your Application

      If you've deployed Neo4j with a load balancer you are also able to connect to the database from your application.

      Neo4j will listen on port `7687` for the Bolt protocol for programmatic access.