I installed Neo4j on Google Kubernetes successfully but am unable to connect to it via Neo4j browser with either http or https. Followed neo4j-google-k8s-marketplace/USER-GUIDE.md at main · neo-technology/neo4j-google-k8s-marketplace · GitHub. Always replies "Site can't be reached". I'm in the startup program so a crazy learning curve!
Hi. I'm the author of that stuff. Can you paste some commands you did, what their results were, and where you're getting the error?
Make sure to read the "limitations" section in those docs. That covers what the most common problem getting this started would be.
Thanks for the reply David. Here you go:
- logged into Google Cloud/Kubernetes dashboard as owner
- started YAML shell
- entered "kubectl port-forward [xxx]-neo4j-core-0 7687:7687 7474:7474" - [xxx] is my deployment name
- shell replied:
Forwarding from 127.0.0.1:7687 -> 7687
Forwarding from 127.0.0.1:7474 -> 7474 - in same browser entered http://localhost:7474 - "site can't be reached"
I had successfully run Neo4j Desktop/browser on this same computer. Want to start building DB on cloud for testing handshakes with existing MySQL DB driving www.flowh.com.
Neo4j/algorithms lib looks to be a great tool for our new feature matching people to events based on their interests. Excited to get it up and running.
Sorry, not sure I have enough to figure out what's happening here. can you for example shell into one of those pods and verify that port 7474 is open local to the pod? Also that the deployment succeeded and everything is looking healthy and happy?
When you get "site can't be reached" and the port is forwarding, I'm guessing this most likely means that the port for whatever reason isn't open on the pod itself. This could be because of a problem with the deployment, or could be because of a misconfiguration.
The next thing to do is to verify that 7474 and 7687 work inside of the pod, and that the deployment is good. Did you for example create the deployment with helm, custom yaml, or google cloud marketplace?
Hi David. Sorry for the slow reply. I wanted to go through all the documentation again to make sure I: 1) understand what I'm doing, and 2) find where I am having trouble.
- deployed on Google cloud marketplace
- services are happy and I can access the Cypher Shell via kubectl
- I confirmed my cluster leader as core-0
- forward ports using: kubectl port-forward [xxx]-neo4j-core-0 7687:7687 7474:7474 where [xxx] is my deployment name
- shell replies with:
Forwarding from 127.0.0.1:7687 -> 7687
Forwarding from 127.0.0.1:7474 -> 7474 - enter http://localhost:7474 in new browser tab
- browser replies with "site can't be reached"
It all seems correct. What am I missing?
Thank you sir.
- Can you use the cypher-shell command (provided in the repo) to connect to port 7687 of the pod?
- When you say "browser says site cannot be reached" do you mean your web browser or do you mean Neo4j Browser says this? As in, does the Neo4j Browser UI load on port 7474 and you fail to connect, or do you not get the Neo4j Browser UI to load at all?
- Can you confirm you don't have other firewall rules which would interact with your localhost?
- What does
curl -v http://localhost:7474/return in full?
- Yes. Reply is Connected to Neo4j 3.5.1 at bolt://[xxx]-neo4j.default.svc.cluster.local:7687 as user neo4j.
- The web browser. Never get to the neo4j browser
- Confirmed. All firewall and anti-virus is disabled.
- Reply to curl:
- Trying 127.0.0.1...
- TCP_NODELAY set
- connect to 127.0.0.1 port 7474 failed: Connection refused
- Trying ::1...
- TCP_NODELAY set
- Immediate connect fail for ::1: Cannot assign requested address
- Trying ::1...
- TCP_NODELAY set
- Immediate connect fail for ::1: Cannot assign requested address
- Failed to connect to localhost port 7474: Connection refused
- Closing connection 0
curl: (7) Failed to connect to localhost port 7474: Connection refused
Another interesting twist:
- I go to https://console.cloud.google.com/kubernetes/service
- Click Port Forwarding for 7474 in Ports section
- Run in shell:
gcloud container clusters get-credentials cluster-1 --zone us-central1-a --project recommend-236423 \ && kubectl port-forward $(kubectl get pod --selector="app=neo4j,component=core,release=[xxx]" --output jsonpath='{.items[0].metadata.name}') 8080:7474 - Click "Open in web preview"
- Neo4j browser opens with seeded Connect URL of bolthttps://7687-dot-6955458-dot-devshell.appspot.com
- Note the odd scheme "bolthttps://" and 7687 port
- I try a number of variations on this URL and Neo4j browser comes back with "ServiceUnavailable" on all of them.
My ultimate goal is to have a persistent URL so that others in my company can access via Cypher
Thanks for sticking with this David.
Let me start with the ultimate goal -- unfortunately right now kubernetes based deployments are rather difficult to expose externally to kubernetes. This is a complicated enough topic that I wrote an entire blog post on it, which provides some suggested solutions ("Possible Solutions" section) for how you can go about doing it:
If exposing to your entire company is the goal, then you might want to read that and step through some of its solutions on your side. The kubectl proxy approach really only works for your local host, and isn't meant to expose something on forward to other hosts. The difficulty with the kubectl approach is that you're doing it for the leader, but please keep in mind that as the cluster topology evolves in response to runtime events, which node is the leader can change. And so for simple testing kubectl proxy works, but isn't a way to expose a production cluster to another network.
On to some other points:
- The neo4j browser seeded URL has a lot to do with your advertised_address in your neo4j conf. Something funny may be going on there.
- The reason you're getting the "Service Unavailable" errors in this configuration is that typically, the advertised address of the neo4j node internal to k8s is being provided to a client external to k8s on your desktop machine. That internal address isn't routable from the outside. (That's the short version. The full explanation is in the blog post above)
Hi David,
I switched over to GCE and having no problems with external url connection.
Thanks for all your help.
Eric
1 Like