New flow for Airgapped Kubernetes installation and added an Overview … #170
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughThis PR expands self-hosting documentation by adding three new pages for plane architecture, airgapped deployment requirements, and Docker image cloning procedures. Navigation is updated to reflect these additions, and existing airgapped deployment guides for Kubernetes and Docker are substantially revised to shift from in-app to portal-based license activation, update Helm chart versions, and incorporate comprehensive offline-first deployment workflows. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| mq_prefetch_count: 1 | ||
| request_interval: 400 | ||
| hmac_secret_key: '' | ||
| aes_secret_key: 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr' |
There was a problem hiding this comment.
Bug: Hardcoded AES secret key in example configuration
The example configuration contains a hardcoded aes_secret_key value 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr'. If users copy this configuration without generating their own unique key, all deployments would share the same encryption key, creating a security vulnerability. This should be an empty placeholder like the hmac_secret_key field above it.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
self-hosting/methods/airgapped-edition.mdx (1)
165-179: Fix list numbering: step 5 is missing and step 6 is duplicated.The numbered list has an error at lines 171–176. Currently it reads: 4, 6, 6, 7. It should be: 4, 5, 6, 7. The line "Select Billing and plans on the right pane" should be numbered 5, and the following line should be 6.
All images and URLs referenced are valid and available.
🧹 Nitpick comments (2)
self-hosting/methods/airgapped-considerations.mdx (1)
68-68: Minor grammar: Add explicit subject to complete the sentence.Line 68 reads "Can be replaced with any S3-compatible storage system." Add a subject for clarity.
-**MinIO/S3** -Object storage for file uploads, attachments, and generated exports. Can be replaced with any S3-compatible stor... +**MinIO/S3** +Object storage for file uploads, attachments, and generated exports. MinIO can be replaced with any S3-compatible storage system.self-hosting/methods/airgapped-edition-kubernetes.mdx (1)
16-16: Minor style: Add period after "etc".Line 16 uses "etc)" without a period. In American English, abbreviations require periods.
-- Required ports opened to access the application (80, 443) +- Required ports opened to access the application (80, 443, etc.) - - SMTP ports opened if using email intake (25, 465, 587) +- SMTP ports opened if using email intake (25, 465, 587)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
mint.json(1 hunks)self-hosting/methods/airgapped-considerations.mdx(1 hunks)self-hosting/methods/airgapped-edition-kubernetes.mdx(2 hunks)self-hosting/methods/airgapped-edition.mdx(1 hunks)self-hosting/methods/clone-docker-images.mdx(1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.30.0)
self-hosting/methods/airgapped-edition-kubernetes.mdx
[high] 188-188: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 LanguageTool
self-hosting/methods/airgapped-considerations.mdx
[grammar] ~6-~6: Ensure spelling is correct
Context: ...hitecture and specific requirements for airgapped deployments. Review this before beginni...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~6-~6: Ensure spelling is correct
Context: ...ents. Review this before beginning your airgapped installation on [Docker](/self-hosting/...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~8-~8: Ensure spelling is correct
Context: ...ped-edition-kubernetes). ## What is an airgapped deployment? An airgapped deployment op...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~10-~10: Ensure spelling is correct
Context: ...## What is an airgapped deployment? An airgapped deployment operates in a completely iso...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~12-~12: Ensure spelling is correct
Context: ...ity requirements. Plane supports fully airgapped deployments where all components—applic...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[style] ~68-~68: To form a complete sentence, be sure to include a subject.
Context: ...ds, attachments, and generated exports. Can be replaced with any S3-compatible stor...
(MISSING_IT_THERE)
[grammar] ~75-~75: Ensure spelling is correct
Context: ...ecture Here's how Plane operates in an airgapped environment with internal enterprise ap...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~79-~79: Ensure spelling is correct
Context: ...PI communication remain internal to the airgapped cluster**. When integrating with self-h...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~83-~83: Ensure spelling is correct
Context: ...nd telemetry Critical guarantees for airgapped environments - No telemetry Pl...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~99-~99: Ensure spelling is correct
Context: ...### How integrations stay internal The airgapped cluster diagram above shows the complet...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[uncategorized] ~105-~105: The official name of this software platform is spelled with a capital “H”.
