Booz Allen Hamilton has been an invaluable partner since the early days of Twistlock. We have seen a significant increase in the adoption of Red Hat OpenShift container application platform and are grateful for the alliances we have built with these companies and the knowledge exchanged.
A great example of this collaboration comes from working with Steven Terrana of Booz Allen Hamilton. Steven has an excellent understanding OpenShift, Twistlock, and containerization technology. He developed an OpenShift deployment script for Twistlock which greatly simplifies the process of deploying Twistlock within your OpenShift cluster.
According to Dan Tucker, Vice President at Booz Allen Hamilton:
“Containerization is the future of platform infrastructure and a technology enabling agile modern software development. Booz Allen Hamilton’s federal clients want to move fast with the highest level of confidence that their code is secure. With Twistlock, we are able to deliver the best of both worlds.”
Up and running in minutes
Steven developed a bash script that performs all the required tasks to have an instance of Twistlock running within your OpenShift cluster in under three minutes. The script downloads the latest Twistlock release, loads the images into the internal OpenShift registry, generates the deployment yaml files and creates the required services.
Technical Deep Dive
The Twistlock Console deploys as a replicationController and the Twistlock Defenders as a daemonSet within an OpenShift Cluster.
To run the script you will need the following:
- OpenShift 3.3+
- Twistlock license and access token (contact Twistlock)
- Steven’s Twistlock OpenShift deployment script
- The script can be ran from a Linux or MacOS platform
- Logon to the OpenShift cluster and have OC command line admin access
Modify the script’s constants (lines 5 & 6):
Have the following input variables for your environment:
- Twistlock Namespace: <name of Twistlock Project>
- Twistlock Access Token: <contact Twistlock>
- Twistlock License Key: <contact Twistlock>
- Twistlock External Route: <external OpenShift router endpoint for Twistlock Console access, this will be the address used to access the Twistlock Console>
- Twistlock Console Admin User: <first Twistlock admin account name>
- Twistlock Console Password: <password>
Add the executable mask to the script chmod +x twistlock_openshift_deploy.sh
Launch the script ./twistlock_openshift_deploy.sh
The Twistlock Console uses a Persistent Volume (PV) for the backend database. You will be prompted to “select storage for the Twistlock console.” You can:
- Dynamically provision the PV by selecting “Storage Class”
- Select “Persistent Volume Labels” if you have provisioned your own PV. Supply the PV label name when prompted.
Once the script completes the Twistlock Console and Defenders will be running within the OpenShift Twistlock Project.
Access the Twistlock Console from a browser at the address “Twistlock External Route” that was provided as an input variable (https://Twistlock External Route).
Related Openshift & Container Security Posts
- Container Security
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
IAM Roundup: AWS vs. Azure vs. GCPRead the Blog
How to Securely Configure a Linux Host for ContainersRead the Blog
Don’t Forget the Audit Trail! The Role of Reporting in SecurityRead the Blog
Securing Cloud Native Applications on Pivotal Container Service (PKS)Read the Blog
What to Know: Gartner’s Security Considerations and Best Practices for Securing Serverless PaaSRead the Blog