Fix swagger docs

* Fix swagger docs

* minor correction

.vscode.example/portainer.code-snippets

@@ -163,19 +163,5 @@
       "// @failure 500 \"Server error\"",
       "// @router /{id} [get]"
     ]
-  },
-  "analytics": {
-    "prefix": "nlt",
-    "body": ["analytics-on", "analytics-category=\"$1\"", "analytics-event=\"$2\""],
-    "description": "analytics"
-  },
-  "analytics-if": {
-    "prefix": "nltf",
-    "body": ["analytics-if=\"$1\""],
-    "description": "analytics"
-  },
-  "analytics-metadata": {
-    "prefix": "nltm",
-    "body": "analytics-properties=\"{ metadata: { $1 } }\""
   }
 }

api/bolt/datastore.go

@@ -6,6 +6,8 @@ import (
 	"path"
 	"time"
 
+	"github.com/portainer/portainer/api/bolt/helmuserrepository"
+
 	"github.com/boltdb/bolt"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/customtemplate"
@@ -44,33 +46,34 @@ const (
 // Store defines the implementation of portainer.DataStore using
 // BoltDB as the storage system.
 type Store struct {
-	path                    string
-	connection              *internal.DbConnection
-	isNew                   bool
-	fileService             portainer.FileService
-	CustomTemplateService   *customtemplate.Service
-	DockerHubService        *dockerhub.Service
-	EdgeGroupService        *edgegroup.Service
-	EdgeJobService          *edgejob.Service
-	EdgeStackService        *edgestack.Service
-	EndpointGroupService    *endpointgroup.Service
-	EndpointService         *endpoint.Service
-	EndpointRelationService *endpointrelation.Service
-	ExtensionService        *extension.Service
-	RegistryService         *registry.Service
-	ResourceControlService  *resourcecontrol.Service
-	RoleService             *role.Service
-	ScheduleService         *schedule.Service
-	SettingsService         *settings.Service
-	SSLSettingsService      *ssl.Service
-	StackService            *stack.Service
-	TagService              *tag.Service
-	TeamMembershipService   *teammembership.Service
-	TeamService             *team.Service
-	TunnelServerService     *tunnelserver.Service
-	UserService             *user.Service
-	VersionService          *version.Service
-	WebhookService          *webhook.Service
+	path                      string
+	connection                *internal.DbConnection
+	isNew                     bool
+	fileService               portainer.FileService
+	CustomTemplateService     *customtemplate.Service
+	DockerHubService          *dockerhub.Service
+	EdgeGroupService          *edgegroup.Service
+	EdgeJobService            *edgejob.Service
+	EdgeStackService          *edgestack.Service
+	EndpointGroupService      *endpointgroup.Service
+	EndpointService           *endpoint.Service
+	EndpointRelationService   *endpointrelation.Service
+	ExtensionService          *extension.Service
+	HelmUserRepositoryService *helmuserrepository.Service
+	RegistryService           *registry.Service
+	ResourceControlService    *resourcecontrol.Service
+	RoleService               *role.Service
+	ScheduleService           *schedule.Service
+	SettingsService           *settings.Service
+	SSLSettingsService        *ssl.Service
+	StackService              *stack.Service
+	TagService                *tag.Service
+	TeamMembershipService     *teammembership.Service
+	TeamService               *team.Service
+	TunnelServerService       *tunnelserver.Service
+	UserService               *user.Service
+	VersionService            *version.Service
+	WebhookService            *webhook.Service
 }
 
 func (store *Store) edition() portainer.SoftwareEdition {

api/bolt/helmuserrepository/helmuserrepository.go

@@ -0,0 +1,73 @@
+package helmuserrepository
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
+)
+
+const (
+	// BucketName represents the name of the bucket where this service stores data.
+	BucketName = "helm_user_repository"
+)
+
+// Service represents a service for managing endpoint data.
+type Service struct {
+	connection *internal.DbConnection
+}
+
+// NewService creates a new instance of a service.
+func NewService(connection *internal.DbConnection) (*Service, error) {
+	err := internal.CreateBucket(connection, BucketName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Service{
+		connection: connection,
+	}, nil
+}
+
+// HelmUserRepositoryByUserID return an array containing all the HelmUserRepository objects where the specified userID is present.
+func (service *Service) HelmUserRepositoryByUserID(userID portainer.UserID) ([]portainer.HelmUserRepository, error) {
+	var result = make([]portainer.HelmUserRepository, 0)
+
+	err := service.connection.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		cursor := bucket.Cursor()
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var record portainer.HelmUserRepository
+			err := internal.UnmarshalObject(v, &record)
+			if err != nil {
+				return err
+			}
+
+			if record.UserID == userID {
+				result = append(result, record)
+			}
+		}
+
+		return nil
+	})
+
+	return result, err
+}
+
+// CreateHelmUserRepository creates a new HelmUserRepository object.
+func (service *Service) CreateHelmUserRepository(record *portainer.HelmUserRepository) error {
+	return service.connection.Update(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		id, _ := bucket.NextSequence()
+		record.ID = portainer.HelmUserRepositoryID(id)
+
+		data, err := internal.MarshalObject(record)
+		if err != nil {
+			return err
+		}
+
+		return bucket.Put(internal.Itob(int(record.ID)), data)
+	})
+}

api/bolt/init.go

@@ -44,6 +44,7 @@ func (store *Store) Init() error {
 
 			EdgeAgentCheckinInterval: portainer.DefaultEdgeAgentCheckinIntervalInSeconds,
 			TemplatesURL:             portainer.DefaultTemplatesURL,
+			HelmRepositoryURL:        portainer.DefaultHelmRepositoryURL,
 			UserSessionTimeout:       portainer.DefaultUserSessionTimeout,
 			KubeconfigExpiry:         portainer.DefaultKubeconfigExpiry,
 		}

api/bolt/migrator/migrate_dbversion31.go

@@ -28,6 +28,10 @@ func (m *Migrator) migrateDBVersionToDB32() error {
 		return err
 	}
 
+	if err := m.helmRepositoryURLToDB32(); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -223,4 +227,13 @@ func (m *Migrator) kubeconfigExpiryToDB32() error {
 	}
 	settings.KubeconfigExpiry = portainer.DefaultKubeconfigExpiry
 	return m.settingsService.UpdateSettings(settings)
-}
+}
+
+func (m *Migrator) helmRepositoryURLToDB32() error {
+	settings, err := m.settingsService.Settings()
+	if err != nil {
+		return err
+	}
+	settings.HelmRepositoryURL = portainer.DefaultHelmRepositoryURL
+	return m.settingsService.UpdateSettings(settings)
+}

api/bolt/services.go

@@ -11,6 +11,7 @@ import (
 	"github.com/portainer/portainer/api/bolt/endpointgroup"
 	"github.com/portainer/portainer/api/bolt/endpointrelation"
 	"github.com/portainer/portainer/api/bolt/extension"
+	"github.com/portainer/portainer/api/bolt/helmuserrepository"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
 	"github.com/portainer/portainer/api/bolt/role"
@@ -88,6 +89,12 @@ func (store *Store) initServices() error {
 	}
 	store.ExtensionService = extensionService
 
+	helmUserRepositoryService, err := helmuserrepository.NewService(store.connection)
+	if err != nil {
+		return err
+	}
+	store.HelmUserRepositoryService = helmUserRepositoryService
+
 	registryService, err := registry.NewService(store.connection)
 	if err != nil {
 		return err
@@ -204,6 +211,11 @@ func (store *Store) EndpointRelation() portainer.EndpointRelationService {
 	return store.EndpointRelationService
 }
 
+// HelmUserRepository access the helm user repository settings
+func (store *Store) HelmUserRepository() portainer.HelmUserRepositoryService {
+	return store.HelmUserRepositoryService
+}
+
 // Registry gives access to the Registry data management layer
 func (store *Store) Registry() portainer.RegistryService {
 	return store.RegistryService

api/cmd/portainer/main.go

@@ -13,6 +13,7 @@ import (
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/docker"
 
+	"github.com/portainer/libhelm"
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
 	"github.com/portainer/portainer/api/git"
@@ -104,6 +105,10 @@ func initKubernetesDeployer(kubernetesTokenCacheManager *kubeproxy.TokenCacheMan
 	return exec.NewKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, signatureService, assetsPath)
 }
 
+func initHelmPackageManager(assetsPath string) (libhelm.HelmPackageManager, error) {
+	return libhelm.NewHelmPackageManager(libhelm.HelmConfig{BinaryPath: assetsPath})
+}
+
 func initJWTService(dataStore portainer.DataStore) (portainer.JWTService, error) {
 	settings, err := dataStore.Settings().Settings()
 	if err != nil {
@@ -422,6 +427,11 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatal(err)
 	}
 
+	sslSettings, err := sslService.GetSSLSettings()
+	if err != nil {
+		log.Fatalf("failed to get ssl settings: %s", err)
+	}
+
 	err = initKeyPair(fileService, digitalSignatureService)
 	if err != nil {
 		log.Fatalf("failed initializing key pai: %v", err)
@@ -451,12 +461,20 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatalf("failed initializing swarm stack manager: %v", err)
 	}
 	kubernetesTokenCacheManager := kubeproxy.NewTokenCacheManager()
+
+	kubeConfigService := kubernetes.NewKubeConfigCAService(*flags.AddrHTTPS, sslSettings.CertPath)
+
 	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)
 
 	composeStackManager := initComposeStackManager(*flags.Assets, *flags.Data, reverseTunnelService, proxyManager)
 
 	kubernetesDeployer := initKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, digitalSignatureService, *flags.Assets)
 
+	helmPackageManager, err := initHelmPackageManager(*flags.Assets)
+	if err != nil {
+		log.Fatalf("failed initializing helm package manager: %s", err)
+	}
+
 	if dataStore.IsNew() {
 		err = updateSettingsFromFlags(dataStore, flags)
 		if err != nil {
@@ -517,7 +535,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatalf("failed starting tunnel server: %s", err)
 	}
 
-	sslSettings, err := dataStore.SSLSettings().Settings()
+	sslDBSettings, err := dataStore.SSLSettings().Settings()
 	if err != nil {
 		log.Fatalf("failed to fetch ssl settings from DB")
 	}
@@ -532,12 +550,13 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		Status:                      applicationStatus,
 		BindAddress:                 *flags.Addr,
 		BindAddressHTTPS:            *flags.AddrHTTPS,
-		HTTPEnabled:                 sslSettings.HTTPEnabled,
+		HTTPEnabled:                 sslDBSettings.HTTPEnabled,
 		AssetsPath:                  *flags.Assets,
 		DataStore:                   dataStore,
 		SwarmStackManager:           swarmStackManager,
 		ComposeStackManager:         composeStackManager,
 		KubernetesDeployer:          kubernetesDeployer,
+		HelmPackageManager:          helmPackageManager,
 		CryptoService:               cryptoService,
 		JWTService:                  jwtService,
 		FileService:                 fileService,
@@ -546,6 +565,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		GitService:                  gitService,
 		ProxyManager:                proxyManager,
 		KubernetesTokenCacheManager: kubernetesTokenCacheManager,
+		KubeConfigService:           kubeConfigService,
 		SignatureService:            digitalSignatureService,
 		SnapshotService:             snapshotService,
 		SSLService:                  sslService,

api/exec/kubernetes_deploy.go

@@ -5,6 +5,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes/cli"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -14,10 +17,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/kubernetes/cli"
-
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/crypto"
 )
@@ -81,7 +80,7 @@ func (deployer *KubernetesDeployer) getToken(request *http.Request, endpoint *po
 // Otherwise it will use kubectl to deploy the manifest.
 func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *portainer.Endpoint, stackConfig string, namespace string) (string, error) {
 	if endpoint.Type == portainer.KubernetesLocalEnvironment {
-		token, err := deployer.getToken(request, endpoint, true)
+		token, err := deployer.getToken(request, endpoint, true);
 		if err != nil {
 			return "", err
 		}
@@ -180,7 +179,7 @@ func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *port
 		return "", err
 	}
 
-	token, err := deployer.getToken(request, endpoint, false)
+	token, err := deployer.getToken(request, endpoint, false);
 	if err != nil {
 		return "", err
 	}
@@ -230,7 +229,7 @@ func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *port
 }
 
 // ConvertCompose leverages the kompose binary to deploy a compose compliant manifest.
-func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error) {
+func (deployer *KubernetesDeployer) ConvertCompose(data string) ([]byte, error) {
 	command := path.Join(deployer.binaryPath, "kompose")
 	if runtime.GOOS == "windows" {
 		command = path.Join(deployer.binaryPath, "kompose.exe")
@@ -242,7 +241,7 @@ func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error)
 	var stderr bytes.Buffer
 	cmd := exec.Command(command, args...)
 	cmd.Stderr = &stderr
-	cmd.Stdin = bytes.NewReader(data)
+	cmd.Stdin = strings.NewReader(data)
 
 	output, err := cmd.Output()
 	if err != nil {

api/go.mod

@@ -30,6 +30,7 @@ require (
 	github.com/portainer/docker-compose-wrapper v0.0.0-20210810234209-d01bc85eb481
 	github.com/portainer/libcompose v0.5.3
 	github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a
+	github.com/portainer/libhelm v0.0.0-20210901032115-ad822f351174
 	github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/sirupsen/logrus v1.8.1

api/go.sum

@@ -247,6 +247,8 @@ github.com/portainer/libcompose v0.5.3 h1:tE4WcPuGvo+NKeDkDWpwNavNLZ5GHIJ4RvuZXs
 github.com/portainer/libcompose v0.5.3/go.mod h1:7SKd/ho69rRKHDFSDUwkbMcol2TMKU5OslDsajr8Ro8=
 github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a h1:qY8TbocN75n5PDl16o0uVr5MevtM5IhdwSelXEd4nFM=
 github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a/go.mod h1:n54EEIq+MM0NNtqLeCby8ljL+l275VpolXO0ibHegLE=
+github.com/portainer/libhelm v0.0.0-20210901032115-ad822f351174 h1:6iMxTpjyp/AHW2qCavLzwsE+BgVZVpjOAsRZEi1lFGs=
+github.com/portainer/libhelm v0.0.0-20210901032115-ad822f351174/go.mod h1:YvYAk7krKTzB+rFwDr0jQ3sQu2BtiXK1AR0sZH7nhJA=
 github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33 h1:H8HR2dHdBf8HANSkUyVw4o8+4tegGcd+zyKZ3e599II=
 github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33/go.mod h1:Y2TfgviWI4rT2qaOTHr+hq6MdKIE5YjgQAu7qwptTV0=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=

api/http/handler/customtemplates/customtemplate_create.go

@@ -105,10 +105,9 @@ type customTemplateFromFileContentPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
-	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
-	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
+	// Type of created stack (1 - swarm, 2 - compose)
+	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -123,10 +122,10 @@ func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
+	if payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
 	return nil
@@ -172,8 +171,7 @@ type customTemplateFromGitRepositoryPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
 	// Type of created stack (1 - swarm, 2 - compose)
 	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 
@@ -207,11 +205,6 @@ func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request)
 	if govalidator.IsNull(payload.ComposeFilePathInRepository) {
 		payload.ComposeFilePathInRepository = filesystem.ComposeFileDefaultName
 	}
-
-	if payload.Type == portainer.KubernetesStack {
-		return errors.New("Creating a Kubernetes custom template from git is not supported")
-	}
-
 	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
@@ -285,21 +278,20 @@ func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) er
 	note, _ := request.RetrieveMultiPartFormValue(r, "Note", true)
 	payload.Note = note
 
+	platform, _ := request.RetrieveNumericMultiPartFormValue(r, "Platform", true)
+	templatePlatform := portainer.CustomTemplatePlatform(platform)
+	if templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
+		return errors.New("Invalid custom template platform")
+	}
+	payload.Platform = templatePlatform
+
 	typeNumeral, _ := request.RetrieveNumericMultiPartFormValue(r, "Type", true)
 	templateType := portainer.StackType(typeNumeral)
-	if templateType != portainer.KubernetesStack && templateType != portainer.DockerSwarmStack && templateType != portainer.DockerComposeStack {
+	if templateType != portainer.DockerComposeStack && templateType != portainer.DockerSwarmStack {
 		return errors.New("Invalid custom template type")
 	}
 	payload.Type = templateType
 
-	platform, _ := request.RetrieveNumericMultiPartFormValue(r, "Platform", true)
-	templatePlatform := portainer.CustomTemplatePlatform(platform)
-	if templateType != portainer.KubernetesStack && templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
-		return errors.New("Invalid custom template platform")
-	}
-
-	payload.Platform = templatePlatform
-
 	composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "File")
 	if err != nil {
 		return errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")

api/http/handler/customtemplates/customtemplate_list.go

@@ -2,9 +2,7 @@ package customtemplates
 
 import (
 	"net/http"
-	"strconv"
 
-	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
@@ -19,16 +17,10 @@ import (
 // @tags custom_templates
 // @security jwt
 // @produce json
-// @param type query []int true "Template types" Enums(1,2,3)
 // @success 200 {array} portainer.CustomTemplate "Success"
 // @failure 500 "Server error"
 // @router /custom_templates [get]
 func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	templateTypes, err := parseTemplateTypes(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid Custom template type", err}
-	}
-
 	customTemplates, err := handler.DataStore.CustomTemplate().CustomTemplates()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve custom templates from the database", err}
@@ -60,52 +52,5 @@ func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Reques
 		customTemplates = authorization.FilterAuthorizedCustomTemplates(customTemplates, user, userTeamIDs)
 	}
 
-	customTemplates = filterByType(customTemplates, templateTypes)
-
 	return response.JSON(w, customTemplates)
 }
-
-func parseTemplateTypes(r *http.Request) ([]portainer.StackType, error) {
-	err := r.ParseForm()
-	if err != nil {
-		return nil, errors.WithMessage(err, "failed to parse request params")
-	}
-
-	types, exist := r.Form["type"]
-	if !exist {
-		return []portainer.StackType{}, nil
-	}
-
-	res := []portainer.StackType{}
-	for _, templateTypeStr := range types {
-		templateType, err := strconv.Atoi(templateTypeStr)
-		if err != nil {
-			return nil, errors.WithMessage(err, "failed parsing template type")
-		}
-
-		res = append(res, portainer.StackType(templateType))
-	}
-
-	return res, nil
-}
-
-func filterByType(customTemplates []portainer.CustomTemplate, templateTypes []portainer.StackType) []portainer.CustomTemplate {
-	if len(templateTypes) == 0 {
-		return customTemplates
-	}
-
-	typeSet := map[portainer.StackType]bool{}
-	for _, templateType := range templateTypes {
-		typeSet[templateType] = true
-	}
-
-	filtered := []portainer.CustomTemplate{}
-
-	for _, template := range customTemplates {
-		if typeSet[template.Type] {
-			filtered = append(filtered, template)
-		}
-	}
-
-	return filtered
-}

api/http/handler/customtemplates/customtemplate_update.go

@@ -27,10 +27,9 @@ type customTemplateUpdatePayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
-	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
-	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
+	// Type of created stack (1 - swarm, 2 - compose)
+	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -42,10 +41,10 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
+	if payload.Type != portainer.DockerComposeStack && payload.Type != portainer.DockerSwarmStack {
 		return errors.New("Invalid custom template type")
 	}
 	if govalidator.IsNull(payload.Description) {

api/http/handler/handler.go

@@ -16,6 +16,7 @@ import (
 	"github.com/portainer/portainer/api/http/handler/endpointproxy"
 	"github.com/portainer/portainer/api/http/handler/endpoints"
 	"github.com/portainer/portainer/api/http/handler/file"
+	"github.com/portainer/portainer/api/http/handler/helm"
 	"github.com/portainer/portainer/api/http/handler/kubernetes"
 	"github.com/portainer/portainer/api/http/handler/motd"
 	"github.com/portainer/portainer/api/http/handler/registries"
@@ -47,7 +48,9 @@ type Handler struct {
 	EndpointEdgeHandler    *endpointedge.Handler
 	EndpointGroupHandler   *endpointgroups.Handler
 	EndpointHandler        *endpoints.Handler
+	EndpointHelmHandler    *helm.Handler
 	EndpointProxyHandler   *endpointproxy.Handler
+	HelmTemplatesHandler   *helm.Handler
 	KubernetesHandler      *kubernetes.Handler
 	FileHandler            *file.Handler
 	MOTDHandler            *motd.Handler
@@ -166,6 +169,11 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.EndpointGroupHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/kubernetes"):
 		http.StripPrefix("/api", h.KubernetesHandler).ServeHTTP(w, r)
+
+	// Helm subpath under kubernetes -> /api/endpoints/{id}/kubernetes/helm
+	case strings.HasPrefix(r.URL.Path, "/api/endpoints/") && strings.Contains(r.URL.Path, "/kubernetes/helm"):
+		http.StripPrefix("/api/endpoints", h.EndpointHelmHandler).ServeHTTP(w, r)
+
 	case strings.HasPrefix(r.URL.Path, "/api/endpoints"):
 		switch {
 		case strings.Contains(r.URL.Path, "/docker/"):
@@ -199,6 +207,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.StatusHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/tags"):
 		http.StripPrefix("/api", h.TagHandler).ServeHTTP(w, r)
+	case strings.HasPrefix(r.URL.Path, "/api/templates/helm"):
+		http.StripPrefix("/api", h.HelmTemplatesHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/templates"):
 		http.StripPrefix("/api", h.TemplatesHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/upload"):

api/http/handler/helm/handler.go

@@ -0,0 +1,98 @@
+package helm
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/portainer/libhelm"
+	"github.com/portainer/libhelm/options"
+	httperror "github.com/portainer/libhttp/error"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/middlewares"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes"
+)
+
+const (
+	handlerActivityContext = "Kubernetes"
+)
+
+type requestBouncer interface {
+	AuthenticatedAccess(h http.Handler) http.Handler
+}
+
+// Handler is the HTTP handler used to handle endpoint group operations.
+type Handler struct {
+	*mux.Router
+	requestBouncer     requestBouncer
+	dataStore          portainer.DataStore
+	kubeConfigService  kubernetes.KubeConfigService
+	helmPackageManager libhelm.HelmPackageManager
+}
+
+// NewHandler creates a handler to manage endpoint group operations.
+func NewHandler(bouncer requestBouncer, dataStore portainer.DataStore, helmPackageManager libhelm.HelmPackageManager, kubeConfigService kubernetes.KubeConfigService) *Handler {
+	h := &Handler{
+		Router:             mux.NewRouter(),
+		requestBouncer:     bouncer,
+		dataStore:          dataStore,
+		helmPackageManager: helmPackageManager,
+		kubeConfigService:  kubeConfigService,
+	}
+
+	h.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
+
+	// `helm list -o json`
+	h.Handle("/{id}/kubernetes/helm",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.helmList))).Methods(http.MethodGet)
+
+	// `helm delete RELEASE_NAME`
+	h.Handle("/{id}/kubernetes/helm/{release}",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.helmDelete))).Methods(http.MethodDelete)
+
+	// `helm install [NAME] [CHART] flags`
+	h.Handle("/{id}/kubernetes/helm",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.helmInstall))).Methods(http.MethodPost)
+
+	return h
+}
+
+// NewTemplateHandler creates a template handler to manage endpoint group operations.
+func NewTemplateHandler(bouncer requestBouncer, helmPackageManager libhelm.HelmPackageManager) *Handler {
+	h := &Handler{
+		Router:             mux.NewRouter(),
+		helmPackageManager: helmPackageManager,
+		requestBouncer:     bouncer,
+	}
+
+	h.Handle("/templates/helm",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.helmRepoSearch))).Methods(http.MethodGet)
+
+	// helm show [COMMAND] [CHART] [REPO] flags
+	h.Handle("/templates/helm/{command:chart|values|readme}",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.helmShow))).Methods(http.MethodGet)
+
+	return h
+}
+
+// getHelmClusterAccess obtains the core k8s cluster access details from request.
+// The cluster access includes the cluster server url, the user's bearer token and the tls certificate.
+// The cluster access is passed in as kube config CLI params to helm binary.
+func (handler *Handler) getHelmClusterAccess(r *http.Request) (*options.KubernetesClusterAccess, *httperror.HandlerError) {
+	endpoint, err := middlewares.FetchEndpoint(r)
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint on request context", err}
+	}
+
+	bearerToken, err := security.ExtractBearerToken(r)
+	if err != nil {
+		return nil, &httperror.HandlerError{http.StatusUnauthorized, "Unauthorized", err}
+	}
+
+	kubeConfigInternal := handler.kubeConfigService.GetKubeConfigInternal(endpoint.ID, bearerToken)
+	return &options.KubernetesClusterAccess{
+		ClusterServerURL:         kubeConfigInternal.ClusterServerURL,
+		CertificateAuthorityFile: kubeConfigInternal.CertificateAuthorityFile,
+		AuthToken:                kubeConfigInternal.AuthToken,
+	}, nil
+}

api/http/handler/helm/helm_delete.go

@@ -0,0 +1,55 @@
+package helm
+
+import (
+	"net/http"
+
+	"github.com/portainer/libhelm/options"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+)
+
+// @id HelmDelete
+// @summary Delete Helm Chart(s)
+// @description
+// @description **Access policy**: authorized
+// @tags helm_chart
+// @security jwt
+// @accept json
+// @produce json
+// @param release query string true "The name of the release/application to uninstall"
+// @param namespace query string true "An optional namespace"
+// @success 204 "Success"
+// @failure 400 "Invalid endpoint id or bad request"
+// @failure 401 "Unauthorized"
+// @failure 404 "Endpoint or ServiceAccount not found"
+// @failure 500 "Server error or helm error"
+// @router /endpoints/:id/kubernetes/helm/{release} [delete]
+func (handler *Handler) helmDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	release, err := request.RetrieveRouteVariableValue(r, "release")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "No release specified", err}
+	}
+
+	clusterAccess, httperr := handler.getHelmClusterAccess(r)
+	if httperr != nil {
+		return httperr
+	}
+
+	uninstallOpts := options.UninstallOptions{
+		Name:                    release,
+		KubernetesClusterAccess: clusterAccess,
+	}
+
+	q := r.URL.Query()
+	if namespace := q.Get("namespace"); namespace != "" {
+		uninstallOpts.Namespace = namespace
+	}
+
+	err = handler.helmPackageManager.Uninstall(uninstallOpts)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Helm returned an error", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/helm/helm_delete_test.go

