Support TLS Secret Configuration in Both Helm Charts

[akshat5302]

Changes:

• Add Support TLS Secret Configuration in Both Plane CE and Plane EE Helm Charts

Summary by CodeRabbit

• New Features

  • Added a custom TLS secret option to SSL settings, enabling users to specify their own TLS secret for flexible ingress and certificate management.
  • Refined conditions for TLS configuration to better differentiate between automatically generated certificates and custom TLS setups.

• Chores

  • Updated version numbers for both the CE and Enterprise releases.

• Documentation

  • Revised configuration guides and comments to detail the new TLS secret option and provide guidance for Let's Encrypt usage.

[coderabbitai]

Walkthrough

This pull request updates the Helm charts for both Plane-CE and Plane Enterprise. Version numbers in the Chart files have been bumped, and a new SSL configuration option (ssl.tls_secret_name) has been introduced across README, questions, and values files. Additionally, conditional logic in templates for certificate issuers, certificates, and ingress TLS configuration has been modified to check for the presence (or absence) of a custom TLS secret name.

Changes

File(s)	Change Summary
charts/plane-ce/Chart.yaml	Updated version from 1.0.30 to 1.1.0 and appVersion from "0.25.2" to "0.25.3".
charts/plane-enterprise/Chart.yaml	Updated version from 1.1.7 to 1.1.8.
charts/plane-ce/README.md, charts/plane-enterprise/README.md	Added new SSL configuration option ssl.tls_secret_name for specifying a custom TLS secret name.
charts/plane-ce/questions.yml, charts/plane-enterprise/questions.yml	Introduced new variable ssl.tls_secret_name (type string, default value "", group “Ingress”, conditionally displayed when ssl.createIssuer=false).
charts/plane-ce/templates/certs/cert-issuers.yaml, charts/plane-ce/templates/certs/certs.yaml, charts/plane-enterprise/templates/certs/cert-issuers.yaml, charts/plane-enterprise/templates/certs/certs.yaml	Modified conditional checks in certificate issuer and certificate resource templates to include a check for an empty tls_secret_name.
charts/plane-ce/templates/ingress.yaml, charts/plane-enterprise/templates/ingress.yaml	Altered TLS configuration logic: if ssl.tls_secret_name is provided, a TLS block is generated using that value; otherwise, the template falls back to checking ssl.generateCerts and ssl.createIssuer to configure TLS with a default secret name.
charts/plane-ce/values.yaml, charts/plane-enterprise/values.yaml	Added new configuration option tls_secret_name under the ssl section along with a comment regarding Let's Encrypt usage.

Sequence Diagram(s)

sequenceDiagram
    participant IT as "Ingress Template"
    participant SSL as "SSL Configuration"
    IT->>SSL: Check if tls_secret_name is provided
    alt tls_secret_name provided
        IT->>IT: Configure TLS block with custom secret name
    else tls_secret_name not provided
        IT->>SSL: Check generateCerts & createIssuer flags
        alt Both flags enabled
            IT->>IT: Configure TLS block with default secret name
        else
            IT->>IT: No TLS configuration applied
        end
    end

Loading

sequenceDiagram
    participant CT as "Certificate Template"
    participant SSL as "SSL Config"
    CT->>SSL: Evaluate ingress.enabled, createIssuer, and empty tls_secret_name
    alt All conditions met
        CT->>CT: Create certificate/issuer resource
    else
        CT->>CT: Skip resource creation
    end

Loading

Suggested reviewers

• mguptahub

Poem

I hopped through charts with leaps so bold,
New TLS secrets and versions told.
Conditions checked in YAML files tight,
SSL options shine soft and light.
In the code garden, I dance with delight –
A happy rabbit coding through the night!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (7)

charts/plane-enterprise/templates/certs/certs.yaml (1)

1-3: Helm Template Linting Note.
YAML lint tools may report a syntax error (e.g., "expected the node content, but found '-'") due to Helm templating syntax. Verify that your linter is configured to either ignore or properly parse Helm template markers.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-ce/templates/certs/certs.yaml (1)

1-3: Helm Templating Syntax Notice.
Similar to the enterprise template, any YAML lint warnings here are likely due to Helm’s templating markers. Ensure your YAML linter is set up to handle these expressions.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-enterprise/questions.yml (1)

703-709: New TLS Secret Variable Addition and Trailing Spaces
The addition of the ssl.tls_secret_name variable is clear and correctly configured (with a default of an empty string, appropriate label, and grouping under "Ingress"). Please remove the trailing spaces on line 707 as flagged by YAMLlint to ensure compliance with linting standards.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 707-707: trailing spaces

(trailing-spaces)

charts/plane-ce/templates/certs/cert-issuers.yaml (1)

1-1: Helm Condition and YAMLlint Warning
The condition combining .Values.ingress.enabled, .Values.ssl.createIssuer, and (empty .Values.ssl.tls_secret_name) correctly ensures that the issuer is only created when a custom TLS secret name is not provided. Note that YAMLlint reports a syntax error at line 1 due to the Helm templating syntax. This is likely a false positive; however, please verify that the Helm templating engine processes this correctly. If the warning persists, consider adding a YAMLlint disable comment or adjusting the linter settings for Helm templates.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-ce/templates/ingress.yaml (1)

96-107: Flexible TLS Configuration Using Custom Secret Name
The new conditional block checking for .Values.ssl.tls_secret_name is well implemented. It correctly defines the TLS section by listing the relevant hosts and referencing the provided secret name. For clarity and maintainability, consider adding an inline comment to explain that this branch takes precedence over certificate generation via ssl.generateCerts and ssl.createIssuer when a custom secret is provided.

charts/plane-enterprise/templates/ingress.yaml (2)

111-121: TLS Configuration Using Custom Secret Name for Enterprise Ingress
In this Enterprise chart, the TLS block now uses .Values.license.licenseDomain as the primary host and conditionally adds MinIO and RabbitMQ hosts when available. This ensures that when a custom TLS secret name is provided, it is honored across all relevant endpoints. The implementation is consistent with the Plane-CE variant.

