Kubernetes
Memgraph can be deployed on Kubernetes. The easiest way to do that is with Helm, the package manager for Kubernetes. Helm uses a packaging format called charts. A chart is a collection of files that describe a related set of Kubernetes resources.
Currently, we prepared and released the following charts:
The Helm charts are published on Artifact Hub. For details on the implementation of the Helm charts, check Memgraph Helm charts repository.
Due to numerous possible use cases and deployment setups via Kubernetes, the provided Helm charts are a starting point you can modify according to your needs. This page will highlight some of the specific parts of the Helm charts that you might want to adjust.
Memgraph standalone Helm chart
Memgraph is a stateful application (database), hence the Helm chart for
standalone
Memgraph is
configured to deploy Memgraph as a Kubernetes StatefulSet workload.
It will deploy a single Memgraph instance in a single pod.
Typically, when deploying a stateful application like Memgraph, a StatefulSet
workload is used to ensure that each pod has a unique identity and stable
network identity. When deploying Memgraph, it is also necessary to define a
PersistentVolumeClaims to store the data
directory (/var/lib/memgraph).
This enables the data to be persisted even if the pod is restarted or deleted.
Storage configuration
By default, the Helm chart will create a PersistentVolumeClaim (PVC) for
storage and logs. If the storage class for PVC is not defined, PVC will use the
default one available in the cluster. The storage class can be configured in the
values.yaml file. To avoid losing your data, make sure you have Retain
reclaim policy set on your storage class. If you delete PersistentVolumeClaim
without having Retain reclaim policy, you will lose your data because
PersistentVolume will get deleted too. The alternative to creating a new
storage class is to patch your existing storage class by applying the Retain
policy. This is necessary because the default Kubernetes policy is Delete. The
patching can be done using the following bash script:
#!/bin/bash
# Get all Persistent Volume names
PVS=$(kubectl get pv --no-headers -o custom-columns=":metadata.name")
# Loop through each PV and patch it
for pv in $PVS; do
echo "Patching PV: $pv"
kubectl patch pv $pv -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
done
echo
An example of a storage class for AWS EBS volumes:
```yaml
storageClass:
name: "gp2"
provisioner: "kubernetes.io/aws-ebs"
storageType: "gp2"
fsType: "ext4"
reclaimPolicy: "Retain"
volumeBindingMode: "Immediate"Default template for a storage class is part of the Helm chart and can be found
in the repository. If you don’t want to create a new storage class, set
storageClass.create to false.
More details on the configuration options can be found in the configuration section.
Secrets
The Helm chart allows you to use Kubernetes secrets to store Memgraph
credentials. By default, the secrets are disabled. If you want to use secrets,
you can enable them in the values.yaml file.
The secrets are prepared to work for environment variables MEMGRAPH_USER and MEMGRAPH_PASSWORD.
Probes
Memgraph standalone chart uses startup, readiness and liveness probes. The startup probe is used to determine when a container application has started. The liveness probe is used to determine when a container should be restarted. The readiness probe is used to determine when a container is ready to start accepting traffic. The startup probe will succeed only after the recovery of the Memgraph has finished. Liveness and readiness probes will start after the startup probe succeeds. By default, the startup probe has to succeed within 2 hours. If the recovery from backup takes longer than that, update the configuration to the value that is high enough. The liveness and readiness probe have to succeed at least once in 5 minutes for a pod to be considered ready.
System configuration
The Helm chart will set the linux kernel vm.max_map_count parameter to 262144 by default
to ensure Memgraph won’t run into issues with memory mapping.
The vm.max_map_count parameter is a kernel parameter that specifies the maximum number of memory map areas a process may have.
This change will be applied to all nodes in the cluster. If you want to disable this feature, you can set sysctlInitContainer.enabled to false in the values.yaml file.
Installing Memgraph standalone Helm chart
To include a standalone Memgraph into your Kubernetes cluster, you need to add the repository and install Memgraph.
The steps below will work in the Minikube environment, but you can also use them in other Kubernetes environments with minor adjustments.
