Advisory: Bitnami Catalog Changes and Impact on MOSIP Deployments

,
1

:loudspeaker: Bitanmi Major Changes and Impact on MOSIP Identity Platform

Bitnami (now under Broadcom) has announced major changes to its open-use catalog of container images and Helm charts. Many artifacts that were previously available as open source will either:

  • Move to legacy repositories (with no further updates/security patches), or

  • Require a paid subscription for continued access and updates.

This advisory highlights:

  • What is changing

  • How it may affect MOSIP and partners

  • Immediate steps you should take

  • Alternative solutions to evaluate

What is Changing

Based on public announcements, GitHub issues, and community reports:

  • Deprecation of versioned images:

  • From August 28, 2025, most versioned tags in docker.io/bitnami has been moved to docker.io/bitnamilegacy. These will receive no updates or security patches.

  • Only “latest” free images remain:

  • A small “hardened” subset will remain available under the latest tag, primarily for development/non-production use.

  • Paid offering – Bitnami Secure Images:

  • Full catalog with versioned tags, updates, and enterprise support will be accessible only via paid subscription.

  • Helm charts:

    • Source remains open on GitHub under Apache-2.

    • Packaged OCI Helm artifacts may stop receiving updates.

    • Default chart values may reference deprecated image repositories.

  • Brownouts & final cutoff:

  • Temporary outages: Aug 28–29, Sept 2–3, Sept 17–18, 2025

  • Final removal / cutoff: Sept 29, 2025

Impact on MOSIP & Partners

If your deployment uses Bitnami charts/images for Keycloak, MinIO, Kafka, PostgreSQL, Redis, ActiveMQ, etc.

You may encounter:

  • Image pull failures (ErrImagePull, ImagePullBackOff)

  • Broken CI/CD pipelines when versioned tags disappear

  • Security risks from unpatched legacy images

  • Operational instability during scaling, upgrades, or restarts

Recommended Actions

Immediate (within Next Few Weeks)

  1. Inventory usage – Identify all Bitnami images/charts in your environment.

  2. Override repos/tags – Update Helm values/manifests to reference bitnamilegacy or your own registry.

  3. Mirror critical images – Pull/store images locally to avoid availability issues.

  4. Update CI/CD pipelines – Make image references configurable.

  5. Test during brownouts – Validate that systems remain functional when Bitnami images are unavailable.

Medium Term

  • Evaluate alternatives – Official charts/images (Keycloak, MinIO, Kafka via Strimzi, etc.)

  • Self-host or mirror – Maintain critical images in your own registry.

  • Standardize migration strategy – Define versioning, patching, and security update policies.

  • Update documentation – Ensure partners and implementers are aligned.

Suggested Alternatives

Component Alternatives Notes
Keycloak Official Helm chart, community operators Avoid Bitnami lock-in
MinIO Official MinIO charts/images Full control, HA may need setup
Kafka Strimzi Operator, Apache Kafka operator Strong community support
Postgres / Redis / ActiveMQ Community/vendor images; managed DB services Check cost, lock-in, backup needs

Suggested Timeline for Partners

  • Immediately (within next week) → Inventory usage, start overriding repos/tags, test migration paths.

  • Aug 28 – Sept 29, 2025 → Migrate high-risk components, ensure no dependency on deprecated repos.

  • After Sept 29, 2025 → All production workloads should use maintained, supported images.

Conclusion

MOSIP strongly advises partners, countries, and community users to migrate away from Bitnami’s free catalog for any production-critical services. Continuing to rely on deprecated images will expose systems to security vulnerabilities, failures, and instability.

Discussion & Support:
Please use this community forum to share your migration plans, ask questions, and raise any blockers. The MOSIP team and other community members will provide guidance and support collaboratively.

References

To know more about the changes regarding bitnami you can refer below links:

  1. Upcoming changes to the Bitnami catalog (effective August 28th, 2025) · Issue #35164 · bitnami/charts · GitHub ]( Upcoming changes to the Bitnami catalog (effective August 28th, 2025) · Issue #35164 · bitnami/charts · GitHub )
  2. Bitnami Secure Images Overview
  3. Broadcom Introduces Bitnami Secure Images For Production-Ready Containerized Applications - Broadcom News and Stories
3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.