Certainly glad I had my suspicions of Bitnami rugpulling when constructing my Kubernetes cluster and preemptively stripped out as much as possible from helm charts that relied on anything Bitnami. This is going to suck for a lot of people and organizations given that images like rabbitmq, postgres, oauth2-proxy, minio among many others are affected.
It’s not a full rugpull yet, but not being able to pin versions for the newer security-hardened images is already a huge issue for many pieces of software. Especially for things like not being able to pin to a major version of postgres will cause major problems over time for cluster admins and helm chart developers alike if they don’t migrate to other solutions.
Who knows if (when) Bitnami decides to go further in restricting their images, charts from being free and open. I do wish in the future that more helm chart developers would know the caution that should be taken when trusting anything touched by Broadcom of all companies. Maybe this is the necessary warning sign for many.
You’re likely looking for this docs section for Caddy. The failure is the automated request to populate Caddy’s root CA cert to the host system, but obviously failed as it doesn’t have root permissions. As the docs state, if you intend to use the local HTTPS functionality of Caddy, you can manually run
caddy trustprivileged in order to populate the Caddy root CA cert manually. If you intend to disable the local HTTPS functionality (such as if you’re running Caddy behind a http reverse proxy), you can ignore the mail message.