@@ -0,0 +1,53 @@
+package helm
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/portainer/libhelm/binary/test"
+	"github.com/portainer/libhelm/options"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes"
+	"github.com/stretchr/testify/assert"
+
+	bolt "github.com/portainer/portainer/api/bolt/bolttest"
+	helper "github.com/portainer/portainer/api/internal/testhelpers"
+)
+
+func Test_helmDelete(t *testing.T) {
+	is := assert.New(t)
+
+	store, teardown := bolt.MustNewTestStore(true)
+	defer teardown()
+
+	err := store.Endpoint().CreateEndpoint(&portainer.Endpoint{ID: 1})
+	is.NoError(err, "Error creating endpoint")
+
+	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
+	is.NoError(err, "Error creating a user")
+
+	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
+	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+
+	is.NotNil(h, "Handler should not fail")
+
+	// Install a single chart directly, to be deleted by the handler
+	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default"}
+	h.helmPackageManager.Install(options)
+
+	t.Run("helmDelete succeeds with admin user", func(t *testing.T) {
+		req := httptest.NewRequest(http.MethodDelete, fmt.Sprintf("/1/kubernetes/helm/%s", options.Name), nil)
+		ctx := security.StoreTokenData(req, &portainer.TokenData{ID: 1, Username: "admin", Role: 1})
+		req = req.WithContext(ctx)
+		req.Header.Add("Authorization", "Bearer dummytoken")
+
+		rr := httptest.NewRecorder()
+		h.ServeHTTP(rr, req)
+
+		is.Equal(http.StatusNoContent, rr.Code, "Status should be 204")
+	})
+}

api/http/handler/helm/helm_install.go

@@ -0,0 +1,134 @@
+package helm
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/portainer/libhelm/options"
+	"github.com/portainer/libhelm/release"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api/kubernetes/validation"
+)
+
+type installChartPayload struct {
+	Namespace string `json:"namespace"`
+	Name      string `json:"name"`
+	Chart     string `json:"chart"`
+	Repo      string `json:"repo"`
+	Values    string `json:"values"`
+}
+
+var errChartNameInvalid = errors.New("invalid chart name. " +
+	"Chart name must consist of lower case alphanumeric characters, '-' or '.'," +
+	" and must start and end with an alphanumeric character",
+)
+
+// @id HelmInstall
+// @summary Install Helm Chart
+// @description
+// @description **Access policy**: authorized
+// @tags helm_chart
+// @security jwt
+// @accept json
+// @produce json
+// @param payload body installChartPayload true "Chart details"
+// @success 201 {object} release.Release "Created"
+// @failure 401 "Unauthorized"
+// @failure 404 "Endpoint or ServiceAccount not found"
+// @failure 500 "Server error"
+// @router /endpoints/:id/kubernetes/helm/{release} [post]
+func (handler *Handler) helmInstall(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload installChartPayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{
+			StatusCode: http.StatusBadRequest,
+			Message:    "Invalid Helm install payload",
+			Err:        err,
+		}
+	}
+
+	release, err := handler.installChart(r, payload)
+	if err != nil {
+		return &httperror.HandlerError{
+			StatusCode: http.StatusInternalServerError,
+			Message:    "Unable to install a chart",
+			Err:        err,
+		}
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	return response.JSON(w, release)
+}
+
+func (p *installChartPayload) Validate(_ *http.Request) error {
+	var required []string
+	if p.Repo == "" {
+		required = append(required, "repo")
+	}
+	if p.Name == "" {
+		required = append(required, "name")
+	}
+	if p.Namespace == "" {
+		required = append(required, "namespace")
+	}
+	if p.Chart == "" {
+		required = append(required, "chart")
+	}
+	if len(required) > 0 {
+		return fmt.Errorf("required field(s) missing: %s", strings.Join(required, ", "))
+	}
+
+	if errs := validation.IsDNS1123Subdomain(p.Name); len(errs) > 0 {
+		return errChartNameInvalid
+	}
+
+	return nil
+}
+
+func (handler *Handler) installChart(r *http.Request, p installChartPayload) (*release.Release, error) {
+	clusterAccess, httperr := handler.getHelmClusterAccess(r)
+	if httperr != nil {
+		return nil, httperr.Err
+	}
+	installOpts := options.InstallOptions{
+		Name:      p.Name,
+		Chart:     p.Chart,
+		Namespace: p.Namespace,
+		Repo:      p.Repo,
+		KubernetesClusterAccess: &options.KubernetesClusterAccess{
+			ClusterServerURL:         clusterAccess.ClusterServerURL,
+			CertificateAuthorityFile: clusterAccess.CertificateAuthorityFile,
+			AuthToken:                clusterAccess.AuthToken,
+		},
+	}
+
+	if p.Values != "" {
+		file, err := os.CreateTemp("", "helm-values")
+		if err != nil {
+			return nil, err
+		}
+		defer os.Remove(file.Name())
+		_, err = file.WriteString(p.Values)
+		if err != nil {
+			file.Close()
+			return nil, err
+		}
+		err = file.Close()
+		if err != nil {
+			return nil, err
+		}
+		installOpts.ValuesFile = file.Name()
+	}
+
+	release, err := handler.helmPackageManager.Install(installOpts)
+	if err != nil {
+		return nil, err
+	}
+	return release, nil
+}

api/http/handler/helm/helm_install_test.go

@@ -0,0 +1,65 @@
+package helm
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/portainer/libhelm/binary/test"
+	"github.com/portainer/libhelm/options"
+	"github.com/portainer/libhelm/release"
+	portainer "github.com/portainer/portainer/api"
+	bolt "github.com/portainer/portainer/api/bolt/bolttest"
+	"github.com/portainer/portainer/api/http/security"
+	helper "github.com/portainer/portainer/api/internal/testhelpers"
+	"github.com/portainer/portainer/api/kubernetes"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_helmInstall(t *testing.T) {
+	is := assert.New(t)
+
+	store, teardown := bolt.MustNewTestStore(true)
+	defer teardown()
+
+	err := store.Endpoint().CreateEndpoint(&portainer.Endpoint{ID: 1})
+	is.NoError(err, "error creating endpoint")
+
+	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
+	is.NoError(err, "error creating a user")
+
+	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
+	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+
+	is.NotNil(h, "Handler should not fail")
+
+	// Install a single chart.  We expect to get these values back
+	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default", Repo: "https://charts.bitnami.com/bitnami"}
+	optdata, err := json.Marshal(options)
+	is.NoError(err)
+
+	t.Run("helmInstall succeeds with admin user", func(t *testing.T) {
+		req := httptest.NewRequest(http.MethodPost, "/1/kubernetes/helm", bytes.NewBuffer(optdata))
+		ctx := security.StoreTokenData(req, &portainer.TokenData{ID: 1, Username: "admin", Role: 1})
+		req = req.WithContext(ctx)
+		req.Header.Add("Authorization", "Bearer dummytoken")
+
+		rr := httptest.NewRecorder()
+		h.ServeHTTP(rr, req)
+
+		is.Equal(http.StatusCreated, rr.Code, "Status should be 201")
+
+		body, err := io.ReadAll(rr.Body)
+		is.NoError(err, "ReadAll should not return error")
+
+		resp := release.Release{}
+		err = json.Unmarshal(body, &resp)
+		is.NoError(err, "response should be json")
+		is.EqualValues(options.Name, resp.Name, "Name doesn't match")
+		is.EqualValues(options.Namespace, resp.Namespace, "Namespace doesn't match")
+	})
+}

api/http/handler/helm/helm_list.go

@@ -0,0 +1,63 @@
+package helm
+
+import (
+	"net/http"
+
+	"github.com/portainer/libhelm/options"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+)
+
+// @id HelmList
+// @summary List Helm Chart(s)
+// @description
+// @description **Access policy**: authorized
+// @tags helm_chart
+// @security jwt
+// @accept json
+// @produce json
+// @param namespace query string true "specify an optional namespace"
+// @param filter query string true "specify an optional filter"
+// @param selector query string true "specify an optional selector"
+// @success 200 {array} release.ReleaseElement "Success"
+// @failure 400 "Invalid endpoint identifier"
+// @failure 401 "Unauthorized"
+// @failure 404 "Endpoint or ServiceAccount not found"
+// @failure 500 "Server error"
+// @router /endpoints/:id/kubernetes/helm [get]
+func (handler *Handler) helmList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	clusterAccess, httperr := handler.getHelmClusterAccess(r)
+	if httperr != nil {
+		return httperr
+	}
+
+	listOpts := options.ListOptions{
+		KubernetesClusterAccess: clusterAccess,
+	}
+
+	params := r.URL.Query()
+
+	// optional namespace.  The library defaults to "default"
+	namespace, _ := request.RetrieveQueryParameter(r, "namespace", true)
+	if namespace != "" {
+		listOpts.Namespace = namespace
+	}
+
+	// optional filter
+	if filter := params.Get("filter"); filter != "" {
+		listOpts.Filter = filter
+	}
+
+	// optional selector
+	if selector := params.Get("selector"); selector != "" {
+		listOpts.Selector = selector
+	}
+
+	releases, err := handler.helmPackageManager.List(listOpts)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Helm returned an error", err}
+	}
+
+	return response.JSON(w, releases)
+}

api/http/handler/helm/helm_list_test.go

@@ -0,0 +1,60 @@
+package helm
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/portainer/libhelm/binary/test"
+	"github.com/portainer/libhelm/options"
+	"github.com/portainer/libhelm/release"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/kubernetes"
+	"github.com/stretchr/testify/assert"
+
+	bolt "github.com/portainer/portainer/api/bolt/bolttest"
+	helper "github.com/portainer/portainer/api/internal/testhelpers"
+)
+
+func Test_helmList(t *testing.T) {
+	store, teardown := bolt.MustNewTestStore(true)
+	defer teardown()
+
+	err := store.Endpoint().CreateEndpoint(&portainer.Endpoint{ID: 1})
+	assert.NoError(t, err, "error creating endpoint")
+
+	err = store.User().CreateUser(&portainer.User{Username: "admin", Role: portainer.AdministratorRole})
+	assert.NoError(t, err, "error creating a user")
+
+	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
+	kubeConfigService := kubernetes.NewKubeConfigCAService("", "")
+	h := NewHandler(helper.NewTestRequestBouncer(), store, helmPackageManager, kubeConfigService)
+
+	// Install a single chart.  We expect to get these values back
+	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default"}
+	h.helmPackageManager.Install(options)
+
+	t.Run("helmList", func(t *testing.T) {
+		is := assert.New(t)
+
+		req := httptest.NewRequest(http.MethodGet, "/1/kubernetes/helm", nil)
+		req.Header.Add("Authorization", "Bearer dummytoken")
+
+		rr := httptest.NewRecorder()
+		h.ServeHTTP(rr, req)
+
+		is.Equal(http.StatusOK, rr.Code, "Status should be 200 OK")
+
+		body, err := io.ReadAll(rr.Body)
+		is.NoError(err, "ReadAll should not return error")
+
+		data := []release.ReleaseElement{}
+		json.Unmarshal(body, &data)
+		if is.Equal(1, len(data), "Expected one chart entry") {
+			is.EqualValues(options.Name, data[0].Name, "Name doesn't match")
+			is.EqualValues(options.Chart, data[0].Chart, "Chart doesn't match")
+		}
+	})
+}

api/http/handler/helm/helm_repo_search.go

@@ -0,0 +1,56 @@
+package helm
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/pkg/errors"
+	"github.com/portainer/libhelm"
+	"github.com/portainer/libhelm/options"
+	httperror "github.com/portainer/libhttp/error"
+)
+
+// @id HelmRepoSearch
+// @summary Search Helm Charts
+// @description
+// @description **Access policy**: authorized
+// @tags helm_chart
+// @param repo query string true "Helm repository URL"
+// @security jwt
+// @produce json
+// @success 200 {object} string "Success"
+// @failure 400 "Bad request"
+// @failure 401 "Unauthorized"
+// @failure 404 "Not found"
+// @failure 500 "Server error"
+// @router /templates/helm [get]
+func (handler *Handler) helmRepoSearch(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	repo := r.URL.Query().Get("repo")
+	if repo == "" {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Bad request", Err: errors.New("missing `repo` query parameter")}
+	}
+
+	_, err := url.ParseRequestURI(repo)
+	if err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Bad request", Err: errors.Wrap(err, fmt.Sprintf("provided URL %q is not valid", repo))}
+	}
+
+	searchOpts := options.SearchRepoOptions{
+		Repo: repo,
+	}
+
+	result, err := libhelm.SearchRepo(searchOpts)
+	if err != nil {
+		return &httperror.HandlerError{
+			StatusCode: http.StatusInternalServerError,
+			Message:    "Search failed",
+			Err:        err,
+		}
+	}
+
+	w.Header().Set("Content-Type", "text/plain")
+	w.Write(result)
+
+	return nil
+}

api/http/handler/helm/helm_repo_search_test.go

@@ -0,0 +1,50 @@
+package helm
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/portainer/libhelm/binary/test"
+	"github.com/stretchr/testify/assert"
+
+	helper "github.com/portainer/portainer/api/internal/testhelpers"
+)
+
+func Test_helmRepoSearch(t *testing.T) {
+	is := assert.New(t)
+
+	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
+	h := NewTemplateHandler(helper.NewTestRequestBouncer(), helmPackageManager)
+
+	assert.NotNil(t, h, "Handler should not fail")
+
+	repos := []string{"https://charts.bitnami.com/bitnami", "https://portainer.github.io/k8s"}
+
+	for _, repo := range repos {
+		t.Run(repo, func(t *testing.T) {
+			repoUrlEncoded := url.QueryEscape(repo)
+			req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/templates/helm?repo=%s", repoUrlEncoded), nil)
+			rr := httptest.NewRecorder()
+			h.ServeHTTP(rr, req)
+
+			is.Equal(http.StatusOK, rr.Code, "Status should be 200 OK")
+			body, err := io.ReadAll(rr.Body)
+			is.NoError(err, "ReadAll should not return error")
+			is.NotEmpty(body, "Body should not be empty")
+		})
+	}
+
+	t.Run("fails on invalid URL", func(t *testing.T) {
+		repo := "abc.com"
+		repoUrlEncoded := url.QueryEscape(repo)
+		req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/templates/helm?repo=%s", repoUrlEncoded), nil)
+		rr := httptest.NewRecorder()
+		h.ServeHTTP(rr, req)
+
+		is.Equal(http.StatusBadRequest, rr.Code, "Status should be 400 Bad request")
+	})
+}

api/http/handler/helm/helm_show.go

@@ -0,0 +1,70 @@
+package helm
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"net/url"
+
+	"github.com/pkg/errors"
+	"github.com/portainer/libhelm/options"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+)
+
+// @id HelmShow
+// @summary Show Helm Chart(s)
+// @description
+// @description **Access policy**: authorized
+// @tags helm_chart
+// @param repo query string true "Helm repository URL"
+// @param chart query string true "Chart name"
+// @param command path string false "chart/values/readme"
+// @security jwt
+// @accept json
+// @produce text/plain
+// @success 200 {object} string "Success"
+// @failure 401 "Unauthorized"
+// @failure 404 "Endpoint or ServiceAccount not found"
+// @failure 500 "Server error"
+// @router /templates/helm/{command} [get]
+func (handler *Handler) helmShow(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	repo := r.URL.Query().Get("repo")
+	if repo == "" {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Bad request", Err: errors.New("missing `repo` query parameter")}
+	}
+	_, err := url.ParseRequestURI(repo)
+	if err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Bad request", Err: errors.Wrap(err, fmt.Sprintf("provided URL %q is not valid", repo))}
+	}
+
+	chart := r.URL.Query().Get("chart")
+	if chart == "" {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Bad request", Err: errors.New("missing `chart` query parameter")}
+	}
+
+	cmd, err := request.RetrieveRouteVariableValue(r, "command")
+	if err != nil {
+		cmd = "all"
+		log.Printf("[DEBUG] [internal,helm] [message: command not provided, defaulting to %s]", cmd)
+	}
+
+	showOptions := options.ShowOptions{
+		OutputFormat: options.ShowOutputFormat(cmd),
+		Chart:        chart,
+		Repo:         repo,
+	}
+	result, err := handler.helmPackageManager.Show(showOptions)
+	if err != nil {
+		return &httperror.HandlerError{
+			StatusCode: http.StatusInternalServerError,
+			Message:    "Unable to show chart",
+			Err:        err,
+		}
+	}
+
+	w.Header().Set("Content-Type", "text/plain")
+	w.Write(result)
+
+	return nil
+}

api/http/handler/helm/helm_show_test.go

@@ -0,0 +1,47 @@
+package helm
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/portainer/libhelm/binary/test"
+	helper "github.com/portainer/portainer/api/internal/testhelpers"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_helmShow(t *testing.T) {
+	is := assert.New(t)
+
+	helmPackageManager := test.NewMockHelmBinaryPackageManager("")
+	h := NewTemplateHandler(helper.NewTestRequestBouncer(), helmPackageManager)
+
+	is.NotNil(h, "Handler should not fail")
+
+	commands := map[string]string{
+		"values": test.MockDataValues,
+		"chart":  test.MockDataChart,
+		"readme": test.MockDataReadme,
+	}
+
+	for cmd, expect := range commands {
+		t.Run(cmd, func(t *testing.T) {
+			is.NotNil(h, "Handler should not fail")
+
+			repoUrlEncoded := url.QueryEscape("https://charts.bitnami.com/bitnami")
+			chart := "nginx"
+			req := httptest.NewRequest("GET", fmt.Sprintf("/templates/helm/%s?repo=%s&chart=%s", cmd, repoUrlEncoded, chart), nil)
+			rr := httptest.NewRecorder()
+			h.ServeHTTP(rr, req)
+
+			is.Equal(rr.Code, http.StatusOK, "Status should be 200 OK")
+
+			body, err := io.ReadAll(rr.Body)
+			is.NoError(err, "ReadAll should not return error")
+			is.EqualValues(string(body), expect, "Unexpected search response")
+		})
+	}
+}

api/http/handler/kubernetes/kubernetes_config.go

@@ -3,6 +3,8 @@ package kubernetes
 import (
 	"errors"
 	"fmt"
+	"net/http"
+
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
@@ -10,8 +12,6 @@ import (
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/http/security"
 	kcli "github.com/portainer/portainer/api/kubernetes/cli"
-
-	"net/http"
 )
 
 // @id GetKubernetesConfig

api/http/handler/kubernetes/kubernetes_nodes_limits.go

@@ -1,12 +1,13 @@
 package kubernetes
 
 import (
+	"net/http"
+
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
-	"net/http"
 )
 
 // @id getKubernetesNodesLimits
@@ -18,7 +19,7 @@ import (
 // @accept json
 // @produce json
 // @param id path int true "Endpoint identifier"
-// @success 200 {object} K8sNodesLimits "Success"
+// @success 200 {object} portainer.K8sNodesLimits "Success"
 // @failure 400 "Invalid request"
 // @failure 401 "Unauthorized"
 // @failure 403 "Permission denied"

api/http/handler/settings/settings_update.go

@@ -1,11 +1,13 @@
 package settings
 
 import (
-	"errors"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/asaskevich/govalidator"
+	"github.com/pkg/errors"
+	"github.com/portainer/libhelm"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
@@ -36,6 +38,8 @@ type settingsUpdatePayload struct {
 	KubeconfigExpiry *string `example:"24h" default:"0"`
 	// Whether telemetry is enabled
 	EnableTelemetry *bool `example:"false"`
+	// Helm repository URL
+	HelmRepositoryURL *string `example:"https://charts.bitnami.com/bitnami"`
 }
 
 func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
@@ -48,6 +52,12 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 	if payload.TemplatesURL != nil && *payload.TemplatesURL != "" && !govalidator.IsURL(*payload.TemplatesURL) {
 		return errors.New("Invalid external templates URL. Must correspond to a valid URL format")
 	}
+	if payload.HelmRepositoryURL != nil && *payload.HelmRepositoryURL != "" {
+		err := libhelm.ValidateHelmRepositoryURL(*payload.HelmRepositoryURL)
+		if err != nil {
+			return errors.Wrap(err, "Invalid Helm repository URL. Must correspond to a valid URL format")
+		}
+	}
 	if payload.UserSessionTimeout != nil {
 		_, err := time.ParseDuration(*payload.UserSessionTimeout)
 		if err != nil {
@@ -101,6 +111,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.TemplatesURL = *payload.TemplatesURL
 	}
 
