fix(app): datatable global checkbox doesn't reflect the selected state (#470)

Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
Co-authored-by: oscarzhou <oscar.zhou@portainer.io>
Co-authored-by: Oscar Zhou <100548325+oscarzhou-portainer@users.noreply.github.com>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -95,10 +95,17 @@ body:
       description: We only provide support for current versions of Portainer as per the lifecycle policy linked above. If you are on an older version of Portainer we recommend [upgrading first](https://docs.portainer.io/start/upgrade) in case your bug has already been fixed.
       multiple: false
       options:
+        - '2.27.1'
+        - '2.27.0'
+        - '2.26.1'
+        - '2.26.0'
+        - '2.25.1'
+        - '2.25.0'
         - '2.24.1'
         - '2.24.0'
         - '2.23.0'
         - '2.22.0'
+        - '2.21.5'
         - '2.21.4'
         - '2.21.3'
         - '2.21.2'
@@ -114,12 +121,6 @@ body:
         - '2.19.2'
         - '2.19.1'
         - '2.19.0'
-        - '2.18.4'
-        - '2.18.3'
-        - '2.18.2'
-        - '2.18.1'
-        - '2.17.1'
-        - '2.17.0'
     validations:
       required: true
 

.golangci.yaml

@@ -20,8 +20,6 @@ linters-settings:
         deny:
           - pkg: 'encoding/json'
             desc: 'use github.com/segmentio/encoding/json'
-          - pkg: 'github.com/sirupsen/logrus'
-            desc: 'logging is allowed only by github.com/rs/zerolog'
           - pkg: 'golang.org/x/exp'
             desc: 'exp is not allowed'
           - pkg: 'github.com/portainer/libcrypto'

api/cli/confirm.go

@@ -19,7 +19,5 @@ func Confirm(message string) (bool, error) {
 	}
 
 	answer = strings.ReplaceAll(answer, "\n", "")
-	answer = strings.ToLower(answer)
-
-	return answer == "y" || answer == "yes", nil
+	return strings.EqualFold(answer, "y") || strings.EqualFold(answer, "yes"), nil
 }

api/cmd/portainer/main.go

@@ -238,10 +238,10 @@ func updateSettingsFromFlags(dataStore dataservices.DataStore, flags *portainer.
 		return err
 	}
 
-	settings.SnapshotInterval = *cmp.Or(flags.SnapshotInterval, &settings.SnapshotInterval)
-	settings.LogoURL = *cmp.Or(flags.Logo, &settings.LogoURL)
-	settings.EnableEdgeComputeFeatures = *cmp.Or(flags.EnableEdgeComputeFeatures, &settings.EnableEdgeComputeFeatures)
-	settings.TemplatesURL = *cmp.Or(flags.Templates, &settings.TemplatesURL)
+	settings.SnapshotInterval = cmp.Or(*flags.SnapshotInterval, settings.SnapshotInterval)
+	settings.LogoURL = cmp.Or(*flags.Logo, settings.LogoURL)
+	settings.EnableEdgeComputeFeatures = cmp.Or(*flags.EnableEdgeComputeFeatures, settings.EnableEdgeComputeFeatures)
+	settings.TemplatesURL = cmp.Or(*flags.Templates, settings.TemplatesURL)
 
 	if *flags.Labels != nil {
 		settings.BlackListedLabels = *flags.Labels

api/database/boltdb/json_test.go

@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
+	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://kubernetes.github.io/ingress-nginx","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
 	passphrase = "my secret key"
 )
 

api/dataservices/edgestack/edgestack.go

@@ -15,7 +15,7 @@ type Service struct {
 	connection          portainer.Connection
 	idxVersion          map[portainer.EdgeStackID]int
 	mu                  sync.RWMutex
-	cacheInvalidationFn func(portainer.EdgeStackID)
+	cacheInvalidationFn func(portainer.Transaction, portainer.EdgeStackID)
 }
 
 func (service *Service) BucketName() string {
@@ -23,7 +23,7 @@ func (service *Service) BucketName() string {
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection portainer.Connection, cacheInvalidationFn func(portainer.EdgeStackID)) (*Service, error) {
+func NewService(connection portainer.Connection, cacheInvalidationFn func(portainer.Transaction, portainer.EdgeStackID)) (*Service, error) {
 	err := connection.SetServiceName(BucketName)
 	if err != nil {
 		return nil, err
@@ -36,7 +36,7 @@ func NewService(connection portainer.Connection, cacheInvalidationFn func(portai
 	}
 
 	if s.cacheInvalidationFn == nil {
-		s.cacheInvalidationFn = func(portainer.EdgeStackID) {}
+		s.cacheInvalidationFn = func(portainer.Transaction, portainer.EdgeStackID) {}
 	}
 
 	es, err := s.EdgeStacks()
@@ -106,7 +106,7 @@ func (service *Service) Create(id portainer.EdgeStackID, edgeStack *portainer.Ed
 
 	service.mu.Lock()
 	service.idxVersion[id] = edgeStack.Version
-	service.cacheInvalidationFn(id)
+	service.cacheInvalidationFn(service.connection, id)
 	service.mu.Unlock()
 
 	return nil
@@ -125,7 +125,7 @@ func (service *Service) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *por
 	}
 
 	service.idxVersion[ID] = edgeStack.Version
-	service.cacheInvalidationFn(ID)
+	service.cacheInvalidationFn(service.connection, ID)
 
 	return nil
 }
@@ -142,7 +142,7 @@ func (service *Service) UpdateEdgeStackFunc(ID portainer.EdgeStackID, updateFunc
 		updateFunc(edgeStack)
 
 		service.idxVersion[ID] = edgeStack.Version
-		service.cacheInvalidationFn(ID)
+		service.cacheInvalidationFn(service.connection, ID)
 	})
 }
 
@@ -165,7 +165,7 @@ func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 
 	delete(service.idxVersion, ID)
 
-	service.cacheInvalidationFn(ID)
+	service.cacheInvalidationFn(service.connection, ID)
 
 	return nil
 }

api/dataservices/edgestack/tx.go

@@ -44,8 +44,7 @@ func (service ServiceTx) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeSta
 	var stack portainer.EdgeStack
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	err := service.tx.GetObject(BucketName, identifier, &stack)
-	if err != nil {
+	if err := service.tx.GetObject(BucketName, identifier, &stack); err != nil {
 		return nil, err
 	}
 
