External Cache Configuration
This guide demonstrates how to configure an external key-value cache (such as Redis or Memcached) with the Immuta Enterprise Helm chart (IEHC).
Kubernetes namespace
The following section(s) presume the IEHC was deployed into namespace immuta and that the current namespace is immuta.
Prerequisite
The Immuta in production guide must be completed before proceeding.
Redis
-
Edit secret
immuta-secretthat was created in the Immuta in production guide.kubectl edit secret/immuta-secret -
Add key-value
IMMUTA_SERVER_CACHE_PROVIDER_OPTIONS_PASSWORD=<cache-password>.
Edit Helm values
Edit the immuta-values.yaml file to include the relevant Helm values listed below. Update all placeholder values with your own values.
Redis
TLS configuration
TLS must be configured both client-side and server-side. The following Helm values demonstrate connecting to Redis with TLS enabled.
cache:
enabled: false
secure:
extraConfig:
server:
cache:
provider:
constructor: catbox-redis
options:
host: <redis-fqdn>
port: <port>
# Setting options.tls to an empty dict enables TLS without configuring any other options.
tls: {}
# Dict representation of TLS config options json-object for package ioredis
# https://github.com/redis/ioredis
#
# tls:
# ca:
# key:
# cert:
extraEnvVars:
- name: IMMUTA_SERVER_CACHE_PROVIDER_OPTIONS_PASSWORD
valueFrom:
secretKeyRef:
key: IMMUTA_SERVER_CACHE_PROVIDER_OPTIONS_PASSWORD
name: immuta-secret
Memcached
cache:
enabled: false
secure:
extraConfig:
server:
cache:
provider:
constructor: catbox-memcached
options:
host: <memcached-fqdn>
port: <port>
Apply Helm values
Perform a Helm upgrade to apply the changes made to immuta-values.yaml.
helm upgrade <release-name> oci://ocir.immuta.com/stable/immuta-enterprise --values immuta-values.yaml --version 2024.2.3