Problem
Bitnami charts reject images from non-standard registries with "Original containers have been substituted for unrecognized ones." The fix is global.security.allowInsecureImages=true, but the flag name implies the vendor is doing something dangerous when they're actually using Replicated's authenticated proxy registry.
The error message itself is clear and includes the workaround, so this is more of a naming/perception concern. But vendors (and their security teams) see "allowInsecureImages" and question whether this is the right approach.
Multiple bootcampers hit this (Amber #7, Nic #9). The error is self-resolving but the flag name creates unnecessary doubt.
Source
Nic (DexaDuel bootcamp friction log, #9), Amber (bootcamp #7)
Proposed fix
This is a docs item rather than a code fix (the flag is Bitnami's, not ours):
Add a note to the image proxying docs: "Bitnami subcharts require global.security.allowInsecureImages=true when using the Replicated proxy. Despite the name, this flag permits non-Bitnami registries, not insecure connections. Your images are still pulled over HTTPS with authentication."
Problem
Bitnami charts reject images from non-standard registries with "Original containers have been substituted for unrecognized ones." The fix is global.security.allowInsecureImages=true, but the flag name implies the vendor is doing something dangerous when they're actually using Replicated's authenticated proxy registry.
The error message itself is clear and includes the workaround, so this is more of a naming/perception concern. But vendors (and their security teams) see "allowInsecureImages" and question whether this is the right approach.
Multiple bootcampers hit this (Amber #7, Nic #9). The error is self-resolving but the flag name creates unnecessary doubt.
Source
Nic (DexaDuel bootcamp friction log, #9), Amber (bootcamp #7)
Proposed fix
This is a docs item rather than a code fix (the flag is Bitnami's, not ours):
Add a note to the image proxying docs: "Bitnami subcharts require global.security.allowInsecureImages=true when using the Replicated proxy. Despite the name, this flag permits non-Bitnami registries, not insecure connections. Your images are still pulled over HTTPS with authentication."