This article provides one possible way to download and package Immuta artifacts for consumption on a separate network with no Internet access. Adjust accordingly depending on your environment and target Immuta version.
Installing skopeo
The commands in this article copy the Immuta images from the registry to the local host and export to tarball using skopeo. Details on installing skopeo for the local platform can be found here:
The IMMUTA_LEGACY_IMAGES noted below are only required if the deployment still requires the Immuta Query Engine or Immuta Fingerprint service. If not, these can be omitted.
export IMMUTA_VERSION=2024.2.5
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
skopeo copy docker://ocir.immuta.com/stable/${image}:${IMMUTA_VERSION} docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar;
done
Pull the Immuta Enterprise Helm Chart (IEHC)
Copy the snippet below and replace the placeholder text with the credentials provided to you by your customer success manager:
After transferring the Immuta container images and Helm chart to your air-gapped network, load them into the container registry there after authenticating.
export PRIVATE_REGISTRY=your.private-registry.com
export IMMUTA_VERSION=2024.2.5
export IMMUTA_IMAGES="audit-service audit-export-cronjob cache classify-service immuta-service"
export IMMUTA_LEGACY_IMAGES="immuta-db immuta-fingerprint"
for image in ${IMMUTA_IMAGES} ${IMMUTA_LEGACY_IMAGES}; do
skopeo copy docker-archive://${PWD}/${image}-${IMMUTA_VERSION}.tar docker://${PRIVATE_REGISTRY}/immuta/${image}:${IMMUTA_VERSION};
done
Installing from IEHC tarball
Be sure to override the image registry in the helm chart values overrides:
