helm-charts/charts/plane-enterprise/README.md at master · makeplane/helm-charts

Pre-requisite

A working Kubernetes cluster
kubectl and helm on the client system that you will use to install our Helm charts

Installing Traefik Ingress Controller (optional)

If you plan to use Traefik as your ingress controller, install it before deploying Plane.

Add the Traefik Helm chart repo and update it.

helm repo add traefik https://traefik.github.io/charts
helm repo update

Install Traefik into your cluster.

helm upgrade --install traefik traefik/traefik \
    --create-namespace \
    --namespace traefik \
    --wait

Once installed, set ingress.ingressClass=traefik when deploying Plane.

Migrating the Ingress Controller

The chart selects between two ingress templates based on ingress.ingressClass:

`ingressClass` value	Template rendered	Resource kind
`traefik` (or starts with it)	`templates/ingress-traefik.yaml`	`traefik.io/v1alpha1 IngressRoute`
Any other value (e.g. `nginx`)	`templates/ingress.yaml`	`networking.k8s.io/v1 Ingress`

The default value is "traefik". If you are switching to a standard ingress controller such as nginx, follow the migration steps below.

Switching from Traefik to a standard Ingress controller (e.g. nginx)

Install your target ingress controller if it is not already running.

Update ingress.ingressClass in your values.yaml:

ingress:
  ingressClass: "nginx"   # or whichever class your controller exposes

Run helm upgrade:

helm upgrade plane-app plane/plane-enterprise \
  --namespace plane-ns \
  -f values.yaml \
  --wait

After the upgrade the IngressRoute and Middleware resources are no longer rendered and will be orphaned — delete them manually:

kubectl delete ingressroute -n plane-ns -l app.kubernetes.io/instance=plane-app
kubectl delete middleware    -n plane-ns -l app.kubernetes.io/instance=plane-app

Verify that the new Ingress is admitted and routes traffic before removing the old Traefik resources.

Switching from a standard Ingress controller to Traefik

Install Traefik with CRD support enabled (see Installing Traefik Ingress Controller above).
Update ingress.ingressClass:
```
ingress:
  ingressClass: "traefik"
```
Run helm upgrade. The old Ingress resource is orphaned — delete it:
```
kubectl delete ingress -n plane-ns plane-app-ingress
```

Key values controlling template selection

Value	Default	Effect
`ingress.enabled`	`true`	Master switch — set to `false` to render neither template.
`ingress.ingressClass`	`traefik`	Selects which template is active (see table above).
`ingress.traefik.maxRequestBodyBytes`	`20971520`	Max request body size for Traefik's buffering middleware. Ignored when not using Traefik.
`ingress.ingress_annotations`	`{}`	Standard `Ingress` annotations. Ignored when `ingressClass` starts with `traefik`.

Installing Plane

Open Terminal or any other command-line app that has access to Kubernetes tools on your local system.
Set the following environment variables.

Copy the format of constants below, paste it on Terminal to start setting environment variables, set values for each variable, and hit ENTER or RETURN.
```
PLANE_VERSION=v2.5.4 # or the last released version
DOMAIN_NAME=<subdomain.domain.tld or domain.tld>
```
Add Plane helm chart repo

Continue to be on the same Terminal window as with the previous steps, copy the code below, paste it on Terminal, and hit ENTER or RETURN.
```
helm repo add plane https://helm.plane.so/
```
Set-up and customization
- Quick set-up
  
  This is the fastest way to deploy Plane with default settings. This will create stateful deployments for Postgres, Rabbitmq, Redis/Valkey, and Minio with a persistent volume claim using the default storage class. This also sets up the ingress routes for you using traefik ingress class.
  
  To customize this, see Custom ingress routes below.
  
  Continue to be on the same Terminal window as you have so far, copy the code below, and paste it on your Terminal screen.
```
helm upgrade --install plane-app plane/plane-enterprise \
    --create-namespace \
    --namespace plane \
    --set license.licenseDomain=${DOMAIN_NAME} \
    --set planeVersion=${PLANE_VERSION} \
    --set ingress.enabled=true \
    --set ingress.ingressClass=traefik \
    --timeout 10m \
    --wait \
    --wait-for-jobs
```
  This is the basic setup required for Plane-EE. You can customize the default values for namespace and appname as needed. Additional settings can be configured by referring to the Configuration Settings section.
  
  Using a Custom StorageClass
  
  To specify a custom StorageClass for Plane-Enterprise components, add the following options to the above helm upgrade --install command:
```
--set env.storageClass=<your-storageclass-name>
```
- Advance set-up
  
  For more control over your set-up, run the script below to download the values.yaml file and and edit using any editor like Vim or Nano.
```
helm  show values plane/plane-enterprise > values.yaml
vi values.yaml
```
  Make sure you set the minimum required values as below.
  - planeVersion: v2.5.4 <or the last released version>
  - license.licenseDomain: <The domain you have specified to host Plane>
  - ingress.enabled: <true | false>
  - ingress.ingressClass: <traefik or any other ingress class configured in your cluster>
  - env.storageClass: <default storage class configured in your cluster>
    
    See Available customizations for more details.
  After saving the values.yaml file, continue to be on the same Terminal window as on the previous steps, copy the code below, and paste it on your Terminal screen.
```
helm upgrade --install plane-app plane/plane-enterprise \
    --create-namespace \
    --namespace plane \
    -f values.yaml \
    --timeout 10m \
    --wait \
    --wait-for-jobs
```

Available customizations

License

Setting	Default	Required	Description
planeVersion	v2.5.4	Yes	Specifies the version of Plane to be deployed. Copy this from prime.plane.so.
license.licenseDomain	plane.example.com	Yes	The fully-qualified domain name (FQDN) in the format `sudomain.domain.tld` or `domain.tld` that the license is bound to. It is also attached to your `ingress` host to access Plane.

Air-gapped Settings

Setting	Default	Required	Description
airgapped.enabled	false	No	Specifies the airgapped mode the Plane API runs in.
airgapped.s3Secrets	[]	No	List of Kubernetes Secrets containing CA certificates to install. Each item must have `name` (Secret name) and `key` (file key in the Secret). Example: `kubectl -n plane create secret generic plane-s3-ca --from-file=s3-custom-ca.crt=/path/to/ca.crt`. Supports multiple certs (e.g. S3 + internal CA).
airgapped.s3SecretName	""	No	(Deprecated, backward compatibility) Name of a single Kubernetes Secret containing the S3 CA cert. Used only when `s3Secrets` is empty. Prefer migrating to `s3Secrets`.
airgapped.s3SecretKey	""	No	(Deprecated, backward compatibility) Key (filename) of the cert file inside the Secret. Used only when `s3Secrets` is empty. Set together with `airgapped.s3SecretName`.

Backward compatibility: custom S3 CA (upgrading from older charts)

If you previously used the single-secret custom CA configuration (airgapped.s3SecretName and airgapped.s3SecretKey), it continues to work. No change is required when upgrading.

Old configuration (still supported): Set airgapped.s3SecretName to your Secret name and airgapped.s3SecretKey to the key (e.g. s3-custom-ca.crt). The chart mounts that single cert, runs update-ca-certificates, and sets AWS_CA_BUNDLE to the system bundle path.
New configuration (recommended): Use airgapped.s3Secrets with a list of { name, key } entries. This allows multiple CA certificates (e.g. S3 endpoint CA and internal PKI) and matches the same runtime behavior.

Migration (optional): To move from the deprecated keys to s3Secrets, set for example:

airgapped:
  enabled: true
  s3Secrets:
    - name: plane-s3-ca      # same as your previous s3SecretName
      key: s3-custom-ca.crt  # same as your previous s3SecretKey
  # s3SecretName and s3SecretKey can be removed after migration

Docker Registry

Setting	Default	Required	Description
dockerRegistry.enabled	false	No	Enable to configure image pull secrets for pulling images from a private docker registry. When enabled, you can either provide credentials to create a new secret or use an existing Kubernetes secret.
dockerRegistry.existingSecret		No	Name of an existing Kubernetes secret containing docker registry credentials. When specified, the chart will use this secret for `imagePullSecrets` instead of creating a new one. The secret should be of type `kubernetes.io/dockerconfigjson`. If left empty, credentials below will be used to create a new secret.
dockerRegistry.registry	index.docker.io/v1/	No	Docker registry URL. Only used when `dockerRegistry.existingSecret` is empty.
dockerRegistry.loginid		No	Login ID / Username for the docker registry. Only used when `dockerRegistry.existingSecret` is empty.
dockerRegistry.password		No	Password or Token for the docker registry. Only used when `dockerRegistry.existingSecret` is empty.

Postgres

Setting	Default	Description
services.postgres.local_setup	true	Plane uses `postgres` as the primary database to store all the transactional data. This database can be hosted within kubernetes as part of helm chart deployment or can be used as hosted service remotely (e.g. aws rds or similar services). Set this to `true` when you choose to setup stateful deployment of `postgres`. Mark it as `false` when using a remotely hosted database
services.postgres.image	postgres:15.7-alpine	Using this key, user must provide the docker image name to setup the stateful deployment of `postgres`. (must be set when `services.postgres.local_setup=true`)
services.postgres.pullPolicy	IfNotPresent	Using this key, user can set the pull policy for the stateful deployment of `postgres`. (must be set when `services.postgres.local_setup=true`)
services.postgres.servicePort	5432	This key sets the default port number to be used while setting up stateful deployment of `postgres`.
services.postgres.volumeSize	2Gi	While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
env.pgdb_username	plane	Database credentials are requried to access the hosted stateful deployment of `postgres`. Use this key to set the username for the stateful deployment.
env.pgdb_password	plane	Database credentials are requried to access the hosted stateful deployment of `postgres`. Use this key to set the password for the stateful deployment.
env.pgdb_name	plane	Database name to be used while setting up stateful deployment of `Postgres`
services.postgres.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.postgres.nodeSelector	{}	This key allows you to set the node selector for the stateful deployment of `postgres`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.postgres.tolerations	[]	This key allows you to set the tolerations for the stateful deployment of `postgres`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.postgres.affinity	{}	This key allows you to set the affinity rules for the stateful deployment of `postgres`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.postgres.labels	{}	This key allows you to set custom labels for the stateful deployment of `postgres`. This is useful for organizing and selecting resources in your Kubernetes cluster.
services.postgres.annotations	{}	This key allows you to set custom annotations for the stateful deployment of `postgres`. This is useful for adding metadata or configuration hints to your resources.
env.pgdb_remote_url		Users can also decide to use the remote hosted database and link to Plane deployment. Ignoring all the above keys, set `services.postgres.local_setup` to `false` and set this key with remote connection url.

Redis/Valkey Setup

Setting	Default	Description
services.redis.local_setup	true	Plane uses `valkey` to cache the session authentication and other static data. This database can be hosted within kubernetes as part of helm chart deployment or can be used as hosted service remotely (e.g. aws rds or similar services). Set this to `true` when you choose to setup stateful deployment of `redis`. Mark it as `false` when using a remotely hosted database
services.redis.image	valkey/valkey:7.2.11-alpine	Using this key, user must provide the docker image name to setup the stateful deployment of `redis`. (must be set when `services.redis.local_setup=true`)
services.redis.pullPolicy	IfNotPresent	Using this key, user can set the pull policy for the stateful deployment of `redis`. (must be set when `services.redis.local_setup=true`)
services.redis.servicePort	6379	This key sets the default port number to be used while setting up stateful deployment of `redis`.
services.redis.volumeSize	500Mi	While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
services.redis.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.redis.nodeSelector	{}	This key allows you to set the node selector for the stateful deployment of `redis`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.redis.tolerations	[]	This key allows you to set the tolerations for the stateful deployment of `redis`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.redis.affinity	{}	This key allows you to set the affinity rules for the stateful deployment of `redis`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.redis.labels	{}	This key allows you to set custom labels for the stateful deployment of `redis`. This is useful for organizing and selecting resources in your Kubernetes cluster.
services.redis.annotations	{}	This key allows you to set custom annotations for the stateful deployment of `redis`. This is useful for adding metadata or configuration hints to your resources.
env.remote_redis_url		Users can also decide to use the remote hosted database and link to Plane deployment. Ignoring all the above keys, set `services.redis.local_setup` to `false` and set this key with remote connection url.

RabbitMQ Setup

Setting	Default	Description
services.rabbitmq.local_setup	true	Plane uses `rabbitmq` as message queuing system. This can be hosted within kubernetes as part of helm chart deployment or can be used as hosted service remotely (e.g. aws mq or similar services). Set this to `true` when you choose to setup stateful deployment of `rabbitmq`. Mark it as `false` when using a remotely hosted service
services.rabbitmq.image	rabbitmq:3.13.6-management-alpine	Using this key, user must provide the docker image name to setup the stateful deployment of `rabbitmq`. (must be set when `services.rabbitmq.local_setup=true`)
services.rabbitmq.pullPolicy	IfNotPresent	Using this key, user can set the pull policy for the stateful deployment of `rabbitmq`. (must be set when `services.rabbitmq.local_setup=true`)
services.rabbitmq.servicePort	5672	This key sets the default port number to be used while setting up stateful deployment of `rabbitmq`.
services.rabbitmq.managementPort	15672	This key sets the default management port number to be used while setting up stateful deployment of `rabbitmq`.
services.rabbitmq.volumeSize	100Mi	While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
services.rabbitmq.default_user	plane	Credentials are requried to access the hosted stateful deployment of `rabbitmq`. Use this key to set the username for the stateful deployment.
services.rabbitmq.default_password	plane	Credentials are requried to access the hosted stateful deployment of `rabbitmq`. Use this key to set the password for the stateful deployment.
services.rabbitmq.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.rabbitmq.nodeSelector	{}	This key allows you to set the node selector for the stateful deployment of `rabbitmq`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.rabbitmq.tolerations	[]	This key allows you to set the tolerations for the stateful deployment of `rabbitmq`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.rabbitmq.affinity	{}	This key allows you to set the affinity rules for the stateful deployment of `rabbitmq`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.rabbitmq.labels	{}	This key allows you to set custom labels for the stateful deployment of `rabbitmq`. This is useful for organizing and selecting resources in your Kubernetes cluster.
services.rabbitmq.annotations	{}	This key allows you to set custom annotations for the stateful deployment of `rabbitmq`. This is useful for adding metadata or configuration hints to your resources.
services.rabbitmq.external_rabbitmq_url		Users can also decide to use the remote hosted service and link to Plane deployment. Ignoring all the above keys, set `services.rabbitmq.local_setup` to `false` and set this key with remote connection url.

