Grafana/Loki connectivity and Bitnami image migration

[ItsMurumba]

Summary

This PR fixes Loki's network configuration so Grafana and Promtail can reach it, and updates all Bitnami Docker image references to the bitnamilegacy repository.

---

Changes

1. Monitoring – Loki on default network

Problem	Loki was only on the minio network, so services on the stack's default network (e.g. Grafana, Promtail) could not resolve or reach loki:3100.
Fix	Add Loki to the default network in monitoring/docker-compose.yml while keeping it on minio for MinIO storage.
Result	Grafana can query Loki for the Container logs dashboard, and Promtail can push logs to Loki.

---

2. Bitnami – bitnamilegacy image migration

Context: Bitnami's Docker images have moved to the bitnamilegacy repository.

Change: All bitnami/ image references are updated to bitnamilegacy/ in package metadata:

Package	Images updated
database-postgres	postgresql-repmgr, pgpool
identity-access-manager-keycloak	postgresql-repmgr
client-registry-jempi	postgresql-repmgr
client-registry-santempi	postgresql-repmgr
message-bus-kafka	Kafka image

Summary by CodeRabbit

• Chores
  • Updated container image references for database services, message brokers, identity management, and client registry modules to legacy image variants, enhancing platform compatibility and infrastructure stability.
  • Reconfigured network settings for monitoring services to support expanded network connectivity and improved infrastructure integration.

[coderabbitai]

Walkthrough

Environment variables referencing Docker images across multiple service configurations were updated from Bitnami to Bitnamilegacy registry versions. Additionally, a network configuration was added to a monitoring service.

Changes

Cohort / File(s)	Summary
PostgreSQL Image Updates client-registry-jempi/package-metadata.json, client-registry-santempi/package-metadata.json, database-postgres/package-metadata.json, identity-access-manager-keycloak/package-metadata.json	Updated POSTGRESQL_IMAGE and POSTGRES_IMAGE environment variables from bitnami/postgresql-repmgr to bitnamilegacy/postgresql-repmgr across version variants (14 and 15.2.0).
Additional Database Image Update database-postgres/package-metadata.json	Updated PG_POOL_IMAGE from bitnami/pgpool:4.4.3 to bitnamilegacy/pgpool:4.4.3.
Kafka Image Update message-bus-kafka/package-metadata.json	Updated KAFKA_IMAGE from bitnami/kafka:3.4.0 to bitnamilegacy/kafka:3.4.0.
Network Configuration monitoring/docker-compose.yml	Added default network attachment to loki service alongside existing minio network.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• Cu 86bygn3jn images placement for client registry mapper kafka fhir #288: Modifies client-registry-jempi's package-metadata.json image-related environment variables, aligning with the PostgreSQL image reference migration pattern.
• feat(traefik): enhance file upload handling and timeouts #338: Updates database-postgres/package-metadata.json POSTGRES_IMAGE value, directly related to the image reference changes in this PR.

Suggested reviewers

• drizzentic
• sushantpatil1214

Poem

🐰 From Bitnami roads to legacy halls,
The images hop, the registry calls,
PostgreSQL, Kafka, and Pool unite,
With docker-compose networks in sight! 📦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures both primary changes: Loki network connectivity fixes and migration from Bitnami to Bitnamilegacy images across multiple services.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/grafana-loki-network

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@message-bus-kafka/package-metadata.json`:
- Line 9: The KAFKA_IMAGE metadata entry currently points to the unmaintained
legacy image "bitnamilegacy/kafka:3.4.0"; update the value of the KAFKA_IMAGE
key to use the supported Bitnami image (e.g., "bitnami/kafka:3.4.0" or a newer
supported tag) or, if you must keep that exact legacy image, document and
replace it with a mirrored image in your own registry; edit the
package-metadata.json KAFKA_IMAGE entry to one of these supported options and
ensure any deployment manifests referencing KAFKA_IMAGE use the new value.

🧹 Nitpick comments (2)

identity-access-manager-keycloak/package-metadata.json (1)

9-9: Consider pinning the image with a SHA digest for reproducibility.

