Deployment Requirements
Immuta comprises three core services: Secure, Discover, and Detect. These services rely on PostgreSQL and ElasticSearch to store their states. The Immuta Enterprise Helm chart (IEHC) does not include the deployment of PostgreSQL or ElasticSearch, so you must deploy them separately.
%%{ init: { 'flowchart': { 'curve': 'stepBefore' } } }%%
flowchart
secureWeb --> pg[(PostgreSQL)]
secureWorker --> pg
secureWeb --> cacheDecision
secureWorker --> cacheDecision
detectApi --> es[(ElasticSearch)]
detectApi --> pg
cacheDecision --> |Built-in?| builtinCache
cacheDecision -.-> |External?| externalCache
externalCache[(Redis/Memcached)]
subgraph ideploy[Immuta Enterprise Helm chart]
subgraph secure[Secure]
secureWeb[Secure Web/API]
secureWorker[Secure Worker]
end
subgraph detect[Detect]
detectApi[Detect API]
end
subgraph discover[Discover]
discoverApi[Discover API]
end
cacheDecision{Cache}
builtinCache[(Memcached)]
end
%% Add links
click pg "#metadata-database-postgresql" "PostgreSQL Prerequistes";
click externalCache "#cache-redismemcached" "Redis/Memcached Prerequistes";
click es "#elasticsearch" "ElasticSearch Prerequistes";This page outlines the requirements and recommendations for the Immuta deployment and its dependencies.
Version requirements
Kubernetes versions
| Kubernetes distribution | Kubernetes versions |
|---|---|
| Elastic Kubernetes Service (EKS) | 1.25 - 1.29 |
| Azure Kubernetes Service (AKS) | 1.27 - 1.29 |
| Google Kubernetes Engine (GKE) | 1.26 - 1.29 |
| Red Hat OpenShift | 1.25 - 1.29 |
| SUSE Rancher Government (RKE2) | 1.25 - 1.29 |
| SUSE K3s - For evaluation purposes only | 1.25 - 1.29 |
Metadata database (PostgreSQL)
PostgreSQL incompatibilities
Immuta is not compatible with PostgreSQL abstraction layers, such as Amazon Aurora.
- PostgreSQL 15.0 or newer
- The
pgcryptoextension must be enabled
ElasticSearch
- ElasticSearch 8.0 or newer
- OpenSearch 8.0 or newer
Cache (Redis/Memcached)
Built-in cache
The IEHC manages its own Memcached deployment inside the cluster. The key-value cache can optionally be externalized post installation.
- Redis 7.0 or newer
- Memcached 1.6 or newer
Infrastructure recommendations
| Kubernetes distribution | Ingress | External metadata database | External cache | External ElasticSearch |
|---|---|---|---|---|
| Amazon Elastic Kubernetes Service (EKS) | AWS Load Balancer Controller | Amazon RDS for PostgreSQL | Amazon ElastiCache for Redis | Amazon OpenSearch |
| Azure Kubernetes Service (AKS) | Azure Application Gateway Ingress Controller | Azure Database for PostgreSQL | Azure Cache for Redis | Elastic Cloud on Azure |
| Google Kubernetes Engine (GKE) | GKE Ingress Controller | Google Cloud SQL for PostgreSQL | Memorystore for Redis | Elastic Cloud on Google Cloud |
| Red Hat OpenShift | OpenShift Ingress Operator | Cloud-managed PostgreSQL1 | Cloud-managed Redis2 | Cloud-managed ElasticSearch3 |
| SUSE Rancher Government (RKE2) | Ingress NGINX Controller | Cloud-managed PostgreSQL1 | Cloud-managed Redis2 | Cloud-managed ElasticSearch3 |
| SUSE K3s - For evaluation purposes only | Traefik | Cloud-managed PostgreSQL1 | Cloud-managed Redis2 | Cloud-managed ElasticSearch3 |
Next step
Follow the Getting started guide to install Immuta.
-
Cloud-managed PostgreSQL, such as Amazon RDS, Azure Database for PostgreSQL, or Google Cloud SQL for PostgreSQL, is recommended when running Kubernetes in cloud environments. ↩↩↩
-
Cloud-managed Redis/Memcached, such as Amazon ElastiCache, Azure Cache, or Google Cloud Memorystore, is recommended when running Kubernetes in cloud environments. ↩↩↩
-
Cloud-managed Elasticsearch, such as Amazon OpenSearch, or Elastic Cloud, is recommended when running Kubernetes in cloud environments. ↩↩↩