Skip to content

Commit 135e1ff

Browse files
akshat5302akshat5302
committed
Update Kubernetes self-hosting documentation to enhance air-gapped settings section, introducing support for multiple CA certificates via airgapped.s3Secrets. Deprecated single-secret configuration is still supported for backward compatibility. Added migration instructions for users transitioning from the old configuration.
1 parent 2cfc0e4 commit 135e1ff

File tree

2 files changed

+30
-11
lines changed

2 files changed

+30
-11
lines changed

docs/self-hosting/methods/kubernetes.md

Lines changed: 29 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,15 @@ Ensure you use use the latest Helm chart version.
3131
2. Set the following environment variables:
3232

3333
```bash
34-
PLANE_VERSION=v2.3.1
34+
PLANE_VERSION=v2.4.0
3535
```
3636

3737
```bash
3838
DOMAIN_NAME=<subdomain.domain.tld or domain.tld>
3939
```
4040

4141
::: warning
42-
When configuring the PLANE_VERSION environment variable, **do not** set it to `stable`. Always specify the latest version number (e.g., `2.3.1`). Using `stable` can lead to unexpected issues.
42+
When configuring the PLANE_VERSION environment variable, **do not** set it to `stable`. Always specify the latest version number (e.g., `2.4.0`). Using `stable` can lead to unexpected issues.
4343
:::
4444

4545
3. Add the Plane helm chart repo.
@@ -86,7 +86,7 @@ helm repo add plane https://helm.plane.so/
8686
i. Run the script below to download the `values.yaml` file and edit using any editor like Vim or Nano.
8787
8888
Make sure you set the required environment variables listed below:
89-
- `planeVersion: v2.3.1`
89+
- `planeVersion: v2.4.0`
9090
- `license.licenseDomain: <The domain you have specified to host Plane>`
9191
- `license.licenseServer: https://prime.plane.so`
9292
- `ingress.enabled: <true | false>`
@@ -113,16 +113,35 @@ helm repo add plane https://helm.plane.so/
113113
114114
| Setting | Default | Required | Description |
115115
| --------------------- | :-----------------: | :------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
116-
| planeVersion | v2.3.1 | Yes | Specifies the version of Plane to be deployed. Copy this from prime.plane.so. |
116+
| planeVersion | v2.4.0 | Yes | Specifies the version of Plane to be deployed. Copy this from prime.plane.so. |
117117
| license.licenseDomain | 'plane.example.com' | Yes | The fully-qualified domain name (FQDN) in the format `sudomain.domain.tld` or `domain.tld` that the license is bound to. It is also attached to your `ingress` host to access Plane. |
118118
119-
#### Airgapped settings
119+
### Air-gapped Settings
120120
121-
| Setting | Default | Required | Description |
122-
| ---------------------- | :-----: | :------: | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
123-
| airgapped.enabled | false | No | Specifies the airgapped mode the Plane API runs in. |
124-
| airgapped.s3SecretName | "" | No | Name of the Secret that contains the CA certificate (.crt). The Secret must include a data key whose filename matches the basename of `airgapped.s3SecretKey` (default: `s3-custom-ca.crt`). Used to override S3’s CA when `airgapped.enabled=true`. Applying this secret looks like: `kubectl -n plane create secret generic plane-s3-ca \ --from-file=s3-custom-ca.crt=/path/to/your/ca.crt` |
125-
| airgapped.s3SecretKey | "" | No | Key name of the secret to load the Custom Root CA from `airgapped.s3SecretName` |
121+
| Setting | Default | Required | Description |
122+
| ----------------------- | :-----: | :------: | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
123+
| airgapped.enabled | false | No | Specifies the airgapped mode the Plane API runs in. |
124+
| airgapped.s3Secrets | [] | No | List of Kubernetes Secrets containing CA certificates to install. Each item must have `name` (Secret name) and `key` (file key in the Secret). Example: `kubectl -n plane create secret generic plane-s3-ca --from-file=s3-custom-ca.crt=/path/to/ca.crt`. Supports multiple certs (e.g. S3 + internal CA). |
125+
| airgapped.s3SecretName | "" | No | **(Deprecated, backward compatibility)** Name of a single Kubernetes Secret containing the S3 CA cert. Used only when `s3Secrets` is empty. Prefer migrating to `s3Secrets`. |
126+
| airgapped.s3SecretKey | "" | No | **(Deprecated, backward compatibility)** Key (filename) of the cert file inside the Secret. Used only when `s3Secrets` is empty. Set together with `airgapped.s3SecretName`. |
127+
128+
#### Backward compatibility: custom S3 CA (upgrading from older charts)
129+
130+
If you previously used the single-secret custom CA configuration (`airgapped.s3SecretName` and `airgapped.s3SecretKey`), it continues to work. No change is required when upgrading.
131+
132+
- **Old configuration (still supported):** Set `airgapped.s3SecretName` to your Secret name and `airgapped.s3SecretKey` to the key (e.g. `s3-custom-ca.crt`). The chart mounts that single cert, runs `update-ca-certificates`, and sets `AWS_CA_BUNDLE` to the system bundle path.
133+
- **New configuration (recommended):** Use `airgapped.s3Secrets` with a list of `{ name, key }` entries. This allows multiple CA certificates (e.g. S3 endpoint CA and internal PKI) and matches the same runtime behavior.
134+
135+
**Migration (optional):** To move from the deprecated keys to `s3Secrets`, set for example:
136+
137+
```yaml
138+
airgapped:
139+
enabled: true
140+
s3Secrets:
141+
- name: plane-s3-ca # same as your previous s3SecretName
142+
key: s3-custom-ca.crt # same as your previous s3SecretKey
143+
# s3SecretName and s3SecretKey can be removed after migration
144+
``` |
126145
127146
#### Docker Registry
128147

docs/self-hosting/methods/podman-quadlets.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ Before we start, make sure you've got these covered:
4747

4848
```bash
4949
mkdir podman-quadlets
50-
curl -fsSL https://prime.plane.so/releases/v2.3.1/podman-quadlets.tar.gz -o podman-quadlets.tar.gz
50+
curl -fsSL https://prime.plane.so/releases/v2.4.0/podman-quadlets.tar.gz -o podman-quadlets.tar.gz
5151
tar -xvzf podman-quadlets.tar.gz -C podman-quadlets
5252
```
5353

0 commit comments

Comments
 (0)