enhance air-gapped settings section, introducing support for multiple CA certificates #231
Merged
danciaclara merged 6 commits intomasterfrom Mar 3, 2026
Merged
enhance air-gapped settings section, introducing support for multiple CA certificates #231danciaclara merged 6 commits intomasterfrom
danciaclara merged 6 commits intomasterfrom
Conversation
…ttings section, introducing support for multiple CA certificates via `airgapped.s3Secrets`. Deprecated single-secret configuration is still supported for backward compatibility. Added migration instructions for users transitioning from the old configuration.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughBumped Plane and component version references to v2.4.0; replaced single S3 CA secret fields with an Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/self-hosting/methods/kubernetes.md`:
- Line 42: The warning example for PLANE_VERSION uses "2.4.0" while the rest of
the doc uses the "v" prefixed format; update the example in the warning so
PLANE_VERSION consistently shows the same format (e.g., change the warning's
`2.4.0` to `v2.4.0`) to avoid copy/paste ambiguity and ensure uniformity across
the document (look for the PLANE_VERSION environment variable example and the
warning text to update).
- Around line 137-144: The closing Markdown code fence for the YAML snippet is
malformed due to a trailing pipe character; locate the YAML block (the
airgapped: ... s3Secrets: ... snippet) and replace the erroneous closing line
that contains "``` |" with a proper standalone closing triple-backtick line
"```" so the code fence closes correctly and Prettier/Markdown rendering no
longer fails.
…r consistency across self-hosting guides.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/self-hosting/methods/airgapped-edition-kubernetes.md`:
- Around line 91-95: The YAML example under s3Secrets has inconsistent list
indentation causing Prettier CI failures; fix by normalizing to 2-space nesting
for the s3Secrets mapping and its list items (ensure each list item uses
two-space indentation and its keys like name and key are indented two spaces
beneath the dash), e.g., align the "- name: plane-s3-ca" and "- name:
plane-s3-ca-2" entries and their "key" fields consistently under s3Secrets so
Prettier formatting passes.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
docs/self-hosting/govern/advanced-search.mddocs/self-hosting/govern/plane-ai.mddocs/self-hosting/methods/airgapped-edition-kubernetes.md
✅ Files skipped from review due to trivial changes (2)
- docs/self-hosting/govern/plane-ai.md
- docs/self-hosting/govern/advanced-search.md
There was a problem hiding this comment.
🧹 Nitpick comments (2)
docs/self-hosting/methods/kubernetes.md (2)
121-127: Consider breaking up the long table cell description.Line 124's description is comprehensive (~330+ characters) but quite dense. For better readability, consider moving the
kubectlcommand example to the CA certificate configuration section below (lines 128-134) where it would naturally fit with the other guidance.♻️ Optional refactor suggestion
Keep the table description concise:
-| airgapped.s3Secrets | [] | No | List of Kubernetes Secrets containing CA certificates to install. Each entry requires `name` (Secret name) and `key` (filename in the Secret). Example: `kubectl -n plane create secret generic plane-s3-ca --from-file=s3-custom-ca.crt=/path/to/ca.crt`. Supports multiple certs (e.g. S3 + internal CA). | +| airgapped.s3Secrets | [] | No | List of Kubernetes Secrets containing CA certificates to install. Each entry requires `name` (Secret name) and `key` (filename in the Secret). Supports multiple certificates (e.g., S3 + internal CA). See CA certificate configuration below for setup example. |Then add the
kubectlexample in the CA certificate configuration section.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/self-hosting/methods/kubernetes.md` around lines 121 - 127, The table cell for airgapped.s3Secrets / airgapped.s3SecretName / airgapped.s3SecretKey is too long—trim the table description to a concise sentence describing that s3Secrets is the preferred list of Secrets and the other two fields are deprecated; then move the kubectl example (the create secret command) out of the table and insert it into the CA certificate configuration section below where CA installation and secret usage are explained; update wording to reference airgapped.s3Secrets as the preferred multi-cert field and note that s3SecretName/s3SecretKey are deprecated and only used when s3Secrets is empty (preserve that behavior note).