+	if payload.HelmRepositoryURL != nil {
+		settings.HelmRepositoryURL = strings.TrimSuffix(*payload.HelmRepositoryURL, "/")
+	}
+
 	if payload.BlackListedLabels != nil {
 		settings.BlackListedLabels = payload.BlackListedLabels
 	}

api/http/handler/stacks/create_kubernetes_stack.go

@@ -1,6 +1,7 @@
 package stacks
 
 import (
+	"errors"
 	"io/ioutil"
 	"net/http"
 	"path/filepath"
@@ -8,15 +9,12 @@ import (
 	"time"
 
 	"github.com/asaskevich/govalidator"
-	"github.com/pkg/errors"
 
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/filesystem"
-	k "github.com/portainer/portainer/api/kubernetes"
-	"github.com/portainer/portainer/api/http/client"
 )
 
 const defaultReferenceName = "refs/heads/master"
@@ -38,12 +36,6 @@ type kubernetesGitDeploymentPayload struct {
 	FilePathInRepository     string
 }
 
-type kubernetesManifestURLDeploymentPayload struct {
-	Namespace 		string
-	ComposeFormat 	bool
-	ManifestURL 	string
-}
-
 func (payload *kubernetesStringDeploymentPayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.StackFileContent) {
 		return errors.New("Invalid stack file content")
@@ -73,13 +65,6 @@ func (payload *kubernetesGitDeploymentPayload) Validate(r *http.Request) error {
 	return nil
 }
 
-func (payload *kubernetesManifestURLDeploymentPayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.ManifestURL) || !govalidator.IsURL(payload.ManifestURL) {
-		return errors.New("Invalid manifest URL")
-	}
-	return nil
-}
-
 type createKubernetesStackResponse struct {
 	Output string `json:"Output"`
 }
@@ -110,12 +95,7 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 	doCleanUp := true
 	defer handler.cleanUp(stack, &doCleanUp)
 
-	output, err := handler.deployKubernetesStack(r, endpoint, payload.StackFileContent, payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
-		StackID: stackID,
-		Name:    stack.Name,
-		Owner:   stack.CreatedBy,
-		Kind:    "content",
-	})
+	output, err := handler.deployKubernetesStack(r, endpoint, payload.StackFileContent, payload.ComposeFormat, payload.Namespace)
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
 	}
@@ -129,8 +109,6 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 		Output: output,
 	}
 
-	doCleanUp = false
-
 	return response.JSON(w, resp)
 }
 
@@ -161,12 +139,7 @@ func (handler *Handler) createKubernetesStackFromGitRepository(w http.ResponseWr
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to process manifest from Git repository", Err: err}
 	}
 
-	output, err := handler.deployKubernetesStack(r, endpoint, stackFileContent, payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
-		StackID: stackID,
-		Name:    stack.Name,
-		Owner:   stack.CreatedBy,
-		Kind:    "git",
-	})
+	output, err := handler.deployKubernetesStack(r, endpoint, stackFileContent, payload.ComposeFormat, payload.Namespace)
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
 	}
@@ -179,86 +152,23 @@ func (handler *Handler) createKubernetesStackFromGitRepository(w http.ResponseWr
 	resp := &createKubernetesStackResponse{
 		Output: output,
 	}
-
-	doCleanUp = false
-
 	return response.JSON(w, resp)
 }
 
-
-func (handler *Handler) createKubernetesStackFromManifestURL(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint) *httperror.HandlerError {
-	var payload kubernetesManifestURLDeploymentPayload
-	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
-	}
-
-	stackID := handler.DataStore.Stack().GetNextIdentifier()
-	stack := &portainer.Stack{
-		ID:           portainer.StackID(stackID),
-		Type:         portainer.KubernetesStack,
-		EndpointID:   endpoint.ID,
-		EntryPoint:   filesystem.ManifestFileDefaultName,
-		Status:       portainer.StackStatusActive,
-		CreationDate: time.Now().Unix(),
-	}
-
-	var manifestContent []byte
-	manifestContent, err := client.Get(payload.ManifestURL, 30)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve manifest from URL", err}
-	}
-
-	stackFolder := strconv.Itoa(int(stack.ID))
-	projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, manifestContent)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Kubernetes manifest file on disk", Err: err}
-	}
-	stack.ProjectPath = projectPath
-
-	doCleanUp := true
-	defer handler.cleanUp(stack, &doCleanUp)
-
-	output, err := handler.deployKubernetesStack(r, endpoint, string(manifestContent), payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
-		StackID: stackID,
-		Name:    stack.Name,
-		Owner:   stack.CreatedBy,
-		Kind:    "url",
-	})
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
-	}
-
-	err = handler.DataStore.Stack().CreateStack(stack)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the Kubernetes stack inside the database", Err: err}
-	}
-
-	resp := &createKubernetesStackResponse{
-		Output: output,
-	}
-
-	return response.JSON(w, resp)
-}
-
-func (handler *Handler) deployKubernetesStack(r *http.Request, endpoint *portainer.Endpoint, stackConfig string, composeFormat bool, namespace string, appLabels k.KubeAppLabels) (string, error) {
+func (handler *Handler) deployKubernetesStack(request *http.Request, endpoint *portainer.Endpoint, stackConfig string, composeFormat bool, namespace string) (string, error) {
 	handler.stackCreationMutex.Lock()
 	defer handler.stackCreationMutex.Unlock()
 
-	manifest := []byte(stackConfig)
 	if composeFormat {
-		convertedConfig, err := handler.KubernetesDeployer.ConvertCompose(manifest)
+		convertedConfig, err := handler.KubernetesDeployer.ConvertCompose(stackConfig)
 		if err != nil {
-			return "", errors.Wrap(err, "failed to convert docker compose file to a kube manifest")
+			return "", err
 		}
-		manifest = convertedConfig
+		stackConfig = string(convertedConfig)
 	}
 
-	manifest, err := k.AddAppLabels(manifest, appLabels)
-	if err != nil {
-		return "", errors.Wrap(err, "failed to add application labels")
-	}
+	return handler.KubernetesDeployer.Deploy(request, endpoint, stackConfig, namespace)
 
-	return handler.KubernetesDeployer.Deploy(r, endpoint, string(manifest), namespace)
 }
 
 func (handler *Handler) cloneManifestContentFromGitRepo(gitInfo *kubernetesGitDeploymentPayload, projectPath string) (string, error) {

api/http/handler/stacks/stack_create.go

@@ -149,8 +149,6 @@ func (handler *Handler) createKubernetesStack(w http.ResponseWriter, r *http.Req
 		return handler.createKubernetesStackFromFileContent(w, r, endpoint)
 	case "repository":
 		return handler.createKubernetesStackFromGitRepository(w, r, endpoint)
-	case "url":
-		return handler.createKubernetesStackFromManifestURL(w, r, endpoint)		
 	}
 	return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid value for query parameter: method. Value must be one of: string or repository", Err: errors.New(request.ErrInvalidQueryParameter)}
 }

api/http/handler/stacks/stack_update_git.go

@@ -46,7 +46,7 @@ func (payload *stackGitUpdatePayload) Validate(r *http.Request) error {
 // @produce json
 // @param id path int true "Stack identifier"
 // @param endpointId query int false "Stacks created before version 1.18.0 might not have an associated endpoint identifier. Use this optional parameter to set the endpoint identifier used by the stack."
-// @param body body updateStackGitPayload true "Git configs for pull and redeploy a stack"
+// @param body body stackGitUpdatePayload true "Git configs for pull and redeploy a stack"
 // @success 200 {object} portainer.Stack "Success"
 // @failure 400 "Invalid request"
 // @failure 403 "Permission denied"

api/http/handler/users/handler.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 
 	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer/api"
+	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
 
 	"net/http"
@@ -54,6 +54,10 @@ func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimi
 		bouncer.PublicAccess(httperror.LoggerHandler(h.adminCheck))).Methods(http.MethodGet)
 	h.Handle("/users/admin/init",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.adminInit))).Methods(http.MethodPost)
+	h.Handle("/users/{id}/helm-repositories",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userGetHelmRepos))).Methods(http.MethodGet)
+	h.Handle("/users/{id}/helm-repositories",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userCreateHelmRepo))).Methods(http.MethodPost)
 
 	return h
 }

api/http/handler/users/user_helm_repos.go

@@ -0,0 +1,143 @@
+package users
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/pkg/errors"
+
+	"github.com/portainer/libhelm"
+	errs "github.com/portainer/portainer/api/http/errors"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/security"
+)
+
+type helmUserRepositoryResponse struct {
+	GlobalRepo string                         `json:"GlobalRepo"`
+	UserRepos  []portainer.HelmUserRepository `json:"UserRepos"`
+}
+
+type addHelmRepoUrlPayload struct {
+	URL string `json:"url"`
+}
+
+func (p *addHelmRepoUrlPayload) Validate(_ *http.Request) error {
+	return libhelm.ValidateHelmRepositoryURL(p.URL)
+}
+
+// @id UserHelmRepositoryCreate
+// @summary Create a user helm repository
+// @description Create a user helm repository.
+// @description **Access policy**: authenticated
+// @tags users
+// @security jwt
+// @accept json
+// @produce json
+// @param id path int true "User identifier"
+// @param payload body addHelmRepoUrlPayload true "Helm Repository"
+// @success 200 {object} portainer.HelmUserRepository "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 500 "Server error"
+// @router /users/{id}/helm-repositories [post]
+func (handler *Handler) userCreateHelmRepo(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	uid, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	userID := portainer.UserID(uid)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
+	}
+
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
+	}
+
+	if tokenData.Role != portainer.AdministratorRole && tokenData.ID != userID {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to save a user Helm repository URL", errs.ErrUnauthorized}
+	}
+
+	p := new(addHelmRepoUrlPayload)
+	err = request.DecodeAndValidateJSONPayload(r, p)
+	if err != nil {
+		return &httperror.HandlerError{
+			StatusCode: http.StatusBadRequest,
+			Message:    "Invalid Helm repository URL",
+			Err:        err,
+		}
+	}
+
+	records, err := handler.DataStore.HelmUserRepository().HelmUserRepositoryByUserID(userID)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to access the DataStore", err}
+	}
+
+	// check if repo already exists - by doing case insensitive, suffix trimmed comparison
+	for _, record := range records {
+		if strings.EqualFold(strings.TrimSuffix(record.URL, "/"), strings.TrimSuffix(p.URL, "/")) {
+			errMsg := "Helm repo already registered for user"
+			return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: errMsg, Err: errors.New(errMsg)}
+		}
+	}
+
+	record := portainer.HelmUserRepository{
+		UserID: userID,
+		URL:    p.URL,
+	}
+
+	err = handler.DataStore.HelmUserRepository().CreateHelmUserRepository(&record)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to save a user Helm repository URL", err}
+	}
+
+	return response.JSON(w, record)
+}
+
+// @id UserHelmRepositoriesInspect
+// @summary Inspect a user helm repositories
+// @description Inspect a user helm repositories.
+// @description **Access policy**: authenticated
+// @tags users
+// @security jwt
+// @produce json
+// @param id path int true "User identifier"
+// @success 200 {object} helmUserRepositoryResponse "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 500 "Server error"
+// @router /users/{id}/helm-repositories [get]
+func (handler *Handler) userGetHelmRepos(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	userID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
+	}
+
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
+	}
+
+	if tokenData.Role != portainer.AdministratorRole && tokenData.ID != portainer.UserID(userID) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to get user Helm repositories", errs.ErrUnauthorized}
+	}
+
+	settings, err := handler.DataStore.Settings().Settings()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+	}
+
+	userRepos, err := handler.DataStore.HelmUserRepository().HelmUserRepositoryByUserID(portainer.UserID(userID))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to get user Helm repositories", err}
+	}
+
+	resp := helmUserRepositoryResponse{
+		GlobalRepo: settings.HelmRepositoryURL,
+		UserRepos:  userRepos,
+	}
+
+	return response.JSON(w, resp)
+}

api/http/handler/websocket/pod.go

@@ -135,25 +135,21 @@ func (handler *Handler) hijackPodExecStartOperation(
 	stdoutReader, stdoutWriter := io.Pipe()
 	defer stdoutWriter.Close()
 
-	// errorChan is used to propagate errors from the go routines to the caller.
 	errorChan := make(chan error, 1)
 	go streamFromWebsocketToWriter(websocketConn, stdinWriter, errorChan)
 	go streamFromReaderToWebsocket(websocketConn, stdoutReader, errorChan)
 
-	// StartExecProcess is a blocking operation which streams IO to/from pod;
-	// this must execute in asynchronously, since the websocketConn could return errors (e.g. client disconnects) before
-	// the blocking operation is completed.
-	go cli.StartExecProcess(serviceAccountToken, isAdminToken, namespace, podName, containerName, commandArray, stdinReader, stdoutWriter, errorChan)
-
-	err = <-errorChan
-
-	// websocket client successfully disconnected
-	if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseNoStatusReceived) {
-		log.Printf("websocket error: %s \n", err.Error())
-		return nil
+	err = cli.StartExecProcess(serviceAccountToken, isAdminToken, namespace, podName, containerName, commandArray, stdinReader, stdoutWriter)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to start exec process inside container", err}
 	}
 
-	return &httperror.HandlerError{http.StatusInternalServerError, "Unable to start exec process inside container", err}
+	err = <-errorChan
+	if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseNoStatusReceived) {
+		log.Printf("websocket error: %s \n", err.Error())
+	}
+
+	return nil
 }
 
 func (handler *Handler) getToken(request *http.Request, endpoint *portainer.Endpoint, setLocalAdminToken bool) (string, bool, error) {

api/http/security/bouncer.go

@@ -199,25 +199,14 @@ func (bouncer *RequestBouncer) mwUpgradeToRestrictedRequest(next http.Handler) h
 func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var tokenData *portainer.TokenData
-		var token string
 
-		// Optionally, token might be set via the "token" query parameter.
-		// For example, in websocket requests
-		token = r.URL.Query().Get("token")
-
-		// Get token from the Authorization header
-		tokens, ok := r.Header["Authorization"]
-		if ok && len(tokens) >= 1 {
-			token = tokens[0]
-			token = strings.TrimPrefix(token, "Bearer ")
-		}
-
-		if token == "" {
-			httperror.WriteError(w, http.StatusUnauthorized, "Unauthorized", httperrors.ErrUnauthorized)
+		// get token from the Authorization header or query parameter
+		token, err := ExtractBearerToken(r)
+		if err != nil {
+			httperror.WriteError(w, http.StatusUnauthorized, "Unauthorized", err)
 			return
 		}
 
-		var err error
 		tokenData, err = bouncer.jwtService.ParseAndVerifyToken(token)
 		if err != nil {
 			httperror.WriteError(w, http.StatusUnauthorized, "Invalid JWT token", err)
@@ -233,12 +222,28 @@ func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Han
 			return
 		}
 
-		ctx := storeTokenData(r, tokenData)
+		ctx := StoreTokenData(r, tokenData)
 		next.ServeHTTP(w, r.WithContext(ctx))
-		return
 	})
 }
 
+// ExtractBearerToken extracts the Bearer token from the request header or query parameter and returns the token.
+func ExtractBearerToken(r *http.Request) (string, error) {
+	// Optionally, token might be set via the "token" query parameter.
+	// For example, in websocket requests
+	token := r.URL.Query().Get("token")
+
+	tokens, ok := r.Header["Authorization"]
+	if ok && len(tokens) >= 1 {
+		token = tokens[0]
+		token = strings.TrimPrefix(token, "Bearer ")
+	}
+	if token == "" {
+		return "", httperrors.ErrUnauthorized
+	}
+	return token, nil
+}
+
 // mwSecureHeaders provides secure headers middleware for handlers.
 func mwSecureHeaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

api/http/security/context.go

@@ -17,8 +17,8 @@ const (
 	contextRestrictedRequest
 )
 
-// storeTokenData stores a TokenData object inside the request context and returns the enhanced context.
-func storeTokenData(request *http.Request, tokenData *portainer.TokenData) context.Context {
+// StoreTokenData stores a TokenData object inside the request context and returns the enhanced context.
+func StoreTokenData(request *http.Request, tokenData *portainer.TokenData) context.Context {
 	return context.WithValue(request.Context(), contextAuthenticationKey, tokenData)
 }
 

api/http/server.go

@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/portainer/libhelm"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/crypto"
@@ -26,6 +27,7 @@ import (
 	"github.com/portainer/portainer/api/http/handler/endpointproxy"
 	"github.com/portainer/portainer/api/http/handler/endpoints"
 	"github.com/portainer/portainer/api/http/handler/file"
+	"github.com/portainer/portainer/api/http/handler/helm"
 	kubehandler "github.com/portainer/portainer/api/http/handler/kubernetes"
 	"github.com/portainer/portainer/api/http/handler/motd"
 	"github.com/portainer/portainer/api/http/handler/registries"
@@ -49,6 +51,7 @@ import (
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/internal/ssl"
+	k8s "github.com/portainer/portainer/api/kubernetes"
 	"github.com/portainer/portainer/api/kubernetes/cli"
 	"github.com/portainer/portainer/api/scheduler"
 	stackdeployer "github.com/portainer/portainer/api/stacks"
@@ -76,11 +79,13 @@ type Server struct {
 	SwarmStackManager           portainer.SwarmStackManager
 	ProxyManager                *proxy.Manager
 	KubernetesTokenCacheManager *kubernetes.TokenCacheManager
+	KubeConfigService           k8s.KubeConfigService
 	Handler                     *handler.Handler
 	SSLService                  *ssl.Service
 	DockerClientFactory         *docker.ClientFactory
 	KubernetesClientFactory     *cli.ClientFactory
 	KubernetesDeployer          portainer.KubernetesDeployer
+	HelmPackageManager          libhelm.HelmPackageManager
 	Scheduler                   *scheduler.Scheduler
 	ShutdownCtx                 context.Context
 	ShutdownTrigger             context.CancelFunc
@@ -165,6 +170,10 @@ func (server *Server) Start() error {
 
 	var fileHandler = file.NewHandler(filepath.Join(server.AssetsPath, "public"))
 
+	var endpointHelmHandler = helm.NewHandler(requestBouncer, server.DataStore, server.HelmPackageManager, server.KubeConfigService)
+
+	var helmTemplatesHandler = helm.NewTemplateHandler(requestBouncer, server.HelmPackageManager)
+
 	var motdHandler = motd.NewHandler(requestBouncer)
 
 	var registryHandler = registries.NewHandler(requestBouncer)
@@ -241,10 +250,12 @@ func (server *Server) Start() error {
 		EdgeTemplatesHandler:   edgeTemplatesHandler,
 		EndpointGroupHandler:   endpointGroupHandler,
 		EndpointHandler:        endpointHandler,
+		EndpointHelmHandler:    endpointHelmHandler,
 		EndpointEdgeHandler:    endpointEdgeHandler,
 		EndpointProxyHandler:   endpointProxyHandler,
-		KubernetesHandler:      kubernetesHandler,
 		FileHandler:            fileHandler,
+		HelmTemplatesHandler:   helmTemplatesHandler,
+		KubernetesHandler:      kubernetesHandler,
 		MOTDHandler:            motdHandler,
 		RegistryHandler:        registryHandler,
 		ResourceControlHandler: resourceControlHandler,

api/internal/testhelpers/datastore.go

@@ -7,26 +7,27 @@ import (
 )
 
 type datastore struct {
-	customTemplate   portainer.CustomTemplateService
-	edgeGroup        portainer.EdgeGroupService
-	edgeJob          portainer.EdgeJobService
-	edgeStack        portainer.EdgeStackService
-	endpoint         portainer.EndpointService
-	endpointGroup    portainer.EndpointGroupService
-	endpointRelation portainer.EndpointRelationService
-	registry         portainer.RegistryService
-	resourceControl  portainer.ResourceControlService
-	role             portainer.RoleService
-	sslSettings      portainer.SSLSettingsService
-	settings         portainer.SettingsService
-	stack            portainer.StackService
-	tag              portainer.TagService
-	teamMembership   portainer.TeamMembershipService
-	team             portainer.TeamService
-	tunnelServer     portainer.TunnelServerService
-	user             portainer.UserService
-	version          portainer.VersionService
-	webhook          portainer.WebhookService
+	customTemplate     portainer.CustomTemplateService
+	edgeGroup          portainer.EdgeGroupService
+	edgeJob            portainer.EdgeJobService
+	edgeStack          portainer.EdgeStackService
+	endpoint           portainer.EndpointService
+	endpointGroup      portainer.EndpointGroupService
+	endpointRelation   portainer.EndpointRelationService
+	helmUserRepository portainer.HelmUserRepositoryService
+	registry           portainer.RegistryService
+	resourceControl    portainer.ResourceControlService
+	role               portainer.RoleService
+	sslSettings        portainer.SSLSettingsService
+	settings           portainer.SettingsService
+	stack              portainer.StackService
+	tag                portainer.TagService
+	teamMembership     portainer.TeamMembershipService
+	team               portainer.TeamService
+	tunnelServer       portainer.TunnelServerService
+	user               portainer.UserService
+	version            portainer.VersionService
+	webhook            portainer.WebhookService
 }
 
 func (d *datastore) BackupTo(io.Writer) error                            { return nil }
@@ -44,19 +45,22 @@ func (d *datastore) EdgeStack() portainer.EdgeStackService               { retur
 func (d *datastore) Endpoint() portainer.EndpointService                 { return d.endpoint }
 func (d *datastore) EndpointGroup() portainer.EndpointGroupService       { return d.endpointGroup }
 func (d *datastore) EndpointRelation() portainer.EndpointRelationService { return d.endpointRelation }
-func (d *datastore) Registry() portainer.RegistryService                 { return d.registry }
-func (d *datastore) ResourceControl() portainer.ResourceControlService   { return d.resourceControl }
-func (d *datastore) Role() portainer.RoleService                         { return d.role }
-func (d *datastore) Settings() portainer.SettingsService                 { return d.settings }
-func (d *datastore) SSLSettings() portainer.SSLSettingsService           { return d.sslSettings }
-func (d *datastore) Stack() portainer.StackService                       { return d.stack }
-func (d *datastore) Tag() portainer.TagService                           { return d.tag }
-func (d *datastore) TeamMembership() portainer.TeamMembershipService     { return d.teamMembership }
-func (d *datastore) Team() portainer.TeamService                         { return d.team }
-func (d *datastore) TunnelServer() portainer.TunnelServerService         { return d.tunnelServer }
-func (d *datastore) User() portainer.UserService                         { return d.user }
-func (d *datastore) Version() portainer.VersionService                   { return d.version }
-func (d *datastore) Webhook() portainer.WebhookService                   { return d.webhook }
+func (d *datastore) HelmUserRepository() portainer.HelmUserRepositoryService {
+	return d.helmUserRepository
+}
+func (d *datastore) Registry() portainer.RegistryService               { return d.registry }
+func (d *datastore) ResourceControl() portainer.ResourceControlService { return d.resourceControl }
+func (d *datastore) Role() portainer.RoleService                       { return d.role }
+func (d *datastore) Settings() portainer.SettingsService               { return d.settings }
+func (d *datastore) SSLSettings() portainer.SSLSettingsService         { return d.sslSettings }
+func (d *datastore) Stack() portainer.StackService                     { return d.stack }
+func (d *datastore) Tag() portainer.TagService                         { return d.tag }
+func (d *datastore) TeamMembership() portainer.TeamMembershipService   { return d.teamMembership }
+func (d *datastore) Team() portainer.TeamService                       { return d.team }
+func (d *datastore) TunnelServer() portainer.TunnelServerService       { return d.tunnelServer }
+func (d *datastore) User() portainer.UserService                       { return d.user }
+func (d *datastore) Version() portainer.VersionService                 { return d.version }
+func (d *datastore) Webhook() portainer.WebhookService                 { return d.webhook }
 
 type datastoreOption = func(d *datastore)
 
