Install Immuta

This section illustrates how to install Immuta using Kubernetes, which requires minimal administration to achieve scale and availability.

Firewall Rules

Immuta Query Engine Port

The required firewall rules depend on whether you will use the Immuta Query Engine or exclusively use integrations. If you only use integrations, port 5432 is optional.

The following firewall rules are required to be opened to any host or network that need access to the Immuta service. Navigate to the tab of the technology you plan to use:

IntegrationsImmuta Query Engine

Port	Protocol	Source
443	TCP	Web Service

Port	Protocol	Source
5432	TCP	PostgreSQL
443	TCP	Web Service

Kubernetes Providers

Immuta has a Helm chart available for installation on Kubernetes:

Helm Installation on Kubernetes

Specific guides are available for the following Kubernetes cloud providers:

Supported Software Versions

Immuta supports the Kubernetes distributions outlined below.

Amazon Elastic Kubernetes Service (EKS)

1.23
1.24
1.25
1.26
1.27

Azure Kubernetes Service (AKS)

1.24
1.25
1.26
1.27

Google Kubernetes Engine (GKE)

1.23
1.24
1.25
1.26
1.27

OpenShift

4.9
4.10
4.11

Rancher Kubernetes Engine (RKE)

2.6.x
2.7.x

Supported Configurations

Ingress Controller

The Immuta Helm Chart's built-in ingress controller is enabled by default, but will be disabled by default in future versions. If you have production workloads, consider moving away from using the built-in ingress controller.

Kubernetes Distribution	Logging	Ingress	Storage	Backup and Restore	External Metadata Database
AWS EKS	AWS Cloud Watch or third-party logging solution	Built-in ingress controller or third-party ingress controller	AWS EBS (default storage class in EKS)	AWS S3	AWS RDS Postgres (Use the supported version identified in the External Metadata Database Configuration guide.)
Azure EKS	Third-party logging solution	Built-in ingress controller or third-party ingress controller	Azure managed disks (default storage class in AKS)	Azure Blob Storage	Azure Database for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Google GKE	Third-party logging solution	Built-in ingress controller or third-party ingress controller	Google Cloud Persistent Disks (default storage class in GKE)	Google Cloud Storage	Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Red Hat OpenShift	Third-party logging solution	Built-in ingress controller or third-party ingress controller	Cloud disks (AWS EBS, Azure managed disks, or Google Cloud Persistent Disks)	Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO)	Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)
Rancher RKE2	Third-party logging solution	Built-in ingress controller or third-party ingress controller	Cloud Disks (AWS EBS, Azure managed disks, Google Cloud Persistent Disks)	Cloud storage (S3, Azure Blob, Google Cloud Storage) or self-hosted object storage (such as MinIO)	Cloud-managed PostgreSQL, such as AWS RDS Postgres, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL (Use the supported version identified in the External Metadata Database Configuration guide.)

Helm Implementation

Immuta depends on the Helm functionality outlined below.

templates and functions
Helm hooks:
- pre-install
- pre-upgrade
- post-upgrade
- post-delete: This hook is not strictly necessary and is only used to clean up some resources that are not deleted by Helm itself. If the post-delete hook is not supported, some resources may be left on the cluster after running helm delete.

Immuta support ends at our Helm implementation; wrapping Helm in another orchestration tool falls outside the Immuta support window.