add https to k8s local environment url

* - fixed zombie kubectl shell pod issue
- fixed bug with websocket connection error

* exec error if not websocket disconnect

* StartExecProcess updated to write error to channel

.vscode.example/portainer.code-snippets

@@ -163,5 +163,19 @@
       "// @failure 500 \"Server error\"",
       "// @router /{id} [get]"
     ]
+  },
+  "analytics": {
+    "prefix": "nlt",
+    "body": ["analytics-on", "analytics-category=\"$1\"", "analytics-event=\"$2\""],
+    "description": "analytics"
+  },
+  "analytics-if": {
+    "prefix": "nltf",
+    "body": ["analytics-if=\"$1\""],
+    "description": "analytics"
+  },
+  "analytics-metadata": {
+    "prefix": "nltm",
+    "body": "analytics-properties=\"{ metadata: { $1 } }\""
   }
 }

api/bolt/init.go

@@ -45,6 +45,7 @@ func (store *Store) Init() error {
 			EdgeAgentCheckinInterval: portainer.DefaultEdgeAgentCheckinIntervalInSeconds,
 			TemplatesURL:             portainer.DefaultTemplatesURL,
 			UserSessionTimeout:       portainer.DefaultUserSessionTimeout,
+			KubeconfigExpiry:         portainer.DefaultKubeconfigExpiry,
 		}
 
 		err = store.SettingsService.UpdateSettings(defaultSettings)

api/bolt/migrator/migrate_dbversion31.go

@@ -24,6 +24,10 @@ func (m *Migrator) migrateDBVersionToDB32() error {
 		return err
 	}
 
+	if err := m.kubeconfigExpiryToDB32(); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -211,3 +215,12 @@ func findResourcesToUpdateForDB32(dockerID string, volumesData map[string]interf
 		}
 	}
 }
+
+func (m *Migrator) kubeconfigExpiryToDB32() error {
+	settings, err := m.settingsService.Settings()
+	if err != nil {
+		return err
+	}
+	settings.KubeconfigExpiry = portainer.DefaultKubeconfigExpiry
+	return m.settingsService.UpdateSettings(settings)
+}

api/cmd/portainer/main.go

@@ -114,7 +114,7 @@ func initJWTService(dataStore portainer.DataStore) (portainer.JWTService, error)
 		settings.UserSessionTimeout = portainer.DefaultUserSessionTimeout
 		dataStore.Settings().UpdateSettings(settings)
 	}
-	jwtService, err := jwt.NewService(settings.UserSessionTimeout)
+	jwtService, err := jwt.NewService(settings.UserSessionTimeout, dataStore)
 	if err != nil {
 		return nil, err
 	}

api/exec/kubernetes_deploy.go

@@ -5,9 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/kubernetes/cli"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -17,6 +14,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/kubernetes/cli"
+
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/crypto"
 )
@@ -80,7 +81,7 @@ func (deployer *KubernetesDeployer) getToken(request *http.Request, endpoint *po
 // Otherwise it will use kubectl to deploy the manifest.
 func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *portainer.Endpoint, stackConfig string, namespace string) (string, error) {
 	if endpoint.Type == portainer.KubernetesLocalEnvironment {
-		token, err := deployer.getToken(request, endpoint, true);
+		token, err := deployer.getToken(request, endpoint, true)
 		if err != nil {
 			return "", err
 		}
@@ -179,7 +180,7 @@ func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *port
 		return "", err
 	}
 
-	token, err := deployer.getToken(request, endpoint, false);
+	token, err := deployer.getToken(request, endpoint, false)
 	if err != nil {
 		return "", err
 	}
@@ -229,7 +230,7 @@ func (deployer *KubernetesDeployer) Deploy(request *http.Request, endpoint *port
 }
 
 // ConvertCompose leverages the kompose binary to deploy a compose compliant manifest.
-func (deployer *KubernetesDeployer) ConvertCompose(data string) ([]byte, error) {
+func (deployer *KubernetesDeployer) ConvertCompose(data []byte) ([]byte, error) {
 	command := path.Join(deployer.binaryPath, "kompose")
 	if runtime.GOOS == "windows" {
 		command = path.Join(deployer.binaryPath, "kompose.exe")
@@ -241,7 +242,7 @@ func (deployer *KubernetesDeployer) ConvertCompose(data string) ([]byte, error)
 	var stderr bytes.Buffer
 	cmd := exec.Command(command, args...)
 	cmd.Stderr = &stderr
-	cmd.Stdin = strings.NewReader(data)
+	cmd.Stdin = bytes.NewReader(data)
 
 	output, err := cmd.Output()
 	if err != nil {

api/go.mod

@@ -37,7 +37,7 @@ require (
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	k8s.io/api v0.17.2
 	k8s.io/apimachinery v0.17.2
 	k8s.io/client-go v0.17.2

api/go.sum

@@ -387,8 +387,9 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

api/http/handler/customtemplates/customtemplate_create.go

@@ -105,9 +105,10 @@ type customTemplateFromFileContentPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
-	// Type of created stack (1 - swarm, 2 - compose)
-	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
+	// Required for Docker stacks
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
+	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
+	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -122,10 +123,10 @@ func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
+	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
 	return nil
@@ -171,7 +172,8 @@ type customTemplateFromGitRepositoryPayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
+	// Required for Docker stacks
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
 	// Type of created stack (1 - swarm, 2 - compose)
 	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
 
@@ -205,6 +207,11 @@ func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request)
 	if govalidator.IsNull(payload.ComposeFilePathInRepository) {
 		payload.ComposeFilePathInRepository = filesystem.ComposeFileDefaultName
 	}
+
+	if payload.Type == portainer.KubernetesStack {
+		return errors.New("Creating a Kubernetes custom template from git is not supported")
+	}
+
 	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
@@ -278,20 +285,21 @@ func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) er
 	note, _ := request.RetrieveMultiPartFormValue(r, "Note", true)
 	payload.Note = note
 
-	platform, _ := request.RetrieveNumericMultiPartFormValue(r, "Platform", true)
-	templatePlatform := portainer.CustomTemplatePlatform(platform)
-	if templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
-		return errors.New("Invalid custom template platform")
-	}
-	payload.Platform = templatePlatform
-
 	typeNumeral, _ := request.RetrieveNumericMultiPartFormValue(r, "Type", true)
 	templateType := portainer.StackType(typeNumeral)
-	if templateType != portainer.DockerComposeStack && templateType != portainer.DockerSwarmStack {
+	if templateType != portainer.KubernetesStack && templateType != portainer.DockerSwarmStack && templateType != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
 	payload.Type = templateType
 
+	platform, _ := request.RetrieveNumericMultiPartFormValue(r, "Platform", true)
+	templatePlatform := portainer.CustomTemplatePlatform(platform)
+	if templateType != portainer.KubernetesStack && templatePlatform != portainer.CustomTemplatePlatformLinux && templatePlatform != portainer.CustomTemplatePlatformWindows {
+		return errors.New("Invalid custom template platform")
+	}
+
+	payload.Platform = templatePlatform
+
 	composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "File")
 	if err != nil {
 		return errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")

api/http/handler/customtemplates/customtemplate_list.go

@@ -2,7 +2,9 @@ package customtemplates
 
 import (
 	"net/http"
+	"strconv"
 
+	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
@@ -17,10 +19,16 @@ import (
 // @tags custom_templates
 // @security jwt
 // @produce json
+// @param type query []int true "Template types" Enums(1,2,3)
 // @success 200 {array} portainer.CustomTemplate "Success"
 // @failure 500 "Server error"
 // @router /custom_templates [get]
 func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	templateTypes, err := parseTemplateTypes(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid Custom template type", err}
+	}
+
 	customTemplates, err := handler.DataStore.CustomTemplate().CustomTemplates()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve custom templates from the database", err}
@@ -52,5 +60,52 @@ func (handler *Handler) customTemplateList(w http.ResponseWriter, r *http.Reques
 		customTemplates = authorization.FilterAuthorizedCustomTemplates(customTemplates, user, userTeamIDs)
 	}
 
+	customTemplates = filterByType(customTemplates, templateTypes)
+
 	return response.JSON(w, customTemplates)
 }
+
+func parseTemplateTypes(r *http.Request) ([]portainer.StackType, error) {
+	err := r.ParseForm()
+	if err != nil {
+		return nil, errors.WithMessage(err, "failed to parse request params")
+	}
+
+	types, exist := r.Form["type"]
+	if !exist {
+		return []portainer.StackType{}, nil
+	}
+
+	res := []portainer.StackType{}
+	for _, templateTypeStr := range types {
+		templateType, err := strconv.Atoi(templateTypeStr)
+		if err != nil {
+			return nil, errors.WithMessage(err, "failed parsing template type")
+		}
+
+		res = append(res, portainer.StackType(templateType))
+	}
+
+	return res, nil
+}
+
+func filterByType(customTemplates []portainer.CustomTemplate, templateTypes []portainer.StackType) []portainer.CustomTemplate {
+	if len(templateTypes) == 0 {
+		return customTemplates
+	}
+
+	typeSet := map[portainer.StackType]bool{}
+	for _, templateType := range templateTypes {
+		typeSet[templateType] = true
+	}
+
+	filtered := []portainer.CustomTemplate{}
+
+	for _, template := range customTemplates {
+		if typeSet[template.Type] {
+			filtered = append(filtered, template)
+		}
+	}
+
+	return filtered
+}

api/http/handler/customtemplates/customtemplate_update.go

@@ -27,9 +27,10 @@ type customTemplateUpdatePayload struct {
 	Note string `example:"This is my <b>custom</b> template"`
 	// Platform associated to the template.
 	// Valid values are: 1 - 'linux', 2 - 'windows'
-	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2" validate:"required"`
-	// Type of created stack (1 - swarm, 2 - compose)
-	Type portainer.StackType `example:"1" enums:"1,2" validate:"required"`
+	// Required for Docker stacks
+	Platform portainer.CustomTemplatePlatform `example:"1" enums:"1,2"`
+	// Type of created stack (1 - swarm, 2 - compose, 3 - kubernetes)
+	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
 }
@@ -41,10 +42,10 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.FileContent) {
 		return errors.New("Invalid file content")
 	}
-	if payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
+	if payload.Type != portainer.KubernetesStack && payload.Platform != portainer.CustomTemplatePlatformLinux && payload.Platform != portainer.CustomTemplatePlatformWindows {
 		return errors.New("Invalid custom template platform")
 	}
-	if payload.Type != portainer.DockerComposeStack && payload.Type != portainer.DockerSwarmStack {
+	if payload.Type != portainer.KubernetesStack && payload.Type != portainer.DockerSwarmStack && payload.Type != portainer.DockerComposeStack {
 		return errors.New("Invalid custom template type")
 	}
 	if govalidator.IsNull(payload.Description) {

api/http/handler/kubernetes/handler.go

@@ -20,6 +20,7 @@ type Handler struct {
 	dataStore               portainer.DataStore
 	kubernetesClientFactory *cli.ClientFactory
 	authorizationService    *authorization.Service
+	JwtService              portainer.JWTService
 }
 
 // NewHandler creates a handler to process pre-proxied requests to external APIs.
@@ -39,6 +40,8 @@ func NewHandler(bouncer *security.RequestBouncer, authorizationService *authoriz
 
 	kubeRouter.PathPrefix("/config").Handler(
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesConfig))).Methods(http.MethodGet)
+	kubeRouter.PathPrefix("/nodes_limits").Handler(
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesNodesLimits))).Methods(http.MethodGet)
 
 	// namespaces
 	// in the future this piece of code might be in another package (or a few different packages - namespaces/namespace?)

api/http/handler/kubernetes/kubernetes_config.go

@@ -3,14 +3,11 @@ package kubernetes
 import (
 	"errors"
 	"fmt"
-	"strings"
-
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
-	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/http/security"
 	kcli "github.com/portainer/portainer/api/kubernetes/cli"
 
@@ -46,16 +43,16 @@ func (handler *Handler) getKubernetesConfig(w http.ResponseWriter, r *http.Reque
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
 	}
 
-	bearerToken, err := extractBearerToken(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusUnauthorized, "Unauthorized", err}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", err}
 	}
 
+	bearerToken, err := handler.JwtService.GenerateTokenForKubeconfig(tokenData)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to generate JWT token", err}
+	}
+
 	cli, err := handler.kubernetesClientFactory.GetKubeClient(endpoint)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create Kubernetes client", err}
@@ -84,20 +81,6 @@ func (handler *Handler) getKubernetesConfig(w http.ResponseWriter, r *http.Reque
 	return response.JSON(w, config)
 }
 
-// extractBearerToken extracts user's portainer bearer token from request auth header
-func extractBearerToken(r *http.Request) (string, error) {
-	token := ""
-	tokens := r.Header["Authorization"]
-	if len(tokens) >= 1 {
-		token = tokens[0]
-		token = strings.TrimPrefix(token, "Bearer ")
-	}
-	if token == "" {
-		return "", httperrors.ErrUnauthorized
-	}
-	return token, nil
-}
-
 // getProxyUrl generates portainer proxy url which acts as proxy to k8s api server
 func getProxyUrl(r *http.Request, endpointID int) string {
 	return fmt.Sprintf("https://%s/api/endpoints/%d/kubernetes", r.Host, endpointID)

api/http/handler/kubernetes/kubernetes_nodes_limits.go

@@ -0,0 +1,52 @@
+package kubernetes
+
+import (
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+	bolterrors "github.com/portainer/portainer/api/bolt/errors"
+	"net/http"
+)
+
+// @id getKubernetesNodesLimits
+// @summary Get CPU and memory limits of all nodes within k8s cluster
+// @description Get CPU and memory limits of all nodes within k8s cluster
+// @description **Access policy**: authorized
+// @tags kubernetes
+// @security jwt
+// @accept json
+// @produce json
+// @param id path int true "Endpoint identifier"
+// @success 200 {object} K8sNodesLimits "Success"
+// @failure 400 "Invalid request"
+// @failure 401 "Unauthorized"
+// @failure 403 "Permission denied"
+// @failure 404 "Endpoint not found"
+// @failure 500 "Server error"
+// @router /kubernetes/{id}/nodes_limits [get]
+func (handler *Handler) getKubernetesNodesLimits(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint identifier route variable", err}
+	}
+
+	endpoint, err := handler.dataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
+	if err == bolterrors.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
+	}
+
+	cli, err := handler.kubernetesClientFactory.GetKubeClient(endpoint)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create Kubernetes client", err}
+	}
+
+	nodesLimits, err := cli.GetNodesLimits()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve nodes limits", err}
+	}
+
+	return response.JSON(w, nodesLimits)
+}

api/http/handler/settings/settings_update.go

@@ -32,6 +32,8 @@ type settingsUpdatePayload struct {
 	EnableEdgeComputeFeatures *bool `example:"true"`
 	// The duration of a user session
 	UserSessionTimeout *string `example:"5m"`
+	// The expiry of a Kubeconfig
+	KubeconfigExpiry *string `example:"24h" default:"0"`
 	// Whether telemetry is enabled
 	EnableTelemetry *bool `example:"false"`
 }
@@ -52,6 +54,12 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 			return errors.New("Invalid user session timeout")
 		}
 	}
+	if payload.KubeconfigExpiry != nil {
+		_, err := time.ParseDuration(*payload.KubeconfigExpiry)
+		if err != nil {
+			return errors.New("Invalid Kubeconfig Expiry")
+		}
+	}
 
 	return nil
 }
@@ -135,6 +143,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.EdgeAgentCheckinInterval = *payload.EdgeAgentCheckinInterval
 	}
 
+	if payload.KubeconfigExpiry != nil {
+		settings.KubeconfigExpiry = *payload.KubeconfigExpiry
+	}
+
 	if payload.UserSessionTimeout != nil {
 		settings.UserSessionTimeout = *payload.UserSessionTimeout
 

api/http/handler/stacks/create_kubernetes_stack.go

@@ -1,7 +1,6 @@
 package stacks
 
 import (
-	"errors"
 	"io/ioutil"
 	"net/http"
 	"path/filepath"
@@ -9,12 +8,15 @@ import (
 	"time"
 
 	"github.com/asaskevich/govalidator"
+	"github.com/pkg/errors"
 
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/filesystem"
+	k "github.com/portainer/portainer/api/kubernetes"
+	"github.com/portainer/portainer/api/http/client"
 )
 
 const defaultReferenceName = "refs/heads/master"
@@ -36,6 +38,12 @@ type kubernetesGitDeploymentPayload struct {
 	FilePathInRepository     string
 }
 
+type kubernetesManifestURLDeploymentPayload struct {
+	Namespace 		string
+	ComposeFormat 	bool
+	ManifestURL 	string
+}
+
 func (payload *kubernetesStringDeploymentPayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.StackFileContent) {
 		return errors.New("Invalid stack file content")
@@ -65,6 +73,13 @@ func (payload *kubernetesGitDeploymentPayload) Validate(r *http.Request) error {
 	return nil
 }
 
+func (payload *kubernetesManifestURLDeploymentPayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.ManifestURL) || !govalidator.IsURL(payload.ManifestURL) {
+		return errors.New("Invalid manifest URL")
+	}
+	return nil
+}
+
 type createKubernetesStackResponse struct {
 	Output string `json:"Output"`
 }
@@ -95,7 +110,12 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 	doCleanUp := true
 	defer handler.cleanUp(stack, &doCleanUp)
 
-	output, err := handler.deployKubernetesStack(r, endpoint, payload.StackFileContent, payload.ComposeFormat, payload.Namespace)
+	output, err := handler.deployKubernetesStack(r, endpoint, payload.StackFileContent, payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
+		StackID: stackID,
+		Name:    stack.Name,
+		Owner:   stack.CreatedBy,
+		Kind:    "content",
+	})
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
 	}
@@ -109,6 +129,8 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 		Output: output,
 	}
 
+	doCleanUp = false
+
 	return response.JSON(w, resp)
 }
 
@@ -139,7 +161,12 @@ func (handler *Handler) createKubernetesStackFromGitRepository(w http.ResponseWr
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to process manifest from Git repository", Err: err}
 	}
 
-	output, err := handler.deployKubernetesStack(r, endpoint, stackFileContent, payload.ComposeFormat, payload.Namespace)
+	output, err := handler.deployKubernetesStack(r, endpoint, stackFileContent, payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
+		StackID: stackID,
+		Name:    stack.Name,
+		Owner:   stack.CreatedBy,
+		Kind:    "git",
+	})
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
 	}
@@ -152,23 +179,86 @@ func (handler *Handler) createKubernetesStackFromGitRepository(w http.ResponseWr
 	resp := &createKubernetesStackResponse{
 		Output: output,
 	}
+
+	doCleanUp = false
+
 	return response.JSON(w, resp)
 }
 