@@ -70,21 +74,25 @@ func NewDatastore(options ...datastoreOption) *datastore {
 	return &d
 }
 
-
 type stubSettingsService struct {
 	settings *portainer.Settings
 }
 
-func (s *stubSettingsService) Settings() (*portainer.Settings, error)       { return s.settings, nil }
-func (s *stubSettingsService) UpdateSettings(settings *portainer.Settings) error       { return nil }
-
-func WithSettings(settings *portainer.Settings) datastoreOption {
+func (s *stubSettingsService) Settings() (*portainer.Settings, error) {
+	return s.settings, nil
+}
+func (s *stubSettingsService) UpdateSettings(settings *portainer.Settings) error {
+	s.settings = settings
+	return nil
+}
+func WithSettingsService(settings *portainer.Settings) datastoreOption {
 	return func(d *datastore) {
-		d.settings = &stubSettingsService{settings: settings}
+		d.settings = &stubSettingsService{
+			settings: settings,
+		}
 	}
 }
 
-
 type stubUserService struct {
 	users []portainer.User
 }

api/internal/testhelpers/request_bouncer.go

@@ -0,0 +1,15 @@
+package testhelpers
+
+import "net/http"
+
+type testRequestBouncer struct {
+}
+
+// NewTestRequestBouncer creates new mock for requestBouncer
+func NewTestRequestBouncer() *testRequestBouncer {
+	return &testRequestBouncer{}
+}
+
+func (testRequestBouncer) AuthenticatedAccess(h http.Handler) http.Handler {
+	return h
+}

api/jwt/jwt_kubeconfig_test.go

@@ -1,11 +1,12 @@
 package jwt
 
 import (
+	"testing"
+
 	"github.com/dgrijalva/jwt-go"
 	portainer "github.com/portainer/portainer/api"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
-	"testing"
 )
 
 func TestService_GenerateTokenForKubeconfig(t *testing.T) {
@@ -24,7 +25,7 @@ func TestService_GenerateTokenForKubeconfig(t *testing.T) {
 
 	myFields := fields{
 		userSessionTimeout: "24h",
-		dataStore:          i.NewDatastore(i.WithSettings(mySettings)),
+		dataStore:          i.NewDatastore(i.WithSettingsService(mySettings)),
 	}
 
 	myTokenData := &portainer.TokenData{
@@ -78,4 +79,4 @@ func TestService_GenerateTokenForKubeconfig(t *testing.T) {
 			assert.Equal(t, tt.wantExpiresAt, tokenClaims.ExpiresAt)
 		})
 	}
-}
+}

api/kubernetes/cli/exec.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 	"io"
 
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/remotecommand"
@@ -15,12 +15,10 @@ import (
 // using the specified command. The stdin parameter will be bound to the stdin process and the stdout process will write
 // to the stdout parameter.
 // This function only works against a local endpoint using an in-cluster config with the user's SA token.
-// This is a blocking operation.
-func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer, errChan chan error) {
+func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer) error {
 	config, err := rest.InClusterConfig()
 	if err != nil {
-		errChan <- err
-		return
+		return err
 	}
 
 	if !useAdminToken {
@@ -46,8 +44,7 @@ func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namesp
 
 	exec, err := remotecommand.NewSPDYExecutor(config, "POST", req.URL())
 	if err != nil {
-		errChan <- err
-		return
+		return err
 	}
 
 	err = exec.Stream(remotecommand.StreamOptions{
@@ -57,7 +54,9 @@ func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namesp
 	})
 	if err != nil {
 		if _, ok := err.(utilexec.ExitError); !ok {
-			errChan <- errors.New("unable to start exec process")
+			return errors.New("unable to start exec process")
 		}
 	}
+
+	return nil
 }

api/kubernetes/kubeconfig_service.go

@@ -0,0 +1,104 @@
+package kubernetes
+
+import (
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"log"
+
+	"github.com/pkg/errors"
+	portainer "github.com/portainer/portainer/api"
+)
+
+// KubeConfigService represents a service that is responsible for handling kubeconfig operations
+type KubeConfigService interface {
+	IsSecure() bool
+	GetKubeConfigInternal(endpointId portainer.EndpointID, authToken string) kubernetesClusterAccess
+}
+
+// KubernetesClusterAccess represents core details which can be used to generate KubeConfig file/data
+type kubernetesClusterAccess struct {
+	ClusterServerURL         string `example:"https://mycompany.k8s.com"`
+	CertificateAuthorityFile string `example:"/data/tls/localhost.crt"`
+	CertificateAuthorityData string `example:"MIIC5TCCAc2gAwIBAgIJAJ+...+xuhOaFXwQ=="`
+	AuthToken                string `example:"ey..."`
+}
+
+type kubeConfigCAService struct {
+	httpsBindAddr            string
+	certificateAuthorityFile string
+	certificateAuthorityData string
+}
+
+var (
+	errTLSCertNotProvided   = errors.New("tls cert path not provided")
+	errTLSCertFileMissing   = errors.New("missing tls cert file")
+	errTLSCertIncorrectType = errors.New("incorrect tls cert type")
+	errTLSCertValidation    = errors.New("failed to parse tls certificate")
+)
+
+// NewKubeConfigCAService encapsulates generation of core KubeConfig data
+func NewKubeConfigCAService(httpsBindAddr string, tlsCertPath string) KubeConfigService {
+	certificateAuthorityData, err := getCertificateAuthorityData(tlsCertPath)
+	if err != nil {
+		log.Printf("[DEBUG] [internal,kubeconfig] [message: %s, generated KubeConfig will be insecure]", err.Error())
+	}
+
+	return &kubeConfigCAService{
+		httpsBindAddr:            httpsBindAddr,
+		certificateAuthorityFile: tlsCertPath,
+		certificateAuthorityData: certificateAuthorityData,
+	}
+}
+
+// getCertificateAuthorityData reads tls certificate from supplied path and verifies the tls certificate
+// then returns content (string) of the certificate within `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`
+func getCertificateAuthorityData(tlsCertPath string) (string, error) {
+	if tlsCertPath == "" {
+		return "", errTLSCertNotProvided
+	}
+
+	data, err := ioutil.ReadFile(tlsCertPath)
+	if err != nil {
+		return "", errors.Wrap(errTLSCertFileMissing, err.Error())
+	}
+
+	block, _ := pem.Decode(data)
+	if block == nil || block.Type != "CERTIFICATE" {
+		return "", errTLSCertIncorrectType
+	}
+
+	certificate, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return "", errors.Wrap(errTLSCertValidation, err.Error())
+	}
+
+	return base64.StdEncoding.EncodeToString(certificate.Raw), nil
+}
+
+// IsSecure specifies whether generated KubeConfig structs from the service will not have `insecure-skip-tls-verify: true`
+// this is based on the fact that we can successfully extract `certificateAuthorityData` from
+// certificate file at `tlsCertPath`. If we can successfully extract `certificateAuthorityData`,
+// then this will be used as `certificate-authority-data` attribute in a generated KubeConfig.
+func (kccas *kubeConfigCAService) IsSecure() bool {
+	return kccas.certificateAuthorityData != ""
+}
+
+// GetKubeConfigInternal returns K8s cluster access details for the specified endpoint.
+// On startup, portainer generates a certificate against localhost at specified `httpsBindAddr` port, hence
+// the kubeconfig generated should only be utilised by internal portainer binaries as the `ClusterServerURL`
+// points to the internally accessible `https` based `localhost` address.
+// The struct can be used to:
+// - generate a kubeconfig file
+// - pass down params to binaries
+func (kccas *kubeConfigCAService) GetKubeConfigInternal(endpointId portainer.EndpointID, authToken string) kubernetesClusterAccess {
+	clusterServerUrl := fmt.Sprintf("https://localhost%s/api/endpoints/%s/kubernetes", kccas.httpsBindAddr, fmt.Sprint(endpointId))
+	return kubernetesClusterAccess{
+		ClusterServerURL:         clusterServerUrl,
+		CertificateAuthorityFile: kccas.certificateAuthorityFile,
+		CertificateAuthorityData: kccas.certificateAuthorityData,
+		AuthToken:                authToken,
+	}
+}

api/kubernetes/kubeconfig_service_test.go

@@ -0,0 +1,149 @@
+package kubernetes
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TLS certificate can be generated using:
+// openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha25 -subj '/CN=localhost' -extensions EXT -config <( \
+// printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
+const certData = `-----BEGIN CERTIFICATE-----
+MIIC5TCCAc2gAwIBAgIJAJ+poiEBdsplMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0yMTA4MDQwNDM0MTZaFw0yMTA5MDMwNDM0MTZaMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKQ0HStP34FY/lSDIfMG9MV/lKNUkiLZcMXepbyhPit4ND/w9kOA4WTJ+oP0
+B2IYklRvLkneZOfQiPweGAPwZl3CjwII6gL6NCkhcXXAJ4JQ9duL5Q6pL//95Ocv
+X+qMTssyS1DcH88F6v+gifACLpvG86G9V0DeSGS2fqqfOJngrOCgum1DsWi3Xsew
+B3A7GkPRjYmckU3t4iHgcMb+6lGQAxtnllSM9DpqGnjXRs4mnQHKgufaeW5nvHXi
+oa5l0aHIhN6MQS99QwKwfml7UtWAYhSJksMrrTovB6rThYpp2ID/iU9MGfkpxubT
+oA6scv8alFa8Bo+NEKo255dxsScCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxo
+b3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
+AQsFAAOCAQEALFBHW/r79KOj5bhoDtHs8h/ESAlD5DJI/kzc1RajA8AuWPsaagG/
+S0Bqiq2ApMA6Tr3t9An8peaLCaUapWw59kyQcwwPXm9vxhEEfoBRtk8po8XblsUS
+Q5Ku07ycSg5NBGEW2rCLsvjQFuQiAt8sW4jGCCN+ph/GQF9XC8ir+ssiqiMEkbm/
+JaK7sTi5kZ/GsSK8bJ+9N/ztoFr89YYEWjjOuIS3HNMdBcuQXIel7siEFdNjbzMo
+iuViiuhTPJkxKOzCmv52cxf15B0/+cgcImoX4zc9Z0NxKthBmIe00ojexE0ZBOFi
+4PxB7Ou6y/c9OvJb7gJv3z08+xuhOaFXwQ==
+-----END CERTIFICATE-----
+`
+
+// string within the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` without linebreaks
+const certDataString = "MIIC5TCCAc2gAwIBAgIJAJ+poiEBdsplMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MDQwNDM0MTZaFw0yMTA5MDMwNDM0MTZaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQ0HStP34FY/lSDIfMG9MV/lKNUkiLZcMXepbyhPit4ND/w9kOA4WTJ+oP0B2IYklRvLkneZOfQiPweGAPwZl3CjwII6gL6NCkhcXXAJ4JQ9duL5Q6pL//95OcvX+qMTssyS1DcH88F6v+gifACLpvG86G9V0DeSGS2fqqfOJngrOCgum1DsWi3XsewB3A7GkPRjYmckU3t4iHgcMb+6lGQAxtnllSM9DpqGnjXRs4mnQHKgufaeW5nvHXioa5l0aHIhN6MQS99QwKwfml7UtWAYhSJksMrrTovB6rThYpp2ID/iU9MGfkpxubToA6scv8alFa8Bo+NEKo255dxsScCAwEAAaM6MDgwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEALFBHW/r79KOj5bhoDtHs8h/ESAlD5DJI/kzc1RajA8AuWPsaagG/S0Bqiq2ApMA6Tr3t9An8peaLCaUapWw59kyQcwwPXm9vxhEEfoBRtk8po8XblsUSQ5Ku07ycSg5NBGEW2rCLsvjQFuQiAt8sW4jGCCN+ph/GQF9XC8ir+ssiqiMEkbm/JaK7sTi5kZ/GsSK8bJ+9N/ztoFr89YYEWjjOuIS3HNMdBcuQXIel7siEFdNjbzMoiuViiuhTPJkxKOzCmv52cxf15B0/+cgcImoX4zc9Z0NxKthBmIe00ojexE0ZBOFi4PxB7Ou6y/c9OvJb7gJv3z08+xuhOaFXwQ=="
+
+func createTempFile(filename, content string) (string, func()) {
+	tempPath, _ := ioutil.TempDir("", "temp")
+	filePath := fmt.Sprintf("%s/%s", tempPath, filename)
+	ioutil.WriteFile(filePath, []byte(content), 0644)
+
+	teardown := func() { os.RemoveAll(tempPath) }
+
+	return filePath, teardown
+}
+
+func Test_getCertificateAuthorityData(t *testing.T) {
+	is := assert.New(t)
+
+	t.Run("getCertificateAuthorityData fails on tls cert not provided", func(t *testing.T) {
+		_, err := getCertificateAuthorityData("")
+		is.ErrorIs(err, errTLSCertNotProvided, "getCertificateAuthorityData should fail with %w", errTLSCertNotProvided)
+	})
+
+	t.Run("getCertificateAuthorityData fails on tls cert provided but missing file", func(t *testing.T) {
+		_, err := getCertificateAuthorityData("/tmp/non-existent.crt")
+		is.ErrorIs(err, errTLSCertFileMissing, "getCertificateAuthorityData should fail with %w", errTLSCertFileMissing)
+	})
+
+	t.Run("getCertificateAuthorityData fails on tls cert provided but invalid file data", func(t *testing.T) {
+		filePath, teardown := createTempFile("invalid-cert.crt", "hello\ngo\n")
+		defer teardown()
+
+		_, err := getCertificateAuthorityData(filePath)
+		is.ErrorIs(err, errTLSCertIncorrectType, "getCertificateAuthorityData should fail with %w", errTLSCertIncorrectType)
+	})
+
+	t.Run("getCertificateAuthorityData succeeds on valid tls cert provided", func(t *testing.T) {
+		filePath, teardown := createTempFile("valid-cert.crt", certData)
+		defer teardown()
+
+		certificateAuthorityData, err := getCertificateAuthorityData(filePath)
+		is.NoError(err, "getCertificateAuthorityData succeed with valid cert; err=%w", errTLSCertIncorrectType)
+
+		is.Equal(certificateAuthorityData, certDataString, "returned certificateAuthorityData should be %s", certDataString)
+	})
+}
+
+func TestKubeConfigService_IsSecure(t *testing.T) {
+	is := assert.New(t)
+
+	t.Run("IsSecure should be false", func(t *testing.T) {
+		kcs := NewKubeConfigCAService("", "")
+		is.False(kcs.IsSecure(), "should be false if TLS cert not provided")
+	})
+
+	t.Run("IsSecure should be false", func(t *testing.T) {
+		filePath, teardown := createTempFile("valid-cert.crt", certData)
+		defer teardown()
+
+		kcs := NewKubeConfigCAService("", filePath)
+		is.True(kcs.IsSecure(), "should be true if valid TLS cert (path and content) provided")
+	})
+}
+
+func TestKubeConfigService_GetKubeConfigInternal(t *testing.T) {
+	is := assert.New(t)
+
+	t.Run("GetKubeConfigInternal returns localhost address", func(t *testing.T) {
+		kcs := NewKubeConfigCAService("", "")
+		clusterAccessDetails := kcs.GetKubeConfigInternal(1, "some-token")
+		is.True(strings.Contains(clusterAccessDetails.ClusterServerURL, "https://localhost"), "should contain localhost address")
+	})
+
+	t.Run("GetKubeConfigInternal contains https bind address port", func(t *testing.T) {
+		kcs := NewKubeConfigCAService(":1010", "")
+		clusterAccessDetails := kcs.GetKubeConfigInternal(1, "some-token")
+		is.True(strings.Contains(clusterAccessDetails.ClusterServerURL, ":1010"), "should contain bind address port")
+	})
+
+	t.Run("GetKubeConfigInternal contains endpoint proxy url", func(t *testing.T) {
+		kcs := NewKubeConfigCAService("", "")
+		clusterAccessDetails := kcs.GetKubeConfigInternal(100, "some-token")
+		is.True(strings.Contains(clusterAccessDetails.ClusterServerURL, "api/endpoints/100/kubernetes"), "should contain endpoint proxy url")
+	})
+
+	t.Run("GetKubeConfigInternal returns insecure cluster access config", func(t *testing.T) {
+		kcs := NewKubeConfigCAService("", "")
+		clusterAccessDetails := kcs.GetKubeConfigInternal(1, "some-token")
+
+		wantClusterAccessDetails := kubernetesClusterAccess{
+			ClusterServerURL:         "https://localhost/api/endpoints/1/kubernetes",
+			AuthToken:                "some-token",
+			CertificateAuthorityFile: "",
+			CertificateAuthorityData: "",
+		}
+
+		is.Equal(clusterAccessDetails, wantClusterAccessDetails)
+	})
+
+	t.Run("GetKubeConfigInternal returns secure cluster access config", func(t *testing.T) {
+		filePath, teardown := createTempFile("valid-cert.crt", certData)
+		defer teardown()
+
+		kcs := NewKubeConfigCAService("", filePath)
+		clusterAccessDetails := kcs.GetKubeConfigInternal(1, "some-token")
+
+		wantClusterAccessDetails := kubernetesClusterAccess{
+			ClusterServerURL:         "https://localhost/api/endpoints/1/kubernetes",
+			AuthToken:                "some-token",
+			CertificateAuthorityFile: filePath,
+			CertificateAuthorityData: certDataString,
+		}
+
+		is.Equal(clusterAccessDetails, wantClusterAccessDetails)
+	})
+}

api/kubernetes/validation/validation.go

@@ -0,0 +1,48 @@
+package validation
+
+// borrowed from apimachinery@v0.17.2/pkg/util/validation/validation.go
+// https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/util/validation/validation.go
+
+import (
+	"fmt"
+	"regexp"
+)
+
+const dns1123LabelFmt string = "[a-z0-9]([-a-z0-9]*[a-z0-9])?"
+const dns1123SubdomainFmt string = dns1123LabelFmt + "(\\." + dns1123LabelFmt + ")*"
+const DNS1123SubdomainMaxLength int = 253
+
+var dns1123SubdomainRegexp = regexp.MustCompile("^" + dns1123SubdomainFmt + "$")
+
+// IsDNS1123Subdomain tests for a string that conforms to the definition of a subdomain in DNS (RFC 1123).
+func IsDNS1123Subdomain(value string) []string {
+	var errs []string
+	if len(value) > DNS1123SubdomainMaxLength {
+		errs = append(errs, MaxLenError(DNS1123SubdomainMaxLength))
+	}
+	if !dns1123SubdomainRegexp.MatchString(value) {
+		errs = append(errs, RegexError(dns1123SubdomainFmt, "example.com"))
+	}
+	return errs
+}
+
+// MaxLenError returns a string explanation of a "string too long" validation failure.
+func MaxLenError(length int) string {
+	return fmt.Sprintf("must be no more than %d characters", length)
+}
+
+// RegexError returns a string explanation of a regex validation failure.
+func RegexError(fmt string, examples ...string) string {
+	s := "must match the regex " + fmt
+	if len(examples) == 0 {
+		return s
+	}
+	s += " (e.g. "
+	for i := range examples {
+		if i > 0 {
+			s += " or "
+		}
+		s += "'" + examples[i] + "'"
+	}
+	return s + ")"
+}

api/kubernetes/yaml.go

@@ -1,112 +0,0 @@
-package kubernetes
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"strconv"
-	"strings"
-
-	"github.com/pkg/errors"
-	"gopkg.in/yaml.v3"
-)
-
-type KubeAppLabels struct {
-	StackID int
-	Name    string
-	Owner   string
-	Kind    string
-}
-
-// AddAppLabels adds required labels to "Resource"->metadata->labels.
-// It'll add those labels to all Resource (nodes with a kind property exluding a list) it can find in provided yaml.
-// Items in the yaml file could either be organised as a list or broken into multi documents.
-func AddAppLabels(manifestYaml []byte, appLabels KubeAppLabels) ([]byte, error) {
-	if bytes.Equal(manifestYaml, []byte("")) {
-		return manifestYaml, nil
-	}
-
-	docs := make([][]byte, 0)
-	yamlDecoder := yaml.NewDecoder(bytes.NewReader(manifestYaml))
-
-	for {
-		m := make(map[string]interface{})
-		err := yamlDecoder.Decode(&m)
-
-		// if decoded document is empty
-		if m == nil {
-			continue
-		}
-
-		// if there are no more documents in the file
-		if errors.Is(err, io.EOF) {
-			break
-		}
-
-		addResourceLabels(m, appLabels)
-
-		var out bytes.Buffer
-		yamlEncoder := yaml.NewEncoder(&out)
-		yamlEncoder.SetIndent(2)
-		if err := yamlEncoder.Encode(m); err != nil {
-			return nil, errors.Wrap(err, "failed to marshal yaml manifest")
-		}
-
-		docs = append(docs, out.Bytes())
-	}
-
-	return bytes.Join(docs, []byte("---\n")), nil
-}
-
-func addResourceLabels(yamlDoc interface{}, appLabels KubeAppLabels) {
-	m, ok := yamlDoc.(map[string]interface{})
-	if !ok {
-		return
-	}
-
-	kind, ok := m["kind"]
-	if ok && !strings.EqualFold(kind.(string), "list") {
-		addLabels(m, appLabels)
-		return
-	}
-
-	for _, v := range m {
-		switch v.(type) {
-		case map[string]interface{}:
-			addResourceLabels(v, appLabels)
-		case []interface{}:
-			for _, item := range v.([]interface{}) {
-				addResourceLabels(item, appLabels)
-			}
-		}
-	}
-}
-
-func addLabels(obj map[string]interface{}, appLabels KubeAppLabels) {
-	metadata := make(map[string]interface{})
-	if m, ok := obj["metadata"]; ok {
-		metadata = m.(map[string]interface{})
-	}
-
-	labels := make(map[string]string)
-	if l, ok := metadata["labels"]; ok {
-		for k, v := range l.(map[string]interface{}) {
-			labels[k] = fmt.Sprintf("%v", v)
-		}
-	}
-
-	name := appLabels.Name
-	if appLabels.Name == "" {
-		if n, ok := metadata["name"]; ok {
-			name = n.(string)
-		}
-	}
-
-	labels["io.portainer.kubernetes.application.stackid"] = strconv.Itoa(appLabels.StackID)
-	labels["io.portainer.kubernetes.application.name"] = name
-	labels["io.portainer.kubernetes.application.owner"] = appLabels.Owner
-	labels["io.portainer.kubernetes.application.kind"] = appLabels.Kind
-
-	metadata["labels"] = labels
-	obj["metadata"] = metadata
-}