OpenSearch Setup

Setting	Default	Description
services.opensearch.local_setup	false	Plane uses `opensearch` as the search and analytics engine. This can be hosted within kubernetes as part of helm chart deployment or can be used as hosted service remotely (e.g. AWS OpenSearch Service or similar services). Set this to `true` when you choose to setup stateful deployment of `opensearch`. Mark it as `false` when using a remotely hosted service
services.opensearch.image	opensearchproject/opensearch:3.3.2	Using this key, user must provide the docker image name to setup the stateful deployment of `opensearch`. (must be set when `services.opensearch.local_setup=true`)
services.opensearch.pullPolicy	IfNotPresent	Using this key, user can set the pull policy for the stateful deployment of `opensearch`. (must be set when `services.opensearch.local_setup=true`)
services.opensearch.servicePort	9200	This key sets the default port number to be used while setting up stateful deployment of `opensearch`.
services.opensearch.volumeSize	5Gi	While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
services.opensearch.username	plane	Credentials are requried to access the hosted stateful deployment of `opensearch`. Use this key to set the username for the stateful deployment.
services.opensearch.password	Secure@Pass#123!%^&*	Credentials are requried to access the hosted stateful deployment of `opensearch`. Use this key to set the password for the stateful deployment. Password Complexity Requirements: Must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character (e.g., `!@#$%^&*`).
services.opensearch.memoryLimit	3Gi	Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.opensearch.cpuLimit	750m	Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.opensearch.memoryRequest	2Gi	Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.opensearch.cpuRequest	500m	Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.opensearch.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.opensearch.nodeSelector	{}	This key allows you to set the node selector for the stateful deployment of `opensearch`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.opensearch.tolerations	[]	This key allows you to set the tolerations for the stateful deployment of `opensearch`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.opensearch.affinity	{}	This key allows you to set the affinity rules for the stateful deployment of `opensearch`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.opensearch.labels	{}	This key allows you to set custom labels for the stateful deployment of `opensearch`. This is useful for organizing and selecting resources in your Kubernetes cluster.
services.opensearch.annotations	{}	This key allows you to set custom annotations for the stateful deployment of `opensearch`. This is useful for adding metadata or configuration hints to your resources.
env.opensearch_remote_url		Users can also decide to use the remote hosted service and link to Plane deployment. Ignoring all the above keys, set `services.opensearch.local_setup` to `false` and set this key with remote connection url.
env.opensearch_remote_username		Username for remote OpenSearch service. Required when `services.opensearch.local_setup=false` and `env.opensearch_remote_url` is set. Note: This is not a secret and should be configured in values.yaml, not in external secrets.
env.opensearch_remote_password		Password for remote OpenSearch service. Required when `services.opensearch.local_setup=false` and `env.opensearch_remote_url` is set. This can be configured in values.yaml or provided via external secrets (`opensearch_existingSecret` with `OPENSEARCH_PASSWORD`). Password Complexity Requirements: Must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one digit, and one special character (e.g., `!@#$%^&*`).
env.opensearch_index_prefix	plane_	Prefix to be used for OpenSearch indices. This helps organize indices in a multi-tenant or multi-environment setup.
env.opensearch_embedding_dimension	1536	Embedding vector dimension used for OpenSearch semantic/vector indexing.

Doc Store (Minio/S3) Setup

Setting	Default	Required	Description
services.minio.local_setup	true		Plane uses `minio` as the default file storage drive. This storage can be hosted within kubernetes as part of helm chart deployment or can be used as hosted service remotely (e.g. aws S3 or similar services). Set this to `true` when you choose to setup stateful deployment of `minio`. Mark it as `false` when using a remotely hosted database
services.minio.image	minio/minio:latest		Using this key, user must provide the docker image name to setup the stateful deployment of `minio`. (must be set when `services.minio.local_setup=true`)
services.minio.image_mc	minio/mc:latest		Using this key, user must provide the docker image name to setup the job deployment of `minio client`. (must be set when `services.minio.local_setup=true`)
services.minio.pullPolicy	IfNotPresent		Using this key, user can set the pull policy for the stateful deployment of `minio`. (must be set when `services.minio.local_setup=true`)
services.minio.volumeSize	3Gi		While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
services.minio.root_user	admin		Storage credentials are requried to access the hosted stateful deployment of `minio`. Use this key to set the username for the stateful deployment.
services.minio.root_password	password		Storage credentials are requried to access the hosted stateful deployment of `minio`. Use this key to set the password for the stateful deployment.
services.minio.env.minio_endpoint_ssl	false		(Optional) Env to enforce HTTPS when connecting to minio uploads bucket
env.docstore_bucket	uploads	Yes	Storage bucket name is required as part of configuration. This is where files will be uploaded irrespective of if you are using `Minio` or external `S3` (or compatible) storage service
env.doc_upload_size_limit	5242880	Yes	Document Upload Size Limit (default to 5Mb)
services.minio.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.minio.nodeSelector	{}		This key allows you to set the node selector for the stateful deployment of `minio`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.minio.tolerations	[]		This key allows you to set the tolerations for the stateful deployment of `minio`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.minio.affinity	{}		This key allows you to set the affinity rules for the stateful deployment of `minio`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.minio.labels	{}		This key allows you to set custom labels for the stateful deployment of `minio`. This is useful for organizing and selecting resources in your Kubernetes cluster.
services.minio.annotations	{}		This key allows you to set custom annotations for the stateful deployment of `minio`. This is useful for adding metadata or configuration hints to your resources.
env.aws_access_key			External `S3` (or compatible) storage service provides `access key` for the application to connect and do the necessary upload/download operations. To be provided when `services.minio.local_setup=false`
env.aws_secret_access_key			External `S3` (or compatible) storage service provides `secret access key` for the application to connect and do the necessary upload/download operations. To be provided when `services.minio.local_setup=false`
env.aws_region			External `S3` (or compatible) storage service providers creates any buckets in user selected region. This is also shared with the user as `region` for the application to connect and do the necessary upload/download operations. To be provided when `services.minio.local_setup=false`
env.aws_s3_endpoint_url			External `S3` (or compatible) storage service providers shares a `endpoint_url` for the integration purpose for the application to connect and do the necessary upload/download operations. To be provided when `services.minio.local_setup=false`
env.use_storage_proxy	false		When set to `true`, all S3 (or compatible) file GET requests from the browser are proxied through Plane's API service instead of accessing the S3 endpoint directly. Enable this if your storage endpoint is not accessible publicly or you want to control/download access through the API. Default is `false`.
env.allow_all_attachment_types	false		When set to `true`, allows all file types as attachments. When `false`, only permitted types are allowed. Default is `false`.
env.enable_drf_spectacular	false		When set to `true`, enables drf-spectacular OpenAPI schema generation for the API (`ENABLE_DRF_SPECTACULAR`). Default is `false`.

