Booz Allen Hamilton has been an invaluable partner since the early days of Twistlock. We have seen a significant increase in the adoption of Red Hat OpenShift container application platform and are grateful for the alliances we have built with these companies and the knowledge exchanged.
A great example of this collaboration comes from working with Steven Terrana of Booz Allen Hamilton. Steven has an excellent understanding OpenShift, Twistlock, and containerization technology. He developed an OpenShift deployment script for Twistlock which greatly simplifies the process of deploying Twistlock within your OpenShift cluster.
According to Dan Tucker, Vice President at Booz Allen Hamilton:
“Containerization is the future of platform infrastructure and a technology enabling agile modern software development. Booz Allen Hamilton’s federal clients want to move fast with the highest level of confidence that their code is secure. With Twistlock, we are able to deliver the best of both worlds.”
Up and running in minutes
Steven developed a bash script that performs all the required tasks to have an instance of Twistlock running within your OpenShift cluster in under three minutes. The script downloads the latest Twistlock release, loads the images into the internal OpenShift registry, generates the deployment yaml files and creates the required services.
Technical Deep Dive
The Twistlock Console deploys as a replicationController and the Twistlock Defenders as a daemonSet within an OpenShift Cluster.
To run the script you will need the following:
- OpenShift 3.3+
- Twistlock license and access token (contact Twistlock)
- Steven’s Twistlock OpenShift deployment script
- The script can be ran from a Linux or MacOS platform
- Logon to the OpenShift cluster and have OC command line admin access
Modify the script’s constants (lines 5 & 6):
Have the following input variables for your environment:
- Twistlock Namespace: <name of Twistlock Project>
- Twistlock Access Token: <contact Twistlock>
- Twistlock License Key: <contact Twistlock>
- Twistlock External Route: <external OpenShift router endpoint for Twistlock Console access, this will be the address used to access the Twistlock Console>
- Twistlock Console Admin User: <first Twistlock admin account name>
- Twistlock Console Password: <password>
Add the executable mask to the script chmod +x twistlock_openshift_deploy.sh
Launch the script ./twistlock_openshift_deploy.sh
The Twistlock Console uses a Persistent Volume (PV) for the backend database. You will be prompted to “select storage for the Twistlock console.” You can:
- Dynamically provision the PV by selecting “Storage Class”
- Select “Persistent Volume Labels” if you have provisioned your own PV. Supply the PV label name when prompted.
Once the script completes the Twistlock Console and Defenders will be running within the OpenShift Twistlock Project.
Access the Twistlock Console from a browser at the address “Twistlock External Route” that was provided as an input variable (https://Twistlock External Route).
Related Openshift & Container Security Posts
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
AWS Fargate 101
AWS Fargate is one of the newest services in the world of containers. ...
Security Alert: ESlint Malicious Packages Insights
On July 12, 2018, the ESLint project experienced a security incident, ...
Serverless Comparison: Lambda vs. Azure vs. GCP vs. OpenWhisk
Serverless computing adoption is growing at exponential rates. As with...
4 Steps to Jumpstart your DevSecOps Practices
If you understand DevOps, you probably also intuitively understand Dev...
Squaring the Circle: Making CI/CD Fast and Secure
Today, most DevOps teams place priorities on software delivery speed a...