api/kubernetes/yaml_test.go

@@ -1,493 +0,0 @@
-package kubernetes
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_AddAppLabels(t *testing.T) {
-	tests := []struct {
-		name       string
-		input      string
-		wantOutput string
-	}{
-		{
-			name: "single deployment without labels",
-			input: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-			wantOutput: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-		},
-		{
-			name: "single deployment with existing labels",
-			input: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    foo: bar
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-			wantOutput: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    foo: bar
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-		},
-		{
-			name: "complex kompose output",
-			input: `apiVersion: v1
-items:
-  - apiVersion: v1
-    kind: Service
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: web
-      name: web
-    spec:
-      ports:
-        - name: "5000"
-          port: 5000
-          targetPort: 5000
-      selector:
-        io.kompose.service: web
-    status:
-      loadBalancer: {}
-  - apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: redis
-      name: redis
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          io.kompose.service: redis
-      strategy: {}
-      template:
-        metadata:
-          creationTimestamp: null
-          labels:
-            io.kompose.service: redis
-    status: {}
-  - apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      creationTimestamp: null
-      name: web
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          io.kompose.service: web
-      strategy:
-        type: Recreate
-      template:
-        metadata:
-          creationTimestamp: null
-          labels:
-            io.kompose.service: web
-    status: {}
-kind: List
-metadata: {}
-`,
-			wantOutput: `apiVersion: v1
-items:
-  - apiVersion: v1
-    kind: Service
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: web
-        io.portainer.kubernetes.application.kind: git
-        io.portainer.kubernetes.application.name: best-name
-        io.portainer.kubernetes.application.owner: best-owner
-        io.portainer.kubernetes.application.stackid: "123"
-      name: web
-    spec:
-      ports:
-        - name: "5000"
-          port: 5000
-          targetPort: 5000
-      selector:
-        io.kompose.service: web
-    status:
-      loadBalancer: {}
-  - apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: redis
-        io.portainer.kubernetes.application.kind: git
-        io.portainer.kubernetes.application.name: best-name
-        io.portainer.kubernetes.application.owner: best-owner
-        io.portainer.kubernetes.application.stackid: "123"
-      name: redis
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          io.kompose.service: redis
-      strategy: {}
-      template:
-        metadata:
-          creationTimestamp: null
-          labels:
-            io.kompose.service: redis
-    status: {}
-  - apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.portainer.kubernetes.application.kind: git
-        io.portainer.kubernetes.application.name: best-name
-        io.portainer.kubernetes.application.owner: best-owner
-        io.portainer.kubernetes.application.stackid: "123"
-      name: web
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          io.kompose.service: web
-      strategy:
-        type: Recreate
-      template:
-        metadata:
-          creationTimestamp: null
-          labels:
-            io.kompose.service: web
-    status: {}
-kind: List
-metadata: {}
-`,
-		},
-		{
-			name: "multiple items separated by ---",
-			input: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    io.kompose.service: web
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-  selector:
-    io.kompose.service: web
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    foo: bar
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-			wantOutput: `apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    io.kompose.service: web
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-  selector:
-    io.kompose.service: web
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    foo: bar
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: busybox
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: busybox
-  template:
-    metadata:
-      labels:
-        app: busybox
-    spec:
-      containers:
-        - image: busybox
-          name: busybox
-`,
-		},
-		{
-			name:       "empty",
-			input:      "",
-			wantOutput: "",
-		},
-		{
-			name: "no only deployments",
-			input: `apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    io.kompose.service: web
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-  selector:
-    io.kompose.service: web
-`,
-			wantOutput: `apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    io.kompose.service: web
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: best-name
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-  selector:
-    io.kompose.service: web
-`,
-		},
-	}
-
-	labels := KubeAppLabels{
-		StackID: 123,
-		Name:    "best-name",
-		Owner:   "best-owner",
-		Kind:    "git",
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			result, err := AddAppLabels([]byte(tt.input), labels)
-			assert.NoError(t, err)
-			assert.Equal(t, tt.wantOutput, string(result))
-		})
-	}
-}
-
-func Test_AddAppLabels_PickingName_WhenLabelNameIsEmpty(t *testing.T) {
-	labels := KubeAppLabels{
-		StackID: 123,
-		Owner:   "best-owner",
-		Kind:    "git",
-	}
-
-	input := `apiVersion: v1
-kind: Service
-metadata:
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-`
-
-	expected := `apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: web
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-  name: web
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-`
-
-	result, err := AddAppLabels([]byte(input), labels)
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(result))
-}
-
-func Test_AddAppLabels_PickingName_WhenLabelAndMetadataNameAreEmpty(t *testing.T) {
-	labels := KubeAppLabels{
-		StackID: 123,
-		Owner:   "best-owner",
-		Kind:    "git",
-	}
-
-	input := `apiVersion: v1
-kind: Service
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-`
-
-	expected := `apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    io.portainer.kubernetes.application.kind: git
-    io.portainer.kubernetes.application.name: ""
-    io.portainer.kubernetes.application.owner: best-owner
-    io.portainer.kubernetes.application.stackid: "123"
-spec:
-  ports:
-    - name: "5000"
-      port: 5000
-      targetPort: 5000
-`
-
-	result, err := AddAppLabels([]byte(input), labels)
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(result))
-}

api/portainer.go

@@ -389,6 +389,18 @@ type (
 		ProjectPath string `json:"ProjectPath"`
 	}
 
+	HelmUserRepositoryID int
+
+	// HelmUserRepositories stores a Helm repository URL for the given user
+	HelmUserRepository struct {
+		// Membership Identifier
+		ID HelmUserRepositoryID `json:"Id" example:"1"`
+		// User identifier
+		UserID UserID `json:"UserID" example:"1"`
+		// Helm repository URL
+		URL string `json:"URL" example:"https://charts.bitnami.com/bitnami"`
+	}
+
 	// QuayRegistryData represents data required for Quay registry to work
 	QuayRegistryData struct {
 		UseOrganisation  bool   `json:"UseOrganisation"`
@@ -693,6 +705,8 @@ type (
 		KubeconfigExpiry string `json:"KubeconfigExpiry" example:"24h"`
 		// Whether telemetry is enabled
 		EnableTelemetry bool `json:"EnableTelemetry" example:"false"`
+		// Helm repository URL, defaults to "https://charts.bitnami.com/bitnami"
+		HelmRepositoryURL string `json:"HelmRepositoryURL" example:"https://charts.bitnami.com/bitnami"`
 
 		// Deprecated fields
 		DisplayDonationHeader       bool
@@ -1087,6 +1101,7 @@ type (
 		Endpoint() EndpointService
 		EndpointGroup() EndpointGroupService
 		EndpointRelation() EndpointRelationService
+		HelmUserRepository() HelmUserRepositoryService
 		Registry() RegistryService
 		ResourceControl() ResourceControlService
 		Role() RoleService
@@ -1213,6 +1228,12 @@ type (
 		LatestCommitID(repositoryURL, referenceName, username, password string) (string, error)
 	}
 
+	// HelmUserRepositoryService represents a service to manage HelmUserRepositories
+	HelmUserRepositoryService interface {
+		HelmUserRepositoryByUserID(userID UserID) ([]HelmUserRepository, error)
+		CreateHelmUserRepository(record *HelmUserRepository) error
+	}
+
 	// JWTService represents a service for managing JWT tokens
 	JWTService interface {
 		GenerateToken(data *TokenData) (string, error)
@@ -1228,7 +1249,7 @@ type (
 		GetServiceAccount(tokendata *TokenData) (*v1.ServiceAccount, error)
 		GetServiceAccountBearerToken(userID int) (string, error)
 		CreateUserShellPod(ctx context.Context, serviceAccountName string) (*KubernetesShellPod, error)
-		StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer, errChan chan error)
+		StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer) error
 		NamespaceAccessPoliciesDeleteNamespace(namespace string) error
 		GetNodesLimits() (K8sNodesLimits, error)
 		GetNamespaceAccessPolicies() (map[string]K8sNamespaceAccessPolicy, error)
@@ -1243,7 +1264,7 @@ type (
 	// KubernetesDeployer represents a service to deploy a manifest inside a Kubernetes endpoint
 	KubernetesDeployer interface {
 		Deploy(request *http.Request, endpoint *Endpoint, data string, namespace string) (string, error)
-		ConvertCompose(data []byte) ([]byte, error)
+		ConvertCompose(data string) ([]byte, error)
 	}
 
 	// KubernetesSnapshotter represents a service used to create Kubernetes endpoint snapshots
@@ -1453,6 +1474,8 @@ const (
 	DefaultEdgeAgentCheckinIntervalInSeconds = 5
 	// DefaultTemplatesURL represents the URL to the official templates supported by Portainer
 	DefaultTemplatesURL = "https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json"
+	// DefaultHelmrepositoryURL represents the URL to the official templates supported by Bitnami
+	DefaultHelmRepositoryURL = "https://charts.bitnami.com/bitnami"
 	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared
 	DefaultUserSessionTimeout = "8h"
 	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared

app/angulartics.matomo/index.js

@@ -1,5 +1,4 @@
 import angular from 'angular';
-import _ from 'lodash-es';
 
 const basePath = 'http://portainer-ce.app';
 
@@ -132,8 +131,7 @@ function config($analyticsProvider, $windowProvider) {
 
     let metadataString = '';
     if (metadata) {
-      const kebabCasedMetadata = Object.fromEntries(Object.entries(metadata).map(([key, value]) => [_.kebabCase(key), value]));
-      metadataString = JSON.stringify(kebabCasedMetadata).toLowerCase();
+      metadataString = JSON.stringify(metadata).toLowerCase();
     }
 
     push([

app/assets/css/app.css

@@ -289,6 +289,10 @@ a[ng-click] {
   padding-top: 15px !important;
 }
 
+.nomargin {
+  margin: 0 !important;
+}
+
 .terminal-container {
   width: 100%;
   padding: 10px 0;

app/edge/views/edge-stacks/createEdgeStackView/createEdgeStackView.html

@@ -199,10 +199,6 @@
                 ng-click="$ctrl.createStack()"
                 button-spinner="$ctrl.state.actionInProgress"
                 data-cy="edgeStackCreate-createStackButton"
-                analytics-on
-                analytics-event="edge-stack-creation"
-                analytics-category="edge"
-                analytics-properties="$ctrl.buildAnalyticsProperties()"
               >
                 <span ng-hide="$ctrl.state.actionInProgress">Deploy the stack</span>
                 <span ng-show="$ctrl.state.actionInProgress">Deployment in progress...</span>

app/edge/views/edge-stacks/createEdgeStackView/createEdgeStackViewController.js

@@ -43,30 +43,6 @@ export class CreateEdgeStackViewController {
     this.onChangeFormValues = this.onChangeFormValues.bind(this);
   }
 
-  buildAnalyticsProperties() {
-    const format = 'compose';
-    const metadata = { type: methodLabel(this.state.Method), format };
-
-    if (metadata.type === 'template') {
-      metadata.templateName = this.selectedTemplate.title;
-    }
-
-    return { metadata };
-
-    function methodLabel(method) {
-      switch (method) {
-        case 'editor':
-          return 'web-editor';
-        case 'repository':
-          return 'git';
-        case 'upload':
-          return 'file-upload';
-        case 'template':
-          return 'template';
-      }
-    }
-  }
-
   async uiCanExit() {
     if (this.state.Method === 'editor' && this.formValues.StackFileContent && this.state.isEditorDirty) {
       return this.ModalService.confirmWebEditorDiscard();

app/kubernetes/__module.js

@@ -1,7 +1,6 @@
 import registriesModule from './registries';
-import customTemplateModule from './custom-templates';
 
-angular.module('portainer.kubernetes', ['portainer.app', registriesModule, customTemplateModule]).config([
+angular.module('portainer.kubernetes', ['portainer.app', registriesModule]).config([
   '$stateRegistryProvider',
   function ($stateRegistryProvider) {
     'use strict';
@@ -45,6 +44,26 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
       },
     };
 
+    const helmApplication = {
+      name: 'kubernetes.helm',
+      url: '/helm/:name',
+      views: {
+        'content@': {
+          component: 'kubernetesHelmApplicationView',
+        },
+      },
+    };
+
+    const helmTemplates = {
+      name: 'kubernetes.templates',
+      url: '/templates/helm',
+      views: {
+        'content@': {
+          component: 'helmTemplatesView',
+        },
+      },
+    };
+
     const applications = {
       name: 'kubernetes.applications',
       url: '/applications',
@@ -209,15 +228,12 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
 
     const deploy = {
       name: 'kubernetes.deploy',
-      url: '/deploy?templateId',
+      url: '/deploy',
       views: {
         'content@': {
           component: 'kubernetesDeployView',
         },
       },
-      params: {
-        templateId: '',
-      },
     };
 
     const resourcePools = {
@@ -301,6 +317,8 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
     };
 
     $stateRegistryProvider.register(kubernetes);
+    $stateRegistryProvider.register(helmApplication);
+    $stateRegistryProvider.register(helmTemplates);
     $stateRegistryProvider.register(applications);
     $stateRegistryProvider.register(applicationCreation);
     $stateRegistryProvider.register(application);

app/kubernetes/components/datatables/applications-datatable-details/applications-datatable-details.controller.js

@@ -0,0 +1,12 @@
+import { KubernetesConfigurationTypes } from 'Kubernetes/models/configuration/models';
+
+export default class {
+  $onInit() {
+    const secrets = (this.configurations || [])
+      .filter((config) => config.Data && config.Type === KubernetesConfigurationTypes.SECRET)
+      .flatMap((config) => Object.entries(config.Data))
+      .map(([key, value]) => ({ key, value }));
+
+    this.state = { secrets };
+  }
+}

app/kubernetes/components/datatables/applications-datatable-details/applications-datatable-details.html

@@ -0,0 +1,12 @@
+<div class="col-xs-12 form-section-title">
+  Secrets
+</div>
+<table style="width: 50%;">
+  <tbody>
+    <tr>
+      <td>
+        <sensitive-details ng-repeat="secret in $ctrl.state.secrets" key="{{ secret.key }}" value="{{ secret.value }}"> </sensitive-details>
+      </td>
+    </tr>
+  </tbody>
+</table>

app/kubernetes/components/datatables/applications-datatable-details/applications-datatable-details.js

@@ -0,0 +1,10 @@
+import angular from 'angular';
+import controller from './applications-datatable-details.controller';
+
+angular.module('portainer.kubernetes').component('kubernetesApplicationsDatatableDetails', {
+  templateUrl: './applications-datatable-details.html',
+  controller,
+  bindings: {
+    configurations: '<',
+  },
+});

app/kubernetes/components/datatables/applications-datatable-url/applications-datatable-url.css

@@ -0,0 +1,6 @@
+.published-url-container {
+  display: grid;
+  grid-template-columns: 1fr 1fr 3fr;
+  padding-top: 1rem;
+  padding-bottom: 2rem;
+}

app/kubernetes/components/datatables/applications-datatable-url/applications-datatable-url.html

@@ -0,0 +1,6 @@
+<div class="published-url-container">
+  <div class="text-muted">
+    Published URL
+  </div>
+  <a ng-href="{{ $ctrl.publishedUrl }}" target="_blank" class="space-left"> <i class="fa fa-external-link-alt" aria-hidden="true"></i> {{ $ctrl.publishedUrl }} </a>
+</div>

app/kubernetes/components/datatables/applications-datatable-url/applications-datatable-url.js

@@ -0,0 +1,9 @@
+import angular from 'angular';
+import './applications-datatable-url.css';
+
+angular.module('portainer.kubernetes').component('kubernetesApplicationsDatatableUrl', {
+  templateUrl: './applications-datatable-url.html',
+  bindings: {
+    publishedUrl: '@',
+  },
+});

app/kubernetes/components/datatables/applications-datatable/applicationsDatatable.css

@@ -0,0 +1,16 @@
+.secondary-heading {
+  background-color: #e7f6ff !important;
+}
+
+.secondary-body {
+  background-color: #f1f9fd;
+}
+
+.datatable-wide {
+  width: 55px;
+}
+
+.datatable-padding-vertical {
+  padding-top: 1.5rem;
+  padding-bottom: 1.5rem;
+}

app/kubernetes/components/datatables/applications-datatable/applicationsDatatable.html

@@ -1,7 +1,7 @@
 <div class="datatable">
   <rd-widget>
     <rd-widget-body classes="no-padding">
-      <div class="toolBar">
+      <div ng-if="$ctrl.isPrimary" class="toolBar">
         <div class="toolBarTitle"> <i class="fa" ng-class="$ctrl.titleIcon" aria-hidden="true" style="margin-right: 2px;"></i> {{ $ctrl.titleText }} </div>
         <span class="small text-muted" style="float: left; margin-top: 5px;" ng-if="$ctrl.isAdmin && !$ctrl.settings.showSystem">
           <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px;"></i>
@@ -62,7 +62,7 @@
           </span>
         </div>
       </div>
-      <div class="actionBar">
+      <div ng-if="$ctrl.isPrimary" class="actionBar">
         <button
           type="button"
           class="btn btn-sm btn-danger"
@@ -73,13 +73,10 @@
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
         <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.applications.new" data-cy="k8sApp-addApplicationButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add application with form
-        </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sApp-deployFromManifestButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add application
         </button>
       </div>
-      <div class="searchBar">
+      <div ng-if="$ctrl.isPrimary" class="searchBar">
         <i class="fa fa-search searchIcon" aria-hidden="true"></i>
         <input
           type="text"
@@ -94,13 +91,20 @@
       </div>
       <div class="table-responsive">
         <table class="table table-hover nowrap-cells" data-cy="k8sApp-appTable">
-          <thead>
+          <thead ng-class="{ 'secondary-heading': !$ctrl.isPrimary }">
             <tr>
-              <th>
-                <span class="md-checkbox">
-                  <input id="select_all" type="checkbox" ng-model="$ctrl.state.selectAll" ng-change="$ctrl.selectAll()" data-cy="k8sApp-selectAllCheckbox" />
-                  <label for="select_all"></label>
+              <th class="datatable-wide">
+                <span ng-if="$ctrl.isPrimary">
+                  <span class="md-checkbox">
+                    <input id="select_all" type="checkbox" ng-model="$ctrl.state.selectAll" ng-change="$ctrl.selectAll()" data-cy="k8sApp-selectAllCheckbox" />
+                    <label for="select_all"></label>
+                  </span>
+                  <a ng-click="$ctrl.expandAll()">
+                    <i ng-class="{ 'fas fa-angle-down': $ctrl.state.expandAll, 'fas fa-angle-right': !$ctrl.state.expandAll }" aria-hidden="true"></i>
+                  </a>
                 </span>
+              </th>
+              <th>
                 <a ng-click="$ctrl.changeOrderBy('Name')">
                   Name
                   <i class="fa fa-sort-alpha-down" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Name' && !$ctrl.state.reverseOrder"></i>
@@ -152,22 +156,39 @@
           </thead>
           <tbody>
             <tr
-              dir-paginate="item in ($ctrl.state.filteredDataSet = ($ctrl.dataset | filter:$ctrl.state.textFilter | filter:$ctrl.isDisplayed | orderBy:$ctrl.state.orderBy:$ctrl.state.reverseOrder | itemsPerPage: $ctrl.state.paginatedItemLimit: $ctrl.tableKey))"
-              ng-class="{ active: item.Checked }"
+              ng-click="$ctrl.expandItem(item, !item.Expanded)"
+              dir-paginate-start="item in ($ctrl.state.filteredDataSet = ($ctrl.dataset | filter:$ctrl.state.textFilter | filter:$ctrl.isDisplayed | orderBy:$ctrl.state.orderBy:$ctrl.state.reverseOrder | itemsPerPage: $ctrl.state.paginatedItemLimit: $ctrl.tableKey))"
+              ng-class="{ active: item.Checked, 'secondary-body': !$ctrl.isPrimary }"
               pagination-id="$ctrl.tableKey"
+              class="interactive"
             >
               <td>
-                <span class="md-checkbox">
-                  <input id="select_{{ $index }}" type="checkbox" ng-model="item.Checked" ng-click="$ctrl.selectItem(item, $event)" ng-disabled="$ctrl.isSystemNamespace(item)" />
+                <span ng-if="$ctrl.isPrimary" class="md-checkbox">
+                  <input
+                    id="select_{{ $index }}"
+                    type="checkbox"
+                    ng-model="item.Checked"
+                    ng-click="$ctrl.selectItem(item, $event); $event.stopPropagation()"
+                    ng-disabled="$ctrl.isSystemNamespace(item)"
+                  />
                   <label for="select_{{ $index }}"></label>
                 </span>
-                <a ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })">{{ item.Name }}</a>
+                <a><i ng-class="{ 'fas fa-angle-down': item.Expanded, 'fas fa-angle-right': !item.Expanded }" class="space-right" aria-hidden="true"></i></a>
+              </td>
+              <td>
+                <a ng-if="item.KubernetesApplications" ui-sref="kubernetes.helm({ name: item.Name })" ng-click="$event.stopPropagation()">{{ item.Name }} </a>
+                <a
+                  ng-if="!item.KubernetesApplications"
+                  ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })"
+                  ng-click="$event.stopPropagation()"
+                  >{{ item.Name }}
+                </a>
                 <span class="label label-info image-tag label-margins" ng-if="$ctrl.isSystemNamespace(item)">system</span>
                 <span class="label label-primary image-tag label-margins" ng-if="!$ctrl.isSystemNamespace(item) && $ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName || '-' }}</td>
+              <td>{{ item.StackName }}</td>
               <td>
-                <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.ResourcePool })">{{ item.ResourcePool }}</a>
+                <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.ResourcePool })" ng-click="$event.stopPropagation()">{{ item.ResourcePool }}</a>
               </td>
               <td title="{{ item.Image }}"
                 >{{ item.Image | truncate: 64 }} <span ng-if="item.Containers.length > 1">+ {{ item.Containers.length - 1 }}</span></td
@@ -176,7 +197,10 @@
               <td ng-if="item.ApplicationType !== $ctrl.KubernetesApplicationTypes.POD">
                 <span ng-if="item.DeploymentType === $ctrl.KubernetesApplicationDeploymentTypes.REPLICATED">Replicated</span>
                 <span ng-if="item.DeploymentType === $ctrl.KubernetesApplicationDeploymentTypes.GLOBAL">Global</span>
-                <code>{{ item.RunningPodsCount }}</code> / <code>{{ item.TotalPodsCount }}</code>
+                <span ng-if="item.RunningPodsCount >= 0 && item.TotalPodsCount >= 0">
+                  <code>{{ item.RunningPodsCount }}</code> / <code>{{ item.TotalPodsCount }}</code>
+                </span>
+                <span ng-if="item.KubernetesApplications">{{ item.Status }}</span>
               </td>
               <td ng-if="item.ApplicationType === $ctrl.KubernetesApplicationTypes.POD">
                 {{ item.Pods[0].Status }}
@@ -184,7 +208,7 @@
               <td>
                 <span ng-if="item.PublishedPorts.length">
                   <span>
-                    <a ng-click="$ctrl.onPublishingModeClick(item)">
+                    <a ng-click="$ctrl.onPublishingModeClick(item); $event.stopPropagation()">
                       <i class="fa {{ item.ServiceType | kubernetesApplicationServiceTypeIcon }}" aria-hidden="true" style="margin-right: 2px;"> </i>
                       {{ item.ServiceType | kubernetesApplicationServiceTypeText }}
                     </a>
@@ -194,6 +218,33 @@
               </td>
               <td>{{ item.CreationDate | getisodate }} {{ item.ApplicationOwner ? 'by ' + item.ApplicationOwner : '' }}</td>
             </tr>
+            <tr dir-paginate-end ng-show="item.Expanded" ng-class="{ 'secondary-body': $ctrl.isPrimary && !item.KubernetesApplications }">
+              <td></td>
+              <td colspan="8" class="datatable-padding-vertical">
+                <span ng-if="item.KubernetesApplications">
+                  <kubernetes-applications-datatable
+                    dataset="item.KubernetesApplications"
+                    table-key="{{ item.Id }}_table"
+                    order-by="Name"
+                    remove-action="$ctrl.removeAction"
+                    refresh-callback="$ctrl.refreshCallback"
+                    on-publishing-mode-click="($ctrl.onPublishingModeClick)"
+                    is-primary="false"
+                  >
+                  </kubernetes-applications-datatable>
+                </span>
+                <span ng-if="!item.KubernetesApplications">
+                  <kubernetes-applications-datatable-url ng-if="$ctrl.getPublishUrl(item)" published-url="{{ $ctrl.getPublishUrl(item) }}"> </kubernetes-applications-datatable-url>
+                  <kubernetes-applications-datatable-details
+                    ng-if="$ctrl.hasConfigurationSecrets(item)"
+                    configurations="item.Configurations"
+                  ></kubernetes-applications-datatable-details>
+                  <div class="small text-muted" ng-if="!$ctrl.hasConfigurationSecrets(item) && !$ctrl.getPublishUrl(item)">
+                    This application has not been exposed.
+                  </div>
+                </span>
+              </td>
+            </tr>
             <tr ng-if="!$ctrl.dataset">
               <td colspan="8" class="text-center text-muted">Loading...</td>
             </tr>
@@ -203,7 +254,7 @@
           </tbody>
         </table>
       </div>
-      <div class="footer" ng-if="$ctrl.dataset">
+      <div ng-if="$ctrl.isPrimary" class="footer" ng-if="$ctrl.dataset">
         <div class="infoBar" ng-if="$ctrl.state.selectedItemCount !== 0"> {{ $ctrl.state.selectedItemCount }} item(s) selected </div>
         <div class="paginationControls">
           <form class="form-inline">

app/kubernetes/components/datatables/applications-datatable/applicationsDatatable.js

