Install Tenable Security Center in Kubernetes

This page describes how to install Tenable Security Center on a Kubernetes cluster.

Before You Begin

  • You must have a Kubernetes cluster on a supported Kubernetes environment. For more information, see Supported Kubernetes Environments.

  • Download the kubectl binaries. For more information, see the Kubernetes documentation.

  • Update your kubeconfig file to allow kubectl to communicate with the Kubernetes cluster.

  • Download the Helm binaries. For more information, see the Helm documentation.

Install Tenable Security Center in Kubernetes

  1. Add the Tenable Helm Charts repository with the following command:

    Copy 
    helm repo add tenable https://charts.tenable.com

  2. Update the repository:

    Copy 
    helm repo update

  3. Install the Helm Chart or upgrade an existing Helm Chart using one of the following:

    1. To install the Helm Chart, run the following command. This is an example for a setup with 10,000 active IP addresses:

      Copy 
      helm upgrade --install securitycenter \
        --create-namespace --namespace tenable \
        --set persistentVolumeClaim.size=900Gi \
        --set resources.requests.cpu=16000m \
        --set resources.requests.memory=64Gi \
        --set resources.limits.cpu=16000m \
        --set resources.limits.memory=64Gi tenable/securitycenter

      Note: The values you use in --set must remain constant every time you use this command to perform upgrades. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.

    -or-

    1. Create a values.yaml file with parameters sized to your deployment. This is an example for a setup with 10,000 active IP addresses:

      Copy 
      persistentVolumeClaim:
        size: 900Gi

      resources:
        limits:
          cpu: 16000m
          memory: 64Gi
        requests:
          cpu: 16000m
          memory: 64Gi

      Note: If you create a custom values.yaml file, ensure you use the same file every time you upgrade. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.

    2. To install the Helm Chart, run the following command:

      Copy 
      helm upgrade --install securitycenter --create-namespace --namespace tenable -f values.yaml tenable/securitycenter

    Note: The values in these steps are based on a setup with 10,000 active IP addresses. For minimum requirements for your environment, see Tenable Security Center Cloud Requirements.

  4. Ensure that Tenable Security Center is installed by checking the container logs and pod status. For more information, see Troubleshooting Tenable Security Center in Kubernetes.

  5. Copy the external IP of the service. For example, for an AWS environment with DNS configured, the external IP would be the load balancer DNS name.

  6. To access the Tenable Security Center UI, navigate to https://<External-IP>:443. The application's hostname is tenable-security-center-0.