Context: ...lback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs Thi...
(GITHUB)
[grammar] ~120-~120: Ensure spelling is correct
Context: ... an online staging environment into the airgapped registry #### Kubernetes environment ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~120-~120: Ensure spelling is correct
Context: ... environment into the airgapped registry #### Kubernetes environment **Supported vers...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~140-~140: Ensure spelling is correct
Context: ...tor` service uses a StatefulSet. For airgapped clusters: - Ensure metrics-server ima...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~146-~146: Ensure spelling is correct
Context: ... provided they are reachable within the airgapped environment: - AWS Secrets Manager for...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
self-hosting/methods/airgapped-edition-kubernetes.mdx
[grammar] ~6-~6: Ensure spelling is correct
Context: ...hrough deploying Plane Enterprise in an airgapped Kubernetes environment using Helm chart...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[style] ~16-~16: In American English, abbreviations like “etc.” require a period.
Context: ...ing ingress controller (nginx, traefik, etc) - Required ports opened to access the ...
(ETC_PERIOD)
[grammar] ~44-~44: Ensure spelling is correct
Context: ... ``` 2. Prepare Docker images for airgapped environment Refer to [this doc...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~44-~44: Ensure spelling is correct
Context: ... Docker images for airgapped environment** Refer to [this document](https://app.pla...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cursor Bugbot
🔇 Additional comments (4)
mint.json (1)
84-90: Navigation structure for airgapped guides looks good.The new
airgapped-considerationsentry is correctly positioned first, followed by the existing guides in logical order. All path references match the provided markdown files.self-hosting/methods/clone-docker-images.mdx (1)
167-222: Script structure and error handling are appropriate.The
copy-plane-images.shscript properly usesset -efor exit-on-error, validates required environment variables, and checks individual copy operations before proceeding. The script is well-suited for the airgapped use case.self-hosting/methods/airgapped-edition-kubernetes.mdx (1)
237-245: Helm upgrade command syntax is correct for airgapped context.The command correctly specifies the local chart file, uses
--installfor idempotency, creates the namespace, and applies custom values. The--wait-for-jobsflag is appropriate for Migrator job completion.self-hosting/methods/airgapped-considerations.mdx (1)
18-18: Image assets verified.Both referenced architecture diagrams exist in the repository:
./images/airgapped/plane-architecture.webp(line 18) ✓./images/airgapped/airgapped-cluster.webp(line 77) ✓
| - `postgres-15.7-alpine.tar` - Plane-db service image | ||
| - `rabbitmq-3.13.6-management-alpine.tar` - Plane-mq service image | ||
| - `valkey-7.2.5-alpine.tar` - Plane-redis service image | ||
| Refer to [this document](https://app.plane.so/plane/wiki/0fc896e0-ca79-4783-8860-43c51b372ec1/) to download the Docker images from the public repository to your internal repository. |
There was a problem hiding this comment.
Broken documentation link in image preparation step.
Line 46 references: https://app.plane.so/plane/wiki/0fc896e0-ca79-4783-8860-43c51b372ec1/
This appears to be a broken or incomplete internal wiki link. Replace this with a reference to clone-docker-images.mdx (which is documented in the same PR) or provide a complete external URL.
- Refer to [this document](https://app.plane.so/plane/wiki/0fc896e0-ca79-4783-8860-43c51b372ec1/) to download the Docker images from the public repository to your internal repository.
+ Refer to the [Clone Docker images](/self-hosting/methods/clone-docker-images) guide to download the Docker images from the public repository to your internal repository.🤖 Prompt for AI Agents
In self-hosting/methods/airgapped-edition-kubernetes.mdx around line 46, the
documentation contains a broken internal wiki link; replace that URL with a link
to the local documentation page clone-docker-images.mdx (or provide a full
external URL if preferred). Update the sentence to reference the local file path
or its relative doc route (e.g., ./clone-docker-images.mdx or the site-relative
slug) and ensure the link text remains descriptive so readers can find the
Docker image download instructions.
| aes_secret_key: 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr' | ||
| ``` |
There was a problem hiding this comment.
