🔍 Comprehensive Bitnami Legacy Images Audit - Energy Web Foundation

Audit Date: $(date)
Clusters Analyzed: dev-cluster, staging-k8s-misc, staging-v2-cluster
Total Namespaces Scanned: 47+ namespaces

📊 Executive Summary

Cluster	Legacy Images Found	Critical Issues	Status
Dev Cluster	21 legacy images	❌ ECR Auth Fixed	🟡 Partial Migration Needed
Staging k8s-misc	11 legacy images	❌ ECR Auth Fixed	🟡 Partial Migration Needed
Staging v2	1 legacy image	✅ No Critical Issues	🟢 Almost Clean

🚨 Critical Legacy Images (Immediate Action Required)

⚠️ KUBECTL Images (PARTIALLY FIXED)

✅ FIXED: argocd-ecr-credentials-updater cronjobs now use bitnamisecure/kubectl:1.23
✅ ALREADY MIGRATED: pod-monitor cronjobs use bitnamisecure/kubectl:latest

Note: Old pods from before the fix may still exist with legacy images but new jobs will use the secure registry.

🔧 Sealed Secrets Controller (ACTION NEEDED)

Dev & Staging k8s-misc: bitnami/sealed-secrets-controller:v0.18.0 (OLD)
Staging v2: docker.io/bitnami/sealed-secrets-controller:v0.24.0 (NEWER, but still legacy registry)

Recommendation: Migrate to bitnamisecure/sealed-secrets-controller or official upstream images.

📋 Complete Legacy Images Inventory

🖥️ DEV CLUSTER (k8s-misc)

PODS USING LEGACY BITNAMI IMAGES:

NAMESPACE               WORKLOAD                                    IMAGE
argocd                  argocd-ecr-credentials-updater-*           bitnami/kubectl:1.23 (old pods)
did-auth-proxy          did-auth-proxy-redis-master-0              docker.io/bitnami/redis:6.2.6-debian-10-r120
ewx                     staking-dapp-demo-nginx-*                  docker.io/bitnami/nginx:1.29.1-debian-12-r0
gp4btc                  gp4btc-postgres-postgresql-0               docker.io/bitnami/postgresql:14.4.0-debian-11-r9
gp4btc-paypal           gp4btc-paypal-siwe-oidc-redis-master-0     docker.io/bitnami/redis:7.2.4-debian-12-r13
gp4btc-paypal           gp4btc-paypal-siwe-oidc-redis-replicas-*   docker.io/bitnami/redis:7.2.4-debian-12-r13
gpdive                  gpdive-postgres-postgresql-0               docker.io/bitnami/postgresql:17.0.0-debian-12-r11
iam-did-auth-proxy      did-auth-proxy-helm-server-block-*         docker.io/bitnami/nginx:1.21.6-debian-10-r93
iam-did-auth-proxy      iam-did-auth-proxy-redis-master-0          docker.io/bitnami/redis:6.2.6-debian-10-r120
ika                     ika-postgres-postgresql-0                  docker.io/bitnami/postgresql:16.1.0-debian-11-r26
kube-system             sealed-secrets-*                           bitnami/sealed-secrets-controller:v0.18.0
tgc                     tgc-postgres-postgresql-0                  docker.io/bitnami/postgresql:14.4.0-debian-11-r9

DEPLOYMENTS:

did-auth-proxy/dev-did-auth-proxy-helm-server-block: docker.io/bitnami/nginx:1.21.6-debian-10-r93
ewx/staking-dapp-demo-nginx: docker.io/bitnami/nginx:1.29.1-debian-12-r0
iam-did-auth-proxy/did-auth-proxy-helm-server-block: docker.io/bitnami/nginx:1.21.6-debian-10-r93
kube-system/sealed-secrets: bitnami/sealed-secrets-controller:v0.18.0

