Implement services and maintenance deployment

Also found: ``` Some users have raised concerns that the Neo4j image changes file permissions on the host machine. By default, Neo4j runs as the user neo4j who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature. To enforce stricter file permissions checking you can pass this environment variable to the container: --env SECURE_FILE_PERMISSIONS=yes ``` from https://hub.docker.com/_/neo4j Implemented the above ☝️
2025-12-13 07:45:56 +00:00 · 2019-09-17 23:28:17 +02:00 · 2019-09-17 23:28:17 +02:00 · fccf53a176
commit fccf53a176
parent a2a71975ab
6 changed files with 75 additions and 0 deletions
--- a/deployment/helm/human-connection/templates/deployment-maintenance.yaml
+++ b/deployment/helm/human-connection/templates/deployment-maintenance.yaml
@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name:  {{ .Release.Name }}-maintenance
+spec:
+  selector:
+    matchLabels:
+      human-connection.org/selector: deployment-maintenance
+  template:
+    metadata:
+      labels:
+        human-connection.org/commit: {{ .Values.commit }}
+        human-connection.org/selector: deployment-maintenance
+      name: maintenance
+    spec:
+      containers:
+        - name: maintenance
+          env:
+            - name: HOST
+              value: 0.0.0.0
+          image: humanconnection/maintenance:latest
+          ports:
+            - containerPort: 80
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
--- a/deployment/helm/human-connection/templates/deployment-neo4j.yaml
+++ b/deployment/helm/human-connection/templates/deployment-neo4j.yaml
@ -35,6 +35,8 @@ spec:
        env:
        - name: NEO4J_dbms_security_procedures_unrestricted
          value: "algo.*,apoc.*"
+        - name: SECURE_FILE_PERMISSIONS
+          value: "yes"
          {{- range $key, $val := .Values.neo4jConfig }}
        - name: NEO4J_{{ $key }}
          value: {{ $val | quote }}
--- a/deployment/helm/human-connection/templates/service-backend.yaml
+++ b/deployment/helm/human-connection/templates/service-backend.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-backend
+spec:
+  ports:
+    - name: graphql
+      port: 4000
+      targetPort: 4000
+  selector:
+    human-connection.org/selector: deployment-backend
--- a/deployment/helm/human-connection/templates/service-maintenance.yaml
+++ b/deployment/helm/human-connection/templates/service-maintenance.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-maintenance
+spec:
+  ports:
+    - name: web
+      port: 80
+      targetPort: 80
+  selector:
+    human-connection.org/selector: deployment-maintenance
--- a/deployment/helm/human-connection/templates/service-neo4j.yaml
+++ b/deployment/helm/human-connection/templates/service-neo4j.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-neo4j
+spec:
+  ports:
+  - name: bolt
+    port: 7687
+    targetPort: 7687
+  - name: web
+    port: 7474
+    targetPort: 7474
+  selector:
+    human-connection.org/selector: deployment-neo4j
--- a/deployment/helm/human-connection/templates/service-webapp.yaml
+++ b/deployment/helm/human-connection/templates/service-webapp.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-webapp
+spec:
+  ports:
+    - name: web
+      port: 3000
+      targetPort: 3000
+  selector:
+    human-connection.org/selector: deployment-webapp