The instructions and how-to guides on this page illustrate how to install Immuta in your Kubernetes environment. If you are upgrading Immuta, navigate to the Upgrade section instead.
Use a supported version of Kubernetes.
Use Helm 3.2.0 or newer (When using a Helm version older than 3.8.0, enable OCI experimental mode by exporting environment variable HELM_EXPERIMENTAL_OCI=1
.)
Deploy the services listed on the Deployment requirements guide. See the recommendations table for guidance for specific cloud providers.
Grant RBAC permissions to create Kubernetes resources in the cluster.
Consult the upgrade overview if unsure which Helm chart to use.
Helm chart availability
The deprecated Immuta Helm chart (IHC) is not available from ocir.immuta.com.
Copy the snippet below and replace the placeholder text with the credentials provided to you by your Immuta support professional:
Obtain the Kubernetes Helm Installation Credentials to authenticate with Immuta's Helm registry from your Immuta support professional
Copy the snippet below and replace the placeholder text with the credentials you obtained in the previous step to add the Helm repository:
(Optional) Fetch the latest chart information from the repository:
List all available versions of the chart.
Immuta Enterprise Helm chart (IEHC):
Immuta Helm chart (IHC):
--pass-credentials flag
If you encounter an unauthorized error when adding the Immuta Enterprise Helm chart (IEHC), run helm repo add --pass-credentials
.
Usernames and passwords are only passed to the URL location of the Helm repository by default. The username and password are scoped to the scheme, host, and port of the Helm repository. To pass the username and password to other domains Helm may encounter when it goes to retrieve a chart, the new --pass-credentials
flag can be used. This flag restores the old behavior for a single repository as an opt-in behavior.
If you use a username and password for a Helm repository, you can audit the Helm repository in order to check for another domain that could have received the credentials. In the index.yaml
file for that repository, look for another domain in the URL's list for the chart versions. If there is another domain found and that chart version is pulled or installed, the credentials will be passed on.
Immuta can be installed on any Kubernetes cluster. Select a guide below that corresponds to your Kubernetes distribution to install Immuta. If your distribution is not listed below (such as K3s or RKE2), follow the generic installation instructions:
Managed public cloud: This guide includes instructions for
Amazon Elastic Kubernetes Service (EKS)
Google Kubernetes Engine (GKE)
Microsoft Azure Kubernetes Service (AKS)
To complete your installation and access the Immuta application, configure Ingress.
The configure section includes guidance for various scenarios you may encounter during and post-deployment. Below are several guides from that section that most customers follow to complete their deployment of Immuta, but none of these is a requirement for the Immuta installation to work.
TLS configuration: Secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
Immuta in production: Follow these best practices for configuring your deployment for a production environment.
External cache configuration: The Immuta Enterprise Helm chart manages its own Memcached deployment inside the cluster. However, you can opt to externalize the key-value cache post-installation.