Add the repository
Add the Memgraph Helm chart repository to your local Helm setup by running the following command:
helm repo add memgraph https://memgraph.github.io/helm-chartsMake sure to update the repository to fetch the latest Helm charts available:
helm repo updateInstall Memgraph
To install Memgraph Helm chart, run the following command:
helm install <release-name> memgraph/memgraphReplace <release-name> with the name of the release you chose.
When installing a chart, it’s best practice to specify the exact version you want to use. Using the latest tag can lead to issues, as a pod restart may pull a newer image, potentially causing unexpected changes or incompatibilities.
Install Memgraph standalone chart with minikube
If you are installing Memgraph standalone chart locally with minikube, we are strongly recommending to enable csi-hostpath-driver and use its storage class. Otherwise,
you could have problems with attaching PVCs to pods.
- Enable
csi-hostpath-driver
minikube addons disable storage-provisioner
minikube addons disable default-storageclass
minikube addons enable volumesnapshots
minikube addons enable csi-hostpath-driver- Create a storage class with
csi-hostpath-driveras a provider (file sc.yaml)
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-hostpath-delayed
provisioner: hostpath.csi.k8s.io
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete-
kubectl apply -f sc.yaml -
Set
storageClassNametocsi-hostpath-delayedinvalues.yaml
Access Memgraph
Once Memgraph is installed, you can access it using the provided services and
endpoints, such as various client libraries, command-line
interface mgconsole or visual user interface Memgraph
Lab.
Configuration options
The following table lists the configurable parameters of the Memgraph chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.repository | Memgraph Docker image repository | memgraph/memgraph |
image.tag | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | "" (Defaults to chart’s app version) |
image.pullPolicy | Image pull policy | IfNotPresent |
memgraphUserId | The user id that is hardcoded in Memgraph and Mage images | 101 |
memgraphGroupId | The group id that is hardcoded in Memgraph and Mage images | 103 |
useImagePullSecrets | Override the default imagePullSecrets | false |
imagePullSecrets | Specify image pull secrets | - name: regcred |
replicaCount | Number of Memgraph instances to run. Note: no replication or HA support. | 1 |
affinity.nodeKey | Key for node affinity (Preferred) | "" |
affinity.nodeValue | Value for node affinity (Preferred) | "" |
nodeSelector | Constrain which nodes your Memgraph pod is eligible to be scheduled on, based on the labels on the nodes. Left empty by default. | {} |
service.type | Kubernetes service type | ClusterIP |
service.enableBolt | Enable Bolt protocol | true |
service.boltPort | Bolt protocol port | 7687 |
service.enableWebsocketMonitoring | Enable WebSocket monitoring | false |
service.websocketPortMonitoring | WebSocket monitoring port | 7444 |
service.enableHttpMonitoring | Enable HTTP monitoring | false |
service.httpPortMonitoring | HTTP monitoring port | 9091 |
service.annotations | Annotations to add to the service | {} |
service.labels | Labels to add to the service | {} |
persistentVolumeClaim.createStorageClaim | Enable creation of a Persistent Volume Claim for storage | true |
persistentVolumeClaim.storageClassName | Storage class name for the persistent volume claim | "" |
persistentVolumeClaim.storageSize | Size of the persistent volume claim for storage | 10Gi |
persistentVolumeClaim.libStorageAccessMode | Access mode for the PVC of the lib storage | ReadWriteOnce |
persistentVolumeClaim.existingClaim | Use an existing Persistent Volume Claim | memgraph-0 |
persistentVolumeClaim.storageVolumeName | Name of an existing Volume to create a PVC for | "" |
persistentVolumeClaim.createLogStorage | Enable creation of a Persistent Volume Claim for logs | true |
persistentVolumeClaim.logStorageClassName | Storage class name for the persistent volume claim for logs | "" |
persistentVolumeClaim.logStorageSize | Size of the persistent volume claim for logs | 1Gi |
persistentVolumeClaim.createUserClaim | Create a Dynamic Persistant Volume Claim for Configs, Certificates (e.g. Bolt cert ) and rest of User related files | false |
persistentVolumeClaim.userStorageClassName | Storage class name for the persistent volume claim for user storage | "" |
