Tenable Enclave Security Helm Charts
Tenable Enclave Security leverages the Helm open-source package manager. When you install, configure, or upgrade Tenable Enclave Security, use this Helm Chart.
To download the Helm Chart for Tenable Enclave Security, go to https://github.com/tenable/helm-charts.
Helm Chart
| Helm Chart | Description |
|---|---|
|
tes-operator |
Configures the namespace, persistent volume claim, and StatefulSet Pods to pull images from container registries. |
Note: Tenable Enclave Security does not support changing any values besides the ones listed here.
Specify CPU and Memory Requests and Limits
The following example is for an environment with 10,000 active IPs. For sizing requirements specific to your needs, see System Requirements.
resources:
limits:
cpu: 16000m
memory: 64Gi
requests:
cpu: 16000m
memory: 64Gi
Specify disk space
persistentVolumeClaim:
size: 900Gi
Specify Service annotations (Optional)
If you are using Kubernetes in a hosted environment and your provider (for example, AWS) supports it, use the following annotation to restrict access to the created load balancer.
service:
annotations:
service.beta.kubernetes.io/load-balancer-source-ranges: "<IP Range>"
Specify Node Affinity (Optional)
Tenable Enclave Security requires an amd64 node. If you are using Kubernetes in an environment with multiple available node types, or that requires a node affinity policy, you can add the policy to values.yaml. The following is an example policy for Karpenter in AWS and EKS.
tes:
blades:
global:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- key: karpenter.sh/capacity-type
operator: In
values:
- on-demand