Upgrading from 2024.3 LTS to 2025.2 LTS with Streaming and Governance Charts

General prerequisites

Before you upgrade to 2025.2 LTS, please make sure:

  • You are performing the deployment with any of the following Axual Streaming 2024.3 LTS versions

    • Axual Streaming Charts 1.0.x series

  • You are performing the deployment with any of the following Axual Governance 2024.3 LTS versions

    • Axual Governance Charts 0.5.x series

  • You are running kubernetes version 1.24.x or later

  • You are not overriding any components' versions (search for tag: overrides in your values.yaml)

You can upgrade each part of the Axual Platform independently, we suggest starting from the Streaming and then move to the Governance.

Performing the upgrade

Use the general upgrade steps for upgrading best-practice.

Axual Streaming Charts

Please note that to upgrade to the 1.3.x version, a version of the Strimzi Operator that supports Kafka 3.9.0 version must be running; otherwise you need to override the Kafka version to your running version.

You can check compatibility on the Strimzi supported versions page.

Start with Axual Streaming 2024.3 LTS being installed using Axual Streaming Charts of the 1.0.x series.

  1. Update the Axual helm repository to download the latest charts available

    helm repo update

  2. Upgrade the Axual Streaming installation

    helm upgrade --install streaming oci://registry.axual.io/axual-charts/axual-streaming --version=1.3.0 -n kafka
    This command will restart all streaming pods.

OAuth support for Rest Proxy

In the 2025.2 version, we have introduced OAuth support for Rest Proxy.

For more information on the feature, you can refer to Rest Proxy Security documentation.

In case you have decided to enable the OAuth support for Rest Proxy, please follow the following steps.

Otherwise, you can consider the upgrade of the Streaming done.

  1. To enable the OAuth support for Rest Proxy update the rest-proxy section in the values.yaml for your Streaming installation as shown below:

    rest-proxy:
  spring:
    security:
      oauth2:
        resourceserver:
          jwt:
            issuer-uri: "https://<keyloak.url>/auth/realms/<realm>" (1)
  security:
    oauth:
      enabled: true
      principal-claim-name: "<your-claim-name>" (2)
    mtls:
      enabled: true (3)
    1 Used by spring to validate the JWT tokens provided in requests
    2 Required if oauth is enabled. Name of the claim from the JWT authentication token which will be used to extract the user principal.
    3 Default enabled, both are supported simultaneously, TLS takes precedence

  2. Upgrade the Axual Streaming installation with updated values.yaml

    helm upgrade --install streaming oci://registry.axual.io/axual-charts/axual-streaming --version=1.3.0 -n kafka
    This command will restart all streaming pods.

Once restarted, verify everything is running fine before considering the upgrade done.

Axual Governance Charts

Start from Axual Governance 2024.3 LTS installed using Axual Governance Charts series 0.5.x.

  1. Update the Axual helm repository to download the latest charts available

    helm repo update

Decommissioning of Organization Manager

In the 2025.1 version, we have removed the Organization Manager component and migrated all its functionality to the Platform Manager.

  1. To keep managing the Keycloak realms update the platform-manager section in the values.yaml for your Governance installation as shown below:

    platform-manager:
  config:
    axual:
      # Keycloak Configuration
      organization-manager:
        auth-provider: "keycloak"
        keycloak:
          url: "https://<keyloak.url>/auth" (1)
          username: "<admin-username>" (2)
          password: "<admin-password>" (3)
          # localRealm: "local" (4)
          # masterRealm: "master" (5)
          # clientId: "admin-cli" (6)
    1 Used by platform-manager to authenticate against the Keycloak
    2 Admin username in the master realm
    3 Admin password in the master realm
    4 The name of the local realm in your Keycloak Default is local
    5 The name of the master realm in your Keycloak (Default is master)
    6 The name of the master realm ClientId used to authenticate the Admin user (Default is admin-cli)

  2. Then update the api-gateway section in the value.yaml for your Governance to not redirect requests to the Organization Manager component as shown below:

    api-gateway:
  config:
    gateway:
      endpoints:
        ## This is deprecated, we are using Platform Manager to interact with Governance's Keycloak
        organizationManager:
          enabled: false
          url: "https://<keycloak.url>"

  3. Upgrade the Axual Governance installation with updated values.yaml

    helm upgrade --install governance oci://registry.axual.io/axual-charts/axual-governance --version=1.1.0 -n kafka
    This command will restart all governance pods.

Auditing feature for Axual Platform

In the 2025.1 version, we have introduced the Auditing Feature which requires extra configuration to be provided to the Platform Manager and Platform UI.

In case you have decided to enable the Auditing Feature for Axual Platform, please follow the following steps.

Otherwise, you can consider the upgrade of the Governance done.

  1. To enable the Auditing feature update the platform-manager and platform-ui sections in the values.yaml for your Governance installation as shown below:

    platform-manager:
  config:
    axual:
      # Auditing Feature
      audit:
        enabled: true

platform-ui:
  config:
    # Auditing Feature
    auditHistoryEnabled: true

  2. Upgrade the Axual Governance installation with updated values.yaml

    helm upgrade --install governance oci://registry.axual.io/axual-charts/axual-governance --version=1.1.0 -n kafka
    This command will restart all governance pods.

Once restarted, verify everything is running fine before considering the upgrade done.