The migration to bitnamilegacy/postgresql-repmgr:14 is consistent with the PR's objective. However, unlike database-postgres/package-metadata.json which pins the image with a SHA256 digest, this reference uses only a tag. Consider adding a digest for reproducible deployments and to guard against unexpected image changes.

database-postgres/package-metadata.json (1)

12-16: Good use of digest pinning for POSTGRES_IMAGE; consider the same for PG_POOL_IMAGE.

The SHA256 digest on POSTGRES_IMAGE ensures reproducible deployments. For consistency and the same security benefits, consider adding a digest to PG_POOL_IMAGE as well.

,

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

bitnamilegacy kafka Docker Hub image maintenance

💡 Result:

bitnamilegacy/kafka on Docker Hub is not maintained: it’s a legacy backup of older Bitnami Kafka images that will receive no further updates or support and is intended only for temporary migration; it may also be removed in the future, so you should mirror any tags you still depend on into your own registry. [1]

For ongoing maintenance/security updates, Bitnami directs users to move to Bitnami Secure Images, e.g. bitnami/kafka. [1][2]

---

🌐 Web query:

bitnamilegacy Docker repository security updates

💡 Result:

docker.io/bitnamilegacy/* images do not receive security updates.

• Bitnami’s own announcement for the 2025 catalog change says the Legacy repository (“docker.io/bitnamilegacy”) contains archived images that “will no longer receive updates, fixes, or support” and is intended only as a temporary fallback during migration. [1]
• Individual Docker Hub pages for bitnamilegacy/* (example: bitnamilegacy/nginx) explicitly warn: “This repository is no longer updated… will receive no further updates or support” and note it may be removed in the future. [2]

If you need ongoing security patching, Bitnami directs users to Bitnami Secure Images (paid) rather than bitnamilegacy. [1]

Sources: [1] [2]

---

🌐 Web query:

bitnamilegacy/kafka:3.4.0 Docker image

💡 Result:

• bitnamilegacy/kafka is Bitnami’s frozen/unsupported “legacy” repo: it receives no further updates/support and may be removed in the future (Bitnami recommends mirroring any tags you still depend on). [1]
• For Kafka 3.4.0, the Bitnami (non-legacy) image tag exists as bitnami/kafka:3.4.0 (APP_VERSION=3.4.0; Debian 11–based). Pull: docker pull bitnami/kafka:3.4.0. [2]
• If you were looking for an official ASF Kafka Docker image, note that apache/kafka images are available starting at Kafka 3.7.0 (so there is no apache/kafka:3.4.0). [3]

Sources: [1] Docker Hub: bitnamilegacy/kafka overview (legacy/no longer updated) • [2] Tag details for bitnami/kafka:3.4.0 • [3] Apache Kafka Docker docs (availability from 3.7.0)

---

Do not use bitnamilegacy/kafka:3.4.0—this image receives no security updates and may be removed without notice.

The bitnamilegacy repository contains frozen, unmaintained images with explicit warnings that they will receive no further updates or support and are intended only as a temporary fallback during migration. Use bitnami/kafka:3.4.0 from the maintained repository instead, or update to a newer supported version. If you must retain this legacy image, mirror it to your own registry as Bitnami explicitly recommends.

🤖 Prompt for AI Agents

In `@message-bus-kafka/package-metadata.json` at line 9, The KAFKA_IMAGE metadata
entry currently points to the unmaintained legacy image
"bitnamilegacy/kafka:3.4.0"; update the value of the KAFKA_IMAGE key to use the
supported Bitnami image (e.g., "bitnami/kafka:3.4.0" or a newer supported tag)
or, if you must keep that exact legacy image, document and replace it with a
mirrored image in your own registry; edit the package-metadata.json KAFKA_IMAGE
entry to one of these supported options and ensure any deployment manifests
referencing KAFKA_IMAGE use the new value.

[drizzentic]

LGTM! I think we need to figure out if we can also host some of this images in our harbour registry just incase they are removed from dockerhub.