Review hardcoded cryptographic key in example configuration.
Line 189 contains a hardcoded AES secret key value: aes_secret_key: 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr'
While this appears to be a placeholder for documentation purposes, hardcoded keys in examples—even dummy ones—can mislead users into deploying with the same key or raise security concerns. Replace with:
env:
silo_envs:
batch_size: 100
mq_prefetch_count: 1
request_interval: 400
hmac_secret_key: ''
- aes_secret_key: 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr'
+ aes_secret_key: '' # Generate a secure 32-character keyOr add a note explaining this is a placeholder. A warning callout before the YAML block would also help.
Committable suggestion skipped: line range outside the PR's diff.
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 188-188: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🤖 Prompt for AI Agents
In self-hosting/methods/airgapped-edition-kubernetes.mdx around lines 188-189,
the example contains a hardcoded AES secret key which can mislead readers or be
accidentally reused; replace the literal key with a clearly marked placeholder
(for example AES_SECRET_KEY or an env var reference) and/or add a short warning
callout immediately before the YAML block stating that this value is a
placeholder and must be replaced with a securely generated unique key (include a
brief suggestion to use a secure random generator and not to check real keys
into source control).
| 1. Login to the [Prime portal](https://prime.plane.so/licenses) with the same email address you used to purchase the paid plan. | ||
| 2. Go to [Manage licenses](https://prime.plane.so/licenses). | ||
| 3. Click **Download license** to download the license file for your Plane version. | ||
|  | ||
| 4. Navigate to the [Workspace Settings](https://docs.plane.so/core-concepts/workspaces/overview#workspace-settings) in the Plane application. | ||
| 6. Select **Billing and plans** on the right pane. | ||
| 6. Click the **Activate this workspace** button. | ||
|  | ||
| 7. Upload the license file to activate your workspace. |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify image assets for license activation
find . -type f -path "*images/activate-license*" | sortRepository: makeplane/developer-docs
Length of output: 492
🏁 Script executed:
sed -n '271,279p' self-hosting/methods/airgapped-edition-kubernetes.mdxRepository: makeplane/developer-docs
Length of output: 801
Fix step numbering in the license activation section.
Steps 5-7 have a formatting error: step 5 is missing and step 6 is duplicated. The sequence should be 1, 2, 3, 4, 5, 6, 7. The images referenced (/images/activate-license/download-license.webp and /images/activate-license/upload-airgapped-license-file.webp) exist and are correct. Change the second "6. Select..." to "5. Select..." and the second "6. Click..." to "6. Click...".
🤖 Prompt for AI Agents
In self-hosting/methods/airgapped-edition-kubernetes.mdx around lines 271 to 279
there is a numbering error in the ordered steps for license activation: step 5
is missing and "6." is duplicated; update the sequence so it reads 1, 2, 3, 4,
5, 6, 7 by changing the second "6. Select **Billing and plans**..." to "5.
Select **Billing and plans**..." and the following "6. Click the **Activate this
workspace** button." remains "6. Click..." (then the upload step becomes 7),
preserving the existing image references.
| 6. Select **Billing and plans** on the right pane. | ||
| 6. Click the **Activate this workspace** button. |
There was a problem hiding this comment.
Fix step numbering: Both steps labeled as "6."
Lines 170 and 171 both use step number 6. The second should be 7.
~
4. Navigate to the [Workspace Settings](https://docs.plane.so/core-concepts/workspaces/overview#workspace-settings) in the Plane application.
~
6. Select **Billing and plans** on the right pane.
~
6. Click the **Activate this workspace** button.
+
+Correct to:
+
+4. Navigate to the [Workspace Settings](https://docs.plane.so/core-concepts/workspaces/overview#workspace-settings) in the Plane application.