Web Deployment

Setting	Default	Required	Description
services.web.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.web.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.web.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.web.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.web.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.web.image	makeplane/web-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.web.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `web`.
services.web.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.web.nodeSelector	{}		This key allows you to set the node selector for the deployment of `web`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.web.tolerations	[]		This key allows you to set the tolerations for the deployment of `web`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.web.affinity	{}		This key allows you to set the affinity rules for the deployment of `web`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.web.labels	{}		Custom labels to add to the web deployment
services.web.annotations	{}		Custom annotations to add to the web deployment

Space Deployment

Setting	Default	Required	Description
services.space.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.space.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.space.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.space.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.space.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.space.image	makeplane/space-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.space.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `space`.
services.space.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.space.nodeSelector	{}		This key allows you to set the node selector for the deployment of `space`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.space.tolerations	[]		This key allows you to set the tolerations for the deployment of `space`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.space.affinity	{}		This key allows you to set the affinity rules for the deployment of `space`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.space.labels	{}		Custom labels to add to the space deployment
services.space.annotations	{}		Custom annotations to add to the space deployment

Admin Deployment

Setting	Default	Required	Description
services.admin.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.admin.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.admin.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.admin.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.admin.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.admin.image	makeplane/admin-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.admin.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `admin`.
services.admin.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.admin.nodeSelector	{}		This key allows you to set the node selector for the deployment of `admin`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.admin.tolerations	[]		This key allows you to set the tolerations for the deployment of `admin`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.admin.affinity	{}		This key allows you to set the affinity rules for the deployment of `admin`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.admin.labels	{}		Custom labels to add to the admin deployment
services.admin.annotations	{}		Custom annotations to add to the admin deployment

Live Service Deployment

Setting	Default	Required	Description
services.live.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.live.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.live.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.live.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.live.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.live.image	makeplane/live-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.live.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `live`.
env.live_sentry_dsn			(optional) Live service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry provided DSN for this integration.
env.live_sentry_environment			(optional) Live service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry environment name (as configured in Sentry) for this integration.
env.live_sentry_traces_sample_rate			(optional) Live service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry trace sample rate (as configured in Sentry) for this integration.
env.live_server_secret_key	htbqvBJAgpm9bzvf3r4urJer0ENReatceh		Live Server Secret Key
env.external_iframely_url	""		External Iframely service URL. If provided, the local Iframely deployment will be skipped and the live service will use this external URL
services.live.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.live.nodeSelector	{}		This key allows you to set the node selector for the deployment of `live`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.live.tolerations	[]		This key allows you to set the tolerations for the deployment of `live`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.live.affinity	{}		This key allows you to set the affinity rules for the deployment of `live`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.live.labels	{}		Custom labels to add to the live deployment
services.live.annotations	{}		Custom annotations to add to the live deployment

Monitor Deployment

Setting	Default	Description
services.monitor.memoryLimit	1000Mi	Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.monitor.cpuLimit	500m	Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.monitor.memoryRequest	50Mi	Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.monitor.cpuRequest	50m	Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.monitor.image	makeplane/monitor-commercial	This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.monitor.pullPolicy	Always	Using this key, user can set the pull policy for the deployment of `monitor`.
services.monitor.volumeSize	100Mi	While setting up the stateful deployment, while creating the persistant volume, volume allocation size need to be provided. This key helps you set the volume allocation size. Unit of this value must be in Mi (megabyte) or Gi (gigabyte)
services.monitor.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.monitor.nodeSelector	{}	This key allows you to set the node selector for the stateful deployment of `monitor`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.monitor.tolerations	[]	This key allows you to set the tolerations for the stateful deployment of `monitor`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.monitor.affinity	{}	This key allows you to set the affinity rules for the stateful deployment of `monitor`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.monitor.labels	{}	Custom labels to add to the monitor deployment
services.monitor.annotations	{}	Custom annotations to add to the monitor deployment

API Deployment

Setting	Default	Required	Description
services.api.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.api.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.api.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.api.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.api.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.api.image	makeplane/backend-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.api.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `api`.
env.sentry_dsn			(optional) API service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry provided DSN for this integration.
env.sentry_environment			(optional) API service deployment comes with some of the preconfigured integration. Sentry is one among those. Here user can set the Sentry environment name (as configured in Sentry) for this integration.
env.api_key_rate_limit	60/minute		(optional) User can set the maximum number of requests the API can handle in a given time frame.
env.web_url			(optional) Custom Web URL for the application. If not set, it will be auto-generated based on the license domain and SSL settings
services.api.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.api.nodeSelector	{}		This key allows you to set the node selector for the deployment of `api`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.api.tolerations	[]		This key allows you to set the tolerations for the deployment of `api`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.api.affinity	{}		This key allows you to set the affinity rules for the deployment of `api`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.api.labels	{}		Custom labels to add to the API deployment
services.api.annotations	{}		Custom annotations to add to the API deployment

Silo Deployment

Setting	Default	Required	Description
services.silo.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.silo.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.silo.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.silo.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.silo.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.silo.image	makeplane/silo-commercial		This deployment needs a preconfigured docker image to function. Docker image name is provided by the owner and must not be changed for this deployment
services.silo.pullPolicy	Always		Using this key, user can set the pull policy for the deployment of `silo`.
services.silo.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the service
services.silo.nodeSelector	{}		This key allows you to set the node selector for the deployment of `silo`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.silo.tolerations	[]		This key allows you to set the tolerations for the deployment of `silo`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.silo.affinity	{}		This key allows you to set the affinity rules for the deployment of `silo`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.silo.labels	{}		Custom labels to add to the silo deployment
services.silo.annotations	{}		Custom annotations to add to the silo deployment
services.silo.connectors.slack.enabled	false		Slack Integration
services.silo.connectors.slack.client_id	""	required if `services.silo.connectors.slack.enabled` is `true`	Slack Client ID
services.silo.connectors.slack.client_secret	""	required if `services.silo.connectors.slack.enabled` is `true`	Slack Client Secret
services.silo.connectors.github.enabled	false		Github App Integration
services.silo.connectors.github.client_id	""	required if `services.silo.connectors.github.enabled` is `true`	Github Client ID
services.silo.connectors.github.client_secret	""	required if `services.silo.connectors.github.enabled` is `true`	Github Client Secret
services.silo.connectors.github.app_name	""	required if `services.silo.connectors.github.enabled` is `true`	Github App Name
services.silo.connectors.github.app_id	""	required if `services.silo.connectors.github.enabled` is `true`	Github App ID
services.silo.connectors.github.private_key	""	required if `services.silo.connectors.github.enabled` is `true`	Github Private Key
services.silo.connectors.gitlab.enabled	false		Gitlab App Integration
services.silo.connectors.gitlab.client_id	""	required if `services.silo.connectors.gitlab.enabled` is `true`	Gitlab Client ID
services.silo.connectors.gitlab.client_secret	""	required if `services.silo.connectors.gitlab.enabled` is `true`	Gitlab Client Secret
env.silo_envs.mq_prefetch_count	10		Prefetch count for RabbitMQ
env.silo_envs.batch_size	60		Batch size for Silo
env.silo_envs.request_interval	400		Request interval for Silo
env.silo_envs.sentry_dsn			Sentry DSN
env.silo_envs.sentry_environment			Sentry Environment
env.silo_envs.sentry_traces_sample_rate			Sentry Traces Sample Rate
env.silo_envs.hmac_secret_key	<random-32-bit-string>		HMAC Secret Key
env.silo_envs.aes_secret_key	"dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr"		AES Secret Key

