Anchore Enterprise in an Air-Gapped Environment

Once you have all the required images locally, you will need to push the images to your local registry and point image location for each service to the url of the images in your registry.

We will assume we are using a Habor registry locally accessible at core.harbor.domain. Follow these steps to push the images to your local registry and deploy Anchore Enterprise:

  1. Tag images Since Docker images are currently tagged with docker.io, you need to retag them with your Harbor registry URL.

Replace core.harbor.domain with your actual registry domain:

docker tag docker.io/anchore/enterprise:v5.15.0 core.harbor.domain/anchore/enterprise:v5.15.1
docker tag docker.io/library/postgres:13 core.harbor.domain/library/postgres:13
docker tag docker.io/library/redis:7 core.harbor.domain/library/redis:7
docker tag docker.io/anchore/enterprise-ui:v5.15.0 core.harbor.domain/anchore/enterprise-ui:v5.15.0
  1. Push the Tagged Images to Harbor
docker push core.harbor.domain/anchore/enterprise:v5.15.0
docker push core.harbor.domain/library/postgres:13
docker push core.harbor.domain/library/redis:7
docker push core.harbor.domain/anchore/enterprise-ui:v5.15.0

Once all the required images are the private registry, you will then need to point all Anchore images in the docker-compose.yaml file to it.

In this example, I have replace all docker.io to core.harbor.domain:

services:
  # The primary API endpoint service
  api:
    image: docker.io/anchore/enterprise:v5.15.0
    depends_on:
      anchore-db:
        condition: service_healthy
      catalog:
        condition: service_healthy

To:

services:
  # The primary API endpoint service
  api:
    image: core.harbor.domain/anchore/enterprise:v5.15.0
    depends_on:
      anchore-db:
        condition: service_healthy
      catalog:
        condition: service_healthy

Do this for all services as we will be deploying anchore from your private repository and not docker.io

Also, do not forget to set ANCHORE_DATA_SYNC_AUTO_SYNC_ENABLED to false in the dataSyncer service.

dataSyncer:
  extraEnv:
    - name: ANCHORE_DATA_SYNC_AUTO_SYNC_ENABLED
      value: "false"
  1. With your license file and docker-compose.yaml file in the active directory, execute the following to deploy Anchore Enterprise in your air-gapped environment
docker compose up -d
Last modified March 12, 2025