Self-Host Installation and Deployment Checklist

Introduction

This page contains a comprehensive checklist of requirements and considerations for customers planning to perform a self-deployment of Immuta version 2024.2 and above on Kubernetes. It is crucial to review these items before initiating the installation process to ensure a successful deployment. This checklist includes system requirements, access validations, and configuration checks essential for a smooth setup.

Self-Host Installation and Deployment Checklist

1. System Requirements:

   • For more detail go here.

     Kubernetes distribution

     Kubernetes versions

     Elastic Kubernetes Service (EKS)

     1.25 - 1.29

     Azure Kubernetes Service (AKS)

     1.27 - 1.29

     Google Kubernetes Engine (GKE)

     1.26 - 1.29

     Red Hat OpenShift

     1.25 - 1.29

     SUSE Rancher Government (RKE2)

     1.25 - 1.29

     SUSE K3s - For evaluation purposes only

     1.25 - 1.29

2. Repository Access for Immuta Images:

   • Helm 3.2.0+

   • Validate access to the ocir.immuta.com repository. If access is not granted, acquire the necessary permissions by contacting your Immuta representative.

   • Command line to authenticate with the given token: example here.

   • Review IEHC - Immuta Enterprise Helm Chart. The deprecated IHC - Immuta Helm Chart is for legacy installation of Immuta 2024.1.x <=

3. PostgreSQL Database Setup:

   • Requires PostgreSQL 15.0+

   • The pgcrypto extension must be enabled.

   • Ensure your PostgreSQL database is set up and configured for Immuta deployment. Verify the following:

     • The PostgreSQL instance's hostname/FQDN is resolvable from within the Kubernetes cluster.

     • The PostgreSQL instance is accepting connections.

   • Example options:

     • Amazon Web Services (AWS): Amazon RDS for PostgreSQL

     • Microsoft Azure: Azure Database for PostgreSQL

     • Google Cloud Platform (GCP): Google Cloud SQL for PostgreSQL

4. ElasticSearch Configuration:

   • ElasticSearch v7+ API

   • OpenSearch compatible with ElasticSearch v7 API or newer

   • Deploy and configure Elasticsearch, ensuring the connection is valid. Check the following:

     • The Elasticsearch instance's hostname/FQDN is resolvable from within the Kubernetes cluster.

     • The Elasticsearch instance is accepting connections.

   • Example options:

     • Amazon OpenSearch

     • Elastic Cloud on Azure

     • Elastic Cloud on Google Cloud

5. Ingress and TLS Configuration:

   • Confirm that Ingress and TLS are configured correctly and that any network connectivity issues have been resolved.

     • Review Ingress configuration.

     • Review TLS Configuration.

   • Validate Immuta deployment if these configurations are not set up properly, such as using port forwarding once Immuta installation is completed and LoadBalance is not set. For example:

     • kubectl --namespace <the namespace> port-forward service/immuta-secure 8080:http

     • Then test with localhost:8080 via a browser.

6. General Considerations:

   • Ensure you have reviewed the Immuta installation documentation thoroughly.

   • Address any questions or concerns before proceeding with deployment.

   • If applicable, note any errors or issues encountered during previous attempts to deploy.

   • Credentials management consideration if this is a requirement.

   • Review FAQ for Immuta deployments.

7. Official Immuta Self-Managed Deployment Documentation.