feat(app/k8s): update ingress scheme from v1beta1 to v1 (#5466 )

fix(ingress): EE-1049 Ingress config is lost when deleting an application deployed with ingress (#5264 )
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-08-31 12:34:00 +12:00 · 2021-08-31 12:29:56 +12:00 · 2021-08-31 12:29:52 +12:00
966 changed files with 10793 additions and 39601 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -0,0 +1,13 @@
+{
+  "plugins": ["lodash", "angularjs-annotate"],
+  "presets": [
+    [
+      "@babel/preset-env",
+      {
+        "modules": false,
+        "useBuiltIns": "entry",
+        "corejs": "2"
+      }
+    ]
+  ]
+}
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -17,75 +17,12 @@ plugins:
 parserOptions:
  ecmaVersion: 2018
  sourceType: module
-  project: './tsconfig.json'
  ecmaFeatures:
    modules: true

 rules:
-  no-control-regex: 'off'
+  no-control-regex: off
  no-empty: warn
  no-empty-function: warn
-  no-useless-escape: 'off'
-  import/order:
-    [
-      'error',
-      {
-        pathGroups: [{ pattern: '@/**', group: 'internal' }, { pattern: '{Kubernetes,Portainer,Agent,Azure,Docker}/**', group: 'internal' }],
-        groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
-        pathGroupsExcludedImportTypes: ['internal'],
-      },
-    ]
-
-settings:
-  'import/resolver':
-    alias:
-      map:
-        - ['@', './app']
-      extensions: ['.js', '.ts', '.tsx']
-
-overrides:
-  - files:
-      - app/**/*.ts{,x}
-    parserOptions:
-      project: './tsconfig.json'
-    parser: '@typescript-eslint/parser'
-    plugins:
-      - '@typescript-eslint'
-    extends:
-      - airbnb
-      - airbnb-typescript
-      - 'plugin:eslint-comments/recommended'
-      - 'plugin:react-hooks/recommended'
-      - 'plugin:react/jsx-runtime'
-      - 'plugin:@typescript-eslint/recommended'
-      - 'plugin:@typescript-eslint/eslint-recommended'
-      - 'plugin:promise/recommended'
-      - prettier # should be last
-    settings:
-      react:
-        version: 'detect'
-    rules:
-      import/order:
-        ['error', { pathGroups: [{ pattern: '@/**', group: 'internal' }], groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'], 'newlines-between': 'always' }]
-      func-style: [error, 'declaration']
-      import/prefer-default-export: off
-      no-use-before-define: ['error', { functions: false }]
-      '@typescript-eslint/no-use-before-define': ['error', { functions: false }]
-      no-shadow: 'off'
-      '@typescript-eslint/no-shadow': off
-      jsx-a11y/no-autofocus: warn
-      react/forbid-prop-types: off
-      react/require-default-props: off
-      react/no-array-index-key: off
-      react/jsx-filename-extension: [0]
-      import/no-extraneous-dependencies: ['error', { devDependencies: true }]
-      '@typescript-eslint/explicit-module-boundary-types': off
-      '@typescript-eslint/no-unused-vars': 'error'
-      '@typescript-eslint/no-explicit-any': 'error'
-  - files:
-      - app/**/*.test.*
-    extends:
-      - 'plugin:jest/recommended'
-      - 'plugin:jest/style'
-    env:
-      'jest/globals': true
+  no-useless-escape: off
+  import/order: error
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -28,15 +28,17 @@ Briefly describe the problem you are having in a few paragraphs.

 **Steps to reproduce the issue:**

-1. 2. 3.
+1.
+2.
+3.

 Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?

 **Technical details:**

- Portainer version:
- Target Docker version (the host/cluster you manage):
- Platform (windows/linux):
- Command used to start Portainer (`docker run -p 9443:9443 portainer/portainer`):
- Target Swarm version (if applicable):
- Browser:
+* Portainer version:
+* Target Docker version (the host/cluster you manage):
+* Platform (windows/linux):
+* Command used to start Portainer (`docker run -p 9000:9000 portainer/portainer`):
+* Target Swarm version (if applicable):
+* Browser:
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -4,6 +4,7 @@ about: Create a bug report
 title: ''
 labels: bug/need-confirmation, kind/bug
 assignees: ''
+
 ---

 <!--
@@ -30,7 +31,7 @@ A clear and concise description of what you expected to happen.

 **Portainer Logs**
 Provide the logs of your Portainer container or Service.
-You can see how [here](https://documentation.portainer.io/r/portainer-logs)
+You can see how [here](https://documentation.portainer.io/archive/1.23.2/faq/#how-do-i-get-the-logs-from-portainer)

 **Steps to reproduce the issue:**

@@ -45,7 +46,7 @@ You can see how [here](https://documentation.portainer.io/r/portainer-logs)
 - Docker version (managed by Portainer):
 - Kubernetes version (managed by Portainer):
 - Platform (windows/linux):
- Command used to start Portainer (`docker run -p 9443:9443 portainer/portainer`):
+- Command used to start Portainer (`docker run -p 9000:9000 portainer/portainer`):
 - Browser:
 - Use Case (delete as appropriate): Using Portainer at Home, Using Portainer in a Commerical setup.
 - Have you reviewed our technical documentation and knowledge base? Yes/No
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,5 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Portainer Business Edition - Get 5 nodes free
-    url: https://portainer.io/pricing/take5 
-    about: Portainer Business Edition has more features, more support and you can now get 5 nodes free for as long as you want.
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -0,0 +1,54 @@
+# Config for Stalebot, limited to only `issues`
+only: issues
+
+# Issues config
+issues:
+  daysUntilStale: 60
+  daysUntilClose: 7
+
+  # Limit the number of actions per hour, from 1-30. Default is 30
+  limitPerRun: 30
+
+  # Issues with these labels will never be considered stale
+  exemptLabels:
+    - kind/enhancement
+    - kind/question
+    - kind/style
+    - kind/workaround
+    - kind/refactor
+    - bug/need-confirmation
+    - bug/confirmed
+    - status/discuss
+
+  # Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled)
+  onlyLabels: []
+
+  # Set to true to ignore issues in a project (defaults to false)
+  exemptProjects: true
+  # Set to true to ignore issues in a milestone (defaults to false)
+  exemptMilestones: true
+  # Set to true to ignore issues with an assignee (defaults to false)
+  exemptAssignees: true
+
+  # Label to use when marking an issue as stale
+  staleLabel: status/stale
+
+  # Comment to post when marking an issue as stale. Set to `false` to disable
+  markComment: >
+    This issue has been marked as stale as it has not had recent activity,
+    it will be closed if no further activity occurs in the next 7 days.
+    If you believe that it has been incorrectly labelled as stale,
+    leave a comment and the label will be removed.
+
+  # Comment to post when removing the stale label.
+  # unmarkComment: >
+  #   Your comment here.
+
+  # Comment to post when closing a stale issue. Set to `false` to disable
+  closeComment: >
+    Since no further activity has appeared on this issue it will be closed.
+    If you believe that it has been incorrectly closed, leave a comment
+    mentioning `ametdoohan`, `balasu` or `keverv` and one of our staff will then review the issue.
+
+    Note - If it is an old bug report, make sure that it is reproduceable in the
+    latest version of Portainer as it may have already been fixed.
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,27 +0,0 @@
-name: Close Stale Issues
-on:
-  schedule:
-  - cron: '0 12 * * *'
-jobs:
-  stale:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-
-    steps:
-    - uses: actions/stale@v4.0.0
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-        # Issue Config
-        days-before-issue-stale: 60
-        days-before-issue-close: 7
-        stale-issue-label: 'status/stale'
-        exempt-all-issue-milestones: true # Do not stale issues in a milestone
-        exempt-issue-labels: kind/enhancement, kind/style, kind/workaround, kind/refactor, bug/need-confirmation, bug/confirmed, status/discuss
-        stale-issue-message: 'This issue has been marked as stale as it has not had recent activity, it will be closed if no further activity occurs in the next 7 days. If you believe that it has been incorrectly labelled as stale, leave a comment and the label will be removed.'
-        close-issue-message: 'Since no further activity has appeared on this issue it will be closed. If you believe that it has been incorrectly closed, leave a comment mentioning `portainer/support` and one of our staff will then review the issue. Note - If it is an old bug report, make sure that it is reproduceable in the latest version of Portainer as it may have already been fixed.'
-        
-        # Pull Request Config
-        days-before-pr-stale: -1 # Do not stale pull request
-        days-before-pr-close: -1 # Do not close pull request
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@ bower_components
 dist
 portainer-checksum.txt
 api/cmd/portainer/portainer*
-storybook-static
 .tmp
 **/.vscode/settings.json
 **/.vscode/tasks.json
--- a/.prettierignore
+++ b/.prettierignore
@@ -1 +0,0 @@
-dist
--- a/.prettierrc
+++ b/.prettierrc
@@ -4,20 +4,10 @@
  "htmlWhitespaceSensitivity": "strict",
  "overrides": [
    {
-      "files": [
-        "*.html"
-      ],
+      "files": ["*.html"],
      "options": {
        "parser": "angular"
      }
-    },
-    {
-      "files": [
-        "*.{j,t}sx"
-      ],
-      "options": {
-        "printWidth": 80,
-      }
    }
  ]
-}
+}
--- a/.storybook/main.js
+++ b/.storybook/main.js
@@ -1,31 +0,0 @@
-const TsconfigPathsPlugin = require('tsconfig-paths-webpack-plugin');
-
-module.exports = {
-  stories: ['../app/**/*.stories.mdx', '../app/**/*.stories.@(ts|tsx)'],
-  addons: [
-    '@storybook/addon-links',
-    '@storybook/addon-essentials',
-    {
-      name: '@storybook/addon-postcss',
-      options: {
-        cssLoaderOptions: {
-          importLoaders: 1,
-          modules: {
-            localIdentName: '[path][name]__[local]',
-            auto: true,
-            exportLocalsConvention: 'camelCaseOnly',
-          },
-        },
-      },
-    },
-  ],
-  webpackFinal: (config) => {
-    config.resolve.plugins = [
-      ...(config.resolve.plugins || []),
-      new TsconfigPathsPlugin({
-        extensions: config.resolve.extensions,
-      }),
-    ];
-    return config;
-  },
-};
--- a/.storybook/preview.js
+++ b/.storybook/preview.js
@@ -1,11 +0,0 @@
-import '../app/assets/css';
-
-export const parameters = {
-  actions: { argTypesRegex: '^on[A-Z].*' },
-  controls: {
-    matchers: {
-      color: /(background|color)$/i,
-      date: /Date$/,
-    },
-  },
-};
--- a/.vscode.example/portainer.code-snippets
+++ b/.vscode.example/portainer.code-snippets
@@ -163,19 +163,5 @@
      "// @failure 500 \"Server error\"",
      "// @router /{id} [get]"
    ]
-  },
-  "analytics": {
-    "prefix": "nlt",
-    "body": ["analytics-on", "analytics-category=\"$1\"", "analytics-event=\"$2\""],
-    "description": "analytics"
-  },
-  "analytics-if": {
-    "prefix": "nltf",
-    "body": ["analytics-if=\"$1\""],
-    "description": "analytics"
-  },
-  "analytics-metadata": {
-    "prefix": "nltm",
-    "body": "analytics-properties=\"{ metadata: { $1 } }\""
  }
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -75,7 +75,7 @@ The feature request process is similar to the bug report process but has an extr

 ![portainer_featurerequest_workflow](https://user-images.githubusercontent.com/5485061/45727229-5ad39f00-bbf5-11e8-9550-16ba66c50615.png)

-## Build and run Portainer locally
+## Build Portainer locally

 Ensure you have Docker, Node.js, yarn, and Golang installed in the correct versions.

@@ -85,26 +85,16 @@ Install dependencies with yarn:
 $ yarn
 ```

-Then build and run the project in a Docker container:
+Then build and run the project:

 ```sh
 $ yarn start
 ```

-Portainer can now be accessed at <https://localhost:9443>.
+Portainer can now be accessed at <http://localhost:9000>.

 Find more detailed steps at <https://documentation.portainer.io/contributing/instructions/>.

-### Build customisation
-
-By default, `yarn start` will use `/tmp/portainer/` for the data store, so it won't persist over reboots.
-
-You can customise the following settings:
-
- `PORTAINER_DATA`: The host dir or volume name used by portainer (default `/tmp/portainer`)
- `PORTAINER_PROJECT`: The root dir of the repository - `${portainerRoot}/dist/` is imported into the container to get the build artifacts and external tools (defaults to `your current dir`)
- `PORTAINER_FLAGS`: a list of flags to be used on the portainer commandline, in the form `--admin-password=<pwd hash> --feat fdo=false --feat open-amt` (default: `""`)
-
 ## Adding api docs

 When adding a new resource (or a route handler), we should add a new tag to api/http/handler/handler.go#L136 like this:
--- a/README.md
+++ b/README.md
@@ -2,15 +2,13 @@
  <img title="portainer" src='https://github.com/portainer/portainer/blob/develop/app/assets/images/portainer-github-banner.png?raw=true' />
 </p>

-**Portainer Community Edition** is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. It is designed to be as simple to deploy as it is to use. The application allows you to manage all your orchestrator resources (containers, images, volumes, networks and more) through a ‘smart’ GUI and/or an extensive API.
+**Portainer CE** is a lightweight ‘universal’ management GUI that can be used to **easily** manage Docker, Swarm, Kubernetes and ACI environments. It is designed to be as **simple** to deploy as it is to use.

 Portainer consists of a single container that can run on any cluster. It can be deployed as a Linux container or a Windows native container.

-**Portainer Business Edition** builds on the open-source base and includes a range of advanced features and functions (like RBAC and Support) that are specific to the needs of business users.
+**Portainer** allows you to manage all your orchestrator resources (containers, images, volumes, networks and more) through a super-simple graphical interface.

- [Compare Portainer CE and Compare Portainer BE](https://portainer.io/products)
- [Take5 – get 5 free nodes of Portainer Business for as long as you want them](https://portainer.io/pricing/take5)
- [Portainer BE install guide](https://install.portainer.io)
+A fully supported version of Portainer is available for business use. Visit http://www.portainer.io to learn more

 ## Demo

@@ -22,11 +20,12 @@ Please note that the public demo cluster is **reset every 15min**.

 Portainer CE is updated regularly. We aim to do an update release every couple of months.

-**The latest version of Portainer is 2.9.x**. Portainer is on version 2, the second number denotes the month of release.
+**The latest version of Portainer is 2.6.x** And you can find the release notes [here.](https://www.portainer.io/blog/new-portainer-ce-2.6.0-release)
+Portainer is on version 2, the second number denotes the month of release.

 ## Getting started

- [Deploy Portainer](https://docs.portainer.io/v/ce-2.9/start/install)
+- [Deploy Portainer](https://documentation.portainer.io/quickstart/)
 - [Documentation](https://documentation.portainer.io)
 - [Contribute to the project](https://documentation.portainer.io/contributing/instructions/)

@@ -42,25 +41,25 @@ View [this](https://www.portainer.io/products) table to see all of the Portainer

 Portainer CE is an open source project and is supported by the community. You can buy a supported version of Portainer at portainer.io

-Learn more about Portainers community support channels [here.](https://www.portainer.io/community_help)
+Learn more about Portainers community support channels [here.](https://www.portainer.io/help_about)

 - Issues: https://github.com/portainer/portainer/issues
- Slack (chat): [https://portainer.slack.com/](https://join.slack.com/t/portainer/shared_invite/zt-txh3ljab-52QHTyjCqbe5RibC2lcjKA)
+- Slack (chat): https://portainer.io/slack/

 You can join the Portainer Community by visiting community.portainer.io. This will give you advance notice of events, content and other related Portainer content.

 ## Reporting bugs and contributing

 - Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new).
- Want to help us build **_portainer_**? Follow our [contribution guidelines](https://documentation.portainer.io/contributing/instructions/) to build it locally and make a pull request.
+- Want to help us build **_portainer_**? Follow our [contribution guidelines](https://documentation.portainer.io/contributing/instructions/) to build it locally and make a pull request. We need all the help we can get!

 ## Security

 - Here at Portainer, we believe in [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) of security issues. If you have found a security issue, please report it to <security@portainer.io>.

-## Work for us
+## WORK FOR US

-If you are a developer, and our code in this repo makes sense to you, we would love to hear from you. We are always on the hunt for awesome devs, either freelance or employed. Drop us a line to info@portainer.io with your details and/or visit our [careers page](https://portainer.io/careers).
+If you are a developer, and our code in this repo makes sense to you, we would love to hear from you. We are always on the hunt for awesome devs, either freelance or employed. Drop us a line to info@portainer.io with your details and we will be in touch. 

 ## Privacy

--- a/api/api-description.md
+++ b/api/api-description.md
@@ -1,10 +1,10 @@
 Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API.
-Examples are available at https://documentation.portainer.io/api/api-examples/
+Examples are available at https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8
 You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/).

 # Authentication

-Most of the API environments(endpoints) require to be authenticated as well as some level of authorization to be used.
+Most of the API endpoints require to be authenticated as well as some level of authorization to be used.
 Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the **Authorization** header of each request
 with the **Bearer** authentication mechanism.

@@ -16,7 +16,7 @@ Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIs

 # Security

-Each API environment(endpoint) has an associated access policy, it is documented in the description of each environment(endpoint).
+Each API endpoint has an associated access policy, it is documented in the description of each endpoint.

 Different access policies are available:

@@ -27,27 +27,27 @@ Different access policies are available:

 ### Public access

-No authentication is required to access the environments(endpoints) with this access policy.
+No authentication is required to access the endpoints with this access policy.

 ### Authenticated access

-Authentication is required to access the environments(endpoints) with this access policy.
+Authentication is required to access the endpoints with this access policy.

 ### Restricted access

-Authentication is required to access the environments(endpoints) with this access policy.
+Authentication is required to access the endpoints with this access policy.
 Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered.

 ### Administrator access

-Authentication as well as an administrator role are required to access the environments(endpoints) with this access policy.
+Authentication as well as an administrator role are required to access the endpoints with this access policy.

 # Execute Docker requests

-Portainer **DO NOT** expose specific environments(endpoints) to manage your Docker resources (create a container, remove a volume, etc...).
+Portainer **DO NOT** expose specific endpoints to manage your Docker resources (create a container, remove a volume, etc...).

 Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests **via** the Portainer HTTP API.

-To do so, you can use the `/endpoints/{id}/docker` Portainer API environment(endpoint) (which is not documented below due to Swagger limitations). This environment(endpoint) has a restricted access policy so you still need to be authenticated to be able to query this environment(endpoint). Any query on this environment(endpoint) will be proxied to the Docker API of the associated environment(endpoint) (requests and responses objects are the same as documented in the Docker API).
+To do so, you can use the `/endpoints/{id}/docker` Portainer API endpoint (which is not documented below due to Swagger limitations). This endpoint has a restricted access policy so you still need to be authenticated to be able to query this endpoint. Any query on this endpoint will be proxied to the Docker API of the associated endpoint (requests and responses objects are the same as documented in the Docker API).

-**NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://documentation.portainer.io/api/api-examples/).
+**NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).
--- a/api/backup/backup.go
+++ b/api/backup/backup.go
@@ -16,18 +16,7 @@ import (

 const rwxr__r__ os.FileMode = 0744

-var filesToBackup = []string{
-	"certs",
-	"compose",
-	"config.json",
-	"custom_templates",
-	"edge_jobs",
-	"edge_stacks",
-	"extensions",
-	"portainer.key",
-	"portainer.pub",
-	"tls",
-}
+var filesToBackup = []string{"compose", "config.json", "custom_templates", "edge_jobs", "edge_stacks", "extensions", "portainer.key", "portainer.pub", "tls"}

 // Creates a tar.gz system archive and encrypts it if password is not empty. Returns a path to the archive file.
 func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datastore portainer.DataStore, filestorePath string) (string, error) {
--- a/api/bolt/backup.go
+++ b/api/bolt/backup.go
@@ -1,142 +0,0 @@
-package bolt
-
-import (
-	"fmt"
-	"os"
-	"path"
-	"time"
-
-	plog "github.com/portainer/portainer/api/bolt/log"
-)
-
-var backupDefaults = struct {
-	backupDir        string
-	commonDir        string
-	databaseFileName string
-}{
-	"backups",
-	"common",
-	databaseFileName,
-}
-
-var backupLog = plog.NewScopedLog("bolt, backup")
-
-//
-// Backup Helpers
-//
-
-// createBackupFolders create initial folders for backups
-func (store *Store) createBackupFolders() {
-	// create common dir
-	commonDir := store.commonBackupDir()
-	if exists, _ := store.fileService.FileExists(commonDir); !exists {
-		if err := os.MkdirAll(commonDir, 0700); err != nil {
-			backupLog.Error("Error while creating common backup folder", err)
-		}
-	}
-}
-
-func (store *Store) databasePath() string {
-	return path.Join(store.path, databaseFileName)
-}
-
-func (store *Store) commonBackupDir() string {
-	return path.Join(store.path, backupDefaults.backupDir, backupDefaults.commonDir)
-}
-
-func (store *Store) copyDBFile(from string, to string) error {
-	backupLog.Info(fmt.Sprintf("Copying db file from %s to %s", from, to))
-	err := store.fileService.Copy(from, to, true)
-	if err != nil {
-		backupLog.Error("Failed", err)
-	}
-	return err
-}
-
-// BackupOptions provide a helper to inject backup options
-type BackupOptions struct {
-	Version        int
-	BackupDir      string
-	BackupFileName string
-	BackupPath     string
-}
-
-func (store *Store) setupOptions(options *BackupOptions) *BackupOptions {
-	if options == nil {
-		options = &BackupOptions{}
-	}
-	if options.Version == 0 {
-		options.Version, _ = store.version()
-	}
-	if options.BackupDir == "" {
-		options.BackupDir = store.commonBackupDir()
-	}
-	if options.BackupFileName == "" {
-		options.BackupFileName = fmt.Sprintf("%s.%s.%s", backupDefaults.databaseFileName, fmt.Sprintf("%03d", options.Version), time.Now().Format("20060102150405"))
-	}
-	if options.BackupPath == "" {
-		options.BackupPath = path.Join(options.BackupDir, options.BackupFileName)
-	}
-	return options
-}
-
-// BackupWithOptions backup current database with options
-func (store *Store) BackupWithOptions(options *BackupOptions) (string, error) {
-	backupLog.Info("creating db backup")
-	store.createBackupFolders()
-
-	options = store.setupOptions(options)
-
-	return options.BackupPath, store.copyDBFile(store.databasePath(), options.BackupPath)
-}
-
-// RestoreWithOptions previously saved backup for the current Edition  with options
-// Restore strategies:
-// - default: restore latest from current edition
-// - restore a specific
-func (store *Store) RestoreWithOptions(options *BackupOptions) error {
-	options = store.setupOptions(options)
-
-	// Check if backup file exist before restoring
-	_, err := os.Stat(options.BackupPath)
-	if os.IsNotExist(err) {
-		backupLog.Error(fmt.Sprintf("Backup file to restore does not exist %s", options.BackupPath), err)
-		return err
-	}
-
-	err = store.Close()
-	if err != nil {
-		backupLog.Error("Error while closing store before restore", err)
-		return err
-	}
-
-	backupLog.Info("Restoring db backup")
-	err = store.copyDBFile(options.BackupPath, store.databasePath())
-	if err != nil {
-		return err
-	}
-
-	return store.Open()
-}
-
-// RemoveWithOptions removes backup database based on supplied options
-func (store *Store) RemoveWithOptions(options *BackupOptions) error {
-	backupLog.Info("Removing db backup")
-
-	options = store.setupOptions(options)
-	_, err := os.Stat(options.BackupPath)
-
-	if os.IsNotExist(err) {
-		backupLog.Error(fmt.Sprintf("Backup file to remove does not exist %s", options.BackupPath), err)
-		return err
-	}
-
-	backupLog.Info(fmt.Sprintf("Removing db file at %s", options.BackupPath))
-	err = os.Remove(options.BackupPath)
-	if err != nil {
-		backupLog.Error("Failed", err)
-		return err
-	}
-
-	return nil
-}
--- a/api/bolt/backup_test.go
+++ b/api/bolt/backup_test.go
@@ -1,116 +0,0 @@
-package bolt
-
-import (
-	"fmt"
-	"os"
-	"path"
-	"path/filepath"
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-// isFileExist is helper function to check for file existence
-func isFileExist(path string) bool {
-	matches, err := filepath.Glob(path)
-	if err != nil {
-		return false
-	}
-	return len(matches) > 0
-}
-
-func TestCreateBackupFolders(t *testing.T) {
-	store, teardown := MustNewTestStore(false)
-	defer teardown()
-
-	backupPath := path.Join(store.path, backupDefaults.backupDir)
-
-	if isFileExist(backupPath) {
-		t.Error("Expect backups folder to not exist")
-	}
-
-	store.createBackupFolders()
-	if !isFileExist(backupPath) {
-		t.Error("Expect backups folder to exist")
-	}
-}
-
-func TestStoreCreation(t *testing.T) {
-	store, teardown := MustNewTestStore(true)
-	defer teardown()
-
-	if store == nil {
-		t.Error("Expect to create a store")
-	}
-
-	if store.edition() != portainer.PortainerCE {
-		t.Error("Expect to get CE Edition")
-	}
-}
-
-func TestBackup(t *testing.T) {
-	store, teardown := MustNewTestStore(true)
-	defer teardown()
-
-	t.Run("Backup should create default db backup", func(t *testing.T) {
-		store.VersionService.StoreDBVersion(portainer.DBVersion)
-		store.BackupWithOptions(nil)
-
-		backupFileName := path.Join(store.path, "backups", "common", fmt.Sprintf("portainer.db.%03d.*", portainer.DBVersion))
-		if !isFileExist(backupFileName) {
-			t.Errorf("Expect backup file to be created %s", backupFileName)
-		}
-	})
-
-	t.Run("BackupWithOption should create a name specific backup at common path", func(t *testing.T) {
-		store.BackupWithOptions(&BackupOptions{
-			BackupFileName: beforePortainerVersionUpgradeBackup,
-			BackupDir:      store.commonBackupDir(),
-		})
-		backupFileName := path.Join(store.path, "backups", "common", beforePortainerVersionUpgradeBackup)
-		if !isFileExist(backupFileName) {
-			t.Errorf("Expect backup file to be created %s", backupFileName)
-		}
-	})
-}
-
-func TestRemoveWithOptions(t *testing.T) {
-	store, teardown := MustNewTestStore(true)
-	defer teardown()
-
-	t.Run("successfully removes file if existent", func(t *testing.T) {
-		store.createBackupFolders()
-		options := &BackupOptions{
-			BackupDir:      store.commonBackupDir(),
-			BackupFileName: "test.txt",
-		}
-
-		filePath := path.Join(options.BackupDir, options.BackupFileName)
-		f, err := os.Create(filePath)
-		if err != nil {
-			t.Fatalf("file should be created; err=%s", err)
-		}
-		f.Close()
-
-		err = store.RemoveWithOptions(options)
-		if err != nil {
-			t.Errorf("RemoveWithOptions should successfully remove file; err=%w", err)
-		}
-
-		if isFileExist(f.Name()) {
-			t.Errorf("RemoveWithOptions should successfully remove file; file=%s", f.Name())
-		}
-	})
-
-	t.Run("fails to removes file if non-existent", func(t *testing.T) {
-		options := &BackupOptions{
-			BackupDir:      store.commonBackupDir(),
-			BackupFileName: "test.txt",
-		}
-
-		err := store.RemoveWithOptions(options)
-		if err == nil {
-			t.Error("RemoveWithOptions should fail for non-existent file")
-		}
-	})
-}
--- a/api/bolt/bolttest/datastore.go
+++ b/api/bolt/bolttest/datastore.go
@@ -1,4 +1,4 @@
-package bolt
+package bolttest

 import (
 	"io/ioutil"
@@ -6,12 +6,13 @@ import (
 	"os"

 	"github.com/pkg/errors"
+	"github.com/portainer/portainer/api/bolt"
 	"github.com/portainer/portainer/api/filesystem"
 )

 var errTempDir = errors.New("can't create a temp dir")

-func MustNewTestStore(init bool) (*Store, func()) {
+func MustNewTestStore(init bool) (*bolt.Store, func()) {
 	store, teardown, err := NewTestStore(init)
 	if err != nil {
 		if !errors.Is(err, errTempDir) {
@@ -23,7 +24,7 @@ func MustNewTestStore(init bool) (*Store, func()) {
 	return store, teardown
 }

-func NewTestStore(init bool) (*Store, func(), error) {
+func NewTestStore(init bool) (*bolt.Store, func(), error) {
 	// Creates unique temp directory in a concurrency friendly manner.
 	dataStorePath, err := ioutil.TempDir("", "boltdb")
 	if err != nil {
@@ -35,7 +36,11 @@ func NewTestStore(init bool) (*Store, func(), error) {
 		return nil, nil, err
 	}

-	store := NewStore(dataStorePath, fileService)
+	store, err := bolt.NewStore(dataStorePath, fileService)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	err = store.Open()
 	if err != nil {
 		return nil, nil, err
@@ -55,7 +60,7 @@ func NewTestStore(init bool) (*Store, func(), error) {
 	return store, teardown, nil
 }

-func teardown(store *Store, dataStorePath string) {
+func teardown(store *bolt.Store, dataStorePath string) {
 	err := store.Close()
 	if err != nil {
 		log.Fatalln(err)
--- a/api/bolt/datastore.go
+++ b/api/bolt/datastore.go
@@ -2,11 +2,10 @@ package bolt

 import (
 	"io"
+	"log"
 	"path"
 	"time"

-	"github.com/portainer/portainer/api/bolt/helmuserrepository"
-
 	"github.com/boltdb/bolt"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/customtemplate"
@@ -20,6 +19,7 @@ import (
 	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/extension"
 	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer/api/bolt/migrator"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
 	"github.com/portainer/portainer/api/bolt/role"
@@ -34,6 +34,7 @@ import (
 	"github.com/portainer/portainer/api/bolt/user"
 	"github.com/portainer/portainer/api/bolt/version"
 	"github.com/portainer/portainer/api/bolt/webhook"
+	"github.com/portainer/portainer/api/internal/authorization"
 )

 const (
@@ -43,42 +44,33 @@ const (
 // Store defines the implementation of portainer.DataStore using
 // BoltDB as the storage system.
 type Store struct {
-	path                      string
-	connection                *internal.DbConnection
-	isNew                     bool
-	fileService               portainer.FileService
-	CustomTemplateService     *customtemplate.Service
-	DockerHubService          *dockerhub.Service
-	EdgeGroupService          *edgegroup.Service
-	EdgeJobService            *edgejob.Service
-	EdgeStackService          *edgestack.Service
-	EndpointGroupService      *endpointgroup.Service
-	EndpointService           *endpoint.Service
-	EndpointRelationService   *endpointrelation.Service
-	ExtensionService          *extension.Service
-	HelmUserRepositoryService *helmuserrepository.Service
-	RegistryService           *registry.Service
-	ResourceControlService    *resourcecontrol.Service
-	RoleService               *role.Service
-	ScheduleService           *schedule.Service
-	SettingsService           *settings.Service
-	SSLSettingsService        *ssl.Service
-	StackService              *stack.Service
-	TagService                *tag.Service
-	TeamMembershipService     *teammembership.Service
-	TeamService               *team.Service
-	TunnelServerService       *tunnelserver.Service
-	UserService               *user.Service
-	VersionService            *version.Service
-	WebhookService            *webhook.Service
-}
-
-func (store *Store) version() (int, error) {
-	version, err := store.VersionService.DBVersion()
-	if err == errors.ErrObjectNotFound {
-		version = 0
-	}
-	return version, err
+	path                    string
+	connection              *internal.DbConnection
+	isNew                   bool
+	fileService             portainer.FileService
+	CustomTemplateService   *customtemplate.Service
+	DockerHubService        *dockerhub.Service
+	EdgeGroupService        *edgegroup.Service
+	EdgeJobService          *edgejob.Service
+	EdgeStackService        *edgestack.Service
+	EndpointGroupService    *endpointgroup.Service
+	EndpointService         *endpoint.Service
+	EndpointRelationService *endpointrelation.Service
+	ExtensionService        *extension.Service
+	RegistryService         *registry.Service
+	ResourceControlService  *resourcecontrol.Service
+	RoleService             *role.Service
+	ScheduleService         *schedule.Service
+	SettingsService         *settings.Service
+	SSLSettingsService      *ssl.Service
+	StackService            *stack.Service
+	TagService              *tag.Service
+	TeamMembershipService   *teammembership.Service
+	TeamService             *team.Service
+	TunnelServerService     *tunnelserver.Service
+	UserService             *user.Service
+	VersionService          *version.Service
+	WebhookService          *webhook.Service
 }

 func (store *Store) edition() portainer.SoftwareEdition {
@@ -90,13 +82,25 @@ func (store *Store) edition() portainer.SoftwareEdition {
 }

 // NewStore initializes a new Store and the associated services
-func NewStore(storePath string, fileService portainer.FileService) *Store {
-	return &Store{
+func NewStore(storePath string, fileService portainer.FileService) (*Store, error) {
+	store := &Store{
 		path:        storePath,
 		fileService: fileService,
 		isNew:       true,
 		connection:  &internal.DbConnection{},
 	}
+
+	databasePath := path.Join(storePath, databaseFileName)
+	databaseFileExists, err := fileService.FileExists(databasePath)
+	if err != nil {
+		return nil, err
+	}
+
+	if databaseFileExists {
+		store.isNew = false
+	}
+
+	return store, nil
 }

 // Open opens and initializes the BoltDB database.
@@ -108,17 +112,7 @@ func (store *Store) Open() error {
 	}
 	store.connection.DB = db

-	err = store.initServices()
-	if err != nil {
-		return err
-	}
-
-	// if we have DBVersion in the database then ensure we flag this as NOT a new store
-	if _, err := store.VersionService.DBVersion(); err == nil {
-		store.isNew = false
-	}
-
-	return nil
+	return store.initServices()
 }

 // Close closes the BoltDB database.
@@ -136,6 +130,64 @@ func (store *Store) IsNew() bool {
 	return store.isNew
 }

+// CheckCurrentEdition checks if current edition is community edition
+func (store *Store) CheckCurrentEdition() error {
+	if store.edition() != portainer.PortainerCE {
+		return errors.ErrWrongDBEdition
+	}
+	return nil
+}
+
+// MigrateData automatically migrate the data based on the DBVersion.
+// This process is only triggered on an existing database, not if the database was just created.
+// if force is true, then migrate regardless.
+func (store *Store) MigrateData(force bool) error {
+	if store.isNew && !force {
+		return store.VersionService.StoreDBVersion(portainer.DBVersion)
+	}
+
+	version, err := store.VersionService.DBVersion()
+	if err == errors.ErrObjectNotFound {
+		version = 0
+	} else if err != nil {
+		return err
+	}
+
+	if version < portainer.DBVersion {
+		migratorParams := &migrator.Parameters{
+			DB:                      store.connection.DB,
+			DatabaseVersion:         version,
+			EndpointGroupService:    store.EndpointGroupService,
+			EndpointService:         store.EndpointService,
+			EndpointRelationService: store.EndpointRelationService,
+			ExtensionService:        store.ExtensionService,
+			RegistryService:         store.RegistryService,
+			ResourceControlService:  store.ResourceControlService,
+			RoleService:             store.RoleService,
+			ScheduleService:         store.ScheduleService,
+			SettingsService:         store.SettingsService,
+			StackService:            store.StackService,
+			TagService:              store.TagService,
+			TeamMembershipService:   store.TeamMembershipService,
+			UserService:             store.UserService,
+			VersionService:          store.VersionService,
+			FileService:             store.fileService,
+			DockerhubService:        store.DockerHubService,
+			AuthorizationService:    authorization.NewService(store),
+		}
+		migrator := migrator.NewMigrator(migratorParams)
+
+		log.Printf("Migrating database from version %v to %v.\n", version, portainer.DBVersion)
+		err = migrator.Migrate()
+		if err != nil {
+			log.Printf("An error occurred during database migration: %s\n", err)
+			return err
+		}
+	}
+
+	return nil
+}
+
 // BackupTo backs up db to a provided writer.
 // It does hot backup and doesn't block other database reads and writes
 func (store *Store) BackupTo(w io.Writer) error {
@@ -144,11 +196,3 @@ func (store *Store) BackupTo(w io.Writer) error {
 		return err
 	})
 }
-
-// CheckCurrentEdition checks if current edition is community edition
-func (store *Store) CheckCurrentEdition() error {
-	if store.edition() != portainer.PortainerCE {
-		return errors.ErrWrongDBEdition
-	}
-	return nil
-}
--- a/api/bolt/edgejob/edgejob.go
+++ b/api/bolt/edgejob/edgejob.go
@@ -95,7 +95,7 @@ func (service *Service) DeleteEdgeJob(ID portainer.EdgeJobID) error {
 	return internal.DeleteObject(service.connection, BucketName, identifier)
 }

-// GetNextIdentifier returns the next identifier for an environment(endpoint).
+// GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
 	return internal.GetNextIdentifier(service.connection, BucketName)
 }
--- a/api/bolt/edgestack/edgestack.go
+++ b/api/bolt/edgestack/edgestack.go
@@ -95,7 +95,7 @@ func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 	return internal.DeleteObject(service.connection, BucketName, identifier)
 }

-// GetNextIdentifier returns the next identifier for an environment(endpoint).
+// GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
 	return internal.GetNextIdentifier(service.connection, BucketName)
 }
--- a/api/bolt/endpoint/endpoint.go
+++ b/api/bolt/endpoint/endpoint.go
@@ -11,7 +11,7 @@ const (
 	BucketName = "endpoints"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
@@ -28,7 +28,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 	}, nil
 }

-// Endpoint returns an environment(endpoint) by ID.
+// Endpoint returns an endpoint by ID.
 func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint, error) {
 	var endpoint portainer.Endpoint
 	identifier := internal.Itob(int(ID))
@@ -41,19 +41,19 @@ func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint,
 	return &endpoint, nil
 }

-// UpdateEndpoint updates an environment(endpoint).
+// UpdateEndpoint updates an endpoint.
 func (service *Service) UpdateEndpoint(ID portainer.EndpointID, endpoint *portainer.Endpoint) error {
 	identifier := internal.Itob(int(ID))
 	return internal.UpdateObject(service.connection, BucketName, identifier, endpoint)
 }

-// DeleteEndpoint deletes an environment(endpoint).
+// DeleteEndpoint deletes an endpoint.
 func (service *Service) DeleteEndpoint(ID portainer.EndpointID) error {
 	identifier := internal.Itob(int(ID))
 	return internal.DeleteObject(service.connection, BucketName, identifier)