135-156: Clarify when to remove deprecated settings.The migration instructions have a minor ambiguity about timing:
- The YAML comment (line 151) says settings "can be removed after migration"
- Step 2 (line 154) instructs users to remove them before the Helm upgrade (step 3)
This could confuse users about whether to remove the old settings before or after running the Helm upgrade.
📝 Suggested clarification
Update line 151 to match the step sequence:
- # s3SecretName and s3SecretKey can be removed after migration + # Remove s3SecretName and s3SecretKey as shown in step 2 belowOr alternatively, show both configurations in the YAML example to make it clearer:
airgapped: enabled: true s3Secrets: - name: plane-s3-ca # same as your previous s3SecretName key: s3-custom-ca.crt # same as your previous s3SecretKey # Remove these deprecated settings: # s3SecretName: plane-s3-ca # s3SecretKey: s3-custom-ca.crt🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/self-hosting/methods/kubernetes.md` around lines 135 - 156, The YAML comment about deprecated fields is inconsistent with the step sequence; update the example so it explicitly matches Step 2/3 by either (a) changing the inline comment next to s3Secrets to state that s3SecretName and s3SecretKey should be removed after you perform the Helm upgrade (e.g., "Remove these deprecated settings after upgrading your Helm release"), or (b) include both the new s3Secrets block and the deprecated s3SecretName/s3SecretKey values commented out with a clear note "Remove these deprecated settings after upgrade"; ensure references to s3Secrets, s3SecretName, and s3SecretKey are used so readers understand which keys to remove.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@docs/self-hosting/methods/kubernetes.md`:
- Around line 121-127: The table cell for airgapped.s3Secrets /
airgapped.s3SecretName / airgapped.s3SecretKey is too long—trim the table
description to a concise sentence describing that s3Secrets is the preferred
list of Secrets and the other two fields are deprecated; then move the kubectl
example (the create secret command) out of the table and insert it into the CA
certificate configuration section below where CA installation and secret usage
are explained; update wording to reference airgapped.s3Secrets as the preferred
multi-cert field and note that s3SecretName/s3SecretKey are deprecated and only
used when s3Secrets is empty (preserve that behavior note).
- Around line 135-156: The YAML comment about deprecated fields is inconsistent
with the step sequence; update the example so it explicitly matches Step 2/3 by
either (a) changing the inline comment next to s3Secrets to state that
s3SecretName and s3SecretKey should be removed after you perform the Helm
upgrade (e.g., "Remove these deprecated settings after upgrading your Helm
release"), or (b) include both the new s3Secrets block and the deprecated
s3SecretName/s3SecretKey values commented out with a clear note "Remove these
deprecated settings after upgrade"; ensure references to s3Secrets,
s3SecretName, and s3SecretKey are used so readers understand which keys to
remove.
ℹ️ Review info
Configuration used: defaults
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
docs/self-hosting/methods/airgapped-edition-kubernetes.mddocs/self-hosting/methods/clone-docker-images.mddocs/self-hosting/methods/download-config.mddocs/self-hosting/methods/install-methods-commercial/kubernetes.mddocs/self-hosting/methods/kubernetes.md
✅ Files skipped from review due to trivial changes (2)
- docs/self-hosting/methods/clone-docker-images.md
- docs/self-hosting/methods/download-config.md
🚧 Files skipped from review as they are similar to previous changes (1)
- docs/self-hosting/methods/airgapped-edition-kubernetes.md
danciaclara
approved these changes
Mar 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request updates the documentation for self-hosted Plane deployments to support v2.4.0 and improves configuration options for air-gapped Kubernetes setups. The most important changes include version bumps to v2.4.0 and enhancements to the air-gapped S3 CA certificate configuration, providing better support for multiple certificates and backward compatibility.
Type of Change
Summary by CodeRabbit