Migrate Tenable Security Center to Kubernetes

These steps describe how to migrate an existing Tenable Security Center deployment to Kubernetes.

Note: If your migration file is over 1 TB, contact Tenable Professional Services for assistance.

Determine the appropriate sizing for your deployment. For system requirements specific to your needs, see Tenable Security Center Cloud Requirements.
Upgrade your Tenable Security Center deployment to the version you plan to deploy in Kubernetes.

Your Tenable Security Center version must be version 6.3.x or later. For instructions on how to upgrade Tenable Security Center, see Upgrade Tenable Security Center.
Determine the amount of disk space your deployment currently occupies by running the following command as a root user:
Copy
```
du -sb /opt/sc
```
The size of the current Tenable Security Center deployment appears in bytes.

Note: You must have at least twice the amount of disk space in your new environment to unpack the backup file into the new deployment.
Obtain a new Tenable Security Center license for the Kubernetes system.
Obtain a backup file for the migration:
1. Log in to Tenable Security Center via the command line interface (CLI).
2. Stop Tenable Security Center with the following command:
  Copy
```
/bin/systemctl stop SecurityCenter
```
3. In the CLI in Tenable Security Center, run the following command to view all running processes:
  Copy
```
ps -fu tns
```
4. If any processes are listed, run the following commands to stop them:
  Copy
```
killall -u tns
```
  Copy
```
killall httpd
```
  Note: These commands stop all jobs (including scans) running on Tenable Security Center.
5. If necessary, repeat step d to confirm all processes are stopped.
6. Run the following command to create a .tar file for your /opt/sc directory:
  Copy
```
cd /opt
tar pcfz sc_migrate.tar.gz --exclude={'saml/*','support/bin/*','support/include/*','support/lib/*','support/modules/*','support/openssl/*','support/php/*','support/var/*','src/*','www/*','data/plugins/*','data/fips.cnf','bin/*','customer-tools/*','fop/*'} sc/
```
  Note: The.tar file switches are case-sensitive.
  
  Tenable Security Center creates the backup file.
Perform a fresh install of Tenable Security Center in Kubernetes using the steps in Install Tenable Security Center in Kubernetes.

Note: Ensure you install the same version of Tenable Security Center as the version in your migration file.

Capture the sc_migrate.tar.gz file and push it to the Kubernetes runtime container opt folder with the following command:

Copy

tar cf - sc_migrate.tar.gz | kubectl exec -i -n tenable -c sc-runtime-container tenable-security-center-0 -- tar xf - -C /opt

Log in to the Kubernetes runtime container with the following command:
Copy
```
kubectl exec -it tenable-security-center-0 -n tenable -- /bin/sh
```
Stop Tenable Security Center with the following command:
Copy
```
/scbase/SC.sh stop
```
Extract the files over the existing Tenable Security Center setup with the following command:
Copy
```
cd /opt
tar xfz sc_migrate.tar.gz
rm sc_migrate.tar.gz
```
Restart and update the deployment by running the migration command:
Copy
```
/scbase/SC.sh migrate
```
Delete the pod using kubectl commands outside of the container manually:
Copy
```
kubectl delete -n tenable pod tenable-security-center-0
```
This will recreate the pod and restart the containers to fix any installation issues with the migrated data.
After everything has restarted, apply the new license and ensure Tenable Security Center is working as expected.