Plane AI (PI) Deployment

Setting	Default	Required	Description
services.pi.enabled	false	No	Set to `true` to enable the Plane AI service and its API, worker, beat, and migrator workloads.
services.pi.replicas	1	Yes	Number of replicas for the Plane AI (PI) API deployment. It must be >=1.
services.pi.memoryLimit	1000Mi		Memory limit for the Plane AI (PI) API deployment.
services.pi.cpuLimit	500m		CPU limit for the Plane AI (PI) API deployment.
services.pi.memoryRequest	50Mi		Memory request for the Plane AI (PI) API deployment.
services.pi.cpuRequest	50m		CPU request for the Plane AI (PI) API deployment.
services.pi.image	makeplane/plane-pi-commercial		Docker image for the Plane AI (PI) service.
services.pi.pullPolicy	Always		Image pull policy for the Plane AI (PI) deployment.
services.pi.assign_cluster_ip	false		Set it to `true` if you want to assign `ClusterIP` to the Plane AI (PI) API service.
services.pi.nodeSelector	{}		Node selector for the Plane AI (PI) API deployment.
services.pi.tolerations	[]		Tolerations for the Plane AI (PI) API deployment.
services.pi.affinity	{}		Affinity rules for the Plane AI (PI) API deployment.
services.pi.labels	{}		Custom labels to add to the Plane AI (PI) API deployment.
services.pi.annotations	{}		Custom annotations to add to the Plane AI (PI) API deployment.
env.pg_pi_db_name	plane_pi		PostgreSQL database name used by Plane AI (PI) when `postgres.local_setup=true`.
env.pg_pi_db_remote_url	""		PostgreSQL connection URL for Plane AI (PI) when using a remote database. Required when `postgres.local_setup=false` and Plane AI (PI) is enabled.
env.pi_envs.internal_secret	tyfvfqvBJAgpm9bzvf3r4urJer0Ehfdubk		Internal secret used by Plane AI (PI) for OAuth and internal APIs.
env.pi_envs.plane_api_host	""		Override for the Plane API host URL used by Plane AI (PI). Defaults to the license domain.
env.pi_envs.cors_allowed_origins	""		CORS allowed origins for Plane AI (PI) API. Defaults to the license domain.
env.pi_envs.log_level	DEBUG		Log level for Plane AI (PI) API (e.g. DEBUG, INFO, WARNING, ERROR).
services.pi.ai_providers.openai.enabled	false		Enable OpenAI as a Plane AI provider.
services.pi.ai_providers.openai.base_url	""		OpenAI API base URL (optional override).
services.pi.ai_providers.openai.api_key	""	required if `services.pi.ai_providers.openai.enabled` is `true`	OpenAI API key.
services.pi.ai_providers.claude.enabled	false		Enable Anthropic Claude as a Plane AI provider.
services.pi.ai_providers.claude.base_url	""		Claude API base URL (optional override).
services.pi.ai_providers.claude.api_key	""	required if `services.pi.ai_providers.claude.enabled` is `true`	Claude API key.
services.pi.ai_providers.groq.enabled	false		Enable Groq as a Plane AI provider.
services.pi.ai_providers.groq.base_url	""		Groq API base URL (optional override).
services.pi.ai_providers.groq.api_key	""	required if `services.pi.ai_providers.groq.enabled` is `true`	Groq API key.
services.pi.ai_providers.cohere.enabled	false		Enable Cohere as a Plane AI provider.
services.pi.ai_providers.cohere.base_url	""		Cohere API base URL (optional override).
services.pi.ai_providers.cohere.api_key	""		Cohere API key (optional if Cohere is disabled).
services.pi.ai_providers.custom_llm.enabled	false		Enable a custom LLM backend for Plane AI.
services.pi.ai_providers.custom_llm.api_key	""	required if `services.pi.ai_providers.custom_llm.enabled` is `true`	Custom LLM API key.
services.pi.ai_providers.custom_llm.base_url	""		Custom LLM base URL.
services.pi.ai_providers.custom_llm.model_key	gpt-oss-120b		Model identifier key for the custom LLM.
services.pi.ai_providers.custom_llm.name	GPT-OSS-120B		Display name for the custom LLM.
services.pi.ai_providers.custom_llm.max_tokens	128000		Maximum tokens for the custom LLM.
services.pi.ai_providers.custom_llm.provider	""		Custom LLM provider identifier.
services.pi.ai_providers.custom_llm.aws_region	""		AWS region when the custom LLM is hosted on AWS.
services.pi.ai_providers.embedding_model.enabled	false		Enable OpenSearch embedding model integration (AWS / OpenSearch ML).
services.pi.ai_providers.embedding_model.name	""	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	Embedding model name.
services.pi.ai_providers.embedding_model.model_id	""	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	OpenSearch ML model ID (`OPENSEARCH_ML_MODEL_ID`).
services.pi.ai_providers.embedding_model.embedding_dimension	1536	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	OpenSearch embedding vector dimension (must match the model).
services.pi.ai_providers.embedding_model.aws_access_key	""	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	AWS access key ID for the embedding model (`BR_AWS_ACCESS_KEY_ID`).
services.pi.ai_providers.embedding_model.aws_secret_access_key	""	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	AWS secret access key for the embedding model (also `BR_AWS_SECRET_ACCESS_KEY` in external secrets).
services.pi.ai_providers.embedding_model.aws_region	us-east-1		AWS region for the embedding model (`BR_AWS_REGION`).
services.pi.ai_providers.embedding_model.aws_session_token	""		AWS session token when using temporary credentials (`BR_AWS_SESSION_TOKEN`).

Plane AI (PI) Worker Deployment

Setting	Default	Required	Description
services.pi_worker.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for the Plane AI (PI) worker. This key helps you set the number of replicas. It must be >=1.
services.pi_worker.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for the Plane AI (PI) worker deployment to use.
services.pi_worker.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for the Plane AI (PI) worker deployment to use.
services.pi_worker.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for the Plane AI (PI) worker deployment to use.
services.pi_worker.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for the Plane AI (PI) worker deployment to use.
services.pi_worker.nodeSelector	{}		This key allows you to set the node selector for the deployment of `pi_worker`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.pi_worker.tolerations	[]		This key allows you to set the tolerations for the deployment of `pi_worker`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.pi_worker.affinity	{}		This key allows you to set the affinity rules for the deployment of `pi_worker`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.pi_worker.labels	{}		Custom labels to add to the Plane AI (PI) worker deployment
services.pi_worker.annotations	{}		Custom annotations to add to the Plane AI (PI) worker deployment

Plane AI (PI) Beat-Worker Deployment

Setting	Default	Required	Description
services.pi_beat_worker.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for the Plane AI (PI) beat-worker. This key helps you set the number of replicas. It must be >=1.
services.pi_beat_worker.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for the Plane AI (PI) beat-worker deployment to use.
services.pi_beat_worker.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for the Plane AI (PI) beat-worker deployment to use.
services.pi_beat_worker.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for the Plane AI (PI) beat-worker deployment to use.
services.pi_beat_worker.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for the Plane AI (PI) beat-worker deployment to use.
services.pi_beat_worker.nodeSelector	{}		This key allows you to set the node selector for the deployment of `pi_beat_worker`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.pi_beat_worker.tolerations	[]		This key allows you to set the tolerations for the deployment of `pi_beat_worker`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.pi_beat_worker.affinity	{}		This key allows you to set the affinity rules for the deployment of `pi_beat_worker`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.pi_beat_worker.labels	{}		Custom labels to add to the Plane AI (PI) beat-worker deployment
services.pi_beat_worker.annotations	{}		Custom annotations to add to the Plane AI (PI) beat-worker deployment

