Upgrading with Streaming and Governance Charts

Changes in version 2026.1

Check the Axual 2026.1 Release Notes for more details

General prerequisites

Before you upgrade to 2026.1, please make sure:

You are performing the deployment with any of the following Axual Streaming 2025.4 versions
- Axual Streaming Charts 1.5.x series
You are performing the deployment with any of the following Axual Governance 2025.4 versions
- Axual Governance Charts 1.3.x series
You are running kubernetes version 1.24.x or later
You are not overriding any components' versions (search for tag: overrides in your values.yaml)

You can upgrade each part of the Axual Platform independently, we suggest starting from the Streaming and then move to the Governance.

Governance Prerequisites

Be sure to have set the connectionCollation=utf8mb4_unicode_ci parameter to the Platform Manager’s spring.datasource.url to connect to a mariadb or mysql database

platform-manager:
  config:
    spring:
      datasource:
        url: "[YOUR_EXISTING_JDBC_URL]&connectionCollation=utf8mb4_unicode_ci"

Performing the upgrade

Upgrade Axual Streaming to 1.6.0

Start with Axual Streaming 2025.4 being installed using Axual Streaming Charts of the 1.5.x series.

Use the general upgrade steps for upgrading best-practices.

Update the Axual helm repository to download the latest charts available
```
helm repo update
```

Upgrade the Axual Streaming installation

helm upgrade --install streaming oci://registry.axual.io/axual-charts/axual-streaming --version=1.6.0 -n kafka

This command will restart all streaming pods.

Once restarted, verify everything is running fine before considering the upgrade done.

Axual Governance Charts

Start from Axual Governance 2025.4 installed using Axual Governance Charts series 1.3.x.

Use the general upgrade steps for upgrading best-practices.

Performing the Upgrade

Update the Axual helm repository to download the latest charts available
```
helm repo update
```

Upgrade the Axual Governance installation

helm upgrade --install governance oci://registry.axual.io/axual-charts/axual-governance --version=1.4.0 -n kafka

This command will restart all governance pods.

Once restarted, verify everything is running fine before considering the upgrade done.

You can follow the Post upgrade section to enable new features.

Post upgrade

Migrate OTel configuration to Spring Boot 4.x keys

With the Axual Platform 2026.1 we have upgraded all our Spring Boot projects, except Platform Manager, to Spring Boot 4, this major Spring Boot update comes with integrated OpenTelemetry support.

The OpenTelemetry configuration for Spring Boot 3.5.x is still valid, but we advise migrating them to the new property keys.

Here is the table showing the mapping between Spring Boot 3.5.x and Spring Boot 4.x keys:

Spring Boot 3.5.x Property Key Spring Boot 4.x Property Key

Spring Boot 3.5.x Property Key	Spring Boot 4.x Property Key
`management.tracing.enabled`	`management.tracing.export.enabled`
`management.otlp.tracing.compression`	`management.opentelemetry.tracing.export.otlp.compression`
`management.otlp.tracing.connect-timeout`	`management.opentelemetry.tracing.export.otlp.connect-timeout`
`management.otlp.tracing.endpoint`	`management.opentelemetry.tracing.export.otlp.endpoint`
`management.otlp.tracing.export.enabled`	`management.tracing.export.otlp.enabled`
`management.otlp.tracing.headers`	`management.opentelemetry.tracing.export.otlp.headers`
`management.otlp.tracing.timeout`	`management.opentelemetry.tracing.export.otlp.timeout`
`management.otlp.tracing.transport`	`management.opentelemetry.tracing.export.otlp.transport`

management.tracing.enabled

management.tracing.export.enabled

management.otlp.tracing.compression

management.opentelemetry.tracing.export.otlp.compression

management.otlp.tracing.connect-timeout

management.opentelemetry.tracing.export.otlp.connect-timeout

management.otlp.tracing.endpoint

management.opentelemetry.tracing.export.otlp.endpoint

management.otlp.tracing.export.enabled

management.tracing.export.otlp.enabled

management.otlp.tracing.headers

management.opentelemetry.tracing.export.otlp.headers

management.otlp.tracing.timeout

management.opentelemetry.tracing.export.otlp.timeout

management.otlp.tracing.transport

management.opentelemetry.tracing.export.otlp.transport

We are going to drop support for OTel Spring Boot 3.5.x property-key support in Axual Platform 2026.3

Schema Registry Read-Only Access (`sr-readonly`)

Starting from version 2026.1, we have introduced support for a read-only role (sr-readonly) for applications that are not based on Kafka Streams (e.g., standard Producers and Consumers).

Previously, such applications were relying on anonymous read access. With this change:

Authenticated Read: It is now possible to disable anonymous read access in Apicurio, ensuring that only authenticated applications can read from the Schema Registry.
Role Management: The Platform Manager will automatically assign the sr-readonly role to non-Kafka Streams applications when generating their Schema Registry credentials. Kafka Streams based applications (including KSML) will continue to receive the sr-developer role to allow schema management. For more details on how to generate these credentials, see Generating Schema Registry Credentials.

Configuration Prerequisites

To ensure this feature works correctly after the upgrade:

Keycloak Realm Check: Verify that the sr-readonly role exists in your Apicurio Keycloak realm.
Add Role if Missing: If the sr-readonly role is not present, you must add it manually as a realm-level role before applications can be successfully configured with read-only access.
Disable Anonymous Read (Optional): Once the role is configured and applications are updated with the new credentials, you can safely remove the anonymous read configuration from your Apicurio instance to enhance security. For more information on configuring Apicurio, see Configuring Apicurio.