@@ -1,3 +1,5 @@
+import './applicationsDatatable.css';
+
 angular.module('portainer.kubernetes').component('kubernetesApplicationsDatatable', {
   templateUrl: './applicationsDatatable.html',
   controller: 'KubernetesApplicationsDatatableController',
@@ -11,5 +13,6 @@ angular.module('portainer.kubernetes').component('kubernetesApplicationsDatatabl
     removeAction: '<',
     refreshCallback: '<',
     onPublishingModeClick: '<',
+    isPrimary: '<',
   },
 });

app/kubernetes/components/datatables/applications-datatable/applicationsDatatableController.js

@@ -1,6 +1,7 @@
 import { KubernetesApplicationDeploymentTypes, KubernetesApplicationTypes } from 'Kubernetes/models/application/models';
 import KubernetesApplicationHelper from 'Kubernetes/helpers/application';
 import KubernetesNamespaceHelper from 'Kubernetes/helpers/namespaceHelper';
+import { KubernetesConfigurationTypes } from 'Kubernetes/models/configuration/models';
 
 angular.module('portainer.docker').controller('KubernetesApplicationsDatatableController', [
   '$scope',
@@ -10,12 +11,63 @@ angular.module('portainer.docker').controller('KubernetesApplicationsDatatableCo
   function ($scope, $controller, DatatableService, Authentication) {
     angular.extend(this, $controller('GenericDatatableController', { $scope: $scope }));
 
-    var ctrl = this;
+    const ctrl = this;
 
     this.settings = Object.assign(this.settings, {
       showSystem: false,
     });
 
+    this.state = Object.assign(this.state, {
+      expandAll: false,
+      expandedItems: [],
+    });
+
+    this.expandAll = function () {
+      this.state.expandAll = !this.state.expandAll;
+      this.state.filteredDataSet.forEach((item) => this.expandItem(item, this.state.expandAll));
+    };
+
+    this.expandItem = function (item, expanded) {
+      item.Expanded = expanded;
+      if (item.Expanded && !this.state.expandedItems.includes(item.Id)) {
+        this.state.expandedItems = [...this.state.expandedItems, item.Id];
+      } else {
+        this.state.expandedItems = this.state.expandedItems.filter((id) => id !== item.Id);
+      }
+      DatatableService.setDataTableExpandedItems(this.tableKey, this.state.expandedItems);
+    };
+
+    function expandPreviouslyExpandedItem(item, storedExpandedItems) {
+      const expandedItem = storedExpandedItems.some((storedId) => storedId === item.Id);
+      if (expandedItem) {
+        ctrl.expandItem(item, true);
+      }
+    }
+
+    this.expandItems = function (storedExpandedItems) {
+      let expandedItemCount = 0;
+      this.state.expandedItems = storedExpandedItems;
+
+      for (let i = 0; i < this.dataset.length; i++) {
+        const item = this.dataset[i];
+        expandPreviouslyExpandedItem(item, storedExpandedItems);
+        if (item.Expanded) {
+          ++expandedItemCount;
+        }
+      }
+
+      if (expandedItemCount === this.dataset.length) {
+        this.state.expandAll = true;
+      }
+    };
+
+    this.onDataRefresh = function () {
+      const storedExpandedItems = DatatableService.getDataTableExpandedItems(this.tableKey);
+      if (storedExpandedItems !== null) {
+        this.expandItems(storedExpandedItems);
+      }
+    };
+
     this.onSettingsShowSystemChange = function () {
       DatatableService.setDataTableSettings(this.tableKey, this.settings);
     };
@@ -25,6 +77,10 @@ angular.module('portainer.docker').controller('KubernetesApplicationsDatatableCo
     };
 
     this.isSystemNamespace = function (item) {
+      // if all charts in a helm app/release are in the system namespace
+      if (item.KubernetesApplications && item.KubernetesApplications.length > 0) {
+        return item.KubernetesApplications.some((app) => KubernetesNamespaceHelper.isSystemNamespace(app.ResourcePool));
+      }
       return KubernetesNamespaceHelper.isSystemNamespace(item.ResourcePool);
     };
 
@@ -32,6 +88,18 @@ angular.module('portainer.docker').controller('KubernetesApplicationsDatatableCo
       return !ctrl.isSystemNamespace(item) || ctrl.settings.showSystem;
     };
 
+    this.getPublishUrl = function (item) {
+      // Map all ingress rules in published ports to their respective URLs
+      const publishUrls = item.PublishedPorts.flatMap((pp) => pp.IngressRules).map(({ Host, IP, Path }) => `http://${Host || IP}${Path}`);
+
+      // Return the first URL
+      return publishUrls.length > 0 ? publishUrls[0] : '';
+    };
+
+    this.hasConfigurationSecrets = function (item) {
+      return item.Configurations && item.Configurations.some((config) => config.Data && config.Type === KubernetesConfigurationTypes.SECRET);
+    };
+
     /**
      * Do not allow applications in system namespaces to be selected
      */

app/kubernetes/components/datatables/configurations-datatable/configurationsDatatable.html

@@ -66,11 +66,8 @@
         >
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.configurations.new" data-cy="k8sConfig-addConfigWithFormButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add configuration with form
-        </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sConfig-deployFromManifestButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.configurations.new" data-cy="k8sConfig-addConfigButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add configuration
         </button>
       </div>
       <div class="searchBar">

app/kubernetes/components/datatables/integrated-applications-datatable/integratedApplicationsDatatable.html

@@ -91,7 +91,7 @@
               <td
                 ><a ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })">{{ item.Name }}</a></td
               >
-              <td>{{ item.StackName || '-' }}</td>
+              <td>{{ item.StackName }}</td>
               <td title="{{ item.Image }}">{{ item.Image | truncate: 64 }}</td>
             </tr>
             <tr ng-if="!$ctrl.dataset">

app/kubernetes/components/datatables/node-applications-datatable/nodeApplicationsDatatable.html

@@ -114,7 +114,7 @@
                 <span style="margin-left: 5px;" class="label label-info image-tag" ng-if="$ctrl.isSystemNamespace(item)">system</span>
                 <span style="margin-left: 5px;" class="label label-primary image-tag" ng-if="!$ctrl.isSystemNamespace(item) && $ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName || '-' }}</td>
+              <td>{{ item.StackName }}</td>
               <td>
                 <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.ResourcePool })">{{ item.ResourcePool }}</a>
               </td>

app/kubernetes/components/datatables/resource-pool-applications-datatable/resourcePoolApplicationsDatatable.html

@@ -106,7 +106,7 @@
                 <a ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })">{{ item.Name }}</a>
                 <span style="margin-left: 5px;" class="label label-primary image-tag" ng-if="$ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName || '-' }}</td>
+              <td>{{ item.StackName }}</td>
               <td title="{{ item.Image }}"
                 >{{ item.Image | truncate: 64 }} <span ng-if="item.Containers.length > 1">+ {{ item.Containers.length - 1 }}</span></td
               >

app/kubernetes/components/datatables/resource-pools-datatable/resourcePoolsDatatable.html

@@ -60,11 +60,8 @@
         >
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.resourcePools.new" data-cy="k8sNamespace-addNamespaceWithFormButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add namespace with form
-        </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sNamespace-deployFromManifestButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.resourcePools.new" data-cy="k8sNamespace-addNamespaceButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add namespace
         </button>
       </div>
       <div class="searchBar">
@@ -95,13 +92,6 @@
                   <i class="fa fa-sort-alpha-up" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Name' && $ctrl.state.reverseOrder"></i>
                 </a>
               </th>
-              <th>
-                <a ng-click="$ctrl.changeOrderBy('Namespace.Status')">
-                  Status
-                  <i class="fa fa-sort-alpha-down" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Status' && !$ctrl.state.reverseOrder"></i>
-                  <i class="fa fa-sort-alpha-up" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Status' && $ctrl.state.reverseOrder"></i>
-                </a>
-              </th>  
               <th>
                 <a ng-click="$ctrl.changeOrderBy('Quota')">
                   Quota
@@ -134,9 +124,6 @@
                 <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.Namespace.Name })">{{ item.Namespace.Name }}</a>
                 <span style="margin-left: 5px;" class="label label-info image-tag" ng-if="$ctrl.isSystemNamespace(item)">system</span>
               </td>
-              <td>
-                <span class="label label-{{ $ctrl.namespaceStatusColor(item.Namespace.Status) }}">{{ item.Namespace.Status }}</span>
-              </td>
               <td> <i class="fa {{ item.Quota ? 'fa-toggle-on' : 'fa-toggle-off' }}" aria-hidden="true" style="margin-right: 2px;"></i> {{ item.Quota ? 'Yes' : 'No' }} </td>
               <td>{{ item.Namespace.CreationDate | getisodate }} {{ item.Namespace.ResourcePoolOwner ? 'by ' + item.Namespace.ResourcePoolOwner : '' }}</td>
               <td ng-if="$ctrl.isAdmin">

app/kubernetes/components/datatables/resource-pools-datatable/resourcePoolsDatatableController.js

@@ -38,17 +38,6 @@ angular.module('portainer.docker').controller('KubernetesResourcePoolsDatatableC
       return !ctrl.isSystemNamespace(item) || (ctrl.settings.showSystem && ctrl.isAdmin);
     };
 
-    this.namespaceStatusColor = function(status) {
-      switch (status.toLowerCase()) {
-        case 'active':
-          return 'success';
-        case 'terminating':
-          return 'danger';
-        default:
-          return 'primary';
-      }
-    };
-
     /**
      * Do not allow system namespaces to be selected
      */

app/kubernetes/components/datatables/volumes-datatable/volumesDatatable.html

@@ -54,9 +54,6 @@
         <button type="button" class="btn btn-sm btn-danger" ng-disabled="$ctrl.state.selectedItemCount === 0" ng-click="$ctrl.removeAction($ctrl.state.selectedItems)">
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sVolume-deployFromManifestButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
-        </button>        
       </div>
       <div class="searchBar">
         <i class="fa fa-search searchIcon" aria-hidden="true"></i>

app/kubernetes/components/helm/helm-templates/helm-add-repository/helm-add-repository.controller.js

@@ -0,0 +1,34 @@
+export default class HelmAddRepositoryController {
+  /* @ngInject */
+  constructor($async, $window, $analytics, Authentication, UserService, Notifications) {
+    this.$async = $async;
+    this.$window = $window;
+    this.$analytics = $analytics;
+    this.Authentication = Authentication;
+    this.UserService = UserService;
+    this.Notifications = Notifications;
+  }
+
+  async addRepository() {
+    this.state.isAddingRepo = true;
+    try {
+      const { URL } = await this.UserService.addHelmRepository(this.state.userId, this.state.repository);
+      this.Notifications.success('Helm repository added successfully');
+      this.refreshCharts([URL], true);
+    } catch (err) {
+      this.Notifications.error('Installation error', err);
+    } finally {
+      this.state.isAddingRepo = false;
+    }
+  }
+
+  $onInit() {
+    return this.$async(async () => {
+      this.state = {
+        isAddingRepo: false,
+        repository: '',
+        userId: this.Authentication.getUserDetails().ID,
+      };
+    });
+  }
+}

app/kubernetes/components/helm/helm-templates/helm-add-repository/helm-add-repository.html

@@ -0,0 +1,36 @@
+<rd-widget>
+  <rd-widget-header icon="fa-dharmachakra" title-text="Additional repositories"></rd-widget-header>
+  <rd-widget-body>
+    <div class="actionBar">
+      <form class="form-horizontal">
+        <div class="form-group">
+          <span class="col-sm-12 text-muted small">
+            Add a Helm repository. All Helm charts in the repository will be added to the list.
+          </span>
+        </div>
+
+        <div class="form-group">
+          <div class="col-sm-12">
+            <input type="text" name="repo" class="form-control" ng-model="$ctrl.state.repository" placeholder="https://charts.bitnami.com/bitnami" required />
+          </div>
+        </div>
+
+        <div class="form-group">
+          <div class="col-sm-12">
+            <button
+              type="button"
+              class="btn btn-sm btn-default nomargin"
+              ng-click="$ctrl.addRepository()"
+              ng-disabled="$ctrl.state.isAddingRepo"
+              analytics-on
+              analytics-category="kubernetes"
+              analytics-event="kubernetes-helm-add-repository"
+            >
+              Add repository
+            </button>
+          </div>
+        </div>
+      </form>
+    </div>
+  </rd-widget-body>
+</rd-widget>

app/kubernetes/components/helm/helm-templates/helm-add-repository/helm-add-repository.js

@@ -0,0 +1,11 @@
+import angular from 'angular';
+import controller from './helm-add-repository.controller';
+
+angular.module('portainer.kubernetes').component('helmAddRepository', {
+  templateUrl: './helm-add-repository.html',
+  controller,
+  bindings: {
+    charts: '@',
+    refreshCharts: '<',
+  },
+});

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list-item/helm-templates-list-item.css

@@ -0,0 +1,9 @@
+.helm-template-item-details {
+  display: flex;
+  justify-content: space-between;
+  flex-wrap: wrap;
+}
+
+.helm-template-item-details .helm-template-item-details-sub {
+  width: 100%;
+}

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list-item/helm-templates-list-item.html

@@ -0,0 +1,46 @@
+<!-- helm chart -->
+<div ng-class="{ 'blocklist-item--selected': $ctrl.model.Selected }" class="blocklist-item template-item" ng-click="$ctrl.onSelect($ctrl.model)">
+  <div class="blocklist-item-box">
+    <!-- helmchart-image -->
+    <span ng-if="$ctrl.model.icon">
+      <img class="blocklist-item-logo" ng-src="{{ $ctrl.model.icon }}" />
+    </span>
+    <span class="blocklist-item-logo" ng-if="!$ctrl.model.icon">
+      <i class="fa fa-dharmachakra fa-4x blue-icon" aria-hidden="true"></i>
+    </span>
+    <!-- !helmchart-image -->
+    <!-- helmchart-details -->
+    <div class="col-sm-12 helm-template-item-details">
+      <!-- blocklist-item-line1 -->
+      <div class="blocklist-item-line">
+        <span>
+          <span class="blocklist-item-title">
+            {{ $ctrl.model.name }}
+          </span>
+          <span class="space-left blocklist-item-subtitle">
+            <span>
+              <i class="fa fa-dharmachakra" aria-hidden="true"></i>
+            </span>
+            <span>
+              Helm
+            </span>
+          </span>
+        </span>
+      </div>
+      <!-- !blocklist-item-line1 -->
+      <span class="blocklist-item-actions" ng-transclude="actions"></span>
+      <!-- blocklist-item-line2 -->
+      <div class="blocklist-item-line helm-template-item-details-sub">
+        <span class="blocklist-item-desc">
+          {{ $ctrl.model.description }}
+        </span>
+        <span class="small text-muted" ng-if="$ctrl.model.annotations.category">
+          {{ $ctrl.model.annotations.category }}
+        </span>
+      </div>
+      <!-- !blocklist-item-line2 -->
+    </div>
+    <!-- !helmchart-details -->
+  </div>
+  <!-- !helm chart -->
+</div>

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list-item/helm-templates-list-item.js

@@ -0,0 +1,13 @@
+import angular from 'angular';
+import './helm-templates-list-item.css';
+
+angular.module('portainer.kubernetes').component('helmTemplatesListItem', {
+  templateUrl: './helm-templates-list-item.html',
+  bindings: {
+    model: '<',
+    onSelect: '<',
+  },
+  transclude: {
+    actions: '?templateItemActions',
+  },
+});

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list.controller.js

@@ -0,0 +1,53 @@
+export default class HelmTemplatesListController {
+  /* @ngInject */
+  constructor($async, DatatableService, HelmService, Notifications) {
+    this.$async = $async;
+    this.DatatableService = DatatableService;
+    this.HelmService = HelmService;
+    this.Notifications = Notifications;
+
+    this.updateCategories = this.updateCategories.bind(this);
+  }
+
+  async updateCategories() {
+    try {
+      const annotationCategories = this.charts
+        .map((t) => t.annotations) // get annotations
+        .filter((a) => a) // filter out undefined/nulls
+        .map((c) => c.category); // get annotation category
+      const availableCategories = [...new Set(annotationCategories)].sort(); // unique and sort
+      this.state.categories = availableCategories;
+    } catch (err) {
+      this.Notifications.error('Failure', err, 'Unable to retrieve helm charts categories');
+    }
+  }
+
+  onTextFilterChange() {
+    this.DatatableService.setDataTableTextFilters(this.tableKey, this.state.textFilter);
+  }
+
+  clearCategory() {
+    this.state.selectedCategory = '';
+  }
+
+  $onChanges() {
+    if (this.charts.length > 0) {
+      this.updateCategories();
+    }
+  }
+
+  $onInit() {
+    return this.$async(async () => {
+      this.state = {
+        textFilter: '',
+        selectedCategory: '',
+        categories: [],
+      };
+
+      const textFilter = this.DatatableService.getDataTableTextFilters(this.tableKey);
+      if (textFilter !== null) {
+        this.state.textFilter = textFilter;
+      }
+    });
+  }
+}

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list.html

@@ -0,0 +1,57 @@
+<div class="datatable">
+  <rd-widget>
+    <rd-widget-body classes="no-padding">
+      <div class="toolBar">
+        <div class="toolBarTitle"> <i class="fa" ng-class="$ctrl.titleIcon" aria-hidden="true" style="margin-right: 2px;"></i> {{ $ctrl.titleText }} </div>
+      </div>
+
+      <div class="actionBar">
+        <div>
+          <span style="width: 25%;">
+            <ui-select ng-model="$ctrl.state.selectedCategory" theme="bootstrap">
+              <ui-select-match placeholder="Select a category">
+                <a class="btn btn-xs btn-link pull-right" ng-click="$ctrl.clearCategory()"><i class="glyphicon glyphicon-remove"></i></a>
+                <span>{{ $select.selected }}</span>
+              </ui-select-match>
+              <ui-select-choices repeat="category in ($ctrl.state.categories | filter: $select.search)">
+                <span>{{ category }}</span>
+              </ui-select-choices>
+            </ui-select>
+          </span>
+        </div>
+      </div>
+
+      <div class="searchBar" style="border-top: 2px solid #f6f6f6;">
+        <i class="fa fa-search searchIcon" aria-hidden="true"></i>
+        <input
+          type="text"
+          class="searchInput"
+          ng-model="$ctrl.state.textFilter"
+          ng-change="$ctrl.onTextFilterChange()"
+          placeholder="Search..."
+          auto-focus
+          ng-model-options="{ debounce: 300 }"
+        />
+      </div>
+
+      <div class="blocklist">
+        <helm-templates-list-item
+          ng-repeat="chart in $ctrl.charts | filter:$ctrl.state.textFilter | filter: $ctrl.state.selectedCategory "
+          model="chart"
+          type-label="helm"
+          on-select="($ctrl.selectAction)"
+        >
+        </helm-templates-list-item>
+        <div ng-if="$ctrl.loading" class="text-center text-muted">
+          Loading...
+          <div class="text-center text-muted">
+            Initial download of Helm Charts can take a few minutes
+          </div>
+        </div>
+        <div ng-if="!$ctrl.loading && $ctrl.charts.length === 0" class="text-center text-muted">
+          No helm charts available.
+        </div>
+      </div>
+    </rd-widget-body>
+  </rd-widget>
+</div>

