cancel
Showing results for 
Search instead for 
Did you mean: 

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

No update password when doing helm upgrade

ticapix
Node Link

Hello,

After a first install of neo4j-4.1.1 with helm and automatic generated password , I'm doing an upgrade with

helm upgrade --install --atomic --cleanup-on-fail --values neo4j_values.yml db https://github.com/neo4j-contrib/neo4j-helm/archive/4.1.1-4.tar.gz

and values.yml contains

acceptLicenseAgreement: "yes"
neo4jPassword: test1
plugins: "[\"apoc\", \"n10s\"]"
core:
  standalone: true
  persistentVolume:
    size: 10Gi # might be needed later to get more space
  service:
    type: NodePort # expose service to Internet. default: ClusterIP

The issue is that the password is not updated.

The secret is updated
The variable NEO4J_AUTH used by the docker-entrypoint.sh seems to be ok.
Even if I open a shell in the running neo4j container and run neo4j-admin set-initial-password test1, then kill the pod, the new password is not taken into account.

Any reason for this behavior or is that a bug ?

Best regards,

1 ACCEPTED SOLUTION

It isn't a bug, it's a misunderstanding about what happens.

When you install the helm chart for the first time, it creates the user with this setting. That user in turn gets persisted to the system database within neo4j. Subsequently to that, you can't change the password because you already have that user with an established password.

The way to change the password after system install, is to use cypher and the regular built-in procedures for modifying a user's password. The password option in the helm chart is just a cold-start "first time" affordance for deploys

View solution in original post

2 REPLIES 2

It isn't a bug, it's a misunderstanding about what happens.

When you install the helm chart for the first time, it creates the user with this setting. That user in turn gets persisted to the system database within neo4j. Subsequently to that, you can't change the password because you already have that user with an established password.

The way to change the password after system install, is to use cypher and the regular built-in procedures for modifying a user's password. The password option in the helm chart is just a cold-start "first time" affordance for deploys

Ran into this after a bit of debugging - might be worth mentioning this in the helm docs and values.yaml comments?

Especially since the chart lets you hook up to a k8s secret, we figured we might be able to pipe in a rotated secret via our SecretManager.