 }

-// Endpoints return an array containing all the environments(endpoints).
+// Endpoints return an array containing all the endpoints.
 func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 	var endpoints = make([]portainer.Endpoint, 0)

@@ -76,12 +76,12 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 	return endpoints, err
 }

-// CreateEndpoint assign an ID to a new environment(endpoint) and saves it.
+// CreateEndpoint assign an ID to a new endpoint and saves it.
 func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {
 	return service.connection.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

-		// We manually manage sequences for environments(endpoints)
+		// We manually manage sequences for endpoints
 		err := bucket.SetSequence(uint64(endpoint.ID))
 		if err != nil {
 			return err
@@ -96,12 +96,12 @@ func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {
 	})
 }

-// GetNextIdentifier returns the next identifier for an environment(endpoint).
+// GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
 	return internal.GetNextIdentifier(service.connection, BucketName)
 }

-// Synchronize creates, updates and deletes environments(endpoints) inside a single transaction.
+// Synchronize creates, updates and deletes endpoints inside a single transaction.
 func (service *Service) Synchronize(toCreate, toUpdate, toDelete []*portainer.Endpoint) error {
 	return service.connection.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
--- a/api/bolt/endpointgroup/endpointgroup.go
+++ b/api/bolt/endpointgroup/endpointgroup.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "endpoint_groups"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
@@ -29,7 +29,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 	}, nil
 }

-// EndpointGroup returns an environment(endpoint) group by ID.
+// EndpointGroup returns an endpoint group by ID.
 func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.EndpointGroup, error) {
 	var endpointGroup portainer.EndpointGroup
 	identifier := internal.Itob(int(ID))
@@ -42,19 +42,19 @@ func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.
 	return &endpointGroup, nil
 }

-// UpdateEndpointGroup updates an environment(endpoint) group.
+// UpdateEndpointGroup updates an endpoint group.
 func (service *Service) UpdateEndpointGroup(ID portainer.EndpointGroupID, endpointGroup *portainer.EndpointGroup) error {
 	identifier := internal.Itob(int(ID))
 	return internal.UpdateObject(service.connection, BucketName, identifier, endpointGroup)
 }

-// DeleteEndpointGroup deletes an environment(endpoint) group.
+// DeleteEndpointGroup deletes an endpoint group.
 func (service *Service) DeleteEndpointGroup(ID portainer.EndpointGroupID) error {
 	identifier := internal.Itob(int(ID))
 	return internal.DeleteObject(service.connection, BucketName, identifier)
 }

-// EndpointGroups return an array containing all the environment(endpoint) groups.
+// EndpointGroups return an array containing all the endpoint groups.
 func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 	var endpointGroups = make([]portainer.EndpointGroup, 0)

@@ -77,7 +77,7 @@ func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 	return endpointGroups, err
 }

-// CreateEndpointGroup assign an ID to a new environment(endpoint) group and saves it.
+// CreateEndpointGroup assign an ID to a new endpoint group and saves it.
 func (service *Service) CreateEndpointGroup(endpointGroup *portainer.EndpointGroup) error {
 	return service.connection.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
--- a/api/bolt/endpointrelation/endpointrelation.go
+++ b/api/bolt/endpointrelation/endpointrelation.go
@@ -11,7 +11,7 @@ const (
 	BucketName = "endpoint_relations"
 )

-// Service represents a service for managing environment(endpoint) relation data.
+// Service represents a service for managing endpoint relation data.
 type Service struct {
 	connection *internal.DbConnection
 }
@@ -28,7 +28,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 	}, nil
 }

-// EndpointRelation returns a Environment(Endpoint) relation object by EndpointID
+// EndpointRelation returns a Endpoint relation object by EndpointID
 func (service *Service) EndpointRelation(endpointID portainer.EndpointID) (*portainer.EndpointRelation, error) {
 	var endpointRelation portainer.EndpointRelation
 	identifier := internal.Itob(int(endpointID))
@@ -55,13 +55,13 @@ func (service *Service) CreateEndpointRelation(endpointRelation *portainer.Endpo
 	})
 }

-// UpdateEndpointRelation updates an Environment(Endpoint) relation object
+// UpdateEndpointRelation updates an Endpoint relation object
 func (service *Service) UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error {
 	identifier := internal.Itob(int(EndpointID))
 	return internal.UpdateObject(service.connection, BucketName, identifier, endpointRelation)
 }

-// DeleteEndpointRelation deletes an Environment(Endpoint) relation object
+// DeleteEndpointRelation deletes an Endpoint relation object
 func (service *Service) DeleteEndpointRelation(EndpointID portainer.EndpointID) error {
 	identifier := internal.Itob(int(EndpointID))
 	return internal.DeleteObject(service.connection, BucketName, identifier)
--- a/api/bolt/extension/extension.go
+++ b/api/bolt/extension/extension.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "extension"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/helmuserrepository/helmuserrepository.go
+++ b/api/bolt/helmuserrepository/helmuserrepository.go
@@ -1,73 +0,0 @@
-package helmuserrepository
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-
-	"github.com/boltdb/bolt"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "helm_user_repository"
-)
-
-// Service represents a service for managing environment(endpoint) data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// HelmUserRepositoryByUserID return an array containing all the HelmUserRepository objects where the specified userID is present.
-func (service *Service) HelmUserRepositoryByUserID(userID portainer.UserID) ([]portainer.HelmUserRepository, error) {
-	var result = make([]portainer.HelmUserRepository, 0)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var record portainer.HelmUserRepository
-			err := internal.UnmarshalObject(v, &record)
-			if err != nil {
-				return err
-			}
-
-			if record.UserID == userID {
-				result = append(result, record)
-			}
-		}
-
-		return nil
-	})
-
-	return result, err
-}
-
-// CreateHelmUserRepository creates a new HelmUserRepository object.
-func (service *Service) CreateHelmUserRepository(record *portainer.HelmUserRepository) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		id, _ := bucket.NextSequence()
-		record.ID = portainer.HelmUserRepositoryID(id)
-
-		data, err := internal.MarshalObject(record)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(record.ID)), data)
-	})
-}
--- a/api/bolt/init.go
+++ b/api/bolt/init.go
@@ -44,10 +44,7 @@ func (store *Store) Init() error {

 			EdgeAgentCheckinInterval: portainer.DefaultEdgeAgentCheckinIntervalInSeconds,
 			TemplatesURL:             portainer.DefaultTemplatesURL,
-			HelmRepositoryURL:        portainer.DefaultHelmRepositoryURL,
 			UserSessionTimeout:       portainer.DefaultUserSessionTimeout,
-			KubeconfigExpiry:         portainer.DefaultKubeconfigExpiry,
-			KubectlShellImage:        portainer.DefaultKubectlShellImage,
 		}

 		err = store.SettingsService.UpdateSettings(defaultSettings)
@@ -82,7 +79,7 @@ func (store *Store) Init() error {
 	if len(groups) == 0 {
 		unassignedGroup := &portainer.EndpointGroup{
 			Name:               "Unassigned",
-			Description:        "Unassigned environments",
+			Description:        "Unassigned endpoints",
 			Labels:             []portainer.Pair{},
 			UserAccessPolicies: portainer.UserAccessPolicies{},
 			TeamAccessPolicies: portainer.TeamAccessPolicies{},
--- a/api/bolt/internal/json.go
+++ b/api/bolt/internal/json.go
@@ -17,7 +17,7 @@ func UnmarshalObject(data []byte, object interface{}) error {
 }

 // UnmarshalObjectWithJsoniter decodes an object from binary data
-// using the jsoniter library. It is mainly used to accelerate environment(endpoint)
+// using the jsoniter library. It is mainly used to accelerate endpoint
 // decoding at the moment.
 func UnmarshalObjectWithJsoniter(data []byte, object interface{}) error {
 	var jsoni = jsoniter.ConfigCompatibleWithStandardLibrary
--- a/api/bolt/migrate_data.go
+++ b/api/bolt/migrate_data.go
@@ -1,149 +0,0 @@
-package bolt
-
-import (
-	"fmt"
-
-	"github.com/portainer/portainer/api/cli"
-
-	werrors "github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
-	plog "github.com/portainer/portainer/api/bolt/log"
-	"github.com/portainer/portainer/api/bolt/migrator"
-	"github.com/portainer/portainer/api/internal/authorization"
-)
-
-const beforePortainerVersionUpgradeBackup = "portainer.db.bak"
-
-var migrateLog = plog.NewScopedLog("bolt, migrate")
-
-// FailSafeMigrate backup and restore DB if migration fail
-func (store *Store) FailSafeMigrate(migrator *migrator.Migrator) (err error) {
-	defer func() {
-		if e := recover(); e != nil {
-			store.Rollback(true)
-			err = fmt.Errorf("%v", e)
-		}
-	}()
-
-	// !Important: we must use a named return value in the function definition and not a local
-	// !variable referenced from the closure or else the return value will be incorrectly set
-	return migrator.Migrate()
-}
-
-// MigrateData automatically migrate the data based on the DBVersion.
-// This process is only triggered on an existing database, not if the database was just created.
-// if force is true, then migrate regardless.
-func (store *Store) MigrateData(force bool) error {
-	if store.isNew && !force {
-		return store.VersionService.StoreDBVersion(portainer.DBVersion)
-	}
-
-	migrator, err := store.newMigrator()
-	if err != nil {
-		return err
-	}
-
-	// backup db file before upgrading DB to support rollback
-	isUpdating, err := store.VersionService.IsUpdating()
-	if err != nil && err != errors.ErrObjectNotFound {
-		return err
-	}
-
-	if !isUpdating && migrator.Version() != portainer.DBVersion {
-		err = store.backupVersion(migrator)
-		if err != nil {
-			return werrors.Wrapf(err, "failed to backup database")
-		}
-	}
-
-	if migrator.Version() < portainer.DBVersion {
-		migrateLog.Info(fmt.Sprintf("Migrating database from version %v to %v.\n", migrator.Version(), portainer.DBVersion))
-		err = store.FailSafeMigrate(migrator)
-		if err != nil {
-			migrateLog.Error("An error occurred during database migration", err)
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (store *Store) newMigrator() (*migrator.Migrator, error) {
-	version, err := store.version()
-	if err != nil {
-		return nil, err
-	}
-
-	migratorParams := &migrator.Parameters{
-		DB:                      store.connection.DB,
-		DatabaseVersion:         version,
-		EndpointGroupService:    store.EndpointGroupService,
-		EndpointService:         store.EndpointService,
-		EndpointRelationService: store.EndpointRelationService,
-		ExtensionService:        store.ExtensionService,
-		RegistryService:         store.RegistryService,
-		ResourceControlService:  store.ResourceControlService,
-		RoleService:             store.RoleService,
-		ScheduleService:         store.ScheduleService,
-		SettingsService:         store.SettingsService,
-		StackService:            store.StackService,
-		TagService:              store.TagService,
-		TeamMembershipService:   store.TeamMembershipService,
-		UserService:             store.UserService,
-		VersionService:          store.VersionService,
-		FileService:             store.fileService,
-		DockerhubService:        store.DockerHubService,
-		AuthorizationService:    authorization.NewService(store),
-	}
-	return migrator.NewMigrator(migratorParams), nil
-}
-
-// getBackupRestoreOptions returns options to store db at common backup dir location; used by:
-// - db backup prior to version upgrade
-// - db rollback
-func getBackupRestoreOptions(store *Store) *BackupOptions {
-	return &BackupOptions{
-		BackupDir:      store.commonBackupDir(),
-		BackupFileName: beforePortainerVersionUpgradeBackup,
-	}
-}
-
-// backupVersion will backup the database or panic if any errors occur
-func (store *Store) backupVersion(migrator *migrator.Migrator) error {
-	migrateLog.Info("Backing up database prior to version upgrade...")
-
-	options := getBackupRestoreOptions(store)
-
-	_, err := store.BackupWithOptions(options)
-	if err != nil {
-		migrateLog.Error("An error occurred during database backup", err)
-		removalErr := store.RemoveWithOptions(options)
-		if removalErr != nil {
-			migrateLog.Error("An error occurred during store removal prior to backup", err)
-		}
-		return err
-	}
-
-	return nil
-}
-
-// Rollback to a pre-upgrade backup copy/snapshot of portainer.db
-func (store *Store) Rollback(force bool) error {
-
-	if !force {
-		confirmed, err := cli.Confirm("Are you sure you want to rollback your database to the previous backup?")
-		if err != nil || !confirmed {
-			return err
-		}
-	}
-
-	options := getBackupRestoreOptions(store)
-
-	err := store.RestoreWithOptions(options)
-	if err != nil {
-		return err
-	}
-
-	return store.Close()
-}
--- a/api/bolt/migrate_data_test.go
+++ b/api/bolt/migrate_data_test.go
@@ -1,172 +0,0 @@
-package bolt
-
-import (
-	"fmt"
-	"log"
-	"strings"
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-// testVersion is a helper which tests current store version against wanted version
-func testVersion(store *Store, versionWant int, t *testing.T) {
-	if v, _ := store.version(); v != versionWant {
-		t.Errorf("Expect store version to be %d but was %d", versionWant, v)
-	}
-}
-
-func TestMigrateData(t *testing.T) {
-	t.Run("MigrateData for New Store & Re-Open Check", func(t *testing.T) {
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-
-		if !store.IsNew() {
-			t.Error("Expect a new DB")
-		}
-
-		store.MigrateData(false)
-
-		testVersion(store, portainer.DBVersion, t)
-		store.Close()
-
-		store.Open()
-		if store.IsNew() {
-			t.Error("Expect store to NOT be new DB")
-		}
-	})
-
-	tests := []struct {
-		version         int
-		expectedVersion int
-	}{
-		{version: 2, expectedVersion: portainer.DBVersion},
-		{version: 21, expectedVersion: portainer.DBVersion},
-	}
-	for _, tc := range tests {
-		store, teardown := MustNewTestStore(true)
-		defer teardown()
-
-		// Setup data
-		store.VersionService.StoreDBVersion(tc.version)
-
-		// Required roles by migrations 22.2
-		store.RoleService.CreateRole(&portainer.Role{ID: 1})
-		store.RoleService.CreateRole(&portainer.Role{ID: 2})
-		store.RoleService.CreateRole(&portainer.Role{ID: 3})
-		store.RoleService.CreateRole(&portainer.Role{ID: 4})
-
-		t.Run(fmt.Sprintf("MigrateData for version %d", tc.version), func(t *testing.T) {
-			store.MigrateData(true)
-			testVersion(store, tc.expectedVersion, t)
-		})
-
-		t.Run(fmt.Sprintf("Restoring DB after migrateData for version %d", tc.version), func(t *testing.T) {
-			store.Rollback(true)
-			store.Open()
-			testVersion(store, tc.version, t)
-		})
-	}
-
-	t.Run("Error in MigrateData should restore backup before MigrateData", func(t *testing.T) {
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-
-		version := 2
-		store.VersionService.StoreDBVersion(version)
-
-		store.MigrateData(true)
-
-		testVersion(store, version, t)
-	})
-
-	t.Run("MigrateData should create backup file upon update", func(t *testing.T) {
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-		store.VersionService.StoreDBVersion(0)
-
-		store.MigrateData(true)
-
-		options := store.setupOptions(getBackupRestoreOptions(store))
-
-		if !isFileExist(options.BackupPath) {
-			t.Errorf("Backup file should exist; file=%s", options.BackupPath)
-		}
-	})
-
-	t.Run("MigrateData should fail to create backup if database file is set to updating", func(t *testing.T) {
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-
-		store.VersionService.StoreIsUpdating(true)
-
-		store.MigrateData(true)
-
-		options := store.setupOptions(getBackupRestoreOptions(store))
-
-		if isFileExist(options.BackupPath) {
-			t.Errorf("Backup file should not exist for dirty database; file=%s", options.BackupPath)
-		}
-	})
-
-	t.Run("MigrateData should not create backup on startup if portainer version matches db", func(t *testing.T) {
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-
-		store.MigrateData(true)
-
-		options := store.setupOptions(getBackupRestoreOptions(store))
-
-		if isFileExist(options.BackupPath) {
-			t.Errorf("Backup file should not exist for dirty database; file=%s", options.BackupPath)
-		}
-	})
-
-}
-
-func Test_getBackupRestoreOptions(t *testing.T) {
-	store, teardown := MustNewTestStore(false)
-	defer teardown()
-
-	options := getBackupRestoreOptions(store)
-
-	wantDir := store.commonBackupDir()
-	if !strings.HasSuffix(options.BackupDir, wantDir) {
-		log.Fatalf("incorrect backup dir; got=%s, want=%s", options.BackupDir, wantDir)
-	}
-
-	wantFilename := "portainer.db.bak"
-	if options.BackupFileName != wantFilename {
-		log.Fatalf("incorrect backup file; got=%s, want=%s", options.BackupFileName, wantFilename)
-	}
-}
-
-func TestRollback(t *testing.T) {
-	t.Run("Rollback should restore upgrade after backup", func(t *testing.T) {
-		version := 21
-		store, teardown := MustNewTestStore(false)
-		defer teardown()
-		store.VersionService.StoreDBVersion(version)
-
-		_, err := store.BackupWithOptions(getBackupRestoreOptions(store))
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		// Change the current edition
-		err = store.VersionService.StoreDBVersion(version + 10)
-		if err != nil {
-			log.Fatal(err)
-		}
-
-		err = store.Rollback(true)
-		if err != nil {
-			t.Logf("Rollback failed: %s", err)
-			t.Fail()
-			return
-		}
-
-		store.Open()
-		testVersion(store, version, t)
-	})
-}
--- a/api/bolt/migrator/migrate_ce.go
+++ b/api/bolt/migrator/migrate_ce.go
@@ -1,334 +0,0 @@
-package migrator
-
-import (
-	"fmt"
-
-	werrors "github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-)
-
-func migrationError(err error, context string) error {
-	return werrors.Wrap(err, "failed in "+context)
-}
-
-// Migrate checks the database version and migrate the existing data to the most recent data model.
-func (m *Migrator) Migrate() error {
-	// set DB to updating status
-	err := m.versionService.StoreIsUpdating(true)
-	if err != nil {
-		return migrationError(err, "StoreIsUpdating")
-	}
-
-	// Portainer < 1.12
-	if m.currentDBVersion < 1 {
-		err := m.updateAdminUserToDBVersion1()
-		if err != nil {
-			return migrationError(err, "updateAdminUserToDBVersion1")
-		}
-	}
-
-	// Portainer 1.12.x
-	if m.currentDBVersion < 2 {
-		err := m.updateResourceControlsToDBVersion2()
-		if err != nil {
-			return migrationError(err, "updateResourceControlsToDBVersion2")
-		}
-		err = m.updateEndpointsToDBVersion2()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToDBVersion2")
-		}
-	}
-
-	// Portainer 1.13.x
-	if m.currentDBVersion < 3 {
-		err := m.updateSettingsToDBVersion3()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDBVersion3")
-		}
-	}
-
-	// Portainer 1.14.0
-	if m.currentDBVersion < 4 {
-		err := m.updateEndpointsToDBVersion4()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToDBVersion4")
-		}
-	}
-
-	// https://github.com/portainer/portainer/issues/1235
-	if m.currentDBVersion < 5 {
-		err := m.updateSettingsToVersion5()
-		if err != nil {
-			return migrationError(err, "updateSettingsToVersion5")
-		}
-	}
-
-	// https://github.com/portainer/portainer/issues/1236
-	if m.currentDBVersion < 6 {
-		err := m.updateSettingsToVersion6()
-		if err != nil {
-			return migrationError(err, "updateSettingsToVersion6")
-		}
-	}
-
-	// https://github.com/portainer/portainer/issues/1449
-	if m.currentDBVersion < 7 {
-		err := m.updateSettingsToVersion7()
-		if err != nil {
-			return migrationError(err, "updateSettingsToVersion7")
-		}
-	}
-
-	if m.currentDBVersion < 8 {
-		err := m.updateEndpointsToVersion8()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToVersion8")
-		}
-	}
-
-	// https: //github.com/portainer/portainer/issues/1396
-	if m.currentDBVersion < 9 {
-		err := m.updateEndpointsToVersion9()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToVersion9")
-		}
-	}
-
-	// https://github.com/portainer/portainer/issues/461
-	if m.currentDBVersion < 10 {
-		err := m.updateEndpointsToVersion10()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToVersion10")
-		}
-	}
-
-	// https://github.com/portainer/portainer/issues/1906
-	if m.currentDBVersion < 11 {
-		err := m.updateEndpointsToVersion11()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToVersion11")
-		}
-	}
-
-	// Portainer 1.18.0
-	if m.currentDBVersion < 12 {
-		err := m.updateEndpointsToVersion12()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToVersion12")
-		}
-
-		err = m.updateEndpointGroupsToVersion12()
-		if err != nil {
-			return migrationError(err, "updateEndpointGroupsToVersion12")
-		}
-
-		err = m.updateStacksToVersion12()
-		if err != nil {
-			return migrationError(err, "updateStacksToVersion12")
-		}
-	}
-
-	// Portainer 1.19.0
-	if m.currentDBVersion < 13 {
-		err := m.updateSettingsToVersion13()
-		if err != nil {
-			return migrationError(err, "updateSettingsToVersion13")
-		}
-	}
-
-	// Portainer 1.19.2
-	if m.currentDBVersion < 14 {
-		err := m.updateResourceControlsToDBVersion14()
-		if err != nil {
-			return migrationError(err, "updateResourceControlsToDBVersion14")
-		}
-	}
-
-	// Portainer 1.20.0
-	if m.currentDBVersion < 15 {
-		err := m.updateSettingsToDBVersion15()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDBVersion15")
-		}
-
-		err = m.updateTemplatesToVersion15()
-		if err != nil {
-			return migrationError(err, "updateTemplatesToVersion15")
-		}
-	}
-
-	if m.currentDBVersion < 16 {
-		err := m.updateSettingsToDBVersion16()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDBVersion16")
-		}
-	}
-
-	// Portainer 1.20.1
-	if m.currentDBVersion < 17 {
-		err := m.updateExtensionsToDBVersion17()
-		if err != nil {
-			return migrationError(err, "updateExtensionsToDBVersion17")
-		}
-	}
-
-	// Portainer 1.21.0
-	if m.currentDBVersion < 18 {
-		err := m.updateUsersToDBVersion18()
-		if err != nil {
-			return migrationError(err, "updateUsersToDBVersion18")
-		}
-
-		err = m.updateEndpointsToDBVersion18()
-		if err != nil {
-			return migrationError(err, "updateEndpointsToDBVersion18")
-		}
-
-		err = m.updateEndpointGroupsToDBVersion18()
-		if err != nil {
-			return migrationError(err, "updateEndpointGroupsToDBVersion18")
-		}
-
-		err = m.updateRegistriesToDBVersion18()
-		if err != nil {
-			return migrationError(err, "updateRegistriesToDBVersion18")
-		}
-	}
-
-	// Portainer 1.22.0
-	if m.currentDBVersion < 19 {
-		err := m.updateSettingsToDBVersion19()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDBVersion19")
-		}
-	}
-
-	// Portainer 1.22.1
-	if m.currentDBVersion < 20 {
-		err := m.updateUsersToDBVersion20()
-		if err != nil {
-			return migrationError(err, "updateUsersToDBVersion20")
-		}
-
-		err = m.updateSettingsToDBVersion20()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDBVersion20")
-		}
-
-		err = m.updateSchedulesToDBVersion20()
-		if err != nil {
-			return migrationError(err, "updateSchedulesToDBVersion20")
-		}
-	}
-
-	// Portainer 1.23.0
-	// DBVersion 21 is missing as it was shipped as via hotfix 1.22.2
-	if m.currentDBVersion < 22 {
-		err := m.updateResourceControlsToDBVersion22()
-		if err != nil {
-			return migrationError(err, "updateResourceControlsToDBVersion22")
-		}
-
-		err = m.updateUsersAndRolesToDBVersion22()
-		if err != nil {
-			return migrationError(err, "updateUsersAndRolesToDBVersion22")
-		}
-	}
-
-	// Portainer 1.24.0
-	if m.currentDBVersion < 23 {
-		err := m.updateTagsToDBVersion23()
-		if err != nil {
-			return migrationError(err, "updateTagsToDBVersion23")
-		}
-
-		err = m.updateEndpointsAndEndpointGroupsToDBVersion23()
-		if err != nil {
-			return migrationError(err, "updateEndpointsAndEndpointGroupsToDBVersion23")
-		}
-	}
-
-	// Portainer 1.24.1
-	if m.currentDBVersion < 24 {
-		err := m.updateSettingsToDB24()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDB24")
-		}
-	}
-
-	// Portainer 2.0.0
-	if m.currentDBVersion < 25 {
-		err := m.updateSettingsToDB25()
-		if err != nil {
-			return migrationError(err, "updateSettingsToDB25")
-		}
-
-		err = m.updateStacksToDB24()
-		if err != nil {
-			return migrationError(err, "updateStacksToDB24")
-		}
-	}
-
-	// Portainer 2.1.0
-	if m.currentDBVersion < 26 {
-		err := m.updateEndpointSettingsToDB25()
-		if err != nil {
-			return migrationError(err, "updateEndpointSettingsToDB25")
-		}
-	}
-
-	// Portainer 2.2.0
-	if m.currentDBVersion < 27 {
-		err := m.updateStackResourceControlToDB27()
-		if err != nil {
-			return migrationError(err, "updateStackResourceControlToDB27")
-		}
-	}
-
-	// Portainer 2.6.0
-	if m.currentDBVersion < 30 {
-		err := m.migrateDBVersionToDB30()
-		if err != nil {
-			return migrationError(err, "migrateDBVersionToDB30")
-		}
-	}
-
-	// Portainer 2.9.0
-	if m.currentDBVersion < 32 {
-		err := m.migrateDBVersionToDB32()
-		if err != nil {
-			return migrationError(err, "migrateDBVersionToDB32")
-		}
-	}
-
-	// Portainer 2.9.1, 2.9.2
-	if m.currentDBVersion < 33 {
-		err := m.migrateDBVersionToDB33()
-		if err != nil {
-			return migrationError(err, "migrateDBVersionToDB33")
-		}
-	}
-
-	// Portainer 2.10
-	if m.currentDBVersion < 34 {
-		if err := m.migrateDBVersionToDB34(); err != nil {
-			return migrationError(err, "migrateDBVersionToDB34")
-		}
-	}
-
-	// Portainer 2.9.3 (yep out of order, but 2.10 is EE only)
-	if m.currentDBVersion < 35 {
-		if err := m.migrateDBVersionToDB35(); err != nil {
-			return migrationError(err, "migrateDBVersionToDB35")
-		}
-	}
-
-	err = m.versionService.StoreDBVersion(portainer.DBVersion)
-	if err != nil {
-		return migrationError(err, "StoreDBVersion")
-	}
-	migrateLog.Info(fmt.Sprintf("Updated DB version to %d", portainer.DBVersion))
-
-	// reset DB updating status
-	return m.versionService.StoreIsUpdating(false)
-}
--- a/api/bolt/migrator/migrate_dbversion31.go
+++ b/api/bolt/migrator/migrate_dbversion31.go
@@ -2,7 +2,6 @@ package migrator

 import (
 	"fmt"
-	"log"

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/errors"
@@ -25,14 +24,6 @@ func (m *Migrator) migrateDBVersionToDB32() error {
 		return err
 	}

-	if err := m.kubeconfigExpiryToDB32(); err != nil {
-		return err
-	}
-
-	if err := m.helmRepositoryURLToDB32(); err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -100,32 +91,6 @@ func (m *Migrator) updateDockerhubToDB32() error {
 		RegistryAccesses: portainer.RegistryAccesses{},
 	}

-	// The following code will make this function idempotent.
-	// i.e. if run again, it will not change the data.  It will ensure that
-	// we only have one migrated registry entry. Duplicates will be removed
-	// if they exist and which has been happening due to earlier migration bugs
-	migrated := false
-	registries, _ := m.registryService.Registries()
-	for _, r := range registries {
-		if r.Type == registry.Type &&
-			r.Name == registry.Name &&
-			r.URL == registry.URL &&
-			r.Authentication == registry.Authentication {
-
-			if !migrated {
-				// keep this one entry
-				migrated = true
-			} else {
-				// delete subsequent duplicates
-				m.registryService.DeleteRegistry(portainer.RegistryID(r.ID))
-			}
-		}
-	}
-
-	if migrated {
-		return nil
-	}
-
 	endpoints, err := m.endpointService.Endpoints()
 	if err != nil {
 		return err
@@ -169,7 +134,7 @@ func (m *Migrator) updateDockerhubToDB32() error {
 func (m *Migrator) updateVolumeResourceControlToDB32() error {
 	endpoints, err := m.endpointService.Endpoints()
 	if err != nil {
-		return fmt.Errorf("failed fetching environments: %w", err)
+		return fmt.Errorf("failed fetching endpoints: %w", err)
 	}

 	resourceControls, err := m.resourceControlService.ResourceControls()
@@ -194,7 +159,6 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {

 		totalSnapshots := len(endpoint.Snapshots)
 		if totalSnapshots == 0 {
