This week, users of Helm and other cloud native open source projects will have to find other free sources for their pre-compiled production-ready application images and Helm Charts. As of Monday, Broadcom has revamped its image download program, narrowing the free downloads available in favor of a smaller number of resources mostly available under a commercial license.Users of many open source applications have been hard hit by the change.The Impact on Open Source Application UsersMany administrators, however, have baked the Bitnami into their own automated deployment strategies. For them, work lies ahead to find new images and Helm charts as well as formulate new migration or mirroring strategies to avoid potential disruption.“For years, Bitnami’s images and Helm charts were the de facto path to running popular apps on Kubernetes. Well-maintained images, sensible defaults, and easy Helm installs. Many teams pinned Bitnami images in deployments, CI pipelines, and internal charts,” noted a blog post from services provider Prequel.The Impact on Open Source Application UsersThe biggest risks of the Bitnami deprecation, according to Prequel’s post, are:Kubernetes ImagePullBackOff on restarts or during autoscaling,stale/unpatched images (CVE drift),Time-bomb restarts: Running pods look fine until the next pull (then fail).chart drift and subchart dependencies that break upgrades.While disruptive to the Helm community, others are feeling the pinch as well. One Reddit contributor wondered where he could get the latest images for MongoDB, Postgres and Redis.CNCF Clarifies Helm Project’s StatusThe Cloud Native Computing Foundation even issued a statement, asserting that the move did not affect Helm itself, in response to user queries.“Helm is a graduated project that will remain under the CNCF. It continues to be fully open source, Apache 2.0 licensed, and governed by a neutral community,” wrote CNCF CTO Chris Aniszczyk and Helm co-creator Matt Butcher, in a statement. “Bitnami’s decision to deprecate its public chart and image repositories is entirely separate from the Helm project itself.”Broadcom’s New Commercial Model for BitnamiThe Tanzu Division of Broadcom announced the move in July, when unveiling a new service based on the Bitnami repository, called Bitnami Secure Images, which would offer a set of 280 images that have gone through security hardening (SBOM support, CVE patching, enterprise support), and are available commercially (the repository will be managed by Arrow Electronics).As part of the move, the company gradually disables the non-latest Debian-based images, shuffling them to the Bitnami Legacy archive site.With a few exceptions, no updates will be made to these older images. The company will still provide a limited subset of free, latest-version images for development use.Helm charts will still be available on Docker Hub as OCI artifacts, and will not be updated. How Vendors Are Filling the VoidA number of vendors have quickly jumped in to fill the void: RapidFort offered its set of “near-zero CVE” curated images. Prequel has published a set of CREs (Common Reliability Enumerations) that detect Bitnami images being pulled into production settings, as part of a paid service.“The Bitnami disruption represents both a challenge and an opportunity. While the immediate need is to replace Bitnami images to maintain operational continuity, the broader opportunity is to significantly enhance your organization’s security posture through RapidFort’s curated, near-zero CVE container images,” the RapidFort post summarized.Prequel Rules CatalogA Brief History of BitnamiAs of earlier this year, Bitnami was serving up as many as 500 million images each month, and had even ramped up its support for Helm charts, scanning for vulnerabilities all the images the Helm chart included.Bitnami itself was started by in 2007 by Daniel López and Erica Brescia, with the goal of making it easier for developers to deploy open source software across different platforms.The post Broadcom Ends Free Bitnami Images, Forcing Users To Find Alternatives appeared first on The New Stack.