Upgrade Helm

Using a Kubernetes namespace

If deploying Immuta into a Kubernetes namespace other than the default, you must include the --namespace option into all helm and kubectl commands provided throughout this section.

Helm Upgrade Process

1 - Check Environment

1.1 - Check Helm Version

  • Immuta's Helm Chart requires Helm version 3+.

  • New installations of Immuta must use the latest version of Helm 3 and Immuta's latest Chart.

Run helm version to verify the version of Helm you are using:

version.BuildInfo{Version:"v3.0.2", GitCommit:"19e47ee3283ae98139d98460de796c1be1e3975f", GitTreeState:"clean", GoVersion:"go1.13.5"}

1.2 - Configure Immuta's Helm Chart Repo

In order to deploy Immuta to your Kubernetes cluster, you must be able to access the Immuta Helm Chart Repository and the Immuta Docker Registry. You can obtain credentials from your Immuta support professional.

Run helm repo list to ensure Immuta's Helm Chart repository has been successfully added:

Example Output

NAME            URL
stable          https://kubernetes-charts.storage.googleapis.com
local           http://127.0.0.1:8879/charts
immuta          https://archives.immuta.com/charts

If you do not create a Kubernetes Image Pull Secret, installation will fail.

You must create a Kubernetes Image Pull Secret in the namespace that you are deploying Immuta in, or the installation will fail.

Run kubectl get secrets to confirm your Kubernetes image pull secret is in place:

Example Output

NAME                  TYPE                                  DATA   AGE
immuta-registry       kubernetes.io/dockerconfigjson        1      5s

1.3 - Check/Update Your Local Immuta Helm Chart Version

No Rollback

Immuta's migrations to your database are one way; this means that there is no way to revert back to an earlier version of the software. If you must rollback, you will need to backup and delete what you have and then proceed to restore from the backup to the appropriate version of the software.

No Modifying Persistence

Once persistence is set to either true or false for the database or query-engine, it cannot be changed for the deployment. Modifying persistence will require a fresh installation or a full backup and restore procedure as per Method B: Complete Backup and Restore Upgrade.

Run helm search repo immuta to check the version of your local copy of Immuta's Helm Chart:

Example Output

NAME          CHART VERSION APP VERSION DESCRIPTION
immuta/immuta 4.4.1         2.7.0       The Immuta

Update your local Chart by running helm repo update.

To perform an upgrade without upgrading to the latest version of the Chart, run helm list to determine the Chart version of the installed release, and then specify that version using the --version argument of helm repo update.

1.4 - Confirm Connectivity with Your Current Immuta Helm Installation

Run helm list to confirm Helm connectivity and verify the current Immuta installation:

Example Output

NAME  REVISION  UPDATED                   STATUS    CHART         APP VERSION NAMESPACE
test  1         Tue Dec 17 01:04:36 2019  DEPLOYED  immuta-4.2.3  2.6.0       ns

Make note of:

  • NAME - This is the '<YOUR RELEASE NAME>' that will be used in the remainder of these instructions.

  • CHART - This is the version of Immuta's Helm Chart that your instance was deployed under.

1.5 - Confirm Access to the Helm Values Used in Your Current Immuta Installation

You will need the Helm values associated with your installation, which are typically stored in an immuta-values.yaml file. If you do not possess the original values file, these can be extracted from the existing installation using:

helm get values <YOUR RELEASE NAME> > immuta-values.yaml

2 - Determine Your Upgrade Path

Select your method:

  • Method B - Backup and Restore: This method is intended primarily for recovery scenarios and is only to be used if you have been advised to by an Immuta representative. Reach out to your Immuta representative for instructions.

Rocky Linux 9

Review the potential impacts of Immuta's Rocky Linux 9 upgrade to your environment before proceeding:

ODBC Drivers

Your ODBC drivers should use a driver compatible with Enterprise Linux 9 or Red Hat Enterprise Linux 9.

Container Runtimes

You must run a supported version of Kubernetes.

OpenSSL 3.0

CentOS Stream 9 uses OpenSSL 3.0, which has deprecated support for older insecure hashes and TLS versions, such as TLS 1.0 and TLS 1.1. This shouldn't impact you unless you are using an old, insecure certificate. In that case, the certificate will no longer work. See the OpenSSL migration guide for more information.

FIPS Environments

If you run Immuta 2022.5.x containers in a FIPS-enabled environment, they will now fail. Helm Chart 4.11 contains a feature for you to override the openssl.cnf file, which can be used to allow Immuta to run in your environment, mimicking the CentOS 7 behavior.

After you make any desired changes in your immuta-values.yaml file, you can apply these changes by running helm upgrade:

helm upgrade <YOUR RELEASE NAME> immuta/immuta \
    --values immuta-values.yaml
    --version <YOUR DESIRED CHART VERSION>

Note: Errors in upgrades can result when upgrading Chart versions on the installation. These are typically easily resolved by making slight modifications of your values to accommodate the changes in the Chart. Downloading an updated copy of the immuta-values.yaml and comparing to your existing values is often a great way to debug such occurrences.

If you are on Kubernetes 1.22+, remove nginxIngress.controller.image.tag=v0.49.3 when upgrading; otherwise, your ingress service may not start after the upgrade.

Last updated

Other versions

SaaS2024.32024.2

Copyright © 2014-2024 Immuta Inc. All rights reserved.