-			log.Println("[DEBUG] [volume migration] [message: no snapshot found]")
 			continue
 		}

@@ -202,13 +166,11 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {

 		endpointDockerID, err := snapshotutils.FetchDockerID(snapshot)
 		if err != nil {
-			log.Printf("[WARN] [bolt,migrator,v31] [message: failed fetching environment docker id] [err: %s]", err)
-			continue
+			return fmt.Errorf("failed fetching endpoint docker id: %w", err)
 		}

 		if volumesData, done := snapshot.SnapshotRaw.Volumes.(map[string]interface{}); done {
 			if volumesData["Volumes"] == nil {
-				log.Println("[DEBUG] [volume migration] [message: no volume data found]")
 				continue
 			}

@@ -229,7 +191,7 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {
 			if err != nil {
 				return fmt.Errorf("failed deleting resource control %d: %w", resourceControl.ID, err)
 			}
-			log.Printf("[DEBUG] [volume migration] [message: legacy resource control(%s) has been deleted]", resourceControl.ResourceID)
+
 		}
 	}

@@ -240,16 +202,8 @@ func findResourcesToUpdateForDB32(dockerID string, volumesData map[string]interf
 	volumes := volumesData["Volumes"].([]interface{})
 	for _, volumeMeta := range volumes {
 		volume := volumeMeta.(map[string]interface{})
-		volumeName, nameExist := volume["Name"].(string)
-		if !nameExist {
-			continue
-		}
-		createTime, createTimeExist := volume["CreatedAt"].(string)
-		if !createTimeExist {
-			continue
-		}
-
-		oldResourceID := fmt.Sprintf("%s%s", volumeName, createTime)
+		volumeName := volume["Name"].(string)
+		oldResourceID := fmt.Sprintf("%s%s", volumeName, volume["CreatedAt"].(string))
 		resourceControl, ok := volumeResourceControls[oldResourceID]

 		if ok {
@@ -257,21 +211,3 @@ func findResourcesToUpdateForDB32(dockerID string, volumesData map[string]interf
 		}
 	}
 }
-
-func (m *Migrator) kubeconfigExpiryToDB32() error {
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-	settings.KubeconfigExpiry = portainer.DefaultKubeconfigExpiry
-	return m.settingsService.UpdateSettings(settings)
-}
-
-func (m *Migrator) helmRepositoryURLToDB32() error {
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-	settings.HelmRepositoryURL = portainer.DefaultHelmRepositoryURL
-	return m.settingsService.UpdateSettings(settings)
-}
--- a/api/bolt/migrator/migrate_dbversion32.go
+++ b/api/bolt/migrator/migrate_dbversion32.go
@@ -1,21 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) migrateDBVersionToDB33() error {
-	if err := m.migrateSettingsToDB33(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *Migrator) migrateSettingsToDB33() error {
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	settings.KubectlShellImage = portainer.DefaultKubectlShellImage
-	return m.settingsService.UpdateSettings(settings)
-}
--- a/api/bolt/migrator/migrate_dbversion33.go
+++ b/api/bolt/migrator/migrate_dbversion33.go
@@ -4,7 +4,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 )

-func (m *Migrator) migrateDBVersionToDB34() error {
+func (m *Migrator) migrateDBVersionTo33() error {
 	err := migrateStackEntryPoint(m.stackService)
 	if err != nil {
 		return err
--- a/api/bolt/migrator/migrate_dbversion33_test.go
+++ b/api/bolt/migrator/migrate_dbversion33_test.go
@@ -14,7 +14,7 @@ import (
 )

 func TestMigrateStackEntryPoint(t *testing.T) {
-	dbConn, err := bolt.Open(path.Join(t.TempDir(), "portainer-ee-mig-34.db"), 0600, &bolt.Options{Timeout: 1 * time.Second})
+	dbConn, err := bolt.Open(path.Join(t.TempDir(), "portainer-ee-mig-33.db"), 0600, &bolt.Options{Timeout: 1 * time.Second})
 	assert.NoError(t, err, "failed to init testing DB connection")
 	defer dbConn.Close()

--- a/api/bolt/migrator/migrate_dbversion34.go
+++ b/api/bolt/migrator/migrate_dbversion34.go
@@ -1,11 +0,0 @@
-package migrator
-
-func (m *Migrator) migrateDBVersionToDB35() error {
-	// These should have been migrated already, but due to an earlier bug and a bunch of duplicates,
-	// calling it again will now fix the issue as the function has been repaired.
-	err := m.updateDockerhubToDB32()
-	if err != nil {
-		return err
-	}
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion34_test.go
+++ b/api/bolt/migrator/migrate_dbversion34_test.go
@@ -1,108 +0,0 @@
-package migrator
-
-import (
-	"os"
-	"path"
-	"testing"
-	"time"
-
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/dockerhub"
-	"github.com/portainer/portainer/api/bolt/endpoint"
-	"github.com/portainer/portainer/api/bolt/internal"
-	"github.com/portainer/portainer/api/bolt/registry"
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	db35TestFile = "portainer-mig-35.db"
-	username     = "portainer"
-	password     = "password"
-)
-
-func setupDB35Test(t *testing.T) *Migrator {
-	is := assert.New(t)
-	dbConn, err := bolt.Open(path.Join(t.TempDir(), db35TestFile), 0600, &bolt.Options{Timeout: 1 * time.Second})
-	is.NoError(err, "failed to init testing DB connection")
-
-	// Create an old style dockerhub authenticated account
-	dockerhubService, err := dockerhub.NewService(&internal.DbConnection{DB: dbConn})
-	is.NoError(err, "failed to init testing registry service")
-	err = dockerhubService.UpdateDockerHub(&portainer.DockerHub{true, username, password})
-	is.NoError(err, "failed to create dockerhub account")
-
-	registryService, err := registry.NewService(&internal.DbConnection{DB: dbConn})
-	is.NoError(err, "failed to init testing registry service")
-
-	endpointService, err := endpoint.NewService(&internal.DbConnection{DB: dbConn})
-	is.NoError(err, "failed to init endpoint service")
-
-	m := &Migrator{
-		db:               dbConn,
-		dockerhubService: dockerhubService,
-		registryService:  registryService,
-		endpointService:  endpointService,
-	}
-
-	return m
-}
-
-// TestUpdateDockerhubToDB32 tests a normal upgrade
-func TestUpdateDockerhubToDB32(t *testing.T) {
-	is := assert.New(t)
-	m := setupDB35Test(t)
-	defer m.db.Close()
-	defer os.Remove(db35TestFile)
-
-	if err := m.updateDockerhubToDB32(); err != nil {
-		t.Errorf("failed to update settings: %v", err)
-	}
-
-	// Verify we have a single registry were created
-	registries, err := m.registryService.Registries()
-	is.NoError(err, "failed to read registries from the RegistryService")
-	is.Equal(len(registries), 1, "only one migrated registry expected")
-}
-
-// TestUpdateDockerhubToDB32_with_duplicate_migrations tests an upgrade where in earlier versions a broken migration
-// created a large number of duplicate "dockerhub migrated" registry entries.
-func TestUpdateDockerhubToDB32_with_duplicate_migrations(t *testing.T) {
-	is := assert.New(t)
-	m := setupDB35Test(t)
-	defer m.db.Close()
-	defer os.Remove(db35TestFile)
-
-	// Create lots of duplicate entries...
-	registry := &portainer.Registry{
-		Type:             portainer.DockerHubRegistry,
-		Name:             "Dockerhub (authenticated - migrated)",
-		URL:              "docker.io",
-		Authentication:   true,
-		Username:         "portainer",
-		Password:         "password",
-		RegistryAccesses: portainer.RegistryAccesses{},
-	}
-
-	for i := 1; i < 150; i++ {
-		err := m.registryService.CreateRegistry(registry)
-		assert.NoError(t, err, "create registry failed")
-	}
-
-	// Verify they were created
-	registries, err := m.registryService.Registries()
-	is.NoError(err, "failed to read registries from the RegistryService")
-	is.Condition(func() bool {
-		return len(registries) > 1
-	}, "expected multiple duplicate registry entries")
-
-	// Now run the migrator
-	if err := m.updateDockerhubToDB32(); err != nil {
-		t.Errorf("failed to update settings: %v", err)
-	}
-
-	// Verify we have a single registry were created
-	registries, err = m.registryService.Registries()
-	is.NoError(err, "failed to read registries from the RegistryService")
-	is.Equal(len(registries), 1, "only one migrated registry expected")
-}
--- a/api/bolt/migrator/migrator.go
+++ b/api/bolt/migrator/migrator.go
@@ -27,9 +27,8 @@ var migrateLog = plog.NewScopedLog("bolt, migrate")
 type (
 	// Migrator defines a service to migrate data after a Portainer version update.
 	Migrator struct {
-		db               *bolt.DB
-		currentDBVersion int
-
+		currentDBVersion        int
+		db                      *bolt.DB
 		endpointGroupService    *endpointgroup.Service
 		endpointService         *endpoint.Service
 		endpointRelationService *endpointrelation.Service
@@ -98,7 +97,295 @@ func NewMigrator(parameters *Parameters) *Migrator {
 	}
 }

-// Version exposes version of database
-func (migrator *Migrator) Version() int {
-	return migrator.currentDBVersion
+// Migrate checks the database version and migrate the existing data to the most recent data model.
+func (m *Migrator) Migrate() error {
+	// Portainer < 1.12
+	if m.currentDBVersion < 1 {
+		err := m.updateAdminUserToDBVersion1()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.12.x
+	if m.currentDBVersion < 2 {
+		err := m.updateResourceControlsToDBVersion2()
+		if err != nil {
+			return err
+		}
+		err = m.updateEndpointsToDBVersion2()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.13.x
+	if m.currentDBVersion < 3 {
+		err := m.updateSettingsToDBVersion3()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.14.0
+	if m.currentDBVersion < 4 {
+		err := m.updateEndpointsToDBVersion4()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https://github.com/portainer/portainer/issues/1235
+	if m.currentDBVersion < 5 {
+		err := m.updateSettingsToVersion5()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https://github.com/portainer/portainer/issues/1236
+	if m.currentDBVersion < 6 {
+		err := m.updateSettingsToVersion6()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https://github.com/portainer/portainer/issues/1449
+	if m.currentDBVersion < 7 {
+		err := m.updateSettingsToVersion7()
+		if err != nil {
+			return err
+		}
+	}
+
+	if m.currentDBVersion < 8 {
+		err := m.updateEndpointsToVersion8()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https: //github.com/portainer/portainer/issues/1396
+	if m.currentDBVersion < 9 {
+		err := m.updateEndpointsToVersion9()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https://github.com/portainer/portainer/issues/461
+	if m.currentDBVersion < 10 {
+		err := m.updateEndpointsToVersion10()
+		if err != nil {
+			return err
+		}
+	}
+
+	// https://github.com/portainer/portainer/issues/1906
+	if m.currentDBVersion < 11 {
+		err := m.updateEndpointsToVersion11()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.18.0
+	if m.currentDBVersion < 12 {
+		err := m.updateEndpointsToVersion12()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateEndpointGroupsToVersion12()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateStacksToVersion12()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.19.0
+	if m.currentDBVersion < 13 {
+		err := m.updateSettingsToVersion13()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.19.2
+	if m.currentDBVersion < 14 {
+		err := m.updateResourceControlsToDBVersion14()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.20.0
+	if m.currentDBVersion < 15 {
+		err := m.updateSettingsToDBVersion15()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateTemplatesToVersion15()
+		if err != nil {
+			return err
+		}
+	}
+
+	if m.currentDBVersion < 16 {
+		err := m.updateSettingsToDBVersion16()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.20.1
+	if m.currentDBVersion < 17 {
+		err := m.updateExtensionsToDBVersion17()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.21.0
+	if m.currentDBVersion < 18 {
+		err := m.updateUsersToDBVersion18()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateEndpointsToDBVersion18()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateEndpointGroupsToDBVersion18()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateRegistriesToDBVersion18()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.22.0
+	if m.currentDBVersion < 19 {
+		err := m.updateSettingsToDBVersion19()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.22.1
+	if m.currentDBVersion < 20 {
+		err := m.updateUsersToDBVersion20()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateSettingsToDBVersion20()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateSchedulesToDBVersion20()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.23.0
+	// DBVersion 21 is missing as it was shipped as via hotfix 1.22.2
+	if m.currentDBVersion < 22 {
+		err := m.updateResourceControlsToDBVersion22()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateUsersAndRolesToDBVersion22()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.24.0
+	if m.currentDBVersion < 23 {
+		err := m.updateTagsToDBVersion23()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateEndpointsAndEndpointGroupsToDBVersion23()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.24.1
+	if m.currentDBVersion < 24 {
+		err := m.updateSettingsToDB24()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 2.0.0
+	if m.currentDBVersion < 25 {
+		err := m.updateSettingsToDB25()
+		if err != nil {
+			return err
+		}
+
+		err = m.updateStacksToDB24()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 2.1.0
+	if m.currentDBVersion < 26 {
+		err := m.updateEndpointSettingsToDB25()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 2.2.0
+	if m.currentDBVersion < 27 {
+		err := m.updateStackResourceControlToDB27()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 2.6.0
+	if m.currentDBVersion < 30 {
+		err := m.migrateDBVersionToDB30()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 2.9.0
+	if m.currentDBVersion < 32 {
+		err := m.migrateDBVersionToDB32()
+		if err != nil {
+			return err
+		}
+	}
+
+	if m.currentDBVersion < 33 {
+		if err := m.migrateDBVersionTo33(); err != nil {
+			return err
+		}
+	}
+
+	return m.versionService.StoreDBVersion(portainer.DBVersion)
 }
--- a/api/bolt/registry/registry.go
+++ b/api/bolt/registry/registry.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "registries"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/resourcecontrol/resourcecontrol.go
+++ b/api/bolt/resourcecontrol/resourcecontrol.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "resource_control"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/role/role.go
+++ b/api/bolt/role/role.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "roles"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/services.go
+++ b/api/bolt/services.go
@@ -11,7 +11,6 @@ import (
 	"github.com/portainer/portainer/api/bolt/endpointgroup"
 	"github.com/portainer/portainer/api/bolt/endpointrelation"
 	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/helmuserrepository"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
 	"github.com/portainer/portainer/api/bolt/role"
@@ -89,12 +88,6 @@ func (store *Store) initServices() error {
 	}
 	store.ExtensionService = extensionService

-	helmUserRepositoryService, err := helmuserrepository.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.HelmUserRepositoryService = helmUserRepositoryService
-
 	registryService, err := registry.NewService(store.connection)
 	if err != nil {
 		return err
@@ -196,7 +189,7 @@ func (store *Store) EdgeStack() portainer.EdgeStackService {
 	return store.EdgeStackService
 }

-// Environment(Endpoint) gives access to the Environment(Endpoint) data management layer
+// Endpoint gives access to the Endpoint data management layer
 func (store *Store) Endpoint() portainer.EndpointService {
 	return store.EndpointService
 }
@@ -211,11 +204,6 @@ func (store *Store) EndpointRelation() portainer.EndpointRelationService {
 	return store.EndpointRelationService
 }

-// HelmUserRepository access the helm user repository settings
-func (store *Store) HelmUserRepository() portainer.HelmUserRepositoryService {
-	return store.HelmUserRepositoryService
-}
-
 // Registry gives access to the Registry data management layer
 func (store *Store) Registry() portainer.RegistryService {
 	return store.RegistryService
--- a/api/bolt/settings/settings.go
+++ b/api/bolt/settings/settings.go
@@ -11,7 +11,7 @@ const (
 	settingsKey = "SETTINGS"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/stack/stack.go
+++ b/api/bolt/stack/stack.go
@@ -16,7 +16,7 @@ const (
 	BucketName = "stacks"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
@@ -192,8 +192,8 @@ func (service *Service) RefreshableStacks() ([]portainer.Stack, error) {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

+		var stack portainer.Stack
 		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			stack := portainer.Stack{}
 			err := internal.UnmarshalObject(v, &stack)
 			if err != nil {
 				return err
--- a/api/bolt/stack/tests/stack_test.go
+++ b/api/bolt/stack/tests/stack_test.go
@@ -4,12 +4,18 @@ import (
 	"testing"
 	"time"

-	"github.com/gofrs/uuid"
-	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
+
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
-	"github.com/portainer/portainer/api/filesystem"
+
+	"github.com/portainer/portainer/api/bolt/bolttest"
+
+	"github.com/gofrs/uuid"
+
 	"github.com/stretchr/testify/assert"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/filesystem"
 )

 func newGuidString(t *testing.T) string {
@@ -29,7 +35,7 @@ func TestService_StackByWebhookID(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping test in short mode. Normally takes ~1s to run.")
 	}
-	store, teardown := bolt.MustNewTestStore(true)
+	store, teardown := bolttest.MustNewTestStore(true)
 	defer teardown()

 	b := stackBuilder{t: t, store: store}
@@ -87,7 +93,7 @@ func Test_RefreshableStacks(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping test in short mode. Normally takes ~1s to run.")
 	}
-	store, teardown := bolt.MustNewTestStore(true)
+	store, teardown := bolttest.MustNewTestStore(true)
 	defer teardown()

 	staticStack := portainer.Stack{ID: 1}
--- a/api/bolt/tag/tag.go
+++ b/api/bolt/tag/tag.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "tags"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/team/team.go
+++ b/api/bolt/team/team.go
@@ -15,7 +15,7 @@ const (
 	BucketName = "teams"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/teammembership/teammembership.go
+++ b/api/bolt/teammembership/teammembership.go
@@ -12,7 +12,7 @@ const (
 	BucketName = "team_membership"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/tunnelserver/tunnelserver.go
+++ b/api/bolt/tunnelserver/tunnelserver.go
@@ -11,7 +11,7 @@ const (
 	infoKey    = "INFO"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/user/user.go
+++ b/api/bolt/user/user.go
@@ -15,7 +15,7 @@ const (
 	BucketName = "users"
 )

-// Service represents a service for managing environment(endpoint) data.
+// Service represents a service for managing endpoint data.
 type Service struct {
 	connection *internal.DbConnection
 }
--- a/api/bolt/version/version.go
+++ b/api/bolt/version/version.go
@@ -15,7 +15,6 @@ const (
 	versionKey  = "DB_VERSION"
 	instanceKey = "INSTANCE_ID"
 	editionKey  = "EDITION"
-	updatingKey = "DB_UPDATING"
 )

 // Service represents a service to manage stored versions.
@@ -84,21 +83,6 @@ func (service *Service) StoreDBVersion(version int) error {
 	})
 }

-// IsUpdating retrieves the database updating status.
-func (service *Service) IsUpdating() (bool, error) {
-	isUpdating, err := service.getKey(updatingKey)
-	if err != nil {
-		return false, err
-	}
-
-	return strconv.ParseBool(string(isUpdating))
-}
-
-// StoreIsUpdating store the database updating status.
-func (service *Service) StoreIsUpdating(isUpdating bool) error {
-	return service.setKey(updatingKey, strconv.FormatBool(isUpdating))
-}
-
 // InstanceID retrieves the stored instance ID.
 func (service *Service) InstanceID() (string, error) {
 	var data []byte
--- a/api/chisel/schedules.go
+++ b/api/chisel/schedules.go
@@ -6,7 +6,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 )

-// AddEdgeJob register an EdgeJob inside the tunnel details associated to an environment(endpoint).
+// AddEdgeJob register an EdgeJob inside the tunnel details associated to an endpoint.
 func (service *Service) AddEdgeJob(endpointID portainer.EndpointID, edgeJob *portainer.EdgeJob) {
 	tunnel := service.GetTunnelDetails(endpointID)

--- a/api/chisel/service.go
+++ b/api/chisel/service.go
@@ -3,9 +3,7 @@ package chisel
 import (
 	"context"
 	"fmt"
-	"github.com/portainer/portainer/api/http/proxy"
 	"log"
-	"net/http"
 	"strconv"
 	"time"

@@ -33,7 +31,6 @@ type Service struct {
 	snapshotService   portainer.SnapshotService
 	chiselServer      *chserver.Server
 	shutdownCtx       context.Context
-	ProxyManager      *proxy.Manager
 }

 // NewService returns a pointer to a new instance of Service
@@ -45,55 +42,6 @@ func NewService(dataStore portainer.DataStore, shutdownCtx context.Context) *Ser
 	}
 }

-// pingAgent ping the given agent so that the agent can keep the tunnel alive
-func (service *Service) pingAgent(endpointID portainer.EndpointID) error{
-	tunnel := service.GetTunnelDetails(endpointID)
-	requestURL := fmt.Sprintf("http://127.0.0.1:%d/ping", tunnel.Port)
-	req, err := http.NewRequest(http.MethodHead, requestURL, nil)
-	if err != nil {
-		return err
-	}
-
-	httpClient := &http.Client{
-		Timeout: 3 * time.Second,
-	}
-	_, err = httpClient.Do(req)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// KeepTunnelAlive keeps the tunnel of the given environment for maxAlive duration, or until ctx is done
-func (service *Service) KeepTunnelAlive(endpointID portainer.EndpointID, ctx context.Context, maxAlive time.Duration) {
-	go func() {
-		log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: start for %.0f minutes]\n", endpointID, maxAlive.Minutes())
-		maxAliveTicker := time.NewTicker(maxAlive)
-		defer maxAliveTicker.Stop()
-		pingTicker := time.NewTicker(tunnelCleanupInterval)
-		defer pingTicker.Stop()
-
-		for {
-			select {
-			case <-pingTicker.C:
-				service.SetTunnelStatusToActive(endpointID)
-				err := service.pingAgent(endpointID)
-				if err != nil {
-					log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [warning: ping agent err=%s]\n", endpointID, err)
-				}
-			case <-maxAliveTicker.C:
-				log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: stop as %.0f minutes timeout]\n", endpointID, maxAlive.Minutes())
-				return
-			case <-ctx.Done():
-				err := ctx.Err()
-				log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: stop as err=%s]\n", endpointID, err)
-				return
-			}
-		}
-	}()
-}
-
 // StartTunnelServer starts a tunnel server on the specified addr and port.
 // It uses a seed to generate a new private/public key pair. If the seed cannot
 // be found inside the database, it will generate a new one randomly and persist it.
@@ -193,7 +141,7 @@ func (service *Service) checkTunnels() {
 		}

 		elapsed := time.Since(tunnel.LastActivity)
-		log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [message: environment tunnel monitoring]", item.Key, tunnel.Status, elapsed.Seconds())
+		log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [message: endpoint tunnel monitoring]", item.Key, tunnel.Status, elapsed.Seconds())

 		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() < requiredTimeout.Seconds() {
 			continue
@@ -208,22 +156,27 @@ func (service *Service) checkTunnels() {

 			endpointID, err := strconv.Atoi(item.Key)
 			if err != nil {
-				log.Printf("[ERROR] [chisel,snapshot,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
+				log.Printf("[ERROR] [chisel,snapshot,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
 			}

 			err = service.snapshotEnvironment(portainer.EndpointID(endpointID), tunnel.Port)
 			if err != nil {
-				log.Printf("[ERROR] [snapshot] Unable to snapshot Edge environment (id: %s): %s", item.Key, err)
+				log.Printf("[ERROR] [snapshot] Unable to snapshot Edge endpoint (id: %s): %s", item.Key, err)
 			}
 		}

-		endpointID, err := strconv.Atoi(item.Key)
-		if err != nil {
-			log.Printf("[ERROR] [chisel,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
-			continue
+		if len(tunnel.Jobs) > 0 {
+			endpointID, err := strconv.Atoi(item.Key)
+			if err != nil {
+				log.Printf("[ERROR] [chisel,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
+				continue
+			}
+
+			service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
+		} else {
+			service.tunnelDetailsMap.Remove(item.Key)
 		}

-		service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
 	}
 }

--- a/api/chisel/tunnel.go
+++ b/api/chisel/tunnel.go
@@ -38,7 +38,7 @@ func randomInt(min, max int) int {
 	return min + rand.Intn(max-min)
 }

-// GetTunnelDetails returns information about the tunnel associated to an environment(endpoint).
+// GetTunnelDetails returns information about the tunnel associated to an endpoint.
 func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
 	key := strconv.Itoa(int(endpointID))

@@ -56,39 +56,7 @@ func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *porta
 	}
 }

-// GetActiveTunnel retrieves an active tunnel which allows communicating with edge agent
-func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (*portainer.TunnelDetails, error) {
-	tunnel := service.GetTunnelDetails(endpoint.ID)
-
-	if tunnel.Status == portainer.EdgeAgentActive {
-		// update the LastActivity
-		service.SetTunnelStatusToActive(endpoint.ID)
-	}
-
-	if tunnel.Status == portainer.EdgeAgentIdle || tunnel.Status == portainer.EdgeAgentManagementRequired {
-		err := service.SetTunnelStatusToRequired(endpoint.ID)
-		if err != nil {
-			return nil, fmt.Errorf("failed opening tunnel to endpoint: %w", err)
-		}
-
-		if endpoint.EdgeCheckinInterval == 0 {
-			settings, err := service.dataStore.Settings().Settings()
-			if err != nil {
-				return nil, fmt.Errorf("failed fetching settings from db: %w", err)
-			}
-
-			endpoint.EdgeCheckinInterval = settings.EdgeAgentCheckinInterval
-		}
-
-		time.Sleep(2 * time.Duration(endpoint.EdgeCheckinInterval) * time.Second)
-	}
-
-	tunnel = service.GetTunnelDetails(endpoint.ID)
-
-	return tunnel, nil
-}
-
-// SetTunnelStatusToActive update the status of the tunnel associated to the specified environment(endpoint).
+// SetTunnelStatusToActive update the status of the tunnel associated to the specified endpoint.
 // It sets the status to ACTIVE.
 func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID) {
 	tunnel := service.GetTunnelDetails(endpointID)
@@ -100,7 +68,7 @@ func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID)
 	service.tunnelDetailsMap.Set(key, tunnel)
 }

-// SetTunnelStatusToIdle update the status of the tunnel associated to the specified environment(endpoint).
+// SetTunnelStatusToIdle update the status of the tunnel associated to the specified endpoint.
 // It sets the status to IDLE.
 // It removes any existing credentials associated to the tunnel.
 func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
@@ -118,15 +86,13 @@ func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {

 	key := strconv.Itoa(int(endpointID))
 	service.tunnelDetailsMap.Set(key, tunnel)
-
-	service.ProxyManager.DeleteEndpointProxy(endpointID)
 }

-// SetTunnelStatusToRequired update the status of the tunnel associated to the specified environment(endpoint).
+// SetTunnelStatusToRequired update the status of the tunnel associated to the specified endpoint.
 // It sets the status to REQUIRED.
 // If no port is currently associated to the tunnel, it will associate a random unused port to the tunnel
 // and generate temporary credentials that can be used to establish a reverse tunnel on that port.
-// Credentials are encrypted using the Edge ID associated to the environment(endpoint).
+// Credentials are encrypted using the Edge ID associated to the endpoint.
 func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
 	tunnel := service.GetTunnelDetails(endpointID)

--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -18,7 +18,7 @@ import (
 type Service struct{}

 var (
-	errInvalidEndpointProtocol       = errors.New("Invalid environment protocol: Portainer only supports unix://, npipe:// or tcp://")
+	errInvalidEndpointProtocol       = errors.New("Invalid endpoint protocol: Portainer only supports unix://, npipe:// or tcp://")