@@ -65,18 +64,17 @@ func (service ServiceTx) EdgeStackVersion(ID portainer.EdgeStackID) (int, bool)
 func (service ServiceTx) Create(id portainer.EdgeStackID, edgeStack *portainer.EdgeStack) error {
 	edgeStack.ID = id
 
-	err := service.tx.CreateObjectWithId(
+	if err := service.tx.CreateObjectWithId(
 		BucketName,
 		int(edgeStack.ID),
 		edgeStack,
-	)
-	if err != nil {
+	); err != nil {
 		return err
 	}
 
 	service.service.mu.Lock()
 	service.service.idxVersion[id] = edgeStack.Version
-	service.service.cacheInvalidationFn(id)
+	service.service.cacheInvalidationFn(service.tx, id)
 	service.service.mu.Unlock()
 
 	return nil
@@ -89,13 +87,12 @@ func (service ServiceTx) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *po
 
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	err := service.tx.UpdateObject(BucketName, identifier, edgeStack)
-	if err != nil {
+	if err := service.tx.UpdateObject(BucketName, identifier, edgeStack); err != nil {
 		return err
 	}
 
 	service.service.idxVersion[ID] = edgeStack.Version
-	service.service.cacheInvalidationFn(ID)
+	service.service.cacheInvalidationFn(service.tx, ID)
 
 	return nil
 }
@@ -119,14 +116,13 @@ func (service ServiceTx) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	err := service.tx.DeleteObject(BucketName, identifier)
-	if err != nil {
+	if err := service.tx.DeleteObject(BucketName, identifier); err != nil {
 		return err
 	}
 
 	delete(service.service.idxVersion, ID)
 
-	service.service.cacheInvalidationFn(ID)
+	service.service.cacheInvalidationFn(service.tx, ID)
 
 	return nil
 }

api/dataservices/endpointrelation/endpointrelation.go

@@ -1,6 +1,8 @@
 package endpointrelation
 
 import (
+	"sync"
+
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/internal/edge/cache"
@@ -13,11 +15,15 @@ const BucketName = "endpoint_relations"
 
 // Service represents a service for managing environment(endpoint) relation data.
 type Service struct {
-	connection      portainer.Connection
-	updateStackFn   func(ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
-	updateStackFnTx func(tx portainer.Transaction, ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
+	connection             portainer.Connection
+	updateStackFn          func(ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
+	updateStackFnTx        func(tx portainer.Transaction, ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
+	endpointRelationsCache []portainer.EndpointRelation
+	mu                     sync.Mutex
 }
 
+var _ dataservices.EndpointRelationService = &Service{}
+
 func (service *Service) BucketName() string {
 	return BucketName
 }
@@ -76,6 +82,10 @@ func (service *Service) Create(endpointRelation *portainer.EndpointRelation) err
 	err := service.connection.CreateObjectWithId(BucketName, int(endpointRelation.EndpointID), endpointRelation)
 	cache.Del(endpointRelation.EndpointID)
 
+	service.mu.Lock()
+	service.endpointRelationsCache = nil
+	service.mu.Unlock()
+
 	return err
 }
 
@@ -92,11 +102,27 @@ func (service *Service) UpdateEndpointRelation(endpointID portainer.EndpointID,
 
 	updatedRelationState, _ := service.EndpointRelation(endpointID)
 
+	service.mu.Lock()
+	service.endpointRelationsCache = nil
+	service.mu.Unlock()
+
 	service.updateEdgeStacksAfterRelationChange(previousRelationState, updatedRelationState)
 
 	return nil
 }
 
+func (service *Service) AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	return service.connection.ViewTx(func(tx portainer.Transaction) error {
+		return service.Tx(tx).AddEndpointRelationsForEdgeStack(endpointIDs, edgeStackID)
+	})
+}
+
+func (service *Service) RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	return service.connection.ViewTx(func(tx portainer.Transaction) error {
+		return service.Tx(tx).RemoveEndpointRelationsForEdgeStack(endpointIDs, edgeStackID)
+	})
+}
+
 // DeleteEndpointRelation deletes an Environment(Endpoint) relation object
 func (service *Service) DeleteEndpointRelation(endpointID portainer.EndpointID) error {
 	deletedRelation, _ := service.EndpointRelation(endpointID)
@@ -108,27 +134,15 @@ func (service *Service) DeleteEndpointRelation(endpointID portainer.EndpointID)
 		return err
 	}
 
+	service.mu.Lock()
+	service.endpointRelationsCache = nil
+	service.mu.Unlock()
+
 	service.updateEdgeStacksAfterRelationChange(deletedRelation, nil)
 
 	return nil
 }
 
-func (service *Service) InvalidateEdgeCacheForEdgeStack(edgeStackID portainer.EdgeStackID) {
-	rels, err := service.EndpointRelations()
-	if err != nil {
-		log.Error().Err(err).Msg("cannot retrieve endpoint relations")
-		return
-	}
-
-	for _, rel := range rels {
-		for id := range rel.EdgeStacks {
-			if edgeStackID == id {
-				cache.Del(rel.EndpointID)
-			}
-		}
-	}
-}
-
 func (service *Service) updateEdgeStacksAfterRelationChange(previousRelationState *portainer.EndpointRelation, updatedRelationState *portainer.EndpointRelation) {
 	relations, _ := service.EndpointRelations()
 

api/dataservices/endpointrelation/tx.go

@@ -13,6 +13,8 @@ type ServiceTx struct {
 	tx      portainer.Transaction
 }
 
+var _ dataservices.EndpointRelationService = &ServiceTx{}
+
 func (service ServiceTx) BucketName() string {
 	return BucketName
 }
@@ -45,6 +47,10 @@ func (service ServiceTx) Create(endpointRelation *portainer.EndpointRelation) er
 	err := service.tx.CreateObjectWithId(BucketName, int(endpointRelation.EndpointID), endpointRelation)
 	cache.Del(endpointRelation.EndpointID)
 
+	service.service.mu.Lock()
+	service.service.endpointRelationsCache = nil
+	service.service.mu.Unlock()
+
 	return err
 }
 
@@ -61,11 +67,67 @@ func (service ServiceTx) UpdateEndpointRelation(endpointID portainer.EndpointID,
 
 	updatedRelationState, _ := service.EndpointRelation(endpointID)
 