-func (handler *Handler) deployKubernetesStack(request *http.Request, endpoint *portainer.Endpoint, stackConfig string, composeFormat bool, namespace string) (string, error) {
+
+func (handler *Handler) createKubernetesStackFromManifestURL(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint) *httperror.HandlerError {
+	var payload kubernetesManifestURLDeploymentPayload
+	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
+	}
+
+	stackID := handler.DataStore.Stack().GetNextIdentifier()
+	stack := &portainer.Stack{
+		ID:           portainer.StackID(stackID),
+		Type:         portainer.KubernetesStack,
+		EndpointID:   endpoint.ID,
+		EntryPoint:   filesystem.ManifestFileDefaultName,
+		Status:       portainer.StackStatusActive,
+		CreationDate: time.Now().Unix(),
+	}
+
+	var manifestContent []byte
+	manifestContent, err := client.Get(payload.ManifestURL, 30)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve manifest from URL", err}
+	}
+
+	stackFolder := strconv.Itoa(int(stack.ID))
+	projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, manifestContent)
+	if err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Kubernetes manifest file on disk", Err: err}
+	}
+	stack.ProjectPath = projectPath
+
+	doCleanUp := true
+	defer handler.cleanUp(stack, &doCleanUp)
+
+	output, err := handler.deployKubernetesStack(r, endpoint, string(manifestContent), payload.ComposeFormat, payload.Namespace, k.KubeAppLabels{
+		StackID: stackID,
+		Name:    stack.Name,
+		Owner:   stack.CreatedBy,
+		Kind:    "url",
+	})
+	if err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to deploy Kubernetes stack", Err: err}
+	}
+
+	err = handler.DataStore.Stack().CreateStack(stack)
+	if err != nil {
+		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the Kubernetes stack inside the database", Err: err}
+	}
+
+	resp := &createKubernetesStackResponse{
+		Output: output,
+	}
+
+	return response.JSON(w, resp)
+}
+
+func (handler *Handler) deployKubernetesStack(r *http.Request, endpoint *portainer.Endpoint, stackConfig string, composeFormat bool, namespace string, appLabels k.KubeAppLabels) (string, error) {
 	handler.stackCreationMutex.Lock()
 	defer handler.stackCreationMutex.Unlock()
 
+	manifest := []byte(stackConfig)
 	if composeFormat {
-		convertedConfig, err := handler.KubernetesDeployer.ConvertCompose(stackConfig)
+		convertedConfig, err := handler.KubernetesDeployer.ConvertCompose(manifest)
 		if err != nil {
-			return "", err
+			return "", errors.Wrap(err, "failed to convert docker compose file to a kube manifest")
 		}
-		stackConfig = string(convertedConfig)
+		manifest = convertedConfig
 	}
 
-	return handler.KubernetesDeployer.Deploy(request, endpoint, stackConfig, namespace)
+	manifest, err := k.AddAppLabels(manifest, appLabels)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to add application labels")
+	}
 
+	return handler.KubernetesDeployer.Deploy(r, endpoint, string(manifest), namespace)
 }
 
 func (handler *Handler) cloneManifestContentFromGitRepo(gitInfo *kubernetesGitDeploymentPayload, projectPath string) (string, error) {

api/http/handler/stacks/stack_create.go

@@ -149,6 +149,8 @@ func (handler *Handler) createKubernetesStack(w http.ResponseWriter, r *http.Req
 		return handler.createKubernetesStackFromFileContent(w, r, endpoint)
 	case "repository":
 		return handler.createKubernetesStackFromGitRepository(w, r, endpoint)
+	case "url":
+		return handler.createKubernetesStackFromManifestURL(w, r, endpoint)		
 	}
 	return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid value for query parameter: method. Value must be one of: string or repository", Err: errors.New(request.ErrInvalidQueryParameter)}
 }

api/http/handler/websocket/pod.go

@@ -135,21 +135,25 @@ func (handler *Handler) hijackPodExecStartOperation(
 	stdoutReader, stdoutWriter := io.Pipe()
 	defer stdoutWriter.Close()
 
+	// errorChan is used to propagate errors from the go routines to the caller.
 	errorChan := make(chan error, 1)
 	go streamFromWebsocketToWriter(websocketConn, stdinWriter, errorChan)
 	go streamFromReaderToWebsocket(websocketConn, stdoutReader, errorChan)
 
-	err = cli.StartExecProcess(serviceAccountToken, isAdminToken, namespace, podName, containerName, commandArray, stdinReader, stdoutWriter)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to start exec process inside container", err}
-	}
+	// StartExecProcess is a blocking operation which streams IO to/from pod;
+	// this must execute in asynchronously, since the websocketConn could return errors (e.g. client disconnects) before
+	// the blocking operation is completed.
+	go cli.StartExecProcess(serviceAccountToken, isAdminToken, namespace, podName, containerName, commandArray, stdinReader, stdoutWriter, errorChan)
 
 	err = <-errorChan
+
+	// websocket client successfully disconnected
 	if websocket.IsUnexpectedCloseError(err, websocket.CloseGoingAway, websocket.CloseNoStatusReceived) {
 		log.Printf("websocket error: %s \n", err.Error())
+		return nil
 	}
 
-	return nil
+	return &httperror.HandlerError{http.StatusInternalServerError, "Unable to start exec process inside container", err}
 }
 
 func (handler *Handler) getToken(request *http.Request, endpoint *portainer.Endpoint, setLocalAdminToken bool) (string, bool, error) {

api/http/server.go

@@ -161,6 +161,7 @@ func (server *Server) Start() error {
 	endpointProxyHandler.ReverseTunnelService = server.ReverseTunnelService
 
 	var kubernetesHandler = kubehandler.NewHandler(requestBouncer, server.AuthorizationService, server.DataStore, server.KubernetesClientFactory)
+	kubernetesHandler.JwtService = server.JWTService
 
 	var fileHandler = file.NewHandler(filepath.Join(server.AssetsPath, "public"))
 

api/internal/testhelpers/datastore.go

@@ -70,6 +70,21 @@ func NewDatastore(options ...datastoreOption) *datastore {
 	return &d
 }
 
+
+type stubSettingsService struct {
+	settings *portainer.Settings
+}
+
+func (s *stubSettingsService) Settings() (*portainer.Settings, error)       { return s.settings, nil }
+func (s *stubSettingsService) UpdateSettings(settings *portainer.Settings) error       { return nil }
+
+func WithSettings(settings *portainer.Settings) datastoreOption {
+	return func(d *datastore) {
+		d.settings = &stubSettingsService{settings: settings}
+	}
+}
+
+
 type stubUserService struct {
 	users []portainer.User
 }

api/jwt/jwt.go

@@ -16,6 +16,7 @@ import (
 type Service struct {
 	secret             []byte
 	userSessionTimeout time.Duration
+	dataStore          portainer.DataStore
 }
 
 type claims struct {
@@ -31,7 +32,7 @@ var (
 )
 
 // NewService initializes a new service. It will generate a random key that will be used to sign JWT tokens.
-func NewService(userSessionDuration string) (*Service, error) {
+func NewService(userSessionDuration string, dataStore portainer.DataStore) (*Service, error) {
 	userSessionTimeout, err := time.ParseDuration(userSessionDuration)
 	if err != nil {
 		return nil, err
@@ -45,19 +46,28 @@ func NewService(userSessionDuration string) (*Service, error) {
 	service := &Service{
 		secret,
 		userSessionTimeout,
+		dataStore,
 	}
 	return service, nil
 }
 
+func (service *Service) defaultExpireAt() (int64) {
+	return time.Now().Add(service.userSessionTimeout).Unix()
+}
+
 // GenerateToken generates a new JWT token.
 func (service *Service) GenerateToken(data *portainer.TokenData) (string, error) {
-	return service.generateSignedToken(data, nil)
+	return service.generateSignedToken(data, service.defaultExpireAt())
 }
 
 // GenerateTokenForOAuth generates a new JWT for OAuth login
 // token expiry time from the OAuth provider is considered
 func (service *Service) GenerateTokenForOAuth(data *portainer.TokenData, expiryTime *time.Time) (string, error) {
-	return service.generateSignedToken(data, expiryTime)
+	expireAt := service.defaultExpireAt()
+	if expiryTime != nil && !expiryTime.IsZero() {
+		expireAt = expiryTime.Unix()
+	}
+	return service.generateSignedToken(data, expireAt)
 }
 
 // ParseAndVerifyToken parses a JWT token and verify its validity. It returns an error if token is invalid.
@@ -88,17 +98,13 @@ func (service *Service) SetUserSessionDuration(userSessionDuration time.Duration
 	service.userSessionTimeout = userSessionDuration
 }
 
-func (service *Service) generateSignedToken(data *portainer.TokenData, expiryTime *time.Time) (string, error) {
-	expireToken := time.Now().Add(service.userSessionTimeout).Unix()
-	if expiryTime != nil && !expiryTime.IsZero() {
-		expireToken = expiryTime.Unix()
-	}
+func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt int64) (string, error) {
 	cl := claims{
 		UserID:   int(data.ID),
 		Username: data.Username,
 		Role:     int(data.Role),
 		StandardClaims: jwt.StandardClaims{
-			ExpiresAt: expireToken,
+			ExpiresAt: expiresAt,
 		},
 	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, cl)

api/jwt/jwt_kubeconfig.go

@@ -0,0 +1,26 @@
+package jwt
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"time"
+)
+
+// GenerateTokenForKubeconfig generates a new JWT token for Kubeconfig
+func (service *Service) GenerateTokenForKubeconfig(data *portainer.TokenData) (string, error) {
+	settings, err := service.dataStore.Settings().Settings()
+	if err != nil {
+		return "", err
+	}
+
+	expiryDuration, err := time.ParseDuration(settings.KubeconfigExpiry)
+	if err != nil {
+		return "", err
+	}
+
+	expiryAt := time.Now().Add(expiryDuration).Unix()
+	if expiryDuration == time.Duration(0) {
+		expiryAt = 0
+	}
+
+	return service.generateSignedToken(data, expiryAt)
+}

api/jwt/jwt_kubeconfig_test.go

@@ -0,0 +1,81 @@
+package jwt
+
+import (
+	"github.com/dgrijalva/jwt-go"
+	portainer "github.com/portainer/portainer/api"
+	i "github.com/portainer/portainer/api/internal/testhelpers"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestService_GenerateTokenForKubeconfig(t *testing.T) {
+	type fields struct {
+		userSessionTimeout string
+		dataStore          portainer.DataStore
+	}
+
+	type args struct {
+		data *portainer.TokenData
+	}
+
+	mySettings := &portainer.Settings{
+		KubeconfigExpiry: "0",
+	}
+
+	myFields := fields{
+		userSessionTimeout: "24h",
+		dataStore:          i.NewDatastore(i.WithSettings(mySettings)),
+	}
+
+	myTokenData := &portainer.TokenData{
+		Username: "Joe",
+		ID:       1,
+		Role:     1,
+	}
+
+	myArgs := args{
+		data: myTokenData,
+	}
+
+	tests := []struct {
+		name          string
+		fields        fields
+		args          args
+		wantExpiresAt int64
+		wantErr       bool
+	}{
+		{
+			name:          "kubeconfig no expiry",
+			fields:        myFields,
+			args:          myArgs,
+			wantExpiresAt: 0,
+			wantErr:       false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			service, err := NewService(tt.fields.userSessionTimeout, tt.fields.dataStore)
+			assert.NoError(t, err, "failed to create a copy of service")
+
+			got, err := service.GenerateTokenForKubeconfig(tt.args.data)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GenerateTokenForKubeconfig() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			parsedToken, err := jwt.ParseWithClaims(got, &claims{}, func(token *jwt.Token) (interface{}, error) {
+				return service.secret, nil
+			})
+			assert.NoError(t, err, "failed to parse generated token")
+
+			tokenClaims, ok := parsedToken.Claims.(*claims)
+			assert.Equal(t, true, ok, "failed to claims out of generated ticket")
+
+			assert.Equal(t, myTokenData.Username, tokenClaims.Username)
+			assert.Equal(t, int(myTokenData.ID), tokenClaims.UserID)
+			assert.Equal(t, int(myTokenData.Role), tokenClaims.Role)
+			assert.Equal(t, tt.wantExpiresAt, tokenClaims.ExpiresAt)
+		})
+	}
+}

api/jwt/jwt_test.go

@@ -10,7 +10,7 @@ import (
 )
 
 func TestGenerateSignedToken(t *testing.T) {
-	svc, err := NewService("24h")
+	svc, err := NewService("24h", nil)
 	assert.NoError(t, err, "failed to create a copy of service")
 
 	token := &portainer.TokenData{
@@ -18,9 +18,9 @@ func TestGenerateSignedToken(t *testing.T) {
 		ID:       1,
 		Role:     1,
 	}
-	expirtationTime := time.Now().Add(1 * time.Hour)
+	expiresAt := time.Now().Add(1 * time.Hour).Unix()
 
-	generatedToken, err := svc.generateSignedToken(token, &expirtationTime)
+	generatedToken, err := svc.generateSignedToken(token, expiresAt)
 	assert.NoError(t, err, "failed to generate a signed token")
 
 	parsedToken, err := jwt.ParseWithClaims(generatedToken, &claims{}, func(token *jwt.Token) (interface{}, error) {
@@ -34,5 +34,5 @@ func TestGenerateSignedToken(t *testing.T) {
 	assert.Equal(t, token.Username, tokenClaims.Username)
 	assert.Equal(t, int(token.ID), tokenClaims.UserID)
 	assert.Equal(t, int(token.Role), tokenClaims.Role)
-	assert.Equal(t, expirtationTime.Unix(), tokenClaims.ExpiresAt)
+	assert.Equal(t, expiresAt, tokenClaims.ExpiresAt)
 }

api/kubernetes/cli/exec.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 	"io"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/remotecommand"
@@ -15,10 +15,12 @@ import (
 // using the specified command. The stdin parameter will be bound to the stdin process and the stdout process will write
 // to the stdout parameter.
 // This function only works against a local endpoint using an in-cluster config with the user's SA token.
-func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer) error {
+// This is a blocking operation.
+func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer, errChan chan error) {
 	config, err := rest.InClusterConfig()
 	if err != nil {
-		return err
+		errChan <- err
+		return
 	}
 
 	if !useAdminToken {
@@ -44,7 +46,8 @@ func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namesp
 
 	exec, err := remotecommand.NewSPDYExecutor(config, "POST", req.URL())
 	if err != nil {
-		return err
+		errChan <- err
+		return
 	}
 
 	err = exec.Stream(remotecommand.StreamOptions{
@@ -54,9 +57,7 @@ func (kcl *KubeClient) StartExecProcess(token string, useAdminToken bool, namesp
 	})
 	if err != nil {
 		if _, ok := err.(utilexec.ExitError); !ok {
-			return errors.New("unable to start exec process")
+			errChan <- errors.New("unable to start exec process")
 		}
 	}
-
-	return nil
 }

api/kubernetes/cli/nodes_limits.go

@@ -0,0 +1,42 @@
+package cli
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GetNodesLimits gets the CPU and Memory limits(unused resources) of all nodes in the current k8s endpoint connection
+func (kcl *KubeClient) GetNodesLimits() (portainer.K8sNodesLimits, error) {
+	nodesLimits := make(portainer.K8sNodesLimits)
+
+	nodes, err := kcl.cli.CoreV1().Nodes().List(metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	pods, err := kcl.cli.CoreV1().Pods("").List(metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	for _, item := range nodes.Items {
+		cpu := item.Status.Allocatable.Cpu().MilliValue()
+		memory := item.Status.Allocatable.Memory().Value()
+
+		nodesLimits[item.ObjectMeta.Name] = &portainer.K8sNodeLimits{
+			CPU:    cpu,
+			Memory: memory,
+		}
+	}
+
+	for _, item := range pods.Items {
+		if nodeLimits, ok := nodesLimits[item.Spec.NodeName]; ok {
+			for _, container := range item.Spec.Containers {
+				nodeLimits.CPU -= container.Resources.Requests.Cpu().MilliValue()
+				nodeLimits.Memory -= container.Resources.Requests.Memory().Value()
+			}
+		}
+	}
+
+	return nodesLimits, nil
+}

api/kubernetes/cli/nodes_limits_test.go

@@ -0,0 +1,137 @@
+package cli
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	kfake "k8s.io/client-go/kubernetes/fake"
+	"reflect"
+	"testing"
+)
+
+func newNodes() *v1.NodeList {
+	return &v1.NodeList{
+		Items: []v1.Node{
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-node-0",
+				},
+				Status: v1.NodeStatus{
+					Allocatable: v1.ResourceList{
+						v1.ResourceName(v1.ResourceCPU):    resource.MustParse("2"),
+						v1.ResourceName(v1.ResourceMemory): resource.MustParse("4M"),
+					},
+				},
+			},
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "test-node-1",
+				},
+				Status: v1.NodeStatus{
+					Allocatable: v1.ResourceList{
+						v1.ResourceName(v1.ResourceCPU):    resource.MustParse("3"),
+						v1.ResourceName(v1.ResourceMemory): resource.MustParse("6M"),
+					},
+				},
+			},
+		},
+	}
+}
+
+func newPods() *v1.PodList {
+	return &v1.PodList{
+		Items: []v1.Pod{
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-container-0",
+					Namespace: "test-namespace-0",
+				},
+				Spec: v1.PodSpec{
+					NodeName: "test-node-0",
+					Containers: []v1.Container{
+						{
+							Name: "test-container-0",
+							Resources: v1.ResourceRequirements{
+								Requests: v1.ResourceList{
+									v1.ResourceName(v1.ResourceCPU):    resource.MustParse("1"),
+									v1.ResourceName(v1.ResourceMemory): resource.MustParse("2M"),
+								},
+							},
+						},
+					},
+				},
+			},
+			{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-container-1",
+					Namespace: "test-namespace-1",
+				},
+				Spec: v1.PodSpec{
+					NodeName: "test-node-1",
+					Containers: []v1.Container{
+						{
+							Name: "test-container-1",
+							Resources: v1.ResourceRequirements{
+								Requests: v1.ResourceList{
+									v1.ResourceName(v1.ResourceCPU):    resource.MustParse("2"),
+									v1.ResourceName(v1.ResourceMemory): resource.MustParse("3M"),
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func TestKubeClient_GetNodesLimits(t *testing.T) {
+	type fields struct {
+		cli kubernetes.Interface
+	}
+
+	fieldsInstance := fields{
+		cli: kfake.NewSimpleClientset(newNodes(), newPods()),
+	}
+
+	tests := []struct {
+		name    string
+		fields  fields
+		want    portainer.K8sNodesLimits
+		wantErr bool
+	}{
+		{
+			name:   "2 nodes 2 pods",
+			fields: fieldsInstance,
+			want: portainer.K8sNodesLimits{
+				"test-node-0": &portainer.K8sNodeLimits{
+					CPU:    1000,
+					Memory: 2000000,
+				},
+				"test-node-1": &portainer.K8sNodeLimits{
+					CPU:    1000,
+					Memory: 3000000,
+				},
+			},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			kcl := &KubeClient{
+				cli: tt.fields.cli,
+			}
+			got, err := kcl.GetNodesLimits()
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetNodesLimits() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetNodesLimits() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

api/kubernetes/cli/role.go

@@ -18,15 +18,10 @@ func getPortainerUserDefaultPolicies() []rbacv1.PolicyRule {
 			Resources: []string{"storageclasses"},
 			APIGroups: []string{"storage.k8s.io"},
 		},
-		{
-			Verbs:     []string{"list"},
-			Resources: []string{"ingresses"},
-			APIGroups: []string{"networking.k8s.io"},
-		},
 	}
 }
 