STATEFULSETS:

did-auth-proxy/did-auth-proxy-redis-master: docker.io/bitnami/redis:6.2.6-debian-10-r120
gp4btc/gp4btc-postgres-postgresql: docker.io/bitnami/postgresql:14.4.0-debian-11-r9
gp4btc-paypal/gp4btc-paypal-siwe-oidc-redis-master: docker.io/bitnami/redis:7.2.4-debian-12-r13
gp4btc-paypal/gp4btc-paypal-siwe-oidc-redis-replicas: docker.io/bitnami/redis:7.2.4-debian-12-r13
gpdive/gpdive-postgres-postgresql: docker.io/bitnami/postgresql:17.0.0-debian-12-r11
iam-did-auth-proxy/iam-did-auth-proxy-redis-master: docker.io/bitnami/redis:6.2.6-debian-10-r120
ika/ika-postgres-postgresql: docker.io/bitnami/postgresql:16.1.0-debian-11-r26
tgc/tgc-postgres-postgresql: docker.io/bitnami/postgresql:14.4.0-debian-11-r9

CRONJOBS: ✅ FIXED

argocd/argocd-ecr-credentials-updater: bitnamisecure/kubectl:1.23 ✅
default/pod-monitor: bitnamisecure/kubectl:latest ✅

🖥️ STAGING K8S-MISC CLUSTER

PODS USING LEGACY BITNAMI IMAGES:

NAMESPACE               WORKLOAD                                    IMAGE
argocd                  argocd-ecr-credentials-updater-*           bitnami/kubectl:1.23 (old pods)
gp4btc                  gp4btc-postgres-postgresql-0               docker.io/bitnami/postgresql:14.4.0-debian-11-r9
iam-did-auth-proxy      did-auth-proxy-helm-server-block-*         docker.io/bitnami/nginx:1.21.6-debian-10-r93
iam-did-auth-proxy      iam-did-auth-proxy-redis-master-0          docker.io/bitnami/redis:6.2.6-debian-10-r120
kube-system             sealed-secrets-*                           bitnami/sealed-secrets-controller:v0.18.0

DEPLOYMENTS:

iam-did-auth-proxy/did-auth-proxy-helm-server-block: docker.io/bitnami/nginx:1.21.6-debian-10-r93
kube-system/sealed-secrets: bitnami/sealed-secrets-controller:v0.18.0

STATEFULSETS:

gp4btc/gp4btc-postgres-postgresql: docker.io/bitnami/postgresql:14.4.0-debian-11-r9
iam-did-auth-proxy/iam-did-auth-proxy-redis-master: docker.io/bitnami/redis:6.2.6-debian-10-r120

CRONJOBS: ✅ FIXED

argocd/argocd-ecr-credentials-updater: bitnamisecure/kubectl:1.23 ✅

🖥️ STAGING V2 CLUSTER

PODS USING LEGACY BITNAMI IMAGES:

NAMESPACE               WORKLOAD                                    IMAGE
kube-system             sealed-secrets-controller-*               docker.io/bitnami/sealed-secrets-controller:v0.24.0

DEPLOYMENTS:

kube-system/sealed-secrets-controller: docker.io/bitnami/sealed-secrets-controller:v0.24.0

🔥 Priority Migration Matrix

Priority 1 - CRITICAL (Completed ✅)

kubectl images in cronjobs - FIXED

Priority 2 - HIGH (Infrastructure Components)

Sealed Secrets Controller (3 clusters affected)
- Current: bitnami/sealed-secrets-controller:v0.18.0 and v0.24.0
- Target: bitnamisecure/sealed-secrets-controller:latest or official upstream

Priority 3 - MEDIUM (Database Services)

PostgreSQL Images (6 instances)
- docker.io/bitnami/postgresql:14.4.0-debian-11-r9 (2 instances)
- docker.io/bitnami/postgresql:17.0.0-debian-12-r11 (1 instance)
- docker.io/bitnami/postgresql:16.1.0-debian-11-r26 (1 instance)
Redis Images (4 instances)
- docker.io/bitnami/redis:6.2.6-debian-10-r120 (2 instances)
- docker.io/bitnami/redis:7.2.4-debian-12-r13 (2 instances)

Priority 4 - LOW (Web Services)

Nginx Images (3 instances)
- docker.io/bitnami/nginx:1.21.6-debian-10-r93 (2 instances)
- docker.io/bitnami/nginx:1.29.1-debian-12-r0 (1 instance)

