Booz Allen Hamilton has been an invaluable partner since the early days of Twistlock. We have seen a significant increase in the adoption of Red Hat OpenShift container application platform and are grateful for the alliances we have built with these companies and the knowledge exchanged.
A great example of this collaboration comes from working with Steven Terrana of Booz Allen Hamilton. Steven has an excellent understanding OpenShift, Twistlock, and containerization technology. He developed an OpenShift deployment script for Twistlock which greatly simplifies the process of deploying Twistlock within your OpenShift cluster.
According to Dan Tucker, Vice President at Booz Allen Hamilton:
“Containerization is the future of platform infrastructure and a technology enabling agile modern software development. Booz Allen Hamilton’s federal clients want to move fast with the highest level of confidence that their code is secure. With Twistlock, we are able to deliver the best of both worlds.”
Up and running in minutes
Steven developed a bash script that performs all the required tasks to have an instance of Twistlock running within your OpenShift cluster in under three minutes. The script downloads the latest Twistlock release, loads the images into the internal OpenShift registry, generates the deployment yaml files and creates the required services.
Technical Deep Dive
The Twistlock Console deploys as a replicationController and the Twistlock Defenders as a daemonSet within an OpenShift Cluster.
To run the script you will need the following:
- OpenShift 3.3+
- Twistlock license and access token (contact Twistlock)
- Steven’s Twistlock OpenShift deployment script
- The script can be ran from a Linux or MacOS platform
- Logon to the OpenShift cluster and have OC command line admin access
Modify the script’s constants (lines 5 & 6):
Have the following input variables for your environment:
- Twistlock Namespace: <name of Twistlock Project>
- Twistlock Access Token: <contact Twistlock>
- Twistlock License Key: <contact Twistlock>
- Twistlock External Route: <external OpenShift router endpoint for Twistlock Console access, this will be the address used to access the Twistlock Console>
- Twistlock Console Admin User: <first Twistlock admin account name>
- Twistlock Console Password: <password>
Add the executable mask to the script chmod +x twistlock_openshift_deploy.sh
Launch the script ./twistlock_openshift_deploy.sh
The Twistlock Console uses a Persistent Volume (PV) for the backend database. You will be prompted to “select storage for the Twistlock console.” You can:
- Dynamically provision the PV by selecting “Storage Class”
- Select “Persistent Volume Labels” if you have provisioned your own PV. Supply the PV label name when prompted.
Once the script completes the Twistlock Console and Defenders will be running within the OpenShift Twistlock Project.
Access the Twistlock Console from a browser at the address “Twistlock External Route” that was provided as an input variable (https://Twistlock External Route).
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
6 Tips for Secure Data Management for Containers
One of the main reasons why containers have become so popular is that ...
OpenShift Internal Registry: Populating Registry Scans with Twistlock
Twistlock uses the Docker v2 Registry catalog API call to inventory im...
Better Together: Protecting Docker Registries with Twistlock and JFrog Artifactory
In a containerized devops lifecycle, a registry such as JFrog Artifact...
Support for Emerging Container Runtimes: RunC, containerd, cri-o and Beyond
In the beginning there was lxc… or maybe Solaris Zones, or BSD J...
Twistlock Jenkins Plugin and Time-Based Vulnerability Blocking : 2.4 Deep Dive
Twistlock has provided the ability to seamlessly integrate security in...