Scanning Pods with Anchore, Jenkins, Minikube, Windows

  1. Install Jenkins in our Minikube / Windows 10 setup.
  2. Install Anchore
  3. Configure Jenkins plugins
  4. Set up a freestyle pipeline job to build, push and scan a custom container image
  • A working instance of Minikube
  • Helm
  • Internet access
  • Dockerhub account (optional)

Installing Jenkins on Minikube / Windows 10

Github Repo: https://github.com/airwavetechio/jenkins-demo
Minikube version: v1.15.1
OS: Windows 10 Pro
Production-ready: No
Jenkins: 2.274

minikube ssh
id docker
This varies depending on which driver you are using — this one is using vm-driver=hyperv
sudo groupmod -g 1000 docker
This varies depending on which driver you are using — this one is using vm-driver=docker
ls -l /var/run/docker.sock
group is 999
sudo chown root:1000 /var/run/docker.sock
The group is now “docker” since we changed the group id to 1000
sudo mkdir -p /data/jenkins-home 
sudo chown docker:1000 -R /data
ls -l /data
exit
/data/Jenkins-home permissions should look like this
git clone https://github.com/airwavetechio/jenkins-demo
cd jenkins-demo
kubectl apply -f prereqs
kubectl apply -f deployment.yaml
kubectl get pods -n Jenkins

Install Anchore

Next, let’s install Anchore into your Minikube instance. Using Helm, install Anchore into the default namespace.

helm repo add anchore https://charts.anchore.io
helm install anchore-demo anchore/anchore-engine
A snippet of the Helm installation
kubectl get deployments

Configure Jenkins plugins

Since we pre-installed plugins along with the Jenkins deployment, we will need to configure them.

kubectl --namespace jenkins port-forward svc/jenkins 8080:8080

Configure Anchore

Scroll down to Anchore Container Image Scanner

Configure the Docker Builder

Scroll down to Docker Builder and type in unix:///var/run/docker/docker.sock

Test the connection

Don’t forget to click Save at the bottom.

Set up a freestyle pipeline job to build a custom container image

In this phase, we are going to create a pipeline job to scan a Docker image following this flow.

Clone > Build > Push > Scan

Setting up the Freestyle Job

Click on Dashboard > Create a job

helm uninstall anchore-demo
kubectl delete -f deployment.yaml
kubectl delete -f prereqs

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store