This guide demonstrates how to update credentials referenced in the Immuta Enterprise Helm chart (IEHC).
Validate that secret immuta-secret exists in the current namespace.
Edit secret immuta-secret in place.
Edit secret immuta-legacy-secret in place. Skip this step if the legacy query engine and fingerprint services are disabled (the default).
Validate that secret immuta-legacy-secret exists in the current namespace.
Get the query engine replica count, this value will be referenced in subsequent step(s).
Scale the replica count down to 1.
Get the query engine pod name, this value will be referenced in subsequent step(s).
Update credentials in the immuta-values.yaml file.
Perform a to apply the changes made to immuta-values.yaml. Update the with your own release name.
Restart pods.
Update the placeholder value with a query engine superuser password.
Update the placeholder value with a query engine replication password.
Update the placeholder value with a query engine feature password.
Scale the replica count back up to the previous value by updating the placeholder value.
kubectl rollout restart deployment --all --selector "app.kubernetes.io/component=audit,app.kubernetes.io/component=secure"kubectl exec pod/<query-engine-pod-name> -- \
psql -d immuta -c \
"ALTER USER postgres WITH ENCRYPTED PASSWORD '<new-patroni-superuser-password>'"kubectl exec pod/<query-engine-pod-name> -- \
psql -d immuta -c \
"ALTER USER replicator WITH ENCRYPTED PASSWORD '<new-patroni-replication-password>'"kubectl exec pod/<query-engine-pod-name> -- \
psql -d immuta -c \
"ALTER USER feature_service WITH ENCRYPTED PASSWORD '<new-immuta-feature-password>'"kubectl scale statefulset --all --replicas <query-engine-previous-replica-count> --selector "app.kubernetes.io/component=query-engine"kubectl get secret/immuta-secretkubectl edit secret/immuta-secretkubectl edit secret/immuta-legacy-secretkubectl get secret/immuta-legacy-secretkubectl get statefulset --selector "app.kubernetes.io/component=query-engine" --output namekubectl scale statefulset --all --replicas 1 --selector "app.kubernetes.io/component=query-engine"helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.20kubectl get pod --selector "app.kubernetes.io/component=query-engine"