-func (kcl *KubeClient) createPortainerUserClusterRole() error {
+func (kcl *KubeClient) upsertPortainerK8sClusterRoles() error {
 	clusterRole := &rbacv1.ClusterRole{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: portainerUserCRName,
@@ -35,8 +30,13 @@ func (kcl *KubeClient) createPortainerUserClusterRole() error {
 	}
 
 	_, err := kcl.cli.RbacV1().ClusterRoles().Create(clusterRole)
-	if err != nil && !k8serrors.IsAlreadyExists(err) {
-		return err
+	if err != nil  {
+		if k8serrors.IsAlreadyExists(err) {
+			_, err = kcl.cli.RbacV1().ClusterRoles().Update(clusterRole)
+		}
+		if err != nil {
+			return err
+		}
 	}
 
 	return nil

api/kubernetes/cli/service_account.go

@@ -63,7 +63,7 @@ func (kcl *KubeClient) SetupUserServiceAccount(userID int, teamIDs []int, restri
 }
 
 func (kcl *KubeClient) ensureRequiredResourcesExist() error {
-	return kcl.createPortainerUserClusterRole()
+	return kcl.upsertPortainerK8sClusterRoles()
 }
 
 func (kcl *KubeClient) createUserServiceAccount(namespace, serviceAccountName string) error {

api/kubernetes/yaml.go

@@ -0,0 +1,112 @@
+package kubernetes
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+	"gopkg.in/yaml.v3"
+)
+
+type KubeAppLabels struct {
+	StackID int
+	Name    string
+	Owner   string
+	Kind    string
+}
+
+// AddAppLabels adds required labels to "Resource"->metadata->labels.
+// It'll add those labels to all Resource (nodes with a kind property exluding a list) it can find in provided yaml.
+// Items in the yaml file could either be organised as a list or broken into multi documents.
+func AddAppLabels(manifestYaml []byte, appLabels KubeAppLabels) ([]byte, error) {
+	if bytes.Equal(manifestYaml, []byte("")) {
+		return manifestYaml, nil
+	}
+
+	docs := make([][]byte, 0)
+	yamlDecoder := yaml.NewDecoder(bytes.NewReader(manifestYaml))
+
+	for {
+		m := make(map[string]interface{})
+		err := yamlDecoder.Decode(&m)
+
+		// if decoded document is empty
+		if m == nil {
+			continue
+		}
+
+		// if there are no more documents in the file
+		if errors.Is(err, io.EOF) {
+			break
+		}
+
+		addResourceLabels(m, appLabels)
+
+		var out bytes.Buffer
+		yamlEncoder := yaml.NewEncoder(&out)
+		yamlEncoder.SetIndent(2)
+		if err := yamlEncoder.Encode(m); err != nil {
+			return nil, errors.Wrap(err, "failed to marshal yaml manifest")
+		}
+
+		docs = append(docs, out.Bytes())
+	}
+
+	return bytes.Join(docs, []byte("---\n")), nil
+}
+
+func addResourceLabels(yamlDoc interface{}, appLabels KubeAppLabels) {
+	m, ok := yamlDoc.(map[string]interface{})
+	if !ok {
+		return
+	}
+
+	kind, ok := m["kind"]
+	if ok && !strings.EqualFold(kind.(string), "list") {
+		addLabels(m, appLabels)
+		return
+	}
+
+	for _, v := range m {
+		switch v.(type) {
+		case map[string]interface{}:
+			addResourceLabels(v, appLabels)
+		case []interface{}:
+			for _, item := range v.([]interface{}) {
+				addResourceLabels(item, appLabels)
+			}
+		}
+	}
+}
+
+func addLabels(obj map[string]interface{}, appLabels KubeAppLabels) {
+	metadata := make(map[string]interface{})
+	if m, ok := obj["metadata"]; ok {
+		metadata = m.(map[string]interface{})
+	}
+
+	labels := make(map[string]string)
+	if l, ok := metadata["labels"]; ok {
+		for k, v := range l.(map[string]interface{}) {
+			labels[k] = fmt.Sprintf("%v", v)
+		}
+	}
+
+	name := appLabels.Name
+	if appLabels.Name == "" {
+		if n, ok := metadata["name"]; ok {
+			name = n.(string)
+		}
+	}
+
+	labels["io.portainer.kubernetes.application.stackid"] = strconv.Itoa(appLabels.StackID)
+	labels["io.portainer.kubernetes.application.name"] = name
+	labels["io.portainer.kubernetes.application.owner"] = appLabels.Owner
+	labels["io.portainer.kubernetes.application.kind"] = appLabels.Kind
+
+	metadata["labels"] = labels
+	obj["metadata"] = metadata
+}

api/kubernetes/yaml_test.go

@@ -0,0 +1,493 @@
+package kubernetes
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddAppLabels(t *testing.T) {
+	tests := []struct {
+		name       string
+		input      string
+		wantOutput string
+	}{
+		{
+			name: "single deployment without labels",
+			input: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+			wantOutput: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+		},
+		{
+			name: "single deployment with existing labels",
+			input: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    foo: bar
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+			wantOutput: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    foo: bar
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+		},
+		{
+			name: "complex kompose output",
+			input: `apiVersion: v1
+items:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.service: web
+      name: web
+    spec:
+      ports:
+        - name: "5000"
+          port: 5000
+          targetPort: 5000
+      selector:
+        io.kompose.service: web
+    status:
+      loadBalancer: {}
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.service: redis
+      name: redis
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          io.kompose.service: redis
+      strategy: {}
+      template:
+        metadata:
+          creationTimestamp: null
+          labels:
+            io.kompose.service: redis
+    status: {}
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      creationTimestamp: null
+      name: web
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          io.kompose.service: web
+      strategy:
+        type: Recreate
+      template:
+        metadata:
+          creationTimestamp: null
+          labels:
+            io.kompose.service: web
+    status: {}
+kind: List
+metadata: {}
+`,
+			wantOutput: `apiVersion: v1
+items:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.service: web
+        io.portainer.kubernetes.application.kind: git
+        io.portainer.kubernetes.application.name: best-name
+        io.portainer.kubernetes.application.owner: best-owner
+        io.portainer.kubernetes.application.stackid: "123"
+      name: web
+    spec:
+      ports:
+        - name: "5000"
+          port: 5000
+          targetPort: 5000
+      selector:
+        io.kompose.service: web
+    status:
+      loadBalancer: {}
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.service: redis
+        io.portainer.kubernetes.application.kind: git
+        io.portainer.kubernetes.application.name: best-name
+        io.portainer.kubernetes.application.owner: best-owner
+        io.portainer.kubernetes.application.stackid: "123"
+      name: redis
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          io.kompose.service: redis
+      strategy: {}
+      template:
+        metadata:
+          creationTimestamp: null
+          labels:
+            io.kompose.service: redis
+    status: {}
+  - apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.portainer.kubernetes.application.kind: git
+        io.portainer.kubernetes.application.name: best-name
+        io.portainer.kubernetes.application.owner: best-owner
+        io.portainer.kubernetes.application.stackid: "123"
+      name: web
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          io.kompose.service: web
+      strategy:
+        type: Recreate
+      template:
+        metadata:
+          creationTimestamp: null
+          labels:
+            io.kompose.service: web
+    status: {}
+kind: List
+metadata: {}
+`,
+		},
+		{
+			name: "multiple items separated by ---",
+			input: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+---
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: web
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+  selector:
+    io.kompose.service: web
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    foo: bar
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+			wantOutput: `apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+---
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: web
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+  selector:
+    io.kompose.service: web
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    foo: bar
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: busybox
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: busybox
+  template:
+    metadata:
+      labels:
+        app: busybox
+    spec:
+      containers:
+        - image: busybox
+          name: busybox
+`,
+		},
+		{
+			name:       "empty",
+			input:      "",
+			wantOutput: "",
+		},
+		{
+			name: "no only deployments",
+			input: `apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: web
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+  selector:
+    io.kompose.service: web
+`,
+			wantOutput: `apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: web
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: best-name
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+  selector:
+    io.kompose.service: web
+`,
+		},
+	}
+
+	labels := KubeAppLabels{
+		StackID: 123,
+		Name:    "best-name",
+		Owner:   "best-owner",
+		Kind:    "git",
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := AddAppLabels([]byte(tt.input), labels)
+			assert.NoError(t, err)
+			assert.Equal(t, tt.wantOutput, string(result))
+		})
+	}
+}
+
+func Test_AddAppLabels_PickingName_WhenLabelNameIsEmpty(t *testing.T) {
+	labels := KubeAppLabels{
+		StackID: 123,
+		Owner:   "best-owner",
+		Kind:    "git",
+	}
+
+	input := `apiVersion: v1
+kind: Service
+metadata:
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+`
+
+	expected := `apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: web
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+  name: web
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+`
+
+	result, err := AddAppLabels([]byte(input), labels)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(result))
+}
+
+func Test_AddAppLabels_PickingName_WhenLabelAndMetadataNameAreEmpty(t *testing.T) {
+	labels := KubeAppLabels{
+		StackID: 123,
+		Owner:   "best-owner",
+		Kind:    "git",
+	}
+
+	input := `apiVersion: v1
+kind: Service
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+`
+
+	expected := `apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    io.portainer.kubernetes.application.kind: git
+    io.portainer.kubernetes.application.name: ""
+    io.portainer.kubernetes.application.owner: best-owner
+    io.portainer.kubernetes.application.stackid: "123"
+spec:
+  ports:
+    - name: "5000"
+      port: 5000
+      targetPort: 5000
+`
+
+	result, err := AddAppLabels([]byte(input), labels)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(result))
+}

api/portainer.go

@@ -398,6 +398,13 @@ type (
 	// JobType represents a job type
 	JobType int
 
+	K8sNodeLimits struct {
+		CPU    int64 `json:"CPU"`
+		Memory int64 `json:"Memory"`
+	}
+
+	K8sNodesLimits map[string]*K8sNodeLimits
+
 	K8sNamespaceAccessPolicy struct {
 		UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"`
 		TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"`
@@ -682,6 +689,8 @@ type (
 		EnableEdgeComputeFeatures bool `json:"EnableEdgeComputeFeatures" example:""`
 		// The duration of a user session
 		UserSessionTimeout string `json:"UserSessionTimeout" example:"5m"`
+		// The expiry of a Kubeconfig
+		KubeconfigExpiry string `json:"KubeconfigExpiry" example:"24h"`
 		// Whether telemetry is enabled
 		EnableTelemetry bool `json:"EnableTelemetry" example:"false"`
 
@@ -1208,6 +1217,7 @@ type (
 	JWTService interface {
 		GenerateToken(data *TokenData) (string, error)
 		GenerateTokenForOAuth(data *TokenData, expiryTime *time.Time) (string, error)
+		GenerateTokenForKubeconfig(data *TokenData) (string, error)
 		ParseAndVerifyToken(token string) (*TokenData, error)
 		SetUserSessionDuration(userSessionDuration time.Duration)
 	}
@@ -1218,8 +1228,9 @@ type (
 		GetServiceAccount(tokendata *TokenData) (*v1.ServiceAccount, error)
 		GetServiceAccountBearerToken(userID int) (string, error)
 		CreateUserShellPod(ctx context.Context, serviceAccountName string) (*KubernetesShellPod, error)
-		StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer) error
+		StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer, errChan chan error)
 		NamespaceAccessPoliciesDeleteNamespace(namespace string) error
+		GetNodesLimits() (K8sNodesLimits, error)
 		GetNamespaceAccessPolicies() (map[string]K8sNamespaceAccessPolicy, error)
 		UpdateNamespaceAccessPolicies(accessPolicies map[string]K8sNamespaceAccessPolicy) error
 		DeleteRegistrySecret(registry *Registry, namespace string) error
@@ -1232,7 +1243,7 @@ type (
 	// KubernetesDeployer represents a service to deploy a manifest inside a Kubernetes endpoint
 	KubernetesDeployer interface {
 		Deploy(request *http.Request, endpoint *Endpoint, data string, namespace string) (string, error)
-		ConvertCompose(data string) ([]byte, error)
+		ConvertCompose(data []byte) ([]byte, error)
 	}
 
 	// KubernetesSnapshotter represents a service used to create Kubernetes endpoint snapshots
@@ -1444,6 +1455,8 @@ const (
 	DefaultTemplatesURL = "https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json"
 	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared
 	DefaultUserSessionTimeout = "8h"
+	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared
+	DefaultKubeconfigExpiry = "0"
 )
 
 const (

app/angulartics.matomo/index.js

@@ -1,4 +1,5 @@
 import angular from 'angular';
+import _ from 'lodash-es';
 
 const basePath = 'http://portainer-ce.app';
 
@@ -131,7 +132,8 @@ function config($analyticsProvider, $windowProvider) {
 
     let metadataString = '';
     if (metadata) {
-      metadataString = JSON.stringify(metadata).toLowerCase();
+      const kebabCasedMetadata = Object.fromEntries(Object.entries(metadata).map(([key, value]) => [_.kebabCase(key), value]));
+      metadataString = JSON.stringify(kebabCasedMetadata).toLowerCase();
     }
 
     push([

app/edge/views/edge-stacks/createEdgeStackView/createEdgeStackView.html

@@ -199,6 +199,10 @@
                 ng-click="$ctrl.createStack()"
                 button-spinner="$ctrl.state.actionInProgress"
                 data-cy="edgeStackCreate-createStackButton"
+                analytics-on
+                analytics-event="edge-stack-creation"
+                analytics-category="edge"
+                analytics-properties="$ctrl.buildAnalyticsProperties()"
               >
                 <span ng-hide="$ctrl.state.actionInProgress">Deploy the stack</span>
                 <span ng-show="$ctrl.state.actionInProgress">Deployment in progress...</span>

app/edge/views/edge-stacks/createEdgeStackView/createEdgeStackViewController.js

@@ -43,6 +43,30 @@ export class CreateEdgeStackViewController {
     this.onChangeFormValues = this.onChangeFormValues.bind(this);
   }
 
+  buildAnalyticsProperties() {
+    const format = 'compose';
+    const metadata = { type: methodLabel(this.state.Method), format };
+
+    if (metadata.type === 'template') {
+      metadata.templateName = this.selectedTemplate.title;
+    }
+
+    return { metadata };
+
+    function methodLabel(method) {
+      switch (method) {
+        case 'editor':
+          return 'web-editor';
+        case 'repository':
+          return 'git';
+        case 'upload':
+          return 'file-upload';
+        case 'template':
+          return 'template';
+      }
+    }
+  }
+
   async uiCanExit() {
     if (this.state.Method === 'editor' && this.formValues.StackFileContent && this.state.isEditorDirty) {
       return this.ModalService.confirmWebEditorDiscard();

app/kubernetes/__module.js

@@ -1,6 +1,7 @@
 import registriesModule from './registries';
+import customTemplateModule from './custom-templates';
 
-angular.module('portainer.kubernetes', ['portainer.app', registriesModule]).config([
+angular.module('portainer.kubernetes', ['portainer.app', registriesModule, customTemplateModule]).config([
   '$stateRegistryProvider',
   function ($stateRegistryProvider) {
     'use strict';
@@ -208,12 +209,15 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule]).conf
 
     const deploy = {
       name: 'kubernetes.deploy',
-      url: '/deploy',
+      url: '/deploy?templateId',
       views: {
         'content@': {
           component: 'kubernetesDeployView',
         },
       },
+      params: {
+        templateId: '',
+      },
     };
 
     const resourcePools = {

app/kubernetes/components/datatables/applications-datatable/applicationsDatatable.html

@@ -73,7 +73,10 @@
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
         <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.applications.new" data-cy="k8sApp-addApplicationButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add application
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add application with form
+        </button>
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sApp-deployFromManifestButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
         </button>
       </div>
       <div class="searchBar">
@@ -162,7 +165,7 @@
                 <span class="label label-info image-tag label-margins" ng-if="$ctrl.isSystemNamespace(item)">system</span>
                 <span class="label label-primary image-tag label-margins" ng-if="!$ctrl.isSystemNamespace(item) && $ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName }}</td>
+              <td>{{ item.StackName || '-' }}</td>
               <td>
                 <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.ResourcePool })">{{ item.ResourcePool }}</a>
               </td>

app/kubernetes/components/datatables/configurations-datatable/configurationsDatatable.html

@@ -66,8 +66,11 @@
         >
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.configurations.new" data-cy="k8sConfig-addConfigButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add configuration
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.configurations.new" data-cy="k8sConfig-addConfigWithFormButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add configuration with form
+        </button>
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sConfig-deployFromManifestButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
         </button>
       </div>
       <div class="searchBar">

app/kubernetes/components/datatables/integrated-applications-datatable/integratedApplicationsDatatable.html

