Getting Started

The instructions and how-to guides on this page illustrate how to install Immuta in your Kubernetes environment. If you are upgrading Immuta, navigate to the Upgrade section instead.

Prerequisites and requirements

Use a supported version of Kubernetes.
Use Helm 3.2.0 or newer (When using a Helm version older than 3.8.0, enable OCI experimental mode by exporting environment variable HELM_EXPERIMENTAL_OCI=1).
Deploy the services listed on the Deployment requirements guide. See the recommendations table for guidance for specific cloud providers.
Grant RBAC permissions to create Kubernetes resources in the cluster.

Pull the Immuta Enterprise Helm chart

Navigate to the Immuta releases page to obtain the Kubernetes Helm Installation Credentials to authenticate with Immuta's Helm registry.
Copy the snippet below and replace the placeholder text with the credentials you obtained in the previous step to add the Helm repository:
```
echo <token> | helm repo add --username <username> --password-stdin immuta https://archives.immuta.com/charts
```
--pass-credentials flag

If you encounter an unauthorized error when adding the Immuta Enterprise Helm chart (IEHC), run helm repo add --pass-credentials.

Usernames and passwords are only passed to the URL location of the Helm repository by default. The username and password are scoped to the scheme, host, and port of the Helm repository. To pass the username and password to other domains Helm may encounter when it goes to retrieve a chart, the new --pass-credentials flag can be used. This flag restores the old behavior for a single repository as an opt-in behavior.

If you use a username and password for a Helm repository, you can audit the Helm repository in order to check for another domain that could have received the credentials. In the index.yaml file for that repository, look for another domain in the URL's list for the chart versions. If there is another domain found and that chart version is pulled or installed, the credentials will be passed on.
Run the commands below to pull the latest Immuta Enterprise Helm chart or a specific version of the Immuta Enterprise Helm chart:
- Latest chart:
```
helm pull immuta/immuta-enterprise
```
- Specific version:
```
helm pull immuta/immuta-enterprise --version 2024.2.2
```

Install Immuta

Immuta can be installed on any Kubernetes cluster. Select a guide below that corresponds to your Kubernetes distribution to install Immuta. If your distribution is not listed below (such as K3s or RKE2), follow the generic installation instructions:

Managed public cloud: This guide includes instructions for
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Microsoft Azure Kubernetes Service (AKS)
Red Hat OpenShift
Generic installation

Configure Ingress

To complete your installation and access the Immuta application, configure Ingress.

Additional recommendations

The configuration section includes guidance for various scenarios you may encounter during and post-deployment. Below are several guides from that section that most customers follow to complete their deployment of Immuta, but none of these is a requirement for the Immuta installation to work.

TLS configuration: Secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
Immuta in production: Follow these best practices for configuring your deployment for a production environment.
External cache configuration: The Immuta Enterprise Helm chart manages its own Memcached deployment inside the cluster. However, you can opt to externalize the key-value cache post-installation.