You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: update image repositories to use Bitnami Legacy for compatibility (#89)
Switch dependencies to Bitnami Legacy images and enable insecure image
pulling as a temporary workaround due to recent catalog changes by
Bitnami. This ensures compatibility and reproducibility with pinned
versions until standard repositories are reliably available.
Copy file name to clipboardExpand all lines: infrastructure/README.md
+55Lines changed: 55 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,61 @@ The documentation is structured as follows:
18
18
-[2.2 Production setup instructions](#22-production-setup-instructions)
19
19
-[3. Contributing](#3-contributing)
20
20
21
+
## Temporary notice: Bitnami Legacy images and insecure images setting
22
+
23
+
We temporarily switched some dependencies from Bitnami to Bitnami Legacy images and enabled pulling insecure images. This is a short-term workaround.
24
+
25
+
- What changed
26
+
- Image repositories for certain dependencies under `langfuse` and `minio` now use `bitnamilegacy/*` (e.g., `bitnamilegacy/minio`, `bitnamilegacy/postgresql`, `bitnamilegacy/clickhouse`, `bitnamilegacy/zookeeper`, `bitnamilegacy/valkey`).
27
+
- In `rag/values.yaml`, `global.security.allowInsecureImages` is set to `true`.
28
+
29
+
- Why: Bitnami announced catalog changes where non-hardened, Debian-based images in the free tier are reducing versioned tags in the public catalog and prioritizing latest-only tags, with older/versioned tags migrated to the “Bitnami Legacy” repository (`docker.io/bitnamilegacy`). To maintain reproducibility with pinned versions, we temporarily use the legacy repositories. See:
30
+
- Bitnami Containers README – Important Notice: Upcoming changes to the Bitnami Catalog: [bitnami/containers](https://github.com/bitnami/containers)
31
+
- Bitnami Charts README – Important Notice: Upcoming changes to the Bitnami Catalog: [bitnami/charts](https://github.com/bitnami/charts)
32
+
- Related announcement: [bitnami/containers#83267](https://github.com/bitnami/containers/issues/83267)
33
+
34
+
- Important: Do not keep this setting for production. Re-enable secure images and switch back to standard Bitnami repositories (or pin by digest) before going live.
35
+
36
+
Reproducibility and security recommendations:
37
+
38
+
- In production, pin images by exact version tag.
39
+
- Set `global.security.allowInsecureImages: false` in production environments.
40
+
- Plan to migrate back to the standard Bitnami repositories (or alternative maintained images) once fixed-version tags are reliably available.
41
+
42
+
How to revert (recommended for production deployments):
43
+
44
+
1. Disable insecure images in the Helm values
45
+
46
+
```yaml
47
+
global:
48
+
security:
49
+
allowInsecureImages: false
50
+
```
51
+
52
+
1. Replace legacy repositories with standard Bitnami repositories where used, for example:
53
+
54
+
```yaml
55
+
minio:
56
+
image:
57
+
repository: bitnami/minio
58
+
59
+
langfuse:
60
+
postgresql:
61
+
image:
62
+
repository: bitnami/postgresql
63
+
clickhouse:
64
+
image:
65
+
repository: bitnami/clickhouse
66
+
zookeeper:
67
+
image:
68
+
repository: bitnami/zookeeper
69
+
valkey:
70
+
image:
71
+
repository: bitnami/valkey
72
+
```
73
+
74
+
Note: The exact locations may differ if you customized `values.yaml`. Search for `bitnamilegacy/` and replace with the corresponding `bitnami/` image repositories.
75
+
21
76
## 1. Components and Configuration Values to Adjust
22
77
23
78
This directory contains the Helm chart for the following RAG components:
0 commit comments