Skip to content

You are viewing documentation for Immuta version 2.8.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Immuta Helm Chart Options

Audience: System Administrators

Content Summary: This page illustrates all the configurable parameters for the Immuta Helm Chart.

Global

Parameter Description Default
immutaVersion Version of Immuta <Current Immuta Version>
imageTag Docker image tag <Current Version Tag>
imagePullPolicy Image pull policy IfNotPresent
imagePullSecrets List of image pull secrets to use [immuta-registry]
externalHostname External hostname assigned to this immuta instance. nil
global.podAnnotations Annotations to be set on all pods. {}
global.podLabels Labels that will be set on all pods. {}

Backup

Parameter Description Default
backup.enabled Whether or not to turn on automatic backups true
backup.restore.enabled Whether or not to restore from backups if present false
backup.schedule Kubernetes CronJob schedule expression 0 0 * * *
backup.successfulJobsHistoryLimit Number of successful jobs to exist before cleanup 3
backup.failedJobsHistoryLimit Number of failed jobs to exist before stopping 1
backup.maxBackupCount Max number of backups to exist at a given time 10
backup.keepBackupVolumes Whether or not to delete backup volumes when uninstalling Immuta false
backup.type Backup storage type. Must be defined if backup.enabled is true. Must be one of: s3, gs, or azblob. nil

Pod / Service Account Metadata

Parameter Description Default
backup.podAnnotations Annotations to add to all pods associated with backups nil
backup.podLabels Labels to add to all pods associated with backups. nil
backup.serviceAccountAnnotations Annotations to add to all ServiceAccounts associated with backups. nil
backup.cronJob.nodeSelector Node selector for backup cron job. {"kubernetes.io/os": "linux"}
backup.cronJob.tolerations Tolerations for backup cron job. nil

AWS S3 Backups

Parameter Description Default
backup.s3.awsAccessKeyId AWS Access Key ID nil
backup.s3.awsSecretAccessKey AWS Secret Access Key nil
backup.s3.awsRegion AWS Region nil
backup.s3.bucket S3 Bucket to store backups in nil
backup.s3.bucketPrefix Prefix to append to all backups nil

Azure Blob Storage

Parameter Description Default
backup.azblob.azStorageAccount Azure Storage Account Name nil
backup.azblob.azStorageKey Azure Storage Account Key nil
backup.azblob.azStorageSASToken Azure Storage Account SAS Token nil
backup.azblob.container Azure Storage Account Container Name nil
backup.azblob.containerPrefix Prefix to append to all backups nil

Google Cloud Storage

Parameter Description Default
backup.gs.gsKeySecretName Kubernetes Secret containing key.json for Google Service Account nil
backup.gs.bucket Google Cloud Storage Bucket nil
backup.gs.bucketPrefix Prefix to append to all backups nil

Immuta TLS

Parameter Description Default
tls.enabled Whether or not to use TLS. true
tls.create Whether or not to generate TLS certificates. true
tls.manageGeneratedSecret When true, the generated TLS secret will be created as a resource of the Helm chart. false
tls.secretName Secret name to use for internal and external communication. (For self-provided certs only) nil
tls.enabledInternal Whether or not to use TLS for all internal communication. true
tls.internalSecretName Secret name to use for internal communication. (For self-provided certs only) nil
tls.enabledExternal Whether or not to use TLS for all external communication. true
tls.externalSecretName Secret name to use for external communication. (For self-provided certs only) nil
tls.manageGeneratedSecret may cause issues with helm install.

In most cases, tls.manageGeneratedSecret should only be set to true when Helm is not being used to install the release (i.e., Argo CD).

If tls.manageGeneratedSecret is set to true when used with the default TLS generation hook configuration, you will encounter an error similar to the following.

Error: secrets "immuta-tls" already exists

You can work around this error by configuring the TLS generation hook to run as a post-install hook.

hooks:
  tlsGeneration:
    hookAnnotations:
      helm.sh/hook: post-install

However, this configuration is not compatible with helm install --wait. If the --wait flag is used, the command will timeout and fail.