Worker Deployment

Setting	Default	Required	Description
services.worker.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.worker.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.worker.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.worker.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.worker.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.worker.nodeSelector	{}		This key allows you to set the node selector for the deployment of `worker`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.worker.tolerations	[]		This key allows you to set the tolerations for the deployment of `worker`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.worker.affinity	{}		This key allows you to set the affinity rules for the deployment of `worker`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.worker.labels	{}		Custom labels to add to the worker deployment
services.worker.annotations	{}		Custom annotations to add to the worker deployment

Beat-Worker deployment

Setting	Default	Required	Description
services.beatworker.replicas	1	Yes	Kubernetes helps you with scaling up/down the deployments. You can run 1 or more pods for each deployment. This key helps you setting up number of replicas you want to run for this deployment. It must be >=1
services.beatworker.memoryLimit	1000Mi		Every deployment in kubernetes can be set to use maximum memory they are allowed to use. This key sets the memory limit for this deployment to use.
services.beatworker.cpuLimit	500m		Every deployment in kubernetes can be set to use maximum cpu they are allowed to use. This key sets the cpu limit for this deployment to use.
services.beatworker.memoryRequest	50Mi		Every deployment in kubernetes can be set to use minimum memory they are allowed to use. This key sets the memory request for this deployment to use.
services.beatworker.cpuRequest	50m		Every deployment in kubernetes can be set to use minimum cpu they are allowed to use. This key sets the cpu request for this deployment to use.
services.beatworker.nodeSelector	{}		This key allows you to set the node selector for the deployment of `beatworker`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.beatworker.tolerations	[]		This key allows you to set the tolerations for the deployment of `beatworker`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.beatworker.affinity	{}		This key allows you to set the affinity rules for the deployment of `beatworker`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.beatworker.labels	{}		Custom labels to add to the beat-worker deployment
services.beatworker.annotations	{}		Custom annotations to add to the beat-worker deployment

Email Service Deployment

Setting	Default	Required	Description
services.email_service.enabled	false		Set to `true` to enable the email service deployment
services.email_service.replicas	1		Number of replicas for the email service deployment
services.email_service.memoryLimit	1000Mi		Memory limit for the email service deployment
services.email_service.cpuLimit	500m		CPU limit for the email service deployment
services.email_service.memoryRequest	50Mi		Memory request for the email service deployment
services.email_service.cpuRequest	50m		CPU request for the email service deployment
services.email_service.image	makeplane/email-commercial		Docker image for the email service deployment
services.email_service.pullPolicy	Always		Image pull policy for the email service deployment
services.email_service.nodeSelector	{}		This key allows you to set the node selector for the deployment of `email_service`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.email_service.tolerations	[]		This key allows you to set the tolerations for the deployment of `email_service`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.email_service.affinity	{}		This key allows you to set the affinity rules for the deployment of `email_service`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.email_service.labels	{}		Custom labels to add to the email service deployment
services.email_service.annotations	{}		Custom annotations to add to the email service deployment
env.email_service_envs.smtp_domain		Yes	The SMTP Domain to be used with email service
env.email_service_envs.max_attachment_size	10485760 (10MB)		Maximum email attachment size in bytes

Note: When the email service is enabled, the cert-issuer will be automatically created to handle TLS certificates for the email service.

Outbox Poller Service Deployment

Setting	Default	Description
services.outbox_poller.enabled	false	Set to `true` to enable the outbox poller service deployment
services.outbox_poller.replicas	1	Number of replicas for the outbox poller service deployment
services.outbox_poller.memoryLimit	1000Mi	Memory limit for the outbox poller service deployment
services.outbox_poller.cpuLimit	500m	CPU limit for the outbox poller service deployment
services.outbox_poller.memoryRequest	50Mi	Memory request for the outbox poller service deployment
services.outbox_poller.cpuRequest	50m	CPU request for the outbox poller service deployment
services.outbox_poller.pullPolicy	Always	Image pull policy for the outbox poller service deployment
services.outbox_poller.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.outbox_poller.nodeSelector	{}	This key allows you to set the node selector for the deployment of `outbox_poller`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.outbox_poller.tolerations	[]	This key allows you to set the tolerations for the deployment of `outbox_poller`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.outbox_poller.affinity	{}	This key allows you to set the affinity rules for the deployment of `outbox_poller`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.outbox_poller.labels	{}	Custom labels to add to the outbox poller deployment
services.outbox_poller.annotations	{}	Custom annotations to add to the outbox poller deployment
env.outbox_poller_envs.memory_limit_mb	400	Memory limit in MB for the outbox poller
env.outbox_poller_envs.interval_min	0.25	Minimum interval in minutes for polling
env.outbox_poller_envs.interval_max	2	Maximum interval in minutes for polling
env.outbox_poller_envs.batch_size	250	Batch size for processing outbox messages
env.outbox_poller_envs.memory_check_interval	30	Memory check interval in seconds
env.outbox_poller_envs.pool.size	4	Pool size for database connections
env.outbox_poller_envs.pool.min_size	2	Minimum pool size for database connections
env.outbox_poller_envs.pool.max_size	10	Maximum pool size for database connections
env.outbox_poller_envs.pool.timeout	30.0	Pool timeout in seconds
env.outbox_poller_envs.pool.max_idle	300.0	Maximum idle time for connections in seconds
env.outbox_poller_envs.pool.max_lifetime	3600	Maximum lifetime for connections in seconds
env.outbox_poller_envs.pool.reconnect_timeout	5.0	Reconnect timeout in seconds
env.outbox_poller_envs.pool.health_check_interval	60	Health check interval in seconds

Automation Consumer Deployment

Setting	Default	Description
services.automation_consumer.enabled	false	Set to `true` to enable the automation consumer service deployment
services.automation_consumer.replicas	1	Number of replicas for the automation consumer service deployment
services.automation_consumer.memoryLimit	1000Mi	Memory limit for the automation consumer service deployment
services.automation_consumer.cpuLimit	500m	CPU limit for the automation consumer service deployment
services.automation_consumer.memoryRequest	50Mi	Memory request for the automation consumer service deployment
services.automation_consumer.cpuRequest	50m	CPU request for the automation consumer service deployment
services.automation_consumer.pullPolicy	Always	Image pull policy for the automation consumer service deployment
services.automation_consumer.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.automation_consumer.nodeSelector	{}	This key allows you to set the node selector for the deployment of `automation_consumer`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.automation_consumer.tolerations	[]	This key allows you to set the tolerations for the deployment of `automation_consumer`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.automation_consumer.affinity	{}	This key allows you to set the affinity rules for the deployment of `automation_consumer`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.automation_consumer.labels	{}	Custom labels to add to the automation consumer deployment
services.automation_consumer.annotations	{}	Custom annotations to add to the automation consumer deployment
env.automation_consumer_envs.event_stream_queue_name	"plane.event_stream.automations"	Event stream queue name for automations
env.automation_consumer_envs.event_stream_prefetch	10	Event stream prefetch count
env.automation_consumer_envs.exchange_name	"plane.event_stream"	Exchange name for event stream
env.automation_consumer_envs.event_types	"issue"	Event types to process

