chore(helm): migrate to bitnami legacy registry and add configurable utility images

[nicktrn]

Migrates all Bitnami chart dependencies to the bitnamilegacy registry following Bitnami's repository restructuring, and adds full configurability for webapp utility container images using Bitnami-style configuration patterns. Users can now customize the busybox and kubectl images used by the webapp pod, enabling compatibility with private registries and specific image versions.

Backwards Compatibility

The configuration structure has been changed but maintains the same default images and behavior.

Changes Made

Bitnami Legacy Registry Migration

• Updated all Docker Compose files to use bitnamilegacy/ image prefix for PostgreSQL and Redis
• Updated Helm chart subchart configurations to use bitnamilegacy/ repository
• Added commented image tags to values.yaml showing the specific versions used by each subchart
  • PostgreSQL: bitnamilegacy/postgresql:17.5.0-debian-12-r12
  • Redis: bitnamilegacy/redis:8.0.2-debian-12-r4
  • ClickHouse: bitnamilegacy/clickhouse:25.6.1-debian-12-r0
  • MinIO: bitnamilegacy/minio:2025.6.13-debian-12-r0

Utility Image Configurability

• Cherry-picked PR Make Helm webapp chart images configurable #2573 and resolved conflicts with bitnamilegacy registry usage
• Restructured values.yaml to use webapp.volumePermissions.image and webapp.tokenSyncer.image sections following Bitnami conventions
• Renamed init container from init-shared to volume-permissions to match Bitnami standards
• Added helper templates trigger-v4.webapp.volumePermissions.image and trigger-v4.webapp.tokenSyncer.image in _helpers.tpl
• Updated webapp.yaml template to use new helper functions
• Both image configurations support global registry override via global.imageRegistry
• Bumped chart version to 4.0.3

Utility Image Config

webapp:
  volumePermissions:
    image:
      registry: docker.io
      repository: busybox
      tag: "1.35"
      pullPolicy: IfNotPresent
  tokenSyncer:
    image:
      registry: docker.io
      repository: bitnamilegacy/kubectl
      tag: "1.28"
      pullPolicy: IfNotPresent

Testing

• Helm template rendering verified with correct image references
• Helm lint passes successfully
• Maintains existing functionality with new configuration structure

[changeset-bot]

⚠️ No Changeset found

Latest commit: deef45a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

• Docker Compose: switch ClickHouse images to bitnamilegacy/clickhouse in dev and root; switch ClickHouse and MinIO to bitnamilegacy in webapp compose.
• Helm: bump chart version 4.0.2 → 4.0.3.
• Helm helpers: add image helper templates for webapp volumePermissions and tokenSyncer.
• Webapp Helm template: replace init container with volume-permissions image via helper; change token-syncer to use helper-derived image and set imagePullPolicy.
• Values: add global.security.allowInsecureImages; add image configs pointing to bitnamilegacy for postgres, redis, clickhouse, minio; define webapp.volumePermissions init and tokenSyncer sidecar settings.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description provides a detailed overview of the migration steps, configuration changes, and testing results but omits required template sections such as the “Closes #” reference, the ✅ Checklist, a dedicated “## Changelog” section, and the “## Screenshots” placeholder, which are mandated by the repository’s PR template.	Please update the pull request description to include the “Closes #” issue link, complete the ✅ Checklist with contributor steps, add a “## Changelog” section summarizing the changes, and include the “## Screenshots” placeholder (or remove it if not applicable) to fully comply with the repository’s PR template.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title clearly summarizes the two main changes—migrating to the Bitnami legacy registry and adding configurable utility images—using a concise, conventional “chore(helm)” prefix without extraneous noise, making its purpose immediately clear to a teammate reviewing the history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/bitnami-migration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12cceaa and deef45a.

📒 Files selected for processing (7)

• docker/dev-compose.yml (1 hunks)
• docker/docker-compose.yml (1 hunks)
• hosting/docker/webapp/docker-compose.yml (2 hunks)
• hosting/k8s/helm/Chart.yaml (1 hunks)
• hosting/k8s/helm/templates/_helpers.tpl (1 hunks)
• hosting/k8s/helm/templates/webapp.yaml (2 hunks)
• hosting/k8s/helm/values.yaml (6 hunks)

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-06-25T13:18:44.103Z

Learnt from: nicktrn
PR: triggerdotdev/trigger.dev#2195
File: hosting/k8s/helm/Chart.yaml:1-18
Timestamp: 2025-06-25T13:18:44.103Z
Learning: For the Trigger.dev Helm chart, the chart name should be "trigger" (not "trigger-v4") since this is the first official chart release. Helper templates should use the actual chart name from .Chart.Name rather than hardcoded prefixes.

