Replace outdated bitnami image refs in Kubernetes workloads

Overview

Bitnami have announced that their large repository of open source charts/docker images are now being put behind a paywall effective August 28th.

The current Debian-based images will be moved from the current public catalog docker.io/bitnami to a legacy catalog docker.io/bitnamilegacy, and will no longer receive any updates.

A limited number of new hardened images are available under a new catalog docker.io/bitnamisecure.

Risks

Without any action from our part, from August 28th:

Image builds pulling images from docker.io/bitnami will fail, breaking CI pipelines in multiple projects and affecting our ability to keep our tools and workloads up-to-date

Actions needed

Once we have an inventory of all bitnami images used (see #27169 (closed)), we will need to replace docker.io/bitnami with docker.io/bitnamilegacy everywhere present

Exit criteria

We don't have any Kubernetes workload pulling images from docker.io/bitnami

Images to replace

Image Name	Repositories Using It
`external-dns`	`gitlab-helmfiles`
`fluentd`	`ci-images`
`kafka`	`sentry` (ArgoCD)
`kubectl`	`ci-images`, `gitlab-helmfiles`, `tanka-deployments`
`memcached-exporter`	`sentry` (ArgoCD)
`memcached`	`sentry` (ArgoCD)
`nginx-exporter`	`gitlab-helmfiles`
`rabbitmq`	`sentry` (ArgoCD)
`redis-exporter`	`gitlab-helmfiles`, `sentry` (ArgoCD)
`redis-sentinel`	`tanka-deployments`
`redis`	`gitlab-helmfiles`, `tanka-deployments`, `sentry` (ArgoCD)
`zookeeper`	`sentry` (ArgoCD)

Edited Jul 30, 2025 by Pierre Guinoiseau