@@ -91,7 +91,7 @@
               <td
                 ><a ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })">{{ item.Name }}</a></td
               >
-              <td>{{ item.StackName }}</td>
+              <td>{{ item.StackName || '-' }}</td>
               <td title="{{ item.Image }}">{{ item.Image | truncate: 64 }}</td>
             </tr>
             <tr ng-if="!$ctrl.dataset">

app/kubernetes/components/datatables/node-applications-datatable/nodeApplicationsDatatable.html

@@ -114,7 +114,7 @@
                 <span style="margin-left: 5px;" class="label label-info image-tag" ng-if="$ctrl.isSystemNamespace(item)">system</span>
                 <span style="margin-left: 5px;" class="label label-primary image-tag" ng-if="!$ctrl.isSystemNamespace(item) && $ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName }}</td>
+              <td>{{ item.StackName || '-' }}</td>
               <td>
                 <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.ResourcePool })">{{ item.ResourcePool }}</a>
               </td>

app/kubernetes/components/datatables/resource-pool-applications-datatable/resourcePoolApplicationsDatatable.html

@@ -106,7 +106,7 @@
                 <a ui-sref="kubernetes.applications.application({ name: item.Name, namespace: item.ResourcePool })">{{ item.Name }}</a>
                 <span style="margin-left: 5px;" class="label label-primary image-tag" ng-if="$ctrl.isExternalApplication(item)">external</span>
               </td>
-              <td>{{ item.StackName }}</td>
+              <td>{{ item.StackName || '-' }}</td>
               <td title="{{ item.Image }}"
                 >{{ item.Image | truncate: 64 }} <span ng-if="item.Containers.length > 1">+ {{ item.Containers.length - 1 }}</span></td
               >

app/kubernetes/components/datatables/resource-pools-datatable/resourcePoolsDatatable.html

@@ -60,8 +60,11 @@
         >
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.resourcePools.new" data-cy="k8sNamespace-addNamespaceButton">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add namespace
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.resourcePools.new" data-cy="k8sNamespace-addNamespaceWithFormButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add namespace with form
+        </button>
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sNamespace-deployFromManifestButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
         </button>
       </div>
       <div class="searchBar">
@@ -92,6 +95,13 @@
                   <i class="fa fa-sort-alpha-up" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Name' && $ctrl.state.reverseOrder"></i>
                 </a>
               </th>
+              <th>
+                <a ng-click="$ctrl.changeOrderBy('Namespace.Status')">
+                  Status
+                  <i class="fa fa-sort-alpha-down" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Status' && !$ctrl.state.reverseOrder"></i>
+                  <i class="fa fa-sort-alpha-up" aria-hidden="true" ng-if="$ctrl.state.orderBy === 'Namespace.Status' && $ctrl.state.reverseOrder"></i>
+                </a>
+              </th>  
               <th>
                 <a ng-click="$ctrl.changeOrderBy('Quota')">
                   Quota
@@ -124,6 +134,9 @@
                 <a ui-sref="kubernetes.resourcePools.resourcePool({ id: item.Namespace.Name })">{{ item.Namespace.Name }}</a>
                 <span style="margin-left: 5px;" class="label label-info image-tag" ng-if="$ctrl.isSystemNamespace(item)">system</span>
               </td>
+              <td>
+                <span class="label label-{{ $ctrl.namespaceStatusColor(item.Namespace.Status) }}">{{ item.Namespace.Status }}</span>
+              </td>
               <td> <i class="fa {{ item.Quota ? 'fa-toggle-on' : 'fa-toggle-off' }}" aria-hidden="true" style="margin-right: 2px;"></i> {{ item.Quota ? 'Yes' : 'No' }} </td>
               <td>{{ item.Namespace.CreationDate | getisodate }} {{ item.Namespace.ResourcePoolOwner ? 'by ' + item.Namespace.ResourcePoolOwner : '' }}</td>
               <td ng-if="$ctrl.isAdmin">

app/kubernetes/components/datatables/resource-pools-datatable/resourcePoolsDatatableController.js

@@ -38,6 +38,17 @@ angular.module('portainer.docker').controller('KubernetesResourcePoolsDatatableC
       return !ctrl.isSystemNamespace(item) || (ctrl.settings.showSystem && ctrl.isAdmin);
     };
 
+    this.namespaceStatusColor = function(status) {
+      switch (status.toLowerCase()) {
+        case 'active':
+          return 'success';
+        case 'terminating':
+          return 'danger';
+        default:
+          return 'primary';
+      }
+    };
+
     /**
      * Do not allow system namespaces to be selected
      */

app/kubernetes/components/datatables/volumes-datatable/volumesDatatable.html

@@ -54,6 +54,9 @@
         <button type="button" class="btn btn-sm btn-danger" ng-disabled="$ctrl.state.selectedItemCount === 0" ng-click="$ctrl.removeAction($ctrl.state.selectedItems)">
           <i class="fa fa-trash-alt space-right" aria-hidden="true"></i>Remove
         </button>
+        <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sVolume-deployFromManifestButton">
+          <i class="fa fa-plus space-right" aria-hidden="true"></i>Create from manifest
+        </button>        
       </div>
       <div class="searchBar">
         <i class="fa fa-search searchIcon" aria-hidden="true"></i>

app/kubernetes/components/kubectl-shell/kubectl-shell.controller.js

@@ -19,6 +19,7 @@ export default class KubectlShellController {
     this.state.shell.term.dispose();
     this.state.shell.connected = false;
     this.TerminalWindow.terminalclose();
+    this.$window.onresize = null;
   }
 
   screenClear() {

app/kubernetes/components/kubectl-shell/kubectl-shell.html

@@ -1,4 +1,13 @@
-<button type="button" class="btn btn-xs btn-primary" ng-click="$ctrl.connectConsole()" ng-disabled="$ctrl.state.shell.connected" data-cy="k8sSidebar-shellButton">
+<button
+  type="button"
+  class="btn btn-xs btn-primary"
+  ng-click="$ctrl.connectConsole()"
+  ng-disabled="$ctrl.state.shell.connected"
+  data-cy="k8sSidebar-shellButton"
+  analytics-on
+  analytics-category="kubernetes"
+  analytics-event="kubernetes-kubectl-shell"
+>
   <i class="fa fa-terminal space-right"></i> kubectl shell
 </button>
 

app/kubernetes/components/kubernetes-sidebar/kubernetes-sidebar.html

@@ -8,6 +8,16 @@
   Dashboard
 </sidebar-menu-item>
 
+<sidebar-menu-item
+  path="kubernetes.templates.custom"
+  path-params="{ endpointId: $ctrl.endpointId }"
+  icon-class="fa-rocket fa-fw"
+  class-name="sidebar-list"
+  data-cy="k8sSidebar-customTemplates"
+>
+  Custom Templates
+</sidebar-menu-item>
+
 <sidebar-menu-item
   path="kubernetes.resourcePools"
   path-params="{ endpointId: $ctrl.endpointId }"

app/kubernetes/converters/application.js

@@ -14,6 +14,7 @@ import {
   KubernetesPortainerApplicationNote,
   KubernetesPortainerApplicationOwnerLabel,
   KubernetesPortainerApplicationStackNameLabel,
+  KubernetesPortainerApplicationStackIdLabel,
 } from 'Kubernetes/models/application/models';
 import { KubernetesServiceTypes } from 'Kubernetes/models/service/models';
 import KubernetesResourceReservationHelper from 'Kubernetes/helpers/resourceReservationHelper';
@@ -54,10 +55,16 @@ class KubernetesApplicationConverter {
     const containers = data.spec.template ? _.without(_.concat(data.spec.template.spec.containers, data.spec.template.spec.initContainers), undefined) : data.spec.containers;
     res.Id = data.metadata.uid;
     res.Name = data.metadata.name;
-    res.StackName = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationStackNameLabel] || '-' : '-';
-    res.ApplicationOwner = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationOwnerLabel] || '' : '';
+
+    if (data.metadata.labels) {
+      const { labels } = data.metadata;
+      res.StackId = labels[KubernetesPortainerApplicationStackIdLabel] ? parseInt(labels[KubernetesPortainerApplicationStackIdLabel], 10) : null;
+      res.StackName = labels[KubernetesPortainerApplicationStackNameLabel] || '';
+      res.ApplicationOwner = labels[KubernetesPortainerApplicationOwnerLabel] || '';
+      res.ApplicationName = labels[KubernetesPortainerApplicationNameLabel] || res.Name;
+    }
+
     res.Note = data.metadata.annotations ? data.metadata.annotations[KubernetesPortainerApplicationNote] || '' : '';
-    res.ApplicationName = data.metadata.labels ? data.metadata.labels[KubernetesPortainerApplicationNameLabel] || res.Name : res.Name;
     res.ResourcePool = data.metadata.namespace;
     if (containers.length) {
       res.Image = containers[0].image;

app/kubernetes/custom-templates/index.js

@@ -0,0 +1,61 @@
+import angular from 'angular';
+
+import { kubeCustomTemplatesView } from './kube-custom-templates-view';
+import { kubeEditCustomTemplateView } from './kube-edit-custom-template-view';
+import { kubeCreateCustomTemplateView } from './kube-create-custom-template-view';
+
+export default angular
+  .module('portainer.kubernetes.custom-templates', [])
+  .config(config)
+  .component('kubeCustomTemplatesView', kubeCustomTemplatesView)
+  .component('kubeEditCustomTemplateView', kubeEditCustomTemplateView)
+  .component('kubeCreateCustomTemplateView', kubeCreateCustomTemplateView).name;
+
+function config($stateRegistryProvider) {
+  const templates = {
+    name: 'kubernetes.templates',
+    url: '/templates',
+    abstract: true,
+  };
+
+  const customTemplates = {
+    name: 'kubernetes.templates.custom',
+    url: '/custom',
+
+    views: {
+      'content@': {
+        component: 'kubeCustomTemplatesView',
+      },
+    },
+  };
+
+  const customTemplatesNew = {
+    name: 'kubernetes.templates.custom.new',
+    url: '/new?fileContent',
+
+    views: {
+      'content@': {
+        component: 'kubeCreateCustomTemplateView',
+      },
+    },
+    params: {
+      fileContent: '',
+    },
+  };
+
+  const customTemplatesEdit = {
+    name: 'kubernetes.templates.custom.edit',
+    url: '/:id',
+
+    views: {
+      'content@': {
+        component: 'kubeEditCustomTemplateView',
+      },
+    },
+  };
+
+  $stateRegistryProvider.register(templates);
+  $stateRegistryProvider.register(customTemplates);
+  $stateRegistryProvider.register(customTemplatesNew);
+  $stateRegistryProvider.register(customTemplatesEdit);
+}

app/kubernetes/custom-templates/kube-create-custom-template-view/index.js

@@ -0,0 +1,6 @@
+import controller from './kube-create-custom-template-view.controller.js';
+
+export const kubeCreateCustomTemplateView = {
+  templateUrl: './kube-create-custom-template-view.html',
+  controller,
+};

app/kubernetes/custom-templates/kube-create-custom-template-view/kube-create-custom-template-view.controller.js

@@ -0,0 +1,169 @@
+import { buildOption } from '@/portainer/components/box-selector';
+import { AccessControlFormData } from '@/portainer/components/accessControlForm/porAccessControlFormModel';
+
+class KubeCreateCustomTemplateViewController {
+  /* @ngInject */
+  constructor($async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications, ResourceControlService) {
+    Object.assign(this, { $async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications, ResourceControlService });
+
+    this.methodOptions = [
+      buildOption('method_editor', 'fa fa-edit', 'Web editor', 'Use our Web editor', 'editor'),
+      buildOption('method_upload', 'fa fa-upload', 'Upload', 'Upload from your computer', 'upload'),
+    ];
+
+    this.templates = null;
+
+    this.state = {
+      method: 'editor',
+      actionInProgress: false,
+      formValidationError: '',
+      isEditorDirty: false,
+    };
+
+    this.formValues = {
+      FileContent: '',
+      File: null,
+      Title: '',
+      Description: '',
+      Note: '',
+      Logo: '',
+      AccessControlData: new AccessControlFormData(),
+    };
+
+    this.onChangeFile = this.onChangeFile.bind(this);
+    this.onChangeFileContent = this.onChangeFileContent.bind(this);
+    this.onChangeMethod = this.onChangeMethod.bind(this);
+    this.onBeforeOnload = this.onBeforeOnload.bind(this);
+  }
+
+  onChangeMethod(method) {
+    this.state.method = method;
+  }
+
+  onChangeFileContent(content) {
+    this.formValues.FileContent = content;
+    this.state.isEditorDirty = true;
+  }
+
+  onChangeFile(file) {
+    this.formValues.File = file;
+  }
+
+  async createCustomTemplate() {
+    return this.$async(async () => {
+      const { method } = this.state;
+
+      if (!this.validateForm(method)) {
+        return;
+      }
+
+      this.state.actionInProgress = true;
+      try {
+        const customTemplate = await this.createCustomTemplateByMethod(method, this.formValues);
+
+        const accessControlData = this.formValues.AccessControlData;
+        const userDetails = this.Authentication.getUserDetails();
+        const userId = userDetails.ID;
+        await this.ResourceControlService.applyResourceControl(userId, accessControlData, customTemplate.ResourceControl);
+
+        this.Notifications.success('Custom template successfully created');
+        this.state.isEditorDirty = false;
+        this.$state.go('kubernetes.templates.custom');
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Failed creating custom template');
+      } finally {
+        this.state.actionInProgress = false;
+      }
+    });
+  }
+
+  createCustomTemplateByMethod(method, template) {
+    template.Type = 3;
+
+    switch (method) {
+      case 'editor':
+        return this.createCustomTemplateFromFileContent(template);
+      case 'upload':
+        return this.createCustomTemplateFromFileUpload(template);
+    }
+  }
+
+  createCustomTemplateFromFileContent(template) {
+    return this.CustomTemplateService.createCustomTemplateFromFileContent(template);
+  }
+
+  createCustomTemplateFromFileUpload(template) {
+    return this.CustomTemplateService.createCustomTemplateFromFileUpload(template);
+  }
+
+  validateForm(method) {
+    this.state.formValidationError = '';
+
+    if (method === 'editor' && this.formValues.FileContent === '') {
+      this.state.formValidationError = 'Template file content must not be empty';
+      return false;
+    }
+
+    const title = this.formValues.Title;
+    const isNotUnique = this.templates.some((template) => template.Title === title);
+    if (isNotUnique) {
+      this.state.formValidationError = 'A template with the same name already exists';
+      return false;
+    }
+
+    const isAdmin = this.Authentication.isAdmin();
+    const accessControlData = this.formValues.AccessControlData;
+    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
+
+    if (error) {
+      this.state.formValidationError = error;
+      return false;
+    }
+
+    return true;
+  }
+
+  async $onInit() {
+    return this.$async(async () => {
+      const { fileContent, type } = this.$state.params;
+
+      this.formValues.FileContent = fileContent;
+      if (type) {
+        this.formValues.Type = +type;
+      }
+
+      try {
+        this.templates = await this.CustomTemplateService.customTemplates(3);
+      } catch (err) {
+        this.Notifications.error('Failure loading', err, 'Failed loading custom templates');
+      }
+
+      this.state.loading = false;
+
+      window.addEventListener('beforeunload', this.onBeforeOnload);
+    });
+  }
+
+  $onDestroy() {
+    window.removeEventListener('beforeunload', this.onBeforeOnload);
+  }
+
+  isEditorDirty() {
+    return this.state.method === 'editor' && this.formValues.FileContent && this.state.isEditorDirty;
+  }
+
+  onBeforeOnload(event) {
+    if (this.isEditorDirty()) {
+      event.preventDefault();
+      event.returnValue = '';
+    }
+  }
+
+  uiCanExit() {
+    if (this.isEditorDirty()) {
+      return this.ModalService.confirmWebEditorDiscard();
+    }
+  }
+}
+
+export default KubeCreateCustomTemplateViewController;

app/kubernetes/custom-templates/kube-create-custom-template-view/kube-create-custom-template-view.html

@@ -0,0 +1,71 @@
+<rd-header>
+  <rd-header-title title-text="Create Custom template"></rd-header-title>
+  <rd-header-content> <a ui-sref="kubernetes.templates.custom">Custom Templates</a> &gt; Create Custom template </rd-header-content>
+</rd-header>
+
+<div class="row">
+  <div class="col-sm-12">
+    <rd-widget>
+      <rd-widget-body>
+        <form class="form-horizontal" name="$ctrl.form">
+          <custom-template-common-fields form-values="$ctrl.formValues"></custom-template-common-fields>
+
+          <!-- build-method -->
+          <div class="col-sm-12 form-section-title">
+            Build method
+          </div>
+          <box-selector radio-name="method" ng-model="$ctrl.state.method" options="$ctrl.methodOptions" on-change="($ctrl.onChangeMethod)"></box-selector>
+
+          <web-editor-form
+            ng-if="$ctrl.state.method === 'editor'"
+            identifier="template-creation-editor"
+            value="$ctrl.formValues.FileContent"
+            on-change="($ctrl.onChangeFileContent)"
+            ng-required="true"
+            yml="true"
+            placeholder="# Define or paste the content of your manifest file here"
+          >
+            <editor-description>
+              <p>Templates allow deploying any kind of Kubernetes resource (Deployment, Secret, ConfigMap...)</p>
+              <p>
+                You can get more information about Kubernetes file format in the
+                <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/" target="_blank">official documentation</a>.
+              </p>
+            </editor-description>
+          </web-editor-form>
+
+          <file-upload-form ng-if="$ctrl.state.method === 'upload'" file="$ctrl.formValues.File" on-change="($ctrl.onChangeFile)" ng-required="true">
+            <file-upload-description>
+              You can upload a Manifest file from your computer.
+            </file-upload-description>
+          </file-upload-form>
+
+          <por-access-control-form form-data="$ctrl.formValues.AccessControlData"></por-access-control-form>
+
+          <!-- actions -->
+          <div class="col-sm-12 form-section-title">
+            Actions
+          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <button
+                type="button"
+                class="btn btn-primary btn-sm"
+                ng-disabled="$ctrl.state.actionInProgress || $ctrl.form.$invalid || ($ctrl.state.method === 'editor' && !$ctrl.formValues.FileContent)"
+                ng-click="$ctrl.createCustomTemplate()"
+                button-spinner="$ctrl.state.actionInProgress"
+              >
+                <span ng-hide="$ctrl.state.actionInProgress">Create custom template</span>
+                <span ng-show="$ctrl.state.actionInProgress">Creation in progress...</span>
+              </button>
+              <span class="text-danger" ng-if="$ctrl.state.formValidationError" style="margin-left: 5px;">
+                {{ $ctrl.state.formValidationError }}
+              </span>
+            </div>
+          </div>
+          <!-- !actions -->
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>

app/kubernetes/custom-templates/kube-custom-templates-view/index.js

@@ -0,0 +1,6 @@
+import controller from './kube-custom-templates-view.controller.js';
+
+export const kubeCustomTemplatesView = {
+  templateUrl: './kube-custom-templates-view.html',
+  controller,
+};

app/kubernetes/custom-templates/kube-custom-templates-view/kube-custom-templates-view.controller.js

