Requirements

Immuta comprises three core services: Secure, Discover, and Detect. These services rely on PostgreSQL and Elasticsearch to store their states, a caching layer, and Temporal for job execution. The illustration below shows the relationships among these services.

The Immuta Enterprise Helm chart (IEHC) does not include the deployment of PostgreSQL or Elasticsearch, so you must deploy them separately.

Although Immuta recommends using Elasticsearch because it supports several new Immuta features and services, you can deploy Immuta without Elasticsearch. The table below outlines the Immuta features supported with and without Elasticsearch and the dependencies you must deploy and manage yourself.

Immuta with Elasticsearch

Immuta without Elasticsearch

Dependencies

Externalized PostgreSQL

Immuta Detect

✅

❌

Audit of Immuta and data platform events

✅

❌

Legacy audit

❌

Immuta Monitors

✅

❌

Sensitive data discovery

✅

For information about legacy databases and services no longer enabled in the recommended deployment of Immuta, see the Legacy databases section.

Version requirements

Kubernetes versions

Kubernetes 1.29 - 1.32

Metadata database (PostgreSQL)

PostgreSQL incompatibilities

Immuta is not compatible with PostgreSQL abstraction layers, such as Amazon Aurora.

PostgreSQL 15.0 or newer
The pgcrypto and btree_gin extensions must be enabled

Elasticsearch

Elasticsearch v7 API or newer
OpenSearch compatible with Elasticsearch v7 API or newer

OpenSearch user

The user provided during the install must have the following permissions:

cluster:monitor/health
indices:data/write/bulk*
indices:data/write/bulk
indices:data/read/search
indices:admin/exists
indices:admin/create
indices:admin/delete
indices:admin/settings/update
indices:admin/get
indices:data/write/delete/byquery
indices:data/write/index
indices:admin/mapping/put
indices:data/write/bulk
indices:data/write/bulk*

Follow OpenSearch documentation to create the user and add permissions, or see the Setting up OpenSearch permissions knowledge base article.

Cache (Redis/Memcached)

Built-in cache

The IEHC manages its own Memcached deployment inside the cluster. The key-value cache can optionally be externalized post installation.

Redis 7.0 or newer
Memcached 1.6 or newer

Temporal

Built-in Temporal server

The IEHC deploys a Temporal server and its requisite components. However, you may choose to use your own Temporal instance.

Temporal 1.24.2 or newer

Infrastructure recommendations

Kubernetes distribution

Ingress

External metadata database

External Elasticsearch

Amazon Elastic Kubernetes Service (EKS)

AWS Load Balancer Controller

Amazon RDS for PostgreSQL

Amazon OpenSearch

Azure Kubernetes Service (AKS)

Azure Application Gateway Ingress Controller

Azure Database for PostgreSQL

Elastic Cloud on Azure

Google Kubernetes Engine (GKE)

GKE Ingress Controller

Google Cloud SQL for PostgreSQL

Elastic Cloud on Google Cloud

Red Hat OpenShift

OpenShift Ingress Operator

Legacy databases

Last updated 3 days ago

Was this helpful?