Request
The third-party container images used in both the Helm chart and docker-compose are pinned
to outdated versions:
| Image |
Current Version |
Location |
| MariaDB |
mariadb:10-jammy |
templates/database-statefulset.yaml, docker-compose-all.yaml |
| MongoDB |
mongo:7.0.1 |
templates/results-cache-statefulset.yaml, docker-compose-all.yaml |
| RabbitMQ |
rabbitmq:3.9.8 |
templates/queue-statefulset.yaml, docker-compose-all.yaml |
| Redis |
redis:7.2.4 |
templates/redis-statefulset.yaml, docker-compose-all.yaml |
| kubectl (init containers) |
bitnami/kubectl:latest |
templates/_helpers.tpl |
These should be updated to their latest stable versions. bitnami/kubectl:latest should
be pinned to a specific version (mutable :latest tags are unreliable and may break
without warning).
This matters for:
- Security: Older image versions accumulate known CVEs. AWS Marketplace submission
will reject images with critical vulnerabilities.
- Compatibility: Newer versions include bug fixes and performance improvements.
- Reproducibility:
bitnami/kubectl:latest is non-deterministic and can change at
any time.
Possible implementation
-
Update each image tag to the latest stable release:
mariadb:10-jammy -> latest MariaDB 11.x LTS (or latest 10.x if 11.x has breaking
changes)mongo:7.0.1 -> latest mongo:7.0.x or mongo:8.0.xrabbitmq:3.9.8 -> latest rabbitmq:3.13.x or rabbitmq:4.xredis:7.2.4 -> latest redis:7.4.xbitnami/kubectl:latest -> bitnami/kubectl:<specific-version> (e.g., 1.31.x)
-
Update in both locations:
- Helm chart:
tools/deployment/package-helm/templates/ (statefulset and _helpers.tpl
files)
- Docker Compose:
tools/deployment/package/docker-compose-all.yaml
-
Test that CLP still functions correctly with the updated images (DB migrations,
RabbitMQ Celery compatibility, Redis protocol compatibility, MongoDB driver
compatibility).
- Compress sample datasets
- Query the compressed data with various methods including the API server, sbin scripts,
and the Web UI.
Request
The third-party container images used in both the Helm chart and docker-compose are pinned
to outdated versions:
mariadb:10-jammytemplates/database-statefulset.yaml,docker-compose-all.yamlmongo:7.0.1templates/results-cache-statefulset.yaml,docker-compose-all.yamlrabbitmq:3.9.8templates/queue-statefulset.yaml,docker-compose-all.yamlredis:7.2.4templates/redis-statefulset.yaml,docker-compose-all.yamlbitnami/kubectl:latesttemplates/_helpers.tplThese should be updated to their latest stable versions.
bitnami/kubectl:latestshouldbe pinned to a specific version (mutable
:latesttags are unreliable and may breakwithout warning).
This matters for:
will reject images with critical vulnerabilities.
bitnami/kubectl:latestis non-deterministic and can change atany time.
Possible implementation
Update each image tag to the latest stable release:
mariadb:10-jammy-> latest MariaDB 11.x LTS (or latest 10.x if 11.x has breakingchanges)
mongo:7.0.1-> latestmongo:7.0.xormongo:8.0.xrabbitmq:3.9.8-> latestrabbitmq:3.13.xorrabbitmq:4.xredis:7.2.4-> latestredis:7.4.xbitnami/kubectl:latest->bitnami/kubectl:<specific-version>(e.g.,1.31.x)Update in both locations:
tools/deployment/package-helm/templates/(statefulset and_helpers.tplfiles)
tools/deployment/package/docker-compose-all.yamlTest that CLP still functions correctly with the updated images (DB migrations,
RabbitMQ Celery compatibility, Redis protocol compatibility, MongoDB driver
compatibility).
and the Web UI.