LogoLogo
Public Knowledge Base
Public Knowledge Base
  • Self-hosted Immuta
    • Official Immuta Self-Managed Deployment Documentation
    • What's new in 2024.2?
    • Deployment Options
      • AWS Immuta Deployment
      • Azure Immuta Deployment
      • K3s Deployment
      • SUSE Rancher Kubernetes Engine (RKE2) Deployment
      • In-cluster PostgreSQL using Crunchydata
      • In-cluster Elasticsearch using Elastic Cloud on Kubernetes (ECK)
      • Production Linkerd with AWS Private CA issuer
      • Deploying Linkerd via Open Source Linkerd
      • Deploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd
      • Uninstalling Linkerd
      • Upgrading to Immuta 2024.2 LTS
      • LTS Upgrade via Legacy Chart
      • Legacy Audit - no Elasticsearch
      • Temporal with RDS
      • Setting Up OpenSearch User Pemissions
    • Air gapped installations
      • Immuta Installation on k3s in Air Gapped environment
      • Air-gapped Installation Artifact Transfer
  • Excessive failed jobs in pgboss impacting system performance
  • Example Trino installation via Open Source Helm Chart
  • Immuta Installation on Self Managed Infrastructure Overview
  • Repeatable k3s stack deployment on AWS EC2
  • Trino OAuth2 and JWT via Okta
  • Copy of Okta Attribute Mapping
Powered by GitBook
On this page
  • Changes
  • Immuta Enterprise Helm Chart (IEHC)
  • External PostgreSQL Metadata Database
  • Immuta Audit Service
  1. Self-hosted Immuta

What's new in 2024.2?

NextDeployment Options

Last updated 2 months ago

This article aims to distill the changes related to a self-managed Immuta deployment that were introduced in the 2024.2 LTS release into an easy to consume single document.

Changes

All changes listed below are recommended for all customers to take advantage of all new features in Immuta and will be required to upgrade to future releases. While it is possible to defer upgrading to the new audit service in some cases while Elasticsearch options are considered, moving to an external PostgreSQL database and the new helm chart should definitely be targeted as part of the upgrade to 2024.2 LTS.

Immuta Enterprise Helm Chart (IEHC)

A completely new helm chart used to deploy Immuta was introduced . While not required to upgrade to 2024.2, some of the new services delivered with 2024.2 require use of this helm chart as they have not been back-ported to the legacy Immuta Helm Chart (IHC).

Required for 2024.2 Upgrade
Required for Detect/Audit Service
Required for Discover/Classify Service

No

Yes

Yes

TLS Options

Immuta recommends using Kubernetes service meshes like Linkerd or Istio for internal service communication. These meshes automatically encrypt traffic with mTLS, fulfilling end-to-end encryption requirements. While the internal protocol might be HTTP, the service mesh secures it, simplifying deployment and aligning with Kubernetes best practices. External traffic should still be secured with TLS termination at your ingress controller or load balancer

External PostgreSQL Metadata Database

The new Helm chart does not provision an in-cluster PostgreSQL database for the Immuta back-end. Accordingly, new deployments must provide their own PostgreSQL database either via their cloud provider's managed service or a production-ready Kubernetes option like .

Required for 2024.2 Upgrade
Required to use new IEHC

No

Yes

Backup Considerations

Previously, Immuta backed up PostgreSQL databases nightly to blob storage via Kubernetes cronjob. Because the metadata database is no longer deployed as part of Immuta, backups and DR processes have shifted to your cloud provider's, or chosen Kubernetes provider's PostgreSQL implementation.

Immuta Audit Service

Required for 2024.2 Upgrade
Required for Detect

No

Yes

The Immuta Audit Service requires deployment of its own state store using an Elasticsearch compatible cloud service, for example or or via a production-ready Kubernetes option like .

Crunchy Data
Elastic Cloud
Amazon OpenSearch Service
Elastic Cloud on Kubernetes (ECK)