$ wget <LINK_TO_CURRENT_RECOMMENDED_RELEASE_LINK>
Pivotal Container Service (PKS) lets you deploy Kubernetes clusters on demand. Use our standard Kubernetes install procedure to deploy Twistlock to PKS. The only difference between PKS and standard Kubernetes is the location of the Docker socket. A single line change in the Twistlock configuration file lets you specify the path to the Docker socket in PKS. From there, follow the normal Kubernetes install procedure.
To ensure that your installation goes smoothly, work through the following checklist and validate that all requirements are met.
You have a valid Twistlock license key and access token.
You have provisioned a PKS cluster that meets the minimum system requirements.
Twistlock Defender requires elevated privileges. Ensure that the following permissions are set in your PKS cluster:
Set Privileged Containers to true (enabled).
Set DenyEscalatingExec to false (disabled). After Twistlock is installed, you can utilize it to deny other privileged containers from starting and deny escalation of privileges.
The nodes in your cluster can reach Twistlock’s cloud registry (registry-auth.twistlock.com).
You can create and delete namespaces in your cluster.
You can Run kubectl create commands.
Validate that the following ports are open:
Twistlock Console:
Incoming: 8081, 8083, 8084
Outgoing: 443, 53
Twistlock Defenders:
Incoming: None
Outgoing: 8084
Prepare your PKS environment, then use the standard procedure for installing Twistlock on Kubernetes.
Download the Twistlock software to your cluster’s controller node.
Go to Releases, and copy the link to current recommended release.
Download the release tarball to your cluster controller.
$ wget <LINK_TO_CURRENT_RECOMMENDED_RELEASE_LINK>
Unpack the Twistlock release tarball.
$ mkdir twistlock $ tar xvzf twistlock_<VERSION>.tar.gz -C twistlock/
Open twistlock/twistlock.cfg and set the path to the Docker socket.
DOCKER_SOCKET=${DOCKER_SOCKET:-/var/vcap/data/sys/run/docker/docker.sock}
In twistlock.cfg, set RUN CONSOLE AS ROOT to true.
RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-true}
Proceed with the instructions for installing Twistlock on Kubernetes.