 	errSocketOrNamedPipeNotFound     = errors.New("Unable to locate Unix socket or named pipe")
 	errInvalidSnapshotInterval       = errors.New("Invalid snapshot interval")
 	errAdminPassExcludeAdminPassFile = errors.New("Cannot use --admin-password with --admin-password-file")
@@ -35,8 +35,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
-		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
-		FeatureFlags:              BoolPairs(kingpin.Flag("feat", "List of feature flags").Hidden()),
+		EndpointURL:               kingpin.Flag("host", "Endpoint URL").Short('H').String(),
 		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
 		NoAnalytics:               kingpin.Flag("no-analytics", "Disable Analytics in app (deprecated)").Bool(),
 		TLS:                       kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),
@@ -48,8 +47,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		SSL:                       kingpin.Flag("ssl", "Secure Portainer instance using SSL (deprecated)").Default(defaultSSL).Bool(),
 		SSLCert:                   kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").String(),
 		SSLKey:                    kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").String(),
-		Rollback:                  kingpin.Flag("rollback", "Rollback the database store to the previous version").Bool(),
-		SnapshotInterval:          kingpin.Flag("snapshot-interval", "Duration between each environment snapshot job").Default(defaultSnapshotInterval).String(),
+		SnapshotInterval:          kingpin.Flag("snapshot-interval", "Duration between each endpoint snapshot job").Default(defaultSnapshotInterval).String(),
 		AdminPassword:             kingpin.Flag("admin-password", "Hashed admin password").String(),
 		AdminPasswordFile:         kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
 		Labels:                    pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
--- a/api/cli/confirm.go
+++ b/api/cli/confirm.go
@@ -1,24 +0,0 @@
-package cli
-
-import (
-	"bufio"
-	"log"
-	"os"
-	"strings"
-)
-
-// Confirm starts a rollback db cli application
-func Confirm(message string) (bool, error) {
-	log.Printf("%s [y/N]", message)
-
-	reader := bufio.NewReader(os.Stdin)
-	answer, err := reader.ReadString('\n')
-	if err != nil {
-		return false, err
-	}
-	answer = strings.Replace(answer, "\n", "", -1)
-	answer = strings.ToLower(answer)
-
-	return answer == "y" || answer == "yes", nil
-
-}
--- a/api/cli/pairlist.go
+++ b/api/cli/pairlist.go
@@ -1,12 +1,11 @@
 package cli

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"

 	"fmt"
-	"strings"
-
 	"gopkg.in/alecthomas/kingpin.v2"
+	"strings"
 )

 type pairList []portainer.Pair
--- a/api/cli/pairlistbool.go
+++ b/api/cli/pairlistbool.go
@@ -1,45 +0,0 @@
-package cli
-
-import (
-	portainer "github.com/portainer/portainer/api"
-
-	"strings"
-
-	"gopkg.in/alecthomas/kingpin.v2"
-)
-
-type pairListBool []portainer.Pair
-
-// Set implementation for a list of portainer.Pair
-func (l *pairListBool) Set(value string) error {
-	p := new(portainer.Pair)
-
-	// default to true.  example setting=true is equivalent to setting
-	parts := strings.SplitN(value, "=", 2)
-	if len(parts) != 2 {
-		p.Name = parts[0]
-		p.Value = "true"
-	} else {
-		p.Name = parts[0]
-		p.Value = parts[1]
-	}
-
-	*l = append(*l, *p)
-	return nil
-}
-
-// String implementation for a list of pair
-func (l *pairListBool) String() string {
-	return ""
-}
-
-// IsCumulative implementation for a list of pair
-func (l *pairListBool) IsCumulative() bool {
-	return true
-}
-
-func BoolPairs(s kingpin.Settings) (target *[]portainer.Pair) {
-	target = new([]portainer.Pair)
-	s.SetValue((*pairListBool)(target))
-	return
-}
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -2,23 +2,20 @@ package main

 import (
 	"context"
-	"fmt"
 	"log"
 	"os"
-	"strconv"
 	"strings"

-	"github.com/portainer/libhelm"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
 	"github.com/portainer/portainer/api/chisel"
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/docker"
+
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
 	"github.com/portainer/portainer/api/git"
-	"github.com/portainer/portainer/api/hostmanagement/openamt"
 	"github.com/portainer/portainer/api/http"
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/api/http/proxy"
@@ -31,6 +28,7 @@ import (
 	"github.com/portainer/portainer/api/kubernetes"
 	kubecli "github.com/portainer/portainer/api/kubernetes/cli"
 	"github.com/portainer/portainer/api/ldap"
+	"github.com/portainer/portainer/api/libcompose"
 	"github.com/portainer/portainer/api/oauth"
 	"github.com/portainer/portainer/api/scheduler"
 	"github.com/portainer/portainer/api/stacks"
@@ -58,22 +56,15 @@ func initFileService(dataStorePath string) portainer.FileService {
 	return fileService
 }

-func initDataStore(dataStorePath string, rollback bool, fileService portainer.FileService, shutdownCtx context.Context) portainer.DataStore {
-	store := bolt.NewStore(dataStorePath, fileService)
-	err := store.Open()
+func initDataStore(dataStorePath string, fileService portainer.FileService, shutdownCtx context.Context) portainer.DataStore {
+	store, err := bolt.NewStore(dataStorePath, fileService)
 	if err != nil {
-		log.Fatalf("failed opening store: %v", err)
+		log.Fatalf("failed creating data store: %v", err)
 	}

-	if rollback {
-		err := store.Rollback(false)
-		if err != nil {
-			log.Fatalf("failed rolling back: %s", err)
-		}
-
-		log.Println("Exiting rollback")
-		os.Exit(0)
-		return nil
+	err = store.Open()
+	if err != nil {
+		log.Fatalf("failed opening store: %v", err)
 	}

 	err = store.Init()
@@ -95,25 +86,22 @@ func shutdownDatastore(shutdownCtx context.Context, datastore portainer.DataStor
 	datastore.Close()
 }

-func initComposeStackManager(assetsPath string, configPath string, reverseTunnelService portainer.ReverseTunnelService, proxyManager *proxy.Manager) portainer.ComposeStackManager {
-	composeWrapper, err := exec.NewComposeStackManager(assetsPath, configPath, proxyManager)
+func initComposeStackManager(assetsPath string, dataStorePath string, reverseTunnelService portainer.ReverseTunnelService, proxyManager *proxy.Manager) portainer.ComposeStackManager {
+	composeWrapper, err := exec.NewComposeStackManager(assetsPath, dataStorePath, proxyManager)
 	if err != nil {
-		log.Fatalf("failed creating compose manager: %s", err)
+		log.Printf("[INFO] [main,compose] [message: falling-back to libcompose] [error: %s]", err)
+		return libcompose.NewComposeStackManager(dataStorePath, reverseTunnelService)
 	}

 	return composeWrapper
 }

-func initSwarmStackManager(assetsPath string, configPath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (portainer.SwarmStackManager, error) {
-	return exec.NewSwarmStackManager(assetsPath, configPath, signatureService, fileService, reverseTunnelService)
+func initSwarmStackManager(assetsPath string, dataStorePath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (portainer.SwarmStackManager, error) {
+	return exec.NewSwarmStackManager(assetsPath, dataStorePath, signatureService, fileService, reverseTunnelService)
 }

-func initKubernetesDeployer(kubernetesTokenCacheManager *kubeproxy.TokenCacheManager, kubernetesClientFactory *kubecli.ClientFactory, dataStore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, signatureService portainer.DigitalSignatureService, proxyManager *proxy.Manager, assetsPath string) portainer.KubernetesDeployer {
-	return exec.NewKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, signatureService, proxyManager, assetsPath)
-}
-
-func initHelmPackageManager(assetsPath string) (libhelm.HelmPackageManager, error) {
-	return libhelm.NewHelmPackageManager(libhelm.HelmConfig{BinaryPath: assetsPath})
+func initKubernetesDeployer(kubernetesTokenCacheManager *kubeproxy.TokenCacheManager, kubernetesClientFactory *kubecli.ClientFactory, dataStore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, signatureService portainer.DigitalSignatureService, assetsPath string) portainer.KubernetesDeployer {
+	return exec.NewKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, signatureService, assetsPath)
 }

 func initJWTService(dataStore portainer.DataStore) (portainer.JWTService, error) {
@@ -126,7 +114,7 @@ func initJWTService(dataStore portainer.DataStore) (portainer.JWTService, error)
 		settings.UserSessionTimeout = portainer.DefaultUserSessionTimeout
 		dataStore.Settings().UpdateSettings(settings)
 	}
-	jwtService, err := jwt.NewService(settings.UserSessionTimeout, dataStore)
+	jwtService, err := jwt.NewService(settings.UserSessionTimeout)
 	if err != nil {
 		return nil, err
 	}
@@ -239,49 +227,6 @@ func updateSettingsFromFlags(dataStore portainer.DataStore, flags *portainer.CLI
 	return nil
 }

-// enableFeaturesFromFlags turns on or off feature flags
-// e.g.  portainer --feat open-amt --feat fdo=true ... (defaults to true)
-// note, settings are persisted to the DB. To turn off `--feat open-amt=false`
-func enableFeaturesFromFlags(dataStore portainer.DataStore, flags *portainer.CLIFlags) error {
-	settings, err := dataStore.Settings().Settings()
-	if err != nil {
-		return err
-	}
-
-	if settings.FeatureFlagSettings == nil {
-		settings.FeatureFlagSettings = make(map[portainer.Feature]bool)
-	}
-
-	// loop through feature flags to check if they are supported
-	for _, feat := range *flags.FeatureFlags {
-		var correspondingFeature *portainer.Feature
-		for i, supportedFeat := range portainer.SupportedFeatureFlags {
-			if strings.EqualFold(feat.Name, string(supportedFeat)) {
-				correspondingFeature = &portainer.SupportedFeatureFlags[i]
-			}
-		}
-
-		if correspondingFeature == nil {
-			return fmt.Errorf("unknown feature flag '%s'", feat.Name)
-		}
-
-		featureState, err := strconv.ParseBool(feat.Value)
-		if err != nil {
-			return fmt.Errorf("feature flag's '%s' value should be true or false", feat.Name)
-		}
-
-		if featureState {
-			log.Printf("Feature %v : on", *correspondingFeature)
-		} else {
-			log.Printf("Feature %v : off", *correspondingFeature)
-		}
-
-		settings.FeatureFlagSettings[*correspondingFeature] = featureState
-	}
-
-	return dataStore.Settings().UpdateSettings(settings)
-}
-
 func loadAndParseKeyPair(fileService portainer.FileService, signatureService portainer.DigitalSignatureService) error {
 	private, public, err := fileService.LoadKeyPair()
 	if err != nil {
@@ -373,7 +318,7 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore portainer.Dat

 	err := snapshotService.SnapshotEndpoint(endpoint)
 	if err != nil {
-		log.Printf("http error: environment snapshot error (environment=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
+		log.Printf("http error: endpoint snapshot error (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
 	}

 	return dataStore.Endpoint().CreateEndpoint(endpoint)
@@ -419,7 +364,7 @@ func createUnsecuredEndpoint(endpointURL string, dataStore portainer.DataStore,

 	err := snapshotService.SnapshotEndpoint(endpoint)
 	if err != nil {
-		log.Printf("http error: environment snapshot error (environment=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
+		log.Printf("http error: endpoint snapshot error (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
 	}

 	return dataStore.Endpoint().CreateEndpoint(endpoint)
@@ -436,7 +381,7 @@ func initEndpoint(flags *portainer.CLIFlags, dataStore portainer.DataStore, snap
 	}

 	if len(endpoints) > 0 {
-		log.Println("Instance already has defined environments. Skipping the environment defined via CLI.")
+		log.Println("Instance already has defined endpoints. Skipping the endpoint defined via CLI.")
 		return nil
 	}

@@ -451,7 +396,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	fileService := initFileService(*flags.Data)

-	dataStore := initDataStore(*flags.Data, *flags.Rollback, fileService, shutdownCtx)
+	dataStore := initDataStore(*flags.Data, fileService, shutdownCtx)

 	if err := dataStore.CheckCurrentEdition(); err != nil {
 		log.Fatal(err)
@@ -468,8 +413,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	gitService := initGitService()

-	openAMTService := openamt.NewService()
-
 	cryptoService := initCryptoService()

 	digitalSignatureService := initDigitalSignatureService()
@@ -479,11 +422,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatal(err)
 	}

-	sslSettings, err := sslService.GetSSLSettings()
-	if err != nil {
-		log.Fatalf("failed to get ssl settings: %s", err)
-	}
-
 	err = initKeyPair(fileService, digitalSignatureService)
 	if err != nil {
 		log.Fatalf("failed initializing key pai: %v", err)
@@ -508,29 +446,16 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	authorizationService := authorization.NewService(dataStore)
 	authorizationService.K8sClientFactory = kubernetesClientFactory

+	swarmStackManager, err := initSwarmStackManager(*flags.Assets, *flags.Data, digitalSignatureService, fileService, reverseTunnelService)
+	if err != nil {
+		log.Fatalf("failed initializing swarm stack manager: %v", err)
+	}
 	kubernetesTokenCacheManager := kubeproxy.NewTokenCacheManager()
-
-	kubeConfigService := kubernetes.NewKubeConfigCAService(*flags.AddrHTTPS, sslSettings.CertPath)
-
 	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)

-	reverseTunnelService.ProxyManager = proxyManager
+	composeStackManager := initComposeStackManager(*flags.Assets, *flags.Data, reverseTunnelService, proxyManager)

-	dockerConfigPath := fileService.GetDockerConfigPath()
-
-	composeStackManager := initComposeStackManager(*flags.Assets, dockerConfigPath, reverseTunnelService, proxyManager)
-
-	swarmStackManager, err := initSwarmStackManager(*flags.Assets, dockerConfigPath, digitalSignatureService, fileService, reverseTunnelService)
-	if err != nil {
-		log.Fatalf("failed initializing swarm stack manager: %s", err)
-	}
-
-	kubernetesDeployer := initKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, digitalSignatureService, proxyManager, *flags.Assets)
-
-	helmPackageManager, err := initHelmPackageManager(*flags.Assets)
-	if err != nil {
-		log.Fatalf("failed initializing helm package manager: %s", err)
-	}
+	kubernetesDeployer := initKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, digitalSignatureService, *flags.Assets)

 	if dataStore.IsNew() {
 		err = updateSettingsFromFlags(dataStore, flags)
@@ -539,11 +464,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		}
 	}

-	err = enableFeaturesFromFlags(dataStore, flags)
-	if err != nil {
-		log.Fatalf("failed enabling feature flag: %v", err)
-	}
-
 	err = edge.LoadEdgeJobs(dataStore, reverseTunnelService)
 	if err != nil {
 		log.Fatalf("failed loading edge jobs from database: %v", err)
@@ -553,12 +473,12 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	err = initEndpoint(flags, dataStore, snapshotService)
 	if err != nil {
-		log.Fatalf("failed initializing environment: %v", err)
+		log.Fatalf("failed initializing endpoint: %v", err)
 	}

 	adminPasswordHash := ""
 	if *flags.AdminPasswordFile != "" {
-		content, err := fileService.GetFileContent(*flags.AdminPasswordFile, "")
+		content, err := fileService.GetFileContent(*flags.AdminPasswordFile)
 		if err != nil {
 			log.Fatalf("failed getting admin password file: %v", err)
 		}
@@ -597,13 +517,13 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatalf("failed starting tunnel server: %s", err)
 	}

-	sslDBSettings, err := dataStore.SSLSettings().Settings()
+	sslSettings, err := dataStore.SSLSettings().Settings()
 	if err != nil {
 		log.Fatalf("failed to fetch ssl settings from DB")
 	}

 	scheduler := scheduler.NewScheduler(shutdownCtx)
-	stackDeployer := stacks.NewStackDeployer(swarmStackManager, composeStackManager, kubernetesDeployer)
+	stackDeployer := stacks.NewStackDeployer(swarmStackManager, composeStackManager)
 	stacks.StartStackSchedules(scheduler, stackDeployer, dataStore, gitService)

 	return &http.Server{
@@ -612,23 +532,20 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		Status:                      applicationStatus,
 		BindAddress:                 *flags.Addr,
 		BindAddressHTTPS:            *flags.AddrHTTPS,
-		HTTPEnabled:                 sslDBSettings.HTTPEnabled,
+		HTTPEnabled:                 sslSettings.HTTPEnabled,
 		AssetsPath:                  *flags.Assets,
 		DataStore:                   dataStore,
 		SwarmStackManager:           swarmStackManager,
 		ComposeStackManager:         composeStackManager,
 		KubernetesDeployer:          kubernetesDeployer,
-		HelmPackageManager:          helmPackageManager,
 		CryptoService:               cryptoService,
 		JWTService:                  jwtService,
 		FileService:                 fileService,
 		LDAPService:                 ldapService,
 		OAuthService:                oauthService,
 		GitService:                  gitService,
-		OpenAMTService:              openAMTService,
 		ProxyManager:                proxyManager,
 		KubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		KubeConfigService:           kubeConfigService,
 		SignatureService:            digitalSignatureService,
 		SnapshotService:             snapshotService,
 		SSLService:                  sslService,
--- a/api/cmd/portainer/main_test.go
+++ b/api/cmd/portainer/main_test.go
@@ -1,114 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt"
-	"github.com/portainer/portainer/api/cli"
-	"github.com/stretchr/testify/assert"
-	"gopkg.in/alecthomas/kingpin.v2"
-)
-
-type mockKingpinSetting string
-
-func (m mockKingpinSetting) SetValue(value kingpin.Value) {
-	value.Set(string(m))
-}
-
-func Test_enableFeaturesFromFlags(t *testing.T) {
-	is := assert.New(t)
-
-	store, teardown := bolt.MustNewTestStore(true)
-	defer teardown()
-
-	tests := []struct {
-		featureFlag string
-		isSupported bool
-	}{
-		{"test", false},
-		{"openamt", false},
-		{"open-amt", true},
-		{"oPeN-amT", true},
-		{"fdo", true},
-		{"FDO", true},
-	}
-	for _, test := range tests {
-		t.Run(fmt.Sprintf("%s succeeds:%v", test.featureFlag, test.isSupported), func(t *testing.T) {
-			mockKingpinSetting := mockKingpinSetting(test.featureFlag)
-			flags := &portainer.CLIFlags{FeatureFlags: cli.BoolPairs(mockKingpinSetting)}
-			err := enableFeaturesFromFlags(store, flags)
-			if test.isSupported {
-				is.NoError(err)
-			} else {
-				is.Error(err)
-			}
-		})
-	}
-
-	t.Run("passes for all supported feature flags", func(t *testing.T) {
-		for _, flag := range portainer.SupportedFeatureFlags {
-			mockKingpinSetting := mockKingpinSetting(flag)
-			flags := &portainer.CLIFlags{FeatureFlags: cli.BoolPairs(mockKingpinSetting)}
-			err := enableFeaturesFromFlags(store, flags)
-			is.NoError(err)
-		}
-	})
-}
-
-const FeatTest portainer.Feature = "optional-test"
-
-func optionalFunc(dataStore portainer.DataStore) string {
-
-	// TODO: this is a code smell - finding out if a feature flag is enabled should not require having access to the store, and asking for a settings obj.
-	//       ideally, the `if` should look more like:
-	//       if featureflags.FlagEnabled(FeatTest) {}
-	settings, err := dataStore.Settings().Settings()
-	if err != nil {
-		return err.Error()
-	}
-
-	if settings.FeatureFlagSettings[FeatTest] {
-		return "enabled"
-	}
-	return "disabled"
-}
-
-func Test_optionalFeature(t *testing.T) {
-	portainer.SupportedFeatureFlags = append(portainer.SupportedFeatureFlags, FeatTest)
-
-	is := assert.New(t)
-
-	store, teardown := bolt.MustNewTestStore(true)
-	defer teardown()
-
-	// Enable the test feature
-	t.Run(fmt.Sprintf("%s succeeds:%v", FeatTest, true), func(t *testing.T) {
-		mockKingpinSetting := mockKingpinSetting(FeatTest)
-		flags := &portainer.CLIFlags{FeatureFlags: cli.BoolPairs(mockKingpinSetting)}
-		err := enableFeaturesFromFlags(store, flags)
-		is.NoError(err)
-		is.Equal("enabled", optionalFunc(store))
-	})
-
-	// Same store, so the feature flag should still be enabled
-	t.Run(fmt.Sprintf("%s succeeds:%v", FeatTest, true), func(t *testing.T) {
-		is.Equal("enabled", optionalFunc(store))
-	})
-
-	// disable the test feature
-	t.Run(fmt.Sprintf("%s succeeds:%v", FeatTest, true), func(t *testing.T) {
-		mockKingpinSetting := mockKingpinSetting(FeatTest + "=false")
-		flags := &portainer.CLIFlags{FeatureFlags: cli.BoolPairs(mockKingpinSetting)}
-		err := enableFeaturesFromFlags(store, flags)
-		is.NoError(err)
-		is.Equal("disabled", optionalFunc(store))
-	})
-
-	// Same store, so feature flag should still be disabled
-	t.Run(fmt.Sprintf("%s succeeds:%v", FeatTest, true), func(t *testing.T) {
-		is.Equal("disabled", optionalFunc(store))
-	})
-
-}
--- a/api/crypto/ecdsa.go
+++ b/api/crypto/ecdsa.go
@@ -22,7 +22,7 @@ const (
 )

 // ECDSAService is a service used to create digital signatures when communicating with
-// an agent based environment(endpoint). It will automatically generates a key pair using ECDSA or
+// an agent based environment. It will automatically generates a key pair using ECDSA or
 // can also reuse an existing ECDSA key pair.
 type ECDSAService struct {
 	privateKey    *ecdsa.PrivateKey
--- a/api/docker/client.go
+++ b/api/docker/client.go
@@ -34,8 +34,8 @@ func NewClientFactory(signatureService portainer.DigitalSignatureService, revers
 }

 // createClient is a generic function to create a Docker client based on
-// a specific environment(endpoint) configuration. The nodeName parameter can be used
-// with an agent enabled environment(endpoint) to target a specific node in an agent cluster.
+// a specific endpoint configuration. The nodeName parameter can be used
+// with an agent enabled endpoint to target a specific node in an agent cluster.
 func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeName string) (*client.Client, error) {
 	if endpoint.Type == portainer.AzureEnvironment {
 		return nil, errUnsupportedEnvironmentType
@@ -91,11 +91,7 @@ func createEdgeClient(endpoint *portainer.Endpoint, signatureService portainer.D
 		headers[portainer.PortainerAgentTargetHeader] = nodeName
 	}

-	tunnel, err := reverseTunnelService.GetActiveTunnel(endpoint)
-	if err != nil {
-		return nil, err
-	}
-	
+	tunnel := reverseTunnelService.GetTunnelDetails(endpoint.ID)
 	endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)

 	return client.NewClientWithOpts(
--- a/api/docker/errors.go
+++ b/api/docker/errors.go
@@ -4,5 +4,5 @@ import "errors"

 // Docker errors
 var (
-	ErrUnableToPingEndpoint = errors.New("Unable to communicate with the environment")
+	ErrUnableToPingEndpoint = errors.New("Unable to communicate with the endpoint")
 )
--- a/api/docker/snapshot.go
+++ b/api/docker/snapshot.go
@@ -12,7 +12,7 @@ import (
 	"github.com/portainer/portainer/api"
 )

-// Snapshotter represents a service used to create environment(endpoint) snapshots
+// Snapshotter represents a service used to create endpoint snapshots
 type Snapshotter struct {
 	clientFactory *ClientFactory
 }
@@ -24,7 +24,7 @@ func NewSnapshotter(clientFactory *ClientFactory) *Snapshotter {
 	}
 }

-// CreateSnapshot creates a snapshot of a specific Docker environment(endpoint)
+// CreateSnapshot creates a snapshot of a specific Docker endpoint
 func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*portainer.DockerSnapshot, error) {
 	cli, err := snapshotter.clientFactory.CreateClient(endpoint, "")
 	if err != nil {
@@ -47,44 +47,44 @@ func snapshot(cli *client.Client, endpoint *portainer.Endpoint) (*portainer.Dock

 	err = snapshotInfo(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine information] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine information] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	if snapshot.Swarm {
 		err = snapshotSwarmServices(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm services] [environment: %s] [err: %s]", endpoint.Name, err)
+			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm services] [endpoint: %s] [err: %s]", endpoint.Name, err)
 		}

 		err = snapshotNodes(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm nodes] [environment: %s] [err: %s]", endpoint.Name, err)
+			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm nodes] [endpoint: %s] [err: %s]", endpoint.Name, err)
 		}
 	}

 	err = snapshotContainers(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot containers] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot containers] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	err = snapshotImages(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot images] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot images] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	err = snapshotVolumes(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot volumes] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot volumes] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	err = snapshotNetworks(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot networks] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot networks] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	err = snapshotVersion(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine version] [environment: %s] [err: %s]", endpoint.Name, err)
+		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine version] [endpoint: %s] [err: %s]", endpoint.Name, err)
 	}

 	snapshot.Time = time.Now().Unix()
--- a/api/exec/common.go
+++ b/api/exec/common.go
@@ -1,5 +0,0 @@
-package exec
-
-import "regexp"
-
-var stackNameNormalizeRegex = regexp.MustCompile("[^-_a-z0-9]+")
--- a/api/exec/compose_stack.go
+++ b/api/exec/compose_stack.go
@@ -1,52 +1,50 @@
 package exec

 import (
-	"context"
 	"fmt"
 	"os"
 	"path"
+	"regexp"
 	"strings"

 	"github.com/pkg/errors"
-
-	libstack "github.com/portainer/docker-compose-wrapper"
-	"github.com/portainer/docker-compose-wrapper/compose"
-
+	wrapper "github.com/portainer/docker-compose-wrapper"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/proxy/factory"
-	"github.com/portainer/portainer/api/internal/stackutils"
 )

 // ComposeStackManager is a wrapper for docker-compose binary
 type ComposeStackManager struct {
-	deployer     libstack.Deployer
+	wrapper      *wrapper.ComposeWrapper
+	configPath   string
 	proxyManager *proxy.Manager
 }

 // NewComposeStackManager returns a docker-compose wrapper if corresponding binary present, otherwise nil
 func NewComposeStackManager(binaryPath string, configPath string, proxyManager *proxy.Manager) (*ComposeStackManager, error) {
-	deployer, err := compose.NewComposeDeployer(binaryPath, configPath)
+	wrap, err := wrapper.NewComposeWrapper(binaryPath)
 	if err != nil {
 		return nil, err
 	}

 	return &ComposeStackManager{
-		deployer:     deployer,
+		wrapper:      wrap,
 		proxyManager: proxyManager,
+		configPath:   configPath,
 	}, nil
 }

 // ComposeSyntaxMaxVersion returns the maximum supported version of the docker compose syntax
-func (manager *ComposeStackManager) ComposeSyntaxMaxVersion() string {
+func (w *ComposeStackManager) ComposeSyntaxMaxVersion() string {
 	return portainer.ComposeSyntaxMaxVersion
 }

 // Up builds, (re)creates and starts containers in the background. Wraps `docker-compose up -d` command
-func (manager *ComposeStackManager) Up(ctx context.Context, stack *portainer.Stack, endpoint *portainer.Endpoint) error {
-	url, proxy, err := manager.fetchEndpointProxy(endpoint)
+func (w *ComposeStackManager) Up(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
+	url, proxy, err := w.fetchEndpointProxy(endpoint)
 	if err != nil {
-		return errors.Wrap(err, "failed to fetch environment proxy")
+		return errors.Wrap(err, "failed to featch endpoint proxy")
 	}

 	if proxy != nil {
@@ -58,14 +56,14 @@ func (manager *ComposeStackManager) Up(ctx context.Context, stack *portainer.Sta
 		return errors.Wrap(err, "failed to create env file")
 	}

-	filePaths := stackutils.GetStackFilePaths(stack)
-	err = manager.deployer.Deploy(ctx, stack.ProjectPath, url, stack.Name, filePaths, envFilePath)
+	filePaths := append([]string{stack.EntryPoint}, stack.AdditionalFiles...)
+	_, err = w.wrapper.Up(filePaths, stack.ProjectPath, url, stack.Name, envFilePath, w.configPath)
 	return errors.Wrap(err, "failed to deploy a stack")
 }

 // Down stops and removes containers, networks, images, and volumes. Wraps `docker-compose down --remove-orphans` command