Iframely Deployment

Setting	Default	Description
services.iframely.enabled	false	Set to `true` to enable the Iframely service deployment
services.iframely.replicas	1	Number of replicas for the Iframely service deployment
services.iframely.memoryLimit	1000Mi	Memory limit for the Iframely service deployment
services.iframely.cpuLimit	500m	CPU limit for the Iframely service deployment
services.iframely.memoryRequest	50Mi	Memory request for the Iframely service deployment
services.iframely.cpuRequest	50m	CPU request for the Iframely service deployment
services.iframely.image	makeplane/iframely:v1.2.0	Docker image for the Iframely service deployment
services.iframely.pullPolicy	Always	Image pull policy for the Iframely service deployment
services.iframely.assign_cluster_ip	false	Set it to `true` if you want to assign `ClusterIP` to the service
services.iframely.nodeSelector	{}	This key allows you to set the node selector for the deployment of `iframely`. This is useful when you want to run the deployment on specific nodes in your Kubernetes cluster.
services.iframely.tolerations	[]	This key allows you to set the tolerations for the deployment of `iframely`. This is useful when you want to run the deployment on nodes with specific taints in your Kubernetes cluster.
services.iframely.affinity	{}	This key allows you to set the affinity rules for the deployment of `iframely`. This is useful when you want to control how pods are scheduled on nodes in your Kubernetes cluster.
services.iframely.labels	{}	Custom labels to add to the iframely deployment
services.iframely.annotations	{}	Custom annotations to add to the iframely deployment

Ingress and SSL Setup

Setting	Default	Required	Description
ingress.enabled	true		Ingress setup in kubernetes is a common practice to expose application to the intended audience. Set it to `false` if you are using external ingress providers like `Cloudflare`
ingress.minioHost			Based on above configuration, if you want to expose the `minio` web console to set of users, use this key to set the `host` mapping or leave it as `EMPTY` to not expose interface.
ingress.rabbitmqHost			Based on above configuration, if you want to expose the `rabbitmq` web console to set of users, use this key to set the `host` mapping or leave it as `EMPTY` to not expose interface.
ingress.ingressClass	nginx	Yes	Kubernetes cluster setup comes with various options of `ingressClass`. Based on your setup, set this value to the right one (eg. nginx, traefik, etc). Leave it to default in case you are using external ingress provider.
ingress.ingress_annotations	`{ "nginx.ingress.kubernetes.io/proxy-body-size": "5m" }`		Ingress controllers comes with various configuration options which can be passed as annotations. Setting this value lets you change the default value to user required.
ssl.createIssuer	false		Kubernets cluster setup supports creating `issuer` type resource. After deployment, this is step towards creating secure access to the ingress url. Issuer is required for you generate SSL certifiate. Kubernetes can be configured to use any of the certificate authority to generate SSL (depending on CertManager configuration). Set it to `true` to create the issuer. Applicable only when `ingress.enabled=true`
ssl.issuer	http		CertManager configuration allows user to create issuers using `http` or any of the other DNS Providers like `cloudflare`, `digitalocean`, etc. As of now Plane supports `http`, `cloudflare`, `digitalocean`
ssl.token			To create issuers using DNS challenge, set the issuer api token of dns provider like cloudflare`or`digitalocean`(not required for http)
ssl.server	https://acme-v02.api.letsencrypt.org/directory		Issuer creation configuration need the certificate generation authority server url. Default URL is the `Let's Encrypt` server
ssl.email	plane@example.com		Certificate generation authority needs a valid email id before generating certificate. Required when `ssl.createIssuer=true`
ssl.generateCerts	false		After creating the issuers, user can still not create the certificate untill sure of configuration. Setting this to `true` will try to generate SSL certificate and associate with ingress. Applicable only when `ingress.enabled=true` and `ssl.createIssuer=true`
ssl.tls_secret_name			If you have a custom TLS secret name, set this to the name of the secret. Applicable only when `ingress.enabled=true` and `ssl.createIssuer=false`

Common Environment Settings

Setting	Default	Required	Description
env.storageClass	<k8s-default-storage-class>		Creating the persitant volumes for the stateful deployments needs the `storageClass` name. Set the correct value as per your kubernetes cluster configuration.
env.secret_key	60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5	Yes	This must a random string which is used for hashing/encrypting the sensitive data within the application. Once set, changing this might impact the already hashed/encrypted data

Extra Environment Variables

Setting	Default	Required	Description
extraEnv	[]	No	Global extra environment variables that will be applied to all workloads. This allows you to add custom environment variables to all deployments (web, api, worker, etc.). Useful for proxy settings, custom configurations, or any environment-specific variables. Some example variables are HTTP_PROXY, HTTPS_PROXY, NO_PROXY.

External Secrets Config

To configure the external secrets for your application, you need to define specific environment variables for each secret category. Below is a list of the required secrets and their respective environment variables.

