Skip to content

You are viewing documentation for Immuta version 2021.5.

For the latest version, view our documentation for Immuta SaaS or the latest self-hosted version.

Install Immuta

Audience: System Administrators

Content Summary: This page outlines the supported deployment methods for installing Immuta.

Introduction

We recommended installing Immuta with Kubernetes because of the minimal administration needed to achieve scale and availability, but Immuta can also be installed on a single Docker node. This chapter illustrates how to install Immuta using both of these methods.

Firewall Rules

Immuta Query Engine Port

The required firewall rules depend on whether you will use the Immuta Query Engine or exclusively use integrations. If you only use integrations, port 5432 is optional.

The following firewall rules are required to be opened to any host or network that need access to the Immuta service. Navigate to the tab of the technology you plan to use:

Port Protocol Source
443 TCP Web Service
Port Protocol Source
5432 TCP PostgreSQL
443 TCP Web Service

Kubernetes

Immuta has a Helm chart available for installation on Kubernetes:

Specific guides are available for the following Kubernetes cloud providers:

Supported Software Versions

Immuta supports the Kubernetes distributions outlined below.

Amazon Elastic Kubernetes Service (EKS)

  • 1.21
  • 1.22
  • 1.23
  • 1.24

Azure Kubernetes Service (AKS)

  • 1.22
  • 1.23
  • 1.24

Google Kubernetes Engine (GKE)

  • 1.21
  • 1.22
  • 1.23
  • 1.24

OpenShift

  • 4.7
  • 4.8
  • 4.9
  • 4.10
  • 4.11

Rancher Kubernetes Engine (RKE)

  • 2.6.x

Supported Configurations

Ingress Controller

The Immuta Helm Chart's built-in ingress controller is enabled by default, but will be disabled by default in future versions. If you have production workloads, consider moving away from using the built-in ingress controller.

Kubernetes Distribution Logging Ingress Storage Backup and Restore External Metadata Database
AWS EKS AWS Cloud Watch or third-party logging solution Built-in ingress controller or third-party ingress controller AWS EBS (default storage class in EKS) AWS S3 AWS RDS Postgres (Use the supported version identified in the External Metadata Database Configuration guide.)
Azure EKS Third-party logging solution Built-in ingress controller or third-party ingress controller Azure managed disks (default storage class in AKS) Azure Blob Storage Azure Database for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Google GKE Third-party logging solution Built-in ingress controller or third-party ingress controller Google Cloud Persistent Disks (default storage class in GKE) Google Cloud Storage Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Red Hat OpenShift Third-party logging solution Built-in ingress controller or third-party ingress controller Cloud disks (AWS EBS, Azure managed disks, or Google Cloud Persistent Disks) Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO) Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Rancher RKE Third-party logging solution Built-in ingress controller or third-party ingress controller Cloud Disks (AWS EBS, Azure managed disks, Google Cloud Persistent Disks) Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO) Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)

Helm Implementation

Immuta depends on the Helm functionality outlined below.

  • templates and functions
  • Helm hooks:
    • pre-install
    • pre-upgrade
    • post-upgrade
    • post-delete: This hook is not strictly necessary and is only used to clean up some resources that are not deleted by Helm itself. If the post-delete hook is not supported, some resources may be left on the cluster after running helm delete.

Immuta support ends at our Helm implementation; wrapping Helm in another orchestration tool falls outside the Immuta support window.

Single Node Docker

Single Node Docker Support

Single Node Docker can be used in production environments after a sizing review by the Immuta Customer Success team.

Immuta has a shell script based installation that can be used on a single Docker node:

Single Node Docker Limitations

The following features are unavailable in the Single Node Docker deployment method and are only supported in Kubernetes deployments:

  • automatic backups
  • external metadata database