In-cluster Elasticsearch using Elastic Cloud on Kubernetes (ECK)

It is possible to deploy Immuta without the use of cloud provided managed services by using enterprise-ready tools for kubernetes.

This article describes deploying an Elasticsearch cluster in the Immuta installation namespace and pointing the Immuta application at this cluster for deployment

Deploying ECK

This section relies heavily on the Elasticsearch official guides found at the link below

LogoInstall ECK using the YAML manifests | Elastic Docswww.elastic.co

Install CRDs and Operator

kubectl create -f https://download.elastic.co/downloads/eck/3.1.0/crds.yaml
kubectl apply -f https://download.elastic.co/downloads/eck/3.1.0/operator.yaml

Deploy an Elasticsearch cluster

cat <<EOF | kubectl apply -f -
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: immuta-elasticsearch
  namespace: immuta
spec:
  version: 9.1.5
  volumeClaimDeletePolicy: DeleteOnScaledownOnly
  http:
    tls:
      selfSignedCertificate:
        disabled: true
  nodeSets:
  - name: default
    count: 1
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 200Gi
EOF

Verifying cluster health

kubectl get -n immuta elasticsearch
NAME                   HEALTH   NODES   VERSION   PHASE   AGE
immuta-elasticsearch   green   1       9.1.5    Ready   18m

Validate Connectivity

PASSWORD=$(kubectl get -n immuta secret immuta-elasticsearch-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')

Forward the port in a separate terminal

kubectl port-forward -n immuta service/immuta-elasticsearch-es-http 9200

In the original terminal with the password set curl the endpoint

curl -u "elastic:$PASSWORD" -k "http://localhost:9200"
{
  "name" : "immuta-elasticsearch-es-default-0",
  "cluster_name" : "immuta-elasticsearch",
  "cluster_uuid" : "1shfTzp-SNG4QH5aZsme6g",
  "version" : {
    "number" : "9.1.5",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "90ee222e7e0136dd8ddbb34015538f3a00c129b7",
    "build_date" : "2025-10-02T22:07:12.966975992Z",
    "build_snapshot" : false,
    "lucene_version" : "10.2.2",
    "minimum_wire_compatibility_version" : "8.19.0",
    "minimum_index_compatibility_version" : "8.0.0"
  },
  "tagline" : "You Know, for Search"
}

PreviousIn-cluster PostgreSQL using CrunchydataNextProduction Linkerd with AWS Private CA issuer

Last updated