Getting Started with Helm, Kubernetes and Anchore

We see a lot of people asking about standing up Anchore for local testing on their laptop and in the past we’ve detailed how to use Docker to do so. Lately I have been frequently asked if there’s a way to test and learn with Anchore on a laptop using the same or similar deployment methods as what would be used in a larger deployment.

Anchore installation is preferably done via a Helm chart. We can mirror this on a laptop using MiniKube, as opposed to the instructions to use docker-compose to install Anchore. MiniKube is a small testing instance of Kubernetes you can install on your laptop, whether you use Windows, Linux or MacOS. Instructions on installing the initial MiniKube virtual machine are here:

https://github.com/kubernetes/minikube/releases

Prerequisites are different for your platform so read closely. On MacOS You need only install VirtualBox, Homebrew, and issue the following command:

brew cask install minikube kubernetes-cli

Once the installation is complete, you can start your minikube instance with the following command:

minikube start

Once minikube has started, we can grab helm from the kubernetes github repository:

curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
chmod 700 get_helm.sh
./get_helm.sh

Or on macos:

brew install kubernetes-helm

That will install the latest version of helm for us to use. Let’s now create a role for helm/tiller to use. Place the following in a file called clusterrole.yaml:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'

To create the cluster role, let’s run this command:

kubectl create -f clusterrole.yaml

Now we’ll create a service account to utilize this role with these commands:

kubectl create serviceaccount -n kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

Let’s now initialize helm:

helm init --service-account tiller

We can verify if that worked with the following command:

kubectl --namespace kube-system get pods

In that output you should see a line showing a namespace item of “tiller-deploy” with a status of “running.”

Once we have that installed, let’s install Anchore via the helm chart:

helm install --name anchore-demo stable/anchore-engine

This will install a demo instance of Anchore engine that allows anonymous access. You may want to consult our documentation on helm installs here for more detailed or specific types of configurations to install.

Hopefully you now have a local copy of Anchore to use on your local development processes using MiniKube and Helm. As always, please feel free to join us on our community slack to ask questions or learn more.

>

Sign up for news and updates

Get notified of new features, tips & tricks, articles and more.  Just enter your name and email and we will take care of the rest.