Deployment Requirements

Immuta comprises three core services: Secure, Discover, and Detect. These services rely on PostgreSQL and ElasticSearch to store their states, a caching layer, and Temporal for job execution. The illustration below shows the relationships among these services.

The Immuta Enterprise Helm chart (IEHC) does not include the deployment of PostgreSQL or ElasticSearch, so you must deploy them separately.

Although Immmuta recommends using ElasticSearch because it supports several new Immuta features and services, you can deploy Immuta without ElasticSearch. The table below outlines the Immuta features supported with and without ElasticSearch and the dependencies you must deploy and manage yourself.

	Immuta with ElasticSearch	Immuta without ElasticSearch
Dependencies	Externalized PostgreSQL ElasticSearch / OpenShift	Externalized PostgreSQL
Immuta Detect	✅	❌
Audit of Immuta and data platform events	✅	❌
Legacy audit	✅ (Disabled by default, but can be enabled)	✅ (Until October 2024)
Immuta Monitors	✅	❌
Sensitive data discovery	✅	✅

Immuta with ElasticSearch

Immuta without ElasticSearch

Dependencies

Externalized PostgreSQL

Immuta Detect

✅

❌

Audit of Immuta and data platform events

✅

❌

Legacy audit

✅ (Disabled by default, but can be enabled)

✅ (Until October 2024)

Immuta Monitors

✅

❌

Sensitive data discovery

✅

For guidance on how to configure the IEHC to deploy Immuta with or without ElasticSearch, see one of the guides below:

For more information about legacy features and services no longer enabled in the recommended deployment of Immuta, see the Legacy features and services section.

Version requirements

Kubernetes versions

Kubernetes distribution	Kubernetes versions
Elastic Kubernetes Service (EKS)	1.25 - 1.29
Azure Kubernetes Service (AKS)	1.27 - 1.29
Google Kubernetes Engine (GKE)	1.26 - 1.29
Red Hat OpenShift	1.25 - 1.29
SUSE Rancher Government (RKE2)	1.25 - 1.29
SUSE K3s - For evaluation purposes only	1.25 - 1.29

Metadata database (PostgreSQL)

PostgreSQL incompatibilities

Immuta is not compatible with PostgreSQL abstraction layers, such as Amazon Aurora.

PostgreSQL 15.0 or newer
The pgcrypto extension must be enabled

ElasticSearch

ElasticSearch v7 API or newer
OpenSearch compatible with ElasticSearch v7 API or newer

Cache (Redis/Memcached)

Built-in cache

The IEHC manages its own Memcached deployment inside the cluster. The key-value cache can optionally be externalized post installation.

Redis 7.0 or newer
Memcached 1.6 or newer

Temporal

Built-in Temporal server

The IEHC deploys a Temporal server and its requisite components. However, you may choose to use your own Temporal instance.

Temporal 1.24.2 or newer

Infrastructure recommendations

Kubernetes distribution	Ingress	External metadata database	External cache	External ElasticSearch
Amazon Elastic Kubernetes Service (EKS)	AWS Load Balancer Controller	Amazon RDS for PostgreSQL	Amazon ElastiCache for Redis	Amazon OpenSearch
Azure Kubernetes Service (AKS)	Azure Application Gateway Ingress Controller	Azure Database for PostgreSQL	Azure Cache for Redis	Elastic Cloud on Azure
Google Kubernetes Engine (GKE)	GKE Ingress Controller	Google Cloud SQL for PostgreSQL	Memorystore for Redis	Elastic Cloud on Google Cloud
Red Hat OpenShift	OpenShift Ingress Operator
SUSE Rancher Government (RKE2)	Ingress NGINX Controller
SUSE K3s - For evaluation purposes only	Traefik

Kubernetes distribution

Ingress

External metadata database

External cache

External ElasticSearch

Amazon Elastic Kubernetes Service (EKS)

AWS Load Balancer Controller

Amazon RDS for PostgreSQL

Amazon ElastiCache for Redis

Amazon OpenSearch

Azure Kubernetes Service (AKS)

Azure Application Gateway Ingress Controller

Azure Database for PostgreSQL

Azure Cache for Redis

Elastic Cloud on Azure

Google Kubernetes Engine (GKE)

GKE Ingress Controller

Google Cloud SQL for PostgreSQL

Memorystore for Redis

Elastic Cloud on Google Cloud

Red Hat OpenShift

OpenShift Ingress Operator

SUSE Rancher Government (RKE2)

Ingress NGINX Controller

SUSE K3s - For evaluation purposes only

Traefik

Legacy features and services

Some legacy services and features are no longer enabled in the recommended configuration of the IEHC. The table below lists these features and provides links to documentation that outlines how to enable them in Immuta.

Feature Immuta Enterprise Helm chart configuration

Feature	Immuta Enterprise Helm chart configuration
Legacy audit	Set each of the following `global.featureFlags` in your `immuta-values.yaml` file to `false`: `AuditService` `detect` `auditLegacyViewHide`
Legacy conditional tags	Set the following `global.featureFlags` in your `immuta-values.yaml` file to `false`: `DiscoverDeprecateLegacyTags`
Legacy sensitive data discovery	Enable the query engine and fingerprint services
Data platforms Amazon Redshift Azure Synapse Analytics Google BigQuery Legacy databases	Enable the query engine
Policies Masking with format preserving masking (unless using the Snowflake integration) Masking with k-anonymization Masking using randomized response (unless using the Snowflake integration)	Enable the query engine and fingerprint services

Legacy audit

Set each of the following global.featureFlags in your immuta-values.yaml file to false:

AuditService
detect
auditLegacyViewHide

Legacy conditional tags

Set the following global.featureFlags in your immuta-values.yaml file to false: DiscoverDeprecateLegacyTags

Legacy sensitive data discovery

Enable the query engine and fingerprint services

Data platforms

Amazon Redshift
Azure Synapse Analytics
Google BigQuery
Legacy databases

Enable the query engine

Policies

Masking with format preserving masking (unless using the Snowflake integration)
Masking with k-anonymization
Masking using randomized response (unless using the Snowflake integration)

Enable the query engine and fingerprint services

Next step

Follow the Getting started guide to install Immuta.

Last updated 1 day ago

Was this helpful?