A Practical Guide to Migrating Helm Charts from Bitnami

Bitnami has long been the maintainer behind one of the largest and most popular collections of Helm charts for seamlessly deploying production-grade Kubernetes applications. But as Broadcom transitions Bitnami’s offerings to a new commercial model, a vast majority of these charts will no longer be available after September 29, 2025. 

To help organizations smoothly off ramp from Bitnami charts, Chainguard built our own first-party Helm Charts. Forked from Bitnami, our Helm Charts ensure drop-in compatibility and smooth migrations, while integrating seamlessly with our catalog of secure-by-design, hardened, and minimal containers (now at 1,700+ images!).

The following guide explains what the changes to Bitnami mean for your organization, how to plan and execute your migration, and how developers can smoothly off ramp from Bitnami using Chainguard’s Helm Charts.

Bitnami’s Legacy of Impact

For years, Bitnami has been the critical resource for deploying containerized applications quickly and consistently. Their Helm charts for open source software, ranging from databases like PostgreSQL to observability tools like Prometheus, simplified complex deployments and became a foundation for production-grade applications across thousands of teams worldwide. The developer community as a whole owes a great debt to Bitnami and the teams behind these innovations in Kubernetes deployment. Chainguard thanks the Bitnami contributors for all their hard work, ingenuity, and trail blazing contributions.

Engineering Organizations are Already Feeling the Pain

After September 29th, the Helm charts currently distributed through Docker Hub and their corresponding container images will move behind Broadcom’s paid subscription for Bitnami Secure Images. While source code for these artifacts will continue to be available, only a select set of charts with only -latest tags will remain publicly available. Images moved to the legacy repo will go unsupported without any ongoing patching or maintenance. 

As Bitnami charts are retired or moved to legacy archives, engineering teams face a range of challenges:

• Operational risk: Deployments and CI/CD pipelines may fail as Bitnami repos go offline.

• Application instability: Nested dependencies can create cascading failures during upgrades, installs, or other pipeline jobs.

• Engineering overhead: Building and maintaining charts from source adds ongoing toil and cost that saps engineering capacity away from core product and business initiatives.

• Increased attack surface and risk: Legacy images will stop receiving important security patches, leaving vulnerabilities unaddressed in production environments.

• Compliance gaps: Without Helm charts and container images that meet compliance requirements by default, audits become difficult.

Without a migration plan and a new source for continuously maintained charts and images, teams risk downtime, security gaps, and increased operational burden.

Chainguard’s Helm Charts: A Modern, More Secure Alternative

To support engineering organizations migrating off of Bitnami charts and images, Chainguard has introduced a catalog of 40+ first-party Helm Charts.

Chainguard’s first-party Helm Charts are forked Bitnami charts designed as drop-in replacements for popular third-party applications, preserving the same functionality and familiar configurations so your workloads run reliably. Additionally, our charts integrate seamlessly with our catalog of secure-by-design, hardened, and minimal container images. We’re continuing to add more charts to our catalog based on customer demand. See below for a comprehensive list of applications we cover today:

• Database/Storage/Cache: Clickhouse, InfluxDB, Memcached, MinIO, MongoDB, MySQL, PostgreSQL, Redis, Valkey

• Observability/Monitoring: Elasticsearch, Fluentd, Kibana, Kube-prometheus, Kube-state-metrics, Kubernetes-event-exporter, Logstash, Metrics-server, Node-exporter, Prometheus, Thanos, Zookeeper 

• Ingress/Networking/Security/Coordination: Cert-manager, Contour, External-dns, HAProxy, NGINX, NGINX Ingress Controller, OAuth2-proxy, Zookeeper

• Messaging/Streaming: Kafka, RabbitMQ, RabbitMQ Cluster Operator

• Identity/Access: Keycloak

• Data Science/Analytics: Airflow, MLflow, Spark, Superset

Importantly, every single Helm chart we produce is tightly integrated with our best-in-class catalog of trusted container images that are rebuilt daily from source and backed by our CVE remediation SLA. That means that the container images your Helm charts rely on are standardized on minimal, secure-by-design, and vulnerability-free images.

Key Benefits of Chainguard’s First-Party Helm Charts

Chainguard’s objective is to make it easy for engineering teams to migrate off Bitnami charts without downtime or re-architecting, while improving your overall security posture. And we don’t just replace what Bitnami provided but go above and beyond to deliver a higher standard of security, ease of use, and standardization due to the seamless integration with our minimal, zero-CVE container images:

• Accelerated deployment: Every chart is pre-packaged with values that default to Chainguard Containers, empowering developers to deploy applications quickly and with minimal friction.

• Simplified management and support: Chainguard handles configuration, delivery, and support.

• Improved delivery and testing: Each chart is delivered as an OCI artifact to customers’ private registries and is updated, tested, and validated in the Chainguard Factory to ensure consistent, reliable deployments. 

• Standardization of container images: Every chart uses Chainguard’s secure-by-design, minimal container images by default.

By combining hardened images with fully managed charts, Chainguard helps teams reduce risk and complexity while speeding up deployment.

Migration Checklist

Migrating off long-established Helm charts can seem daunting, but we are here to help. The following high-level steps provide a framework for this process:

1. Inventory usage: Identify where Bitnami charts are deployed: helm list --all-namespaces | grep bitnami

2. Prioritize workloads: Start with critical apps like databases and ingress controllers.

3. Map replacements: Identify Chainguard Helm Charts that match your Bitnami charts for a direct swap. You can find these under Containers > Helm Charts in your Chainguard console.

4. Establish rollout procedures: Use blue/green or canary strategies to minimize risk and enable rollbacks.

5. Start Chainguard charts: Install and run the Chainguard Charts. Validate new deployments before decommissioning existing instances.

6. Migrate Traffic: Migrate your production environment to Chainguard.

Make sure to verify that authentication is correctly configured in both CI/CD and the Kubernetes clusters. Take particular care with data volumes and heavily customized charts.

You can swap out an existing chart for a Chainguard chart while preserving configuration and behavior. Learn more about using Chainguard’s Helm Charts by checking out our Helm Charts tutorials.

Our Roadmap for Helm Charts

Chainguard is investing heavily to make Helm deployments easier and more secure. Our roadmap focuses on three key areas:

1. Breadth and depth of catalog: Expanding our library to cover every application image.

2. Improved configurations and capabilities: Advanced hardening and secure-by-default settings.

3. Compliance by default: Built-in compliance with key regulatory frameworks, right out of the box.

These investments ensure that as your Kubernetes environment grows, your Helm charts will scale with you — without added complexity.

Start Deploying with Chainguard’s Helm Charts Today

Bitnami’s changes mark a pivotal moment for many teams. By migrating now with Chainguard Helm Charts, you can maintain stability while gaining stronger security, reduced maintenance, and a future-proof foundation for your Kubernetes deployments. Reach out to learn more about how Chainguard’s Helm Charts can help your organization today.