Skip to content

Getting Started

The instructions and how-to guides on this page illustrate how to install Immuta in your Kubernetes environment. If you are upgrading Immuta, navigate to the Upgrade section instead.

Prerequisites and requirements

Pull the Helm chart

Consult the upgrade overview if unsure which helm chart to use.

ocir.immuta.com

Helm chart availability

The deprecated Immuta Helm chart (IHC) is not available from ocir.immuta.com.

  1. Copy the snippet below and replace the placeholder text with the credentials provided to you by your Customer Success Manager:

    echo <token> | helm registry login --password-stdin --username <username> ocir.immuta.com
    

(Deprecated) archives.immuta.com

Deprecation of archives.immuta.com

The preferred means of installing the Immuta Enterprise Helm chart (IEHC) is via ocir.immuta.com. The IEHC will continue to be published to archives.immuta.com for the foreseeable future.

  1. Reach out to your Immuta support professional to obtain the Kubernetes Helm Installation Credentials to authenticate with Immuta's Helm registry.
  2. Copy the snippet below and replace the placeholder text with the credentials you obtained in the previous step to add the Helm repository:

    echo <token> | helm repo add --username <username> --password-stdin immuta https://archives.immuta.com/charts
    

    --pass-credentials flag

    If you encounter an unauthorized error when adding the Immuta Enterprise Helm chart (IEHC), run helm repo add --pass-credentials.

    Usernames and passwords are only passed to the URL location of the Helm repository by default. The username and password are scoped to the scheme, host, and port of the Helm repository. To pass the username and password to other domains Helm may encounter when it goes to retrieve a chart, the new --pass-credentials flag can be used. This flag restores the old behavior for a single repository as an opt-in behavior.

    If you use a username and password for a Helm repository, you can audit the Helm repository in order to check for another domain that could have received the credentials. In the index.yaml file for that repository, look for another domain in the URL's list for the chart versions. If there is another domain found and that chart version is pulled or installed, the credentials will be passed on.

  3. (Optional) Fetch the latest chart information from the repository:

    helm repo update immuta
    
  4. List all available versions of the chart:

    helm search repo --regexp 'immuta/immuta-enterprise\v' --versions
    
    helm search repo --regexp 'immuta/immuta\v' --versions
    

Install Immuta

Immuta can be installed on any Kubernetes cluster. Select a guide below that corresponds to your Kubernetes distribution to install Immuta. If your distribution is not listed below (such as K3s or RKE2), follow the generic installation instructions:

Configure Ingress

To complete your installation and access the Immuta application, configure Ingress.

Additional recommendations

The configuration section includes guidance for various scenarios you may encounter during and post-deployment. Below are several guides from that section that most customers follow to complete their deployment of Immuta, but none of these is a requirement for the Immuta installation to work.

  • TLS configuration: Secure your Ingress by specifying a Secret that contains a TLS private key and certificate.
  • Immuta in production: Follow these best practices for configuring your deployment for a production environment.
  • External cache configuration: The Immuta Enterprise Helm chart manages its own Memcached deployment inside the cluster. However, you can opt to externalize the key-value cache post-installation.