Install Tenable Security Center in Kubernetes

This page describes how to install Tenable Security Center on a Kubernetes cluster. For minimum Tenable Security Center requirements, see Requirements in the Tenable Security Center user guide.

Before You Begin

You must have a Kubernetes cluster in a supported Kubernetes environment. For more information, see Supported Kubernetes Environments.
Download the kubectl binaries. For more information, see the Kubernetes documentation.
Update your kubeconfig file to allow kubectl to communicate with the Kubernetes cluster.
Download the Helm binaries. For more information, see the Helm documentation.
(Tenable Security Center 6.5.1 and later) Configure a PostgreSQL database. Tenable recommends you use a managed PostgreSQL database service (for example, RDS, AWS, or GCP). If you want to host the database yourself, see the Kubegres documentation.

Tenable Security Center in Kubernetes supports PostgreSQL version 16.x.
Create a namespace
Use the following command to create a namespace in your Kubernetes cluster:
Copy
kubectl create namespace tenable
Create a Kubernetes secret named pg-secrets.yaml
Use the following command to create a Kubernetes secret file to identify characteristics about the database:
Copy
kubectl apply --namespace tenable -f pg-secrets.yaml
The following is an example pg-secrets.yaml:
Copy
apiVersion: v1 kind: Secret metadata: name: pg-secrets type: Opaque data: pg_host: # the base64 encoded IP address or hostname of the PostgreSQL server pg_user: # the base64 encoded PostgreSQL username (must have CREATEDB and read/write permissions) pg_port: # the base64 encoded port number pg_password: # the base64 encoded password for the username in pg_user pg_database: # the base64 encoded database name for the Tenable Security Center data

Add the Tenable Helm Charts repository with the following command:
Copy
```
helm repo add tenable https://charts.tenable.com
```
Update the repository:
Copy
```
helm repo update
```
Install the Helm Chart or upgrade an existing Helm Chart using one of the following:
Use the key-value pair
1. To install the Helm Chart, run the following command. This is an example for a setup with 10,000 active IP addresses:
  Copy
  helm upgrade --install securitycenter \ --create-namespace --namespace tenable \ --set persistentVolumeClaim.size=900Gi \ --set resources.requests.cpu=16000m \ --set resources.requests.memory=64Gi \ --set resources.limits.cpu=16000m \ --set resources.limits.memory=64Gi tenable/securitycenter
  Note: The values you use in --set must remain constant every time you use this command to perform upgrades. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.
-or-
Use values.yaml
1. Create a values.yaml file with parameters sized to your deployment. This is an example for a setup with 10,000 active IP addresses:
  Copy
  persistentVolumeClaim: size: 900Gi resources: limits: cpu: 16000m memory: 64Gi requests: cpu: 16000m memory: 64Gi
  Note: If you create a custom values.yaml file, ensure you use the same file every time you upgrade. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.
2. To install the Helm Chart, run the following command:
  Copy
  helm upgrade --install securitycenter --create-namespace --namespace tenable -f values.yaml tenable/securitycenter
Note: The values in these steps are based on a setup with 10,000 active IP addresses. For minimum requirements for your environment, see Tenable Security Center Cloud Requirements.
Ensure that Tenable Security Center is installed by checking the container logs and pod status. For more information, see Troubleshooting Tenable Security Center in Kubernetes.
Copy the external IP of the service. For example, for an AWS environment with DNS configured, the external IP would be the load balancer DNS name.
To access the Tenable Security Center UI, navigate to https://<External-IP>:443. The application's hostname is tenable-security-center-0.