Immuta in an Air-Gapped Environment

This page provides one possible way to download and package Immuta artifacts for consumption on a separate network with no Internet access.

Install Skopeo

The commands on this page copy the Immuta images from the registry to the local host and export to tarball using skopeo. Install skopeo by following the instructions in the Skopeo GitHub repository.

Authenticate Skopeo to the Immuta registry

Copy the snippet below and replace the placeholder text with the credentials provided by your Immuta representative:

skopeo login https://ocir.immuta.com -u <username> -p <password>

Copy images from the Immuta registry

The IMMUTA_LEGACY_IMAGES noted below are only required if the deployment still requires the Immuta query engine or fingerprint service. If not, those legacy images can be omitted.

export IMMUTA_VERSION=2024.2.12
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker://ocir.immuta.com/stable/${image}:${IMMUTA_VERSION} docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar;
done

Pull the Immuta Enterprise Helm chart (IEHC)

  1. Copy the snippet below and replace the placeholder text with the credentials provided by your Immuta representative:

    echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com
  2. Download the IEHC for the current Immuta release:

    helm pull oci://ocir.immuta.com/stable/immuta-enterprise --version 2024.2.12

Push images to the private registry

After transferring the Immuta container images and IEHC to your air-gapped network, load them into the container registry there after authenticating.

export PRIVATE_REGISTRY=your.private-registry.com
export IMMUTA_VERSION=2024.2.12
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
  skopeo copy docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar docker://${PRIVATE_REGISTRY}/immuta/${image}:${IMMUTA_VERSION};
done

Install from IEHC tarball

Override the image registry in the Helm chart values overrides:

immuta-values.yaml
---
global:
  imageRegistry: your.private-registry.com
  imageRepositoryMap:
    immuta/immuta-service: immuta/immuta-service
    immuta/immuta-db: immuta/immuta-db
    immuta/immuta-fingerprint: immuta/immuta-fingerprint
    immuta/audit-service: immuta/audit-service
    immuta/audit-export-cronjob: immuta/audit-export-cronjob
    immuta/classify-service: immuta/classify-service
    immuta/cache: immuta/cache

The IEHC can be referenced via filename if there is no Helm chart repository on the destination network:

helm upgrade --install immuta ./immuta-enterprise-2024.2.12.tgz -f immuta-values.yaml

Last updated

Other versions

SaaS2024.32024.1

Copyright © 2014-2024 Immuta Inc. All rights reserved.