Web Service

Parameter Description Default
web.imageRepository Docker repository to pull for Immuta service image registry.immuta.com/immuta/immuta-service
web.imageTag Docker tag to pull for Immuta service image {{ .Values.imageTag }}
web.replicas Number of replicas of web service to deploy 2
web.workerCount Number of web service worker processes to deploy 2
web.threadPoolSize Number of threads to use for each NodeJS process. nil
web.ingress.clientMaxBodySize client_max_body_size passed through to nginx. 1g
web.resources See Resource Limits for more. {}
web.podAnnotations Additional annotations to apply to web pods. {}
web.podLabels Additional labels to apply to web pods. {}
web.nodeSelector Node selector for web pods. {"kubernetes.io/os": "linux"}
web.tolerations Tolerations for web pods. nil

Fingerprint Service

Parameter Description Default
fingerprint.imageRepository Docker repository to pull for Immuta fingerprint image. registry.immuta.com/immuta/immuta-fingerprint
fingerprint.imageTag Docker tag to pull for Immuta fingerprint image. {{ .Values.imageTag }}
fingerprint.replicas Number of replicas of fingerprint service to deploy. 2
fingerprint.resources See Resource Limits for more. {}
fingerprint.podAnnotations Additional annotations to apply to fingerprint pods. {}
fingerprint.podLabels Additional labels to apply to fingerprint pods. {}
fingerprint.nodeSelector Node selector for fingerprint pods. {"kubernetes.io/os": "linux"}
fingerprint.tolerations Tolerations for fingerprint pods. nil

Metadata Database

Parameter Description Default
database.imageRepository Docker repository to pull for Immuta database image registry.immuta.com/immuta/immuta-db
database.imageTag Docker tag to pull for Immuta database image {{ .Values.imageTag }}
database.replicas Number of database replicas 2
database.password Password for immuta metadata database secret
database.superuserPassword Password for PostgreSQL superuser secret
database.replicationPassword Password for replication user. secret
database.patroniApiPassword Password for Patroni REST API. secret
database.resources See Resource Limits for more. {}
database.podAnnotations Additional annotations to apply to database pods. {}
database.podLabels Additional labels to apply to database pods. {}
database.nodeSelector Node selector for database pods. {"kubernetes.io/os": "linux"}
database.tolerations Tolerations for database pods. nil

Query Engine

Parameter Description Default
queryEngine.imageRepository Docker repository to pull for Immuta database image registry.immuta.com/immuta/immuta-db
queryEngine.imageTag Docker tag to pull for Immuta database image {{ .Values.imageTag }}
queryEngine.replicas Number of database replicas 2
queryEngine.password Password for immuta feature store database secret
queryEngine.superuserPassword Password for PostgreSQL superuser. secret
queryEngine.replicationPassword Password for replication user. secret
queryEngine.patroniApiPassword Password for Patroni REST API. secret
queryEngine.immutaResources See Resource Limits for more. {}
queryEngine.service Service configuration for Query Engine service if not using an Ingress Controller.
queryEngine.podAnnotations Additional annotations to apply to Query Engine pods. {}
queryEngine.podLabels Additional labels to apply to Query Engine pods. {}
queryEngine.nodeSelector Node selector for Query Engine pods. {"kubernetes.io/os": "linux"}
queryEngine.tolerations Tolerations for Query Engine pods. nil

Memcached

Parameter Description Default
memcached.memcached.maxItemMemory Max memory for items (in MB). 64
memcached.pdbMinAvailable Minimum pdb available. 1
memcached.memcached.maxItemMemory Limit for max item memory in cache. 64
memcached.resources See Resource Limits for more. {}
memcached.podAnnotations Additional annotations to apply to memcached pods. {}
memcached.podLabels Additional labels to apply to memcached pods. {}
memcached.nodeSelector Node selector for memcached pods. {"kubernetes.io/os": "linux"}
memcached.tolerations Tolerations for memcached pods. nil

Ingress Controller

Parameter Description Default
nginxIngress.enabled Enable nginx ingress deployment true
nginxIngress.controller.service.type Controller service type ClusterIP
nginxIngress.controller.service.isInternal Whether or not to use an internal ELB false
nginxIngress.controller.service.acmCertArn ARN for ACM certificate
nginxIngress.controller.replicas Number of controller replicas 1
nginxIngress.controller.minReadySeconds Minimum ready seconds 0
nginxIngress.controller.electionID Election ID for nginx ingress controller ingress-controller-leader
nginxIngress.controller.hostNetwork Run nginx ingress controller on host network false
nginxIngress.controller.config.proxy-read-timeout Controller proxy read timeout. 300
nginxIngress.controller.config.proxy-send-timeout Controller proxy send timeout. 300
nginxIngress.controller.podAnnotations Additional annotations to apply to nginx ingress controller pods. {}
nginxIngress.controller.podLabels Additional labels to apply to nginx ingress controller pods. {}
nginxIngress.controller.nodeSelector Node selector for nginx ingress controller pods. {"kubernetes.io/os": "linux"}
nginxIngress.controller.tolerations Tolerations for nginx ingress controller pods. nil