Production Best Practices

This guide highlights best practices when deploying Immuta in a production environment.

Database sizing recommendations

Provisioning an appropriately resourced PostgreSQL database for Immuta is critical to application performance. The recommendations below are based on the number of data sources registered multiplied (*) by the number of users on the deployment:

Elasticsearch/OpenSearch sizing recommendations

This recommendation assumes approximately 1 million events per day with a 90-day data retention policy:

• 2 nodes

• 2 CPUs/node

• 4GB RAM/node

• Storage 100GB SSD/node

Helm values

Back up or source control your immuta-values.yaml Helm values file.

Kubernetes resource requests and limits

Assign memory resource limits to pods.

Edit Helm values

Edit immuta-values.yaml to include the following recommended resource requests and limits for most Immuta deployments.

Kubernetes secrets

Use Kubernetes secrets in the immuta-values.yaml file instead of passwords and tokens. The following section demonstrates how to create a secret and reference it in the Helm values file. For guidance on updating these credentials based on your specific security policies, refer to the Rotating credentials guide.

Create secret

1. Create a file named secret-data.env with the following content.

2. Create secret named immuta-secret from file secret-data.env.

3. Delete file secret-data.env, as it's no longer needed.

Edit Helm values

1. Edit immuta-values.yaml to include the following Helm values.

2. Remove any sensitive key-value pairs from the immuta-values.yaml Helm values that were made redundant after the secret was created.

Apply Helm values

Perform a Helm upgrade to apply the changes made to immuta-values.yaml.