Deploy on Kubernetes using Helm
The preferred method for deploying Anchore Enterprise on Kubernetes is with Helm. The Anchore Enterprise Helm Chart includes configuration options for a full Enterprise deployment.
The README in the chart repository contains more details on how to configure the Anchore Enterprise Helm chart and should always be consulted before proceeding with a deployment or upgrades.
About the Helm Chart
The chart is split into global and service specific configurations for the core features, as well as global and services specific configurations for the optional Enterprise services.
- The
anchoreConfig
section of the values file contains the application configuration for Anchore Enterprise. This includes the database connection information, credentials, and other application settings. - Anchore services run as a kubernetes deployment when installed with the Helm chart. Each service has its own section in the values file for making customizations and configuring the kubernetes deployment spec.
For a description of each component, view the official documentation at: Anchore Enterprise Service Overview
Installing the Chart
Note: For migration steps from an Anchore Engine Helm chart deployment, refer to the Migrating to the Anchore Enterprise Helm Chart section of the chart README.
This guide covers deploying Anchore Enterprise on a Kubernetes cluster with the default configuration. Refer to the Configuration section of the chart README for additional guidance on production deployments.
Create a Kubernetes Secret for License File: Generate a Kubernetes secret to store your Anchore Enterprise license file.
export NAMESPACE=anchore export LICENSE_PATH="license.yaml" kubectl create secret generic anchore-enterprise-license --from-file=license.yaml=${LICENSE_PATH} -n ${NAMESPACE}
Create a Kubernetes Secret for DockerHub Credentials: Generate another Kubernetes secret for DockerHub credentials. These credentials should have access to private Anchore Enterprise repositories. We recommend that you create a brand new DockerHub user for these pull credentials. Contact Anchore Support to obtain access.
export NAMESPACE=anchore export DOCKERHUB_PASSWORD="password" export DOCKERHUB_USER="username" export DOCKERHUB_EMAIL="[email protected]" kubectl create secret docker-registry anchore-enterprise-pullcreds --docker-server=docker.io --docker-username=${DOCKERHUB_USER} --docker-password=${DOCKERHUB_PASSWORD} --docker-email=${DOCKERHUB_EMAIL} -n ${NAMESPACE}
Add Chart Repository & Deploy Anchore Enterprise: Create a custom values file, named
anchore_values.yaml
, to override any chart parameters. Refer to the Parameters section for available options.Important: Default passwords are specified in the chart. It’s highly recommended to modify these before deploying.
export NAMESPACE=anchore export RELEASE=my-release helm repo add anchore https://charts.anchore.io helm install ${RELEASE} -n ${NAMESPACE} anchore/enterprise -f anchore_values.yaml
Note: This command installs Anchore Enterprise with a chart-managed PostgreSQL database, which may not be suitable for production use. See the External Database section of the chart README for details on using an external database.
Post-Installation Steps: Anchore Enterprise will take some time to initialize. After the bootstrap phase, it will begin a vulnerability feed sync. Image analysis will show zero vulnerabilities, and the UI will show errors until this sync is complete. This can take several hours based on the enabled feeds. Use the following anchorectl commands to check the system status:
export NAMESPACE=anchore export RELEASE=my-release export ANCHORECTL_URL=http://localhost:8228/v1/ export ANCHORECTL_PASSWORD=$(kubectl get secret "${RELEASE}-enterprise" -o jsonpath='{.data.ANCHORE_ADMIN_PASSWORD}' | base64 -d -) kubectl port-forward -n ${NAMESPACE} svc/${RELEASE}-enterprise-api 8228:8228 # port forward for anchorectl in another terminal anchorectl system status # anchorectl defaults to the user admin, and to the password ${ANCHORECTL_PASSWORD} automatically if set
Tip: List all releases using
helm list
Next Steps
Now that you have Anchore Enterprise running, you can begin to learning more about Anchore Enterprise architecture, Anchore concepts, and Anchore usage.
Last modified November 21, 2023