+
+5. Select **Billing and plans** on the right pane.
+
+6. Click the **Activate this workspace** button.Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In self-hosting/methods/airgapped-edition.mdx around lines 170 to 171, both
ordered steps are labeled "6." — update the second step's numbering from 6 to 7
so the sequence reads "6." then "7." to fix the misnumbered list entry.
| VERSION=$(curl -s https://api.github.com/repos/google/go-containerregistry/releases/latest | grep '"tag_name"' | cut -d'"' -f4) | ||
| curl -sL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_Linux_x86_64.tar.gz" | tar xz crane |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Test GitHub API call for latest crane release
echo "Testing GitHub API endpoint for go-containerregistry latest release..."
curl -s https://api.github.com/repos/google/go-containerregistry/releases/latest | head -20
echo ""
echo "Extracting tag_name using the review's method:"
curl -s https://api.github.com/repos/google/go-containerregistry/releases/latest | grep '"tag_name"' | cut -d'"' -f4
echo ""
echo "Testing alternative parsing:"
curl -s https://api.github.com/repos/google/go-containerregistry/releases/latest | grep -o '"tag_name":"[^"]*"'Repository: makeplane/developer-docs
Length of output: 1407
Add error handling for GitHub API call.
Lines 28-29 successfully fetch the latest crane release version using the GitHub API. The endpoint works as expected and correctly extracts the tag. However, the script lacks error handling for potential API failures (network timeout, rate limiting, malformed response). Add a check to ensure the API call succeeded and a version was extracted before proceeding:
VERSION=$(curl -s https://api.github.com/repos/google/go-containerregistry/releases/latest | grep '"tag_name"' | cut -d'"' -f4)
if [ -z "$VERSION" ]; then
echo "Failed to fetch crane version from GitHub API"
exit 1
fi🤖 Prompt for AI Agents
In self-hosting/methods/clone-docker-images.mdx around lines 28 to 29, the
script fetches the latest crane release tag from the GitHub API but does not
verify the API call succeeded or that a VERSION was extracted; add a check after
assigning VERSION to test for an empty value and, if empty, print a clear error
message and exit with a non-zero status so the script does not continue with an
invalid URL.
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
self-hosting/plane-architecture.mdx (1)
15-16: Minor: Extra whitespace before period.There's a trailing space before the period on line 16.
**Space** -This powers public sharing. It lets you publish projects, views, pages to the web, so others can view without needing to log in. +This powers public sharing. It lets you publish projects, views, pages to the web, so others can view without needing to log in.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
mint.json(2 hunks)self-hosting/methods/airgapped-considerations.mdx(1 hunks)self-hosting/plane-architecture.mdx(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- mint.json
🧰 Additional context used
🪛 LanguageTool
self-hosting/methods/airgapped-considerations.mdx
[grammar] ~6-~6: Ensure spelling is correct
Context: ...hitecture and specific requirements for airgapped deployments. Review this before beginni...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~6-~6: Ensure spelling is correct
Context: ...ents. Review this before beginning your airgapped installation on [Docker](/self-hosting/...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~8-~8: Ensure spelling is correct
Context: ...ped-edition-kubernetes). ## What is an airgapped deployment? An airgapped deployment op...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~10-~10: Ensure spelling is correct
Context: ...## What is an airgapped deployment? An airgapped deployment operates in a completely iso...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~12-~12: Ensure spelling is correct
Context: ...ity requirements. Plane supports fully airgapped deployments where all components—applic...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~18-~18: Ensure spelling is correct
Context: ...ecture Here's how Plane operates in an airgapped environment with internal enterprise ap...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~22-~22: Ensure spelling is correct
Context: ...PI communication remain internal to the airgapped cluster**. When integrating with self-h...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~26-~26: Ensure spelling is correct
Context: ...nd telemetry Critical guarantees for airgapped environments - No telemetry Pl...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~42-~42: Ensure spelling is correct
Context: ...### How integrations stay internal The airgapped cluster diagram above shows the complet...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[uncategorized] ~48-~48: The official name of this software platform is spelled with a capital “H”.