---

122-133: Fallback TLS Configuration with Auto-Generated Certificates
If no custom TLS secret name is set, the template correctly falls back to generating certificates using the combination of ssl.generateCerts and ssl.createIssuer. This alternative branch is clear in its intent and mirrors the behavior in the CE chart.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7e039b2 and 3528d2d.

📒 Files selected for processing (14)

• charts/plane-ce/Chart.yaml (1 hunks)
• charts/plane-ce/README.md (1 hunks)
• charts/plane-ce/questions.yml (1 hunks)
• charts/plane-ce/templates/certs/cert-issuers.yaml (1 hunks)
• charts/plane-ce/templates/certs/certs.yaml (1 hunks)
• charts/plane-ce/templates/ingress.yaml (1 hunks)
• charts/plane-ce/values.yaml (1 hunks)
• charts/plane-enterprise/Chart.yaml (1 hunks)
• charts/plane-enterprise/README.md (1 hunks)
• charts/plane-enterprise/questions.yml (1 hunks)
• charts/plane-enterprise/templates/certs/cert-issuers.yaml (1 hunks)
• charts/plane-enterprise/templates/certs/certs.yaml (1 hunks)
• charts/plane-enterprise/templates/ingress.yaml (1 hunks)
• charts/plane-enterprise/values.yaml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

charts/plane-enterprise/templates/certs/certs.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-ce/templates/certs/certs.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-enterprise/questions.yml

[error] 707-707: trailing spaces

(trailing-spaces)

charts/plane-ce/templates/certs/cert-issuers.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-enterprise/templates/certs/cert-issuers.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

🔇 Additional comments (10)

charts/plane-enterprise/Chart.yaml (1)

8-9: Version Bump Validated.
The version field has been updated from the previous value to 1.1.8 and the appVersion to "1.8.3" as expected. This aligns with the TLS configuration enhancements and overall release update.

charts/plane-enterprise/templates/certs/certs.yaml (1)

1-1: Refined Condition for Certificate Creation.
The addition of (empty .Values.ssl.tls_secret_name) to the existing condition ensures that a Certificate resource is only created when no custom TLS secret is provided. This logic matches the PR objective for providing TLS secret configuration flexibility.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-ce/templates/certs/certs.yaml (1)

1-1: Updated Certificate Creation Condition.
The condition now includes (empty .Values.ssl.tls_secret_name), ensuring that a Certificate is only generated when a custom TLS secret name hasn’t been specified. This change is well aligned with the new TLS secret configuration approach.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-ce/questions.yml (1)

559-565: Addition of Custom TLS Secret Name Variable.
The new variable ssl.tls_secret_name has been correctly added with a default empty string and is placed under the "Ingress" group. Its conditional show_if: "ssl.createIssuer=false" correctly ensures that it is only displayed when an issuer is not being created, fulfilling the intended functionality for configurable TLS secrets.

charts/plane-ce/Chart.yaml (1)

8-9: Version Update Confirmed.
The update of version: 1.1.0 and appVersion: "0.25.3" in this Chart file is consistent with the overall release and TLS configuration enhancements. No issues detected with these updates.

charts/plane-ce/README.md (1)

240-240: Document new TLS secret configuration option.
The newly added ssl.tls_secret_name option is clearly documented with conditions for its use (i.e. applicable when ingress.enabled=true and ssl.createIssuer=false). This addition helps users understand how to use a custom TLS secret.

charts/plane-enterprise/templates/certs/cert-issuers.yaml (1)

1-1: Refine certificate issuer creation condition.
The updated conditional expression now checks that ssl.tls_secret_name is empty in addition to ingress.enabled and ssl.createIssuer being true. This ensures that when a custom TLS secret is provided, the Helm chart will not create the default issuer resources.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

charts/plane-enterprise/values.yaml (1)

21-22: Add new TLS secret configuration option.
The addition of the tls_secret_name key under the ssl section—with a default empty string and a clarifying comment about using Let's Encrypt—is a clear enhancement. This change gives administrators more flexibility when they wish to manage their own TLS secrets.

charts/plane-enterprise/README.md (1)

302-302: Document the custom TLS secret name configuration.
The new table row for ssl.tls_secret_name clearly communicates its purpose and usage conditions, ensuring users know they should only set this value when ssl.createIssuer is false and ingress is enabled.

charts/plane-ce/values.yaml (1)

19-21: Introduce TLS secret configuration option.
The ssl section now includes the tls_secret_name key initialized to an empty string, along with a comment guiding users on using Let's Encrypt. This is consistent with the Enterprise chart updates and improves overall configuration clarity.