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list.js

@@ -0,0 +1,15 @@
+import angular from 'angular';
+import controller from './helm-templates-list.controller';
+
+angular.module('portainer.kubernetes').component('helmTemplatesList', {
+  templateUrl: './helm-templates-list.html',
+  controller,
+  bindings: {
+    loading: '<',
+    titleText: '@',
+    titleIcon: '@',
+    charts: '<',
+    tableKey: '@',
+    selectAction: '<',
+  },
+});

app/kubernetes/components/helm/helm-templates/helm-templates.controller.js

@@ -0,0 +1,178 @@
+import KubernetesNamespaceHelper from 'Kubernetes/helpers/namespaceHelper';
+
+export default class HelmTemplatesController {
+  /* @ngInject */
+  constructor($analytics, $async, $state, $window, $anchorScroll, Authentication, UserService, HelmService, KubernetesResourcePoolService, Notifications, ModalService) {
+    this.$analytics = $analytics;
+    this.$async = $async;
+    this.$window = $window;
+    this.$state = $state;
+    this.$anchorScroll = $anchorScroll;
+    this.Authentication = Authentication;
+    this.UserService = UserService;
+    this.HelmService = HelmService;
+    this.KubernetesResourcePoolService = KubernetesResourcePoolService;
+    this.Notifications = Notifications;
+    this.ModalService = ModalService;
+
+    this.editorUpdate = this.editorUpdate.bind(this);
+    this.uiCanExit = this.uiCanExit.bind(this);
+    this.installHelmchart = this.installHelmchart.bind(this);
+    this.getHelmValues = this.getHelmValues.bind(this);
+    this.selectHelmChart = this.selectHelmChart.bind(this);
+    this.getHelmRepoURLs = this.getHelmRepoURLs.bind(this);
+    this.getLatestCharts = this.getLatestCharts.bind(this);
+    this.getResourcePools = this.getResourcePools.bind(this);
+
+    $window.onbeforeunload = () => {
+      if (this.state.isEditorDirty) {
+        return '';
+      }
+    };
+  }
+
+  editorUpdate(content) {
+    const contentvalues = content.getValue();
+    if (this.state.originalvalues === contentvalues) {
+      this.state.isEditorDirty = false;
+    } else {
+      this.state.values = contentvalues;
+      this.state.isEditorDirty = true;
+    }
+  }
+
+  async uiCanExit() {
+    if (this.state.isEditorDirty) {
+      return this.ModalService.confirmWebEditorDiscard();
+    }
+  }
+
+  async installHelmchart() {
+    this.state.actionInProgress = true;
+    try {
+      await this.HelmService.install(this.state.appName, this.state.chart.repo, this.state.chart.name, this.state.values, this.state.resourcePool.Namespace.Name);
+      this.Notifications.success('Helm Chart successfully installed');
+      this.$analytics.eventTrack('kubernetes-helm-install', { category: 'kubernetes', metadata: { 'chart-name': this.state.chart.name } });
+      this.state.isEditorDirty = false;
+      this.$state.go('kubernetes.applications');
+    } catch (err) {
+      this.Notifications.error('Installation error', err);
+    } finally {
+      this.state.actionInProgress = false;
+    }
+  }
+
+  async getHelmValues() {
+    this.state.loadingValues = true;
+    try {
+      const { values } = await this.HelmService.values(this.state.chart.repo, this.state.chart.name);
+      this.state.values = values;
+      this.state.originalvalues = values;
+    } catch (err) {
+      this.Notifications.error('Failure', err, 'Unable to retrieve helm chart values.');
+    } finally {
+      this.state.loadingValues = false;
+    }
+  }
+
+  async selectHelmChart(chart) {
+    this.$anchorScroll('view-top');
+    this.state.showCustomValues = false;
+    this.state.chart = chart;
+    await this.getHelmValues();
+  }
+
+  /**
+   * @description This function is used to get the helm repo urls for the endpoint and user
+   * @returns {Promise<string[]>} list of helm repo urls
+   */
+
+  async getHelmRepoURLs() {
+    this.state.reposLoading = true;
+    try {
+      // fetch globally set helm repo and user helm repos (parallel)
+      const { GlobalRepo, UserRepos } = await this.UserService.getHelmRepositories(this.state.userId);
+      const userHelmReposUrls = UserRepos.map((repo) => repo.URL);
+      const uniqueHelmRepos = [...new Set([GlobalRepo, ...userHelmReposUrls])]; // remove duplicates
+      return uniqueHelmRepos;
+    } catch (err) {
+      this.Notifications.error('Failure', err, 'Unable to retrieve helm repo urls.');
+    } finally {
+      this.state.reposLoading = false;
+    }
+  }
+
+  /**
+   * @description This function is used to fetch the respective index.yaml files for the provided helm repo urls
+   * @param {string[]} helmRepos list of helm repositories
+   * @param {bool} append append charts returned from repo to existing list of helm charts
+   */
+
+  async getLatestCharts(helmRepos, append = false) {
+    this.state.chartsLoading = true;
+    try {
+      const promiseList = helmRepos.map((repo) => this.HelmService.search(repo));
+      // fetch helm charts from all the provided helm repositories (parallel)
+      // Promise.allSettled is used to account for promise failure(s) - in cases the  user has provided invalid helm repo
+      const chartPromises = await Promise.allSettled(promiseList);
+      const latestCharts = chartPromises
+        .filter((tp) => tp.status === 'fulfilled') // remove failed promises
+        .map((tp) => ({ entries: tp.value.entries, repo: helmRepos[chartPromises.indexOf(tp)] })) // extract chart entries with respective repo data
+        .flatMap(
+          ({ entries, repo }) => Object.values(entries).map((charts) => ({ ...charts[0], repo })) // flatten chart entries to single array with respective repo
+        );
+
+      this.state.charts = append ? this.state.charts.concat(latestCharts) : latestCharts;
+    } catch (err) {
+      this.Notifications.error('Failure', err, 'Unable to retrieve helm repo charts.');
+    } finally {
+      this.state.chartsLoading = false;
+    }
+  }
+
+  async getResourcePools() {
+    this.state.resourcePoolsLoading = true;
+    try {
+      const resourcePools = await this.KubernetesResourcePoolService.get();
+
+      const nonSystemNamespaces = resourcePools.filter((resourcePool) => !KubernetesNamespaceHelper.isSystemNamespace(resourcePool.Namespace.Name));
+      this.state.resourcePools = nonSystemNamespaces;
+      this.state.resourcePool = nonSystemNamespaces[0];
+    } catch (err) {
+      this.Notifications.error('Failure', err, 'Unable to retrieve initial helm data.');
+    } finally {
+      this.state.resourcePoolsLoading = false;
+    }
+  }
+
+  $onInit() {
+    return this.$async(async () => {
+      this.state = {
+        appName: '',
+        chart: null,
+        showCustomValues: false,
+        actionInProgress: false,
+        resourcePools: [],
+        resourcePool: '',
+        values: null,
+        originalvalues: null,
+        charts: [],
+        loadingValues: false,
+        isEditorDirty: false,
+        chartsLoading: false,
+        resourcePoolsLoading: false,
+        userId: this.Authentication.getUserDetails().ID,
+        viewReady: false,
+      };
+
+      const helmRepos = await this.getHelmRepoURLs();
+      await Promise.all([this.getLatestCharts(helmRepos), this.getResourcePools()]);
+
+      this.state.viewReady = true;
+    });
+  }
+
+  $onDestroy() {
+    this.state.isEditorDirty = false;
+  }
+}

app/kubernetes/components/helm/helm-templates/helm-templates.html

@@ -0,0 +1,182 @@
+<rd-header id="view-top">
+  <rd-header-title title-text="Helm">
+    <a data-toggle="tooltip" title="Refresh" ui-sref="kubernetes.templates" ui-sref-opts="{reload: true}">
+      <i class="fa fa-sync" aria-hidden="true"></i>
+    </a>
+  </rd-header-title>
+  <rd-header-content>Charts</rd-header-content>
+</rd-header>
+
+<information-panel title-text="Information" ng-if="!$ctrl.state.chart">
+  <span class="small text-muted">
+    <p>
+      <i class="fa fa-exclamation-circle orange-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+      This is a first version for Helm charts, for more information see this <a href="#">blog post.</a>
+    </p>
+  </span>
+</information-panel>
+
+<div class="row">
+  <!-- helmchart-form -->
+  <div class="col-sm-12" ng-if="$ctrl.state.chart">
+    <rd-widget>
+      <rd-widget-custom-header icon="$ctrl.state.chart.icon" title-text="$ctrl.state.chart.name"></rd-widget-custom-header>
+      <rd-widget-body classes="padding">
+        <form class="form-horizontal" name="$ctrl.helmTemplateCreationForm">
+          <!-- description -->
+          <div>
+            <div class="col-sm-12 form-section-title">
+              Description
+            </div>
+            <div class="form-group">
+              <div class="col-sm-12">
+                <div class="template-note" ng-bind-html="$ctrl.state.chart.description"></div>
+              </div>
+            </div>
+          </div>
+          <!-- !description -->
+          <div class="col-sm-12 form-section-title">
+            Configuration
+          </div>
+          <!-- namespace-input -->
+          <div class="form-group">
+            <label for="resource-pool-selector" class="col-sm-2 control-label text-left">Namespace</label>
+            <div class="col-sm-10">
+              <select
+                class="form-control"
+                id="resource-pool-selector"
+                ng-model="$ctrl.state.resourcePool"
+                ng-options="resourcePool.Namespace.Name for resourcePool in $ctrl.state.resourcePools"
+                ng-change=""
+                ng-disabled="$ctrl.state.isEdit"
+              ></select>
+            </div>
+          </div>
+          <div class="form-group" ng-if="!$ctrl.state.resourcePool">
+            <div class="col-sm-12 small text-danger">
+              <i class="fa fa-exclamation-circle red-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+              This namespace has exhausted its resource capacity and you will not be able to deploy the application. Contact your administrator to expand the capacity of the
+              namespace.
+            </div>
+          </div>
+          <div class="form-group" ng-if="!$ctrl.state.resourcePool">
+            <div class="col-sm-12 small text-muted">
+              <i class="fa fa-exclamation-circle orange-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+              You do not have access to any namespace. Contact your administrator to get access to a namespace.
+            </div>
+          </div>
+          <!-- !namespace-input -->
+          <!-- name-input -->
+          <div class="form-group">
+            <label for="release_name" class="col-sm-2 control-label text-left">Name</label>
+            <div class="col-sm-10">
+              <input
+                type="text"
+                name="release_name"
+                class="form-control"
+                ng-model="$ctrl.state.appName"
+                placeholder="e.g. my-app"
+                required
+                ng-pattern="/^[a-z]([-a-z0-9]*[a-z0-9])?$/"
+              />
+            </div>
+          </div>
+          <div class="form-group" ng-show="$ctrl.helmTemplateCreationForm.release_name.$invalid">
+            <div class="col-sm-12 small text-warning">
+              <div ng-messages="$ctrl.helmTemplateCreationForm.release_name.$error">
+                <p ng-message="required"><i class="fa fa-exclamation-triangle" aria-hidden="true"></i> This field is required.</p>
+                <p ng-message="pattern">
+                  <i class="fa fa-exclamation-triangle" aria-hidden="true"></i> This field must consist of lower case alphanumeric characters or '-', start with an alphabetic
+                  character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123').
+                </p>
+              </div>
+            </div>
+          </div>
+          <!-- !name-input -->
+          <div class="form-group">
+            <div class="col-sm-12">
+              <a class="small interactive" ng-if="!$ctrl.state.showCustomValues && !$ctrl.state.loadingValues" ng-click="$ctrl.state.showCustomValues = true;">
+                <i class="fa fa-plus space-right" aria-hidden="true"></i> Show custom values
+              </a>
+              <span class="small interactive" ng-if="$ctrl.state.loadingValues"> <i class="fa fa-sync-alt space-right" aria-hidden="true"></i> Loading values.yaml... </span>
+              <a class="small interactive" ng-if="$ctrl.state.showCustomValues" ng-click="$ctrl.state.showCustomValues = false;">
+                <i class="fa fa-minus space-right" aria-hidden="true"></i> Hide custom values
+              </a>
+            </div>
+          </div>
+          <!-- values override -->
+          <div ng-if="$ctrl.state.showCustomValues">
+            <!-- web-editor -->
+            <div>
+              <div class="col-sm-12 form-section-title">
+                Web editor
+              </div>
+              <div class="form-group">
+                <span class="col-sm-12 text-muted small">
+                  You can get more information about Helm values file format in the
+                  <a href="https://helm.sh/docs/chart_template_guide/values_files/" target="_blank">official documentation</a>.
+                </span>
+              </div>
+              <div class="form-group">
+                <div class="col-sm-12">
+                  <code-editor
+                    identifier="helm-app-creation-editor"
+                    placeholder="# Define or paste the content of your values yaml file here"
+                    yml="true"
+                    on-change="($ctrl.editorUpdate)"
+                    value="$ctrl.state.values"
+                  ></code-editor>
+                </div>
+              </div>
+            </div>
+            <!-- !web-editor -->
+          </div>
+          <!-- !values override -->
+          <!-- helm actions -->
+          <div class="col-sm-12 form-section-title">
+            Actions
+          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <button
+                type="button"
+                class="btn btn-primary btn-sm"
+                ng-disabled="!($ctrl.state.appName && $ctrl.state.resourcePool && !$ctrl.state.loadingValues && !$ctrl.state.actionInProgress)"
+                ng-click="$ctrl.installHelmchart()"
+                button-spinner="$ctrl.state.actionInProgress"
+              >
+                <span ng-hide="$ctrl.state.actionInProgress">Install</span>
+                <span ng-hide="!$ctrl.state.actionInProgress">Helm installing in progress</span>
+              </button>
+              <button type="button" class="btn btn-sm btn-default" ng-click="$ctrl.state.chart = null">Hide</button>
+            </div>
+          </div>
+          <!-- !helm actions -->
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+  <!-- helmchart-form -->
+</div>
+
+<div class="row">
+  <div class="col-sm-12">
+    <helm-add-repository charts="$ctrl.state.charts" refresh-charts="$ctrl.getLatestCharts"></helm-add-repository>
+  </div>
+</div>
+
+<!-- Helm Charts Component -->
+<div class="row">
+  <div class="col-sm-12">
+    <helm-templates-list
+      title-text="Charts"
+      title-icon="fa-rocket"
+      charts="$ctrl.state.charts"
+      table-key="$ctrl.state.charts"
+      select-action="$ctrl.selectHelmChart"
+      loading="$ctrl.state.chartsLoading || $ctrl.state.resourcePoolsLoading"
+    >
+    </helm-templates-list>
+  </div>
+</div>
+<!-- !Helm Charts Component -->

app/kubernetes/components/helm/helm-templates/helm-templates.js

@@ -0,0 +1,7 @@
+import angular from 'angular';
+import controller from './helm-templates.controller';
+
+angular.module('portainer.kubernetes').component('helmTemplatesView', {
+  templateUrl: './helm-templates.html',
+  controller,
+});

app/kubernetes/components/kubectl-shell/kubectl-shell.html

@@ -1,13 +1,4 @@
-<button
-  type="button"
-  class="btn btn-xs btn-primary"
-  ng-click="$ctrl.connectConsole()"
-  ng-disabled="$ctrl.state.shell.connected"
-  data-cy="k8sSidebar-shellButton"
-  analytics-on
-  analytics-category="kubernetes"
-  analytics-event="kubernetes-kubectl-shell"
->
+<button type="button" class="btn btn-xs btn-primary" ng-click="$ctrl.connectConsole()" ng-disabled="$ctrl.state.shell.connected" data-cy="k8sSidebar-shellButton">
   <i class="fa fa-terminal space-right"></i> kubectl shell
 </button>
 

app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html

@@ -8,16 +8,6 @@
   Dashboard
 </sidebar-menu-item>
 
-<sidebar-menu-item
-  path="kubernetes.templates.custom"
-  path-params="{ endpointId: $ctrl.endpointId }"
-  icon-class="fa-rocket fa-fw"
-  class-name="sidebar-list"
-  data-cy="k8sSidebar-customTemplates"
->
-  Custom Templates
-</sidebar-menu-item>
-
 <sidebar-menu-item
   path="kubernetes.resourcePools"
   path-params="{ endpointId: $ctrl.endpointId }"
@@ -28,6 +18,15 @@
   Namespaces
 </sidebar-menu-item>
 
+<sidebar-menu-item
+  path="kubernetes.templates"
+  path-params="{ endpointId: $ctrl.endpointId }"
+  icon-class="fa-dharmachakra fa-fw"
+  class-name="sidebar-list"
+>
+  Helm
+</sidebar-menu-item>
+
 <sidebar-menu-item
   path="kubernetes.applications"
   path-params="{ endpointId: $ctrl.endpointId }"

app/kubernetes/converters/application.js

@@ -14,7 +14,6 @@ import {
   KubernetesPortainerApplicationNote,
   KubernetesPortainerApplicationOwnerLabel,
   KubernetesPortainerApplicationStackNameLabel,
-  KubernetesPortainerApplicationStackIdLabel,
 } from 'Kubernetes/models/application/models';
 import { KubernetesServiceTypes } from 'Kubernetes/models/service/models';
 import KubernetesResourceReservationHelper from 'Kubernetes/helpers/resourceReservationHelper';
@@ -55,16 +54,10 @@ class KubernetesApplicationConverter {
     const containers = data.spec.template ? _.without(_.concat(data.spec.template.spec.containers, data.spec.template.spec.initContainers), undefined) : data.spec.containers;
     res.Id = data.metadata.uid;
     res.Name = data.metadata.name;
-
-    if (data.metadata.labels) {
-      const { labels } = data.metadata;
-      res.StackId = labels[KubernetesPortainerApplicationStackIdLabel] ? parseInt(labels[KubernetesPortainerApplicationStackIdLabel], 10) : null;
-      res.StackName = labels[KubernetesPortainerApplicationStackNameLabel] || '';
-      res.ApplicationOwner = labels[KubernetesPortainerApplicationOwnerLabel] || '';
-      res.ApplicationName = labels[KubernetesPortainerApplicationNameLabel] || res.Name;
-    }
-
+    res.StackName = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationStackNameLabel] || '-' : '-';
+    res.ApplicationOwner = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationOwnerLabel] || '' : '';
     res.Note = data.metadata.annotations ? data.metadata.annotations[KubernetesPortainerApplicationNote] || '' : '';
+    res.ApplicationName = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationNameLabel] || res.Name : res.Name;
     res.ResourcePool = data.metadata.namespace;
     if (containers.length) {
       res.Image = containers[0].image;

app/kubernetes/custom-templates/index.js

@@ -1,61 +0,0 @@
-import angular from 'angular';
-
-import { kubeCustomTemplatesView } from './kube-custom-templates-view';
-import { kubeEditCustomTemplateView } from './kube-edit-custom-template-view';
-import { kubeCreateCustomTemplateView } from './kube-create-custom-template-view';
-
-export default angular
-  .module('portainer.kubernetes.custom-templates', [])
-  .config(config)
-  .component('kubeCustomTemplatesView', kubeCustomTemplatesView)
-  .component('kubeEditCustomTemplateView', kubeEditCustomTemplateView)
-  .component('kubeCreateCustomTemplateView', kubeCreateCustomTemplateView).name;
-
-function config($stateRegistryProvider) {
-  const templates = {
-    name: 'kubernetes.templates',
-    url: '/templates',
-    abstract: true,
-  };
-
-  const customTemplates = {
-    name: 'kubernetes.templates.custom',
-    url: '/custom',
-
-    views: {
-      'content@': {
-        component: 'kubeCustomTemplatesView',
-      },
-    },
-  };
-
-  const customTemplatesNew = {
-    name: 'kubernetes.templates.custom.new',
-    url: '/new?fileContent',
-
-    views: {
-      'content@': {
-        component: 'kubeCreateCustomTemplateView',
-      },
-    },
-    params: {
-      fileContent: '',
-    },
-  };
-
-  const customTemplatesEdit = {
-    name: 'kubernetes.templates.custom.edit',
-    url: '/:id',
-
-    views: {
-      'content@': {
-        component: 'kubeEditCustomTemplateView',
-      },
-    },
-  };
-
-  $stateRegistryProvider.register(templates);
-  $stateRegistryProvider.register(customTemplates);
-  $stateRegistryProvider.register(customTemplatesNew);
-  $stateRegistryProvider.register(customTemplatesEdit);
-}

app/kubernetes/custom-templates/kube-create-custom-template-view/index.js

@@ -1,6 +0,0 @@
-import controller from './kube-create-custom-template-view.controller.js';
-
-export const kubeCreateCustomTemplateView = {
-  templateUrl: './kube-create-custom-template-view.html',
-  controller,
-};

app/kubernetes/custom-templates/kube-create-custom-template-view/kube-create-custom-template-view.controller.js

@@ -1,169 +0,0 @@
-import { buildOption } from '@/portainer/components/box-selector';
-import { AccessControlFormData } from '@/portainer/components/accessControlForm/porAccessControlFormModel';
-
-class KubeCreateCustomTemplateViewController {
-  /* @ngInject */
-  constructor($async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications, ResourceControlService) {
-    Object.assign(this, { $async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications, ResourceControlService });
-
-    this.methodOptions = [
-      buildOption('method_editor', 'fa fa-edit', 'Web editor', 'Use our Web editor', 'editor'),
-      buildOption('method_upload', 'fa fa-upload', 'Upload', 'Upload from your computer', 'upload'),
-    ];
-
-    this.templates = null;
-
-    this.state = {
-      method: 'editor',
-      actionInProgress: false,
-      formValidationError: '',
-      isEditorDirty: false,
-    };
-
-    this.formValues = {
-      FileContent: '',
-      File: null,
-      Title: '',
-      Description: '',
-      Note: '',
-      Logo: '',
-      AccessControlData: new AccessControlFormData(),
-    };
-
-    this.onChangeFile = this.onChangeFile.bind(this);
-    this.onChangeFileContent = this.onChangeFileContent.bind(this);
-    this.onChangeMethod = this.onChangeMethod.bind(this);
-    this.onBeforeOnload = this.onBeforeOnload.bind(this);
-  }
-
-  onChangeMethod(method) {
-    this.state.method = method;
-  }
-
-  onChangeFileContent(content) {
-    this.formValues.FileContent = content;
-    this.state.isEditorDirty = true;
-  }
-
-  onChangeFile(file) {
-    this.formValues.File = file;
-  }
-
-  async createCustomTemplate() {
-    return this.$async(async () => {
-      const { method } = this.state;
-
-      if (!this.validateForm(method)) {
-        return;
-      }
-
-      this.state.actionInProgress = true;
-      try {
-        const customTemplate = await this.createCustomTemplateByMethod(method, this.formValues);
-
-        const accessControlData = this.formValues.AccessControlData;
-        const userDetails = this.Authentication.getUserDetails();
-        const userId = userDetails.ID;
-        await this.ResourceControlService.applyResourceControl(userId, accessControlData, customTemplate.ResourceControl);
-
-        this.Notifications.success('Custom template successfully created');
-        this.state.isEditorDirty = false;
-        this.$state.go('kubernetes.templates.custom');
-      } catch (err) {
-        this.Notifications.error('Failure', err, 'Failed creating custom template');
-      } finally {
-        this.state.actionInProgress = false;
-      }
-    });
-  }
-
-  createCustomTemplateByMethod(method, template) {
-    template.Type = 3;
-
-    switch (method) {
-      case 'editor':
-        return this.createCustomTemplateFromFileContent(template);
-      case 'upload':
-        return this.createCustomTemplateFromFileUpload(template);
-    }
-  }
-
-  createCustomTemplateFromFileContent(template) {
-    return this.CustomTemplateService.createCustomTemplateFromFileContent(template);
-  }
-
-  createCustomTemplateFromFileUpload(template) {
-    return this.CustomTemplateService.createCustomTemplateFromFileUpload(template);
-  }
-
-  validateForm(method) {
-    this.state.formValidationError = '';
-
-    if (method === 'editor' && this.formValues.FileContent === '') {
-      this.state.formValidationError = 'Template file content must not be empty';
-      return false;
-    }
-
-    const title = this.formValues.Title;
-    const isNotUnique = this.templates.some((template) => template.Title === title);
-    if (isNotUnique) {
-      this.state.formValidationError = 'A template with the same name already exists';
-      return false;
-    }
-
-    const isAdmin = this.Authentication.isAdmin();
-    const accessControlData = this.formValues.AccessControlData;
-    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
-
-    if (error) {
-      this.state.formValidationError = error;
-      return false;
-    }
-
-    return true;
-  }
-
-  async $onInit() {
-    return this.$async(async () => {
-      const { fileContent, type } = this.$state.params;
-
-      this.formValues.FileContent = fileContent;
-      if (type) {
-        this.formValues.Type = +type;
-      }
-
-      try {
-        this.templates = await this.CustomTemplateService.customTemplates(3);
-      } catch (err) {
-        this.Notifications.error('Failure loading', err, 'Failed loading custom templates');
-      }
-
-      this.state.loading = false;
-
-      window.addEventListener('beforeunload', this.onBeforeOnload);
-    });
-  }
-
-  $onDestroy() {
-    window.removeEventListener('beforeunload', this.onBeforeOnload);
-  }
-
-  isEditorDirty() {
-    return this.state.method === 'editor' && this.formValues.FileContent && this.state.isEditorDirty;
-  }
-
-  onBeforeOnload(event) {
-    if (this.isEditorDirty()) {
-      event.preventDefault();
-      event.returnValue = '';
-    }
-  }
-
-  uiCanExit() {
-    if (this.isEditorDirty()) {
-      return this.ModalService.confirmWebEditorDiscard();
-    }
-  }
-}
-
-export default KubeCreateCustomTemplateViewController;

app/kubernetes/custom-templates/kube-create-custom-template-view/kube-create-custom-template-view.html