+	service.service.mu.Lock()
+	service.service.endpointRelationsCache = nil
+	service.service.mu.Unlock()
+
 	service.updateEdgeStacksAfterRelationChange(previousRelationState, updatedRelationState)
 
 	return nil
 }
 
+func (service ServiceTx) AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	for _, endpointID := range endpointIDs {
+		rel, err := service.EndpointRelation(endpointID)
+		if err != nil {
+			return err
+		}
+
+		rel.EdgeStacks[edgeStackID] = true
+
+		identifier := service.service.connection.ConvertToKey(int(endpointID))
+		err = service.tx.UpdateObject(BucketName, identifier, rel)
+		cache.Del(endpointID)
+		if err != nil {
+			return err
+		}
+	}
+
+	if err := service.service.updateStackFnTx(service.tx, edgeStackID, func(edgeStack *portainer.EdgeStack) {
+		edgeStack.NumDeployments += len(endpointIDs)
+	}); err != nil {
+		log.Error().Err(err).Msg("could not update the number of deployments")
+	}
+
+	return nil
+}
+
+func (service ServiceTx) RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	for _, endpointID := range endpointIDs {
+		rel, err := service.EndpointRelation(endpointID)
+		if err != nil {
+			return err
+		}
+
+		delete(rel.EdgeStacks, edgeStackID)
+
+		identifier := service.service.connection.ConvertToKey(int(endpointID))
+		err = service.tx.UpdateObject(BucketName, identifier, rel)
+		cache.Del(endpointID)
+		if err != nil {
+			return err
+		}
+	}
+
+	if err := service.service.updateStackFnTx(service.tx, edgeStackID, func(edgeStack *portainer.EdgeStack) {
+		edgeStack.NumDeployments -= len(endpointIDs)
+	}); err != nil {
+		log.Error().Err(err).Msg("could not update the number of deployments")
+	}
+
+	return nil
+}
+
 // DeleteEndpointRelation deletes an Environment(Endpoint) relation object
 func (service ServiceTx) DeleteEndpointRelation(endpointID portainer.EndpointID) error {
 	deletedRelation, _ := service.EndpointRelation(endpointID)
@@ -77,27 +139,44 @@ func (service ServiceTx) DeleteEndpointRelation(endpointID portainer.EndpointID)
 		return err
 	}
 
+	service.service.mu.Lock()
+	service.service.endpointRelationsCache = nil
+	service.service.mu.Unlock()
+
 	service.updateEdgeStacksAfterRelationChange(deletedRelation, nil)
 
 	return nil
 }
 
 func (service ServiceTx) InvalidateEdgeCacheForEdgeStack(edgeStackID portainer.EdgeStackID) {
-	rels, err := service.EndpointRelations()
+	rels, err := service.cachedEndpointRelations()
 	if err != nil {
 		log.Error().Err(err).Msg("cannot retrieve endpoint relations")
 		return
 	}
 
 	for _, rel := range rels {
-		for id := range rel.EdgeStacks {
-			if edgeStackID == id {
-				cache.Del(rel.EndpointID)
-			}
+		if _, ok := rel.EdgeStacks[edgeStackID]; ok {
+			cache.Del(rel.EndpointID)
 		}
 	}
 }
 
+func (service ServiceTx) cachedEndpointRelations() ([]portainer.EndpointRelation, error) {
+	service.service.mu.Lock()
+	defer service.service.mu.Unlock()
+
+	if service.service.endpointRelationsCache == nil {
+		var err error
+		service.service.endpointRelationsCache, err = service.EndpointRelations()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return service.service.endpointRelationsCache, nil
+}
+
 func (service ServiceTx) updateEdgeStacksAfterRelationChange(previousRelationState *portainer.EndpointRelation, updatedRelationState *portainer.EndpointRelation) {
 	relations, _ := service.EndpointRelations()
 
@@ -133,6 +212,7 @@ func (service ServiceTx) updateEdgeStacksAfterRelationChange(previousRelationSta
 		}
 
 		numDeployments := 0
+
 		for _, r := range relations {
 			for sId, enabled := range r.EdgeStacks {
 				if enabled && sId == refStackId {

api/dataservices/interface.go

@@ -115,6 +115,8 @@ type (
 		EndpointRelation(EndpointID portainer.EndpointID) (*portainer.EndpointRelation, error)
 		Create(endpointRelation *portainer.EndpointRelation) error
 		UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error
+		AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error
+		RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error
 		DeleteEndpointRelation(EndpointID portainer.EndpointID) error
 		BucketName() string
 	}

api/datastore/services.go

@@ -100,7 +100,9 @@ func (store *Store) initServices() error {
 	}
 	store.EndpointRelationService = endpointRelationService
 
-	edgeStackService, err := edgestack.NewService(store.connection, endpointRelationService.InvalidateEdgeCacheForEdgeStack)
+	edgeStackService, err := edgestack.NewService(store.connection, func(tx portainer.Transaction, ID portainer.EdgeStackID) {
+		endpointRelationService.Tx(tx).InvalidateEdgeCacheForEdgeStack(ID)
+	})
 	if err != nil {
 		return err
 	}

api/datastore/test_data/output_24_to_latest.json

@@ -605,12 +605,12 @@
     "GlobalDeploymentOptions": {
       "hideStacksFunctionality": false
     },
-    "HelmRepositoryURL": "https://charts.bitnami.com/bitnami",
+    "HelmRepositoryURL": "",
     "InternalAuthSettings": {
       "RequiredPasswordLength": 12
     },
     "KubeconfigExpiry": "0",
-    "KubectlShellImage": "portainer/kubectl-shell:2.25.0",
+    "KubectlShellImage": "portainer/kubectl-shell:2.27.1",
     "LDAPSettings": {
       "AnonymousMode": true,
       "AutoCreateUsers": true,
@@ -943,7 +943,7 @@
     }
   ],
   "version": {
-    "VERSION": "{\"SchemaVersion\":\"2.25.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
+    "VERSION": "{\"SchemaVersion\":\"2.27.1\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
   },
   "webhooks": null
 }

api/docker/client/client.go

@@ -3,8 +3,8 @@ package client
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
-	"maps"
 	"net/http"
 	"strings"
 	"time"
@@ -141,7 +141,6 @@ func createAgentClient(endpoint *portainer.Endpoint, endpointURL string, signatu
 
 type NodeNameTransport struct {
 	*http.Transport
-	nodeNames map[string]string
 }
 
 func (t *NodeNameTransport) RoundTrip(req *http.Request) (*http.Response, error) {
@@ -176,18 +175,19 @@ func (t *NodeNameTransport) RoundTrip(req *http.Request) (*http.Response, error)
 		return resp, nil
 	}
 
