Migrating from v4.x to v5.x
Pre-upgrade checklist
Backup existing Helm releases:helm get values -n midaz midaz > midaz-v4-backup.yaml
Decision required: Choose your deployment strategy (Ledger service or legacy Onboarding/Transaction).
If migrating to Ledger service, prepare new secrets with module-specific prefixes.
Schedule a maintenance window.
Breaking changes in v5.x
New Ledger service available
Starting from version 5.0, the Ledger service is available (ledger.enabled: false by default). When enabled, this service combines the functionality of both onboarding and transaction modules into a single deployment.The separate onboarding and transaction services will become legacy in a future release. The unified Ledger service will become mandatory. We strongly recommend planning your migration to the Ledger service.
| Setting | v4.x (before) | v5.x (after) |
|---|
| ledger.enabled | N/A | false |
| onboarding.enabled | true | true (auto-disabled when ledger is enabled) |
| transaction.enabled | true | true (auto-disabled when ledger is enabled) |
- The
midaz-onboarding and midaz-transaction deployments will be removed.
- A new
midaz-ledger deployment will be created.
- Ingresses will automatically redirect to the Ledger service (DNS compatibility maintained).
- Environment variables and secrets structure changes (module-specific prefixes).
App version bump
Midaz has been bumped to v3.5.1.Migration options
Option 1: Keep using Onboarding and Transaction (gradual migration)
Add the following to your values override to maintain the current behavior:ledger:
enabled: false
onboarding:
enabled: true
transaction:
enabled: true
Option 2: Run all services simultaneously (testing/migration period)
Use the hidden migration.allowAllServices flag to run all three services during the migration:ledger:
enabled: true
onboarding:
enabled: true
transaction:
enabled: true
migration:
allowAllServices: true
This mode is intended for testing and migration only. Do not use in production long-term.
Option 3: Migrate to Ledger (recommended)
Accept the new architecture and migrate to the unified Ledger service:Before upgrading: Ensure your databases are ready (same databases, new environment variable names).
Update secrets: Create new secrets with module-specific prefixes (see Ledger Configuration Reference below).
Upgrade: Run helm upgrade with the new chart version.
Verify: Check that the Ledger service is healthy and ingresses are working.
ledger:
enabled: true
onboarding:
enabled: false
transaction:
enabled: false
New features in v5.x
Unified Ledger service
A new Ledger service that combines onboarding and transaction modules into a single deployment.Key characteristics:
- Single HTTP endpoint (port 3000 by default)
- Separate database configurations for each module
- Shared Redis and RabbitMQ connections
- New Balance Sync Worker for background processing
New environment variables:# Balance Sync Worker
BALANCE_SYNC_WORKER_ENABLED: "false"
BALANCE_SYNC_MAX_WORKERS: "5"
Ingress redirection to Ledger
When Ledger is enabled, existing ingresses automatically redirect traffic to the Ledger service, maintaining DNS compatibility.| ledger.enabled | migration.allowAllServices | onboarding ingress target | transaction ingress target |
|---|
| false | false (default) | midaz-onboarding | midaz-transaction |
| true | false (default) | midaz-ledger | midaz-ledger |
| true | true | midaz-onboarding | midaz-transaction |
CRM service integration
The CRM service is now available as an integrated component, moving from midaz-plugins to midaz namespace.Migration from plugin-crm:Deploy the new CRM in the midaz namespace:crm:
enabled: true
configmap:
MONGO_HOST: "midaz-mongodb"
MONGO_NAME: "crm"
Migrate your data from the old MongoDB to the new one (if using separate databases).
Update your ingress/DNS to point to the new CRM service.
Remove the old plugin-crm release from midaz-plugins namespace.
Upgrade command
helm upgrade midaz oci://registry-1.docker.io/lerianstudio/midaz-helm --version 5.x.x -n midaz
Rollback procedure
# List release history
helm history midaz -n midaz
# Rollback to previous version
helm rollback midaz <REVISION> -n midaz
# Or explicitly disable ledger
helm upgrade midaz oci://registry-1.docker.io/lerianstudio/midaz-helm \
--set ledger.enabled=false \
--set onboarding.enabled=true \
--set transaction.enabled=true \
-n midaz
Common issues
Ledger service fails to start
- Verify that all module-specific environment variables and secrets are configured with the new prefixes (
DB_ONBOARDING_*, DB_TRANSACTION_*, etc.).
Ingress not routing to Ledger
- Ensure
ledger.enabled: true and migration.allowAllServices is not set to true.
Missing secrets after enabling Ledger
- Create new secrets with module prefixes:
DB_ONBOARDING_PASSWORD instead of DB_PASSWORDDB_TRANSACTION_PASSWORD instead of DB_PASSWORDMONGO_ONBOARDING_PASSWORD instead of MONGO_PASSWORDMONGO_TRANSACTION_PASSWORD instead of MONGO_PASSWORD
Migrating from v3.x to v4.x
Pre-upgrade checklist
Backup existing Helm releases:helm get values -n midaz midaz > midaz-v3-backup.yaml
Critical: Backup RabbitMQ data and definitions before upgrading.
