Helm Installation on Microsoft Azure Kubernetes Service (AKS)
Audience: System Administrators
Content Summary: This guide illustrates the deployment of an Immuta cluster on Microsoft Azure Container Service. Requirements may vary depending on the Azure Cloud environment and/or region. For comprehensive assistance, please contact an Immuta Support Professional.
This guide is intended to supplement the main Helm installation guide, which is referred to often throughout this page.
Immuta's suggested minimum Azure VM size for Azure Container Service deployments is
(4 vCPU, 14GB RAM, 200 GB SSD) or equivalent. The Immuta helm installation requires a minimum of 3 nodes.
Additional nodes can be added on demand.
For more information, see the Azure VM sizing documentation.
See the main helm installation guide for TLS certificate requirements.
Deploying Cluster Infrastructure
Before installing Immuta, you will need to spin up your AKS cluster. If you would like to install Immuta on an existing AKS cluster, you can skip this step. If wish to deploy a dedicated cluster for Immuta, please visit Deploying Immuta Cluster Infrastructure on AKS.
Option 1: Installing Immuta Manually via Helm
Please see the main helm installation guide for the full walkthrough of installing Immuta via our Helm chart. This section will focus on the specific requirements for the helm installation on AKS.
Using the Nginx Ingress Controller as a Load Balancer in Azure Cloud
Since you are deploying Immuta as an Azure cloud application in AKS, you can easily configure the Nginx Ingress Controller that is bundled with the Immuta Helm deployment as a load balancer using the generated hostname from Azure.
Confirm that you have the following configurations in your
values.yamlfile before deploying:
externalHostname: <your immuta helm release name>.<your azure region>.cloudapp.azure.com nginxIngress: enabled: true controller: service: type: LoadBalancer
helm install, you can find the public IP address of the nginx controller by running
kubectl get services -n <your immuta namespace>
If the public IP address shows up as
<pending>, wait a few moments and check again. Once you have the IP address, run the following commands to configure the Immuta Azure Cloud Application to use your ingress controller:
IP="<controller public IP address>" DNSNAME="<your immuta helm release name>" RG=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[resourceGroup]" --output tsv) PIPNAME=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[name]" --output tsv) az network public-ip update --resource-group $RG --name $PIPNAME --dns-name $DNSNAME
Shortly after running these commands, you should be able to reach the Immuta console in your web browser at the configured
Configuring Security Groups
It is recommended that you set up the network security group for the Immuta cluster to not be open to public traffic outside of your organization. If your organization already has rules and guidelines for your Azure Cloud Application security groups, then you should adhere to those. Otherwise, we recommend visiting Microsoft's documentation page for configuring Network security groups to find a solution that fits your environment.
To configure backups with Azure, see the backup section in the Immuta Helm Chart.
Option 2: Automated Installation
- Prepare the Helm values file,
- Register the required secrets to pull Immuta's Docker images,
- Run the Helm installation, and
- Create the mapping between the external IP address Ingress Controller (the cluster's load balancer) and the cluster's public DNS name.
Running the automated deployment script will make a series of decisions for you:
- The TLS certificates will be generated on-the-fly and will be self-signed. You can easily change this later by following the instructions in the main Helm installation guide.
- The number of replicas from each component will be automatically derived from your AKS cluster's node count. This can be easily modified by overriding the replicas parameter.
- The installation will set up backup volumes by default.
0to disable Immuta backups.
Download the Script
- Download the script here.
- Make it executable by running
chmod +x immuta-aks.sh
Deploy to an AKS Cluster
Below is the list of the parameters that the script accepts. These parameters are environment variables that are prepended to the execution command.
||The name of your AKS cluster||Required||-|
||The Azure Subscription ID||Required||-|
||The resource group that contains the cluster||Required||-|
||An arbitrary metadata database password||Required||-|
||An arbitrary metadata database super-user password||Required||-|
||An arbitrary metadata database replication password||Required||-|
||An arbitrary metadata database Patroni API password||Required||-|
||An arbitrary Query Engine password||Required||-|
||An arbitrary Query Engine super-user password||Required||-|
||An arbitrary Query Engine replication password||Required||-|
||An arbitrary Query Engine Patroni API password||Required||-|
||The version tag of the desired Immuta installation||Optional||2.6.1|
||The Kubernetes namespace to create and deploy Immuta to||Optional||immuta|
||The number of replicas of each main component in the cluster||Optional||1|
||Whether or not backups should be enabled||Optional||1|
||Backup Storage Account resource group||Optional||Same as
Run the Deployment
To run the script and deploy, you can simply prepend the above-mentioned parameters to the
execution command, with the action
deploy. For example,
CLUSTER_NAME="..." \ SUBSCRIPTION_ID="..." \ CLUSTER_RESOURCE_GROUP="..." \ DOCKER_USERNAME="..." \ DOCKER_PASSWORD="..." \ DB_PASSWORD="..." \ DB_SUPERUSER_PASSWORD="..." \ DB_REPLICATION_PASSWORD="..." \ DB_PATRONI_API_PASSWORD="..." \ QE_PASSWORD="..." \ QE_SUPERUSER_PASSWORD="..." \ QE_REPLICATION_PASSWORD="..." \ QE_PATRONI_API_PASSWORD="..." \ ./immuta-aks.sh deploy
Destroy a Deployment
You can use the same script to destroy a deployment you had previously run with this script, by running the following command:
CLUSTER_NAME="..." \ ./immuta-aks.sh destroy
The value of
CLUSTER_NAME should be identical to the name of the
CLUSTER_NAME value you've used to deploy Immuta.