Install Tenable Enclave Security

This topic describes how to install Tenable Enclave Security in a Kubernetes cluster. To update an existing Tenable Enclave Security deployment, see Update Tenable Enclave Security.

Install Tenable Enclave Security
Install Tenable Enclave Security in an air-gapped environment

Before You Begin

You must have a Kubernetes cluster in a supported Kubernetes environment. For more information, see Supported Kubernetes Environments and Prepare a Kubernetes Cluster.
Download the kubectl binaries. For more information, see the Kubernetes documentation.
Update your kubeconfig file to allow kubectl to communicate with the Kubernetes cluster.
Download the Helm binaries. For more information, see the Helm documentation.

Create a Kubernetes cluster or configure an existing Kubernetes cluster that meets the system requirements for Tenable Enclave Security.
In the Kubernetes cluster where you want to install Tenable Enclave Security, create a namespace using the following command:
Copy
```
kubectl create namespace tenable-enclave-security
```
In this example, the namespace is tenable-enclave-security. You can use a namespace of your choice, just make sure you use the same namespace every time you install or upgrade Tenable Enclave Security.

Get the cluster ID using the following command:

Copy

kubectl get namespace kube-system --output jsonpath={.metadata.uid}

Obtain a Tenable Enclave Security license file and save it to your local environment.

Add your license to the namespace that you created in step 2 using the following command:

Copy

kubectl --namespace tenable-enclave-security create secret generic tes-license --from-file=license=directory/license.key

Add the Tenable Helm Charts repository with the following command:
Copy
```
helm repo add tenable https://charts.tenable.com
```
Update the repository:
Copy
```
helm repo update
```
Install the Helm Chart or upgrade an existing Helm Chart.

Note: The values in these steps are based on a setup with 10,000 active IP addresses. For minimum requirements for your environment, see System Requirements.
1. Create a values.yaml file with parameters sized to your deployment. The following is an example values.yaml:
  Copy
```
tes:
  blades:
    securitycenter:
      resources:
        limits:
          cpu: 32000m
          memory: 128Gi
        requests:
          cpu: 32000m
          memory: 128Gi
      persistentVolumeClaim:
        size: 5000Gi
```
  Note: If you create a custom values.yaml file, ensure you use the same file every time you upgrade. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.
2. To install the Helm Chart, run the following command:
  Copy
```
helm install tes-operator --namespace tenable-enclave-security -f values.yaml tenable/tes-operator
```

Push the updated Tenable Enclave Security license file using the following commands:

Copy

kubectl --namespace tenable-enclave-security delete secret tes-license

Copy

kubectl --namespace tenable-enclave-security create secret generic tes-license --from-file=license=directory/license.key

Access Tenable Enclave Security via the URL that you defined in Prepare a Kubernetes Cluster.

Install Tenable Enclave Security in an air-gapped environment

Obtain the Helm Charts and publish them locally.
1. Add the Tenable Helm Charts repository with the following command:
  Copy
```
helm repo add tenable https://charts.tenable.com
```
2. Update the repository:
  Copy
```
helm repo update
```
Contact your Tenable support representative for a list of required container images and tags for your version of Tenable Enclave Security, and add the container images and tags to your internal image registry.
Obtain a new license if needed. For more information, see License Tenable Enclave Security Offline.

Install the Helm Chart or upgrade an existing Helm Chart.

Note: The values in these steps are based on a setup with 10,000 active IP addresses. For minimum requirements for your environment, see System Requirements.

Create a values.yaml file with your private registry information. The following is an example values.yaml for an air-gapped deployment:

Copy

operator:
  image:
    registry: some-private-registry.example.com # private image registry hostname
    imagePullSecret: registrypullsecret # private image registry access secret, if needed

tes:
  blades:
    securitycenter:
      resources:
        limits:
          cpu: 32000m
          memory: 128Gi
        requests:
          cpu: 32000m
          memory: 128Gi
      persistentVolumeClaim:
        size: 5000Gi

Note: If you create a custom values.yaml file, ensure you use the same file every time you upgrade. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.

To install the Helm Chart, run the following command:

Copy

helm install tes-operator --create-namespace --namespace tenable-enclave-security -f values.yaml tenable/tes-operator

Update the repository:
Copy
```
helm repo update
```

Upgrade the Tenable Enclave Security operator using the following command:

Copy

helm upgrade tes-operator --create-namespace --namespace tenable-enclave-security -f values.yaml tenable/tes-operator

Add your license to the namespace using the following command:

Copy

kubectl --namespace tenable-enclave-security create secret generic tes-license --from-file=license=directory/license.key

Access Tenable Enclave Security via the URL that you defined in Prepare a Kubernetes Cluster.

What to do next

Configure Tenable Enclave Security using the setup steps in the UI. For more information, see Configure Tenable Enclave Security.