Configuring Anchore Enterprise starts with configuring the core services, along with specific configurations for each Enterprise service. Enterprise deployments using the trial quickstart (docker-compose) or production (using Helm or other) are designed to run by default with no modifications necessary to get started. Although, many options are available to tune your production deployment to fit your needs.
All system services (except the UI, which has its own configuration) require a single configuration which is ready from
/config/config.yaml when each service starts up. Settings in this file are mostly related to static settings that are fundamental to the deployment of system services. They are most often updated when the system is being initially tuned for a deployment. They may, infrequently, need to be updated after they have been set as appropriate for any given deployment of anchore-engine.
By default, anchore-engine includes a config.yaml that is functional out-of-the-box, with some parameters set to an environment variable for common site-specific settings. These settings are then set either in docker-compose.yaml, by the Helm chart, or as appropriate for other orchestration/deployment tools.
- General Configuration
- Environment Variable Substitution
- Custom Certificates
- TLS / SSL
- Network Proxies
- Enterprise UI
- Enterprise Feeds Service
- Enterprise RBAC Module
- Storage Configuration
- Max Image Size
NOTE: The latest default configuration file can always be extracted from the Enterprise container to review the latest options and environment overrides using the following process:
# docker login # docker pull docker.io/anchore/enterprise:latest # docker create --name ae docker.io/anchore/enterprise:latest # docker cp ae:/config/config.yaml /tmp/my-config.yaml # docker rm ae # cat /tmp/my-config.yaml ... ...