memgraph
Memgraph Platform Via Helm
The Memgraph documentation mentions how to deploy Memgraph itself via a Helm chart. Is there something similar available for Memgraph platform? There is, at least as far as I can tell, no documentation on that. I've been having issues with my current deployment where all services appear to be up inside the container, but the front-end says that Memgraph Lab cannot detect Memgraph running in the container.
I was able to get passed this. However, my current issue is the inability to create any user via the -init-file flag. Even running the mgconsole < init.cypherl manually does not work.
Hi @bwhartlove, can you tell me which image you used? Memgraph, Memgraph MAGE or Memgraph Platform? How are you passing values to the config settings to Memgraph? Can you explain your process of setting the flags and connecting to a running Memgraph instance? Btw. for quicker and easier communication, join our Discord server and ping me there :)
Hello! I am using the Memgraph Platform Image and deploying it via a Helm Chart I modified from the Memgraph Helm chart example provided here.
Since I am trying to run the container as a non-root user (i.e., as the memgraph user), I had to re-roll the image as so:
FROM memgraph/memgraph-platform:latest
USER root
COPY supervisord.conf /etc/supervisor/conf.d/
COPY init.cypherl /etc/memgraph/init.cypherl
RUN chown -R memgraph:memgraph /run/ && \
chown -R memgraph:memgraph /etc/supervisor && \
chown -R memgraph:memgraph /etc/memgraph && \
chown -R memgraph:memgraph /var/log/supervisor/
USER 101
CMD ["/bin/bash", "-c", "/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf >> /dev/null & echo \"Memgraph Lab is running at localhost:3000\\n\"; while true; do sleep 1; done;"]
My supervisord.conf looks as so:
[supervisord]
nodaemon=true
logfile=/var/log/supervisor/supervisord.log
[program:lab]
directory=/lab
command=/bin/bash -c "node dist-backend/server.js"
[program:memgraph]
directory=/usr/lib/memgraph
command=/bin/bash -c "/usr/lib/memgraph/memgraph --data-directory=/var/lib/memgraph/data --log-level=DEBUG \
--bolt-cert-file=/etc/memgraph/ssl/cert.pem --bolt-key-file=/etc/memgraph/ssl/key.pem \
--init-file=/etc/memgraph/init.cypherl"
And my init.cypherl file:
CREATE USER myuser IDENTIFIED BY "password";
This does not appear to pre-populate the database with the user. My intention is to have the container come up so that a user must use a username/password to login.
Sure thing. Here's the helm chart (I haven't finished my values file yet, so it's all verbose):
# StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: memgraph
namespace: pipeline
labels:
app.kubernetes.io/name: memgraph
app.kubernetes.io/managed-by: Helm
spec:
replicas: 1
serviceName: memgraph-svc
selector:
matchLabels:
app.kubernetes.io/name: memgraph
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/name: memgraph
spec:
securityContext:
fsGroup: 101
containers:
- name: memgraph
image: "mycontainerregistry/memgraph-platform-custom"
securityContext:
runAsUser: 101
runAsGroup: 101
imagePullPolicy: Always
ports:
- name: db-port
containerPort: 7687
- name: lab-port
containerPort: 3000
volumeMounts:
- name: memgraph-lib-storage
mountPath: /var/lib/memgraph
- name: memgraph-log-storage
mountPath: /var/log/memgraph
volumes:
- name: memgraph-lib-storage
persistentVolumeClaim:
claimName: memgraph-lib-storage
- name: memgraph-log-storage
persistentVolumeClaim:
claimName: memgraph-log-storage
---
# Service
apiVersion: v1
kind: Service
metadata:
name: memgraph-svc
namespace: pipeline
labels:
app.kubernetes.io/name: memgraph
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 7687
targetPort: 7687
protocol: TCP
name: bolt
selector:
app.kubernetes.io/name: memgraph
---
# Service
apiVersion: v1
kind: Service
metadata:
name: memgraph-lab-svc
namespace: pipeline
labels:
app.kubernetes.io/name: memgraph
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 3000
protocol: TCP
name: bolt
selector:
app.kubernetes.io/name: memgraph
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: memgraph-lab-ingress
namespace: pipeline
spec:
rules:
- host: memgraph.mydomain.com
http:
paths:
- backend:
service:
name: memgraph-lab-svc
port:
number: 80
path: /
pathType: Prefix
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/managed-by: Helm
name: allow-to-memgraph-lab
namespace: pipeline
spec:
ingress:
- ports:
- port: 3000
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: memgraph
policyTypes:
- Ingress
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: memgraph-lib-storage
namespace: pipeline
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: memgraph-log-storage
namespace: pipeline
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
Thank you for sharing. I will check this and get back to you. If you notice anything new or can provide any additional info meanwhile, let me know. What is the urgency on your side?
I'll provide any insights as I run into them. Urgency is low, though I would like to get this resolved within the next week or so if possible. Thanks!
Small edit to the Helm Chart:
I've noticed that I have to connect manually to the database. It does not detect the db on localhost, so I have to use the service to connect, which requires adding the port 7687 to the Network Policy as well.
I've noticed that the user is not present at spin up of the container, but if I hop in and manually import the cypher file, it creates the user just fine:
mgconsole -use_ssl < /etc/memgraph/init.cypherl
The logs do say it's Running init file.
I was able to accomplish what I was trying to do without the -init-file flag, albeit in a 'hacky' way. I removed the -init-file flag from my supervisord config for memgraph and modified the CMD for the container to import the query via mgconsole:
CMD ["/bin/bash", "-c", "/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf >> /dev/null & echo \"Memgraph Lab is running at localhost:3000\\n\"; while ! nc -z localhost 7687; do sleep 1; done; mgconsole --use_ssl < /etc/memgraph/init.cypherl; while true; do sleep 1; done;"]
I'd still like to understand what is going wrong with the -init-file flag, but this accomplished what I wanted it to.
It's great to hear you managed to accomplish what you wanted to, and I'll check what happened with the --init_file flag and report back. Btw. what are you using Memgraph for? Maybe we talked already but it's a bit hard with GitHub usernames :)
Just doing some development work for my own knowledge. It's a really awesome tool, and I wanted to learn more about graph databases. Thanks for checking on this!
Apologies for taking this in a different direction - is there any way with Memgraph Lab to set up SSL? I know you can use certs with the memgraph.conf to encrypt traffic to the backend, but what about the front end service?
Regarding the SSL with Memgraph Lab, currently, the only way is to have a reverse proxy in front, e.g. a reverse proxy that holds SSL information and proxies everything toward/from Memgraph Lab endpoint. Is that doable in your case?
Yes, that is something I've done with other services in the past, and it's doable in my case. Thanks for the confirmation!
@antejavor not sure what happened here and if there's any update. I noticed the issue is a bit stale and that you assigned it yourself, so can you check it when you're back from vacation?
Besides that, @bwhartlove we are working on a new way of running the Memgraph Platform and that's why we haven't been that active in creating a new helm chart for the Memgraph Platform. Hopefully, we'll manage to improve the process soon enough. How are you doing and did you make any progress in your project?