From 50876f98ab75e6b54c884d2bed2bc4d6e5596ea4 Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Tue, 14 Apr 2026 18:59:55 +0530 Subject: [PATCH 1/2] release: Update Plane version to `v2.5.3` in Chart.yaml, README.md, questions.yml, and values.yaml --- charts/plane-enterprise/Chart.yaml | 4 ++-- charts/plane-enterprise/README.md | 6 +++--- charts/plane-enterprise/questions.yml | 2 +- charts/plane-enterprise/values.yaml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/plane-enterprise/Chart.yaml b/charts/plane-enterprise/Chart.yaml index acaad3f..d9bcab3 100644 --- a/charts/plane-enterprise/Chart.yaml +++ b/charts/plane-enterprise/Chart.yaml @@ -5,8 +5,8 @@ description: Meet Plane. An Enterprise software development tool to manage issue type: application -version: 2.3.1 -appVersion: "2.5.2" +version: 2.3.2 +appVersion: "2.5.3" home: https://plane.so/ icon: https://plane.so/favicon/favicon-32x32.png diff --git a/charts/plane-enterprise/README.md b/charts/plane-enterprise/README.md index f1b3ca6..c957fec 100644 --- a/charts/plane-enterprise/README.md +++ b/charts/plane-enterprise/README.md @@ -99,7 +99,7 @@ The default value is `"traefik"`. If you are switching to a standard ingress con Copy the format of constants below, paste it on Terminal to start setting environment variables, set values for each variable, and hit ENTER or RETURN. ```bash - PLANE_VERSION=v2.5.2 # or the last released version + PLANE_VERSION=v2.5.3 # or the last released version DOMAIN_NAME= ``` @@ -155,7 +155,7 @@ The default value is `"traefik"`. If you are switching to a standard ingress con Make sure you set the minimum required values as below. - - `planeVersion: v2.5.2 ` + - `planeVersion: v2.5.3 ` - `license.licenseDomain: ` - `ingress.enabled: ` - `ingress.ingressClass: ` @@ -181,7 +181,7 @@ The default value is `"traefik"`. If you are switching to a standard ingress con | Setting | Default | Required | Description | | --------------------- | :---------------: | :------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| planeVersion | v2.5.2 | Yes | Specifies the version of Plane to be deployed. Copy this from prime.plane.so. | +| planeVersion | v2.5.3 | Yes | Specifies the version of Plane to be deployed. Copy this from prime.plane.so. | | license.licenseDomain | plane.example.com | Yes | The fully-qualified domain name (FQDN) in the format `sudomain.domain.tld` or `domain.tld` that the license is bound to. It is also attached to your `ingress` host to access Plane. | ### Air-gapped Settings diff --git a/charts/plane-enterprise/questions.yml b/charts/plane-enterprise/questions.yml index bebb556..3b790ae 100644 --- a/charts/plane-enterprise/questions.yml +++ b/charts/plane-enterprise/questions.yml @@ -27,7 +27,7 @@ questions: - variable: planeVersion label: Plane Version (Docker Image Tag) type: string - default: v2.5.2 + default: v2.5.3 required: true group: "Docker Registry" subquestions: diff --git a/charts/plane-enterprise/values.yaml b/charts/plane-enterprise/values.yaml index 7a0ca5e..bbcf4d7 100644 --- a/charts/plane-enterprise/values.yaml +++ b/charts/plane-enterprise/values.yaml @@ -1,4 +1,4 @@ -planeVersion: v2.5.2 +planeVersion: v2.5.3 dockerRegistry: enabled: false @@ -43,7 +43,7 @@ ingress: # For nginx ingress controller, you can set the proxy body size limit using annotations. Example: # ingress_annotations: { "nginx.ingress.kubernetes.io/proxy-body-size": "5m" } traefik: - maxRequestBodyBytes: 20971520 # in bytes (default: 20 MiB) + maxRequestBodyBytes: 20971520 # in bytes (default: 20 MiB) ssl: tls_secret_name: '' # If you have a custom TLS secret name From d7c23b02ea04f2c8b06dc72a10f6b4735f7046ed Mon Sep 17 00:00:00 2001 From: akshat5302 Date: Tue, 2 Jun 2026 09:43:25 +0530 Subject: [PATCH 2/2] feat: add webhook consumer service configuration and deployment --- charts/plane-enterprise/README.md | 22 ++++++ charts/plane-enterprise/questions.yml | 48 ++++++++++++ .../templates/config-secrets/app-env.yaml | 3 + .../config-secrets/webhook-consumer.yaml | 11 +++ .../webhook-consumer.deployment.yaml | 77 +++++++++++++++++++ charts/plane-enterprise/values.yaml | 24 ++++++ 6 files changed, 185 insertions(+) create mode 100644 charts/plane-enterprise/templates/config-secrets/webhook-consumer.yaml create mode 100644 charts/plane-enterprise/templates/workloads/webhook-consumer.deployment.yaml diff --git a/charts/plane-enterprise/README.md b/charts/plane-enterprise/README.md index b3436b5..4f07be3 100644 --- a/charts/plane-enterprise/README.md +++ b/charts/plane-enterprise/README.md @@ -443,6 +443,8 @@ airgapped: | env.sentry_environment | | | (optional) API service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry environment name (as configured in Sentry) for this integration. | | env.api_key_rate_limit | 60/minute | | (optional) User can set the maximum number of requests the API can handle in a given time frame. | | env.web_url | | | (optional) Custom Web URL for the application. If not set, it will be auto-generated based on the license domain and SSL settings | +| env.webhook_allowed_ips | | | (optional) Comma-separated list of IPs/CIDRs that webhooks are allowed to target. Leave empty to allow all. | +| env.webhook_allowed_hosts | | | (optional) Comma-separated list of hostnames that webhooks are allowed to target. Leave empty to allow all. | | services.api.assign_cluster_ip | false | | Set it to `true` if you want to assign `ClusterIP` to the service | | services.api.nodeSelector | {} | | This key allows you to set the node selector for the deployment of `api`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster. | | services.api.tolerations | [] | | This key allows you to set the tolerations for the deployment of `api`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster. | @@ -677,6 +679,26 @@ Note: When the email service is enabled, the cert-issuer will be automatically c | env.automation_consumer_envs.exchange_name | "plane.event_stream" | | Exchange name for event stream | | env.automation_consumer_envs.event_types | "issue" | | Event types to process | +### Webhook Consumer Deployment + +| Setting | Default | Required | Description | +| ------------------------------------------------- | :------------: | :------: | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| services.webhook_consumer.enabled | false | | Set to `true` to enable the webhook consumer service deployment | +| services.webhook_consumer.replicas | 1 | | Number of replicas for the webhook consumer service deployment | +| services.webhook_consumer.memoryLimit | 1000Mi | | Memory limit for the webhook consumer service deployment | +| services.webhook_consumer.cpuLimit | 500m | | CPU limit for the webhook consumer service deployment | +| services.webhook_consumer.memoryRequest | 500Mi | | Memory request for the webhook consumer service deployment | +| services.webhook_consumer.cpuRequest | 250m | | CPU request for the webhook consumer service deployment | +| services.webhook_consumer.pullPolicy | Always | | Image pull policy for the webhook consumer service deployment | +| services.webhook_consumer.assign_cluster_ip | false | | Set it to `true` if you want to assign `ClusterIP` to the service | +| services.webhook_consumer.nodeSelector | {} | | This key allows you to set the node selector for the deployment of `webhook_consumer`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster. | +| services.webhook_consumer.tolerations | [] | | This key allows you to set the tolerations for the deployment of `webhook_consumer`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster. | +| services.webhook_consumer.affinity | {} | | This key allows you to set the affinity rules for the deployment of `webhook_consumer`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster. | +| services.webhook_consumer.labels | {} | | Custom