🛠️ Migration Strategy

Immediate Actions (Next 24 hours)

✅ kubectl images in cronjobs - COMPLETED
Update Sealed Secrets Controller across all clusters
Test one PostgreSQL migration in dev environment

Short-term (Next Week)

Migrate all database services (PostgreSQL, Redis)
Update Nginx services to use bitnamisecure/nginx or official nginx images
Verify Helm charts are updated to use secure registry

Migration Commands for Sealed Secrets Controller

# Dev Cluster
kubectl --context=dev-cluster patch deployment sealed-secrets -n kube-system --type='merge' -p='{"spec":{"template":{"spec":{"containers":[{"name":"sealed-secrets-controller","image":"bitnamisecure/sealed-secrets-controller:v0.24.0"}]}}}}'

# Staging k8s-misc  
kubectl --context=staging-k8s-misc patch deployment sealed-secrets -n kube-system --type='merge' -p='{"spec":{"template":{"spec":{"containers":[{"name":"sealed-secrets-controller","image":"bitnamisecure/sealed-secrets-controller:v0.24.0"}]}}}}'

# Staging v2
kubectl --context=staging-v2-cluster patch deployment sealed-secrets-controller -n kube-system --type='merge' -p='{"spec":{"template":{"spec":{"containers":[{"name":"sealed-secrets-controller","image":"bitnamisecure/sealed-secrets-controller:v0.24.0"}]}}}}'

📈 Progress Tracking

Image Type	Total Found	Migrated	Remaining	Progress
kubectl	2	2	0	✅ 100%
sealed-secrets	3	0	3	🔴 0%
postgresql	6	0	6	🔴 0%
redis	4	0	4	🔴 0%
nginx	3	0	3	🔴 0%
TOTAL	18	2	16	🟡 11%

🚀 Next Steps

Review and approve sealed secrets controller updates
Plan maintenance windows for database service migrations
Update Helm chart repositories to use bitnamisecure registry
Set up monitoring for registry deprecation announcements
Create automated scanning to prevent future legacy image deployments

📞 Contact Information

Created by: Comprehensive Bitnami Legacy Audit Tool
Clusters: dev-cluster, staging-k8s-misc, staging-v2-cluster
Scan Depth: All workload types (Pods, Deployments, StatefulSets, DaemonSets, CronJobs)
Last Updated: $(date)

Status: 🟡 CRITICAL KUBECTL IMAGES FIXED - DATABASE & INFRASTRUCTURE MIGRATIONS PENDING

Timtech4u/bitnami-comprehensive-legacy-audit.md

Select an option

No results found

Select an option

No results found

🔍 Comprehensive Bitnami Legacy Images Audit - Energy Web Foundation

📊 Executive Summary

🚨 Critical Legacy Images (Immediate Action Required)

⚠️ KUBECTL Images (PARTIALLY FIXED)

🔧 Sealed Secrets Controller (ACTION NEEDED)

📋 Complete Legacy Images Inventory

🖥️ DEV CLUSTER (k8s-misc)

PODS USING LEGACY BITNAMI IMAGES:

DEPLOYMENTS:

STATEFULSETS:

CRONJOBS: ✅ FIXED

🖥️ STAGING K8S-MISC CLUSTER

PODS USING LEGACY BITNAMI IMAGES:

DEPLOYMENTS:

STATEFULSETS:

CRONJOBS: ✅ FIXED

🖥️ STAGING V2 CLUSTER

PODS USING LEGACY BITNAMI IMAGES:

DEPLOYMENTS:

🔥 Priority Migration Matrix

Priority 1 - CRITICAL (Completed ✅)

Priority 2 - HIGH (Infrastructure Components)

Priority 3 - MEDIUM (Database Services)

Priority 4 - LOW (Web Services)

🛠️ Migration Strategy

Immediate Actions (Next 24 hours)

Short-term (Next Week)

Migration Commands for Sealed Secrets Controller

📈 Progress Tracking

🚀 Next Steps

📞 Contact Information