-func (manager *ComposeStackManager) Down(ctx context.Context, stack *portainer.Stack, endpoint *portainer.Endpoint) error {
-	url, proxy, err := manager.fetchEndpointProxy(endpoint)
+func (w *ComposeStackManager) Down(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
+	url, proxy, err := w.fetchEndpointProxy(endpoint)
 	if err != nil {
 		return err
 	}
@@ -73,27 +71,29 @@ func (manager *ComposeStackManager) Down(ctx context.Context, stack *portainer.S
 		defer proxy.Close()
 	}

-	filePaths := stackutils.GetStackFilePaths(stack)
-	err = manager.deployer.Remove(ctx, stack.ProjectPath, url, stack.Name, filePaths)
-	return errors.Wrap(err, "failed to remove a stack")
+	filePaths := append([]string{stack.EntryPoint}, stack.AdditionalFiles...)
+
+	_, err = w.wrapper.Down(filePaths, stack.ProjectPath, url, stack.Name)
+	return err
 }

 // NormalizeStackName returns a new stack name with unsupported characters replaced
-func (manager *ComposeStackManager) NormalizeStackName(name string) string {
-	return stackNameNormalizeRegex.ReplaceAllString(strings.ToLower(name), "")
+func (w *ComposeStackManager) NormalizeStackName(name string) string {
+	r := regexp.MustCompile("[^a-z0-9]+")
+	return r.ReplaceAllString(strings.ToLower(name), "")
 }

-func (manager *ComposeStackManager) fetchEndpointProxy(endpoint *portainer.Endpoint) (string, *factory.ProxyServer, error) {
+func (w *ComposeStackManager) fetchEndpointProxy(endpoint *portainer.Endpoint) (string, *factory.ProxyServer, error) {
 	if strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") {
 		return "", nil, nil
 	}

-	proxy, err := manager.proxyManager.CreateAgentProxyServer(endpoint)
+	proxy, err := w.proxyManager.CreateComposeProxyServer(endpoint)
 	if err != nil {
 		return "", nil, err
 	}

-	return fmt.Sprintf("tcp://127.0.0.1:%d", proxy.Port), proxy, nil
+	return fmt.Sprintf("http://127.0.0.1:%d", proxy.Port), proxy, nil
 }

 func createEnvFile(stack *portainer.Stack) (string, error) {
--- a/api/exec/compose_stack_integration_test.go
+++ b/api/exec/compose_stack_integration_test.go
@@ -1,7 +1,6 @@
 package exec

 import (
-	"context"
 	"fmt"
 	"log"
 	"os"
@@ -48,9 +47,7 @@ func Test_UpAndDown(t *testing.T) {
 		t.Fatalf("Failed creating manager: %s", err)
 	}

-	ctx := context.TODO()
-
-	err = w.Up(ctx, stack, endpoint)
+	err = w.Up(stack, endpoint)
 	if err != nil {
 		t.Fatalf("Error calling docker-compose up: %s", err)
 	}
@@ -59,7 +56,7 @@ func Test_UpAndDown(t *testing.T) {
 		t.Fatal("container should exist")
 	}

-	err = w.Down(ctx, stack, endpoint)
+	err = w.Down(stack, endpoint)
 	if err != nil {
 		t.Fatalf("Error calling docker-compose down: %s", err)
 	}
--- a/api/exec/exectest/kubernetes_mocks.go
+++ b/api/exec/exectest/kubernetes_mocks.go
@@ -1,23 +0,0 @@
-package exectest
-
-import (
-	portainer "github.com/portainer/portainer/api"
-)
-
-type kubernetesMockDeployer struct{}
-
-func NewKubernetesDeployer() portainer.KubernetesDeployer {
-	return &kubernetesMockDeployer{}
-}
-
-func (deployer *kubernetesMockDeployer) Deploy(userID portainer.UserID, endpoint *portainer.Endpoint, manifestFiles []string, namespace string) (string, error) {
-	return "", nil
-}
-
-func (deployer *kubernetesMockDeployer) Remove(userID portainer.UserID, endpoint *portainer.Endpoint, manifestFiles []string, namespace string) (string, error) {
-	return "", nil
-}
-
-func (deployer *kubernetesMockDeployer) ConvertCompose(data []byte) ([]byte, error) {
-	return nil, nil
-}
--- a/api/exec/kubernetes_deploy.go
+++ b/api/exec/kubernetes_deploy.go
@@ -2,22 +2,26 @@ package exec

 import (
 	"bytes"
+	"encoding/json"
+	"errors"
 	"fmt"
+	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes/cli"
+	"io/ioutil"
+	"net/http"
+	"net/url"
 	"os/exec"
 	"path"
 	"runtime"
 	"strings"
-
-	"github.com/pkg/errors"
-	"github.com/portainer/portainer/api/http/proxy"
-	"github.com/portainer/portainer/api/http/proxy/factory"
-	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
-	"github.com/portainer/portainer/api/kubernetes/cli"
+	"time"

 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/crypto"
 )

-// KubernetesDeployer represents a service to deploy resources inside a Kubernetes environment(endpoint).
+// KubernetesDeployer represents a service to deploy resources inside a Kubernetes environment.
 type KubernetesDeployer struct {
 	binaryPath                  string
 	dataStore                   portainer.DataStore
@@ -25,11 +29,10 @@ type KubernetesDeployer struct {
 	signatureService            portainer.DigitalSignatureService
 	kubernetesClientFactory     *cli.ClientFactory
 	kubernetesTokenCacheManager *kubernetes.TokenCacheManager
-	proxyManager                *proxy.Manager
 }

 // NewKubernetesDeployer initializes a new KubernetesDeployer service.
-func NewKubernetesDeployer(kubernetesTokenCacheManager *kubernetes.TokenCacheManager, kubernetesClientFactory *cli.ClientFactory, datastore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, signatureService portainer.DigitalSignatureService, proxyManager *proxy.Manager, binaryPath string) *KubernetesDeployer {
+func NewKubernetesDeployer(kubernetesTokenCacheManager *kubernetes.TokenCacheManager, kubernetesClientFactory *cli.ClientFactory, datastore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, signatureService portainer.DigitalSignatureService, binaryPath string) *KubernetesDeployer {
 	return &KubernetesDeployer{
 		binaryPath:                  binaryPath,
 		dataStore:                   datastore,
@@ -37,33 +40,32 @@ func NewKubernetesDeployer(kubernetesTokenCacheManager *kubernetes.TokenCacheMan
 		signatureService:            signatureService,
 		kubernetesClientFactory:     kubernetesClientFactory,
 		kubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		proxyManager:                proxyManager,
 	}
 }

-func (deployer *KubernetesDeployer) getToken(userID portainer.UserID, endpoint *portainer.Endpoint, setLocalAdminToken bool) (string, error) {
-	kubeCLI, err := deployer.kubernetesClientFactory.GetKubeClient(endpoint)
+func (deployer *KubernetesDeployer) getToken(request *http.Request, endpoint *portainer.Endpoint, setLocalAdminToken bool) (string, error) {
+	tokenData, err := security.RetrieveTokenData(request)
+	if err != nil {
+		return "", err
+	}
+
+	kubecli, err := deployer.kubernetesClientFactory.GetKubeClient(endpoint)
 	if err != nil {
 		return "", err
 	}

 	tokenCache := deployer.kubernetesTokenCacheManager.GetOrCreateTokenCache(int(endpoint.ID))

-	tokenManager, err := kubernetes.NewTokenManager(kubeCLI, deployer.dataStore, tokenCache, setLocalAdminToken)
+	tokenManager, err := kubernetes.NewTokenManager(kubecli, deployer.dataStore, tokenCache, setLocalAdminToken)
 	if err != nil {
 		return "", err
 	}

-	user, err := deployer.dataStore.User().User(userID)
-	if err != nil {
-		return "", errors.Wrap(err, "failed to fetch the user")
-	}
-
-	if user.Role == portainer.AdministratorRole {
+	if tokenData.Role == portainer.AdministratorRole {
 		return tokenManager.GetAdminServiceAccountToken(), nil
 	}

-	token, err := tokenManager.GetUserServiceAccountToken(int(user.ID), endpoint.ID)
+	token, err := tokenManager.GetUserServiceAccountToken(int(tokenData.ID), endpoint.ID)
 	if err != nil {
 		return "", err
 	}
@@ -74,66 +76,160 @@ func (deployer *KubernetesDeployer) getToken(userID portainer.UserID, endpoint *
 	return token, nil
 }

-// Deploy upserts Kubernetes resources defined in manifest(s)
-func (deployer *KubernetesDeployer) Deploy(userID portainer.UserID, endpoint *portainer.Endpoint, manifestFiles []string, namespace string) (string, error) {
-	return deployer.command("apply", userID, endpoint, manifestFiles, namespace)
-}
-
-// Remove deletes Kubernetes resources defined in manifest(s)
-func (deployer *KubernetesDeployer) Remove(userID portainer.UserID, endpoint *portainer.Endpoint, manifestFiles []string, namespace string) (string, error) {
-	return deployer.command("delete", userID, endpoint, manifestFiles, namespace)
-}
-
-func (deployer *KubernetesDeployer) command(operation string, userID portainer.UserID, endpoint *portainer.Endpoint, manifestFiles []string, namespace string) (string, error) {
-	token, err := deployer.getToken(userID, endpoint, endpoint.Type == portainer.KubernetesLocalEnvironment)
-	if err != nil {
-		return "", errors.Wrap(err, "failed generating a user token")
-	}
-
-	command := path.Join(deployer.binaryPath, "kubectl")
-	if runtime.GOOS == "windows" {
-		command = path.Join(deployer.binaryPath, "kubectl.exe")
-	}
-
-	args := []string{"--token", token}
-	if namespace != "" {
-		args = append(args, "--namespace", namespace)
-	}
-
-	if endpoint.Type == portainer.AgentOnKubernetesEnvironment || endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment {
-		url, proxy, err := deployer.getAgentURL(endpoint)
+// Deploy will deploy a Kubernetes manifest inside a specific namespace in a Kubernetes endpoint.
+// Otherwise it will use kubectl to deploy the manifest.
+func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *portainer.Endpoint, stackConfig string, namespace string) (string, error) {
+	if endpoint.Type == portainer.KubernetesLocalEnvironment {
+		token, err := deployer.getToken(request, endpoint, true);
 		if err != nil {
-			return "", errors.WithMessage(err, "failed generating endpoint URL")
+			return "", err
 		}

-		defer proxy.Close()
-		args = append(args, "--server", url)
+		command := path.Join(deployer.binaryPath, "kubectl")
+		if runtime.GOOS == "windows" {
+			command = path.Join(deployer.binaryPath, "kubectl.exe")
+		}
+
+		args := make([]string, 0)
+		args = append(args, "--server", endpoint.URL)
 		args = append(args, "--insecure-skip-tls-verify")
+		args = append(args, "--token", token)
+		args = append(args, "--namespace", namespace)
+		args = append(args, "apply", "-f", "-")
+
+		var stderr bytes.Buffer
+		cmd := exec.Command(command, args...)
+		cmd.Stderr = &stderr
+		cmd.Stdin = strings.NewReader(stackConfig)
+
+		output, err := cmd.Output()
+		if err != nil {
+			return "", errors.New(stderr.String())
+		}
+
+		return string(output), nil
 	}

-	if operation == "delete" {
-		args = append(args, "--ignore-not-found=true")
+	// agent
+
+	endpointURL := endpoint.URL
+	if endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment {
+		tunnel := deployer.reverseTunnelService.GetTunnelDetails(endpoint.ID)
+		if tunnel.Status == portainer.EdgeAgentIdle {
+
+			err := deployer.reverseTunnelService.SetTunnelStatusToRequired(endpoint.ID)
+			if err != nil {
+				return "", err
+			}
+
+			settings, err := deployer.dataStore.Settings().Settings()
+			if err != nil {
+				return "", err
+			}
+
+			waitForAgentToConnect := time.Duration(settings.EdgeAgentCheckinInterval) * time.Second
+			time.Sleep(waitForAgentToConnect * 2)
+		}
+
+		endpointURL = fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
 	}

-	args = append(args, operation)
-	for _, path := range manifestFiles {
-		args = append(args, "-f", strings.TrimSpace(path))
+	transport := &http.Transport{}
+
+	if endpoint.TLSConfig.TLS {
+		tlsConfig, err := crypto.CreateTLSConfigurationFromDisk(endpoint.TLSConfig.TLSCACertPath, endpoint.TLSConfig.TLSCertPath, endpoint.TLSConfig.TLSKeyPath, endpoint.TLSConfig.TLSSkipVerify)
+		if err != nil {
+			return "", err
+		}
+		transport.TLSClientConfig = tlsConfig
 	}

-	var stderr bytes.Buffer
-	cmd := exec.Command(command, args...)
-	cmd.Stderr = &stderr
+	httpCli := &http.Client{
+		Transport: transport,
+	}

-	output, err := cmd.Output()
+	if !strings.HasPrefix(endpointURL, "http") {
+		endpointURL = fmt.Sprintf("https://%s", endpointURL)
+	}
+
+	url, err := url.Parse(fmt.Sprintf("%s/v2/kubernetes/stack", endpointURL))
 	if err != nil {
-		return "", errors.Wrapf(err, "failed to execute kubectl command: %q", stderr.String())
+		return "", err
 	}

-	return string(output), nil
+	reqPayload, err := json.Marshal(
+		struct {
+			StackConfig string
+			Namespace   string
+		}{
+			StackConfig: stackConfig,
+			Namespace:   namespace,
+		})
+	if err != nil {
+		return "", err
+	}
+
+	req, err := http.NewRequest(http.MethodPost, url.String(), bytes.NewReader(reqPayload))
+	if err != nil {
+		return "", err
+	}
+
+	signature, err := deployer.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
+	if err != nil {
+		return "", err
+	}
+
+	token, err := deployer.getToken(request, endpoint, false);
+	if err != nil {
+		return "", err
+	}
+
+	req.Header.Set(portainer.PortainerAgentPublicKeyHeader, deployer.signatureService.EncodedPublicKey())
+	req.Header.Set(portainer.PortainerAgentSignatureHeader, signature)
+	req.Header.Set(portainer.PortainerAgentKubernetesSATokenHeader, token)
+
+	resp, err := httpCli.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		var errorResponseData struct {
+			Message string
+			Details string
+		}
+		err = json.NewDecoder(resp.Body).Decode(&errorResponseData)
+		if err != nil {
+			output, parseStringErr := ioutil.ReadAll(resp.Body)
+			if parseStringErr != nil {
+				return "", parseStringErr
+			}
+
+			return "", fmt.Errorf("Failed parsing, body: %s, error: %w", output, err)
+
+		}
+
+		return "", fmt.Errorf("Deployment to agent failed: %s", errorResponseData.Details)
+	}
+
+	var responseData struct{ Output string }
+	err = json.NewDecoder(resp.Body).Decode(&responseData)
+	if err != nil {
+		parsedOutput, parseStringErr := ioutil.ReadAll(resp.Body)
+		if parseStringErr != nil {
+			return "", parseStringErr
+		}
+
+		return "", fmt.Errorf("Failed decoding, body: %s, err: %w", parsedOutput, err)
+	}
+
+	return responseData.Output, nil
+
 }

 // ConvertCompose leverages the kompose binary to deploy a compose compliant manifest.
-func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error) {
+func (deployer *KubernetesDeployer) ConvertCompose(data string) ([]byte, error) {
 	command := path.Join(deployer.binaryPath, "kompose")
 	if runtime.GOOS == "windows" {
 		command = path.Join(deployer.binaryPath, "kompose.exe")
@@ -145,7 +241,7 @@ func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error)
 	var stderr bytes.Buffer
 	cmd := exec.Command(command, args...)
 	cmd.Stderr = &stderr
-	cmd.Stdin = bytes.NewReader(data)
+	cmd.Stdin = strings.NewReader(data)

 	output, err := cmd.Output()
 	if err != nil {
@@ -154,12 +250,3 @@ func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error)

 	return output, nil
 }
-
-func (deployer *KubernetesDeployer) getAgentURL(endpoint *portainer.Endpoint) (string, *factory.ProxyServer, error) {
-	proxy, err := deployer.proxyManager.CreateAgentProxyServer(endpoint)
-	if err != nil {
-		return "", nil, err
-	}
-
-	return fmt.Sprintf("http://127.0.0.1:%d/kubernetes", proxy.Port), proxy, nil
-}
--- a/api/exec/swarm_stack.go
+++ b/api/exec/swarm_stack.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"regexp"
 	"runtime"
 	"strings"

@@ -18,7 +19,7 @@ import (
 // SwarmStackManager represents a service for managing stacks.
 type SwarmStackManager struct {
 	binaryPath           string
-	configPath           string
+	dataPath             string
 	signatureService     portainer.DigitalSignatureService
 	fileService          portainer.FileService
 	reverseTunnelService portainer.ReverseTunnelService
@@ -26,16 +27,16 @@ type SwarmStackManager struct {

 // NewSwarmStackManager initializes a new SwarmStackManager service.
 // It also updates the configuration of the Docker CLI binary.
-func NewSwarmStackManager(binaryPath, configPath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (*SwarmStackManager, error) {
+func NewSwarmStackManager(binaryPath, dataPath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (*SwarmStackManager, error) {
 	manager := &SwarmStackManager{
 		binaryPath:           binaryPath,
-		configPath:           configPath,
+		dataPath:             dataPath,
 		signatureService:     signatureService,
 		fileService:          fileService,
 		reverseTunnelService: reverseTunnelService,
 	}

-	err := manager.updateDockerCLIConfiguration(manager.configPath)
+	err := manager.updateDockerCLIConfiguration(dataPath)
 	if err != nil {
 		return nil, err
 	}
@@ -44,26 +45,19 @@ func NewSwarmStackManager(binaryPath, configPath string, signatureService portai
 }

 // Login executes the docker login command against a list of registries (including DockerHub).
-func (manager *SwarmStackManager) Login(registries []portainer.Registry, endpoint *portainer.Endpoint) error {
-	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
-	if err != nil {
-		return err
-	}
+func (manager *SwarmStackManager) Login(registries []portainer.Registry, endpoint *portainer.Endpoint) {
+	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	for _, registry := range registries {
 		if registry.Authentication {
 			registryArgs := append(args, "login", "--username", registry.Username, "--password", registry.Password, registry.URL)
 			runCommandAndCaptureStdErr(command, registryArgs, nil, "")
 		}
 	}
-	return nil
 }

 // Logout executes the docker logout command.
 func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
-	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
-	if err != nil {
-		return err
-	}
+	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	args = append(args, "logout")
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -71,10 +65,7 @@ func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
 // Deploy executes the docker stack deploy command.
 func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, endpoint *portainer.Endpoint) error {
 	filePaths := stackutils.GetStackFilePaths(stack)
-	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
-	if err != nil {
-		return err
-	}
+	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)

 	if prune {
 		args = append(args, "stack", "deploy", "--prune", "--with-registry-auth")
@@ -94,10 +85,7 @@ func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, end

 // Remove executes the docker stack rm command.
 func (manager *SwarmStackManager) Remove(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
-	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
-	if err != nil {
-		return err
-	}
+	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	args = append(args, "stack", "rm", stack.Name)
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -121,7 +109,7 @@ func runCommandAndCaptureStdErr(command string, args []string, env []string, wor
 	return nil
 }

-func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, configPath string, endpoint *portainer.Endpoint) (string, []string, error) {
+func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, dataPath string, endpoint *portainer.Endpoint) (string, []string) {
 	// Assume Linux as a default
 	command := path.Join(binaryPath, "docker")

@@ -130,14 +118,11 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config
 	}

 	args := make([]string, 0)
-	args = append(args, "--config", configPath)
+	args = append(args, "--config", dataPath)

 	endpointURL := endpoint.URL
 	if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
-		tunnel, err := manager.reverseTunnelService.GetActiveTunnel(endpoint)
-		if err != nil {
-			return "", nil, err
-		}
+		tunnel := manager.reverseTunnelService.GetTunnelDetails(endpoint.ID)
 		endpointURL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnel.Port)
 	}

@@ -157,11 +142,11 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config
 		}
 	}

-	return command, args, nil
+	return command, args
 }

-func (manager *SwarmStackManager) updateDockerCLIConfiguration(configPath string) error {
-	configFilePath := path.Join(configPath, "config.json")
+func (manager *SwarmStackManager) updateDockerCLIConfiguration(dataPath string) error {
+	configFilePath := path.Join(dataPath, "config.json")
 	config, err := manager.retrieveConfigurationFromDisk(configFilePath)
 	if err != nil {
 		return err
@@ -191,7 +176,7 @@ func (manager *SwarmStackManager) updateDockerCLIConfiguration(configPath string
 func (manager *SwarmStackManager) retrieveConfigurationFromDisk(path string) (map[string]interface{}, error) {
 	var config map[string]interface{}

-	raw, err := manager.fileService.GetFileContent(path, "")
+	raw, err := manager.fileService.GetFileContent(path)
 	if err != nil {
 		return make(map[string]interface{}), nil
 	}
@@ -205,7 +190,8 @@ func (manager *SwarmStackManager) retrieveConfigurationFromDisk(path string) (ma
 }

 func (manager *SwarmStackManager) NormalizeStackName(name string) string {
-	return stackNameNormalizeRegex.ReplaceAllString(strings.ToLower(name), "")
+	r := regexp.MustCompile("[^a-z0-9]+")
+	return r.ReplaceAllString(strings.ToLower(name), "")
 }

 func configureFilePaths(args []string, filePaths []string) []string {
--- a/api/filesystem/filesystem.go
+++ b/api/filesystem/filesystem.go
@@ -6,14 +6,14 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
-	"path/filepath"
-	"strings"
+	"io/ioutil"

 	"github.com/gofrs/uuid"
 	portainer "github.com/portainer/portainer/api"

 	"io"
 	"os"
+	"path"
 )

 const (
@@ -43,8 +43,6 @@ const (
 	BinaryStorePath = "bin"
 	// EdgeJobStorePath represents the subfolder where schedule files are stored.
 	EdgeJobStorePath = "edge_jobs"
-	// DockerConfigPath represents the subfolder where docker configuration is stored.
-	DockerConfigPath = "docker_config"
 	// ExtensionRegistryManagementStorePath represents the subfolder where files related to the
 	// registry management extension are stored.
 	ExtensionRegistryManagementStorePath = "extensions"
@@ -69,31 +67,12 @@ type Service struct {
 	fileStorePath string
 }

-// JoinPaths takes a trusted root path and a list of untrusted paths and joins
-// them together using directory separators while enforcing that the untrusted
-// paths cannot go higher up than the trusted root
-func JoinPaths(trustedRoot string, untrustedPaths ...string) string {
-	if trustedRoot == "" {
-		trustedRoot = "."
-	}
-
-	p := filepath.Join(trustedRoot, filepath.Join(append([]string{"/"}, untrustedPaths...)...))
-
-	// avoid setting a volume name from the untrusted paths
-	vnp := filepath.VolumeName(p)
-	if filepath.VolumeName(trustedRoot) == "" && vnp != "" {
-		return strings.TrimPrefix(strings.TrimPrefix(p, vnp), `\`)
-	}
-
-	return p
-}
-
 // NewService initializes a new service. It creates a data directory and a directory to store files
 // inside this directory if they don't exist.
 func NewService(dataStorePath, fileStorePath string) (*Service, error) {
 	service := &Service{
 		dataStorePath: dataStorePath,
-		fileStorePath: JoinPaths(dataStorePath, fileStorePath),
+		fileStorePath: path.Join(dataStorePath, fileStorePath),
 	}

 	err := os.MkdirAll(dataStorePath, 0755)
@@ -121,22 +100,12 @@ func NewService(dataStorePath, fileStorePath string) (*Service, error) {
 		return nil, err
 	}

-	err = service.createDirectoryInStore(DockerConfigPath)
-	if err != nil {
-		return nil, err
-	}
-
 	return service, nil
 }

 // GetBinaryFolder returns the full path to the binary store on the filesystem
 func (service *Service) GetBinaryFolder() string {
-	return JoinPaths(service.fileStorePath, BinaryStorePath)
-}
-
-// GetDockerConfigPath returns the full path to the docker config store on the filesystem
-func (service *Service) GetDockerConfigPath() string {
-	return JoinPaths(service.fileStorePath, DockerConfigPath)
+	return path.Join(service.fileStorePath, BinaryStorePath)
 }

 // RemoveDirectory removes a directory on the filesystem.
@@ -147,7 +116,7 @@ func (service *Service) RemoveDirectory(directoryPath string) error {
 // GetStackProjectPath returns the absolute path on the FS for a stack based
 // on its identifier.
 func (service *Service) GetStackProjectPath(stackIdentifier string) string {
-	return JoinPaths(service.wrapFileStore(ComposeStorePath), stackIdentifier)
+	return path.Join(service.fileStorePath, ComposeStorePath, stackIdentifier)
 }

 // Copy copies the file on fromFilePath to toFilePath
@@ -213,13 +182,13 @@ func (service *Service) Copy(fromFilePath string, toFilePath string, deleteIfExi
 // StoreStackFileFromBytes creates a subfolder in the ComposeStorePath and stores a new file from bytes.
 // It returns the path to the folder where the file is stored.
 func (service *Service) StoreStackFileFromBytes(stackIdentifier, fileName string, data []byte) (string, error) {
-	stackStorePath := JoinPaths(ComposeStorePath, stackIdentifier)
+	stackStorePath := path.Join(ComposeStorePath, stackIdentifier)
 	err := service.createDirectoryInStore(stackStorePath)
 	if err != nil {
 		return "", err
 	}

-	composeFilePath := JoinPaths(stackStorePath, fileName)
+	composeFilePath := path.Join(stackStorePath, fileName)
 	r := bytes.NewReader(data)

 	err = service.createFileInStore(composeFilePath, r)
@@ -227,25 +196,25 @@ func (service *Service) StoreStackFileFromBytes(stackIdentifier, fileName string
 		return "", err
 	}

-	return service.wrapFileStore(stackStorePath), nil
+	return path.Join(service.fileStorePath, stackStorePath), nil
 }

 // GetEdgeStackProjectPath returns the absolute path on the FS for a edge stack based
 // on its identifier.
 func (service *Service) GetEdgeStackProjectPath(edgeStackIdentifier string) string {
-	return JoinPaths(service.wrapFileStore(EdgeStackStorePath), edgeStackIdentifier)
+	return path.Join(service.fileStorePath, EdgeStackStorePath, edgeStackIdentifier)
 }

 // StoreEdgeStackFileFromBytes creates a subfolder in the EdgeStackStorePath and stores a new file from bytes.
 // It returns the path to the folder where the file is stored.
 func (service *Service) StoreEdgeStackFileFromBytes(edgeStackIdentifier, fileName string, data []byte) (string, error) {
-	stackStorePath := JoinPaths(EdgeStackStorePath, edgeStackIdentifier)
+	stackStorePath := path.Join(EdgeStackStorePath, edgeStackIdentifier)
 	err := service.createDirectoryInStore(stackStorePath)
 	if err != nil {
 		return "", err
 	}

-	composeFilePath := JoinPaths(stackStorePath, fileName)
+	composeFilePath := path.Join(stackStorePath, fileName)
 	r := bytes.NewReader(data)

 	err = service.createFileInStore(composeFilePath, r)
@@ -253,20 +222,20 @@ func (service *Service) StoreEdgeStackFileFromBytes(edgeStackIdentifier, fileNam
 		return "", err
 	}

-	return service.wrapFileStore(stackStorePath), nil
+	return path.Join(service.fileStorePath, stackStorePath), nil
 }

 // StoreRegistryManagementFileFromBytes creates a subfolder in the
 // ExtensionRegistryManagementStorePath and stores a new file from bytes.
 // It returns the path to the folder where the file is stored.
 func (service *Service) StoreRegistryManagementFileFromBytes(folder, fileName string, data []byte) (string, error) {
-	extensionStorePath := JoinPaths(ExtensionRegistryManagementStorePath, folder)
+	extensionStorePath := path.Join(ExtensionRegistryManagementStorePath, folder)
 	err := service.createDirectoryInStore(extensionStorePath)
 	if err != nil {
 		return "", err
 	}

-	file := JoinPaths(extensionStorePath, fileName)
+	file := path.Join(extensionStorePath, fileName)
 	r := bytes.NewReader(data)

 	err = service.createFileInStore(file, r)
@@ -274,13 +243,13 @@ func (service *Service) StoreRegistryManagementFileFromBytes(folder, fileName st
 		return "", err
 	}

-	return service.wrapFileStore(file), nil
+	return path.Join(service.fileStorePath, file), nil
 }

 // StoreTLSFileFromBytes creates a folder in the TLSStorePath and stores a new file from bytes.
 // It returns the path to the newly created file.
 func (service *Service) StoreTLSFileFromBytes(folder string, fileType portainer.TLSFileType, data []byte) (string, error) {
-	storePath := JoinPaths(TLSStorePath, folder)
+	storePath := path.Join(TLSStorePath, folder)
 	err := service.createDirectoryInStore(storePath)
 	if err != nil {
 		return "", err
@@ -298,16 +267,16 @@ func (service *Service) StoreTLSFileFromBytes(folder string, fileType portainer.
 		return "", ErrUndefinedTLSFileType
 	}

-	tlsFilePath := JoinPaths(storePath, fileName)
+	tlsFilePath := path.Join(storePath, fileName)
 	r := bytes.NewReader(data)
 	err = service.createFileInStore(tlsFilePath, r)