Secret Name	Env Var Name	Required	Description	Example Value
rabbitmq_existingSecret	`RABBITMQ_DEFAULT_USER`	Required if `rabbitmq.local_setup=true`	The default RabbitMQ user	`plane`
	`RABBITMQ_DEFAULT_PASS`	Required if `rabbitmq.local_setup=true`	The default RabbitMQ password	`plane`
pgdb_existingSecret	`POSTGRES_PASSWORD`	Required if `postgres.local_setup=true`	Password for PostgreSQL database	`plane`
	`POSTGRES_DB`	Required if `postgres.local_setup=true`	Name of the PostgreSQL database	`plane`
	`POSTGRES_USER`	Required if `postgres.local_setup=true`	PostgreSQL user	`plane`
opensearch_existingSecret	`OPENSEARCH_ENABLED`	Yes	Flag to enable OpenSearch	`1` (enabled) or `0` (disabled)
	`OPENSEARCH_URL`	Required if OpenSearch is enabled	OpenSearch connection URL	k8s service example: `http://plane-opensearch.plane-ns.svc.cluster.local:9200` external service example: `https://your-opensearch-host:9200`
	`OPENSEARCH_USERNAME`	Required if OpenSearch is enabled	Username for OpenSearch	local setup: `plane` remote setup: `your_remote_username`
	`OPENSEARCH_PASSWORD`	Required if OpenSearch is enabled	Password for OpenSearch	local setup: `Secure@Pass#123!%^&` remote setup*: `your_remote_password`
	`OPENSEARCH_INITIAL_ADMIN_PASSWORD`	Required if `opensearch.local_setup=true`	Initial admin password for local OpenSearch	`Secure@Pass#123!%^&*`
	`OPENSEARCH_INDEX_PREFIX`	Optional	Prefix for OpenSearch indices	`plane_`
	`OPENSEARCH_EMBEDDING_DIMENSION`	Optional	Embedding vector dimension for OpenSearch	`1536`
doc_store_existingSecret	`USE_MINIO`	Yes	Flag to enable MinIO as the storage backend	`1`
	`MINIO_ROOT_USER`	Yes	MinIO root user	`admin`
	`MINIO_ROOT_PASSWORD`	Yes	MinIO root password	`password`
	`AWS_ACCESS_KEY_ID`	Yes	AWS Access Key ID	`your_aws_key`
	`AWS_SECRET_ACCESS_KEY`	Yes	AWS Secret Access Key	`your_aws_secret`
	`AWS_S3_BUCKET_NAME`	Yes	AWS S3 Bucket Name	`your_bucket_name`
	`AWS_S3_ENDPOINT_URL`	Yes	Endpoint URL for AWS S3 or MinIO	`http://plane-minio.plane-ns.svc.cluster.local:9000`
	`AWS_REGION`	Optional	AWS region where your S3 bucket is located	`your_aws_region`
	`FILE_SIZE_LIMIT`	Yes	Limit for file uploads in your system	`5MB`
app_env_existingSecret	`SECRET_KEY`	Yes	Random secret key	`60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5`
	`REDIS_URL`	Yes	Redis URL	`redis://plane-redis.plane-ns.svc.cluster.local:6379/`
	`DATABASE_URL`	Yes	PostgreSQL connection URL	k8s service example: `postgresql://plane:plane@plane-pgdb.plane-ns.svc.cluster.local:5432/plane` external service example: `postgresql://username:password@your-db-host:5432/plane`
	`AMQP_URL`	Yes	RabbitMQ connection URL	k8s service example: `amqp://plane:plane@plane-rabbitmq.plane-ns.svc.cluster.local:5672/` external service example: `amqp://username:password@your-rabbitmq-host:5672/`
live_env_existingSecret	`REDIS_URL`	Yes	Redis URL	`redis://plane-redis.plane-ns.svc.cluster.local:6379/`
silo_env_existingSecret	`SILO_HMAC_SECRET_KEY`	Yes	Silo HMAC secret Key	`<random-32-bit-string>`
	`REDIS_URL`	Yes	Redis URL	`redis://plane-redis.plane-ns.svc.cluster.local:6379/`
	`DATABASE_URL`	Yes	PostgreSQL connection URL	k8s service example: `postgresql://plane:plane@plane-pgdb.plane-ns.svc.cluster.local:5432/plane` external service example: `postgresql://username:password@your-db-host:5432/plane`
	`AMQP_URL`	Yes	RabbitMQ connection URL	k8s service example: `amqp://plane:plane@plane-rabbitmq.plane-ns.svc.cluster.local:5672/` external service example: `amqp://username:password@your-rabbitmq-host:5672/`
	`GITHUB_APP_NAME`	required if `services.silo.connectors.github.enabled` is `true`	GitHub app name	`your_github_app_name`
	`GITHUB_APP_ID`	required if `services.silo.connectors.github.enabled` is `true`	GitHub app ID	`your_github_app_id`
	`GITHUB_CLIENT_ID`	required if `services.silo.connectors.github.enabled` is `true`	GitHub client ID	`your_github_client_id`
	`GITHUB_CLIENT_SECRET`	required if `services.silo.connectors.github.enabled` is `true`	GitHub client secret key	`your_github_client_secret_key`
	`GITHUB_PRIVATE_KEY`	required if `services.silo.connectors.github.enabled` is `true`	GitHub private key	`your_github_private_key`
	`SLACK_CLIENT_ID`	required if `services.silo.connectors.slack.enabled` is `true`	Slack client ID	`your_slack_client_id`
	`SLACK_CLIENT_SECRET`	required if `services.silo.connectors.slack.enabled` is `true`	Slack client secret key	`your_slack_client_secret_key`
	`GITLAB_CLIENT_ID`	required if `services.silo.connectors.gitlab.enabled` is `true`	GitLab client ID	`your_gitlab_client_id`
	`GITLAB_CLIENT_SECRET`	required if `services.silo.connectors.gitlab.enabled` is `true`	GitLab client secret key	`your_gitlab_client_secret_key`
pi_api_env_existingSecret	`PLANE_PI_DATABASE_URL`	Yes (if `services.pi.enabled=true`)	PostgreSQL connection URL for Plane AI (PI) database	k8s service example: `postgresql://plane:plane@plane-pgdb.plane-ns.svc.cluster.local/plane_pi` external: `postgresql://username:password@your-db-host:5432/plane_pi`
	`AMQP_URL`	Yes (if `services.pi.enabled=true`)	RabbitMQ connection URL	k8s service example: `amqp://plane:plane@plane-rabbitmq.plane-ns.svc.cluster.local:5672/` external: `amqp://username:password@your-rabbitmq-host:5672/`
	`AES_SECRET_KEY`	Yes (if `services.pi.enabled=true`)	AES secret key for Plane AI (PI)	`dsOdt7YrvxsTIFJ37pOaEVvLxN8KGBCr` (or your own value)
	`OPENAI_API_KEY`	required if `services.pi.ai_providers.openai.enabled` is `true`	OpenAI API key	`your_openai_api_key`
	`CLAUDE_API_KEY`	required if `services.pi.ai_providers.claude.enabled` is `true`	Claude API key	`your_claude_api_key`
	`GROQ_API_KEY`	required if `services.pi.ai_providers.groq.enabled` is `true`	Groq API key	`your_groq_api_key`
	`COHERE_API_KEY`	Optional (empty if not using Cohere)	Cohere API key	`your_cohere_api_key`
	`CUSTOM_LLM_API_KEY`	required if `services.pi.ai_providers.custom_llm.enabled` is `true`	Custom LLM API key	`your_custom_llm_api_key`
	`BR_AWS_SECRET_ACCESS_KEY`	required if `services.pi.ai_providers.embedding_model.enabled` is `true`	AWS secret for embedding model	`your_aws_secret_access_key`
	`BR_AWS_SESSION_TOKEN`	required if embedding model uses temporary credentials	AWS session token for embedding model	`your_aws_session_token`

Custom Ingress Routes

If you are planning to use 3rd party ingress providers, here is the available route configuration

Host	Path	Service	Required
plane.example.com	/	http://plane-app-web.plane:3000	Yes
plane.example.com	/spaces/*	http://plane-app-space.plane:3000	Yes
plane.example.com	/god-mode/*	http://plane-app-admin.plane:3000	Yes
plane.example.com	/live/*	http://plane-app-live.plane:3000	Yes
plane.example.com	/silo/*	http://plane-app-silo.plane:3000	Yes (if `services.silo.enabled=true` )
plane.example.com	/pi/*	http://plane-app-pi-api.plane:8000	Yes (if `services.pi.enabled=true`)
plane.example.com	/api/*	http://plane-app-api.plane:8000	Yes
plane.example.com	/auth/*	http://plane-app-api.plane:8000	Yes
plane.example.com	/graphql/*	http://plane-app-api.plane:8000	Yes
plane.example.com	/marketplace/*	http://plane-app-api.plane:8000	Yes
plane.example.com	/uploads/*	http://plane-app-minio.plane:9000	Yes (Only if using local setup)
plane-minio.example.com	/	http://plane-app-minio.plane:9090	(Optional) if using local setup, this will enable minio console access
plane-mq.example.com	/	http://plane-app-rabbitmq.plane:15672	(Optional) if using local setup, this will enable management console access

FilesExpand file tree

README.md

Latest commit

History