-	t.nodeNames = make(map[string]string)
-	for _, r := range rs {
-		t.nodeNames[r.ID] = r.Portainer.Agent.NodeName
+	nodeNames, ok := req.Context().Value("nodeNames").(map[string]string)
+	if ok {
+		for idx, r := range rs {
+			// as there is no way to differentiate the same image available in multiple nodes only by their ID
+			// we append the index of the image in the payload response to match the node name later
+			// from the image.Summary[] list returned by docker's client.ImageList()
+			nodeNames[fmt.Sprintf("%s-%d", r.ID, idx)] = r.Portainer.Agent.NodeName
+		}
 	}
 
 	return resp, err
 }
 
-func (t *NodeNameTransport) NodeNames() map[string]string {
-	return maps.Clone(t.nodeNames)
-}
-
 func httpClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*http.Client, error) {
 	transport := &NodeNameTransport{
 		Transport: &http.Transport{},

api/edge/edge.go

@@ -64,9 +64,14 @@ type (
 
 	DeployerOptionsPayload struct {
 		// Prune is a flag indicating if the agent must prune the containers or not when creating/updating an edge stack
-		// This flag drives docker compose `--remove-orphans` and docker stack `--prune` options
+		// This flag drives `docker compose up --remove-orphans` and `docker stack up --prune` options
 		// Used only for EE
 		Prune bool
+		// RemoveVolumes is a flag indicating if the agent must remove the named volumes declared
+		// in the compose file and anonymouse volumes attached to containers
+		// This flag drives `docker compose down --volumes` option
+		// Used only for EE
+		RemoveVolumes bool
 	}
 
 	// RegistryCredentials holds the credentials for a Docker registry.

api/exec/swarm_stack.go

@@ -127,7 +127,7 @@ func (manager *SwarmStackManager) Remove(stack *portainer.Stack, endpoint *porta
 		return err
 	}
 
-	args = append(args, "stack", "rm", stack.Name)
+	args = append(args, "stack", "rm", "--detach=false", stack.Name)
 
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }

api/filesystem/filesystem.go

@@ -841,11 +841,11 @@ func (service *Service) GetDefaultSSLCertsPath() (string, string) {
 }
 
 func defaultMTLSCertPathUnderFileStore() (string, string, string) {
-	certPath := JoinPaths(SSLCertPath, MTLSCertFilename)
 	caCertPath := JoinPaths(SSLCertPath, MTLSCACertFilename)
+	certPath := JoinPaths(SSLCertPath, MTLSCertFilename)
 	keyPath := JoinPaths(SSLCertPath, MTLSKeyFilename)
 
-	return certPath, caCertPath, keyPath
+	return caCertPath, certPath, keyPath
 }
 
 // GetDefaultChiselPrivateKeyPath returns the chisle private key path
@@ -1014,26 +1014,45 @@ func CreateFile(path string, r io.Reader) error {
 	return err
 }
 
-func (service *Service) StoreMTLSCertificates(cert, caCert, key []byte) (string, string, string, error) {
-	certPath, caCertPath, keyPath := defaultMTLSCertPathUnderFileStore()
+func (service *Service) StoreMTLSCertificates(caCert, cert, key []byte) (string, string, string, error) {
+	caCertPath, certPath, keyPath := defaultMTLSCertPathUnderFileStore()
 
-	r := bytes.NewReader(cert)
-	err := service.createFileInStore(certPath, r)
-	if err != nil {
+	r := bytes.NewReader(caCert)
+	if err := service.createFileInStore(caCertPath, r); err != nil {
 		return "", "", "", err
 	}
 
-	r = bytes.NewReader(caCert)
-	err = service.createFileInStore(caCertPath, r)
-	if err != nil {
+	r = bytes.NewReader(cert)
+	if err := service.createFileInStore(certPath, r); err != nil {
 		return "", "", "", err
 	}
 
 	r = bytes.NewReader(key)
-	err = service.createFileInStore(keyPath, r)
-	if err != nil {
+	if err := service.createFileInStore(keyPath, r); err != nil {
 		return "", "", "", err
 	}
 
-	return service.wrapFileStore(certPath), service.wrapFileStore(caCertPath), service.wrapFileStore(keyPath), nil
+	return service.wrapFileStore(caCertPath), service.wrapFileStore(certPath), service.wrapFileStore(keyPath), nil
+}
+
+func (service *Service) GetMTLSCertificates() (string, string, string, error) {
+	caCertPath, certPath, keyPath := defaultMTLSCertPathUnderFileStore()
+
+	caCertPath = service.wrapFileStore(caCertPath)
+	certPath = service.wrapFileStore(certPath)
+	keyPath = service.wrapFileStore(keyPath)
+
+	paths := [...]string{caCertPath, certPath, keyPath}
+	for _, path := range paths {
+		exists, err := service.FileExists(path)
+		if err != nil {
+			return "", "", "", err
+		}
+
+		if !exists {
+			return "", "", "", fmt.Errorf("file %s does not exist", path)
+		}
+	}
+
+	return caCertPath, certPath, keyPath, nil
 }

api/filesystem/serialize_per_dev_configs.go

@@ -44,11 +44,10 @@ func deduplicate(dirEntries []DirEntry) []DirEntry {
 
 // FilterDirForPerDevConfigs filers the given dirEntries, returns entries for the given device
 // For given configPath A/B/C, return entries:
-//  1. all entries outside of dir A
-//  2. dir entries A, A/B, A/B/C
-//  3. For filterType file:
+//  1. all entries outside of dir A/B/C
+//  2. For filterType file:
 //     file entries: A/B/C/<deviceName> and A/B/C/<deviceName>.*
-//  4. For filterType dir:
+//  3. For filterType dir:
 //     dir entry:   A/B/C/<deviceName>
 //     all entries: A/B/C/<deviceName>/*
 func FilterDirForPerDevConfigs(dirEntries []DirEntry, deviceName, configPath string, filterType portainer.PerDevConfigsFilterType) []DirEntry {
@@ -66,12 +65,7 @@ func FilterDirForPerDevConfigs(dirEntries []DirEntry, deviceName, configPath str
 func shouldIncludeEntry(dirEntry DirEntry, deviceName, configPath string, filterType portainer.PerDevConfigsFilterType) bool {
 
 	// Include all entries outside of dir A
-	if !isInConfigRootDir(dirEntry, configPath) {
-		return true
-	}
-
-	// Include dir entries A, A/B, A/B/C
-	if isParentDir(dirEntry, configPath) {
+	if !isInConfigDir(dirEntry, configPath) {
 		return true
 	}
 
@@ -90,21 +84,9 @@ func shouldIncludeEntry(dirEntry DirEntry, deviceName, configPath string, filter
 	return false
 }
 
