Thursday, February 29, 2024

What’s new with Bitnami Application Catalog - Feb 2024 Edition

 Helping customers in their AI/ML journeys

Our focus on adding more Artificial Intelligence and Machine Learning (AI and ML)-related applications to our catalog to keep up with the increasing demand has led our team to write a series of “how to” blog posts. These blogs aim to help you get started with some popular AI/ML-related applications in our catalog and make the best use of them.

  • MLflow is an open source platform for managing the end-to-end machine learning lifecycle. This blog post helps you learn how to obtain the Bitnami-packaged MLflow Helm chart, how to deploy the Helm chart, and, finally, how to run some ML experiments to gather metrics. It also  provides a basic blueprint to help you integrate the MLflow module into your ML experiment.

  • Milvus is an open source vector database built for the development and maintenance of AI applications. Read this blog to learn how to obtain the Bitnami-packaged Milvus Helm chart and how to build an intelligent chatbot using Milvus and the BERT model for natural language processing (NLP).

  • OpenSearch is an open source search and analytics suite used for real-time application monitoring, log analytics, website search, and more. Read this blog to learn how to deploy Bitnami-packaged OpenSearch Helm chart, how to access the OpenSearch dashboard, and how to use the OpenSearch API.


A Seamless GitOps Experience: Integrating sealed secrets with Bitnami charts

If you are a developer who works with Bitnami packages, you’ve probably asked questions like what’s the best method to deploy a Bitnami chart with a specific password written in the values.yaml file? or what is the best way to use Bitnami charts with solutions like ArgoCD.  Using Sealed Secrets with existing Secrets is a valid approach if you are trying to deploy Sealed Secrets in your cluster. However, this could be a toilsome and complex approach. Read this blog to learn how you can avoid this toil by using a parameter called extraDeploy in the values.yaml file of Bitnami packages.

Apply user-defined application level customizations to meet enterprise policies

Tanzu Application Catalog, an enterprise version of Bitnami Application Catalog, now allows applying user-defined application customizations to all container images in the catalog. With this new capability, you can add application-specific post-build scripts into the Tanzu Application Catalog build process so your artifacts meet requirements such as installing certificates, adding plug-ins, or removing libraries or components from each container image. Read this tutorial to get step-by-step guidance on how to apply customizations to Tanzu Application Catalog container images.


SLSA Level 3 – Compliant Supply Chain to Deliver Enterprise-grade Open Source Software

If you love working with the Bitnami packages but at the same time need them delivered through a SLSA-3 compliant pipeline, you can now leverage Tanzu Application Catalog. Tanzu Application Catalog is fully compliant with Supply Chain Levels for Software Artifacts (SLSA) Level 3 security. This means that all the open source software packages delivered by Tanzu Application Catalog meet the SLSA Level 3 standards. This means that enterprises can use Tanzu Application Catalog to bake in your app-specific customizations with a SLSA 3-compliant supply chain. By doing so, you can get OSS containers that are customized for your requirements, ready to be deployed out of the box along with valid signatures and SBOMs, and built on a SLSA 3 pipeline.

For more details, check out this blog.

CNCF incubating project Notation for signing and verifying OCI artifacts

Tanzu Application Catalog now leverages Notation (in addition to Cosign) for signing and verifying Open Container Initiative (OCI) artifacts (container images, Helm charts, and metadata bundles). Notation is a CLI project that enables the addition of signatures as standard items in the OCI registry ecosystem and the ability to build a set of simple tooling to sign and verify these signatures. Notation is an implementation of the Notary Project specifications and is a CNCF incubating project.

For more details, see our blog.

Educational Resources

CCS Insight Report: Bringing Order to Open Source Software Deployment through Curated Catalogs

A new technology research paper by tech research and advisory firm CCS Insight sheds light on the challenges enterprises face when managing open source software. The report offers insights into the value provided by Tanzu Application Catalog, and you can. Download the report to understand how you can bring order to your open source software deployments.

Mitigating Open Source Software Supply Chain Risks (on-demand webinar)

Watch Brad Bock, Product Manager, Bitnami & Tanzu Application Catalog, take a deep dive into how enterprises can leverage Tanzu Application Catalog to improve your supply chain security without any compromise to developer experience in this webinar, now available for on-demand watch. 

Maximizing the power of VEX, SBoMs and CVE scan results for an efficient vulnerability assessment

With VEX, SBoMs, and CVE scan results, Tanzu Application Catalog acts as a centralized source of truth where you can not only get customizable, trusted, and verified OSS applications and components to build applications, but also get all the information required to efficiently manage and assess the vulnerabilities that may pose risk to your software supply chain.

Read this blog to learn more about VEX documentation, SBoMs and CVE scan results in Tanzu Application Catalog.

Sunday, February 25, 2024

Debian 12 is now the base operating system of Bitnami packages

We are happy to share that we have updated the base operating system (OS) of the community edition of all Bitnami-packaged containers and Helm charts to Debian 12 (bookworm) from Debian 11 (bullseye).

This update in our containers and Helm charts helps us keep system packages more updated and reduces the number of unfixed/unpatched vulnerabilities reported by vulnerability scanners. Although we regularly update our images with the latest system packages, certain CVEs may persist until they are patched in the OS. So, changing to a newer distro will allow us to speed up the updates on our catalog. You can learn more about our CVE policy here.

Users looking to go beyond Debian and use other renowned Linux distributions as the base OS of Bitnami-packaged containers and Helm charts can leverage Tanzu Application Catalog, an enterprise version of Bitnami Application Catalog. Tanzu Application Catalog offers various base images such as Debian 11 & 12, PhotonOS 4, Ubuntu 20.04 & 22.04, RedHat UBI 8 & 9, and custom-hardened golden images.