labels to add to the webhook consumer deployment | +| services.webhook_consumer.annotations | {} | | Custom annotations to add to the webhook consumer deployment | +| env.webhook_consumer_envs.queue_name | "plane.webhook" | | RabbitMQ queue name the webhook consumer reads from | +| env.webhook_consumer_envs.prefetch_count | 10 | | Prefetch count for the webhook consumer | + ### Iframely Deployment | Setting | Default | Required | Description | diff --git a/charts/plane-enterprise/questions.yml b/charts/plane-enterprise/questions.yml index e50602e..7de0f0e 100644 --- a/charts/plane-enterprise/questions.yml +++ b/charts/plane-enterprise/questions.yml @@ -493,6 +493,14 @@ questions: label: "Web URL" type: string default: "" + - variable: env.webhook_allowed_ips + label: "Webhook Allowed IPs" + type: string + default: "" + - variable: env.webhook_allowed_hosts + label: "Webhook Allowed Hosts" + type: string + default: "" - variable: services.worker.replicas label: "Default Replica Count" type: int @@ -728,6 +736,46 @@ questions: type: string default: "issue" +- variable: services.webhook_consumer.enabled + label: "Enable Webhook Consumer" + type: boolean + default: false + group: "Webhook Consumer Setup" + show_subquestion_if: true + subquestions: + - variable: services.webhook_consumer.replicas + label: "Default Replica Count" + type: int + default: 1 + - variable: services.webhook_consumer.memoryLimit + label: "Memory Limit" + type: string + default: 1000Mi + - variable: services.webhook_consumer.cpuLimit + label: "CPU Limit" + type: string + default: 500m + - variable: services.webhook_consumer.memoryRequest + label: "Memory Request" + type: string + default: 500Mi + - variable: services.webhook_consumer.cpuRequest + label: "CPU Request" + type: string + default: 250m + - variable: services.webhook_consumer.assign_cluster_ip + label: "Assign Cluster IP" + type: boolean + default: false + - variable: env.webhook_consumer_envs.queue_name + label: "Webhook Queue Name" + type: string + default: "plane.webhook" + - variable: env.webhook_consumer_envs.prefetch_count + label: "Webhook Prefetch Count" + type: int + default: 10 + - variable: services.iframely.enabled label: "Enable Iframely" type: boolean diff --git a/charts/plane-enterprise/templates/config-secrets/app-env.yaml b/charts/plane-enterprise/templates/config-secrets/app-env.yaml index c3e1474..24143f5 100644 --- a/charts/plane-enterprise/templates/config-secrets/app-env.yaml +++ b/charts/plane-enterprise/templates/config-secrets/app-env.yaml @@ -104,3 +104,6 @@ data: {{- else}} CORS_ALLOWED_ORIGINS: "http://{{ .Values.license.licenseDomain }},https://{{ .Values.license.licenseDomain }}" {{- end }} + + WEBHOOK_ALLOWED_IPS: {{ .Values.env.webhook_allowed_ips | default "" | quote }} + WEBHOOK_ALLOWED_HOSTS: {{ .Values.env.webhook_allowed_hosts | default "" | quote }} diff --git a/charts/plane-enterprise/templates/config-secrets/webhook-consumer.yaml b/charts/plane-enterprise/templates/config-secrets/webhook-consumer.yaml new file mode 100644 index 0000000..6d1d835 --- /dev/null +++ b/charts/plane-enterprise/templates/config-secrets/webhook-consumer.yaml @@ -0,0 +1,11 @@ +{{- if .Values.services.webhook_consumer.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-webhook-consumer-vars +data: + WEBHOOK_QUEUE_NAME: {{ .Values.env.webhook_consumer_envs.queue_name | default "plane.webhook" | quote }} + WEBHOOK_PREFETCH_COUNT: {{ .Values.env.webhook_consumer_envs.prefetch_count | default 10 | quote }} +--- +{{- end }} diff --git a/charts/plane-enterprise/templates/workloads/webhook-consumer.deployment.yaml b/charts/plane-enterprise/templates/workloads/webhook-consumer.deployment.yaml new file mode 100644 index 0000000..98be03e --- /dev/null +++ b/charts/plane-enterprise/templates/workloads/webhook-consumer.deployment.yaml @@ -0,0 +1,77 @@ +{{- if .Values.services.webhook_consumer.