@@ -1,71 +0,0 @@
-<rd-header>
-  <rd-header-title title-text="Create Custom template"></rd-header-title>
-  <rd-header-content> <a ui-sref="kubernetes.templates.custom">Custom Templates</a> &gt; Create Custom template </rd-header-content>
-</rd-header>
-
-<div class="row">
-  <div class="col-sm-12">
-    <rd-widget>
-      <rd-widget-body>
-        <form class="form-horizontal" name="$ctrl.form">
-          <custom-template-common-fields form-values="$ctrl.formValues"></custom-template-common-fields>
-
-          <!-- build-method -->
-          <div class="col-sm-12 form-section-title">
-            Build method
-          </div>
-          <box-selector radio-name="method" ng-model="$ctrl.state.method" options="$ctrl.methodOptions" on-change="($ctrl.onChangeMethod)"></box-selector>
-
-          <web-editor-form
-            ng-if="$ctrl.state.method === 'editor'"
-            identifier="template-creation-editor"
-            value="$ctrl.formValues.FileContent"
-            on-change="($ctrl.onChangeFileContent)"
-            ng-required="true"
-            yml="true"
-            placeholder="# Define or paste the content of your manifest file here"
-          >
-            <editor-description>
-              <p>Templates allow deploying any kind of Kubernetes resource (Deployment, Secret, ConfigMap...)</p>
-              <p>
-                You can get more information about Kubernetes file format in the
-                <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/" target="_blank">official documentation</a>.
-              </p>
-            </editor-description>
-          </web-editor-form>
-
-          <file-upload-form ng-if="$ctrl.state.method === 'upload'" file="$ctrl.formValues.File" on-change="($ctrl.onChangeFile)" ng-required="true">
-            <file-upload-description>
-              You can upload a Manifest file from your computer.
-            </file-upload-description>
-          </file-upload-form>
-
-          <por-access-control-form form-data="$ctrl.formValues.AccessControlData"></por-access-control-form>
-
-          <!-- actions -->
-          <div class="col-sm-12 form-section-title">
-            Actions
-          </div>
-          <div class="form-group">
-            <div class="col-sm-12">
-              <button
-                type="button"
-                class="btn btn-primary btn-sm"
-                ng-disabled="$ctrl.state.actionInProgress || $ctrl.form.$invalid || ($ctrl.state.method === 'editor' && !$ctrl.formValues.FileContent)"
-                ng-click="$ctrl.createCustomTemplate()"
-                button-spinner="$ctrl.state.actionInProgress"
-              >
-                <span ng-hide="$ctrl.state.actionInProgress">Create custom template</span>
-                <span ng-show="$ctrl.state.actionInProgress">Creation in progress...</span>
-              </button>
-              <span class="text-danger" ng-if="$ctrl.state.formValidationError" style="margin-left: 5px;">
-                {{ $ctrl.state.formValidationError }}
-              </span>
-            </div>
-          </div>
-          <!-- !actions -->
-        </form>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>

app/kubernetes/custom-templates/kube-custom-templates-view/index.js

@@ -1,6 +0,0 @@
-import controller from './kube-custom-templates-view.controller.js';
-
-export const kubeCustomTemplatesView = {
-  templateUrl: './kube-custom-templates-view.html',
-  controller,
-};

app/kubernetes/custom-templates/kube-custom-templates-view/kube-custom-templates-view.controller.js

@@ -1,79 +0,0 @@
-import _ from 'lodash-es';
-
-export default class KubeCustomTemplatesViewController {
-  /* @ngInject */
-  constructor($async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications) {
-    Object.assign(this, { $async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications });
-
-    this.state = {
-      selectedTemplate: null,
-      formValidationError: '',
-      actionInProgress: false,
-    };
-
-    this.currentUser = {
-      isAdmin: false,
-      id: null,
-    };
-
-    this.isEditAllowed = this.isEditAllowed.bind(this);
-    this.getTemplates = this.getTemplates.bind(this);
-    this.validateForm = this.validateForm.bind(this);
-    this.confirmDelete = this.confirmDelete.bind(this);
-    this.selectTemplate = this.selectTemplate.bind(this);
-  }
-
-  selectTemplate(template) {
-    this.$state.go('kubernetes.deploy', { templateId: template.Id });
-  }
-
-  isEditAllowed(template) {
-    // todo - check if current user is admin/endpointadmin/owner
-    return this.currentUser.isAdmin || this.currentUser.id === template.CreatedByUserId;
-  }
-
-  getTemplates() {
-    return this.$async(async () => {
-      try {
-        this.templates = await this.CustomTemplateService.customTemplates(3);
-      } catch (err) {
-        this.Notifications.error('Failed loading templates', err, 'Unable to load custom templates');
-      }
-    });
-  }
-
-  validateForm(accessControlData, isAdmin) {
-    this.state.formValidationError = '';
-    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
-
-    if (error) {
-      this.state.formValidationError = error;
-      return false;
-    }
-    return true;
-  }
-
-  confirmDelete(templateId) {
-    return this.$async(async () => {
-      const confirmed = await this.ModalService.confirmDeletionAsync('Are you sure that you want to delete this template?');
-      if (!confirmed) {
-        return;
-      }
-
-      try {
-        await this.CustomTemplateService.remove(templateId);
-        _.remove(this.templates, { Id: templateId });
-      } catch (err) {
-        this.Notifications.error('Failure', err, 'Failed to delete template');
-      }
-    });
-  }
-
-  $onInit() {
-    this.getTemplates();
-
-    this.currentUser.isAdmin = this.Authentication.isAdmin();
-    const user = this.Authentication.getUserDetails();
-    this.currentUser.id = user.ID;
-  }
-}

app/kubernetes/custom-templates/kube-custom-templates-view/kube-custom-templates-view.html

@@ -1,25 +0,0 @@
-<rd-header id="view-top">
-  <rd-header-title title-text="Custom Templates">
-    <a data-toggle="tooltip" title="Refresh" ui-sref="kubernetes.templates.custom" ui-sref-opts="{reload: true}">
-      <i class="fa fa-sync" aria-hidden="true"></i>
-    </a>
-  </rd-header-title>
-  <rd-header-content>Custom Templates</rd-header-content>
-</rd-header>
-
-<div class="row">
-  <div class="col-sm-12">
-    <custom-templates-list
-      ng-if="$ctrl.templates"
-      title-text="Templates"
-      title-icon="fa-rocket"
-      templates="$ctrl.templates"
-      table-key="customTemplates"
-      is-edit-allowed="$ctrl.isEditAllowed"
-      on-select-click="($ctrl.selectTemplate)"
-      on-delete-click="($ctrl.confirmDelete)"
-      create-path="kubernetes.templates.custom.new"
-      edit-path="kubernetes.templates.custom.edit"
-    ></custom-templates-list>
-  </div>
-</div>

app/kubernetes/custom-templates/kube-edit-custom-template-view/index.js

@@ -1,6 +0,0 @@
-import controller from './kube-edit-custom-template-view.controller.js';
-
-export const kubeEditCustomTemplateView = {
-  templateUrl: './kube-edit-custom-template-view.html',
-  controller,
-};

app/kubernetes/custom-templates/kube-edit-custom-template-view/kube-edit-custom-template-view.controller.js

@@ -1,143 +0,0 @@
-import { AccessControlFormData } from '@/portainer/components/accessControlForm/porAccessControlFormModel';
-import { ResourceControlViewModel } from '@/portainer/models/resourceControl/resourceControl';
-
-class KubeEditCustomTemplateViewController {
-  /* @ngInject */
-  constructor($async, $state, ModalService, Authentication, CustomTemplateService, FormValidator, Notifications, ResourceControlService) {
-    Object.assign(this, { $async, $state, ModalService, Authentication, CustomTemplateService, FormValidator, Notifications, ResourceControlService });
-
-    this.formValues = null;
-    this.state = {
-      formValidationError: '',
-      isEditorDirty: false,
-    };
-    this.templates = [];
-
-    this.getTemplate = this.getTemplate.bind(this);
-    this.submitAction = this.submitAction.bind(this);
-    this.onChangeFileContent = this.onChangeFileContent.bind(this);
-    this.onBeforeUnload = this.onBeforeUnload.bind(this);
-  }
-
-  getTemplate() {
-    return this.$async(async () => {
-      try {
-        const { id } = this.$state.params;
-
-        const [template, file] = await Promise.all([this.CustomTemplateService.customTemplate(id), this.CustomTemplateService.customTemplateFile(id)]);
-        template.FileContent = file;
-        this.formValues = template;
-        this.oldFileContent = this.formValues.FileContent;
-
-        this.formValues.ResourceControl = new ResourceControlViewModel(template.ResourceControl);
-        this.formValues.AccessControlData = new AccessControlFormData();
-      } catch (err) {
-        this.Notifications.error('Failure', err, 'Unable to retrieve custom template data');
-      }
-    });
-  }
-
-  validateForm() {
-    this.state.formValidationError = '';
-
-    if (!this.formValues.FileContent) {
-      this.state.formValidationError = 'Template file content must not be empty';
-      return false;
-    }
-
-    const title = this.formValues.Title;
-    const id = this.$state.params.id;
-
-    const isNotUnique = this.templates.some((template) => template.Title === title && template.Id != id);
-    if (isNotUnique) {
-      this.state.formValidationError = `A template with the name ${title} already exists`;
-      return false;
-    }
-
-    const isAdmin = this.Authentication.isAdmin();
-    const accessControlData = this.formValues.AccessControlData;
-    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
-
-    if (error) {
-      this.state.formValidationError = error;
-      return false;
-    }
-
-    return true;
-  }
-
-  submitAction() {
-    return this.$async(async () => {
-      if (!this.validateForm()) {
-        return;
-      }
-
-      this.actionInProgress = true;
-      try {
-        await this.CustomTemplateService.updateCustomTemplate(this.formValues.Id, this.formValues);
-
-        const userDetails = this.Authentication.getUserDetails();
-        const userId = userDetails.ID;
-        await this.ResourceControlService.applyResourceControl(userId, this.formValues.AccessControlData, this.formValues.ResourceControl);
-
-        this.Notifications.success('Custom template successfully updated');
-        this.state.isEditorDirty = false;
-        this.$state.go('kubernetes.templates.custom');
-      } catch (err) {
-        this.Notifications.error('Failure', err, 'Unable to update custom template');
-      } finally {
-        this.actionInProgress = false;
-      }
-    });
-  }
-
-  onChangeFileContent(value) {
-    if (stripSpaces(this.formValues.FileContent) !== stripSpaces(value)) {
-      this.formValues.FileContent = value;
-      this.state.isEditorDirty = true;
-    }
-  }
-
-  async $onInit() {
-    this.$async(async () => {
-      this.getTemplate();
-
-      try {
-        this.templates = await this.CustomTemplateService.customTemplates();
-      } catch (err) {
-        this.Notifications.error('Failure loading', err, 'Failed loading custom templates');
-      }
-
-      window.addEventListener('beforeunload', this.onBeforeUnload);
-    });
-  }
-
-  isEditorDirty() {
-    return this.formValues.FileContent !== this.oldFileContent && this.state.isEditorDirty;
-  }
-
-  uiCanExit() {
-    if (this.isEditorDirty()) {
-      return this.ModalService.confirmWebEditorDiscard();
-    }
-  }
-
-  onBeforeUnload(event) {
-    if (this.formValues.FileContent !== this.oldFileContent && this.state.isEditorDirty) {
-      event.preventDefault();
-      event.returnValue = '';
-
-      return '';
-    }
-  }
-
-  $onDestroy() {
-    window.removeEventListener('beforeunload', this.onBeforeUnload);
-  }
-}
-
-export default KubeEditCustomTemplateViewController;
-
-function stripSpaces(str = '') {
-  return str.replace(/(\r\n|\n|\r)/gm, '');
-}

app/kubernetes/custom-templates/kube-edit-custom-template-view/kube-edit-custom-template-view.html

@@ -1,60 +0,0 @@
-<rd-header>
-  <rd-header-title title-text="Edit Custom Template">
-    <a data-toggle="tooltip" title="Refresh" ui-sref="kubernetes.templates.custom.edit({id:$ctrl.formValues.Id})" ui-sref-opts="{reload: true}">
-      <i class="fa fa-sync" aria-hidden="true"></i>
-    </a>
-  </rd-header-title>
-  <rd-header-content> <a ui-sref="kubernetes.templates.custom">Custom templates</a> &gt; {{ $ctrl.formValues.Title }} </rd-header-content>
-</rd-header>
-
-<div class="row" ng-if="$ctrl.formValues">
-  <div class="col-sm-12">
-    <rd-widget>
-      <rd-widget-body>
-        <form class="form-horizontal" name="$ctrl.form">
-          <custom-template-common-fields form-values="$ctrl.formValues"></custom-template-common-fields>
-
-          <web-editor-form
-            identifier="template-editor"
-            value="$ctrl.formValues.FileContent"
-            on-change="($ctrl.onChangeFileContent)"
-            ng-required="true"
-            yml="true"
-            placeholder="# Define or paste the content of your manifest file here"
-          >
-            <editor-description>
-              <p>Templates allow deploying any kind of Kubernetes resource (Deployment, Secret, ConfigMap...)</p>
-              <p>
-                You can get more information about Kubernetes file format in the
-                <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/" target="_blank">official documentation</a>.
-              </p>
-            </editor-description>
-          </web-editor-form>
-
-          <por-access-control-form form-data="$ctrl.formValues.AccessControlData" resource-control="$ctrl.formValues.ResourceControl"></por-access-control-form>
-
-          <div class="col-sm-12 form-section-title">
-            Actions
-          </div>
-          <div class="form-group">
-            <div class="col-sm-12">
-              <button
-                type="button"
-                class="btn btn-primary btn-sm"
-                ng-disabled="$ctrl.actionInProgress || $ctrl.form.$invalid || !$ctrl.formValues.Title || !$ctrl.formValues.FileContent"
-                ng-click="$ctrl.submitAction()"
-                button-spinner="$ctrl.actionInProgress"
-              >
-                <span ng-hide="$ctrl.actionInProgress">Update the template</span>
-                <span ng-show="$ctrl.actionInProgress">Update in progress...</span>
-              </button>
-              <span class="text-danger" ng-if="$ctrl.state.formValidationError" style="margin-left: 5px;">
-                {{ $ctrl.state.formValidationError }}
-              </span>
-            </div>
-          </div>
-        </form>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>

app/kubernetes/filters/applicationFilters.js

@@ -59,6 +59,8 @@ angular
           return KubernetesApplicationTypeStrings.STATEFULSET;
         case KubernetesApplicationTypes.POD:
           return KubernetesApplicationTypeStrings.POD;
+        case KubernetesApplicationTypes.HELM:
+          return KubernetesApplicationTypeStrings.HELM;
         default:
           return '-';
       }

app/kubernetes/helm/rest.js

@@ -0,0 +1,40 @@
+import angular from 'angular';
+
+angular.module('portainer.kubernetes').factory('HelmFactory', HelmFactory);
+
+function HelmFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
+  const helmUrl = API_ENDPOINT_ENDPOINTS + '/:endpointId/kubernetes/helm';
+  const templatesUrl = '/api/templates/helm';
+
+  return $resource(
+    helmUrl,
+    {
+      endpointId: EndpointProvider.endpointID,
+    },
+    {
+      templates: {
+        url: templatesUrl,
+        method: 'GET',
+        params: { repo: '@repo' },
+        cache: true,
+      },
+      show: {
+        url: `${templatesUrl}/:type`,
+        method: 'GET',
+        params: { repo: '@repo', chart: '@chart' },
+        transformResponse: function (data) {
+          return { values: data };
+        },
+      },
+      list: {
+        method: 'GET',
+        isArray: true,
+      },
+      install: { method: 'POST' },
+      uninstall: {
+        url: `${helmUrl}/:release`,
+        method: 'DELETE',
+      },
+    }
+  );
+}

app/kubernetes/helm/service.js

@@ -0,0 +1,86 @@
+import angular from 'angular';
+import PortainerError from 'Portainer/error';
+
+angular.module('portainer.kubernetes').factory('HelmService', HelmService);
+
+/* @ngInject */
+export function HelmService(HelmFactory, EndpointProvider) {
+  return {
+    search,
+    values,
+    install,
+    uninstall,
+    listReleases,
+  };
+
+  /**
+   * @description: Searches for all helm charts in a helm repo
+   * @returns {Promise} - Resolves with `index.yaml` of helm charts for a repo
+   * @throws {PortainerError} - Rejects with error if searching for the `index.yaml` fails
+   */
+  async function search(repo) {
+    try {
+      return await HelmFactory.templates({ repo }).$promise;
+    } catch (err) {
+      throw new PortainerError('Unable to retrieve helm charts', err);
+    }
+  }
+
+  /**
+   * @description: Show values helm of a helm chart, this basically runs `helm show values`
+   * @returns {Promise} - Resolves with `values.yaml` of helm chart values for a repo
+   * @throws {PortainerError} - Rejects with error if helm show fails
+   */
+  async function values(repo, chart) {
+    try {
+      return await HelmFactory.show({ repo, chart, type: 'values' }).$promise;
+    } catch (err) {
+      throw new PortainerError('Unable to retrieve values from chart', err);
+    }
+  }
+
+  /**
+   * @description: Installs a helm chart, this basically runs `helm install`
+   * @returns {Promise} - Resolves with `values.yaml` of helm chart values for a repo
+   * @throws {PortainerError} - Rejects with error if helm show fails
+   */
+  async function install(appname, repo, chart, values, namespace) {
+    const endpointId = EndpointProvider.currentEndpoint().Id;
+    const payload = {
+      Name: appname,
+      Repo: repo,
+      Chart: chart,
+      Values: values,
+      Namespace: namespace,
+    };
+    return await HelmFactory.install({ endpointId }, payload).$promise;
+  }
+
+  /**
+   * @description: Uninstall a helm chart, this basically runs `helm uninstall`
+   * @param {object} options - Options object, release `Name` is the only required option
+   * @throws {PortainerError} - Rejects with error if helm show fails
+   */
+  async function uninstall({ Name }) {
+    try {
+      await HelmFactory.uninstall({ release: Name }).$promise;
+    } catch (err) {
+      throw new PortainerError('Unable to delete release', err);
+    }
+  }
+
+  /**
+   * @description: List all helm releases based on passed in options, this basically runs `helm list`
+   * @param {object} options - Supported CLI flags to pass to Helm (binary) - flags to `helm list`
+   * @returns {Promise} - Resolves with list of helm releases
+   * @throws {PortainerError} - Rejects with error if helm list fails
+   */
+  async function listReleases({ namespace, selector, filter, output }) {
+    try {
+      const releases = await HelmFactory.list({ selector, namespace, filter, output }).$promise;
+      return releases;
+    } catch (err) {
+      throw new PortainerError('Unable to retrieve release list', err);
+    }
+  }
+}

app/kubernetes/helpers/application/index.js

@@ -23,7 +23,7 @@ import {
   KubernetesApplicationVolumeSecretPayload,
 } from 'Kubernetes/models/application/payloads';
 import KubernetesVolumeHelper from 'Kubernetes/helpers/volumeHelper';
-import { KubernetesApplicationDeploymentTypes, KubernetesApplicationPlacementTypes } from 'Kubernetes/models/application/models';
+import { KubernetesApplicationDeploymentTypes, KubernetesApplicationPlacementTypes, KubernetesApplicationTypes, HelmApplication } from 'Kubernetes/models/application/models';
 import { KubernetesPodAffinity, KubernetesPodNodeAffinityNodeSelectorRequirementOperators } from 'Kubernetes/pod/models';
 import {
   KubernetesNodeSelectorRequirementPayload,
@@ -32,6 +32,9 @@ import {
   KubernetesPreferredSchedulingTermPayload,
 } from 'Kubernetes/pod/payloads/affinities';
 
+export const PodKubernetesInstanceLabel = 'app.kubernetes.io/instance';
+export const PodManagedByLabel = 'app.kubernetes.io/managed-by';
+
 class KubernetesApplicationHelper {
   /* #region  UTILITY FUNCTIONS */
   static isExternalApplication(application) {
@@ -436,5 +439,48 @@ class KubernetesApplicationHelper {
     }
   }
   /* #endregion */
+
+  /**
+   * Get Helm managed applications
+   * @param {KubernetesApplication[]} applications Application list
+   * @returns {Object} { [releaseName]: [app1, app2, ...], [releaseName2]: [app3, app4, ...] }
+   */
+  static getHelmApplications(applications) {
+    // filter out all the applications that are managed by helm
+    // to identify the helm managed applications, we need to check if the applications pod labels include
+    // `app.kubernetes.io/instance` and `app.kubernetes.io/managed-by` = `helm`
+    const helmManagedApps = applications.filter((app) =>
+      app.Pods.flatMap((pod) => pod.Labels).some((label) => label && label[PodKubernetesInstanceLabel] && label[PodManagedByLabel] === 'Helm')
+    );
+
+    // groups the helm managed applications by helm release name
+    // the release name is retrieved from the `app.kubernetes.io/instance` label on the pods within the apps
+    // object structure `{ [releaseName]: [app1, app2, ...], [releaseName2]: [app3, app4, ...] }`
+    const groupedHelmApps = helmManagedApps.reduce((acc, curr) => {
+      curr.Pods.flatMap((p) => p.Labels)
+        .map((label) => label[PodKubernetesInstanceLabel])
+        .forEach((instanceStr) => (acc[instanceStr] = [...(acc[instanceStr] || []), curr]));
+      return acc;
+    }, {});
+
+    const helmAppsList = Object.entries(groupedHelmApps).map(([helmInstance, applications]) => {
+      const helmApp = new HelmApplication();
+      helmApp.Name = helmInstance;
+      helmApp.ApplicationType = KubernetesApplicationTypes.HELM;
+      helmApp.KubernetesApplications = applications;
+
+      const applicationPodStatuses = applications.flatMap((app) => app.Pods).map((pod) => pod.Status);
+      const isNotReady = applicationPodStatuses.some((status) => status !== 'Running');
+
+      helmApp.Status = isNotReady ? 'Not ready' : 'Ready';
+
+      // use earliest date
+      helmApp.CreationDate = applications.map((app) => app.CreationDate).sort((a, b) => new Date(a) - new Date(b))[0];
+
+      return helmApp;
+    });
+
+    return helmAppsList;
+  }
 }
 export default KubernetesApplicationHelper;

app/kubernetes/helpers/configurationHelper.js

@@ -38,6 +38,20 @@ class KubernetesConfigurationHelper {
     });
   }
 
+  static getApplicationConfigurations(applications, configurations) {
+    const configurationsUsed = configurations.filter((config) => KubernetesConfigurationHelper.getUsingApplications(config, applications).length !== 0);
+    // set the configurations used for each application in the list
+    const configuredApps = applications.map((app) => {
+      const configMappedByName = configurationsUsed.filter((config) => app.ApplicationName === config.Name);
+      const configMappedByVolume = configurationsUsed
+        .filter((config) => app.ConfigurationVolumes.some((cv) => cv.configurationName === config.Name))
+        .filter((config) => !configMappedByName.some((c) => c.Name === config.Name)); // filter out duplicates that are mapped by name
+      app.Configurations = [...configMappedByName, ...configMappedByVolume];
+      return app;
+    });
+    return configuredApps;
+  }
+
   static parseYaml(formValues) {
     YAML.defaultOptions.customTags = ['binary'];
     const data = _.map(YAML.parse(formValues.DataYaml), (value, key) => {

app/kubernetes/helpers/stackHelper.js

@@ -6,7 +6,7 @@ class KubernetesStackHelper {
     const res = _.reduce(
       applications,
       (acc, app) => {
-        if (app.StackName) {
+        if (app.StackName !== '-') {
           let stack = _.find(acc, { Name: app.StackName, ResourcePool: app.ResourcePool });
           if (!stack) {
             stack = new KubernetesStack();