Context: ...lback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs Thi...
(GITHUB)
[grammar] ~63-~63: Ensure spelling is correct
Context: ... an online staging environment into the airgapped registry #### Kubernetes environment ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~63-~63: Ensure spelling is correct
Context: ... environment into the airgapped registry #### Kubernetes environment **Supported vers...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~83-~83: Ensure spelling is correct
Context: ...tor` service uses a StatefulSet. For airgapped clusters: - Ensure metrics-server ima...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~89-~89: Ensure spelling is correct
Context: ... provided they are reachable within the airgapped environment: - AWS Secrets Manager for...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
self-hosting/plane-architecture.mdx
[style] ~64-~64: To form a complete sentence, be sure to include a subject.
Context: ...ds, attachments, and generated exports. Can be replaced with any S3-compatible stor...
(MISSING_IT_THERE)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cursor Bugbot
🔇 Additional comments (9)
self-hosting/methods/airgapped-considerations.mdx (5)
1-14: Good introduction and context setting.The frontmatter and introductory sections clearly establish the purpose of the document and link to related resources. The cross-reference to the Plane architecture doc is helpful.
54-76: Comprehensive Kubernetes requirements section.The base environment requirements are well-documented with clear version constraints and component requirements. The node requirements note about mirrored package repositories is a valuable addition for airgapped environments.
77-95: Solid scaling and secrets management guidance.Good coverage of HPA considerations for airgapped clusters and the range of supported secret management solutions. The list of compatible secret providers is comprehensive.
97-101: Useful closing considerations.The additional considerations wrap up the document well with important operational reminders about secret providers, cert-manager, and key rotation policies.
16-22: Architecture overview approved — The referenced image file exists in the repository atimages/airgapped/airgapped-cluster.webp. The cluster architecture section effectively explains the key principle of internal-only communication in the airgapped environment.self-hosting/plane-architecture.mdx (4)
10-19: Clear frontend services documentation.The Web, Space, and Admin services are well-explained with their respective purposes.
21-34: Well-documented API server components.Good descriptions of the API, Worker, Beat worker, and Migrator services with clear explanations of their responsibilities and behavior.
35-51: Comprehensive supporting services section.The Proxy, Live, Monitor, Silo, and Intake services are clearly documented with their specific functions.
52-67: Good infrastructure dependencies documentation.Clear requirements for PostgreSQL (15.7+ or 16.x), Redis/Valkey, RabbitMQ, MinIO/S3, and OpenSearch with appropriate version constraints where applicable.
| - **OAuth providers** - Your internal GitHub Enterprise or GitLab instance acts as the OAuth provider | ||
| - **Authorization endpoints** - All OAuth URLs point to internal systems, never external SaaS services | ||
| - **API communication** - Plane makes API calls only to your internal instances | ||
| - **Webhook delivery** - Internal systems send webhooks to Plane's internal endpoints | ||
| - **No SaaS fallback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs | ||
|
|
||
| This architecture ensures complete network isolation while maintaining full integration functionality. |
There was a problem hiding this comment.
Capitalize GitHub.com for consistency.
The domain github.com should be capitalized to GitHub.com for proper branding, as should gitlab.com and slack.com.