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-webhook-consumer-wl + {{- include "plane.labelsAndAnnotations" .Values.services.webhook_consumer }} +spec: + replicas: {{ .Values.services.webhook_consumer.replicas | default 1 }} + selector: + matchLabels: + app.name: {{ .Release.Namespace }}-{{ .Release.Name }}-webhook-consumer + template: + metadata: + namespace: {{ .Release.Namespace }} + labels: + app.name: {{ .Release.Namespace }}-{{ .Release.Name }}-webhook-consumer + annotations: + timestamp: {{ now | quote }} + spec: + {{- include "plane.podScheduling" .Values.services.webhook_consumer }} + containers: + - name: {{ .Release.Name }}-webhook-consumer + imagePullPolicy: {{ .Values.services.api.pullPolicy | default "Always" }} + image: {{ .Values.services.api.image | default "makeplane/backend-commercial" }}:{{ .Values.planeVersion }} + stdin: true + tty: true + resources: + requests: + memory: {{ .Values.services.webhook_consumer.memoryRequest | default "500Mi" | quote }} + cpu: {{ .Values.services.webhook_consumer.cpuRequest | default "250m" | quote }} + limits: + memory: {{ .Values.services.webhook_consumer.memoryLimit | default "1000Mi" | quote }} + cpu: {{ .Values.services.webhook_consumer.cpuLimit | default "500m" | quote}} + readinessProbe: + exec: + command: + - sh + - -c + - pgrep -f "python" > /dev/null + initialDelaySeconds: 10 + failureThreshold: 3 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + command: + - ./bin/docker-entrypoint-webhook-consumer.sh + envFrom: + - configMapRef: + name: {{ .Release.Name }}-webhook-consumer-vars + optional: false + - configMapRef: + name: {{ .Release.Name }}-app-vars + optional: false + - secretRef: + name: {{ if not (empty .Values.external_secrets.app_env_existingSecret) }}{{ .Values.external_secrets.app_env_existingSecret }}{{ else }}{{ .Release.Name }}-app-secrets{{ end }} + optional: false + - secretRef: + name: {{ if not (empty .Values.external_secrets.doc_store_existingSecret) }}{{ .Values.external_secrets.doc_store_existingSecret }}{{ else }}{{ .Release.Name }}-doc-store-secrets{{ end }} + optional: false + - secretRef: + name: {{ if not (empty .Values.external_secrets.opensearch_existingSecret) }}{{ .Values.external_secrets.opensearch_existingSecret }}{{ else }}{{ .Release.Name }}-opensearch-secrets{{ end }} + optional: false + {{- if .Values.services.silo.enabled }} + - secretRef: + name: {{ if not (empty .Values.external_secrets.silo_env_existingSecret) }}{{ .Values.external_secrets.silo_env_existingSecret }}{{ else }}{{ .Release.Name }}-silo-secrets{{ end }} + optional: false + {{- end }} + {{- if .Values.extraEnv }} + env: + {{- toYaml .Values.extraEnv | nindent 10 }} + {{- end }} + + serviceAccount: {{ .Release.Name }}-srv-account + serviceAccountName: {{ .Release.Name }}-srv-account +--- +{{- end }} diff --git a/charts/plane-enterprise/values.yaml b/charts/plane-enterprise/values.yaml index ba797a7..0dd34b3 100644 --- a/charts/plane-enterprise/values.yaml +++ b/charts/plane-enterprise/values.yaml @@ -345,6 +345,21 @@ services: labels: {} annotations: {} + webhook_consumer: + enabled: false + replicas: 1 + memoryLimit: 1000Mi + cpuLimit: 500m + memoryRequest: 500Mi + cpuRequest: 250m + pullPolicy: Always + assign_cluster_ip: false + nodeSelector: {} + tolerations: [] + affinity: {} + labels: {} + annotations: {} + pi: enabled: false replicas: 1 @@ -494,6 +509,11 @@ env: instance_admin_email: '' web_url: '' + # Comma-separated list of IPs/CIDRs and hostnames that webhooks are allowed to target. + # Leave empty to allow all (no restriction). + webhook_allowed_ips: '' + webhook_allowed_hosts: '' + live_sentry_dsn: "" live_sentry_environment: "" live_sentry_traces_sample_rate: "" @@ -537,6 +557,10 @@ env: exchange_name: "plane.event_stream" event_types: "issue" + webhook_consumer_envs: + queue_name: "plane.webhook" + prefetch_count: 10 + runner_envs: execution_timeout_ms: "10000" init_timeout_ms: "5000"