@@ -0,0 +1,79 @@
+import _ from 'lodash-es';
+
+export default class KubeCustomTemplatesViewController {
+  /* @ngInject */
+  constructor($async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications) {
+    Object.assign(this, { $async, $state, Authentication, CustomTemplateService, FormValidator, ModalService, Notifications });
+
+    this.state = {
+      selectedTemplate: null,
+      formValidationError: '',
+      actionInProgress: false,
+    };
+
+    this.currentUser = {
+      isAdmin: false,
+      id: null,
+    };
+
+    this.isEditAllowed = this.isEditAllowed.bind(this);
+    this.getTemplates = this.getTemplates.bind(this);
+    this.validateForm = this.validateForm.bind(this);
+    this.confirmDelete = this.confirmDelete.bind(this);
+    this.selectTemplate = this.selectTemplate.bind(this);
+  }
+
+  selectTemplate(template) {
+    this.$state.go('kubernetes.deploy', { templateId: template.Id });
+  }
+
+  isEditAllowed(template) {
+    // todo - check if current user is admin/endpointadmin/owner
+    return this.currentUser.isAdmin || this.currentUser.id === template.CreatedByUserId;
+  }
+
+  getTemplates() {
+    return this.$async(async () => {
+      try {
+        this.templates = await this.CustomTemplateService.customTemplates(3);
+      } catch (err) {
+        this.Notifications.error('Failed loading templates', err, 'Unable to load custom templates');
+      }
+    });
+  }
+
+  validateForm(accessControlData, isAdmin) {
+    this.state.formValidationError = '';
+    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
+
+    if (error) {
+      this.state.formValidationError = error;
+      return false;
+    }
+    return true;
+  }
+
+  confirmDelete(templateId) {
+    return this.$async(async () => {
+      const confirmed = await this.ModalService.confirmDeletionAsync('Are you sure that you want to delete this template?');
+      if (!confirmed) {
+        return;
+      }
+
+      try {
+        await this.CustomTemplateService.remove(templateId);
+        _.remove(this.templates, { Id: templateId });
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Failed to delete template');
+      }
+    });
+  }
+
+  $onInit() {
+    this.getTemplates();
+
+    this.currentUser.isAdmin = this.Authentication.isAdmin();
+    const user = this.Authentication.getUserDetails();
+    this.currentUser.id = user.ID;
+  }
+}

app/kubernetes/custom-templates/kube-custom-templates-view/kube-custom-templates-view.html

@@ -0,0 +1,25 @@
+<rd-header id="view-top">
+  <rd-header-title title-text="Custom Templates">
+    <a data-toggle="tooltip" title="Refresh" ui-sref="kubernetes.templates.custom" ui-sref-opts="{reload: true}">
+      <i class="fa fa-sync" aria-hidden="true"></i>
+    </a>
+  </rd-header-title>
+  <rd-header-content>Custom Templates</rd-header-content>
+</rd-header>
+
+<div class="row">
+  <div class="col-sm-12">
+    <custom-templates-list
+      ng-if="$ctrl.templates"
+      title-text="Templates"
+      title-icon="fa-rocket"
+      templates="$ctrl.templates"
+      table-key="customTemplates"
+      is-edit-allowed="$ctrl.isEditAllowed"
+      on-select-click="($ctrl.selectTemplate)"
+      on-delete-click="($ctrl.confirmDelete)"
+      create-path="kubernetes.templates.custom.new"
+      edit-path="kubernetes.templates.custom.edit"
+    ></custom-templates-list>
+  </div>
+</div>

app/kubernetes/custom-templates/kube-edit-custom-template-view/index.js

@@ -0,0 +1,6 @@
+import controller from './kube-edit-custom-template-view.controller.js';
+
+export const kubeEditCustomTemplateView = {
+  templateUrl: './kube-edit-custom-template-view.html',
+  controller,
+};

app/kubernetes/custom-templates/kube-edit-custom-template-view/kube-edit-custom-template-view.controller.js

@@ -0,0 +1,143 @@
+import { AccessControlFormData } from '@/portainer/components/accessControlForm/porAccessControlFormModel';
+import { ResourceControlViewModel } from '@/portainer/models/resourceControl/resourceControl';
+
+class KubeEditCustomTemplateViewController {
+  /* @ngInject */
+  constructor($async, $state, ModalService, Authentication, CustomTemplateService, FormValidator, Notifications, ResourceControlService) {
+    Object.assign(this, { $async, $state, ModalService, Authentication, CustomTemplateService, FormValidator, Notifications, ResourceControlService });
+
+    this.formValues = null;
+    this.state = {
+      formValidationError: '',
+      isEditorDirty: false,
+    };
+    this.templates = [];
+
+    this.getTemplate = this.getTemplate.bind(this);
+    this.submitAction = this.submitAction.bind(this);
+    this.onChangeFileContent = this.onChangeFileContent.bind(this);
+    this.onBeforeUnload = this.onBeforeUnload.bind(this);
+  }
+
+  getTemplate() {
+    return this.$async(async () => {
+      try {
+        const { id } = this.$state.params;
+
+        const [template, file] = await Promise.all([this.CustomTemplateService.customTemplate(id), this.CustomTemplateService.customTemplateFile(id)]);
+        template.FileContent = file;
+        this.formValues = template;
+        this.oldFileContent = this.formValues.FileContent;
+
+        this.formValues.ResourceControl = new ResourceControlViewModel(template.ResourceControl);
+        this.formValues.AccessControlData = new AccessControlFormData();
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to retrieve custom template data');
+      }
+    });
+  }
+
+  validateForm() {
+    this.state.formValidationError = '';
+
+    if (!this.formValues.FileContent) {
+      this.state.formValidationError = 'Template file content must not be empty';
+      return false;
+    }
+
+    const title = this.formValues.Title;
+    const id = this.$state.params.id;
+
+    const isNotUnique = this.templates.some((template) => template.Title === title && template.Id != id);
+    if (isNotUnique) {
+      this.state.formValidationError = `A template with the name ${title} already exists`;
+      return false;
+    }
+
+    const isAdmin = this.Authentication.isAdmin();
+    const accessControlData = this.formValues.AccessControlData;
+    const error = this.FormValidator.validateAccessControl(accessControlData, isAdmin);
+
+    if (error) {
+      this.state.formValidationError = error;
+      return false;
+    }
+
+    return true;
+  }
+
+  submitAction() {
+    return this.$async(async () => {
+      if (!this.validateForm()) {
+        return;
+      }
+
+      this.actionInProgress = true;
+      try {
+        await this.CustomTemplateService.updateCustomTemplate(this.formValues.Id, this.formValues);
+
+        const userDetails = this.Authentication.getUserDetails();
+        const userId = userDetails.ID;
+        await this.ResourceControlService.applyResourceControl(userId, this.formValues.AccessControlData, this.formValues.ResourceControl);
+
+        this.Notifications.success('Custom template successfully updated');
+        this.state.isEditorDirty = false;
+        this.$state.go('kubernetes.templates.custom');
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to update custom template');
+      } finally {
+        this.actionInProgress = false;
+      }
+    });
+  }
+
+  onChangeFileContent(value) {
+    if (stripSpaces(this.formValues.FileContent) !== stripSpaces(value)) {
+      this.formValues.FileContent = value;
+      this.state.isEditorDirty = true;
+    }
+  }
+
+  async $onInit() {
+    this.$async(async () => {
+      this.getTemplate();
+
+      try {
+        this.templates = await this.CustomTemplateService.customTemplates();
+      } catch (err) {
+        this.Notifications.error('Failure loading', err, 'Failed loading custom templates');
+      }
+
+      window.addEventListener('beforeunload', this.onBeforeUnload);
+    });
+  }
+
+  isEditorDirty() {
+    return this.formValues.FileContent !== this.oldFileContent && this.state.isEditorDirty;
+  }
+
+  uiCanExit() {
+    if (this.isEditorDirty()) {
+      return this.ModalService.confirmWebEditorDiscard();
+    }
+  }
+
+  onBeforeUnload(event) {
+    if (this.formValues.FileContent !== this.oldFileContent && this.state.isEditorDirty) {
+      event.preventDefault();
+      event.returnValue = '';
+
+      return '';
+    }
+  }
+
+  $onDestroy() {
+    window.removeEventListener('beforeunload', this.onBeforeUnload);
+  }
+}
+
+export default KubeEditCustomTemplateViewController;
+
+function stripSpaces(str = '') {
+  return str.replace(/(\r\n|\n|\r)/gm, '');
+}

app/kubernetes/custom-templates/kube-edit-custom-template-view/kube-edit-custom-template-view.html

@@ -0,0 +1,60 @@
+<rd-header>
+  <rd-header-title title-text="Edit Custom Template">
+    <a data-toggle="tooltip" title="Refresh" ui-sref="kubernetes.templates.custom.edit({id:$ctrl.formValues.Id})" ui-sref-opts="{reload: true}">
+      <i class="fa fa-sync" aria-hidden="true"></i>
+    </a>
+  </rd-header-title>
+  <rd-header-content> <a ui-sref="kubernetes.templates.custom">Custom templates</a> &gt; {{ $ctrl.formValues.Title }} </rd-header-content>
+</rd-header>
+
+<div class="row" ng-if="$ctrl.formValues">
+  <div class="col-sm-12">
+    <rd-widget>
+      <rd-widget-body>
+        <form class="form-horizontal" name="$ctrl.form">
+          <custom-template-common-fields form-values="$ctrl.formValues"></custom-template-common-fields>
+
+          <web-editor-form
+            identifier="template-editor"
+            value="$ctrl.formValues.FileContent"
+            on-change="($ctrl.onChangeFileContent)"
+            ng-required="true"
+            yml="true"
+            placeholder="# Define or paste the content of your manifest file here"
+          >
+            <editor-description>
+              <p>Templates allow deploying any kind of Kubernetes resource (Deployment, Secret, ConfigMap...)</p>
+              <p>
+                You can get more information about Kubernetes file format in the
+                <a href="https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/" target="_blank">official documentation</a>.
+              </p>
+            </editor-description>
+          </web-editor-form>
+
+          <por-access-control-form form-data="$ctrl.formValues.AccessControlData" resource-control="$ctrl.formValues.ResourceControl"></por-access-control-form>
+
+          <div class="col-sm-12 form-section-title">
+            Actions
+          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <button
+                type="button"
+                class="btn btn-primary btn-sm"
+                ng-disabled="$ctrl.actionInProgress || $ctrl.form.$invalid || !$ctrl.formValues.Title || !$ctrl.formValues.FileContent"
+                ng-click="$ctrl.submitAction()"
+                button-spinner="$ctrl.actionInProgress"
+              >
+                <span ng-hide="$ctrl.actionInProgress">Update the template</span>
+                <span ng-show="$ctrl.actionInProgress">Update in progress...</span>
+              </button>
+              <span class="text-danger" ng-if="$ctrl.state.formValidationError" style="margin-left: 5px;">
+                {{ $ctrl.state.formValidationError }}
+              </span>
+            </div>
+          </div>
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>

app/kubernetes/helpers/stackHelper.js

@@ -6,7 +6,7 @@ class KubernetesStackHelper {
     const res = _.reduce(
       applications,
       (acc, app) => {
-        if (app.StackName !== '-') {
+        if (app.StackName) {
           let stack = _.find(acc, { Name: app.StackName, ResourcePool: app.ResourcePool });
           if (!stack) {
             stack = new KubernetesStack();

app/kubernetes/ingress/converter.js

@@ -19,10 +19,10 @@ export class KubernetesIngressConverter {
         : _.map(rule.http.paths, (path) => {
             const ingRule = new KubernetesIngressRule();
             ingRule.IngressName = data.metadata.name;
-            ingRule.ServiceName = path.backend.serviceName;
+            ingRule.ServiceName = path.backend.service.name;
             ingRule.Host = rule.host || '';
             ingRule.IP = data.status.loadBalancer.ingress ? data.status.loadBalancer.ingress[0].ip : undefined;
-            ingRule.Port = path.backend.servicePort;
+            ingRule.Port = path.backend.service.port.number;
             ingRule.Path = path.path;
             return ingRule;
           });
@@ -151,8 +151,8 @@ export class KubernetesIngressConverter {
         rule.http.paths = _.map(paths, (p) => {
           const path = new KubernetesIngressRulePathCreatePayload();
           path.path = p.Path;
-          path.backend.serviceName = p.ServiceName;
-          path.backend.servicePort = p.Port;
+          path.backend.service.name = p.ServiceName;
+          path.backend.service.port.number = p.Port;
           return path;
         });
         hostsWithRules.push(host);
@@ -173,7 +173,7 @@ export class KubernetesIngressConverter {
       res.spec.rules = [];
       _.forEach(data.Hosts, (host) => {
         if (!host.NeedsDeletion) {
-          res.spec.rules.push({ host: host.Host });
+          res.spec.rules.push({ host: host.Host || host });
         }
       });
     } else {

app/kubernetes/ingress/payloads.js

@@ -20,10 +20,15 @@ export function KubernetesIngressRuleCreatePayload() {
 
 export function KubernetesIngressRulePathCreatePayload() {
   return {
-    backend: {
-      serviceName: '',
-      servicePort: 0,
-    },
     path: '',
+    pathType: 'ImplementationSpecific',
+    backend: {
+      service: {
+        name: '',
+        port: {
+          number: 0,
+        },
+      },
+    },
   };
 }

app/kubernetes/ingress/rest.js

@@ -5,7 +5,7 @@ angular.module('portainer.kubernetes').factory('KubernetesIngresses', factory);
 function factory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
   'use strict';
   return function (namespace) {
-    const url = `${API_ENDPOINT_ENDPOINTS}/:endpointId/kubernetes/apis/networking.k8s.io/v1beta1${namespace ? '/namespaces/:namespace' : ''}/ingresses/:id/:action`;
+    const url = `${API_ENDPOINT_ENDPOINTS}/:endpointId/kubernetes/apis/networking.k8s.io/v1${namespace ? '/namespaces/:namespace' : ''}/ingresses/:id/:action`;
     return $resource(
       url,
       {

app/kubernetes/models/application/models/constants.js

@@ -40,6 +40,7 @@ export const KubernetesApplicationQuotaDefaults = {
 };
 
 export const KubernetesPortainerApplicationStackNameLabel = 'io.portainer.kubernetes.application.stack';
+export const KubernetesPortainerApplicationStackIdLabel = 'io.portainer.kubernetes.application.stackid';
 
 export const KubernetesPortainerApplicationNameLabel = 'io.portainer.kubernetes.application.name';
 

app/kubernetes/models/deploy.js

@@ -6,9 +6,12 @@ export const KubernetesDeployManifestTypes = Object.freeze({
 export const KubernetesDeployBuildMethods = Object.freeze({
   GIT: 1,
   WEB_EDITOR: 2,
+  CUSTOM_TEMPLATE: 3,
+  URL: 4
 });
 
 export const KubernetesDeployRequestMethods = Object.freeze({
   REPOSITORY: 'repository',
   STRING: 'string',
+  URL: 'url'
 });

app/kubernetes/models/nodes-limits/models.js

@@ -0,0 +1,65 @@
+import _ from 'lodash-es';
+
+/**
+ * NodesLimits Model
+ */
+export class KubernetesNodesLimits {
+  constructor(nodesLimits) {
+    this.MaxCPU = 0;
+    this.MaxMemory = 0;
+    this.nodesLimits = this.convertCPU(nodesLimits);
+
+    this.calculateMaxCPUMemory();
+  }
+
+  convertCPU(nodesLimits) {
+    _.forEach(nodesLimits, (value) => {
+      if (value.CPU) {
+        value.CPU /= 1000.0;
+      }
+    });
+    return nodesLimits;
+  }
+
+  calculateMaxCPUMemory() {
+    const nodesLimitsArray = Object.values(this.nodesLimits);
+    this.MaxCPU = _.maxBy(nodesLimitsArray, 'CPU').CPU;
+    this.MaxMemory = _.maxBy(nodesLimitsArray, 'Memory').Memory;
+  }
+
+  // check if there is enough cpu and memory to allocate containers in replica mode
+  overflowForReplica(cpu, memory, instances) {
+    _.forEach(this.nodesLimits, (value) => {
+      instances -= Math.min(Math.floor(value.CPU / cpu), Math.floor(value.Memory / memory));
+    });
+
+    return instances > 0;
+  }
+
+  // check if there is enough cpu and memory to allocate containers in global mode
+  overflowForGlobal(cpu, memory) {
+    let overflow = false;
+
+    _.forEach(this.nodesLimits, (value) => {
+      if (cpu > value.CPU || memory > value.Memory) {
+        overflow = true;
+      }
+    });
+
+    return overflow;
+  }
+
+  excludesPods(pods, cpuLimit, memoryLimit) {
+    const nodesLimits = this.nodesLimits;
+
+    _.forEach(pods, (value) => {
+      const node = value.Node;
+      if (node && nodesLimits[node]) {
+        nodesLimits[node].CPU += cpuLimit;
+        nodesLimits[node].Memory += memoryLimit;
+      }
+    });
+
+    this.calculateMaxCPUMemory();
+  }
+}

app/kubernetes/rest/nodesLimits.js

@@ -0,0 +1,21 @@
+import angular from 'angular';
+
+angular.module('portainer.kubernetes').factory('KubernetesNodesLimits', KubernetesNodesLimitsFactory);
+
+/* @ngInject */
+function KubernetesNodesLimitsFactory($resource, API_ENDPOINT_KUBERNETES, EndpointProvider) {
+  const url = API_ENDPOINT_KUBERNETES + '/:endpointId/nodes_limits';
+  return $resource(
+    url,
+    {
+      endpointId: EndpointProvider.endpointID,
+    },
+    {
+      get: {
+        method: 'GET',
+        ignoreLoadingBar: true,
+        transformResponse: (data) => ({ data: JSON.parse(data) }),
+      },
+    }
+  );
+}