- **OAuth providers** - Your internal GitHub Enterprise or GitLab instance acts as the OAuth provider
- **Authorization endpoints** - All OAuth URLs point to internal systems, never external SaaS services
- **API communication** - Plane makes API calls only to your internal instances
- **Webhook delivery** - Internal systems send webhooks to Plane's internal endpoints
-- **No SaaS fallback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs
+- **No SaaS fallback** - Plane never attempts to reach GitHub.com, GitLab.com, or Slack.com APIs📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - **OAuth providers** - Your internal GitHub Enterprise or GitLab instance acts as the OAuth provider | |
| - **Authorization endpoints** - All OAuth URLs point to internal systems, never external SaaS services | |
| - **API communication** - Plane makes API calls only to your internal instances | |
| - **Webhook delivery** - Internal systems send webhooks to Plane's internal endpoints | |
| - **No SaaS fallback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs | |
| This architecture ensures complete network isolation while maintaining full integration functionality. | |
| - **OAuth providers** - Your internal GitHub Enterprise or GitLab instance acts as the OAuth provider | |
| - **Authorization endpoints** - All OAuth URLs point to internal systems, never external SaaS services | |
| - **API communication** - Plane makes API calls only to your internal instances | |
| - **Webhook delivery** - Internal systems send webhooks to Plane's internal endpoints | |
| - **No SaaS fallback** - Plane never attempts to reach GitHub.com, GitLab.com, or Slack.com APIs | |
| This architecture ensures complete network isolation while maintaining full integration functionality. |
🧰 Tools
🪛 LanguageTool
[uncategorized] ~48-~48: The official name of this software platform is spelled with a capital “H”.
Context: ...lback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs Thi...
(GITHUB)
🤖 Prompt for AI Agents
In self-hosting/methods/airgapped-considerations.mdx around lines 44 to 50, the
review requests capitalization of vendor domain names for branding consistency;
change "github.com", "gitlab.com", and "slack.com" to "GitHub.com",
"GitLab.com", and "Slack.com" respectively wherever they appear in this block so
the wording matches brand capitalization.
| --- | ||
| title: Plane self-hosted architecture | ||
| sidebarTitle: Plane Architecture | ||
| --- | ||
|
|
||
| Plane consists of multiple services working together to provide project management capabilities. | ||
|
|
||
|  |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if the image file exists
find . -type f -name "plane-architecture.webp" 2>/dev/null
# Also look in common documentation directories
find . -path "*/images*" -name "*.webp" 2>/dev/null | head -20Repository: makeplane/developer-docs
Length of output: 1038
🏁 Script executed:
#!/bin/bash
# Read the self-hosting/plane-architecture.mdx file to check lines 16 and 64
if [ -f "self-hosting/plane-architecture.mdx" ]; then
echo "=== File content with line numbers ==="
cat -n "self-hosting/plane-architecture.mdx" | head -70
else
echo "File not found at expected path"
# Try to find it
find . -name "plane-architecture.mdx" 2>/dev/null
fiRepository: makeplane/developer-docs
Length of output: 3674
Architecture overview is well-organized with a clear introduction.
The referenced architecture diagram exists at the correct path. Two minor style issues to address:
- Line 16: Remove trailing whitespace after the period
- Line 64: Connect the fragment "Can be replaced..." to the preceding sentence using a semicolon or restructure for better flow
🤖 Prompt for AI Agents
In self-hosting/plane-architecture.mdx around lines 1-8 (note issues at lines 16
and 64), remove the trailing whitespace after the period on line 16, and on line
64 join the fragment "Can be replaced..." to the preceding sentence either by
replacing the sentence boundary with a semicolon and lowercasing the fragment's
initial letter or by rephrasing the two parts into a single coherent sentence so
the fragment reads as a continuation.
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (5)
self-hosting/methods/airgapped-requirements.mdx (1)
51-51: Capitalize vendor domain names for branding consistency.The domain names should use proper capitalization:
GitHub.com,GitLab.com, andSlack.com.-- **No SaaS fallback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs +- **No SaaS fallback** - Plane never attempts to reach GitHub.com, GitLab.com, or Slack.com APIsself-hosting/methods/airgapped-edition.mdx (1)
170-174: Fix step numbering: steps 5 and 6 are both labeled "6."The license activation steps have a numbering error. After step 4, the sequence jumps to two consecutive "6." entries.
