Booz Allen Hamilton has been an invaluable partner since the early days of Twistlock. We have seen a significant increase in the adoption of Red Hat OpenShift container application platform and are grateful for the alliances we have built with these companies and the knowledge exchanged.

A great example of this collaboration comes from working with Steven Terrana of Booz Allen Hamilton. Steven has an excellent understanding OpenShift, Twistlock, and containerization technology. He developed an OpenShift deployment script for Twistlock which greatly simplifies the process of deploying Twistlock within your OpenShift cluster.

According to Dan Tucker, Vice President at Booz Allen Hamilton:

“Containerization is the future of platform infrastructure and a technology enabling agile modern software development. Booz Allen Hamilton’s federal clients want to move fast with the highest level of confidence that their code is secure. With Twistlock, we are able to deliver the best of both worlds.”

Up and running in minutes

Steven developed a bash script that performs all the required tasks to have an instance of Twistlock running within your OpenShift cluster in under three minutes. The script downloads the latest Twistlock release, loads the images into the internal OpenShift registry, generates the deployment yaml files and creates the required services.

Technical Deep Dive

The Twistlock Console deploys as a replicationController and the Twistlock Defenders as a daemonSet within an OpenShift Cluster.

To run the script you will need the following:

  1. OpenShift 3.3+
  2. Twistlock license and access token (contact Twistlock)
  3. Steven’s Twistlock OpenShift deployment script
  4. The script can be ran from a Linux or MacOS platform
  5. Logon to the OpenShift cluster and have OC command line admin access

Modify the script’s constants (lines 5 & 6):


Have the following input variables for your environment:

  1. Twistlock Namespace: <name of Twistlock Project>
  2. Twistlock Access Token: <contact Twistlock>
  3. Twistlock License Key: <contact Twistlock>
  4. Twistlock External Route: <external OpenShift router endpoint for Twistlock Console access, this will be the address used to access the Twistlock Console>
  5. Twistlock Console Admin User: <first Twistlock admin account name>
  6. Twistlock Console Password: <password>

Add the executable mask to the script chmod +x
Launch the script ./

The Twistlock Console uses a Persistent Volume (PV) for the backend database. You will be prompted to “select storage for the Twistlock console.” You can:

  • Dynamically provision the PV by selecting “Storage Class”
  • Select “Persistent Volume Labels” if you have provisioned your own PV. Supply the PV label name when prompted.

Once the script completes the Twistlock Console and Defenders will be running within the OpenShift Twistlock Project.

Access the Twistlock Console from a browser at the address “Twistlock External Route” that was provided as an input variable (https://Twistlock External Route).


Twistlock would like to thank Steven Terrana of Booz Allen Hamilton for his expertise and willingness to share the Twistlock deployment script for Red Hat OpenShift.

Related Openshift & Container Security Posts

  • How to Make Your Containers More Secure On OpenShift Security
  • OpenShift Source-To-Image Vulnerability – CVE-2018-1102
  • ← Back to All Posts Next Post →