Closed vinnytwice closed 10 months ago
This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.
Hey @vinnytwice,
we do not provide support for your own software you are running on our servers. If you can point out where exactly hcloud-cloud-controller-manager is not setting up the Load Balancer as you would expect, I will gladly help you figure out the annotations you need instead.
@apricote I sorted it out. The guys at Neo4j told me that my problem could have to do with your load balancer or network, which may differ from Azure's, but meantime they released a reverse proxy that I'll use to solve this issue. Thank you very much again. Cheers
I'm creating a Kubernetes cluster on Hetzner Cloud with the same configuration I use on Azure AKS but I'm facing connection problems with Neo4j. On Hetzner cluster while I can access Neo4J browser from the path I defined in my Ingress, I can't connect to the Neo4j server using the bolt+s connection server.mydomain.com:7687 URL, nor does the Neo4j driver in my Node.js server pod (this second connection is kinda solved, see update at the end). This is not the case with the AKS cluster.
From Neo4j browser debbug connection I see that the Handshake fails:
From Chrome console I see 2 errors:
The one difference between the two clusters is the ingress controller's Load Balancer configuration for which on Hetzner I set annotations in the ingress-nginx Helm chart as so:
AFAIK
ingress-nginx
controller (which I'm using) handles WebSockets automatically unlikenginx-ingress
for which should be mapped to a service using an annotation likenginx.ingress.kubernetes.io/websocket-services: neo4j
, I tried using the annotation anyways but didn't make a difference.The complete procedure I used for the Hetzner cluster is: I created a Kubernetes a single node cluster on Hetzner Cloud using k3s v1.27.4+k3s1, installed ingress-nginx v4.7.1 exposing TCP ports 7474 and 7687 to Neo4j service as you can see above (the Load Balancer TCP ports are exposed and healthy) and Cert-manager v1.12.3 Helm charts.
In my domain DNS manager I created an A record pointing to the load balancer IPv4 with host set as
sever
to use it in myCertificate
andIngress
manifests asserver.mydomain.com
. Thetls-secret
gets created correctly.To install Neo4j chart I'm setting these values for Neo4j configuration:
I tried setting the
dbms.connector.bolt.advertised_address
(dough on Azure is not set) using both the any IP0.0.0.0:7687
value and the specific dnsserver.mydomain.com:7687
value but that didn't make a difference either. On the Hetzner Firewall rules I created rules for ports 80(http) and 443 (https) to allow to port 7474 and 7687. I also tried disabling the Firewall as a test but still can't reach Neo4j server.I noticed that the nginx-ingress-controller External IP onAzure was actually showing the IPv4 address from the load balancer, while on Hetzner it was showing the dns name
server.mydomain.com
so I removed theload-balancer.hetzner.cloud/hostname: server.mydomain.com
annotation fromingress-nginx
service annotations helm chart and without it the Neo4j driver in my Node.js server pod succeeds in connecting to Neo4j.Unfortunately I still get the two errors when connecting from the Neo4j Browser app in the web browser:
I started a fresh server, and while issuing the Let'sEncrypt certificate, if I don't use the annotation
load-balancer.hetzner.cloud/hostname: server.mydomain.com
, Certificate issuance hangs, while with it completes as expected.I'm completely going in circles here.. Can you spot some other configuration I need to add or change for this setup? Many thanks