Tenable Security Center Helm Charts
Tenable Security Center leverages the Helm open-source package manager for Kubernetes. When you install, configure, or upgrade Tenable Security Center in a Kubernetes environment, use this Helm Chart.
To download the Helm Chart for Tenable Security Center, go to https://github.com/tenable/helm-charts.
Helm Chart
| Helm Chart | Description |
|---|---|
|
securitycenter |
Configures the namespace, persistent volume claim, and StatefulSet Pods to pull images from container registries. |
Specify CPU and Memory Requests and Limits
The following example is for an environment with 10,000 active IPs. For sizing requirements specific to your needs, see Tenable Security Center Cloud Requirements.
resources:
limits:
cpu: 16000m
memory: 64Gi
requests:
cpu: 16000m
memory: 64Gi
Specify SC disk space
persistentVolumeClaim:
size: 900Gi
Specify Service annotations (Optional)
If you are using Kubernetes in a hosted environment and your provider (for example, AWS) supports it, use the following annotation to restrict access to the created load balancer.
service:
annotations:
service.beta.kubernetes.io/load-balancer-source-ranges: "<IP Range>"
Specify Node Affinity (Optional)
Tenable Security Center requires an amd64 node. If you are using Kubernetes in an environment with multiple available node types, or that requires a node affinity policy, you can add the policy to values.yaml. The following is an example policy for Karpenter in AWS and EKS.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- key: karpenter.sh/capacity-type
operator: In
values:
- on-demand