4. Navigate to the [Workspace Settings](https://docs.plane.so/core-concepts/workspaces/overview#workspace-settings) in the Plane application. -6. Select **Billing and plans** on the right pane. -6. Click the **Activate this workspace** button. +5. Select **Billing and plans** on the right pane. +6. Click the **Activate this workspace** button.  7. Upload the license file to activate your workspace.self-hosting/methods/airgapped-edition-kubernetes.mdx (3)
51-51: Broken internal wiki link; use local documentation reference instead.The wiki URL
https://app.plane.so/plane/wiki/...appears to be an internal/inaccessible link. Replace with a reference to theclone-docker-images.mdxpage added in this PR.- Refer to [this document](https://app.plane.so/plane/wiki/0fc896e0-ca79-4783-8860-43c51b372ec1/) to download the Docker images from the public repository to your internal repository. + Refer to the [Clone Docker images](/self-hosting/methods/clone-docker-images) guide to download the Docker images from the public repository to your internal repository.
192-193: Hardcoded AES secret key in example configuration.The example contains a hardcoded
aes_secret_keyvalue which may mislead users into deploying with the same key. For consistency withhmac_secret_key(which is empty), use an empty placeholder with a comment.hmac_secret_key: '' - aes_secret_key: 'dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr' + aes_secret_key: '' # Generate a secure 32-character key
280-284: Fix step numbering: steps 5 and 6 are both labeled "6."The license activation steps have a numbering error identical to the Docker guide.
4. Navigate to the [Workspace Settings](https://docs.plane.so/core-concepts/workspaces/overview#workspace-settings) in the Plane application. -6. Select **Billing and plans** on the right pane. -6. Click the **Activate this workspace** button. +5. Select **Billing and plans** on the right pane. +6. Click the **Activate this workspace** button.  7. Upload the license file to activate your workspace.
🧹 Nitpick comments (1)
self-hosting/methods/airgapped-edition-kubernetes.mdx (1)
21-21: Add period after "etc" for proper American English style.-- A valid and working ingress controller (nginx, traefik, etc) +- A valid and working ingress controller (nginx, traefik, etc.)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
mint.json(2 hunks)self-hosting/methods/airgapped-edition-kubernetes.mdx(2 hunks)self-hosting/methods/airgapped-edition.mdx(2 hunks)self-hosting/methods/airgapped-requirements.mdx(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-09-15T07:57:58.327Z
Learnt from: Prashant-Surya
Repo: makeplane/developer-docs PR: 143
File: api-reference/byoa/build-plane-app.mdx:629-657
Timestamp: 2025-09-15T07:57:58.327Z
Learning: In documentation files for makeplane/developer-docs, the maintainers prefer to keep code examples simple with placeholder values (like hardcoded credentials) rather than using environment variables or complex setup, as it makes the documentation more readable and easier to understand for users learning the API.
Applied to files:
self-hosting/methods/airgapped-edition-kubernetes.mdx
🪛 Gitleaks (8.30.0)
self-hosting/methods/airgapped-edition-kubernetes.mdx
[high] 193-193: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🪛 LanguageTool
self-hosting/methods/airgapped-requirements.mdx
[grammar] ~11-~11: Ensure spelling is correct
Context: ...hitecture and specific requirements for airgapped deployments. Review this before beginni...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~11-~11: Ensure spelling is correct
Context: ...ents. Review this before beginning your airgapped installation on [Docker](/self-hosting/...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~13-~13: Ensure spelling is correct
Context: ...ped-edition-kubernetes). ## What is an airgapped deployment? An airgapped deployment op...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~15-~15: Ensure spelling is correct
Context: ...## What is an airgapped deployment? An airgapped deployment operates in a completely iso...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~17-~17: Ensure spelling is correct
Context: ...ity requirements. Plane supports fully airgapped deployments where all components - appl...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~21-~21: Ensure spelling is correct
Context: ...ecture Here's how Plane operates in an airgapped environment with internal enterprise ap...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~25-~25: Ensure spelling is correct
Context: ...PI communication remain internal to the airgapped cluster**. When integrating with self-h...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~29-~29: Ensure spelling is correct
Context: ...chitecture). Critical guarantees for airgapped environments - No telemetry Pl...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~45-~45: Ensure spelling is correct
Context: ...### How integrations stay internal The airgapped cluster diagram above shows the complet...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[uncategorized] ~51-~51: The official name of this software platform is spelled with a capital “H”.
