Hey there selfhosters,
I imagine some of you are selfhosting Kubernetes and that you might have used some Bitnami images/helmchars.
Bitnami communicated recently about some changes in their catalog [here] (https://github.com/bitnami/charts/issues/35164), and will be effective at the end of August.
For the simple version, they are migrating images from docker.io/bitnami to docker.io/bitnamilegacy, implying some changes there.
But to be expected is that at some point even docker.io/bitnamilegacy will be removed (or of course pay a license to them to access their “secure” images)
I was wondering if someone was affected by this ?
Cheers !
Certainly glad I had my suspicions of Bitnami rugpulling when constructing my Kubernetes cluster and preemptively stripped out as much as possible from helm charts that relied on anything Bitnami. This is going to suck for a lot of people and organizations given that images like rabbitmq, postgres, oauth2-proxy, minio among many others are affected.
It’s not a full rugpull yet, but not being able to pin versions for the newer security-hardened images is already a huge issue for many pieces of software. Especially for things like not being able to pin to a major version of postgres will cause major problems over time for cluster admins and helm chart developers alike if they don’t migrate to other solutions.
Who knows if (when) Bitnami decides to go further in restricting their images, charts from being free and open. I do wish in the future that more helm chart developers would know the caution that should be taken when trusting anything touched by Broadcom of all companies. Maybe this is the necessary warning sign for many.