What's new in 2024.2?

This article aims to distill the changes related to a self-managed Immuta deployment that were introduced in the 2024.2 LTS release into an easy to consume single document.

Changes

All changes listed below are recommended for all customers to take advantage of all new features in Immuta and will be required to upgrade to future releases. While it is possible to defer upgrading to the new audit service in some cases while Elasticsearch options are considered, moving to an external PostgreSQL database and the new helm chart should definitely be targeted as part of the upgrade to 2024.2 LTS.

Immuta Enterprise Helm Chart (IEHC)

A completely new helm chart used to deploy Immuta was introduced . While not required to upgrade to 2024.2, some of the new services delivered with 2024.2 require use of this helm chart as they have not been back-ported to the legacy Immuta Helm Chart (IHC).

TLS Options

Instances of Immuta that were deployed using the legacy Immuta Helm Chart (IHC) generated a self-signed Certificate Authority and cert/key pairs to enable TLS on communication between the Immuta services.

The Immuta Enterprise Helm Chart (IEHC) available with the Immuta 2024.2.0 LTS release no longer takes this approach. Instead, Immuta recommends following Kubernetes best practices for enabling encrypted communications. One such approach is by deploying a service mesh which automatically enables mTLS for TCP traffic. Popular options include Linkerd and Istio.

External PostgreSQL Metadata Database

The new Helm chart does not provision an in-cluster PostgreSQL database for the Immuta back-end. Accordingly, new deployments must provide their own PostgreSQL database either via their cloud provider's managed service or a production-ready Kubernetes option like Crunchy Data.

Backup Considerations

Previously, Immuta backed up PostgreSQL databases nightly to blob storage via Kubernetes cronjob. Because the metadata database is no longer deployed as part of Immuta, backups and DR processes have shifted to your cloud provider's, or chosen Kubernetes provider's PostgreSQL implementation.

Immuta Audit Service

The Immuta Audit Service requires deployment of its own state store using an Elasticsearch compatible cloud service, for example Elastic Cloud or Amazon OpenSearch Service or via a production-ready Kubernetes option like Elastic Cloud on Kubernetes (ECK).