It is possible to deploy Immuta without the use of cloud provided managed services by using enterprise-ready tools for kubernetes.
This article describes deploying an Elasticsearch cluster in the Immuta installation namespace and pointing the Immuta application at this cluster for deployment
This section relies heavily on the Elasticsearch official guides found at the link below
Copy kubectl create -f https://download.elastic.co/downloads/eck/2.12.1/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/2.12.1/operator.yaml
Copy cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: immuta-audit-service
namespace: immuta
spec:
version: 8.13.4
volumeClaimDeletePolicy: DeleteOnScaledownOnly
http:
tls:
selfSignedCertificate:
disabled: true
nodeSets:
- name: default
count: 3
volumeClaimTemplates:
- metadata:
name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
EOF
Copy kubectl get -n immuta elasticsearch
NAME HEALTH NODES VERSION PHASE AGE
immuta-audit-service green 3 8.13.4 Ready 18m
Copy PASSWORD=$(kubectl get -n immuta secret immuta-audit-service-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
Copy kubectl port-forward -n immuta service/immuta-audit-service-es-http 9200
Copy curl -u "elastic:$PASSWORD" -k "https://localhost:9200"
{
"name" : "immuta-audit-service-es-default-1",
"cluster_name" : "immuta-audit-service",
"cluster_uuid" : "qg6s9S49SSWlldGvdWi1Rg",
"version" : {
"number" : "8.13.4",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "da95df118650b55a500dcc181889ac35c6d8da7c",
"build_date" : "2024-05-06T22:04:45.107454559Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
} Install Immuta with the Elasticsearch endpoint and credentials specified.
Copy global:
imageRegistry: 231431240278.dkr.ecr.us-east-1.amazonaws.com
imageTag: 2024.2.0
audit:
enabled: true
config:
databaseConnectionString: postgresql://immuta-pg:y7n;D%3FDK6%2F)0%2F<%3Dc,}J}Bm3^@immuta-pg-primary.immuta.svc:5432/immuta-pg
elasticsearchEndpoint: http://immuta-audit-service-es-http.immuta.svc:9200
elasticsearchUsername: elastic
elasticsearchPassword: z84cGbw8J1t73J7Rwt3n9I3s
secure:
extraEnvVars:
- name: FeatureFlag_AuditService
value: "true"
- name: FeatureFlag_detect
value: "true"
- name: FeatureFlag_auditLegacyViewHide
value: "true"
ingress:
hostname: crunchy.immuta.us
ingressClassName: alb
annotations:
alb.ingress.kubernetes.io/group.name: immuta-trino
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/backend-protocol: HTTP
tls: true
postgresql:
host: immuta-pg-primary.immuta.svc
port: 5432
database: immuta-pg
username: immuta-pg
password: y7n;D?DK6/)0/<=c,}J}Bm3^
ssl: true 
