What's new in 2024.2?

This article aims to distill the changes related to a self-managed Immuta deployment that were introduced in the 2024.2 LTS release into an easy to consume single document.

Changes

All changes listed below are recommended for all customers to take advantage of all new features in Immuta and will be required to upgrade to future releases. While it is possible to defer upgrading to the new audit service in some cases while Elasticsearch options are considered, moving to an external PostgreSQL database and the new helm chart should definitely be targeted as part of the upgrade to 2024.2 LTS.

Immuta Enterprise Helm Chart (IEHC)

A completely new helm chart used to deploy Immuta was introduced . While not required to upgrade to 2024.2, some of the new services delivered with 2024.2 require use of this helm chart as they have not been back-ported to the legacy Immuta Helm Chart (IHC).

TLS Options

Immuta recommends using Kubernetes service meshes like Linkerd or Istio for internal service communication. These meshes automatically encrypt traffic with mTLS, fulfilling end-to-end encryption requirements. While the internal protocol might be HTTP, the service mesh secures it, simplifying deployment and aligning with Kubernetes best practices. External traffic should still be secured with TLS termination at your ingress controller or load balancer

External PostgreSQL Metadata Database

The new Helm chart does not provision an in-cluster PostgreSQL database for the Immuta back-end. Accordingly, new deployments must provide their own PostgreSQL database either via their cloud provider's managed service or a production-ready Kubernetes option like Crunchy Data.

Backup Considerations

Previously, Immuta backed up PostgreSQL databases nightly to blob storage via Kubernetes cronjob. Because the metadata database is no longer deployed as part of Immuta, backups and DR processes have shifted to your cloud provider's, or chosen Kubernetes provider's PostgreSQL implementation.

Immuta Audit Service

The Immuta Audit Service requires deployment of its own state store using an Elasticsearch compatible cloud service, for example Elastic Cloud or Amazon OpenSearch Service or via a production-ready Kubernetes option like Elastic Cloud on Kubernetes (ECK).