persistentVolumeClaim.userStorageSize | Size of the persistent volume claim for user storage | 1Gi |
persistentVolumeClaim.userStorageAccessMode | Storage Class Access Mode. If you need a different pod to add data into Memgraph (e.g. CSV files) set this to “ReadWriteMany” | ReadWriteOnce |
persistentVolumeClaim.userMountPath | Where to mount the userStorageClass you should set this variable if you are enabling the UserClaim | "" |
memgraphConfig | List of strings defining Memgraph configuration settings | ["--also-log-to-stderr=true"] |
secrets.enabled | Enable the use of Kubernetes secrets for Memgraph credentials | false |
secrets.name | The name of the Kubernetes secret containing Memgraph credentials | memgraph-secrets |
secrets.userKey | The key in the Kubernetes secret for the Memgraph user, the value is passed to the MEMGRAPH_USER env | USER |
secrets.passwordKey | The key in the Kubernetes secret for the Memgraph password, the value is passed to the MEMGRAPH_PASSWORD | PASSWORD |
memgraphEnterpriseLicense | Memgraph Enterprise License | "" |
memgraphOrganizationName | Organization name for Memgraph Enterprise License | "" |
statefulSetAnnotations | Annotations to add to the stateful set | {} |
podAnnotations | Annotations to add to the pod | {} |
resources | CPU/Memory resource requests/limits. Left empty by default. | {} |
tolerations | A toleration is applied to a pod and allows the pod to be scheduled on nodes with matching taints. Left empty by default. | [] |
serviceAccount.create | Specifies whether a service account should be created | true |
serviceAccount.annotations | Annotations to add to the service account | {} |
serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated. | "" |
container.terminationGracePeriodSeconds | Grace period for pod termination | 1800 |
container.livenessProbe.exec | If defined, will be used instead of a default K8s’s probe. | "" |
container.livenessProbe.tcpSocket.port | Port used for TCP connection. Should be the same as bolt port. | 7687 |
container.livenessProbe.failureThreshold | Failure threshold for liveness probe | 20 |
container.livenessProbe.timeoutSeconds | Initial delay for readiness probe | 10 |
container.livenessProbe.periodSeconds | Period seconds for readiness probe | 5 |
container.readinessProbe.exec | If defined, will be used instead of a default K8s’s probe. | "" |
container.readinessProbe.tcpSocket.port | Port used for TCP connection. Should be the same as bolt port. | 7687 |
container.readinessProbe.failureThreshold | Failure threshold for readiness probe | 20 |
container.readinessProbe.timeoutSeconds | Initial delay for readiness probe | 10 |
container.readinessProbe.periodSeconds | Period seconds for readiness probe | 5 |
container.startupProbe.exec | If defined, will be used instead of a default K8s’s probe. | "" |
container.startupProbe.tcpSocket.port | Port used for TCP connection. Should be the same as bolt port. | 7687 |
container.startupProbe.failureThreshold | Failure threshold for startup probe | 1440 |
container.startupProbe.periodSeconds | Period seconds for startup probe | 10 |
nodeSelectors | Node selectors for pod. Left empty by default. | {} |
customQueryModules | List of custom Query modules that should be mounted to Memgraph Pod | [] |
storageClass.create | If set to true, new StorageClass will be created. | false |
storageClass.name | Name of the StorageClass | "memgraph-generic-storage-class" |
storageClass.provisioner | Provisioner for the StorageClass | "" |
storageClass.storageType | Type of storage for the StorageClass | "" |
storageClass.fsType | Filesystem type for the StorageClass | "" |
storageClass.reclaimPolicy | Reclaim policy for the StorageClass | Retain |
storageClass.volumeBindingMode | Volume binding mode for the StorageClass | Immediate |
initContainers | User specific init containers | [] |
sysctlInitContainer.enabled | Enable the init container to set sysctl parameters | true |
sysctlInitContainer.maxMapCount | Value for vm.max_map_count to be set by the init container | 262144 |
sysctlInitContainer.image.repository | Busybox image repository | library/busybox |
sysctlInitContainer.image.tag | Specific tag for the Busybox Docker image | latest |
sysctlInitContainer.image.pullPolicy | Image pull policy for busybox | IfNotPresent |
lifecycleHooks | For the memgraph container(s) to automate configuration before or after startup | [] |