Applied to files:

• hosting/k8s/helm/Chart.yaml

📚 Learning: 2025-06-25T13:20:17.174Z

Learnt from: nicktrn
PR: triggerdotdev/trigger.dev#2195
File: hosting/k8s/helm/values.yaml:22-51
Timestamp: 2025-06-25T13:20:17.174Z
Learning: In the Trigger.dev Helm chart values.yaml, the maintainer prefers to use explicit comprehensive warnings for security-sensitive default values rather than implementing secure-by-default behavior that would fail installation. The project uses deterministic default secrets with clear "TESTING ONLY" warnings and instructions for production deployment.

Applied to files:

• hosting/k8s/helm/Chart.yaml

📚 Learning: 2025-06-25T13:18:04.827Z

Learnt from: nicktrn
PR: triggerdotdev/trigger.dev#2195
File: hosting/k8s/helm/templates/extra-manifests.yaml:1-4
Timestamp: 2025-06-25T13:18:04.827Z
Learning: In the Trigger.dev v4 Helm chart, the user prefers to rely on documentation and examples in values files rather than implementing defensive coding in templates, particularly for features like extraManifests where proper usage is documented.

Applied to files:

• hosting/k8s/helm/Chart.yaml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)

• GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
• GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
• GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
• GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
• GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
• GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
• GitHub Check: typecheck / typecheck
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (13)

docker/dev-compose.yml (1)

51-51: LGTM! Consistent migration to legacy registry.

The ClickHouse image has been correctly updated to use the bitnamilegacy registry, consistent with changes across other Docker Compose files in this PR.

hosting/k8s/helm/Chart.yaml (1)

5-5: LGTM! Appropriate version bump.

The patch version increment from 4.0.2 to 4.0.3 correctly reflects the infrastructure changes (registry migration and image configurability enhancements) without breaking changes.

docker/docker-compose.yml (1)

79-79: LGTM! Consistent with other compose file updates.

The ClickHouse image correctly migrates to the bitnamilegacy registry, maintaining consistency with the dev environment configuration.

hosting/k8s/helm/templates/webapp.yaml (2)

70-78: LGTM! Improved configurability with dynamic image selection.

The init container has been appropriately renamed from init-shared to volume-permissions (more descriptive), and now uses a template helper for the image reference. The addition of imagePullPolicy from values provides better control over image pulling behavior.

---

81-82: LGTM! Template-driven image configuration added.

The token-syncer container now uses a dynamic image reference via the helper template, replacing the hardcoded bitnami/kubectl:1.28. This enables proper configurability and supports the global image registry override pattern.

hosting/docker/webapp/docker-compose.yml (2)

142-142: LGTM! ClickHouse migrated to legacy registry.

The ClickHouse image correctly switches to bitnamilegacy registry while maintaining the configurable tag pattern via CLICKHOUSE_IMAGE_TAG environment variable.

---

186-186: LGTM! MinIO migrated to legacy registry.

The MinIO image correctly switches to bitnamilegacy registry while preserving the configurable tag pattern via MINIO_IMAGE_TAG environment variable.

hosting/k8s/helm/values.yaml (4)

383-386: LGTM: PostgreSQL image migration to legacy registry.

The migration to bitnamilegacy/postgresql is correctly configured. The commented image reference provides helpful documentation.

---

438-441: LGTM: Redis image migration to legacy registry.

The migration to bitnamilegacy/redis follows the same pattern as PostgreSQL and is correctly configured.

---

533-536: LGTM: ClickHouse image migration to legacy registry.

The migration to bitnamilegacy/clickhouse is correctly configured and consistent with other subchart migrations.

---

600-603: No issue – 2025.6.13 is a valid tag.

Bitnami’s legacy repository currently lists MinIO tags up through 2025.7.23, so the commented 2025.6.13 reference is correct.

Likely an incorrect or invalid review comment.

hosting/k8s/helm/templates/_helpers.tpl (2)

98-110: LGTM: volumePermissions image helper follows established patterns.

The helper template correctly implements registry override logic consistent with existing image helpers in the file.

---

112-124: LGTM: tokenSyncer image helper follows established patterns.

The helper template correctly implements registry override logic consistent with the volumePermissions helper and other image helpers in the file.