app/kubernetes/services/namespaceService.js

@@ -41,14 +41,11 @@ class KubernetesNamespaceService {
       const data = await this.KubernetesNamespaces().get().$promise;
       const promises = _.map(data.items, (item) => this.KubernetesNamespaces().status({ id: item.metadata.name }).$promise);
       const namespaces = await $allSettled(promises);
-      const visibleNamespaces = _.map(namespaces.fulfilled, (item) => {
-        if (item.status.phase !== 'Terminating') {
-          return KubernetesNamespaceConverter.apiToNamespace(item);
-        }
+      const allNamespaces = _.map(namespaces.fulfilled, (item) => {
+        return KubernetesNamespaceConverter.apiToNamespace(item);
       });
-      const res = _.without(visibleNamespaces, undefined);
-      updateNamespaces(res);
-      return res;
+      updateNamespaces(allNamespaces);
+      return allNamespaces;
     } catch (err) {
       throw new PortainerError('Unable to retrieve namespaces', err);
     }

app/kubernetes/services/nodesLimitsService.js

@@ -0,0 +1,25 @@
+import angular from 'angular';
+import PortainerError from 'Portainer/error';
+import { KubernetesNodesLimits } from 'Kubernetes/models/nodes-limits/models';
+
+class KubernetesNodesLimitsService {
+  /* @ngInject */
+  constructor(KubernetesNodesLimits) {
+    this.KubernetesNodesLimits = KubernetesNodesLimits;
+  }
+
+  /**
+   * GET
+   */
+  async get() {
+    try {
+      const nodesLimits = await this.KubernetesNodesLimits.get().$promise;
+      return new KubernetesNodesLimits(nodesLimits.data);
+    } catch (err) {
+      throw new PortainerError('Unable to retrieve nodes limits', err);
+    }
+  }
+}
+
+export default KubernetesNodesLimitsService;
+angular.module('portainer.kubernetes').service('KubernetesNodesLimitsService', KubernetesNodesLimitsService);

app/kubernetes/templates/advancedDeploymentPanel.html

@@ -1,14 +0,0 @@
-<information-panel title-text="Advanced deployment">
-  <span class="small">
-    <p class="text-muted">
-      <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px;"></i>
-      Advanced deployment allows you to deploy any Kubernetes manifest inside your cluster.
-    </p>
-    <p>
-      <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy" data-cy="k8sApp-advancedDeployButton">
-        <i class="fa fa-file-code space-right" aria-hidden="true"></i>
-        Advanced deployment
-      </button>
-    </p>
-  </span>
-</information-panel>

app/kubernetes/views/applications/applications.html

@@ -5,8 +5,6 @@
 <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
 
 <div ng-if="ctrl.state.viewReady">
-  <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
-
   <div class="row">
     <div class="col-sm-12" data-cy="k8sApp-appList">
       <rd-widget>

app/kubernetes/views/applications/applicationsController.js

@@ -1,5 +1,3 @@
-require('../../templates/advancedDeploymentPanel.html');
-
 import angular from 'angular';
 import _ from 'lodash-es';
 import KubernetesStackHelper from 'Kubernetes/helpers/stackHelper';

app/kubernetes/views/applications/create/createApplication.html

@@ -722,6 +722,13 @@
                 </p>
               </div>
             </div>
+
+            <div class="form-group" ng-if="ctrl.nodeLimitsOverflow()">
+              <div class="col-sm-12 small text-danger">
+                <i class="fa fa-exclamation-circle red-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+                These reservations would exceed the resources currently available in the cluster.
+              </div>
+            </div>
             <!-- !cpu-limit-input -->
             <!-- #endregion -->
 
@@ -1340,7 +1347,7 @@
                       class="form-control"
                       name="ingress_class_{{ $index }}"
                       ng-model="publishedPort.IngressName"
-                      ng-options="ingress.Name as ingress.Name for ingress in ctrl.filteredIngresses"
+                      ng-options="ingress.Name as ingress.Name for ingress in ctrl.ingresses"
                       ng-required="!publishedPort.NeedsDeletion"
                       ng-change="ctrl.onChangePortMappingIngress($index)"
                       ng-disabled="ctrl.disableLoadBalancerEdit() || ctrl.isEditAndNotNewPublishedPort($index)"

app/kubernetes/views/applications/create/createApplicationController.js

@@ -49,7 +49,8 @@ class KubernetesCreateApplicationController {
     KubernetesIngressService,
     KubernetesPersistentVolumeClaimService,
     KubernetesVolumeService,
-    RegistryService
+    RegistryService,
+    KubernetesNodesLimitsService
   ) {
     this.$async = $async;
     this.$state = $state;
@@ -65,6 +66,7 @@ class KubernetesCreateApplicationController {
     this.KubernetesIngressService = KubernetesIngressService;
     this.KubernetesPersistentVolumeClaimService = KubernetesPersistentVolumeClaimService;
     this.RegistryService = RegistryService;
+    this.KubernetesNodesLimitsService = KubernetesNodesLimitsService;
 
     this.ApplicationDeploymentTypes = KubernetesApplicationDeploymentTypes;
     this.ApplicationDataAccessPolicies = KubernetesApplicationDataAccessPolicies;
@@ -92,6 +94,10 @@ class KubernetesCreateApplicationController {
         memory: 0,
         cpu: 0,
       },
+      namespaceLimits: {
+        memory: 0,
+        cpu: 0,
+      },
       resourcePoolHasQuota: false,
       viewReady: false,
       availableSizeUnits: ['MB', 'GB', 'TB'],
@@ -365,7 +371,7 @@ class KubernetesCreateApplicationController {
   /* #region  PUBLISHED PORTS UI MANAGEMENT */
   addPublishedPort() {
     const p = new KubernetesApplicationPublishedPortFormValue();
-    const ingresses = this.filteredIngresses;
+    const ingresses = this.ingresses;
     p.IngressName = ingresses && ingresses.length ? ingresses[0].Name : undefined;
     p.IngressHost = ingresses && ingresses.length ? ingresses[0].Hosts[0] : undefined;
     p.IngressHosts = ingresses && ingresses.length ? ingresses[0].Hosts : undefined;
@@ -376,7 +382,7 @@ class KubernetesCreateApplicationController {
   }
 
   resetPublishedPorts() {
-    const ingresses = this.filteredIngresses;
+    const ingresses = this.ingresses;
     _.forEach(this.formValues.PublishedPorts, (p) => {
       p.IngressName = ingresses && ingresses.length ? ingresses[0].Name : undefined;
       p.IngressHost = ingresses && ingresses.length ? ingresses[0].Hosts[0] : undefined;
@@ -435,7 +441,7 @@ class KubernetesCreateApplicationController {
 
   onChangePortMappingIngress(index) {
     const publishedPort = this.formValues.PublishedPorts[index];
-    const ingress = _.find(this.filteredIngresses, { Name: publishedPort.IngressName });
+    const ingress = _.find(this.ingresses, { Name: publishedPort.IngressName });
     publishedPort.IngressHosts = ingress.Hosts;
     this.ingressHostnames = ingress.Hosts;
     publishedPort.IngressHost = this.ingressHostnames.length ? this.ingressHostnames[0] : [];
@@ -583,14 +589,28 @@ class KubernetesCreateApplicationController {
     return !this.state.sliders.memory.max || !this.state.sliders.cpu.max;
   }
 
-  resourceReservationsOverflow() {
-    const instances = this.formValues.ReplicaCount;
+  nodeLimitsOverflow() {
     const cpu = this.formValues.CpuLimit;
-    const maxCpu = this.state.sliders.cpu.max;
-    const memory = this.formValues.MemoryLimit;
-    const maxMemory = this.state.sliders.memory.max;
+    const memory = KubernetesResourceReservationHelper.bytesValue(this.formValues.MemoryLimit);
 
-    if (cpu * instances > maxCpu) {
+    const overflow = this.nodesLimits.overflowForReplica(cpu, memory, 1);
+
+    return overflow;
+  }
+
+  effectiveInstances() {
+    return this.formValues.DeploymentType === this.ApplicationDeploymentTypes.GLOBAL ? this.nodeNumber : this.formValues.ReplicaCount;
+  }
+
+  resourceReservationsOverflow() {
+    const instances = this.effectiveInstances();
+    const cpu = this.formValues.CpuLimit;
+    const maxCpu = this.state.namespaceLimits.cpu;
+    const memory = KubernetesResourceReservationHelper.bytesValue(this.formValues.MemoryLimit);
+    const maxMemory = this.state.namespaceLimits.memory;
+
+    // multiply 1000 can avoid 0.1 * 3 > 0.3
+    if (cpu * 1000 * instances > maxCpu * 1000) {
       return true;
     }
 
@@ -598,17 +618,23 @@ class KubernetesCreateApplicationController {
       return true;
     }
 
-    return false;
+    if (this.formValues.DeploymentType === this.ApplicationDeploymentTypes.REPLICATED) {
+      return this.nodesLimits.overflowForReplica(cpu, memory, instances);
+    }
+
+    // DeploymentType == GLOBAL
+    return this.nodesLimits.overflowForGlobal(cpu, memory);
   }
 
   autoScalerOverflow() {
     const instances = this.formValues.AutoScaler.MaxReplicas;
     const cpu = this.formValues.CpuLimit;
-    const maxCpu = this.state.sliders.cpu.max;
-    const memory = this.formValues.MemoryLimit;
-    const maxMemory = this.state.sliders.memory.max;
+    const maxCpu = this.state.namespaceLimits.cpu;
+    const memory = KubernetesResourceReservationHelper.bytesValue(this.formValues.MemoryLimit);
+    const maxMemory = this.state.namespaceLimits.memory;
 
-    if (cpu * instances > maxCpu) {
+    // multiply 1000 can avoid 0.1 * 3 > 0.3
+    if (cpu * 1000 * instances > maxCpu * 1000) {
       return true;
     }
 
@@ -616,7 +642,7 @@ class KubernetesCreateApplicationController {
       return true;
     }
 
-    return false;
+    return this.nodesLimits.overflowForReplica(cpu, memory, instances);
   }
 
   publishViaLoadBalancerEnabled() {
@@ -624,7 +650,7 @@ class KubernetesCreateApplicationController {
   }
 
   publishViaIngressEnabled() {
-    return this.filteredIngresses.length;
+    return this.ingresses.length;
   }
 
   isEditAndNoChangesMade() {
@@ -732,50 +758,66 @@ class KubernetesCreateApplicationController {
 
   /* #region  DATA AUTO REFRESH */
   updateSliders() {
+    const quota = this.formValues.ResourcePool.Quota;
+    let minCpu = 0,
+      minMemory = 0,
+      maxCpu = this.state.namespaceLimits.cpu,
+      maxMemory = this.state.namespaceLimits.memory;
+
+    if (quota) {
+      if (quota.CpuLimit) {
+        minCpu = KubernetesApplicationQuotaDefaults.CpuLimit;
+      }
+      if (quota.MemoryLimit) {
+        minMemory = KubernetesResourceReservationHelper.bytesValue(KubernetesApplicationQuotaDefaults.MemoryLimit);
+      }
+    }
+
+    maxCpu = Math.min(maxCpu, this.nodesLimits.MaxCPU);
+    maxMemory = Math.min(maxMemory, this.nodesLimits.MaxMemory);
+
+    if (maxMemory < minMemory) {
+      minMemory = 0;
+      maxMemory = 0;
+    }
+
+    this.state.sliders.memory.min = KubernetesResourceReservationHelper.megaBytesValue(minMemory);
+    this.state.sliders.memory.max = KubernetesResourceReservationHelper.megaBytesValue(maxMemory);
+    this.state.sliders.cpu.min = minCpu;
+    this.state.sliders.cpu.max = _.floor(maxCpu, 2);
+    if (!this.state.isEdit) {
+      this.formValues.CpuLimit = minCpu;
+      this.formValues.MemoryLimit = KubernetesResourceReservationHelper.megaBytesValue(minMemory);
+    }
+  }
+
+  updateNamespaceLimits() {
+    let maxCpu = this.state.nodes.cpu;
+    let maxMemory = this.state.nodes.memory;
+    const quota = this.formValues.ResourcePool.Quota;
+
     this.state.resourcePoolHasQuota = false;
 
-    const quota = this.formValues.ResourcePool.Quota;
-    let minCpu,
-      maxCpu,
-      minMemory,
-      maxMemory = 0;
     if (quota) {
       if (quota.CpuLimit) {
         this.state.resourcePoolHasQuota = true;
-        minCpu = KubernetesApplicationQuotaDefaults.CpuLimit;
         maxCpu = quota.CpuLimit - quota.CpuLimitUsed;
         if (this.state.isEdit && this.savedFormValues.CpuLimit) {
-          maxCpu += this.savedFormValues.CpuLimit * this.savedFormValues.ReplicaCount;
+          maxCpu += this.savedFormValues.CpuLimit * this.effectiveInstances();
         }
-      } else {
-        minCpu = 0;
-        maxCpu = this.state.nodes.cpu;
       }
+
       if (quota.MemoryLimit) {
         this.state.resourcePoolHasQuota = true;
-        minMemory = KubernetesApplicationQuotaDefaults.MemoryLimit;
         maxMemory = quota.MemoryLimit - quota.MemoryLimitUsed;
         if (this.state.isEdit && this.savedFormValues.MemoryLimit) {
-          maxMemory += KubernetesResourceReservationHelper.bytesValue(this.savedFormValues.MemoryLimit) * this.savedFormValues.ReplicaCount;
+          maxMemory += KubernetesResourceReservationHelper.bytesValue(this.savedFormValues.MemoryLimit) * this.effectiveInstances();
         }
-      } else {
-        minMemory = 0;
-        maxMemory = this.state.nodes.memory;
       }
-    } else {
-      minCpu = 0;
-      maxCpu = this.state.nodes.cpu;
-      minMemory = 0;
-      maxMemory = this.state.nodes.memory;
-    }
-    this.state.sliders.memory.min = minMemory;
-    this.state.sliders.memory.max = KubernetesResourceReservationHelper.megaBytesValue(maxMemory);
-    this.state.sliders.cpu.min = minCpu;
-    this.state.sliders.cpu.max = _.round(maxCpu, 2);
-    if (!this.state.isEdit) {
-      this.formValues.CpuLimit = minCpu;
-      this.formValues.MemoryLimit = minMemory;
     }
+
+    this.state.namespaceLimits.cpu = maxCpu;
+    this.state.namespaceLimits.memory = maxMemory;
   }
 
   refreshStacks(namespace) {
@@ -829,16 +871,22 @@ class KubernetesCreateApplicationController {
   }
 
   refreshIngresses(namespace) {
-    this.filteredIngresses = _.filter(this.ingresses, { Namespace: namespace });
-    this.ingressHostnames = this.filteredIngresses.length ? this.filteredIngresses[0].Hosts : [];
-    if (!this.publishViaIngressEnabled()) {
-      if (this.savedFormValues) {
-        this.formValues.PublishingType = this.savedFormValues.PublishingType;
-      } else {
-        this.formValues.PublishingType = this.ApplicationPublishingTypes.INTERNAL;
+    return this.$async(async () => {
+      try {
+        this.ingresses = await this.KubernetesIngressService.get(namespace);
+        this.ingressHostnames = this.ingresses.length ? this.ingresses[0].Hosts : [];
+        if (!this.publishViaIngressEnabled()) {
+          if (this.savedFormValues) {
+            this.formValues.PublishingType = this.savedFormValues.PublishingType;
+          } else {
+            this.formValues.PublishingType = this.ApplicationPublishingTypes.INTERNAL;
+          }
+        }
+        this.formValues.OriginalIngresses = this.ingresses;
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to retrieve ingresses');
       }
-    }
-    this.formValues.OriginalIngresses = this.filteredIngresses;
+    });
   }
 
   refreshNamespaceData(namespace) {
@@ -863,6 +911,7 @@ class KubernetesCreateApplicationController {
   onResourcePoolSelectionChange() {
     return this.$async(async () => {
       const namespace = this.formValues.ResourcePool.Namespace.Name;
+      this.updateNamespaceLimits();
       this.updateSliders();
       await this.refreshNamespaceData(namespace);
       this.resetFormValues();
@@ -947,12 +996,12 @@ class KubernetesCreateApplicationController {
         this.state.useLoadBalancer = this.endpoint.Kubernetes.Configuration.UseLoadBalancer;
         this.state.useServerMetrics = this.endpoint.Kubernetes.Configuration.UseServerMetrics;
 