 	if err != nil {
 		return "", err
 	}
-	return service.wrapFileStore(tlsFilePath), nil
+	return path.Join(service.fileStorePath, tlsFilePath), nil
 }

-// GetPathForTLSFile returns the absolute path to a specific TLS file for an environment(endpoint).
+// GetPathForTLSFile returns the absolute path to a specific TLS file for an endpoint.
 func (service *Service) GetPathForTLSFile(folder string, fileType portainer.TLSFileType) (string, error) {
 	var fileName string
 	switch fileType {
@@ -320,13 +289,17 @@ func (service *Service) GetPathForTLSFile(folder string, fileType portainer.TLSF
 	default:
 		return "", ErrUndefinedTLSFileType
 	}
-	return JoinPaths(service.wrapFileStore(TLSStorePath), folder, fileName), nil
+	return path.Join(service.fileStorePath, TLSStorePath, folder, fileName), nil
 }

 // DeleteTLSFiles deletes a folder in the TLS store path.
 func (service *Service) DeleteTLSFiles(folder string) error {
-	storePath := JoinPaths(service.wrapFileStore(TLSStorePath), folder)
-	return os.RemoveAll(storePath)
+	storePath := path.Join(service.fileStorePath, TLSStorePath, folder)
+	err := os.RemoveAll(storePath)
+	if err != nil {
+		return err
+	}
+	return nil
 }

 // DeleteTLSFile deletes a specific TLS file from a folder.
@@ -343,19 +316,20 @@ func (service *Service) DeleteTLSFile(folder string, fileType portainer.TLSFileT
 		return ErrUndefinedTLSFileType
 	}

-	filePath := JoinPaths(service.wrapFileStore(TLSStorePath), folder, fileName)
+	filePath := path.Join(service.fileStorePath, TLSStorePath, folder, fileName)

-	return os.Remove(filePath)
+	err := os.Remove(filePath)
+	if err != nil {
+		return err
+	}
+	return nil
 }

 // GetFileContent returns the content of a file as bytes.
-func (service *Service) GetFileContent(trustedRoot, filePath string) ([]byte, error) {
-	content, err := os.ReadFile(JoinPaths(trustedRoot, filePath))
+func (service *Service) GetFileContent(filePath string) ([]byte, error) {
+	content, err := ioutil.ReadFile(filePath)
 	if err != nil {
-		if filePath == "" {
-			filePath = trustedRoot
-		}
-		return nil, fmt.Errorf("could not get the contents of the file '%s'", filePath)
+		return nil, err
 	}

 	return content, nil
@@ -373,7 +347,7 @@ func (service *Service) WriteJSONToFile(path string, content interface{}) error
 		return err
 	}

-	return os.WriteFile(path, jsonContent, 0644)
+	return ioutil.WriteFile(path, jsonContent, 0644)
 }

 // FileExists checks for the existence of the specified file.
@@ -383,17 +357,23 @@ func (service *Service) FileExists(filePath string) (bool, error) {

 // KeyPairFilesExist checks for the existence of the key files.
 func (service *Service) KeyPairFilesExist() (bool, error) {
-	privateKeyPath := JoinPaths(service.dataStorePath, PrivateKeyFile)
+	privateKeyPath := path.Join(service.dataStorePath, PrivateKeyFile)
 	exists, err := service.FileExists(privateKeyPath)
-	if err != nil || !exists {
+	if err != nil {
 		return false, err
 	}
+	if !exists {
+		return false, nil
+	}

-	publicKeyPath := JoinPaths(service.dataStorePath, PublicKeyFile)
+	publicKeyPath := path.Join(service.dataStorePath, PublicKeyFile)
 	exists, err = service.FileExists(publicKeyPath)
-	if err != nil || !exists {
+	if err != nil {
 		return false, err
 	}
+	if !exists {
+		return false, nil
+	}

 	return true, nil
 }
@@ -405,7 +385,12 @@ func (service *Service) StoreKeyPair(private, public []byte, privatePEMHeader, p
 		return err
 	}

-	return service.createPEMFileInStore(public, publicPEMHeader, PublicKeyFile)
+	err = service.createPEMFileInStore(public, publicPEMHeader, PublicKeyFile)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // LoadKeyPair retrieve the content of both key files on disk.
@@ -425,13 +410,13 @@ func (service *Service) LoadKeyPair() ([]byte, []byte, error) {

 // createDirectoryInStore creates a new directory in the file store
 func (service *Service) createDirectoryInStore(name string) error {
-	path := service.wrapFileStore(name)
+	path := path.Join(service.fileStorePath, name)
 	return os.MkdirAll(path, 0700)
 }

 // createFile creates a new file in the file store with the content from r.
 func (service *Service) createFileInStore(filePath string, r io.Reader) error {
-	path := service.wrapFileStore(filePath)
+	path := path.Join(service.fileStorePath, filePath)

 	out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
@@ -440,11 +425,15 @@ func (service *Service) createFileInStore(filePath string, r io.Reader) error {
 	defer out.Close()

 	_, err = io.Copy(out, r)
-	return err
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 func (service *Service) createPEMFileInStore(content []byte, fileType, filePath string) error {
-	path := service.wrapFileStore(filePath)
+	path := path.Join(service.fileStorePath, filePath)
 	block := &pem.Block{Type: fileType, Bytes: content}

 	out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
@@ -453,13 +442,18 @@ func (service *Service) createPEMFileInStore(content []byte, fileType, filePath
 	}
 	defer out.Close()

-	return pem.Encode(out, block)
+	err = pem.Encode(out, block)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 func (service *Service) getContentFromPEMFile(filePath string) ([]byte, error) {
-	path := service.wrapFileStore(filePath)
+	path := path.Join(service.fileStorePath, filePath)

-	fileContent, err := os.ReadFile(path)
+	fileContent, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
@@ -471,19 +465,19 @@ func (service *Service) getContentFromPEMFile(filePath string) ([]byte, error) {
 // GetCustomTemplateProjectPath returns the absolute path on the FS for a custom template based
 // on its identifier.
 func (service *Service) GetCustomTemplateProjectPath(identifier string) string {
-	return JoinPaths(service.wrapFileStore(CustomTemplateStorePath), identifier)
+	return path.Join(service.fileStorePath, CustomTemplateStorePath, identifier)
 }

 // StoreCustomTemplateFileFromBytes creates a subfolder in the CustomTemplateStorePath and stores a new file from bytes.
 // It returns the path to the folder where the file is stored.
 func (service *Service) StoreCustomTemplateFileFromBytes(identifier, fileName string, data []byte) (string, error) {
-	customTemplateStorePath := JoinPaths(CustomTemplateStorePath, identifier)
+	customTemplateStorePath := path.Join(CustomTemplateStorePath, identifier)
 	err := service.createDirectoryInStore(customTemplateStorePath)
 	if err != nil {
 		return "", err
 	}

-	templateFilePath := JoinPaths(customTemplateStorePath, fileName)
+	templateFilePath := path.Join(customTemplateStorePath, fileName)
 	r := bytes.NewReader(data)

 	err = service.createFileInStore(templateFilePath, r)
@@ -491,32 +485,32 @@ func (service *Service) StoreCustomTemplateFileFromBytes(identifier, fileName st
 		return "", err
 	}

-	return service.wrapFileStore(customTemplateStorePath), nil
+	return path.Join(service.fileStorePath, customTemplateStorePath), nil
 }

 // GetEdgeJobFolder returns the absolute path on the filesystem for an Edge job based
 // on its identifier.
 func (service *Service) GetEdgeJobFolder(identifier string) string {
-	return JoinPaths(service.wrapFileStore(EdgeJobStorePath), identifier)
+	return path.Join(service.fileStorePath, EdgeJobStorePath, identifier)
 }

 // StoreEdgeJobFileFromBytes creates a subfolder in the EdgeJobStorePath and stores a new file from bytes.
 // It returns the path to the folder where the file is stored.
 func (service *Service) StoreEdgeJobFileFromBytes(identifier string, data []byte) (string, error) {
-	edgeJobStorePath := JoinPaths(EdgeJobStorePath, identifier)
+	edgeJobStorePath := path.Join(EdgeJobStorePath, identifier)
 	err := service.createDirectoryInStore(edgeJobStorePath)
 	if err != nil {
 		return "", err
 	}

-	filePath := JoinPaths(edgeJobStorePath, createEdgeJobFileName(identifier))
+	filePath := path.Join(edgeJobStorePath, createEdgeJobFileName(identifier))
 	r := bytes.NewReader(data)
 	err = service.createFileInStore(filePath, r)
 	if err != nil {
 		return "", err
 	}

-	return service.wrapFileStore(filePath), nil
+	return path.Join(service.fileStorePath, filePath), nil
 }

 func createEdgeJobFileName(identifier string) string {
@@ -526,14 +520,20 @@ func createEdgeJobFileName(identifier string) string {
 // ClearEdgeJobTaskLogs clears the Edge job task logs
 func (service *Service) ClearEdgeJobTaskLogs(edgeJobID string, taskID string) error {
 	path := service.getEdgeJobTaskLogPath(edgeJobID, taskID)
-	return os.Remove(path)
+
+	err := os.Remove(path)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // GetEdgeJobTaskLogFileContent fetches the Edge job task logs
 func (service *Service) GetEdgeJobTaskLogFileContent(edgeJobID string, taskID string) (string, error) {
 	path := service.getEdgeJobTaskLogPath(edgeJobID, taskID)

-	fileContent, err := os.ReadFile(path)
+	fileContent, err := ioutil.ReadFile(path)
 	if err != nil {
 		return "", err
 	}
@@ -543,15 +543,20 @@ func (service *Service) GetEdgeJobTaskLogFileContent(edgeJobID string, taskID st

 // StoreEdgeJobTaskLogFileFromBytes stores the log file
 func (service *Service) StoreEdgeJobTaskLogFileFromBytes(edgeJobID, taskID string, data []byte) error {
-	edgeJobStorePath := JoinPaths(EdgeJobStorePath, edgeJobID)
+	edgeJobStorePath := path.Join(EdgeJobStorePath, edgeJobID)
 	err := service.createDirectoryInStore(edgeJobStorePath)
 	if err != nil {
 		return err
 	}

-	filePath := JoinPaths(edgeJobStorePath, fmt.Sprintf("logs_%s", taskID))
+	filePath := path.Join(edgeJobStorePath, fmt.Sprintf("logs_%s", taskID))
 	r := bytes.NewReader(data)
-	return service.createFileInStore(filePath, r)
+	err = service.createFileInStore(filePath, r)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 func (service *Service) getEdgeJobTaskLogPath(edgeJobID string, taskID string) string {
@@ -565,7 +570,7 @@ func (service *Service) GetTemporaryPath() (string, error) {
 		return "", err
 	}

-	return JoinPaths(service.wrapFileStore(TempPath), uid.String()), nil
+	return path.Join(service.fileStorePath, TempPath, uid.String()), nil
 }

 // GetDataStorePath returns path to data folder
@@ -574,12 +579,12 @@ func (service *Service) GetDatastorePath() string {
 }

 func (service *Service) wrapFileStore(filepath string) string {
-	return JoinPaths(service.fileStorePath, filepath)
+	return path.Join(service.fileStorePath, filepath)
 }

 func defaultCertPathUnderFileStore() (string, string) {
-	certPath := JoinPaths(SSLCertPath, DefaultSSLCertFilename)
-	keyPath := JoinPaths(SSLCertPath, DefaultSSLKeyFilename)
+	certPath := path.Join(SSLCertPath, DefaultSSLCertFilename)
+	keyPath := path.Join(SSLCertPath, DefaultSSLKeyFilename)
 	return certPath, keyPath
 }

--- a/api/filesystem/filesystem_linux_test.go
+++ b/api/filesystem/filesystem_linux_test.go
@@ -1,70 +0,0 @@
-package filesystem
-
-import "testing"
-
-func TestJoinPaths(t *testing.T) {
-	var ts = []struct {
-		trusted   string
-		untrusted string
-		expected  string
-	}{
-		{"", "", "."},
-		{"", ".", "."},
-		{"", "d/e/f", "d/e/f"},
-		{"", "./d/e/f", "d/e/f"},
-		{"", "../d/e/f", "d/e/f"},
-		{"", "/d/e/f", "d/e/f"},
-		{"", "../../../etc/shadow", "etc/shadow"},
-
-		{".", "", "."},
-		{".", ".", "."},
-		{".", "d/e/f", "d/e/f"},
-		{".", "./d/e/f", "d/e/f"},
-		{".", "../d/e/f", "d/e/f"},
-		{".", "/d/e/f", "d/e/f"},
-		{".", "../../../etc/shadow", "etc/shadow"},
-
-		{"./", "", "."},
-		{"./", ".", "."},
-		{"./", "d/e/f", "d/e/f"},
-		{"./", "./d/e/f", "d/e/f"},
-		{"./", "../d/e/f", "d/e/f"},
-		{"./", "/d/e/f", "d/e/f"},
-		{"./", "../../../etc/shadow", "etc/shadow"},
-
-		{"a/b/c", "", "a/b/c"},
-		{"a/b/c", ".", "a/b/c"},
-		{"a/b/c", "d/e/f", "a/b/c/d/e/f"},
-		{"a/b/c", "./d/e/f", "a/b/c/d/e/f"},
-		{"a/b/c", "../d/e/f", "a/b/c/d/e/f"},
-		{"a/b/c", "../../../etc/shadow", "a/b/c/etc/shadow"},
-
-		{"/a/b/c", "", "/a/b/c"},
-		{"/a/b/c", ".", "/a/b/c"},
-		{"/a/b/c", "d/e/f", "/a/b/c/d/e/f"},
-		{"/a/b/c", "./d/e/f", "/a/b/c/d/e/f"},
-		{"/a/b/c", "../d/e/f", "/a/b/c/d/e/f"},
-		{"/a/b/c", "../../../etc/shadow", "/a/b/c/etc/shadow"},
-
-		{"./a/b/c", "", "a/b/c"},
-		{"./a/b/c", ".", "a/b/c"},
-		{"./a/b/c", "d/e/f", "a/b/c/d/e/f"},
-		{"./a/b/c", "./d/e/f", "a/b/c/d/e/f"},
-		{"./a/b/c", "../d/e/f", "a/b/c/d/e/f"},
-		{"./a/b/c", "../../../etc/shadow", "a/b/c/etc/shadow"},
-
-		{"../a/b/c", "", "../a/b/c"},
-		{"../a/b/c", ".", "../a/b/c"},
-		{"../a/b/c", "d/e/f", "../a/b/c/d/e/f"},
-		{"../a/b/c", "./d/e/f", "../a/b/c/d/e/f"},
-		{"../a/b/c", "../d/e/f", "../a/b/c/d/e/f"},
-		{"../a/b/c", "../../../etc/shadow", "../a/b/c/etc/shadow"},
-	}
-
-	for _, c := range ts {
-		r := JoinPaths(c.trusted, c.untrusted)
-		if r != c.expected {
-			t.Fatalf("expected '%s', got '%s'. Inputs = '%s', '%s'", c.expected, r, c.trusted, c.untrusted)
-		}
-	}
-}
--- a/api/filesystem/filesystem_windows_test.go
+++ b/api/filesystem/filesystem_windows_test.go
@@ -1,120 +0,0 @@
-package filesystem
-
-import "testing"
-
-func TestJoinPaths(t *testing.T) {
-	var ts = []struct {
-		trusted   string
-		untrusted string
-		expected  string
-	}{
-		{"", "", "."},
-		{"", ".", "."},
-		{"", "d/e/f", `d\e\f`},
-		{"", "./d/e/f", `d\e\f`},
-		{"", "../d/e/f", `d\e\f`},
-		{"", "/d/e/f", `d\e\f`},
-		{"", "../../../windows/system.ini", `windows\system.ini`},
-		{"", `C:\windows\system.ini`, `windows\system.ini`},
-		{"", `..\..\..\..\C:\windows\system.ini`, `windows\system.ini`},
-		{"", `\\server\a\b\c`, `server\a\b\c`},
-		{"", `..\..\..\..\\server\a\b\c`, `server\a\b\c`},
-
-		{".", "", "."},
-		{".", ".", "."},
-		{".", "d/e/f", `d\e\f`},
-		{".", "./d/e/f", `d\e\f`},
-		{".", "../d/e/f", `d\e\f`},
-		{".", "/d/e/f", `d\e\f`},
-		{".", "../../../windows/system.ini", `windows\system.ini`},
-		{".", `C:\windows\system.ini`, `windows\system.ini`},
-		{".", `..\..\..\..\C:\windows\system.ini`, `windows\system.ini`},
-		{".", `\\server\a\b\c`, `server\a\b\c`},
-		{".", `..\..\..\..\\server\a\b\c`, `server\a\b\c`},
-
-		{"./", "", "."},
-		{"./", ".", "."},
-		{"./", "d/e/f", `d\e\f`},
-		{"./", "./d/e/f", `d\e\f`},
-		{"./", "../d/e/f", `d\e\f`},
-		{"./", "/d/e/f", `d\e\f`},
-		{"./", "../../../windows/system.ini", `windows\system.ini`},
-		{"./", `C:\windows\system.ini`, `windows\system.ini`},
-		{"./", `..\..\..\..\C:\windows\system.ini`, `windows\system.ini`},
-		{"./", `\\server\a\b\c`, `server\a\b\c`},
-		{"./", `..\..\..\..\\server\a\b\c`, `server\a\b\c`},
-
-		{"a/b/c", "", `a\b\c`},
-		{"a/b/c", ".", `a\b\c`},
-		{"a/b/c", "d/e/f", `a\b\c\d\e\f`},
-		{"a/b/c", "./d/e/f", `a\b\c\d\e\f`},
-		{"a/b/c", "../d/e/f", `a\b\c\d\e\f`},
-		{"a/b/c", "../../../windows/system.ini", `a\b\c\windows\system.ini`},
-		{"a/b/c", `C:\windows\system.ini`, `a\b\c\C:\windows\system.ini`},
-		{"a/b/c", `..\..\..\..\C:\windows\system.ini`, `a\b\c\C:\windows\system.ini`},
-		{"a/b/c", `\\server\a\b\c`, `a\b\c\server\a\b\c`},
-		{"a/b/c", `..\..\..\..\\server\a\b\c`, `a\b\c\server\a\b\c`},
-
-		{"/a/b/c", "", `\a\b\c`},
-		{"/a/b/c", ".", `\a\b\c`},
-		{"/a/b/c", "d/e/f", `\a\b\c\d\e\f`},
-		{"/a/b/c", "./d/e/f", `\a\b\c\d\e\f`},
-		{"/a/b/c", "../d/e/f", `\a\b\c\d\e\f`},
-		{"/a/b/c", "../../../windows/system.ini", `\a\b\c\windows\system.ini`},
-		{"/a/b/c", `C:\windows\system.ini`, `\a\b\c\C:\windows\system.ini`},
-		{"/a/b/c", `..\..\..\..\C:\windows\system.ini`, `\a\b\c\C:\windows\system.ini`},
-		{"/a/b/c", `\\server\a\b\c`, `\a\b\c\server\a\b\c`},
-		{"/a/b/c", `..\..\..\..\\server\a\b\c`, `\a\b\c\server\a\b\c`},
-
-		{"./a/b/c", "", `a\b\c`},
-		{"./a/b/c", ".", `a\b\c`},
-		{"./a/b/c", "d/e/f", `a\b\c\d\e\f`},
-		{"./a/b/c", "./d/e/f", `a\b\c\d\e\f`},
-		{"./a/b/c", "../d/e/f", `a\b\c\d\e\f`},
-		{"./a/b/c", "../../../windows/system.ini", `a\b\c\windows\system.ini`},
-		{"./a/b/c", `C:\windows\system.ini`, `a\b\c\C:\windows\system.ini`},
-		{"./a/b/c", `..\..\..\..\C:\windows\system.ini`, `a\b\c\C:\windows\system.ini`},
-		{"./a/b/c", `\\server\a\b\c`, `a\b\c\server\a\b\c`},
-		{"./a/b/c", `..\..\..\..\\server\a\b\c`, `a\b\c\server\a\b\c`},
-
-		{"../a/b/c", "", `..\a\b\c`},
-		{"../a/b/c", ".", `..\a\b\c`},
-		{"../a/b/c", "d/e/f", `..\a\b\c\d\e\f`},
-		{"../a/b/c", "./d/e/f", `..\a\b\c\d\e\f`},
-		{"../a/b/c", "../d/e/f", `..\a\b\c\d\e\f`},
-		{"../a/b/c", "../../../windows/system.ini", `..\a\b\c\windows\system.ini`},
-		{"../a/b/c", `C:\windows\system.ini`, `..\a\b\c\C:\windows\system.ini`},
-		{"../a/b/c", `..\..\..\..\C:\windows\system.ini`, `..\a\b\c\C:\windows\system.ini`},
-		{"../a/b/c", `\\server\a\b\c`, `..\a\b\c\server\a\b\c`},
-		{"../a/b/c", `..\..\..\..\\server\a\b\c`, `..\a\b\c\server\a\b\c`},
-
-		{"C:/a/b/c", "", `C:\a\b\c`},
-		{"C:/a/b/c", ".", `C:\a\b\c`},
-		{"C:/a/b/c", "d/e/f", `C:\a\b\c\d\e\f`},
-		{"C:/a/b/c", "./d/e/f", `C:\a\b\c\d\e\f`},
-		{"C:/a/b/c", "../d/e/f", `C:\a\b\c\d\e\f`},
-		{"C:/a/b/c", "../../../windows/system.ini", `C:\a\b\c\windows\system.ini`},
-		{"C:/a/b/c", `C:\windows\system.ini`, `C:\a\b\c\C:\windows\system.ini`},
-		{"C:/a/b/c", `..\..\..\..\C:\windows\system.ini`, `C:\a\b\c\C:\windows\system.ini`},
-		{"C:/a/b/c", `\\server\a\b\c`, `C:\a\b\c\server\a\b\c`},
-		{"C:/a/b/c", `..\..\..\..\\server\a\b\c`, `C:\a\b\c\server\a\b\c`},
-
-		{`\\server\a\b\c`, "", `\\server\a\b\c`},
-		{`\\server\a\b\c`, ".", `\\server\a\b\c`},
-		{`\\server\a\b\c`, "d/e/f", `\\server\a\b\c\d\e\f`},
-		{`\\server\a\b\c`, "./d/e/f", `\\server\a\b\c\d\e\f`},
-		{`\\server\a\b\c`, "../d/e/f", `\\server\a\b\c\d\e\f`},
-		{`\\server\a\b\c`, "../../../windows/system.ini", `\\server\a\b\c\windows\system.ini`},
-		{`\\server\a\b\c`, `C:\windows\system.ini`, `\\server\a\b\c\C:\windows\system.ini`},
-		{`\\server\a\b\c`, `..\..\..\C:\windows\system.ini`, `\\server\a\b\c\C:\windows\system.ini`},
-		{`\\server\a\b\c`, `\\server\a\b\c`, `\\server\a\b\c\server\a\b\c`},
-		{`\\server\a\b\c`, `..\..\..\\server\a\b\c`, `\\server\a\b\c\server\a\b\c`},
-	}
-
-	for _, c := range ts {
-		r := JoinPaths(c.trusted, c.untrusted)
-		if r != c.expected {
-			t.Fatalf("expected '%s', got '%s'. Inputs = '%s', '%s'", c.expected, r, c.trusted, c.untrusted)
-		}
-	}
-}
--- a/api/filesystem/write.go
+++ b/api/filesystem/write.go
@@ -1,23 +0,0 @@
-package filesystem
-
-import (
-	"os"
-	"path/filepath"
-
-	"github.com/pkg/errors"
-)
-
-func WriteToFile(dst string, content []byte) error {
-	if err := os.MkdirAll(filepath.Dir(dst), 0744); err != nil {
-		return errors.Wrapf(err, "failed to create filestructure for the path %q", dst)
-	}
-
-	file, err := os.Create(dst)
-	if err != nil {
-		return errors.Wrapf(err, "failed to open a file %q", dst)
-	}
-	defer file.Close()
-
-	_, err = file.Write(content)
-	return errors.Wrapf(err, "failed to write a file %q", dst)
-}
--- a/api/filesystem/write_test.go
+++ b/api/filesystem/write_test.go
@@ -1,48 +0,0 @@
-package filesystem
-
-import (
-	"io/ioutil"
-	"path"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_WriteFile_CanStoreContentInANewFile(t *testing.T) {
-	tmpDir := t.TempDir()
-	tmpFilePath := path.Join(tmpDir, "dummy")
-
-	content := []byte("content")
-	err := WriteToFile(tmpFilePath, content)
-	assert.NoError(t, err)
-
-	fileContent, _ := ioutil.ReadFile(tmpFilePath)
-	assert.Equal(t, content, fileContent)
-}
-
-func Test_WriteFile_CanOverwriteExistingFile(t *testing.T) {
-	tmpDir := t.TempDir()
-	tmpFilePath := path.Join(tmpDir, "dummy")
-
-	err := WriteToFile(tmpFilePath, []byte("content"))
-	assert.NoError(t, err)
-
-	content := []byte("new content")
-	err = WriteToFile(tmpFilePath, content)
-	assert.NoError(t, err)
-
-	fileContent, _ := ioutil.ReadFile(tmpFilePath)
-	assert.Equal(t, content, fileContent)
-}
-
-func Test_WriteFile_CanWriteANestedPath(t *testing.T) {
-	tmpDir := t.TempDir()
-	tmpFilePath := path.Join(tmpDir, "dir", "sub-dir", "dummy")
-
-	content := []byte("content")
-	err := WriteToFile(tmpFilePath, content)
-	assert.NoError(t, err)
-
-	fileContent, _ := ioutil.ReadFile(tmpFilePath)
-	assert.Equal(t, content, fileContent)
-}
--- a/api/go.mod
+++ b/api/go.mod
@@ -3,49 +3,46 @@ module github.com/portainer/portainer/api
 go 1.16

 require (
-	github.com/Microsoft/go-winio v0.4.17
-	github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
+	github.com/Microsoft/go-winio v0.4.16
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
 	github.com/boltdb/bolt v1.3.1
-	github.com/containerd/containerd v1.5.7 // indirect
+	github.com/containerd/containerd v1.3.1 // indirect
 	github.com/coreos/go-semver v0.3.0
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/cli v20.10.9+incompatible
-	github.com/docker/docker v20.10.9+incompatible
-	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/cli v0.0.0-20191126203649-54d085b857e9
+	github.com/docker/docker v0.0.0-00010101000000-000000000000
 	github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
 	github.com/go-git/go-git/v5 v5.3.0
 	github.com/go-ldap/ldap/v3 v3.1.8
-	github.com/gofrs/uuid v4.0.0+incompatible
-	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/gofrs/uuid v3.2.0+incompatible
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/securecookie v1.1.1
-	github.com/gorilla/websocket v1.4.2
+	github.com/gorilla/websocket v1.4.1
 	github.com/joho/godotenv v1.3.0
 	github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389
-	github.com/json-iterator/go v1.1.11
+	github.com/json-iterator/go v1.1.8
 	github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
-	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/mattn/go-shellwords v1.0.6 // indirect
+	github.com/mitchellh/mapstructure v1.1.2 // indirect
 	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
 	github.com/pkg/errors v0.9.1
-	github.com/portainer/docker-compose-wrapper v0.0.0-20211018221743-10a04c9d4f19
+	github.com/portainer/docker-compose-wrapper v0.0.0-20210810234209-d01bc85eb481
+	github.com/portainer/libcompose v0.5.3
 	github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a
-	github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108
 	github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.0
-	github.com/swaggo/swag v1.7.4
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
-	k8s.io/api v0.22.2
-	k8s.io/apimachinery v0.22.2
-	k8s.io/client-go v0.22.2
-	software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
+	k8s.io/api v0.17.2
+	k8s.io/apimachinery v0.17.2
+	k8s.io/client-go v0.17.2
 )
+
+replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203
+
+replace golang.org/x/sys => golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456
--- a/api/go.sum
+++ b/api/go.sum
--- a/api/hostmanagement/openamt/authorization.go
+++ b/api/hostmanagement/openamt/authorization.go
@@ -1,49 +0,0 @@
-package openamt
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type authenticationResponse struct {
-	Token string `json:"token"`
-}
-
-func (service *Service) executeAuthenticationRequest(configuration portainer.OpenAMTConfiguration) (*authenticationResponse, error) {
-	loginURL := fmt.Sprintf("https://%v/mps/login/api/v1/authorize", configuration.MPSURL)
-
-	payload := map[string]string{
-		"username": configuration.Credentials.MPSUser,
-		"password": configuration.Credentials.MPSPassword,
-	}
-	jsonValue, _ := json.Marshal(payload)
-
-	req, err := http.NewRequest(http.MethodPost, loginURL, bytes.NewBuffer(jsonValue))
-	req.Header.Set("Content-Type", "application/json")
-
-	response, err := service.httpsClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	responseBody, readErr := ioutil.ReadAll(response.Body)
-	if readErr != nil {
-		return nil, readErr
-	}
-	errorResponse := parseError(responseBody)
-	if errorResponse != nil {
-		return nil, errorResponse
-	}
-
-	var token authenticationResponse
-	err = json.Unmarshal(responseBody, &token)
-	if err != nil {
-		return nil, err
-	}
-
-	return &token, nil
-}
--- a/api/hostmanagement/openamt/configCIRA.go
+++ b/api/hostmanagement/openamt/configCIRA.go
@@ -1,140 +0,0 @@
-package openamt
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"encoding/pem"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type CIRAConfig struct {
-	ConfigName          string `json:"configName"`
-	MPSServerAddress    string `json:"mpsServerAddress"`
-	ServerAddressFormat int    `json:"serverAddressFormat"`
-	CommonName          string `json:"commonName"`
-	MPSPort             int    `json:"mpsPort"`
-	Username            string `json:"username"`
-	MPSRootCertificate  string `json:"mpsRootCertificate"`
-	RegeneratePassword  bool   `json:"regeneratePassword"`
-	AuthMethod          int    `json:"authMethod"`
-}
-
-func (service *Service) createOrUpdateCIRAConfig(configuration portainer.OpenAMTConfiguration, configName string) (*CIRAConfig, error) {
-	ciraConfig, err := service.getCIRAConfig(configuration, configName)
-	if err != nil {
-		return nil, err
-	}
-
-	method := http.MethodPost
-	if ciraConfig != nil {
-		method = http.MethodPatch
-	}
-
-	ciraConfig, err = service.saveCIRAConfig(method, configuration, configName)
-	if err != nil {
-		return nil, err
-	}
-	return ciraConfig, nil
-}
-
-func (service *Service) getCIRAConfig(configuration portainer.OpenAMTConfiguration, configName string) (*CIRAConfig, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/ciraconfigs/%v", configuration.MPSURL, configName)
-
-	responseBody, err := service.executeGetRequest(url, configuration.Credentials.MPSToken)
-	if err != nil {
-		return nil, err
-	}
-	if responseBody == nil {
-		return nil, nil
-	}
-
-	var result CIRAConfig
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
-
-func (service *Service) saveCIRAConfig(method string, configuration portainer.OpenAMTConfiguration, configName string) (*CIRAConfig, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/ciraconfigs", configuration.MPSURL)
-
-	certificate, err := service.getCIRACertificate(configuration)
-	if err != nil {
-		return nil, err
-	}
-
-	addressFormat, err := addressFormat(configuration.MPSURL)
-	if err != nil {
-		return nil, err
-	}
-
-	config := CIRAConfig{
-		ConfigName:          configName,
-		MPSServerAddress:    configuration.MPSURL,
-		CommonName:          configuration.MPSURL,
-		ServerAddressFormat: addressFormat,
-		MPSPort:             4433,
-		Username:            "admin",
-		MPSRootCertificate:  certificate,
-		RegeneratePassword:  false,
-		AuthMethod:          2,
-	}
-	payload, _ := json.Marshal(config)
-
-	responseBody, err := service.executeSaveRequest(method, url, configuration.Credentials.MPSToken, payload)
-	if err != nil {
-		return nil, err
-	}
-
-	var result CIRAConfig
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
-
-func addressFormat(url string) (int, error) {
-	ip := net.ParseIP(url)
-	if ip == nil {
-		return 201, nil // FQDN
-	}
-	if strings.Contains(url, ".") {
-		return 3, nil // IPV4
-	}
-	if strings.Contains(url, ":") {
-		return 4, nil // IPV6
-	}
-	return 0, fmt.Errorf("could not determine server address format for %v", url)
-}
-
-func (service *Service) getCIRACertificate(configuration portainer.OpenAMTConfiguration) (string, error) {
-	loginURL := fmt.Sprintf("https://%v/mps/api/v1/ciracert", configuration.MPSURL)
-
-	req, err := http.NewRequest(http.MethodGet, loginURL, nil)
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", configuration.Credentials.MPSToken))
-
-	response, err := service.httpsClient.Do(req)
-	if err != nil {
-		return "", err
-	}
-
-	if response.StatusCode != http.StatusOK {
-		return "", errors.New(fmt.Sprintf("unexpected status code %v", response.Status))
-	}
-
-	certificate, err := io.ReadAll(response.Body)
-	if err != nil {
-		return "", err
-	}
-	block, _ := pem.Decode(certificate)
-	return base64.StdEncoding.EncodeToString(block.Bytes), nil
-}
--- a/api/hostmanagement/openamt/configDomain.go
+++ b/api/hostmanagement/openamt/configDomain.go
@@ -1,81 +0,0 @@
-package openamt
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type (
-	Domain struct {
-		DomainName                    string `json:"profileName"`
-		DomainSuffix                  string `json:"domainSuffix"`
-		ProvisioningCert              string `json:"provisioningCert"`
-		ProvisioningCertPassword      string `json:"provisioningCertPassword"`
-		ProvisioningCertStorageFormat string `json:"provisioningCertStorageFormat"`
