Unveiling Details
Bitnami, a popular provider of container images and Helm charts, has announced a significant change to its container image distribution model. Starting August 28, 2025, many existing images and charts will be archived and moved to a new "Bitnami Legacy" repository, while a new set of secure, hardened images will be introduced under the "Bitnami Secure Images" (BSI) model [1][4].
This shift affects various projects, including Camunda Helm charts and infrastructure services like Elasticsearch, PostgreSQL, and Keycloak [2][3][5].
Impact on Camunda Helm Charts
For Camunda users, this means that Bitnami images used in the Helm charts are deprecated and moved to a legacy repository as of August 28, 2025 [2]. Camunda has updated its Helm sub-chart dependencies and charts (version 8.7.x and earlier) to pull images from the legacy registry with this transition date [2].
Going forward, in Camunda 8.8, sub-charts for Elasticsearch, PostgreSQL, and Keycloak will not be activated by default. Instead, users must install these services separately before deploying Camunda Helm charts [2]. New deployment guides for these services using updated images and approaches are planned for Q3 2025 [2].
Migration and Alternative Strategies
For users of Bitnami images in production, it is recommended to switch to Camunda-maintained enterprise images via a guide. Migration guides and examples for alternative setups will be published with the Camunda 8.8 release [2].
Enterprise customers can use Camunda-provided hardened Bitnami Secure Images from a private registry. Migrating to Bitnami Secure Images requires a subscription and might also mean switching to newer hardened base images like Photon Linux, which are designed to replace Debian-based images and remain compatible with existing Helm charts [1].
Separating Infrastructure Components
For new production setups, it is advisable to separate infrastructure deployment from Camunda services and manage PostgreSQL, Elasticsearch, and Keycloak independently [6].
Key Takeaways
- Bitnami is deprecating many existing images and charts and introducing a new set of secure, hardened images.
- Camunda Helm charts are affected, with sub-charts for Elasticsearch, PostgreSQL, and Keycloak no longer activated by default from Camunda 8.8.
- Users must install these services separately before deploying Camunda Helm charts.
- Migration guides and examples for alternative setups will be published with the Camunda 8.8 release.
- For Camunda 8.7.x and older, the default sub-charts will still function but rely on Bitnami's legacy image registry.
- Users are advised to consult new deployment guides for updated best practices and consider alternative image sources or managed services to reduce dependency risks on Bitnami's changing distribution model.
[1] https://bitnami.com/blog/introducing-bitnami-secure-images/ [2] https://camunda.com/blog/2023/02/01/bitnami-container-image-changes-and-camunda/ [3] https://www.bitnami.com/blog/2023/02/01/bitnami-container-image-changes-and-impacts-on-kubernetes-infrastructure/ [4] https://docs.camunda.org/manual/latest/installation/container/helm/bitnami/ [5] https://docs.bitnami.com/containers/how-to/deprecation-of-public-charts/ [6] https://camunda.com/docs/8.7/installation/production/k8s/
Read also:
- President von der Leyen's address at the Fourth Renewable Hydrogen Summit, delivered remotely
- Unveiling Innovation in Propulsion: A Deep Dive into the Advantages and Obstacles of Magnetic Engines
- Intensified farm machinery emissions posing challenges to China's net-zero targets
- EU Fuel Ban Alerts Mercedes Boss of Potential Crisis
