Upgrading from 2025.11 to the 2025.12 Innovation Release Innovation Release

Suggest edits

This documentation covers the current Innovation Release of EDB Postgres AI. You may also want the docs for the current LTS version.

Upgrade from 2025.11 to 2025.12.

Role: Infrastructure Engineer

Prerequisites

Administrative access to the Kubernetes cluster (kubectl, helm).
Access to the HM installation configuration file or values.yaml file used for the current installation. To save the contents of your current installation configuration:
```
helm get values edbpgai-bootstrap -n edbpgai-bootstrap > values.yaml
```
Required Tools:
- helm (Latest version recommended)
- cmctl (Cert-Manager CLI) - Required for 2025.11+

Upgrade 2025.11 → 2025.12

This release introduces new authentication secrets, updates the Data Migration Service (DMS) configuration, and deprecates several Beacon parameters.

Create Fernet secret

Before installing the 2025.12 chart, you must manually create the dex-fernet-key.

FERNET_KEY=$(head -c 32 /dev/urandom | base64 | tr '+/' '-_')

kubectl create secret generic dex-fernet-key \
  --from-literal=fernet-key="$FERNET_KEY" \
  -n upm-dex

Update `values.yaml`

Add DMS domain to values.yaml.
Add a new global parameter dms_domain_name.
```
parameters:
global:
    dms_domain_name: <your-hm-dms-domain-name> 
```
Remove deprecated fields.
Remove the following fields from your values.yaml:
- beaconAgent.plaintext
- beaconAgent.beaconServerAddress
- beaconAgent.tlsInsecure
- beaconAgent.inCluster

Critical infrastructure workaround

To ensure Postgres workloads schedule correctly, you must add a taint to a specific node pool.

Taint key: edbaiplatform.io/postgres
Value: 'true'
Effect: NoSchedule

Perform the upgrade

Update your Helm repo.
```
helm repo update
```

Perform the upgrade.

helm upgrade --install edbpgai-bootstrap enterprisedb-edbpgai/edbpgai-bootstrap \
  --version 2025.12.0 \
  --values values.yaml \
  --namespace edbpgai-bootstrap \
  --wait

Post-upgrade fixes

Re-initialize SPIRE (if trust domain changed).
In 2025.12, the trust_domain parameter is removed and defaults to portal_domain_name. If the trust_domain you set in version 1.3.0 differs from your Portal Domain, SPIRE breaks.
- Fix:
```
kubectl scale statefulset spire-server -n spire-system --replicas=0
kubectl delete pvc -l app=spire-server -n spire-system
kubectl scale statefulset spire-server -n spire-system --replicas=1
```
Reconfigure models
Knowledge Bases (KBs) may disappear from the UI after upgrade. To workaround, log in to the Portal, navigate to the Model Configuration page, and re-save your model settings.

← Prev

Upgrading from 2025.12 to the 2026.1 Innovation Release

↑ Up

Upgrading Hybrid Manager

Upgrading from 1.3.x to the 2025.12 Innovation Release