feat(docker): use hardened images for kubectl and redis dependencies

lwille · lwille · commit 96c254109f2b · 2026-02-18T16:21:09.000+01:00
related to WPB-23412
diff --git a/charts/reaper/values.yaml b/charts/reaper/values.yaml
@@ -1,8 +1,8 @@
 image:
   # Use a kubectl image that includes a shell (sh/bash). Distroless images will fail to exec the script.
-  registry: docker.io
-  repository: bitnamilegacy/kubectl
-  tag: 1.32.4
+  registry: dhi.io
+  repository: kubectl
+  tag: 1.35.0
 podSecurityContext:
   allowPrivilegeEscalation: false
   capabilities:
diff --git a/charts/redis-ephemeral/values.yaml b/charts/redis-ephemeral/values.yaml
@@ -1,6 +1,8 @@
 redis-ephemeral:
   image:
-    tag: "7.4.6"
+    registry: dhi.io
+    repository: redis
+    tag: "7.4.7"
 
   haMode:
     enabled: false
diff --git a/charts/restund/values.yaml b/charts/restund/values.yaml
@@ -12,9 +12,9 @@ image:
 
 kubectlImage:
   # Use a kubectl image that includes a shell (sh/bash). Distroless images will fail to exec the script.
-  registry: docker.io
-  repository: bitnamilegacy/kubectl
-  tag: 1.32.4
+  registry: dhi.io
+  repository: kubectl
+  tag: 1.35.0
 
 # If you have multiple deployments of Restund running in one cluster, it is
 # important that they run on disjoint sets of nodes, you can use nodeSelector to enforce this
diff --git a/hack/helm_vars/redis-ephemeral/values.yaml b/hack/helm_vars/redis-ephemeral/values.yaml
@@ -1,7 +1,7 @@
 redis-ephemeral:
   image:
-    registry: public.ecr.aws
-    repository: docker/library/redis
+    registry: dhi.io
+    repository: redis
 
   redisConfig: |
     requirepass very-secure-redis-master-password