-func isInConfigRootDir(dirEntry DirEntry, configPath string) bool {
-	// get the first element of the configPath
-	rootDir := strings.Split(configPath, string(os.PathSeparator))[0]
-
-	// return true if entry name starts with "A/"
-	return strings.HasPrefix(dirEntry.Name, appendTailSeparator(rootDir))
-}
-
-func isParentDir(dirEntry DirEntry, configPath string) bool {
-	if dirEntry.IsFile {
-		return false
-	}
-
-	// return true for dir entries A, A/B, A/B/C
-	return strings.HasPrefix(appendTailSeparator(configPath), appendTailSeparator(dirEntry.Name))
+func isInConfigDir(dirEntry DirEntry, configPath string) bool {
+	// return true if entry name starts with "A/B"
+	return strings.HasPrefix(dirEntry.Name, appendTailSeparator(configPath))
 }
 
 func shouldIncludeFile(dirEntry DirEntry, deviceName, configPath string) bool {

api/filesystem/serialize_per_dev_configs_test.go

@@ -90,3 +90,24 @@ func TestMultiFilterDirForPerDevConfigs(t *testing.T) {
 		})
 	}
 }
+
+func TestIsInConfigDir(t *testing.T) {
+	f := func(dirEntry DirEntry, configPath string, expect bool) {
+		t.Helper()
+
+		actual := isInConfigDir(dirEntry, configPath)
+		assert.Equal(t, expect, actual)
+	}
+
+	f(DirEntry{Name: "edge-configs"}, "edge-configs", false)
+	f(DirEntry{Name: "edge-configs_backup"}, "edge-configs", false)
+	f(DirEntry{Name: "edge-configs/standalone-edge-agent-standard"}, "edge-configs", true)
+	f(DirEntry{Name: "parent/edge-configs/"}, "edge-configs", false)
+	f(DirEntry{Name: "edgestacktest"}, "edgestacktest/edge-configs", false)
+	f(DirEntry{Name: "edgestacktest/edgeconfigs-test.yaml"}, "edgestacktest/edge-configs", false)
+	f(DirEntry{Name: "edgestacktest/file1.conf"}, "edgestacktest/edge-configs", false)
+	f(DirEntry{Name: "edgeconfigs-test.yaml"}, "edgestacktest/edge-configs", false)
+	f(DirEntry{Name: "edgestacktest/edge-configs"}, "edgestacktest/edge-configs", false)
+	f(DirEntry{Name: "edgestacktest/edge-configs/standalone-edge-agent-async"}, "edgestacktest/edge-configs", true)
+	f(DirEntry{Name: "edgestacktest/edge-configs/abc.txt"}, "edgestacktest/edge-configs", true)
+}

api/hostmanagement/openamt/deviceActions.go

@@ -44,13 +44,13 @@ func (service *Service) executeDeviceAction(configuration portainer.OpenAMTConfi
 }
 
 func parseAction(actionRaw string) (portainer.PowerState, error) {
-	switch strings.ToLower(actionRaw) {
-	case "power on":
+	if strings.EqualFold(actionRaw, "power on") {
 		return powerOnState, nil
-	case "power off":
+	} else if strings.EqualFold(actionRaw, "power off") {
 		return powerOffState, nil
-	case "restart":
+	} else if strings.EqualFold(actionRaw, "restart") {
 		return restartState, nil
 	}
+
 	return 0, fmt.Errorf("unsupported device action %s", actionRaw)
 }

api/http/csrf/csrf.go

@@ -13,6 +13,12 @@ import (
 	"github.com/urfave/negroni"
 )
 
+const csrfSkipHeader = "X-CSRF-Token-Skip"
+
+func SkipCSRFToken(w http.ResponseWriter) {
+	w.Header().Set(csrfSkipHeader, "1")
+}
+
 func WithProtect(handler http.Handler) (http.Handler, error) {
 	// IsDockerDesktopExtension is used to check if we should skip csrf checks in the request bouncer (ShouldSkipCSRFCheck)
 	// DOCKER_EXTENSION is set to '1' in build/docker-extension/docker-compose.yml
@@ -42,10 +48,14 @@ func withSendCSRFToken(handler http.Handler) http.Handler {
 		sw := negroni.NewResponseWriter(w)
 
 		sw.Before(func(sw negroni.ResponseWriter) {
-			statusCode := sw.Status()
-			if statusCode >= 200 && statusCode < 300 {
-				csrfToken := gorillacsrf.Token(r)
-				sw.Header().Set("X-CSRF-Token", csrfToken)
+			if len(sw.Header().Get(csrfSkipHeader)) > 0 {
+				sw.Header().Del(csrfSkipHeader)
+
+				return
+			}
+
+			if statusCode := sw.Status(); statusCode >= 200 && statusCode < 300 {
+				sw.Header().Set("X-CSRF-Token", gorillacsrf.Token(r))
 			}
 		})
 

api/http/handler/customtemplates/customtemplate_create.go

@@ -482,28 +482,3 @@ func (handler *Handler) createCustomTemplateFromFileUpload(r *http.Request) (*po
 
 	return customTemplate, nil
 }
-
-// @id CustomTemplateCreate
-// @summary Create a custom template
-// @description Create a custom template.
-// @description **Access policy**: authenticated
-// @tags custom_templates
-// @security ApiKeyAuth
-// @security jwt
-// @accept json,multipart/form-data
-// @produce json
-// @param method query string true "method for creating template" Enums(string, file, repository)
-// @param body body object true "for body documentation see the relevant /custom_templates/{method} endpoint"
-// @success 200 {object} portainer.CustomTemplate
-// @failure 400 "Invalid request"
-// @failure 500 "Server error"
-// @deprecated
-// @router /custom_templates [post]
-func deprecatedCustomTemplateCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
-	method, err := request.RetrieveQueryParameter(r, "method", false)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: method", err)
-	}
-
-	return "/custom_templates/create/" + method, nil
-}

api/http/handler/customtemplates/handler.go

@@ -7,7 +7,6 @@ import (
 	"github.com/gorilla/mux"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 )
@@ -33,7 +32,6 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 
 	h.Handle("/custom_templates/create/{method}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateCreate))).Methods(http.MethodPost)
-	h.Handle("/custom_templates", middlewares.Deprecated(h, deprecatedCustomTemplateCreateUrlParser)).Methods(http.MethodPost) // Deprecated
 	h.Handle("/custom_templates",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateList))).Methods(http.MethodGet)
 	h.Handle("/custom_templates/{id}",

api/http/handler/docker/images/images_list.go

@@ -1,10 +1,11 @@
 package images
 
 import (
+	"context"
+	"fmt"
 	"net/http"
 	"strings"
 