Schedule a maintenance window.
Breaking changes in v4.x
RabbitMQ dependency change to Groundhog2k
The RabbitMQ chart dependency has been replaced from Bitnami to Groundhog2k.This change may lead to PersistentVolumeClaim (PVC) data loss when upgrading existing installations because the underlying StatefulSet, volume mounts, and configuration differ from the previous dependency.
- The Groundhog2k chart requires a valid Erlang cookie. Set
rabbitmq.authentication.erlangCookie.value to a 32+ character printable string with no spaces. If missing or empty, RabbitMQ will fail to start.
- If you need to preserve existing data, back up and plan a controlled migration of PVCs and definitions before upgrading.
Required configuration:rabbitmq:
authentication:
erlangCookie:
value: "<32+ printable characters without spaces>"
This breaking change only impacts deployments that use the chart’s default RabbitMQ (rabbitmq.enabled: true). If you run an external or managed RabbitMQ, you are not affected.
App version bump
Midaz has been bumped to v3.3.1.New features in v4.x
BitnamiSecure images for core data services
The default images for core data services now use the BitnamiSecure repositories with the latest tag:| Service | Image Source | Tag |
|---|
| PostgreSQL | BitnamiSecure | latest |
| MongoDB | BitnamiSecure | latest |
| Valkey | BitnamiSecure | latest |
values.yaml:postgresql:
image:
tag: "16.2.0"
mongodb:
image:
tag: "7.0.5"
valkey:
image:
tag: "7.2.4"
Official NGINX image for Microfrontends
The previous Bitnami NGINX dependency was replaced with an internal template based on the official nginx image.If you previously customized the Bitnami-based NGINX configuration, review the new templates under templates/console/ and adjust your values accordingly.
Why we changed Bitnami dependencies
We moved away from Bitnami dependencies due to policy changes impacting stability and operations. For more context, see:Upgrade command
helm upgrade midaz oci://registry-1.docker.io/lerianstudio/midaz-helm --version 4.0.0 -n midaz
Rollback procedure
# List release history
helm history midaz -n midaz
# Rollback to previous version
helm rollback midaz <REVISION> -n midaz
Due to the RabbitMQ dependency change, rolling back may require manual intervention to restore PVCs and data. Ensure you have backups before upgrading.
Common issues
RabbitMQ fails to start
- Ensure the Erlang cookie is set correctly (32+ printable characters, no spaces).
RabbitMQ PVC data loss
- This is expected due to the dependency change. Export RabbitMQ definitions before upgrading and restore after.
NGINX configuration issues
- Review the new NGINX templates under
templates/console/ and update your overrides.
Migrating from v3.x to v5.x (skip v4.x)
If you’re upgrading directly from v3.x to v5.x, you need to address breaking changes from both versions.Pre-upgrade checklist
Backup existing Helm releases:helm get values -n midaz midaz > midaz-v3-backup.yaml
Critical: Backup RabbitMQ data and definitions (v4.x breaking change).
Decision required: Choose your deployment strategy - Ledger service or legacy Onboarding/Transaction (v5.x breaking change).
If migrating to Ledger service, prepare new secrets with module-specific prefixes.
Schedule a maintenance window.
Breaking changes to address
From v4.x: RabbitMQ dependency change
The RabbitMQ chart dependency changed from Bitnami to Groundhog2k. This may lead to PVC data loss. Back up RabbitMQ data before upgrading.
rabbitmq:
authentication:
erlangCookie:
value: "<32+ printable characters without spaces>"
From v5.x: New Ledger service
The unified Ledger service is available and will become mandatory in a future release. Plan your migration strategy.
ledger:
enabled: false
onboarding:
enabled: true
transaction:
enabled: true
rabbitmq:
authentication:
erlangCookie:
value: "<32+ printable characters>"
ledger:
enabled: true
onboarding:
enabled: false
transaction:
enabled: false
rabbitmq:
authentication:
erlangCookie:
value: "<32+ printable characters>"
DB_ONBOARDING_PASSWORD, DB_TRANSACTION_PASSWORDMONGO_ONBOARDING_PASSWORD, MONGO_TRANSACTION_PASSWORD
Upgrade command
helm upgrade midaz oci://registry-1.docker.io/lerianstudio/midaz-helm --version 5.x.x -n midaz
What changes from v3.x
| Change | Source Version | Impact |
|---|
| RabbitMQ Groundhog2k | v4.x | Requires Erlang cookie, possible PVC data loss |
| BitnamiSecure images | v4.x | PostgreSQL, MongoDB, Valkey use hardened images |
| Official NGINX | v4.x | Review custom NGINX configs |
| Ledger service | v5.x | New unified service (optional but recommended) |
| CRM integration | v5.x | Moves from midaz-plugins to midaz namespace |