-        const [resourcePools, nodes, ingresses] = await Promise.all([
+        const [resourcePools, nodes, nodesLimits] = await Promise.all([
           this.KubernetesResourcePoolService.get(),
           this.KubernetesNodeService.get(),
-          this.KubernetesIngressService.get(),
+          this.KubernetesNodesLimitsService.get(),
         ]);
-        this.ingresses = ingresses;
+        this.nodesLimits = nodesLimits;
 
         this.resourcePools = _.filter(resourcePools, (resourcePool) => !KubernetesNamespaceHelper.isSystemNamespace(resourcePool.Namespace.Name));
         this.formValues.ResourcePool = this.resourcePools[0];
@@ -965,6 +1014,7 @@ class KubernetesCreateApplicationController {
           this.state.nodes.cpu += item.CPU;
         });
         this.nodesLabels = KubernetesNodeHelper.generateNodeLabelsFromNodes(nodes);
+        this.nodeNumber = nodes.length;
 
         const namespace = this.state.isEdit ? this.$state.params.namespace : this.formValues.ResourcePool.Namespace.Name;
         await this.refreshNamespaceData(namespace);
@@ -977,9 +1027,9 @@ class KubernetesCreateApplicationController {
             this.configurations,
             this.persistentVolumeClaims,
             this.nodesLabels,
-            this.filteredIngresses
+            this.ingresses
           );
-          this.formValues.OriginalIngresses = this.filteredIngresses;
+          this.formValues.OriginalIngresses = this.ingresses;
           this.formValues.ImageModel = await this.parseImageConfiguration(this.formValues.ImageModel);
           this.savedFormValues = angular.copy(this.formValues);
           delete this.formValues.ApplicationType;
@@ -996,8 +1046,13 @@ class KubernetesCreateApplicationController {
           await this.refreshNamespaceData(namespace);
         } else {
           this.formValues.AutoScaler = KubernetesApplicationHelper.generateAutoScalerFormValueFromHorizontalPodAutoScaler(null, this.formValues.ReplicaCount);
-          this.formValues.OriginalIngressClasses = angular.copy(this.ingresses);
         }
+
+        if (this.state.isEdit) {
+          this.nodesLimits.excludesPods(this.application.Pods, this.formValues.CpuLimit, KubernetesResourceReservationHelper.bytesValue(this.formValues.MemoryLimit));
+        }
+
+        this.updateNamespaceLimits();
         this.updateSliders();
       } catch (err) {
         this.Notifications.error('Failure', err, 'Unable to load view data');

app/kubernetes/views/applications/edit/application.html

@@ -26,7 +26,7 @@
                     </tr>
                     <tr>
                       <td>Stack</td>
-                      <td>{{ ctrl.application.StackName }}</td>
+                      <td>{{ ctrl.application.StackName || '-' }}</td>
                     </tr>
                     <tr>
                       <td>Namespace</td>
@@ -191,21 +191,15 @@
     <div class="col-sm-12">
       <rd-widget>
         <rd-widget-body>
-          <div ng-if="!ctrl.isSystemNamespace()">
-            <button
-              ng-if="!ctrl.isExternalApplication()"
-              type="button"
-              class="btn btn-sm btn-primary"
-              ui-sref="kubernetes.applications.application.edit"
-              style="margin-left: 0; margin-bottom: 15px;"
-            >
+          <div ng-if="!ctrl.isSystemNamespace()" style="margin-bottom: 15px;">
+            <button ng-if="!ctrl.isExternalApplication()" type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.applications.application.edit" style="margin-left: 0;">
               <i class="fa fa-file-code space-right" aria-hidden="true"></i>Edit this application
             </button>
             <button
               ng-if="ctrl.application.ApplicationType !== ctrl.KubernetesApplicationTypes.POD"
               type="button"
               class="btn btn-sm btn-primary"
-              style="margin-left: 0; margin-bottom: 15px;"
+              style="margin-left: 0;"
               ng-click="ctrl.redeployApplication()"
             >
               <i class="fa fa-redo space-right" aria-hidden="true"></i>Redeploy
@@ -214,12 +208,19 @@
               ng-if="!ctrl.isExternalApplication()"
               type="button"
               class="btn btn-sm btn-primary"
-              style="margin-left: 0; margin-bottom: 15px;"
+              style="margin-left: 0;"
               ng-click="ctrl.rollbackApplication()"
               ng-disabled="ctrl.application.Revisions.length < 2"
             >
               <i class="fas fa-history space-right" aria-hidden="true"></i>Rollback to previous configuration
             </button>
+            <a
+              ng-if="ctrl.isStack() && ctrl.stackFileContent"
+              class="btn btn-sm btn-primary space-left"
+              ui-sref="kubernetes.templates.custom.new({fileContent: ctrl.stackFileContent})"
+            >
+              <i class="fas fa-plus space-right" aria-hidden="true"></i>Create template from application
+            </a>
           </div>
 
           <!-- ACCESSING APPLICATION -->

app/kubernetes/views/applications/edit/applicationController.js

@@ -107,7 +107,8 @@ class KubernetesApplicationController {
     KubernetesStackService,
     KubernetesPodService,
     KubernetesNodeService,
-    EndpointProvider
+    EndpointProvider,
+    StackService
   ) {
     this.$async = $async;
     this.$state = $state;
@@ -115,6 +116,7 @@ class KubernetesApplicationController {
     this.Notifications = Notifications;
     this.LocalStorage = LocalStorage;
     this.ModalService = ModalService;
+    this.StackService = StackService;
 
     this.KubernetesApplicationService = KubernetesApplicationService;
     this.KubernetesEventService = KubernetesEventService;
@@ -193,6 +195,10 @@ class KubernetesApplicationController {
     return !rule.Host && !rule.IP ? false : true;
   }
 
+  isStack() {
+    return this.application.StackId;
+  }
+
   /**
    * ROLLBACK
    */
@@ -308,6 +314,11 @@ class KubernetesApplicationController {
 
       this.placements = computePlacements(nodes, this.application);
       this.state.placementWarning = _.find(this.placements, { AcceptsApplication: true }) ? false : true;
+
+      if (application.StackId) {
+        const file = await this.StackService.getStackFile(application.StackId);
+        this.stackFileContent = file;
+      }
     } catch (err) {
       this.Notifications.error('Failure', err, 'Unable to retrieve application details');
     } finally {

app/kubernetes/views/configurations/configurations.html

@@ -5,8 +5,6 @@
 <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
 
 <div ng-if="ctrl.state.viewReady">
-  <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
-
   <div class="row">
     <div class="col-sm-12">
       <kubernetes-configurations-datatable

app/kubernetes/views/configurations/configurationsController.js

@@ -1,5 +1,3 @@
-require('../../templates/advancedDeploymentPanel.html');
-
 import angular from 'angular';
 import KubernetesConfigurationHelper from 'Kubernetes/helpers/configurationHelper';
 

app/kubernetes/views/configure/configure.html

@@ -299,6 +299,11 @@
                   ng-click="ctrl.configure()"
                   ng-disabled="ctrl.state.actionInProgress || !kubernetesClusterSetupForm.$valid || !ctrl.hasValidStorageConfiguration()"
                   button-spinner="ctrl.state.actionInProgress"
+                  analytics-on
+                  analytics-if="ctrl.restrictDefaultToggledOn()"
+                  analytics-category="kubernetes"
+                  analytics-event="kubernetes-configure"
+                  analytics-properties="{ metadata: { restrictAccessToDefaultNamespace: ctrl.formValues.RestrictDefaultNamespace } }"
                 >
                   <span ng-hide="ctrl.state.actionInProgress">Save configuration</span>
                   <span ng-show="ctrl.state.actionInProgress">Saving configuration...</span>

app/kubernetes/views/configure/configureController.js

@@ -237,6 +237,10 @@ class KubernetesConfigureController {
   }
   /* #endregion */
 
+  restrictDefaultToggledOn() {
+    return this.formValues.RestrictDefaultNamespace && !this.oldFormValues.RestrictDefaultNamespace;
+  }
+
   /* #region  ON INIT */
   async onInit() {
     this.state = {
@@ -287,6 +291,8 @@ class KubernetesConfigureController {
         ic.NeedsDeletion = false;
         return ic;
       });
+
+      this.oldFormValues = Object.assign({}, this.formValues);
     } catch (err) {
       this.Notifications.error('Failure', err, 'Unable to retrieve endpoint configuration');
     } finally {

app/kubernetes/views/deploy/deploy.html

@@ -23,16 +23,18 @@
                   </div>
                 </div>
 
-                <div class="col-sm-12 form-section-title">
-                  Deployment type
-                </div>
-                <box-selector radio-name="deploy" ng-model="ctrl.state.DeployType" options="ctrl.deployOptions" data-cy="k8sAppDeploy-deploymentSelector"></box-selector>
-
                 <div class="col-sm-12 form-section-title">
                   Build method
                 </div>
                 <box-selector radio-name="method" ng-model="ctrl.state.BuildMethod" options="ctrl.methodOptions" data-cy="k8sAppDeploy-buildSelector"></box-selector>
 
+                <div ng-if="ctrl.state.BuildMethod !== ctrl.BuildMethods.CUSTOM_TEMPLATE">
+                  <div class="col-sm-12 form-section-title">
+                    Deployment type
+                  </div>
+                  <box-selector radio-name="deploy" ng-model="ctrl.state.DeployType" options="ctrl.deployOptions" data-cy="k8sAppDeploy-deploymentSelector"></box-selector>
+                </div>
+
                 <!-- repository -->
                 <div ng-show="ctrl.state.BuildMethod === ctrl.BuildMethods.GIT">
                   <div class="col-sm-12 form-section-title">
@@ -62,9 +64,17 @@
                 </div>
                 <!-- !repository -->
 
+                <custom-template-selector
+                  ng-show="ctrl.state.BuildMethod === ctrl.BuildMethods.CUSTOM_TEMPLATE"
+                  new-template-path="kubernetes.templates.custom.new"
+                  stack-type="3"
+                  on-change="(ctrl.onChangeTemplateId)"
+                  value="ctrl.state.templateId"
+                ></custom-template-selector>
+
                 <!-- editor -->
                 <web-editor-form
-                  ng-if="ctrl.state.BuildMethod === ctrl.BuildMethods.WEB_EDITOR"
+                  ng-if="ctrl.state.BuildMethod === ctrl.BuildMethods.WEB_EDITOR || (ctrl.state.BuildMethod === ctrl.BuildMethods.CUSTOM_TEMPLATE && ctrl.state.templateId)"
                   identifier="kubernetes-deploy-editor"
                   value="ctrl.formValues.EditorContent"
                   on-change="(ctrl.onChangeFileContent)"
@@ -101,6 +111,33 @@
                 </web-editor-form>
 
                 <!-- !editor -->
+                
+                <!-- url -->
+                <div ng-show="ctrl.state.BuildMethod === ctrl.BuildMethods.URL">
+                  <div class="col-sm-12 form-section-title">
+                    URL
+                  </div>
+                  <div class="form-group">
+                    <span class="col-sm-12 text-muted small">
+                      Indicate the URL to the manifest.
+                    </span>
+                  </div>
+                  <div class="form-group">
+                    <label for="manifest_url" class="col-sm-1 control-label text-left">URL</label>
+                    <div class="col-sm-11">
+                      <input
+                        type="text"
+                        class="form-control"
+                        ng-model="ctrl.formValues.ManifestURL"
+                        id="manifest_url"
+                        placeholder="https://raw.githubusercontent.com/kubernetes/website/main/content/en/examples/controllers/nginx-deployment.yaml"
+                        data-cy="k8sAppDeploy-urlFileUrl"
+                      />
+                    </div>
+                  </div>
+                </div>                
+                <!-- !url -->
+
                 <!-- actions -->
                 <div class="col-sm-12 form-section-title">
                   Actions
@@ -114,6 +151,10 @@
                       ng-click="ctrl.deploy()"
                       button-spinner="ctrl.state.actionInProgress"
                       data-cy="k8sAppDeploy-deployButton"
+                      analytics-on
+                      analytics-category="kubernetes"
+                      analytics-event="kubernetes-application-advanced-deployment"
+                      analytics-properties="ctrl.buildAnalyticsProperties()"
                     >
                       <span ng-hide="ctrl.state.actionInProgress">Deploy</span>
                       <span ng-show="ctrl.state.actionInProgress">Deployment in progress...</span>

app/kubernetes/views/deploy/deployController.js

@@ -1,15 +1,18 @@
 import angular from 'angular';
 import _ from 'lodash-es';
 import stripAnsi from 'strip-ansi';
+import PortainerError from 'Portainer/error';
 
 import { KubernetesDeployManifestTypes, KubernetesDeployBuildMethods, KubernetesDeployRequestMethods } from 'Kubernetes/models/deploy';
 import { buildOption } from '@/portainer/components/box-selector';
 class KubernetesDeployController {
   /* @ngInject */
-  constructor($async, $state, $window, ModalService, Notifications, EndpointProvider, KubernetesResourcePoolService, StackService) {
+  constructor($async, $state, $window, Authentication, CustomTemplateService, ModalService, Notifications, EndpointProvider, KubernetesResourcePoolService, StackService) {
     this.$async = $async;
     this.$state = $state;
     this.$window = $window;
+    this.Authentication = Authentication;
+    this.CustomTemplateService = CustomTemplateService;
     this.ModalService = ModalService;
     this.Notifications = Notifications;
     this.EndpointProvider = EndpointProvider;
@@ -18,12 +21,14 @@ class KubernetesDeployController {
 
     this.deployOptions = [
       buildOption('method_kubernetes', 'fa fa-cubes', 'Kubernetes', 'Kubernetes manifest format', KubernetesDeployManifestTypes.KUBERNETES),
-      buildOption('method_compose', 'fa fa-docker', 'Compose', 'docker-compose format', KubernetesDeployManifestTypes.COMPOSE),
+      buildOption('method_compose', 'fab fa-docker', 'Compose', 'docker-compose format', KubernetesDeployManifestTypes.COMPOSE),
     ];
 
     this.methodOptions = [
       buildOption('method_repo', 'fab fa-github', 'Git Repository', 'Use a git repository', KubernetesDeployBuildMethods.GIT),
       buildOption('method_editor', 'fa fa-edit', 'Web editor', 'Use our Web editor', KubernetesDeployBuildMethods.WEB_EDITOR),
+      buildOption('method_url', 'fa fa-globe', 'URL', 'Specify a URL to a file', KubernetesDeployBuildMethods.URL),
+      buildOption('method_template', 'fa fa-rocket', 'Custom Template', 'Use a custom template', KubernetesDeployBuildMethods.CUSTOM_TEMPLATE),
     ];
 
     this.state = {
@@ -33,6 +38,7 @@ class KubernetesDeployController {
       activeTab: 0,
       viewReady: false,
       isEditorDirty: false,
+      templateId: null,
     };
 
     this.formValues = {};
@@ -40,13 +46,54 @@ class KubernetesDeployController {
     this.BuildMethods = KubernetesDeployBuildMethods;
     this.endpointId = this.EndpointProvider.endpointID();
 
-    this.onInit = this.onInit.bind(this);
+    this.onChangeTemplateId = this.onChangeTemplateId.bind(this);
     this.deployAsync = this.deployAsync.bind(this);
     this.onChangeFileContent = this.onChangeFileContent.bind(this);
     this.getNamespacesAsync = this.getNamespacesAsync.bind(this);
     this.onChangeFormValues = this.onChangeFormValues.bind(this);
     this.onRepoUrlChange = this.onRepoUrlChange.bind(this);
     this.onRepoRefChange = this.onRepoRefChange.bind(this);
+    this.buildAnalyticsProperties = this.buildAnalyticsProperties.bind(this);
+  }
+
+  buildAnalyticsProperties() {
+    const metadata = {
+      type: buildLabel(this.state.BuildMethod),
+      format: formatLabel(this.state.DeployType),
+      role: roleLabel(this.Authentication.isAdmin()),
+    };
+
+    if (this.state.BuildMethod === KubernetesDeployBuildMethods.GIT) {
+      metadata.auth = this.formValues.RepositoryAuthentication;
+    }
+
+    return { metadata };
+
+    function roleLabel(isAdmin) {
+      if (isAdmin) {
+        return 'admin';
+      }
+
+      return 'standard';
+    }
+
+    function buildLabel(buildMethod) {
+      switch (buildMethod) {
+        case KubernetesDeployBuildMethods.GIT:
+          return 'git';
+        case KubernetesDeployBuildMethods.WEB_EDITOR:
+          return 'web-editor';
+      }
+    }
+
+    function formatLabel(format) {
+      switch (format) {
+        case KubernetesDeployManifestTypes.COMPOSE:
+          return 'compose';
+        case KubernetesDeployManifestTypes.KUBERNETES:
+          return 'manifest';
+      }
+    }
   }
 
   disableDeploy() {
@@ -54,10 +101,13 @@ class KubernetesDeployController {
       this.state.BuildMethod === KubernetesDeployBuildMethods.GIT &&
       (!this.formValues.RepositoryURL ||
         !this.formValues.FilePathInRepository ||
-        (this.formValues.RepositoryAuthentication && (!this.formValues.RepositoryUsername || !this.formValues.RepositoryPassword)));
-    const isWebEditorInvalid = this.state.BuildMethod === KubernetesDeployBuildMethods.WEB_EDITOR && _.isEmpty(this.formValues.EditorContent);
+        (this.formValues.RepositoryAuthentication && (!this.formValues.RepositoryUsername || !this.formValues.RepositoryPassword))) &&
+      _.isEmpty(this.formValues.Namespace);
+    const isWebEditorInvalid =
+      this.state.BuildMethod === KubernetesDeployBuildMethods.WEB_EDITOR && _.isEmpty(this.formValues.EditorContent) && _.isEmpty(this.formValues.Namespace);
+    const isURLFormInvalid = this.state.BuildMethod == KubernetesDeployBuildMethods.WEB_EDITOR.URL && _.isEmpty(this.formValues.ManifestURL);
 
-    return isGitFormInvalid || isWebEditorInvalid || _.isEmpty(this.formValues.Namespace) || this.state.actionInProgress;
+    return isGitFormInvalid || isWebEditorInvalid || isURLFormInvalid || this.state.actionInProgress;
   }
 
   onChangeFormValues(values) {
@@ -75,6 +125,23 @@ class KubernetesDeployController {
     this.onChangeFormValues({ RepositoryReferenceName: value });
   }
 
+  onChangeTemplateId(templateId) {
+    return this.$async(async () => {
+      if (this.state.templateId === templateId) {
+        return;
+      }
+
+      this.state.templateId = templateId;
+
+      try {
+        const fileContent = await this.CustomTemplateService.customTemplateFile(templateId);
+        this.onChangeFileContent(fileContent);
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to load template file');
+      }
+    });
+  }
+
   onChangeFileContent(value) {
     this.formValues.EditorContent = value;
     this.state.isEditorDirty = true;
@@ -91,10 +158,29 @@ class KubernetesDeployController {
     this.state.actionInProgress = true;
 
     try {
-      const method = this.state.BuildMethod === this.BuildMethods.GIT ? KubernetesDeployRequestMethods.REPOSITORY : KubernetesDeployRequestMethods.STRING;
+      let method;
+      let composeFormat = this.state.DeployType === this.ManifestDeployTypes.COMPOSE;
+
+      switch (this.state.BuildMethod) {
+        case this.BuildMethods.GIT:
+          method = KubernetesDeployRequestMethods.REPOSITORY;
+          break;
+        case this.BuildMethods.WEB_EDITOR:
+          method = KubernetesDeployRequestMethods.STRING;
+          break;
+        case KubernetesDeployBuildMethods.CUSTOM_TEMPLATE:
+          method = KubernetesDeployRequestMethods.STRING;
+          composeFormat = false;
+          break;
+        case this.BuildMethods.URL:
+          method = KubernetesDeployRequestMethods.URL;
+          break;
+        default:
+          throw new PortainerError('Unable to determine build method');
+      }
 
       const payload = {
-        ComposeFormat: this.state.DeployType === this.ManifestDeployTypes.COMPOSE,
+        ComposeFormat: composeFormat,
         Namespace: this.formValues.Namespace,
       };
 