extraVolumes | Optionally specify extra list of additional volumes | [] |
extraVolumeMounts | Optionally specify extra list of additional volumeMounts | [] |
extraEnv | Env variables that users can define | [] |
userContainers.data | Containers that users can specifiy that will be run aside from the main Memgraph container on data instances. | [] |
userContainers.coordinators | Containers that users can specifiy that will be run aside from the main Memgraph container on coordinators. | [] |
To change the default chart values, provide your own values.yaml file during
the installation:
helm install <resource-name> memgraph/memgraph -f values.yamlDefault chart values can also be changed by setting the values of appropriate parameters:
helm install <resource-name> memgraph/memgraph --set <flag1>=<value1>,<flag2>=<value2>,...Memgraph will start with the --also-log-to-stderr=true flag, meaning the logs
will also be written to the standard error output and you can access logs using
the kubectl logs command. To modify other Memgraph database settings, you
should update the memgraphConfig parameter. It should be a list of strings
defining the values of Memgraph configuration settings. For example, this is how
you can define memgraphConfig parameter in your values.yaml:
memgraphConfig:
- "--also-log-to-stderr=true"
- "--log-level=TRACE"For all available database settings, refer to the Configuration settings reference guide.
Memgraph high availability Helm chart
Please continue on our Memgraph high availability Helm chart setup.
Memgraph Lab Helm chart
A Helm chart for deploying Memgraph Lab on Kubernetes.
Installing the Memgraph Lab Helm chart
To install the Memgraph Lab Helm chart, follow the steps below:
helm install <release-name> memgraph/memgraph-labReplace <release-name> with a name of your choice for the release.
Changing the default chart values
To change the default chart values, run the command with the specified set of flags:
helm install <resource-name> memgraph/memgraph-lab --set <flag1>=<value1>,<flag2>=<value2>,...Or you can modify a values.yaml file and override the desired values:
helm install <resource-name> memgraph/memgraph-lab -f values.yamlConfiguration options
The following table lists the configurable parameters of the Memgraph Lab chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.repository | Memgraph Lab Docker image repository | memgraph/memgraph-lab |
image.tag | Specific tag for the Memgraph Lab Docker image. Overrides the image tag whose default is chart version. | "" (Defaults to chart’s app version) |
image.pullPolicy | Image pull policy | IfNotPresent |
replicaCount | Number of Memgraph Lab instances to run. | 1 |
service.type | Kubernetes service type | ClusterIP |
service.port | Kubernetes service port | 3000 |
service.targetPort | Kubernetes service target port | 3000 |
service.protocol | Protocol used by the service | TCP |
service.annotations | Annotations to add to the service | {} |
podAnnotations | Annotations to add to the pod | {} |
resources | CPU/Memory resource requests/limits. Left empty by default. | {} (See note on uncommenting) |
serviceAccount.create | Specifies whether a service account should be created | true |
serviceAccount.annotations | Annotations to add to the service account | {} |
serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated. | "" |
secrets.enabled | Enable the use of Kubernetes secrets. Will be injected as env variables. | false |
secrets.name | The name of the Kubernetes secret that will be used. | memgraph-secrets |
secrets.keys | Keys from the secrets.name that will be stored as env variables inside the pod. | [] |
Memgraph Lab can be further configured with environment variables in your
values.yaml file.
env:
- name: QUICK_CONNECT_MG_HOST
value: memgraph
- name: QUICK_CONNECT_MG_PORT
value: "7687"
- name: KEEP_ALIVE_TIMEOUT_MS
value: 65000In case you added Nginx Ingress service or web server for a reverse proxy, update the following proxy timeout annotations to avoid potential timeouts:
proxy_read_timeout X;
proxy_connect_timeout X;
proxy_send_timeout X;where X is the number of seconds the connection (request query) can be alive.
Additionally, update the Memgraph Lab KEEP_ALIVE_TIMEOUT_MS environment
variable to a higher value to ensure that Memgraph Lab stays connected to Memgraph
when running queries over 65 seconds.
Refer to the Memgraph Lab documentation for details on how to configure Memgraph Lab.
kube