Immuta comprises three core services (Secure, Discover, and Detect) that rely on PostgreSQL and Elasticsearch to store their states. The illustration below shows the relationships among these services.
The Immuta Enterprise Helm chart (IEHC) (represented by the yellow box above) does not deploy PostgreSQL or Elasticsearch, so you must deploy and manage them separately.
Although Immuta recommends using Elasticsearch because it supports several new Immuta features and services, you can deploy Immuta without Elasticsearch. The table below outlines the Immuta features supported with and without Elasticsearch and the dependencies you must deploy and manage yourself.
| Immuta with Elasticsearch | Immuta without Elasticsearch | |
|---|---|---|
For guidance on how to configure the IEHC to deploy Immuta with or without Elasticsearch, see one of the guides below:
For more information about legacy features and services no longer enabled in the recommended deployment of Immuta, see the Legacy features and services section.
| Kubernetes distribution | Kubernetes versions |
|---|---|
PostgreSQL incompatibilities
Immuta is not compatible with PostgreSQL abstraction layers, such as Amazon Aurora.
PostgreSQL 15.0 or newer
The pgcrypto extension must be enabled
Elasticsearch v7 API or newer
OpenSearch compatible with Elasticsearch v7 API or newer
Built-in cache
The IEHC manages its own Memcached deployment inside the cluster. The key-value cache can optionally be externalized post installation.
Redis 7.0 or newer
Memcached 1.6 or newer
Some legacy services and features are no longer enabled in the recommended configuration of the IEHC. The table below lists these features and provides links to documentation that outlines how to enable them in Immuta.
Follow the Getting started guide to install Immuta.
| Kubernetes distribution | Ingress | External metadata database | External Elasticsearch |
|---|---|---|---|
| Feature | Immuta Enterprise Helm chart configuration |
|---|---|
Amazon Elastic Kubernetes Service (EKS)
AWS Load Balancer Controller
Azure Kubernetes Service (AKS)
Azure Application Gateway Ingress Controller
Google Kubernetes Engine (GKE)
GKE Ingress Controller
Red Hat OpenShift
OpenShift Ingress Operator
SUSE Rancher Government (RKE2)
Ingress NGINX Controller
SUSE K3s - For evaluation purposes only
Traefik
Legacy audit
Set each of the following secure.extraEnvVars in your immuta-values.yaml file to false:
FeatureFlag_AuditService
FeatureFlag_detect
FeatureFlag_auditLegacyViewHide
Legacy sensitive data discovery
Data platforms
Amazon Redshift
Azure Synapse Analytics
Google BigQuery
Policies
Masking with format preserving masking (unless using the Snowflake integration)
Masking with k-anonymization
Masking using randomized response (unless using the Snowflake integration)
Dependencies
Immuta Detect
Audit of Immuta and data platform events
Legacy audit
Immuta Monitors
Sensitive data discovery
Elastic Kubernetes Service (EKS)
1.25 - 1.29
Azure Kubernetes Service (AKS)
1.27 - 1.29
Google Kubernetes Engine (GKE)
1.26 - 1.29
Red Hat OpenShift
1.25 - 1.29
SUSE Rancher Government (RKE2)
1.25 - 1.29
SUSE K3s - For evaluation purposes only
1.25 - 1.29
(Until October 2024)