Red Hat OpenShift
This is an OpenShift-specific guide on how to deploy Immuta with the following managed services:
Cloud-managed PostgreSQL
Cloud-managed Redis
Cloud-managed Elasticsearch
Prerequisites
Review the following criteria before proceeding with deploying Immuta.
PostgreSQL
The PostgreSQL instance has been provisioned and is actively running.
The PostgreSQL instance's hostname/FQDN is resolvable from within the Kubernetes cluster.
The PostgreSQL instance is accepting connections.
Redis
The Redis instance has been provisioned and is actively running.
The Redis instance's hostname/FQDN is resolvable from within the Kubernetes cluster.
The Redis instance is accepting connections.
Elasticsearch
The Elasticsearch instance has been provisioned and is actively running.
The Elasticsearch instance's hostname/FQDN is resolvable from within the Kubernetes cluster.
The Elasticsearch instance is accepting connections.
Authenticate with OCI registry
Helm chart availability
The deprecated Immuta Helm chart (IHC) is not available from ocir.immuta.com.
Copy the snippet below and replace the placeholder text with the credentials provided to you by your customer success manager:
Setup
Create a new OpenShift project named
immuta
for Immuta.Get the UID range allocated to the project. Each running container's UID must fall within this range. This value will be referenced later on.
Get the GID range allocated to the project. Each running container's GID must fall within this range. This value will be referenced later on.
Switch to project
immuta
.Create a container registry pull secret. Your credentials to authenticate with ocir.immuta.com can be viewed in your user profile at support.immuta.com.
Cloud-managed PostgreSQL
Connecting to the database
There are numerous ways to connect to a PostgreSQL database. This step demonstrates how to connect by creating an ephemeral Kubernetes pod.
Connect to the database as superuser (postgres) by creating an ephemeral container inside the Kubernetes cluster. A shell prompt will not be displayed after executing the
oc run
command outlined below. Wait 5 seconds, and then proceed by entering a password.Create an
immuta
role and database.Revoke privileges from
CURRENT_USER
as they're no longer required.Enable the
pgcrypto
extension.Type
\q
, and then pressEnter
to exit.
Install Immuta
This section demonstrates how to deploy Immuta using the Immuta Enterprise Helm chart once the prerequisite cloud-managed services are configured.
Create a Helm values file named
immuta-values.yaml
with the content below. Because the Ingress resource will be managed by an OpenShift route you will create when configuring Ingress and not the Immuta Enterprise Helm chart,ingress
is set tofalse
below. TLS comes pre-configured with OpenShift, sotls
is also set tofalse
.Update all placeholder values in the
immuta-values.yaml
file.Deploy Immuta.
Validation
Wait for all pods in the namespace to become ready.
Determine the name of the Secure service.
Listen on local port
8080
, forwarding TCP traffic to the Secure service's port namedhttp
.
Next steps
Configure Ingress to complete your installation and access your Immuta application.
Last updated