Enabling Legacy Query Engine
The query engine is no longer installed by default. This guide demonstrates how to enable the query engine using the Immuta Enterprise Helm chart (IEHC).
If you are using any of the legacy data platforms, you must enable the query engine.
Prerequisites
The Immuta in production guide must be completed before proceeding.
Validate that secret
immuta-secretexists in the current namespace.kubectl get secret/immuta-secret
Create Kubernetes secret
Create a file named
secret-data.envwith the following content.# query-engine IMMUTA_FEATURE_PASSWORD=<immuta-feature-password> PATRONI_SUPERUSER_PASSWORD=<patroni-superuser-password> PATRONI_REPLICATION_PASSWORD=<patroni-replication-password> PATRONI_RESTAPI_PASSWORD=<patroni-api-password>Create secret named
immuta-legacy-secretfrom filesecret-data.envkubectl create secret generic immuta-legacy-secret --from-env-file=secret-data.envDelete file
secret-data.env, as it's no longer needed.rm -i secret-data.env
Edit Helm values
Edit the
immuta-values.yamlfile to include the following Helm values.legacy: enabled: true queryEngine: statefulset: extraEnvVars: - name: IMMUTA_FEATURE_PASSWORD valueFrom: secretKeyRef: name: immuta-legacy-secret key: IMMUTA_FEATURE_PASSWORD - name: PATRONI_SUPERUSER_PASSWORD valueFrom: secretKeyRef: name: immuta-legacy-secret key: PATRONI_SUPERUSER_PASSWORD - name: PATRONI_REPLICATION_PASSWORD valueFrom: secretKeyRef: name: immuta-legacy-secret key: PATRONI_REPLICATION_PASSWORD - name: PATRONI_RESTAPI_PASSWORD valueFrom: secretKeyRef: name: immuta-legacy-secret key: PATRONI_RESTAPI_PASSWORD postgres: # Query Engine feature user # Instead use queryEngine.statefulset.extraEnvVars[].name[IMMUTA_FEATURE_PASSWORD] # password: <immuta-feature-password> # Query Engine superuser user # Instead use queryEngine.statefulset.extraEnvVars[].name[PATRONI_SUPERUSER_PASSWORD] # superuserPassword: <patroni-superuser-password> # Query Engine replication user # Instead use queryEngine.statefulset.extraEnvVars[].name[PATRONI_REPLICATION_PASSWORD] # replicationPassword: <patroni-replication-password> # Query Engine patroni api user # Instead use queryEngine.statefulset.extraEnvVars[].name[PATRONI_RESTAPI_PASSWORD] # patroniApiPassword: <patroni-api-password> immutaSecurity: # Each Kubernetes Service has a DNS record associated with it. See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ # The anatomy of a domain name is as followed: # <service>.<namespace>.svc.<cluster-domain> # # Where the default cluster domain is: cluster.local authEndpoint: "http://immuta-secure.immuta.svc.cluster.local:8823" secure: extraEnvVars: - name: IMMUTA_DATABASES_IMMUTA_CONNECTIONS_FEATURESTOREDB_PASSWORD valueFrom: secretKeyRef: name: immuta-legacy-secret key: IMMUTA_FEATURE_PASSWORD extraConfig: : enabled: true disableFeatureStore: false databases: immuta: connections: featureStoreDb: # Each Kubernetes Service has a DNS record associated with it. See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ # The anatomy of a domain name is as followed: # <service>.<namespace>.svc.<cluster-domain> # # Where the default cluster domain is: cluster.local host: "immuta-legacy-query-engine-service.immuta.svc.cluster.local" port: 5432 ssl: false # Query Engine feature user # Instead use secure.extraEnvVars[].name[IMMUTA_DATABASES_IMMUTA_CONNECTIONS_FEATURESTOREDB_PASSWORD] # password: <immuta-feature-password>Update all placeholder values in the
immuta-values.yamlfile.
Apply Helm values
Perform a Helm upgrade to apply the changes made to immuta-values.yaml.
helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2025.1.2Last updated
Was this helpful?