-	"github.com/portainer/portainer/api/docker/client"
 	"github.com/portainer/portainer/api/http/handler/docker/utils"
 	"github.com/portainer/portainer/api/set"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
@@ -46,17 +47,16 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http
 		return httpErr
 	}
 
-	images, err := cli.ImageList(r.Context(), image.ListOptions{})
+	nodeNames := make(map[string]string)
+
+	// Pass the node names map to the context so the custom NodeNameTransport can use it
+	ctx := context.WithValue(r.Context(), "nodeNames", nodeNames)
+
+	images, err := cli.ImageList(ctx, image.ListOptions{})
 	if err != nil {
 		return httperror.InternalServerError("Unable to retrieve Docker images", err)
 	}
 
-	// Extract the node name from the custom transport
-	nodeNames := make(map[string]string)
-	if t, ok := cli.HTTPClient().Transport.(*client.NodeNameTransport); ok {
-		nodeNames = t.NodeNames()
-	}
-
 	withUsage, err := request.RetrieveBooleanQueryParameter(r, "withUsage", true)
 	if err != nil {
 		return httperror.BadRequest("Invalid query parameter: withUsage", err)
@@ -85,8 +85,12 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http
 		}
 
 		imagesList[i] = ImageResponse{
-			Created:  image.Created,
-			NodeName: nodeNames[image.ID],
+			Created: image.Created,
+			// Only works if the order of `images` is not changed between unmarshaling the agent's response
+			// in NodeNameTransport.RoundTrip()  (api/docker/client/client.go)
+			// and docker's cli.ImageList()
+			// As both functions unmarshal the same response body, the resulting array will be ordered the same way.
+			NodeName: nodeNames[fmt.Sprintf("%s-%d", image.ID, i)],
 			ID:       image.ID,
 			Size:     image.Size,
 			Tags:     image.RepoTags,

api/http/handler/edgegroups/edgegroup_update.go

@@ -167,7 +167,7 @@ func (handler *Handler) edgeGroupUpdate(w http.ResponseWriter, r *http.Request)
 
 func (handler *Handler) updateEndpointStacks(tx dataservices.DataStoreTx, endpoint *portainer.Endpoint, edgeGroups []portainer.EdgeGroup, edgeStacks []portainer.EdgeStack) error {
 	relation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil {
+	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
 		return err
 	}
 
@@ -183,6 +183,12 @@ func (handler *Handler) updateEndpointStacks(tx dataservices.DataStoreTx, endpoi
 		edgeStackSet[edgeStackID] = true
 	}
 
+	if relation == nil {
+		relation = &portainer.EndpointRelation{
+			EndpointID: endpoint.ID,
+			EdgeStacks: make(map[portainer.EdgeStackID]bool),
+		}
+	}
 	relation.EdgeStacks = edgeStackSet
 
 	return tx.EndpointRelation().UpdateEndpointRelation(endpoint.ID, relation)

api/http/handler/edgejobs/edgejob_create.go

@@ -271,26 +271,3 @@ func (handler *Handler) addAndPersistEdgeJob(tx dataservices.DataStoreTx, edgeJo
 
 	return tx.EdgeJob().CreateWithID(edgeJob.ID, edgeJob)
 }
-
-// @id EdgeJobCreate
-// @summary Create an EdgeJob
-// @description **Access policy**: administrator
-// @tags edge_jobs
-// @security ApiKeyAuth
-// @security jwt
-// @produce json
-// @param method query string true "Creation Method" Enums(file, string)
-// @param body body object true "for body documentation see the relevant /edge_jobs/create/{method} endpoint"
-// @success 200 {object} portainer.EdgeGroup
-// @failure 503 "Edge compute features are disabled"
-// @failure 500
-// @deprecated
-// @router /edge_jobs [post]
-func deprecatedEdgeJobCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
-	method, err := request.RetrieveQueryParameter(r, "method", false)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
-	}
-
-	return "/edge_jobs/create/" + method, nil
-}

api/http/handler/edgejobs/handler.go

@@ -6,7 +6,6 @@ import (
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -30,8 +29,6 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	h.Handle("/edge_jobs",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeJobList)))).Methods(http.MethodGet)
-	h.Handle("/edge_jobs",
-		bouncer.AdminAccess(bouncer.EdgeComputeOperation(middlewares.Deprecated(h, deprecatedEdgeJobCreateUrlParser)))).Methods(http.MethodPost)
 	h.Handle("/edge_jobs/create/{method}",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeJobCreate)))).Methods(http.MethodPost)
 	h.Handle("/edge_jobs/{id}",

api/http/handler/edgestacks/edgestack_create.go

@@ -55,26 +55,3 @@ func (handler *Handler) createSwarmStack(tx dataservices.DataStoreTx, method str
 
 	return nil, httperrors.NewInvalidPayloadError("Invalid value for query parameter: method. Value must be one of: string, repository or file")
 }
-
-// @id EdgeStackCreate
-// @summary Create an EdgeStack
-// @description **Access policy**: administrator
-// @tags edge_stacks
-// @security ApiKeyAuth
-// @security jwt
-// @produce json
-// @param method query string true "Creation Method" Enums(file,string,repository)
-// @param body body object true "for body documentation see the relevant /edge_stacks/create/{method} endpoint"
-// @success 200 {object} portainer.EdgeStack
-// @failure 500
-// @failure 503 "Edge compute features are disabled"
-// @deprecated
-// @router /edge_stacks [post]
-func deprecatedEdgeStackCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
-	method, err := request.RetrieveQueryParameter(r, "method", false)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
-	}
-
-	return "/edge_stacks/create/" + method, nil
-}

api/http/handler/edgestacks/edgestack_delete.go

@@ -3,6 +3,7 @@ package edgestacks
 import (
 	"errors"
 	"net/http"
+	"strconv"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
@@ -52,10 +53,14 @@ func (handler *Handler) deleteEdgeStack(tx dataservices.DataStoreTx, edgeStackID
 		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", err)
 	}
 
-	err = handler.edgeStacksService.DeleteEdgeStack(tx, edgeStack.ID, edgeStack.EdgeGroups)
-	if err != nil {
+	if err := handler.edgeStacksService.DeleteEdgeStack(tx, edgeStack.ID, edgeStack.EdgeGroups); err != nil {
 		return httperror.InternalServerError("Unable to delete edge stack", err)
 	}
 
