Prepare a Kubernetes Cluster
To determine whether your existing Kubernetes cluster meets the requirements for use with Tenable Enclave Security, see System Requirements.
Before you begin
-
Configure a routable URL or external gateway.
-
Determine whether to create a new Kubernetes or use an existing cluster.
Configure a Kubernetes cluster
-
Create a new Kubernetes cluster. For instructions on how to create a new cluster, see the Kubernetes documentation.
-or-
Use an existing cluster. To determine whether your existing cluster meets the requirements for your Tenable Enclave Security deployment, see System Requirements.
-
Define a default storage class on the cluster. For instructions on how to change the default storage class, see the Kubernetes documentation.
-
Install cert-manager in your Kubernetes cluster. For instructions on how to install cert-manager, see the cert-manager documentation.
Note: if you want to use your own certificates, contact your Tenable Support representative.
-
Install cert-manager-csi-installer in your Kubernetes cluster.
-
Configure the Container Security database. This database contains the data visible in the Container Security UI, including vulnerabilities, images, packages, and layers.
Tenable recommends you use a managed postgres database service (for example, RDS, AWS, or GCP). If you want to host the database yourself, see the Kubegres documentation.
Postgres compatible versionsRecommended postgres version: PG16
Compatible versions: PG13, PG14, PG15
-
Create a Kubernetes secret named tes-pg-secrets to identify characteristics about the database.
Copykubectl apply --namespace tenable-enclave-security -f tes-pg-secrets.yaml
The following is an example tes-pg-secrets.yaml:
CopyapiVersion: v1
data:
pg_host: # base64 encoded hostname and port connection string
pg_user: # base64 encoded username to use (must have privileges to create databases and users)
pg_pass: # base64 encoded password for the above username
pg_ro_host: # base64 encoded read-only host string (can be same as pg_host)
kind: Secret
metadata:
name: tes-pg-secrets
namespace: tenable-enclave-security
type: Opaque