Context: ...lback** - Plane never attempts to reach github.com, gitlab.com, or slack.com APIs Thi...
(GITHUB)
[grammar] ~66-~66: Ensure spelling is correct
Context: ... an online staging environment into the airgapped registry #### Kubernetes environment ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~66-~66: Ensure spelling is correct
Context: ... environment into the airgapped registry #### Kubernetes environment **Supported vers...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~86-~86: Ensure spelling is correct
Context: ...tor` service uses a StatefulSet. For airgapped clusters: - Ensure metrics-server ima...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~92-~92: Ensure spelling is correct
Context: ... provided they are reachable within the airgapped environment: - AWS Secrets Manager for...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
self-hosting/methods/airgapped-edition-kubernetes.mdx
[grammar] ~11-~11: Ensure spelling is correct
Context: ...hrough deploying Plane Enterprise in an airgapped Kubernetes environment using Helm chart...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[style] ~21-~21: In American English, abbreviations like “etc.” require a period.
Context: ...ing ingress controller (nginx, traefik, etc) - Required ports opened to access the ...
(ETC_PERIOD)
[grammar] ~49-~49: Ensure spelling is correct
Context: ... ``` 2. Prepare Docker images for airgapped environment Refer to [this doc...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~49-~49: Ensure spelling is correct
Context: ... Docker images for airgapped environment** Refer to [this document](https://app.pla...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Cursor Bugbot
🔇 Additional comments (5)
mint.json (1)
66-67: Navigation updates look good.The new pages are logically placed:
plane-architecturefollowseditions-and-versionsin the "Self-host Plane" group, and the airgapped pages are properly ordered with requirements first, followed by deployment guides (Docker, Kubernetes), and finally the image cloning guide.Also applies to: 86-89
self-hosting/methods/airgapped-requirements.mdx (1)
1-104: Well-structured airgapped architecture documentation.The document provides comprehensive coverage of airgapped deployment requirements, including critical guarantees (no telemetry, offline licensing), integration patterns, and Kubernetes-specific prerequisites. The architecture diagram reference and link to the plane-architecture page provide good context.
self-hosting/methods/airgapped-edition.mdx (1)
6-40: Clear prerequisites and required files documentation.The updated prerequisites section and required files list provide comprehensive guidance for Docker-based airgapped installations, including specific Docker image tarballs and configuration files needed.
self-hosting/methods/airgapped-edition-kubernetes.mdx (2)
25-33: Helpful warning about stateful services.The warning about using external managed services for PostgreSQL, MinIO, RabbitMQ, and Redis is valuable guidance for production deployments, especially regarding backup/restore and disaster recovery considerations.
252-270: Comprehensive verification commands.The verification section provides useful kubectl commands for checking pods, services, ingress, and persistent volumes—giving users clear steps to validate their installation.
…page
Description
Type of Change
Screenshots and Media (if applicable)
Test Scenarios
References
Note
Adds airgapped overview and image-cloning docs, overhauls the Kubernetes airgapped install flow (Helm 1.6.4, values, verification, portal-based licensing), updates Docker licensing steps, and refreshes self-hosting navigation.
self-hosting/methods/airgapped-edition-kubernetes.mdx):self-hosting/methods/airgapped-edition.mdx):self-hosting/methods/airgapped-requirements.mdx– airgapped deployment architecture/requirements (K8s specifics, guarantees).self-hosting/methods/clone-docker-images.mdx– copy images to private registry using crane.self-hosting/plane-architecture.mdx– Plane services and infra dependencies overview.mint.json):self-hosting/plane-architecture; expands Airgapped section withairgapped-requirementsandclone-docker-images; updates page ordering.Written by Cursor Bugbot for commit 3cb93e9. This will update automatically on new commits. Configure here.
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.