+	stackFolder := handler.FileService.GetEdgeStackProjectPath(strconv.Itoa(int(edgeStack.ID)))
+	if err := handler.FileService.RemoveDirectory(stackFolder); err != nil {
+		return httperror.InternalServerError("Unable to remove edge stack project folder", err)
+	}
+
 	return nil
 }

api/http/handler/edgestacks/edgestack_delete_test.go

@@ -1,12 +1,14 @@
 package edgestacks
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 
 	portainer "github.com/portainer/portainer/api"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/segmentio/encoding/json"
 )
@@ -101,3 +103,52 @@ func TestDeleteInvalidEdgeStack(t *testing.T) {
 		})
 	}
 }
+
+func TestDeleteEdgeStack_RemoveProjectFolder(t *testing.T) {
+	handler, rawAPIKey := setupHandler(t)
+
+	edgeGroup := createEdgeGroup(t, handler.DataStore)
+
+	payload := edgeStackFromStringPayload{
+		Name:             "test-stack",
+		DeploymentType:   portainer.EdgeStackDeploymentCompose,
+		EdgeGroups:       []portainer.EdgeGroupID{edgeGroup.ID},
+		StackFileContent: "version: '3.7'\nservices:\n  test:\n    image: test",
+	}
+
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(payload); err != nil {
+		t.Fatal("error encoding payload:", err)
+	}
+
+	// Create
+	req, err := http.NewRequest(http.MethodPost, "/edge_stacks/create/string", &buf)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("expected a %d response, found: %d", http.StatusNoContent, rec.Code)
+	}
+
+	assert.DirExists(t, handler.FileService.GetEdgeStackProjectPath("1"))
+
+	// Delete
+	if req, err = http.NewRequest(http.MethodDelete, "/edge_stacks/1", nil); err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusNoContent {
+		t.Fatalf("expected a %d response, found: %d", http.StatusNoContent, rec.Code)
+	}
+
+	assert.NoDirExists(t, handler.FileService.GetEdgeStackProjectPath("1"))
+}

api/http/handler/edgestacks/edgestack_file.go

@@ -34,7 +34,7 @@ func (handler *Handler) edgeStackFile(w http.ResponseWriter, r *http.Request) *h
 
 	stack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(stackID))
 	if err != nil {
-		return handler.handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
+		return handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
 	}
 
 	fileName := stack.EntryPoint

api/http/handler/edgestacks/edgestack_inspect.go

@@ -30,7 +30,7 @@ func (handler *Handler) edgeStackInspect(w http.ResponseWriter, r *http.Request)
 
 	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
 	if err != nil {
-		return handler.handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
+		return handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
 	}
 
 	return response.JSON(w, edgeStack)

api/http/handler/edgestacks/edgestack_status_delete.go

@@ -1,87 +0,0 @@
-package edgestacks
-
-import (
-	"errors"
-	"net/http"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/http/middlewares"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-)
-
-// @id EdgeStackStatusDelete
-// @summary Delete an EdgeStack status
-// @description Authorized only if the request is done by an Edge Environment(Endpoint)
-// @tags edge_stacks
-// @produce json
-// @param id path int true "EdgeStack Id"
-// @param environmentId path int true "Environment identifier"
-// @success 200 {object} portainer.EdgeStack
-// @failure 500
-// @failure 400
-// @failure 404
-// @failure 403
-// @deprecated
-// @router /edge_stacks/{id}/status/{environmentId} [delete]
-func (handler *Handler) edgeStackStatusDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	stackID, err := request.RetrieveNumericRouteVariableValue(r, "id")
-	if err != nil {
-		return httperror.BadRequest("Invalid stack identifier route variable", err)
-	}
-
-	endpoint, err := middlewares.FetchEndpoint(r)
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve a valid endpoint from the handler context", err)
-	}
-
-	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
-	if err != nil {
-		return httperror.Forbidden("Permission denied to access environment", err)
-	}
-
-	var stack *portainer.EdgeStack
-	err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		stack, err = handler.deleteEdgeStackStatus(tx, portainer.EdgeStackID(stackID), endpoint)
-		return err
-	})
-	if err != nil {
-		var httpErr *httperror.HandlerError
-		if errors.As(err, &httpErr) {
-			return httpErr
-		}
-
-		return httperror.InternalServerError("Unexpected error", err)
-	}
-
-	return response.JSON(w, stack)
-}
-
-func (handler *Handler) deleteEdgeStackStatus(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID, endpoint *portainer.Endpoint) (*portainer.EdgeStack, error) {
-	stack, err := tx.EdgeStack().EdgeStack(stackID)
-	if err != nil {
-		return nil, handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
-	}
-
-	environmentStatus, ok := stack.Status[endpoint.ID]
-	if !ok {
-		environmentStatus = portainer.EdgeStackStatus{}
-	}
-
-	environmentStatus.Status = append(environmentStatus.Status, portainer.EdgeStackDeploymentStatus{
-		Time: time.Now().Unix(),
-		Type: portainer.EdgeStackStatusRemoved,
-	})
-
-	stack.Status[endpoint.ID] = environmentStatus
-
-	err = tx.EdgeStack().UpdateEdgeStack(stack.ID, stack)
-	if err != nil {
-		return nil, httperror.InternalServerError("Unable to persist the stack changes inside the database", err)
-	}
-
-	return stack, nil
-}

api/http/handler/edgestacks/edgestack_status_delete_test.go

@@ -1,30 +0,0 @@
-package edgestacks
-
-import (
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-func TestDeleteStatus(t *testing.T) {
-	handler, _ := setupHandler(t)
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d/status/%d", edgeStack.ID, endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
-	}
-}

api/http/handler/edgestacks/edgestack_status_update.go

@@ -4,10 +4,11 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"slices"
+	"strconv"
 	"time"
 
 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -20,6 +21,7 @@ type updateStatusPayload struct {
 	Status     *portainer.EdgeStackStatusType
 	EndpointID portainer.EndpointID
 	Time       int64
+	Version    int
 }
 
 func (payload *updateStatusPayload) Validate(r *http.Request) error {
@@ -67,11 +69,21 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return httperror.BadRequest("Invalid request payload", fmt.Errorf("edge polling error: %w. Environment ID: %d", err, payload.EndpointID))
 	}
 