-	}
-)
-
-func (service *Service) createOrUpdateDomain(configuration portainer.OpenAMTConfiguration) (*Domain, error) {
-	domain, err := service.getDomain(configuration)
-	if err != nil {
-		return nil, err
-	}
-
-	method := http.MethodPost
-	if domain != nil {
-		method = http.MethodPatch
-	}
-
-	domain, err = service.saveDomain(method, configuration)
-	if err != nil {
-		return nil, err
-	}
-	return domain, nil
-}
-
-func (service *Service) getDomain(configuration portainer.OpenAMTConfiguration) (*Domain, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/domains/%v", configuration.MPSURL, configuration.DomainConfiguration.DomainName)
-
-	responseBody, err := service.executeGetRequest(url, configuration.Credentials.MPSToken)
-	if err != nil {
-		return nil, err
-	}
-	if responseBody == nil {
-		return nil, nil
-	}
-
-	var result Domain
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
-
-func (service *Service) saveDomain(method string, configuration portainer.OpenAMTConfiguration) (*Domain, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/domains", configuration.MPSURL)
-
-	profile := Domain{
-		DomainName:                    configuration.DomainConfiguration.DomainName,
-		DomainSuffix:                  configuration.DomainConfiguration.DomainName,
-		ProvisioningCert:              configuration.DomainConfiguration.CertFileText,
-		ProvisioningCertPassword:      configuration.DomainConfiguration.CertPassword,
-		ProvisioningCertStorageFormat: "string",
-	}
-	payload, _ := json.Marshal(profile)
-
-	responseBody, err := service.executeSaveRequest(method, url, configuration.Credentials.MPSToken, payload)
-	if err != nil {
-		return nil, err
-	}
-
-	var result Domain
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
--- a/api/hostmanagement/openamt/configProfile.go
+++ b/api/hostmanagement/openamt/configProfile.go
@@ -1,104 +0,0 @@
-package openamt
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type (
-	Profile struct {
-		ProfileName                string              `json:"profileName"`
-		Activation                 string              `json:"activation"`
-		CIRAConfigName             *string             `json:"ciraConfigName"`
-		GenerateRandomAMTPassword  bool                `json:"generateRandomPassword"`
-		AMTPassword                string              `json:"amtPassword"`
-		GenerateRandomMEBxPassword bool                `json:"generateRandomMEBxPassword"`
-		MEBXPassword               string              `json:"mebxPassword"`
-		Tags                       []string            `json:"tags"`
-		DHCPEnabled                bool                `json:"dhcpEnabled"`
-		TenantId                   string              `json:"tenantId"`
-		WIFIConfigs                []ProfileWifiConfig `json:"wifiConfigs"`
-	}
-
-	ProfileWifiConfig struct {
-		Priority    int    `json:"priority"`
-		ProfileName string `json:"profileName"`
-	}
-)
-
-func (service *Service) createOrUpdateAMTProfile(configuration portainer.OpenAMTConfiguration, profileName string, ciraConfigName string, wirelessConfig string) (*Profile, error) {
-	profile, err := service.getAMTProfile(configuration, profileName)
-	if err != nil {
-		return nil, err
-	}
-
-	method := http.MethodPost
-	if profile != nil {
-		method = http.MethodPatch
-	}
-
-	profile, err = service.saveAMTProfile(method, configuration, profileName, ciraConfigName, wirelessConfig)
-	if err != nil {
-		return nil, err
-	}
-	return profile, nil
-}
-
-func (service *Service) getAMTProfile(configuration portainer.OpenAMTConfiguration, profileName string) (*Profile, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/profiles/%v", configuration.MPSURL, profileName)
-
-	responseBody, err := service.executeGetRequest(url, configuration.Credentials.MPSToken)
-	if err != nil {
-		return nil, err
-	}
-	if responseBody == nil {
-		return nil, nil
-	}
-
-	var result Profile
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
-
-func (service *Service) saveAMTProfile(method string, configuration portainer.OpenAMTConfiguration, profileName string, ciraConfigName string, wirelessConfig string) (*Profile, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/profiles", configuration.MPSURL)
-
-	profile := Profile{
-		ProfileName:                profileName,
-		Activation:                 "acmactivate",
-		GenerateRandomAMTPassword:  false,
-		GenerateRandomMEBxPassword: false,
-		AMTPassword:                configuration.Credentials.MPSPassword,
-		MEBXPassword:               configuration.Credentials.MPSPassword,
-		CIRAConfigName:             &ciraConfigName,
-		Tags:                       []string{},
-		DHCPEnabled:                true,
-	}
-	if wirelessConfig != "" {
-		profile.WIFIConfigs = []ProfileWifiConfig{
-			{
-				Priority:    1,
-				ProfileName: DefaultWirelessConfigName,
-			},
-		}
-	}
-	payload, _ := json.Marshal(profile)
-
-	responseBody, err := service.executeSaveRequest(method, url, configuration.Credentials.MPSToken, payload)
-	if err != nil {
-		return nil, err
-	}
-
-	var result Profile
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
--- a/api/hostmanagement/openamt/configWireless.go
+++ b/api/hostmanagement/openamt/configWireless.go
@@ -1,91 +0,0 @@
-package openamt
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type (
-	WirelessProfile struct {
-		ProfileName          string `json:"profileName"`
-		AuthenticationMethod int    `json:"authenticationMethod"`
-		EncryptionMethod     int    `json:"encryptionMethod"`
-		SSID                 string `json:"ssid"`
-		PSKPassphrase        string `json:"pskPassphrase"`
-	}
-)
-
-func (service *Service) createOrUpdateWirelessConfig(configuration portainer.OpenAMTConfiguration, wirelessConfigName string) (*WirelessProfile, error) {
-	wirelessConfig, err := service.getWirelessConfig(configuration, wirelessConfigName)
-	if err != nil {
-		return nil, err
-	}
-
-	method := http.MethodPost
-	if wirelessConfig != nil {
-		method = http.MethodPatch
-	}
-
-	wirelessConfig, err = service.saveWirelessConfig(method, configuration, wirelessConfigName)
-	if err != nil {
-		return nil, err
-	}
-	return wirelessConfig, nil
-}
-
-func (service *Service) getWirelessConfig(configuration portainer.OpenAMTConfiguration, configName string) (*WirelessProfile, error) {
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/wirelessconfigs/%v", configuration.MPSURL, configName)
-
-	responseBody, err := service.executeGetRequest(url, configuration.Credentials.MPSToken)
-	if err != nil {
-		return nil, err
-	}
-	if responseBody == nil {
-		return nil, nil
-	}
-
-	var result WirelessProfile
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
-
-func (service *Service) saveWirelessConfig(method string, configuration portainer.OpenAMTConfiguration, configName string) (*WirelessProfile, error) {
-	parsedAuthenticationMethod, err := strconv.Atoi(configuration.WirelessConfiguration.AuthenticationMethod)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing wireless authentication method: %v", err.Error())
-	}
-	parsedEncryptionMethod, err := strconv.Atoi(configuration.WirelessConfiguration.EncryptionMethod)
-	if err != nil {
-		return nil, fmt.Errorf("error parsing wireless encryption method: %v", err.Error())
-	}
-
-	url := fmt.Sprintf("https://%v/rps/api/v1/admin/wirelessconfigs", configuration.MPSURL)
-
-	config := WirelessProfile{
-		ProfileName:          configName,
-		AuthenticationMethod: parsedAuthenticationMethod,
-		EncryptionMethod:     parsedEncryptionMethod,
-		SSID:                 configuration.WirelessConfiguration.SSID,
-		PSKPassphrase:        configuration.WirelessConfiguration.PskPass,
-	}
-	payload, _ := json.Marshal(config)
-
-	responseBody, err := service.executeSaveRequest(method, url, configuration.Credentials.MPSToken, payload)
-	if err != nil {
-		return nil, err
-	}
-
-	var result WirelessProfile
-	err = json.Unmarshal(responseBody, &result)
-	if err != nil {
-		return nil, err
-	}
-	return &result, nil
-}
--- a/api/hostmanagement/openamt/openamt.go
+++ b/api/hostmanagement/openamt/openamt.go
@@ -1,148 +0,0 @@
-package openamt
-
-import (
-	"bytes"
-	"crypto/tls"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-const (
-	DefaultCIRAConfigName     = "ciraConfigDefault"
-	DefaultWirelessConfigName = "wirelessProfileDefault"
-	DefaultProfileName        = "profileAMTDefault"
-)
-
-// Service represents a service for managing an OpenAMT server.
-type Service struct {
-	httpsClient *http.Client
-}
-
-// NewService initializes a new service.
-func NewService() *Service {
-	return &Service{
-		httpsClient:
-		&http.Client{
-			Timeout: time.Second * time.Duration(5),
-			Transport: &http.Transport{
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-			},
-		},
-	}
-}
-
-type openAMTError struct {
-	ErrorMsg string `json:"message"`
-	Errors   []struct {
-		ErrorMsg string `json:"msg"`
-	} `json:"errors"`
-}
-
-func parseError(responseBody []byte) error {
-	var errorResponse openAMTError
-	err := json.Unmarshal(responseBody, &errorResponse)
-	if err != nil {
-		return err
-	}
-
-	if len(errorResponse.Errors) > 0 {
-		return errors.New(errorResponse.Errors[0].ErrorMsg)
-	}
-	if errorResponse.ErrorMsg != "" {
-		return errors.New(errorResponse.ErrorMsg)
-	}
-	return nil
-}
-
-func (service *Service) ConfigureDefault(configuration portainer.OpenAMTConfiguration) error {
-	token, err := service.executeAuthenticationRequest(configuration)
-	if err != nil {
-		return err
-	}
-	configuration.Credentials.MPSToken = token.Token
-
-	ciraConfig, err := service.createOrUpdateCIRAConfig(configuration, DefaultCIRAConfigName)
-	if err != nil {
-		return err
-	}
-
-	wirelessConfigName := ""
-	if configuration.WirelessConfiguration != nil {
-		wirelessConfig, err := service.createOrUpdateWirelessConfig(configuration, DefaultWirelessConfigName)
-		if err != nil {
-			return err
-		}
-		wirelessConfigName = wirelessConfig.ProfileName
-	}
-
-	_, err = service.createOrUpdateAMTProfile(configuration, DefaultProfileName, ciraConfig.ConfigName, wirelessConfigName)
-	if err != nil {
-		return err
-	}
-
-	_, err = service.createOrUpdateDomain(configuration)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (service *Service) executeSaveRequest(method string, url string, token string, payload []byte) ([]byte, error) {
-	req, err := http.NewRequest(method, url, bytes.NewBuffer(payload))
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", token))
-
-	response, err := service.httpsClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	responseBody, readErr := ioutil.ReadAll(response.Body)
-	if readErr != nil {
-		return nil, readErr
-	}
-
-	if response.StatusCode < 200 || response.StatusCode > 300 {
-		errorResponse := parseError(responseBody)
-		if errorResponse != nil {
-			return nil, errorResponse
-		}
-		return nil, errors.New(fmt.Sprintf("unexpected status code %v", response.Status))
-	}
-
-	return responseBody, nil
-}
-
-func (service *Service) executeGetRequest(url string, token string) ([]byte, error) {
-	req, err := http.NewRequest(http.MethodGet, url, nil)
-	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", token))
-
-	response, err := service.httpsClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	responseBody, readErr := ioutil.ReadAll(response.Body)
-	if readErr != nil {
-		return nil, readErr
-	}
-
-	if response.StatusCode < 200 || response.StatusCode > 300 {
-		if response.StatusCode == http.StatusNotFound {
-			return nil, nil
-		}
-		errorResponse := parseError(responseBody)
-		if errorResponse != nil {
-			return nil, errorResponse
-		}
-		return nil, errors.New(fmt.Sprintf("unexpected status code %v", response.Status))
-	}
-
-	return responseBody, nil
-}
--- a/api/http/client/client.go
+++ b/api/http/client/client.go
@@ -102,7 +102,7 @@ func Get(url string, timeout int) ([]byte, error) {
 	return body, nil
 }

-// ExecutePingOperation will send a SystemPing operation HTTP request to a Docker environment(endpoint)
+// ExecutePingOperation will send a SystemPing operation HTTP request to a Docker environment
 // using the specified host and optional TLS configuration.
 // It uses a new Http.Client for each operation.
 func ExecutePingOperation(host string, tlsConfig *tls.Config) (bool, error) {
--- a/api/http/errors/errors.go
+++ b/api/http/errors/errors.go
@@ -3,8 +3,8 @@ package errors
 import "errors"

 var (
-	// ErrEndpointAccessDenied Access denied to environment(endpoint) error
-	ErrEndpointAccessDenied = errors.New("Access denied to environment")
+	// ErrEndpointAccessDenied Access denied to endpoint error
+	ErrEndpointAccessDenied = errors.New("Access denied to endpoint")
 	// ErrUnauthorized Unauthorized error
 	ErrUnauthorized = errors.New("Unauthorized")
 	// ErrResourceAccessDenied Access denied to resource error
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@@ -39,8 +39,7 @@ func (payload *authenticatePayload) Validate(r *http.Request) error {

 // @id AuthenticateUser
 // @summary Authenticate
-// @description **Access policy**: public
-// @description Use this environment(endpoint) to authenticate against Portainer using a username and password.
+// @description Use this endpoint to authenticate against Portainer using a username and password.
 // @tags auth
 // @accept json
 // @produce json
--- a/api/http/handler/auth/authenticate_oauth.go
+++ b/api/http/handler/auth/authenticate_oauth.go
@@ -44,7 +44,6 @@ func (handler *Handler) authenticateOAuth(code string, settings *portainer.OAuth

 // @id ValidateOAuth
 // @summary Authenticate with OAuth
-// @description **Access policy**: public
 // @tags auth
 // @accept json
 // @produce json
--- a/api/http/handler/auth/logout.go
+++ b/api/http/handler/auth/logout.go
@@ -10,7 +10,6 @@ import (

 // @id Logout
 // @summary Logout
-// @description **Access policy**: authenticated
 // @security jwt
 // @tags auth
 // @success 204 "Success"
--- a/api/http/handler/backup/backup.go
+++ b/api/http/handler/backup/backup.go
@@ -27,9 +27,8 @@ func (p *backupPayload) Validate(r *http.Request) error {
 // @description **Access policy**: admin
 // @tags backup
 // @security jwt
-// @accept json
 // @produce octet-stream
-// @param body body backupPayload false "An object contains the password to encrypt the backup with"
+// @param Password body string false "Password to encrypt the backup with"
 // @success 200 "Success"
 // @failure 400 "Invalid request"
 // @failure 500 "Server error"
--- a/api/http/handler/backup/restore.go
+++ b/api/http/handler/backup/restore.go
@@ -22,9 +22,10 @@ type restorePayload struct {
 // @description Triggers a system restore using provided backup file
 // @description **Access policy**: public
 // @tags backup
-// @accept json
-// @param restorePayload body restorePayload true "Restore request payload"
-// @success 200 "Success"
+// @param FileContent body []byte true "Content of the backup"
+// @param FileName body string true "File name"
+// @param Password body string false "Password to decrypt the backup with"
+// @success 200  "Success"
 // @failure 400 "Invalid request"
 // @failure 500 "Server error"
 // @router /restore [post]
--- a/api/http/handler/customtemplates/customtemplate_create.go
+++ b/api/http/handler/customtemplates/customtemplate_create.go
@@ -2,9 +2,7 @@ package customtemplates

 import (
 	"errors"
-	"log"
 	"net/http"
-	"regexp"
 	"strconv"

 	"github.com/asaskevich/govalidator"
@@ -23,7 +21,7 @@ import (
 // @description **Access policy**: authenticated
 // @tags custom_templates
 // @security jwt
-// @accept json,multipart/form-data
+// @accept json, multipart/form-data
 // @produce json
 // @param method query string true "method for creating template" Enums(string, file, repository)
 // @param body_string body customTemplateFromFileContentPayload false "Required when using method=string"
@@ -107,10 +105,9 @@ type customTemplateFromFileContentPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
-	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
-	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
+	// Type of created stack (1 - swarm, 2 - compose)
+	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -125,26 +122,15 @@ func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
+	if payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
-	if !isValidNote(payload.Note) {
-		return errors.New("Invalid note. <img> tag is not supported")
-	}
 	return nil
 }

-func isValidNote(note string) bool {
-	if govalidator.IsNull(note) {
-		return true
-	}
-	match, _ := regexp.MatchString("<img", note)
-	return !match
-}
-
 func (handler *Handler) createCustomTemplateFromFileContent(r *http.Request) (*portainer.CustomTemplate, error) {
 	var payload customTemplateFromFileContentPayload
 	err := request.DecodeAndValidateJSONPayload(r, &payload)
@@ -185,8 +171,7 @@ type customTemplateFromGitRepositoryPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
 	// Type of created stack (1 - swarm, 2 - compose)
 	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`

@@ -220,20 +205,12 @@ func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request)
 	if govalidator.IsNull(payload.ComposeFilePathInRepository) {
 		payload.ComposeFilePathInRepository = filesystem.ComposeFileDefaultName
 	}
-
-	if payload.Type == portainer.KubernetesStack {
-		return errors.New("Creating a Kubernetes custom template from git is not supported")
-	}
-
 	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
 	if payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
-	if !isValidNote(payload.Note) {
-		return errors.New("Invalid note. <img> tag is not supported")
-	}
 	return nil
 }

@@ -271,23 +248,6 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 		return nil, err
 	}

-	entryPath := filesystem.JoinPaths(projectPath, customTemplate.EntryPoint)
-
-	exists, err := handler.FileService.FileExists(entryPath)
-	if err != nil || !exists {
-		if err := handler.FileService.RemoveDirectory(projectPath); err != nil {
-			log.Printf("[WARN] [http,customtemplate,git] [error: %s] [message: unable to remove git repository directory]", err)
-		}
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	if !exists {
-		return nil, errors.New("Invalid Compose file, ensure that the Compose file path is correct")
-	}
-
 	return customTemplate, nil
 }

@@ -312,32 +272,26 @@ func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) er
 	if err != nil {
 		return errors.New("Invalid custom template description")
 	}
+
 	payload.Description = description

-	logo, _ := request.RetrieveMultiPartFormValue(r, "Logo", true)
-	payload.Logo = logo
-
 	note, _ := request.RetrieveMultiPartFormValue(r, "Note", true)
-	if !isValidNote(note) {
-		return errors.New("Invalid note. <img> tag is not supported")
-	}
 	payload.Note = note

-	typeNumeral, _ := request.RetrieveNumericMultiPartFormValue(r, "Type", true)
-	templateType := portainer.StackType(typeNumeral)
-	if templateType != portainer.KubernetesStack && templateType != portainer.DockerSwarmStack && templateType != portainer.DockerComposeStack {
-		return errors.New("Invalid custom template type")
-	}
-	payload.Type = templateType
-
 	platform, _ := request.RetrieveNumericMultiPartFormValue(r, "Platform", true)
 	templatePlatform := portainer.CustomTemplatePlatform(platform)
-	if templateType != portainer.KubernetesStack && templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
+	if templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-
 	payload.Platform = templatePlatform

+	typeNumeral, _ := request.RetrieveNumericMultiPartFormValue(r, "Type", true)
+	templateType := portainer.StackType(typeNumeral)
+	if templateType != portainer.DockerComposeStack && templateType != portainer.DockerSwarmStack {
+		return errors.New("Invalid custom template type")
+	}
+	payload.Type = templateType
+
 	composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "File")
 	if err != nil {
 		return errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")
--- a/api/http/handler/customtemplates/customtemplate_delete.go
+++ b/api/http/handler/customtemplates/customtemplate_delete.go
@@ -16,7 +16,7 @@ import (
 // @id CustomTemplateDelete
 // @summary Remove a template
 // @description Remove a template.
-// @description **Access policy**: authenticated
+// @description **Access policy**: authorized
 // @tags custom_templates
 // @security jwt
 // @param id path int true "Template identifier"
--- a/api/http/handler/customtemplates/customtemplate_file.go
+++ b/api/http/handler/customtemplates/customtemplate_file.go
@@ -2,6 +2,7 @@ package customtemplates

 import (
 	"net/http"
+	"path"

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -17,7 +18,7 @@ type fileResponse struct {
 // @id CustomTemplateFile
 // @summary Get Template stack file content.
 // @description Retrieve the content of the Stack file for the specified custom template
-// @description **Access policy**: authenticated
+// @description **Access policy**: authorized
 // @tags custom_templates
 // @security jwt
 // @produce json
@@ -40,7 +41,7 @@ func (handler *Handler) customTemplateFile(w http.ResponseWriter, r *http.Reques
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a custom template with the specified identifier inside the database", err}
 	}

-	fileContent, err := handler.FileService.GetFileContent(customTemplate.ProjectPath, customTemplate.EntryPoint)
+	fileContent, err := handler.FileService.GetFileContent(path.Join(customTemplate.ProjectPath, customTemplate.EntryPoint))
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve custom template file from disk", err}
 	}
--- a/api/http/handler/customtemplates/customtemplate_inspect.go
+++ b/api/http/handler/customtemplates/customtemplate_inspect.go
@@ -19,6 +19,7 @@ import (
 // @description **Access policy**: authenticated
 // @tags custom_templates
 // @security jwt
+// @accept json
 // @produce json
 // @param id path int true "Template identifier"
 // @success 200 {object} portainer.CustomTemplate "Success"
--- a/api/http/handler/customtemplates/customtemplate_list.go
+++ b/api/http/handler/customtemplates/customtemplate_list.go
@@ -2,9 +2,7 @@ package customtemplates

 import (
 	"net/http"
-	"strconv"

-	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
@@ -19,16 +17,10 @@ import (
 // @tags custom_templates
 // @security jwt
 // @produce json
-// @param type query []int true "Template types" Enums(1,2,3)
 // @success 200 {array} portainer.CustomTemplate "Success"
 // @failure 500 "Server error"
 // @router /custom_templates [get]
 func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	templateTypes, err := parseTemplateTypes(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid Custom template type", err}
-	}
-
 	customTemplates, err := handler.DataStore.CustomTemplate().CustomTemplates()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve custom templates from the database", err}
@@ -60,52 +52,5 @@ func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Reques
 		customTemplates = authorization.FilterAuthorizedCustomTemplates(customTemplates, user, userTeamIDs)
 	}

-	customTemplates = filterByType(customTemplates, templateTypes)
-
 	return response.JSON(w, customTemplates)
 }
-
-func parseTemplateTypes(r *http.Request) ([]portainer.StackType, error) {
-	err := r.ParseForm()
-	if err != nil {
-		return nil, errors.WithMessage(err, "failed to parse request params")
-	}
-
-	types, exist := r.Form["type"]
-	if !exist {
-		return []portainer.StackType{}, nil
-	}
-
-	res := []portainer.StackType{}
-	for _, templateTypeStr := range types {
-		templateType, err := strconv.Atoi(templateTypeStr)
-		if err != nil {
-			return nil, errors.WithMessage(err, "failed parsing template type")
-		}
-
-		res = append(res, portainer.StackType(templateType))
-	}
-
-	return res, nil
-}
-
-func filterByType(customTemplates []portainer.CustomTemplate, templateTypes []portainer.StackType) []portainer.CustomTemplate {
-	if len(templateTypes) == 0 {
-		return customTemplates
-	}
-
-	typeSet := map[portainer.StackType]bool{}
-	for _, templateType := range templateTypes {
-		typeSet[templateType] = true
-	}
-
-	filtered := []portainer.CustomTemplate{}
-
-	for _, template := range customTemplates {
-		if typeSet[template.Type] {
-			filtered = append(filtered, template)
-		}
-	}
-
-	return filtered
-}
--- a/api/http/handler/customtemplates/customtemplate_update.go
+++ b/api/http/handler/customtemplates/customtemplate_update.go
@@ -27,10 +27,9 @@ type customTemplateUpdatePayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	// Required for Docker stacks
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
-	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
-	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
+	// Type of created stack (1 - swarm, 2 - compose)
+	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -42,18 +41,15 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
+	if payload.Type != portainer.DockerComposeStack && payload.Type != portainer.DockerSwarmStack {
 		return errors.New("Invalid custom template type")
 	}
 	if govalidator.IsNull(payload.Description) {
 		return errors.New("Invalid custom template description")
 	}
-	if !isValidNote(payload.Note) {
-		return errors.New("Invalid note. <img> tag is not supported")
-	}
 	return nil
 }

--- a/api/http/handler/customtemplates/handler.go
+++ b/api/http/handler/customtemplates/handler.go
@@ -10,7 +10,7 @@ import (
 	"github.com/portainer/portainer/api/internal/authorization"
 )

-// Handler is the HTTP handler used to handle environment(endpoint) group operations.
+// Handler is the HTTP handler used to handle endpoint group operations.
 type Handler struct {
 	*mux.Router
 	DataStore   portainer.DataStore
@@ -18,7 +18,7 @@ type Handler struct {
 	GitService  portainer.GitService
 }

-// NewHandler creates a handler to manage environment(endpoint) group operations.
+// NewHandler creates a handler to manage endpoint group operations.
 func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
--- a/api/http/handler/edgegroups/edgegroup_create.go
+++ b/api/http/handler/edgegroups/edgegroup_create.go
@@ -27,21 +27,21 @@ func (payload *edgeGroupCreatePayload) Validate(r *http.Request) error {
 		return errors.New("TagIDs is mandatory for a dynamic Edge group")
 	}
 	if !payload.Dynamic && (payload.Endpoints == nil || len(payload.Endpoints) == 0) {
-		return errors.New("Environment is mandatory for a static Edge group")
+		return errors.New("Endpoints is mandatory for a static Edge group")
 	}
 	return nil
 }

 // @id EdgeGroupCreate
 // @summary Create an EdgeGroup
-// @description **Access policy**: administrator
+// @description
 // @tags edge_groups
 // @security jwt
 // @accept json
 // @produce json
 // @param body body edgeGroupCreatePayload true "EdgeGroup data"
 // @success 200 {object} portainer.EdgeGroup
-// @failure 503 "Edge compute features are disabled"
+// @failure 503 Edge compute features are disabled
 // @failure 500
 // @router /edge_groups [post]
 func (handler *Handler) edgeGroupCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
@@ -77,7 +77,7 @@ func (handler *Handler) edgeGroupCreate(w http.ResponseWriter, r *http.Request)
 		for _, endpointID := range payload.Endpoints {
 			endpoint, err := handler.DataStore.Endpoint().Endpoint(endpointID)
 			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environment from the database", err}
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve endpoint from the database", err}
 			}

 			if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment || endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
LP B	0dd40d6d01	feat(app/k8s): update ingress scheme from v1beta1 to v1 (#5466 )	2021-08-31 12:34:00 +12:00
cong meng	d4c3612334	fix(ingress): EE-1049 Ingress config is lost when deleting an application deployed with ingress (#5264 ) Co-authored-by: Simon Meng <simon.meng@portainer.io>	2021-08-31 12:29:56 +12:00
cong meng	eae70e6be0	fix EE-1078 Too strict form validation for docker environment variables (#5278 ) Co-authored-by: Simon Meng <simon.meng@portainer.io>	2021-08-31 12:29:52 +12:00