Requirements
Last updated
Was this helpful?
Last updated
Was this helpful?
Immuta comprises three core services: Secure, Discover, and Detect. These services rely on PostgreSQL and Elasticsearch to store their states, a caching layer, and Temporal for job execution. The illustration below shows the relationships among these services.
The Immuta Enterprise Helm chart (IEHC) does not include the deployment of PostgreSQL or Elasticsearch, so you must deploy them separately.
Although Immuta recommends using Elasticsearch because it supports several new Immuta features and services, you can deploy Immuta without Elasticsearch. The table below outlines the Immuta features supported with and without Elasticsearch and the dependencies you must deploy and manage yourself.
Immuta Detect
✅
❌
Audit of Immuta and data platform events
✅
❌
Immuta Monitors
✅
❌
Sensitive data discovery
✅
✅
For more information about legacy features and services no longer enabled in the recommended deployment of Immuta, see the Legacy features and services section.
Amazon Elastic Kubernetes Service (EKS)
1.25 - 1.31
Azure Kubernetes Service (AKS)
1.27 - 1.29
Google Kubernetes Engine (GKE)
1.26 - 1.29
Red Hat OpenShift
1.25 - 1.29
SUSE Rancher Kubernetes Engine (RKE2)
1.25 - 1.29
K3s - For evaluation purposes only
1.25 - 1.29
PostgreSQL incompatibilities
Immuta is not compatible with PostgreSQL abstraction layers, such as Amazon Aurora.
PostgreSQL 15.0 or newer
The pgcrypto
, btree_gin
extensions must be enabled
Elasticsearch v7 API or newer
OpenSearch compatible with Elasticsearch v7 API or newer
The user provided during the install must have the following permissions:
cluster:monitor/health
indices:data/write/bulk*
indices:data/write/bulk
indices:data/read/search
indices:admin/exists
indices:admin/create
indices:admin/delete
indices:admin/settings/update
indices:admin/get
indices:data/write/delete/byquery
indices:data/write/index
indices:admin/mapping/put
indices:data/write/bulk
indices:data/write/bulk*
Follow OpenSearch documentation to create the user and add permissions, or see the Setting up OpenSearch permissions knowledge base article.
Built-in cache
The IEHC manages its own Memcached deployment inside the cluster. The key-value cache can optionally be externalized post installation.
Redis 7.0 or newer
Memcached 1.6 or newer
Built-in Temporal server
The IEHC deploys a Temporal server and its requisite components. However, you may choose to use your own Temporal instance.
Temporal 1.24.2 or newer
Amazon Elastic Kubernetes Service (EKS)
AWS Load Balancer Controller
Azure Kubernetes Service (AKS)
Azure Application Gateway Ingress Controller
Google Kubernetes Engine (GKE)
GKE Ingress Controller
Red Hat OpenShift
OpenShift Ingress Operator
SUSE Rancher Kubernetes Engine (RKE2)
Ingress NGINX Controller
K3s - For evaluation purposes only
Traefik
Some legacy services and features are no longer enabled in the recommended configuration of the IEHC. The table below lists these features and provides links to documentation that outlines how to enable them in Immuta.
Legacy audit
Set each of the following global.featureFlags
in your immuta-values.yaml
file to false
:
AuditService
detect
auditLegacyViewHide
Legacy conditional tags
Set the following global.featureFlags
in your immuta-values.yaml
file to false
: DiscoverDeprecateLegacyTags
Legacy sensitive data discovery
Data platforms
Amazon Redshift
Azure Synapse Analytics
Google BigQuery
Policies
Masking with format preserving masking (unless using the Snowflake integration)
Masking with k-anonymization
Masking using randomized response (unless using the Snowflake integration)