Install Immuta
Audience: System Administrators
Content Summary: This page outlines the supported deployment methods for installing Immuta.
Introduction
We recommended installing Immuta with Kubernetes because of the minimal administration needed to achieve scale and availability, but Immuta can also be installed on a single Docker node. This chapter illustrates how to install Immuta using both of these methods.
Firewall Rules
Immuta Query Engine Port
The required firewall rules depend on whether you will use the Immuta Query Engine or exclusively use integrations. If you only use integrations, port 5432 is optional.
The following firewall rules are required to be opened to any host or network that need access to the Immuta service. Navigate to the tab of the technology you plan to use:
| Port | Protocol | Source |
|---|---|---|
| 443 | TCP | Web Service |
| Port | Protocol | Source |
|---|---|---|
| 5432 | TCP | PostgreSQL |
| 443 | TCP | Web Service |
Kubernetes
Immuta has a Helm chart available for installation on Kubernetes:
Specific guides are available for the following Kubernetes cloud providers:
Supported Software Versions
Immuta supports the Kubernetes distributions outlined below.
Amazon Elastic Kubernetes Service (EKS)
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
Azure Kubernetes Service (AKS)
- 1.22
- 1.23
- 1.24
- 1.25
Google Kubernetes Engine (GKE)
- 1.21
- 1.22
- 1.23
- 1.24
- 1.25
OpenShift
- 4.9
- 4.10
- 4.11
Rancher Kubernetes Engine (RKE)
- 2.6.x
Supported Configurations
Ingress Controller
The Immuta Helm Chart's built-in ingress controller is enabled by default, but will be disabled by default in future versions. If you have production workloads, consider moving away from using the built-in ingress controller.
| Kubernetes Distribution | Logging | Ingress | Storage | Backup and Restore | External Metadata Database |
|---|---|---|---|---|---|
| AWS EKS | AWS Cloud Watch or third-party logging solution | Built-in ingress controller or third-party ingress controller | AWS EBS (default storage class in EKS) | AWS S3 | AWS RDS Postgres (Use the supported version identified in the External Metadata Database Configuration guide.) |
| Azure EKS | Third-party logging solution | Built-in ingress controller or third-party ingress controller | Azure managed disks (default storage class in AKS) | Azure Blob Storage | Azure Database for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.) |
| Google GKE | Third-party logging solution | Built-in ingress controller or third-party ingress controller | Google Cloud Persistent Disks (default storage class in GKE) | Google Cloud Storage | Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.) |
| Red Hat OpenShift | Third-party logging solution | Built-in ingress controller or third-party ingress controller | Cloud disks (AWS EBS, Azure managed disks, or Google Cloud Persistent Disks) | Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO) | Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.) |
| Rancher RKE | Third-party logging solution | Built-in ingress controller or third-party ingress controller | Cloud Disks (AWS EBS, Azure managed disks, Google Cloud Persistent Disks) | Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO) | Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.) |
Helm Implementation
Immuta depends on the Helm functionality outlined below.
- templates and functions
- Helm hooks:
- pre-install
- pre-upgrade
- post-upgrade
- post-delete: This hook is not strictly necessary and is only used to clean up some resources that are not deleted
by Helm itself. If the post-delete hook is not supported, some resources may be left on the cluster after
running
helm delete.
Immuta support ends at our Helm implementation; wrapping Helm in another orchestration tool falls outside the Immuta support window.
Single Node Docker
Single Node Docker Support
Single Node Docker can be used in production environments after a sizing review by the Immuta Customer Success team.
Immuta has a shell script based installation that can be used on a single Docker node:
Single Node Docker Limitations
The following features are unavailable in the Single Node Docker deployment method and are only supported in Kubernetes deployments:
- automatic backups
- external metadata database