Deploy Immuta without Elasticsearch
Feature availability
If you deploy Immuta without Elasticsearch, several core services and features will be unavailable. See the Deployment requirements page for details.
The guides below outline how to deploy Immuta without Elasticsearch.
This is a guide on how to deploy Immuta on Kubernetes in the following managed public cloud providers:
Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform (GCP)
Prerequisites
The following cloud-managed services must be provisioned before proceeding:
Amazon Web Services (AWS): Amazon RDS for PostgreSQL
Microsoft Azure: Azure Database for PostgreSQL
Google Cloud Platform (GCP): Google Cloud SQL for PostgreSQL
Validation
The PostgreSQL instance's hostname/FQDN is resolvable from within the Kubernetes cluster.
The PostgreSQL instance is accepting connections.
Authenticate with OCI registry
Helm chart availability
The deprecated Immuta Helm chart (IHC) is not available from ocir.immuta.com.
Copy the snippet below and replace the placeholder text with the credentials provided to you by your customer success manager:
echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com
Setup
Create a Kubernetes namespace named
immuta
for Immuta.kubectl create namespace immuta
Switch to namespace
immuta
.kubectl config set-context --current --namespace=immuta
Create a container registry pull secret. Your credentials to authenticate with ocir.immuta.com can be viewed in your user profile at support.immuta.com.
kubectl create secret docker-registry immuta-oci-registry \ --docker-server=https://ocir.immuta.com \ --docker-username="<username>" \ --docker-password="<token>" \ [email protected]
PostgreSQL
Connect to the database as superuser (postgres) by creating an ephemeral container inside the Kubernetes cluster. A shell prompt will not be displayed after executing the
kubectl run
command outlined below. Wait 5 seconds, and then proceed by entering a password.kubectl run pgclient \ --stdin \ --tty \ --rm \ --image docker.io/bitnami/postgresql -- \ psql --host <postgres-fqdn> --username postgres --port 5432 --password
Create an
immuta
role and database.CREATE ROLE immuta with login encrypted password '<postgres-password>'; GRANT immuta TO CURRENT_USER; CREATE DATABASE immuta OWNER immuta; GRANT all ON DATABASE immuta TO immuta; ALTER ROLE immuta SET search_path TO bometadata,public;
Revoke privileges from
CURRENT_USER
as they're no longer required.REVOKE immuta FROM CURRENT_USER;
Enable the
pgcrypto
extension.\c immuta CREATE EXTENSION pgcrypto;
Type
\q
, and then pressEnter
to exit.
Install Immuta
This section demonstrates how to deploy Immuta using the Immuta Enterprise Helm chart once the prerequisite cloud-managed services are configured.
Create a Helm values file named
immuta-values.yaml
with the following content:global: imageRegistry: ocir.immuta.com imagePullSecrets: - name: immuta-oci-registry imageRepositoryMap: immuta/immuta-service: stable/immuta-service immuta/immuta-db: stable/immuta-db immuta/immuta-fingerprint: stable/immuta-fingerprint immuta/audit-service: stable/audit-service immuta/audit-export-cronjob: stable/audit-export-cronjob immuta/classify-service: stable/classify-service immuta/cache: stable/cache audit: enabled: false secure: ingress: enabled: false tls: false extraEnvVars: - name: FeatureFlag_AuditService value: "false" - name: FeatureFlag_detect value: "false" - name: FeatureFlag_auditLegacyViewHide value: "false" postgresql: host: <postgres-fqdn> port: 5432 database: immuta username: immuta password: <postgres-password> ssl: true
Update all placeholder values in the
immuta-values.yaml
file.Deploy Immuta.
helm install immuta immuta/immuta-enterprise \ --values immuta-values.yaml
Validation
Wait for all pods in the namespace to become ready.
kubectl wait --for=condition=Ready pods --all
Determine the name of the Secure service.
kubectl get service --selector "app.kubernetes.io/component=secure" --output template='{{ .metadata.name }}'
Listen on local port
8080
, forwarding TCP traffic to the Secure service's port namedhttp
.kubectl port-forward service/<name> 8080:http
Next steps
Amazon Web Services (AWS)
Configure Ingress to complete your installation and access your Immuta application.
Configure TLS to secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
Microsoft Azure
Configure Ingress to complete your installation and access your Immuta application.
Configure TLS to secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
Google Cloud Platform (GCP)
Configure Ingress to complete your installation and access your Immuta application.
Configure TLS to secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
Last updated
Was this helpful?