We see a lot of people asking about standing up Anchore for local testing on their laptop and in the past we’ve detailed how to use Docker to do so. Lately I have been frequently asked if there’s a way to test and learn with Anchore on a laptop using the same or similar deployment methods as what would be used in a larger deployment.
Anchore installation is preferably done via a Helm chart. We can mirror this on a laptop using MiniKube, as opposed to the instructions to use docker-compose to install Anchore. MiniKube is a small testing instance of Kubernetes you can install on your laptop, whether you use Windows, Linux or MacOS. Instructions on installing the initial MiniKube virtual machine are here:
brew cask install minikube kubernetes-cli
Once the installation is complete, you can start your minikube instance with the following command:
Once minikube has started, we can grab helm from the kubernetes github repository:
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh
Or on macos:
brew install kubernetes-helm
That will install the latest version of helm for us to use. Let’s now create a role for helm/tiller to use. Place the following in a file called clusterrole.yaml:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: cluster-admin rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*'
To create the cluster role, let’s run this command:
kubectl create -f clusterrole.yaml
Now we’ll create a service account to utilize this role with these commands:
kubectl create serviceaccount -n kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
Let’s now initialize helm:
helm init --service-account tiller
We can verify if that worked with the following command:
kubectl --namespace kube-system get pods
In that output you should see a line showing a namespace item of “tiller-deploy” with a status of “running.”
Once we have that installed, let’s install Anchore via the helm chart:
helm install --name anchore-demo stable/anchore-engine
This will install a demo instance of Anchore engine that allows anonymous access. You may want to consult our documentation on helm installs here for more detailed or specific types of configurations to install.
Hopefully you now have a local copy of Anchore to use on your local development processes using MiniKube and Helm. As always, please feel free to join us on our community slack to ask questions or learn more.