This guide demonstrates how to upgrade an existing Immuta deployment installed with the older Immuta Helm chart (IHC) to v2024.2 LTS using the Immuta Enterprise Helm chart (IEHC).
Helm chart deprecation notice
As of Immuta version 2024.2, the IHC has been deprecated in favor of the IEHC. Their respective immuta-values.yaml Helm values files are not compatible.
Prerequisites
Create a PostgreSQL database
The PostgreSQL instance has been provisioned and is actively running.
The PostgreSQL instance's hostname/FQDN is .
The PostgreSQL instance is .
For additional information, consult the Deployment requirements.
Validate the Helm release
Fetch the metadata for the Helm release associated with Immuta.
Review the output from the previous step and verify the following:
The Immuta version (appVersion) is
Metadata database
The new IEHC no longer supports deploying a Metadata database (PostgreSQL) inside the Kubernetes cluster. Before transitioning to the new IEHC, it's first necessary to externalize the Metadata database.
Built-in
The following demonstrates how to take a database backup and import the data into each cloud provider's managed PostgreSQL service.
Create backup of old database
Get the metadata database pod name.
Spawn a shell inside the running metadata database pod.
Perform a database backup.
Type
Setup new database
Create a pod named immuta-setup-db and spawn a shell.
Connect to the new PostgreSQL database as a superuser. Depending on the cloud provider, the default superuser name (postgres) might differ.
Create immuta,
Restore backup to new database
Create a pod named immuta-restore-db and spawn a shell.
Copy file bometadata.dump from the host's working directory to pod immuta-restore-db.
Spawn a shell inside pod immuta-restore-db
External
No additional work is required. The existing database can be reused with the new IEHC.
Helm values
Helm values file compatibility
The immuta-values.yaml Helm values file used by the IHC is not compatible with the new IEHC.
Rename the existing immuta-values.yaml Helm values file used by the IHC.
Follow the for your Kubernetes distribution of choice.
The last LTS (2022.5.x) or 2024.1 or newer
Less than 2024.2
The Immuta Helm chart (version) is greater than or equal to 4.13.5
The Immuta Helm chart name (chart) is immuta
If any of the criteria is not met, it's first necessary to perform a Helm upgrade using the IHC. Contact your Immuta representative for guidance.
exit
, and then press
Enter
to exit the shell prompt.
Copy file bometadata.dump from the pod to the host's working directory.
temporal
, and
temporal_visiblity
databases and an
immuta
role.
Type \q, and then press Enter to exit the psql prompt.
.
Perform a database restore while authenticated as role immuta. Refer to the value substituted for <postgres-password> when prompted to enter a password.
Type exit, and then press Enter to exit the shell prompt.
Delete pod immuta-restore-db that was previously created.
kubectl run immuta-restore-db --image docker.io/bitnami/postgresql:latest -- sleep infinity
kubectl cp bometadata.dump immuta-restore-db:/tmp
mv immuta-values.yaml immuta-values.ihc.yaml
CREATE ROLE immuta with login encrypted password '<postgres-password>';
GRANT immuta TO CURRENT_USER;
CREATE DATABASE immuta OWNER immuta;
CREATE DATABASE temporal OWNER immuta;
CREATE DATABASE temporal_visibility OWNER immuta;
GRANT all ON DATABASE immuta TO immuta;
GRANT all ON DATABASE temporal TO immuta;
GRANT all ON DATABASE temporal_visibility TO immuta;
ALTER ROLE immuta SET search_path TO bometadata,public;
REVOKE immuta FROM CURRENT_USER;
\c immuta
CREATE EXTENSION pgcrypto;
\c temporal
GRANT CREATE ON SCHEMA public TO immuta;
\c temporal_visibility
GRANT CREATE ON SCHEMA public TO immuta;
CREATE EXTENSION btree_gin;
kubectl exec immuta-restore-db --stdin --tty -- sh