Install Tenable Security Center in Kubernetes
This page describes how to install Tenable Security Center on a Kubernetes cluster.
Before You Begin
-
You must have a Kubernetes cluster on a supported Kubernetes environment. For more information, see Supported Kubernetes Environments.
-
Download the kubectl binaries. For more information, see the Kubernetes documentation.
-
Update your kubeconfig file to allow kubectl to communicate with the Kubernetes cluster.
-
Download the Helm binaries. For more information, see the Helm documentation.
Install Tenable Security Center in Kubernetes
-
Add the Tenable Helm Charts repository with the following command:
Copyhelm repo add tenable https://charts.tenable.com
-
Update the repository:
Copyhelm repo update
-
Install the Helm Chart or upgrade an existing Helm Chart using one of the following:
Use the key-value pair-
To install the Helm Chart, run the following command. This is an example for a setup with 10,000 active IP addresses:
Copyhelm upgrade --install securitycenter \
--create-namespace --namespace tenable \
--set persistentVolumeClaim.size=900Gi \
--set resources.requests.cpu=16000m \
--set resources.requests.memory=64Gi \
--set resources.limits.cpu=16000m \
--set resources.limits.memory=64Gi tenable/securitycenterNote: The values you use in --set must remain constant every time you use this command to perform upgrades. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.
-or-
Use values.yaml-
Create a values.yaml file with parameters sized to your deployment. This is an example for a setup with 10,000 active IP addresses:
CopypersistentVolumeClaim:
size: 900Gi
resources:
limits:
cpu: 16000m
memory: 64Gi
requests:
cpu: 16000m
memory: 64GiNote: If you create a custom values.yaml file, ensure you use the same file every time you upgrade. Otherwise, Tenable uses default values that may not match your configuration. For more information, see Values.yaml Configuration.
-
To install the Helm Chart, run the following command:
Copyhelm upgrade --install securitycenter --create-namespace --namespace tenable -f values.yaml tenable/securitycenter
Note: The values in these steps are based on a setup with 10,000 active IP addresses. For minimum requirements for your environment, see Tenable Security Center Cloud Requirements.
-
-
Ensure that Tenable Security Center is installed by checking the container logs and pod status. For more information, see Troubleshooting Tenable Security Center in Kubernetes.
-
Copy the external IP of the service. For example, for an AWS environment with DNS configured, the external IP would be the load balancer DNS name.
-
To access the Tenable Security Center UI, navigate to https://<External-IP>:443. The application's hostname is tenable-security-center-0.