Prepare a Kubernetes Cluster

To determine whether your existing Kubernetes cluster meets the requirements for use with Tenable Enclave Security, see System Requirements.

Before you begin

• Configure a routable URL or external gateway.

• Determine whether to create a new Kubernetes or use an existing cluster.

Configure a Kubernetes cluster

1. Create a new Kubernetes cluster. For instructions on how to create a new cluster, see the Kubernetes documentation.

   -or-

   Use an existing cluster. To determine whether your existing cluster meets the requirements for your Tenable Enclave Security deployment, see System Requirements.

2. Install cert-manager in your Kubernetes cluster. For instructions on how to install cert-manager, see the cert-manager documentation.

   Note: if you want to use your own certificates, contact your Tenable Support representative.

3. Install cert-manager-csi-installer in your Kubernetes cluster.

4. Configure your database.

   Tenable recommends you use a managed postgres database service (for example, RDS, AWS, or GCP). If you want to host the database yourself, see the Kubegres documentation.

5. After you configure your database, create a Kubernetes secret named tes-pg-secrets using the following command.

   Copy

   kubectl apply --namespace tenable-enclave-security -f tes-pg-secrets.yaml

   The following is an example tes-pg-secrets.yaml:

   Copy

   apiVersion: v1
   data:
     pg_host: # base64 encoded hostname and port connection string
     pg_user: # base64 encoded username to use (must have privileges to create databases and users)
     pg_pass: # base64 encoded password for the above username
     pg_ro_host: # base64 encoded read-only host string (can be same as pg_host)
   kind: Secret
   metadata:
     name: tes-pg-secrets
     namespace: tenable-enclave-security
   type: Opaque