从 Kubernetes 内部访问 Neo4j 集群

默认情况下,客户端路由用于从 Kubernetes 内部访问 Neo4j 集群。

使用特定成员访问 Neo4j 集群

您在一个新的 Pod 中运行 cypher-shell 并将其直接指向其中一台服务器。

  1. 在 Pod 中运行 cypher-shell 以访问例如 server-3

    kubectl run --rm -it --image "neo4j:5.25.1-enterprise" cypher-shell \
     -- cypher-shell -a "neo4j://server-3.default.svc.cluster.local:7687" -u neo4j -p "my-password"
    If you don't see a command prompt, try pressing enter.


Connected to Neo4j using Bolt protocol version 5 at neo4j://server-3.default.svc.cluster.local:7687 as user neo4j.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.

  2. 运行 Cypher 命令 SHOW DATABASES 以验证所有集群服务器是否联机。

    SHOW DATABASES;
    +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name     | type       | aliases | access       | address                                 | role      | writer | requestedStatus | currentStatus | statusMessage | default | home  | constituents |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| "neo4j"  | "standard" | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "neo4j"  | "standard" | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "neo4j"  | "standard" | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "system" | "system"   | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
| "system" | "system"   | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
| "system" | "system"   | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

6 rows
ready to start consuming query after 27 ms, results consumed after another 243 ms

  3. 运行 Cypher 命令 SHOW SERVERS 以验证所有集群服务器是否已启用

    SHOW SERVERS;
    +----------------------------------------------------------------------------------------------------------------------------------+
| name                                   | address                                 | state     | health      | hosting             |
+----------------------------------------------------------------------------------------------------------------------------------+
| "ad5c3cf1-541a-44f8-a19b-28bc36030914" | "server-3.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
| "cbdebc59-64c2-4542-a041-24a1f051e64f" | "server-1.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
| "f37e98a7-15ec-4dc4-a6bf-df9e418a7488" | "server-2.neo4j.svc.cluster.local:7687" | "Enabled" | "Available" | ["system", "neo4j"] |
+----------------------------------------------------------------------------------------------------------------------------------+

3 rows
ready to start consuming query after 27 ms, results consumed after another 363 ms

  4. 退出 cypher-shell。退出 cypher-shell 会自动删除用于运行它的 Pod。

    :exit;
    Bye!
Session ended, resume using 'kubectl attach cypher-shell -c cypher-shell -i -t' command when the pod is running
pod "cypher-shell" deleted

使用无头服务访问 Neo4j 集群

为了允许在 Kubernetes 内部运行的应用程序访问 Neo4j 集群而无需使用特定服务器进行引导,您需要安装 neo4j-cluster-headless-service Helm 图表。这将创建一个带有 DNS 条目 的 K8s 服务,其中包含所有 Neo4j 服务器。您可以使用创建的 DNS 条目引导连接到集群的驱动程序。

无头服务是 Kubernetes 的术语,用于描述没有 ClusterIP 的服务。有关更多信息,请参阅 Kubernetes 官方文档

  1. 使用发布名称 headlessneo4j/neo4j-cluster-headless-service Helm 图表以及集群名称作为 neo4j.name 参数的值来安装无头服务。

    或者,您可以创建一个带有服务所有配置的 values.yaml 文件。要查看 neo4j/neo4j-cluster-headless-service Helm 图表上可以配置哪些选项,请使用 helm show values neo4j/neo4j-headless-service

    		 
    helm install headless neo4j/neo4j-headless-service --namespace neo4j --set neo4j.name=my-cluster
    NAME: headless
LAST DEPLOYED: Wed Oct 26 13:11:14 2022
NAMESPACE: neo4j
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing neo4j-cluster-headless-service.

Your release "headless" has been installed in namespace "neo4j".

Once rollout is complete you can connect to your Neo4j cluster using "neo4j://headless-neo4j.neo4j.svc.cluster.local:7687". Try:

  $ kubectl run --rm -it --namespace "neo4j" --image "neo4j:5.25.1-enterprise" cypher-shell \
     -- cypher-shell -a "neo4j://headless-neo4j.neo4j.svc.cluster.local:7687"

Graphs are everywhere!

  1. 检查 headless 服务是否可用

    export NEO4J_NAME=my-cluster
kubectl get service ${NEO4J_NAME}-headless
    NAME                  TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                      AGE
my-cluster-headless   ClusterIP   None         <none>        7474/TCP,7687/TCP   113s

  2. 使用 kubectl describe service 查看服务详细信息

    kubectl describe service ${NEO4J_NAME}-headless
    Name:              my-cluster-headless
Namespace:         neo4j
Labels:            app=my-cluster
                   app.kubernetes.io/managed-by=Helm
                   helm.neo4j.com/neo4j.name=my-cluster
Annotations:       cloud.google.com/neg: {"ingress":true}
                   meta.helm.sh/release-name: headless
                   meta.helm.sh/release-namespace: neo4j
Selector:          app=my-cluster,helm.neo4j.com/neo4j.loadbalancer=include
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                None
IPs:               None
Port:              http  7474/TCP
TargetPort:        7474/TCP
Endpoints:         10.24.0.131:7474,10.24.1.3:7474,10.24.1.67:7474
Port:              https  7473/TCP
TargetPort:        7473/TCP
Endpoints:         10.24.0.131:7473,10.24.1.3:7473,10.24.1.67:7473
Port:              tcp-bolt  7687/TCP
TargetPort:        7687/TCP
Endpoints:         10.24.0.131:7687,10.24.1.3:7687,10.24.1.67:7687
Session Affinity:  None
Events:

    您应该在每个服务端口看到三个“端点”——它们是三个 Neo4j 服务器的 IP 地址。这些端点用于启动在 Kubernetes 中运行的应用程序使用的驱动程序。驱动程序将使用它们来获取初始路由表。

  3. 在另一个 Pod 中运行 `cypher-shell` 并通过无头服务连接到集群服务器

    kubectl run --rm -it --namespace "neo4j" --image "neo4j:5.25.1-enterprise"cypher-shell -- cypher-shell -a \  "neo4j://my-cluster-headless.neo4j.svc.cluster.local:7687" -u neo4j -p "my-password"
    If you don't see a command prompt, try pressing enter.
Connected to Neo4j using Bolt protocol version 5 at neo4j://headless-neo4j.default.svc.cluster.local:7687 as user neo4j.
Type :help for a list of available commands or :exit to exit the shell.
Note that Cypher queries must end with a semicolon.

  4. 运行 Cypher 命令 SHOW DATABASES 以验证所有集群服务器是否联机。

    SHOW DATABASES;
    +--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| name     | type       | aliases | access       | address                                 | role      | writer | requestedStatus | currentStatus | statusMessage | default | home  | constituents |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| "neo4j"  | "standard" | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "neo4j"  | "standard" | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "neo4j"  | "standard" | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | TRUE    | TRUE  | []           |
| "system" | "system"   | []      | "read-write" | "server-3.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
| "system" | "system"   | []      | "read-write" | "server-2.neo4j.svc.cluster.local:7687" | "primary" | FALSE  | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
| "system" | "system"   | []      | "read-write" | "server-1.neo4j.svc.cluster.local:7687" | "primary" | TRUE   | "online"        | "online"      | ""            | FALSE   | FALSE | []           |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
6 rows
ready to start consuming query after 4 ms, results consumed after another 42 ms

  5. 退出 cypher-shell。退出 cypher-shell 会自动删除用于运行它的 Pod。

    :exit;
    Bye!
Session ended, resume using 'kubectl attach cypher-shell -c cypher-shell -i -t' command when the pod is running
pod "cypher-shell" deleted