Introduced in 2024.2, the Immuta Enterprise Helm chart (IEHC) is an entirely new Helm chart used to deploy Immuta. Unlike the previous Immuta Helm chart (IHC), the IEHC shares the same version as the Immuta product. Each version of the chart supports a singular version of Immuta. Upgrading the Immuta version now entails upgrading the underlying Helm chart. Failure to do so will lead to an unsupported configuration.
immuta
Immuta Helm chart (IHC)
<2024.2
archives.immuta.com
Version independent of the Immuta product
immuta-enterprise
Immuta Enterprise Helm chart (IEHC)
2024.2
ocir.immuta.com
Version shared with the Immuta product
Helm chart deprecation notice
As of Immuta version 2024.2, the IHC has been deprecated in favor of the IEHC. The immuta-values.yaml
Helm values files are not cross-compatible.
Upgrading from Immuta 2024.1.x or older
If upgrading from 2024.1.x it is first necessary to migrate to the new helm chart, as these versions were all installed using the legacy IHC. This migration process will include upgrading Immuta.
Upgrading (IEHC): Upgrade from v2024.2 LTS to v2024.3 using the Immuta Enterprise Helm chart.
Upgrading (IHC): Upgrade from v2024.2 LTS to v2024.3 using the legacy Immuta Helm chart.
This guide demonstrates how to upgrade an existing Immuta deployment installed with the older Immuta Helm chart (IHC) to v2024.2 LTS using the Immuta Enterprise Helm chart (IEHC).
Helm chart deprecation notice
As of Immuta version 2024.2, the IHC has been deprecated in favor of the IEHC. Their respective immuta-values.yaml
Helm values files are not compatible.
The PostgreSQL instance has been provisioned and is actively running.
The PostgreSQL instance's hostname/FQDN is resolvable from within the Kubernetes cluster.
The PostgreSQL instance is accepting connections.
For additional information, consult the Deployment requirements.
Fetch the metadata for the Helm release associated with Immuta.
Review the output from the previous step and verify the following:
The Immuta version (appVersion
) is
The last LTS (2022.5.x) or 2024.1 or newer
Less than 2024.2
The Immuta Helm chart (version
) is greater than or equal to 4.13.5
The Immuta Helm chart name (chart
) is immuta
If any of the criteria is not met, it's first necessary to perform a Helm upgrade using the IHC.
The new IEHC no longer supports deploying a Metadata database (PostgreSQL) inside the Kubernetes cluster. Before transitioning to the new IEHC, it's first necessary to externalize the Metadata database.
The following demonstrates how to take a database backup and import the data into each cloud provider's managed PostgreSQL service.
Get the metadata database pod name.
Spawn a shell inside the running metadata database pod.
Perform a database backup.
Type exit
, and then press Enter
to exit the shell prompt.
Copy file bometadata.dump
from the pod to the host's working directory.
Create a pod named immuta-setup-db
and spawn a shell.
Connect to the new PostgreSQL database as a superuser. Depending on the cloud provider, the default superuser name (postgres
) might differ.
Create immuta
, temporal
, and temporal_visiblity
databases and an immuta
role.
Type \q
, and then press Enter
to exit the psql prompt.
Authenticate as the immuta
user and create the pgcrypto extension.
Type \q
, and then press Enter
to exit the psql prompt.
Create a pod named immuta-restore-db
and spawn a shell.
Copy file bometadata.dump
from the host's working directory to pod immuta-restore-db
.
Spawn a shell inside pod immuta-restore-db
.
Perform a database restore while authenticated as role immuta
. Refer to the value substituted for <postgres-password>
when prompted to enter a password.
Type exit
, and then press Enter
to exit the shell prompt.
Delete pod immuta-restore-db
that was previously created.
No additional work is required. The existing database can be reused with the new IEHC.
Helm values file compatibility
The immuta-values.yaml
Helm values file used by the IHC is not compatible with the new IEHC.
Rename the existing immuta-values.yaml
Helm values file used by the IHC.
Follow the installation guide for your Kubernetes distribution of choice.
This guide demonstrates how to upgrade an existing Immuta deployment installed with the Immuta Enterprise Helm chart (IEHC).
Starting in IEHC 2024.3, a Temporal server is included in the chart and requires two databases to store state. You can expand the existing PostgreSQL database in use for Immuta by creating Temporal databases like so:
These database names are the default values for the Temporal sub-chart but can be set (if necessary) with the following values:
To enable the Temporal deployment, set the following values. Include the tls
settings if using a Cloud database that requires TLS:
To improve the experience using the IEHC, two Helm value changes have been introduced. Before deploying the IEHC 2024.3.x, you must perform the following Helm value changes:
IEHC 2024.3.x adds support for global and component-level PostgreSQL connection details. This means you only need to specify the PostgreSQL connection information once in the global scope and apply overrides (if necessary) at a component level.
If you installed IEHC 2024.2 LTS using our install guides, your immuta-values.yaml
file probably looks something like this to configure your PostgreSQL connection for multiple components:
Now, with PostgreSQL configuration in the global scope, your immuta-values.yaml
file can look like this to specify the PostgreSQL connection:
Feature flags have moved from environment variables IEHC 2024.3.x as well. You may now set feature flags globally, and then the IEHC will properly configure all applications for you. Migrate all feature flags from secure.extraEnvVars
to global.featureFlags
.
Additionally, if you use , you must add the discoverDeprecateLegacyTags
feature flag when upgrading. Otherwise the conditional tags will be removed from Immuta next time SDD runs.
If you fail to migrate the values from secure.extraEnvVars
to global.featureFlags
, then Helm will display warnings similar to below:
After updating your immuta-values.yaml
file to include any of the changes for the updates above, you can upgrade Immuta with the following command:
This guide demonstrates how to upgrade an existing Immuta deployment installed with the Immuta Helm chart (IHC) to v2024.3.
Helm chart deprecation notice
As of Immuta version 2024.2, the IHC has been deprecated in favor of the IEHC. Their respective immuta-values.yaml
Helm values files are not compatible.
Edit immuta-values.yaml
to include the following Helm values.
Perform a Helm upgrade to apply the changes made to immuta-values.yaml
.