What changes are expected?

  • Container image tags
    • As per the Bitnami rolling tags policy, some tags will change to reflect the new distro version i.e. 6-debian-11 will be 6-debian-12.
    • Other rolling tags will point to the new Debian 12-based containers without an explicit mention in their name, i.e. latest.
    • The immutable tag will also change to show the new distro version, resetting the revision number, i.e. 6.4.1-debian-11-r4 will be 6.4.1-debian-12-r0.
    • There would not be any deletion of any image. All the Debian 11 images will persist in the registry.
  • bitnami/containers GitHub repository
    • In terms of the source code, the GitHub repository will change its directory structure from bitnami/ASSET/BRANCH/debian-11 to bitnami/ASSET/BRANCH/debian-12.
    • Please note both directories (debian-11 and debian-12) could coexist for some time.
  • Helm charts
    • Since backward compatibility won't be affected by a change in the distro version used by the containers, a major version bump of the Helm chart version is not expected.
    • A new version of every Helm chart will be released updating the bundled containers pointing to Debian 12-based images, i.e

  repository: bitnami/mariadb

-  tag: 11.1.3-debian-11-r0

+  tag: 11.1.3-debian-12-r0

 

repository: bitnami/os-shell

- tag: 11-debian-11-r91

+ tag: 12-debian-12-r0


If you have any questions regarding this update, please feel free to get in touch with our team through this GitHub issue.

Thursday, November 30, 2023

Deploy Continuously Updated Apps into AKS Clusters with Bitnami and Azure Kubernetes Applications

A few months ago, we  announced the release of a set of Bitnami solutions packaged in the form of Azure Marketplace Kubernetes (AKS) applications. 

We are proud to continue our partnership with Azure, taking a step forward to provide users with the latest, most convenient, and secure method to install software on Kubernetes: Azure Kubernetes applications. These applications replace Bitnami’s prior offerings of Helm charts and container images in the Azure Marketplace to simplify the provisioning of AKS clusters, enabling one-click deployments directly from the Azure Marketplace user interface (UI). Furthermore, users can install Kubernetes apps using the CLI, providing flexibility in deployment methods according on their needs.   

Keep reading to learn the benefits of deploying Azure Kubernetes applications packaged by Bitnami and how to get started through the Azure Marketplace.  

What are Azure Kubernetes applications? 

Azure Kubernetes applications, introduced by Microsoft Cloud Marketplace for AKS in 2022, that enable partners to develop, release, and manage Kubernetes solutions for the Microsoft Azure marketplace. This new offering brings seamless deployment to the Azure Kubernetes Service along with flexible billing options.  

These Kubernetes applications are packaged using Cloud Native Application Bundles (CNAB), an open source package format specification for bundling and installing distributed applications adopted by notable open source software providers such as Isovalent, Cast AI, Weaveworks, and Bitnami.  

There are many benefits for Microsoft Azure partners when packaging their Helm charts and containers as Kubernetes applications, but let’s see how these translate into advantages for users. 

Streamlined deployment of open source solutions  

Previously, deploying Bitnami Helm charts on Azure Kubernetes Service was a tedious task that involved many steps going back and forth between the terminal and the Azure Marketplace UI.  

Now with Azure Kubernetes Applications, both the deployment and lifecycle management of applications is much simpler, enhancing the productivity of development and operations teams. 

Simplified configuration and deployment 

Development environments on Azure Marketplace and Bitnami-packaged open- source applications come with the necessary dependencies and pre-configurations to deploy them with the assurance of working out-of-the-box without the need for additional configurations. Added to this, Azure Kubernetes applications simplify the process of provisioning and deploying an application on an AKS cluster.  

Now, run an AKS cluster and deploy a Kubernetes application is as simple as activating a checkbox and entering a few parameters in the UI. Furthermore, in the same process you will be able to resolve all dependencies, set the application parameters, and automate its upgrades, all in one go.   

Streamlined Day 2 operations 

Azure Marketplace Kubernetes applications automate application lifecycle management, including the ability to enable automated minor upgrades at deployment time, ensuring users always have the latest application version without additional effort.  

Stronger security 

Selecting a "Kubernetes application packaged by Bitnami" in the Azure Marketplace ensures you receive the latest version of the application, packaged with industry-standard security best practices. Additionally, all new packages undergo CVE scanning to identify critical vulnerabilities before being published. If critical vulnerabilities are detected, the application won't be published until Bitnami resolves the issue by updating the application code to the latest upstream version, mitigating risks associated with using open source software. 

Reduced billing and consumption 

All Bitnami applications available in the Azure Marketplace are free.  

Get started with Azure Kubernetes applications packaged by Bitnami through the Azure Marketplace 

To get Bitnami solutions packaged as Azure Kubernetes applications, follow the steps below: 

  1. Navigate to the Azure portal and click “Marketplace”.  
  2. In the search bar, enter “Bitnami”. In the resulting screen you will see a list of all the solutions offered by Bitnami. (Optionally, you can get a list of all Kubernetes applications available in the Azure Marketplace by searching for “kubernetesapp”). 
  3. In the left-side menu, filter by “Containers”. It will display all the Bitnami solutions available as Kubernetes applications. The following example shows how to deploy NGINX Open Source packaged by Bitnami, but as you can see in the video at the end of this section, there are many other applications available that are equally easy to set up. 


4. In the resulting screen, you will see all the application details. Click “Create” to begin its deployment on an AKS cluster.