@@ -107,8 +193,10 @@ class KubernetesDeployController {
           payload.RepositoryPassword = this.formValues.RepositoryPassword;
         }
         payload.FilePathInRepository = this.formValues.FilePathInRepository;
-      } else {
+      } else if (method === KubernetesDeployRequestMethods.STRING) {
         payload.StackFileContent = this.formValues.EditorContent;
+      } else {
+        payload.ManifestURL = this.formValues.ManifestURL;
       }
 
       await this.StackService.kubernetesDeploy(this.endpointId, method, payload);
@@ -157,20 +245,27 @@ class KubernetesDeployController {
       return this.ModalService.confirmWebEditorDiscard();
     }
   }
-  async onInit() {
-    await this.getNamespaces();
-
-    this.state.viewReady = true;
-
-    this.$window.onbeforeunload = () => {
-      if (this.formValues.EditorContent && this.state.isEditorDirty) {
-        return '';
-      }
-    };
-  }
 
   $onInit() {
-    return this.$async(this.onInit);
+    return this.$async(async () => {
+      await this.getNamespaces();
+
+      if (this.$state.params.templateId) {
+        const templateId = parseInt(this.$state.params.templateId, 10);
+        if (templateId && !Number.isNaN(templateId)) {
+          this.state.BuildMethod = KubernetesDeployBuildMethods.CUSTOM_TEMPLATE;
+          this.onChangeTemplateId(templateId);
+        }
+      }
+
+      this.state.viewReady = true;
+
+      this.$window.onbeforeunload = () => {
+        if (this.formValues.EditorContent && this.state.isEditorDirty) {
+          return '';
+        }
+      };
+    });
   }
 
   $onDestroy() {

app/kubernetes/views/resource-pools/edit/resourcePool.html

@@ -317,16 +317,16 @@
                     Registries
                   </div>
 
-                  <div class="form-group" ng-if="!ctrl.isAdmin">
+                  <div class="form-group" ng-if="!ctrl.isAdmin || ctrl.isSystem">
                     <label class="col-sm-3 col-lg-2 control-label text-left" style="padding-top: 0;">
                       Selected registries
                     </label>
                     <div class="col-sm-9 col-lg-4">
-                      {{ ctrl.selectedRegistries }}
+                      {{ ctrl.selectedRegistries ? ctrl.selectedRegistries : 'None' }}
                     </div>
                   </div>
 
-                  <div ng-if="ctrl.isAdmin">
+                  <div ng-if="ctrl.isAdmin && !ctrl.isSystem">
                     <div class="form-group">
                       <div class="col-sm-12 small text-muted">
                         <p>
@@ -405,14 +405,14 @@
                 <!-- !summary -->
 
                 <!-- actions -->
-                <div ng-if="ctrl.isAdmin && !ctrl.isDefaultNamespace" class="col-sm-12 form-section-title">
+                <div ng-if="ctrl.isAdmin" class="col-sm-12 form-section-title">
                   Actions
                 </div>
-                <div ng-if="ctrl.isAdmin && !ctrl.isDefaultNamespace" class="form-group">
+                <div ng-if="ctrl.isAdmin" class="form-group">
                   <div class="col-sm-12">
                     <button
                       type="button"
-                      ng-if="ctrl.isEditable"
+                      ng-if="!ctrl.isSystem"
                       class="btn btn-primary btn-sm"
                       ng-disabled="!resourcePoolEditForm.$valid || ctrl.isUpdateButtonDisabled()"
                       ng-click="ctrl.updateResourcePool()"
@@ -421,7 +421,13 @@
                       <span ng-hide="ctrl.state.actionInProgress" data-cy="k8sNamespaceEdit-updateNamespaceButton">Update namespace</span>
                       <span ng-show="ctrl.state.actionInProgress">Update in progress...</span>
                     </button>
-                    <button type="button" class="btn btn-primary btn-sm" ng-click="ctrl.markUnmarkAsSystem()" button-spinner="ctrl.state.actionInProgress">
+                    <button
+                      ng-if="!ctrl.isDefaultNamespace"
+                      type="button"
+                      class="btn btn-primary btn-sm"
+                      ng-click="ctrl.markUnmarkAsSystem()"
+                      button-spinner="ctrl.state.actionInProgress"
+                    >
                       <span ng-if="ctrl.isSystem">Unmark as system</span>
                       <span ng-if="!ctrl.isSystem">Mark as system</span>
                     </button>

app/kubernetes/views/resource-pools/edit/resourcePoolController.js

@@ -293,7 +293,7 @@ class KubernetesResourcePoolController {
       this.state.ingressesLoading = true;
       try {
         const namespace = this.pool.Namespace.Name;
-        this.allIngresses = await this.KubernetesIngressService.get();
+        this.allIngresses = await this.KubernetesIngressService.get(this.state.hasWriteAuthorization ? '' : namespace);
         this.ingresses = _.filter(this.allIngresses, { Namespace: namespace });
         _.forEach(this.ingresses, (ing) => {
           ing.Namespace = namespace;
@@ -325,7 +325,7 @@ class KubernetesResourcePoolController {
               this.formValues.Registries.push(reg);
             }
           });
-
+          this.selectedRegistries = this.formValues.Registries.map((r) => r.Name).join(', ');
           return;
         }
 

app/kubernetes/views/volumes/volumes.html

@@ -5,8 +5,6 @@
 <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
 
 <div ng-if="ctrl.state.viewReady">
-  <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
-
   <div class="row">
     <div class="col-sm-12">
       <rd-widget>

app/kubernetes/views/volumes/volumesController.js

@@ -1,5 +1,3 @@
-require('../../templates/advancedDeploymentPanel.html');
-
 import _ from 'lodash-es';
 import filesizeParser from 'filesize-parser';
 import angular from 'angular';

app/portainer/components/custom-template-common-fields/customTemplateCommonFields.html

@@ -52,7 +52,7 @@
   <!-- !icon-url-input -->
 
   <!-- platform-input -->
-  <div class="form-group">
+  <div ng-if="$ctrl.showPlatformField" class="form-group">
     <label for="platform" class="col-sm-3 col-lg-2 control-label text-left">Platform</label>
     <div class="col-sm-9 col-lg-10">
       <select class="form-control" ng-model="$ctrl.formValues.Platform" ng-options="+(opt.value) as opt.label for opt in $ctrl.platformTypes"> </select>
@@ -61,7 +61,7 @@
   <!-- !platform-input -->
 
   <!-- platform-input -->
-  <div class="form-group">
+  <div ng-if="$ctrl.showTypeField" class="form-group">
     <label for="platform" class="col-sm-3 col-lg-2 control-label text-left">Type</label>
     <div class="col-sm-9 col-lg-10">
       <select class="form-control" ng-model="$ctrl.formValues.Type" ng-options="+(opt.value) as opt.label for opt in $ctrl.templateTypes"> </select>

app/portainer/components/custom-template-common-fields/index.js

@@ -5,5 +5,7 @@ angular.module('portainer.app').component('customTemplateCommonFields', {
   controller: CustomTemplateCommonFieldsController,
   bindings: {
     formValues: '=',
+    showPlatformField: '<',
+    showTypeField: '<',
   },
 });

app/portainer/components/custom-template-selector/custom-template-selector.controller.js

@@ -8,8 +8,8 @@ class CustomTemplateSelectorController {
   }
 
   async handleChangeTemplate(templateId) {
-    this.selectedTemplate = this.templates.find((t) => t.id === templateId);
-    this.onChange(templateId);
+    this.selectedTemplate = this.templates.find((t) => t.Id === templateId);
+    this.onChange(templateId, this.selectedTemplate);
   }
 
   $onChanges({ value }) {

app/portainer/components/custom-templates-list/customTemplatesList.html

@@ -5,9 +5,7 @@
         <div class="toolBarTitle"> <i class="fa" ng-class="$ctrl.titleIcon" aria-hidden="true" style="margin-right: 2px;"></i> {{ $ctrl.titleText }} </div>
       </div>
       <div class="actionBar">
-        <button type="button" class="btn btn-sm btn-primary" ui-sref="docker.templates.custom.new">
-          <i class="fa fa-plus space-right" aria-hidden="true"></i>Add Custom Template
-        </button>
+        <button type="button" class="btn btn-sm btn-primary" ui-state="$ctrl.createPath"> <i class="fa fa-plus space-right" aria-hidden="true"></i>Add Custom Template </button>
       </div>
 
       <div class="searchBar" style="border-top: 2px solid #f6f6f6;">
@@ -27,12 +25,12 @@
         <template-item
           ng-repeat="template in $ctrl.templates | filter:$ctrl.state.textFilter"
           model="template"
-          type-label="{{ template.Type === 1 ? 'swarm' : 'standalone' }}"
+          type-label="{{ $ctrl.typeLabel(template.Type) }}"
           on-select="($ctrl.onSelectClick)"
         >
           <template-item-actions>
             <div ng-if="$ctrl.isEditAllowed(template)" style="display: flex;">
-              <a ui-sref="docker.templates.custom.edit({id: template.Id})" ng-click="$event.stopPropagation();" class="btn btn-primary btn-xs" style="margin-right: 10px;">
+              <a ui-state="$ctrl.editPath" ui-state-params="({id: template.Id})" ng-click="$event.stopPropagation();" class="btn btn-primary btn-xs" style="margin-right: 10px;">
                 Edit
               </a>
               <button class="btn btn-danger btn-xs" ng-click="$ctrl.onDeleteClick(template.Id); $event.stopPropagation();">Delete</button>

app/portainer/components/custom-templates-list/customTemplatesListController.js

@@ -1,7 +1,28 @@
+const CUSTOM_TEMPLATES_TYPES = {
+  STANDALONE: 1,
+  SWARM: 2,
+  KUBERNETES: 3,
+};
+
 angular.module('portainer.docker').controller('CustomTemplatesListController', function ($scope, $controller, DatatableService) {
   angular.extend(this, $controller('GenericDatatableController', { $scope: $scope }));
 
-  this.$onInit = function () {
+  this.typeLabel = typeLabel;
+  this.$onInit = $onInit;
+
+  function typeLabel(type) {
+    switch (type) {
+      case CUSTOM_TEMPLATES_TYPES.SWARM:
+        return 'swarm';
+      case CUSTOM_TEMPLATES_TYPES.KUBERNETES:
+        return 'manifest';
+      case CUSTOM_TEMPLATES_TYPES.STANDALONE:
+      default:
+        return 'standalone';
+    }
+  }
+
+  function $onInit() {
     this.setDefaults();
     this.prepareTableFromDataset();
 
@@ -32,5 +53,5 @@ angular.module('portainer.docker').controller('CustomTemplatesListController', f
       this.settings.open = false;
     }
     this.onSettingsRepeaterChange();
-  };
+  }
 });

app/portainer/components/custom-templates-list/index.js

@@ -12,5 +12,7 @@ angular.module('portainer.app').component('customTemplatesList', {
     showSwarmStacks: '<',
     onDeleteClick: '<',
     isEditAllowed: '<',
+    createPath: '@',
+    editPath: '@',
   },
 });

app/portainer/components/environment-variables-panel/environment-variables-simple-mode/environment-variables-simple-mode-item/environment-variables-simple-mode-item.controller.js

@@ -1,12 +1,4 @@
-import { KEY_REGEX, VALUE_REGEX } from '@/portainer/helpers/env-vars';
-
 class EnvironmentVariablesSimpleModeItemController {
-  /* @ngInject */
-  constructor() {
-    this.KEY_REGEX = KEY_REGEX;
-    this.VALUE_REGEX = VALUE_REGEX;
-  }
-
   onChangeName(name) {
     const fieldIsInvalid = typeof name === 'undefined';
     if (fieldIsInvalid) {

app/portainer/components/environment-variables-panel/environment-variables-simple-mode/environment-variables-simple-mode-item/environment-variables-simple-mode-item.html

@@ -9,7 +9,6 @@
         placeholder="e.g. FOO"
         ng-model="$ctrl.variable.name"
         ng-disabled="$ctrl.variable.added"
-        ng-pattern="$ctrl.KEY_REGEX"
         ng-change="$ctrl.onChangeName($ctrl.variable.name)"
         required
       />
@@ -36,7 +35,6 @@
           ng-model="$ctrl.variable.value"
           placeholder="e.g. bar"
           ng-trim="false"
-          ng-pattern="$ctrl.VALUE_REGEX"
           name="value"
           ng-change="$ctrl.onChangeValue($ctrl.variable.value)"
         />

app/portainer/components/form-components/file-upload-form/file-upload-form.html

@@ -0,0 +1,19 @@
+<ng-form class="file-upload-form" name="$ctrl.fileUploadForm">
+  <div class="col-sm-12 form-section-title">
+    Upload
+  </div>
+  <div class="form-group">
+    <span class="col-sm-12 text-muted small" ng-transclude="description"> </span>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-12">
+      <button type="button" class="btn btn-sm btn-primary" ngf-select="$ctrl.onChange($file)" ng-model="$ctrl.file" ng-required="$ctrl.ngRequired" name="file">
+        Select file
+      </button>
+      <span class="space-left">
+        {{ $ctrl.file.name }}
+        <i class="fa fa-times red-icon" ng-if="!$ctrl.file" aria-hidden="true"></i>
+      </span>
+    </div>
+  </div>
+</ng-form>

app/portainer/components/form-components/file-upload-form/index.js

@@ -0,0 +1,13 @@
+export const fileUploadForm = {
+  templateUrl: './file-upload-form.html',
+
+  bindings: {
+    file: '<',
+    ngRequired: '<',
+    onChange: '<',
+  },
+
+  transclude: {
+    description: '?fileUploadDescription',
+  },
+};

app/portainer/components/form-components/index.js

@@ -1,5 +1,6 @@
 import angular from 'angular';
 
 import { webEditorForm } from './web-editor-form';
+import { fileUploadForm } from './file-upload-form';
 
-export default angular.module('portainer.app.components.form', []).component('webEditorForm', webEditorForm).name;
+export default angular.module('portainer.app.components.form', []).component('webEditorForm', webEditorForm).component('fileUploadForm', fileUploadForm).name;

app/portainer/components/forms/registry-form-azure/registry-form-azure.html

@@ -71,7 +71,16 @@
   </div>
   <div class="form-group">
     <div class="col-sm-12">
-      <button type="submit" class="btn btn-primary btn-sm" ng-disabled="$ctrl.actionInProgress || !registryFormAzure.$valid" button-spinner="$ctrl.actionInProgress">
+      <button
+        type="submit"
+        class="btn btn-primary btn-sm"
+        ng-disabled="$ctrl.actionInProgress || !registryFormAzure.$valid"
+        button-spinner="$ctrl.actionInProgress"
+        analytics-on
+        analytics-category="portainer"
+        analytics-event="portainer-registry-creation"
+        analytics-properties="{ metadata: { type: 'azure' } }"
+      >
         <span ng-hide="$ctrl.actionInProgress">{{ $ctrl.formActionLabel }}</span>
         <span ng-show="$ctrl.actionInProgress">In progress...</span>
       </button>

app/portainer/components/forms/registry-form-custom/registry-form-custom.html

@@ -93,7 +93,16 @@
   </div>
   <div class="form-group">
     <div class="col-sm-12">
-      <button type="submit" class="btn btn-primary btn-sm" ng-disabled="$ctrl.actionInProgress || !registryFormCustom.$valid" button-spinner="$ctrl.actionInProgress">
+      <button
+        type="submit"
+        class="btn btn-primary btn-sm"
+        ng-disabled="$ctrl.actionInProgress || !registryFormCustom.$valid"
+        button-spinner="$ctrl.actionInProgress"
+        analytics-on
+        analytics-category="portainer"
+        analytics-event="portainer-registry-creation"
+        analytics-properties="{ metadata: { type: 'custom' }}"
+      >
         <span ng-hide="$ctrl.actionInProgress">{{ $ctrl.formActionLabel }}</span>
         <span ng-show="$ctrl.actionInProgress">In progress...</span>
       </button>

app/portainer/components/forms/registry-form-dockerhub/registry-form-dockerhub.html

@@ -54,7 +54,16 @@
   </div>
   <div class="form-group">
     <div class="col-sm-12">
-      <button type="submit" class="btn btn-primary btn-sm" ng-disabled="$ctrl.actionInProgress || !registryFormDockerhub.$valid" button-spinner="$ctrl.actionInProgress">
+      <button
+        type="submit"
+        class="btn btn-primary btn-sm"
+        ng-disabled="$ctrl.actionInProgress || !registryFormDockerhub.$valid"
+        button-spinner="$ctrl.actionInProgress"
+        analytics-on
+        analytics-category="portainer"
+        analytics-event="portainer-registry-creation"
+        analytics-properties="{ metadata: { type: 'dockerhub' } }"
+      >
         <span ng-hide="$ctrl.actionInProgress">{{ $ctrl.formActionLabel }}</span>
         <span ng-show="$ctrl.actionInProgress">In progress...</span>
       </button>

app/portainer/components/forms/registry-form-gitlab/registry-form-gitlab.html

@@ -133,6 +133,10 @@
         class="btn btn-primary btn-sm"
         ng-disabled="$ctrl.actionInProgress || !$ctrl.state.gitlab.selectedItemCount"
         button-spinner="$ctrl.actionInProgress"
+        analytics-on
+        analytics-category="portainer"
+        analytics-event="portainer-registry-creation"
+        analytics-properties="{ metadata: { type: 'gitlab' } }"
       >
         <span ng-hide="$ctrl.actionInProgress">Create registries</span>
         <span ng-show="$ctrl.actionInProgress">In progress...</span>

app/portainer/components/forms/registry-form-proget/registry-form-proget.html

@@ -100,7 +100,16 @@
   </div>
   <div class="form-group">
     <div class="col-sm-12">
-      <button type="submit" class="btn btn-primary btn-sm" ng-disabled="$ctrl.actionInProgress || !registryFormProGet.$valid" button-spinner="$ctrl.actionInProgress">
+      <button
+        type="submit"
+        class="btn btn-primary btn-sm"
+        ng-disabled="$ctrl.actionInProgress || !registryFormProGet.$valid"
+        button-spinner="$ctrl.actionInProgress"
+        analytics-on
+        analytics-category="portainer"
+        analytics-event="portainer-registry-creation"
+        analytics-properties="{ metadata: { type: 'proget' } }"
+      >
         <span ng-hide="$ctrl.actionInProgress">{{ $ctrl.formActionLabel }}</span>
         <span ng-show="$ctrl.actionInProgress">In progress...</span>
       </button>