-	var stack *portainer.EdgeStack
-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		stack, err = handler.updateEdgeStackStatus(tx, r, portainer.EdgeStackID(stackID), payload)
-		return err
-	}); err != nil {
+	endpoint, err := handler.DataStore.Endpoint().Endpoint(payload.EndpointID)
+	if err != nil {
+		return handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
+	}
+
+	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
+		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	}
+
+	updateFn := func(stack *portainer.EdgeStack) (*portainer.EdgeStack, error) {
+		return handler.updateEdgeStackStatus(stack, stack.ID, payload)
+	}
+
+	stack, err := handler.stackCoordinator.UpdateStatus(r, portainer.EdgeStackID(stackID), updateFn)
+	if err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
 			return httpErr
@@ -80,32 +92,16 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return httperror.InternalServerError("Unexpected error", err)
 	}
 
+	if ok, _ := strconv.ParseBool(r.Header.Get("X-Portainer-No-Body")); ok {
+		return nil
+	}
+
 	return response.JSON(w, stack)
 }
 
-func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *http.Request, stackID portainer.EdgeStackID, payload updateStatusPayload) (*portainer.EdgeStack, error) {
-	stack, err := tx.EdgeStack().EdgeStack(stackID)
-	if err != nil {
-		if dataservices.IsErrObjectNotFound(err) {
-			// skip error because agent tries to report on deleted stack
-			log.Debug().
-				Err(err).
-				Int("stackID", int(stackID)).
-				Int("status", int(*payload.Status)).
-				Msg("Unable to find a stack inside the database, skipping error")
-			return nil, nil
-		}
-
-		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w. Environment ID: %d", err, payload.EndpointID)
-	}
-
-	endpoint, err := tx.Endpoint().Endpoint(payload.EndpointID)
-	if err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
-	}
-
-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return nil, httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+func (handler *Handler) updateEdgeStackStatus(stack *portainer.EdgeStack, stackID portainer.EdgeStackID, payload updateStatusPayload) (*portainer.EdgeStack, error) {
+	if payload.Version > 0 && payload.Version < stack.Version {
+		return stack, nil
 	}
 
 	status := *payload.Status
@@ -123,10 +119,6 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
 
 	updateEnvStatus(payload.EndpointID, stack, deploymentStatus)
 
-	if err := tx.EdgeStack().UpdateEdgeStack(stackID, stack); err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to update Edge stack to the database: %w. Environment name: %s", err, endpoint.Name), "unable to update Edge stack")
-	}
-
 	return stack, nil
 }
 
@@ -145,7 +137,11 @@ func updateEnvStatus(environmentId portainer.EndpointID, stack *portainer.EdgeSt
 		}
 	}
 
-	environmentStatus.Status = append(environmentStatus.Status, deploymentStatus)
+	if containsStatus := slices.ContainsFunc(environmentStatus.Status, func(e portainer.EdgeStackDeploymentStatus) bool {
+		return e.Type == deploymentStatus.Type
+	}); !containsStatus {
+		environmentStatus.Status = append(environmentStatus.Status, deploymentStatus)
+	}
 
 	stack.Status[environmentId] = environmentStatus
 }

api/http/handler/edgestacks/edgestack_status_update_coordinator.go

@@ -0,0 +1,155 @@
+package edgestacks
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+
+	"github.com/rs/zerolog/log"
+)
+
+type statusRequest struct {
+	respCh   chan statusResponse
+	stackID  portainer.EdgeStackID
+	updateFn statusUpdateFn
+}
+
+type statusResponse struct {
+	Stack *portainer.EdgeStack
+	Error error
+}
+
+type statusUpdateFn func(*portainer.EdgeStack) (*portainer.EdgeStack, error)
+
+type EdgeStackStatusUpdateCoordinator struct {
+	updateCh  chan statusRequest
+	dataStore dataservices.DataStore
+}
+
+var errAnotherStackUpdateInProgress = errors.New("another stack update is in progress")
+
+func NewEdgeStackStatusUpdateCoordinator(dataStore dataservices.DataStore) *EdgeStackStatusUpdateCoordinator {
+	return &EdgeStackStatusUpdateCoordinator{
+		updateCh:  make(chan statusRequest),
+		dataStore: dataStore,
+	}
+}
+
+func (c *EdgeStackStatusUpdateCoordinator) Start() {
+	for {
+		c.loop()
+	}
+}
+
+func (c *EdgeStackStatusUpdateCoordinator) loop() {
+	u := <-c.updateCh
+
+	respChs := []chan statusResponse{u.respCh}
+
+	var stack *portainer.EdgeStack
+
+	err := c.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+		// 1. Load the edge stack
+		var err error
+
+		stack, err = loadEdgeStack(tx, u.stackID)
+		if err != nil {
+			return err
+		}
+
+		// Return early when the agent tries to update the status on a deleted stack
+		if stack == nil {
+			return nil
+		}
+
+		// 2. Mutate the edge stack opportunistically until there are no more pending updates
+		for {
+			stack, err = u.updateFn(stack)
+			if err != nil {
+				return err
+			}
+
+			if m, ok := c.getNextUpdate(stack.ID); ok {
+				u = m
+			} else {
+				break
+			}
+
+			respChs = append(respChs, u.respCh)
+		}
+
+		// 3. Save the changes back to the database
+		if err := tx.EdgeStack().UpdateEdgeStack(stack.ID, stack); err != nil {
+			return handlerDBErr(fmt.Errorf("unable to update Edge stack: %w.", err), "Unable to persist the stack changes inside the database")
+		}
+
+		return nil
+	})
+
+	// 4. Send back the responses
+	for _, ch := range respChs {
+		ch <- statusResponse{Stack: stack, Error: err}
+	}
+}
+
+func loadEdgeStack(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID) (*portainer.EdgeStack, error) {
+	stack, err := tx.EdgeStack().EdgeStack(stackID)
+	if err != nil {
+		if dataservices.IsErrObjectNotFound(err) {
+			// Skip the error when the agent tries to update the status on a deleted stack
+			log.Debug().
+				Err(err).
+				Int("stackID", int(stackID)).
+				Msg("Unable to find a stack inside the database, skipping error")
+
+			return nil, nil
+		}
+
+		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w.", err)
+	}
+
+	return stack, nil
+}
+
+func (c *EdgeStackStatusUpdateCoordinator) getNextUpdate(stackID portainer.EdgeStackID) (statusRequest, bool) {
+	for {
+		select {
+		case u := <-c.updateCh:
+			// Discard the update and let the agent retry
+			if u.stackID != stackID {
+				u.respCh <- statusResponse{Error: errAnotherStackUpdateInProgress}
+
+				continue
+			}
+
+			return u, true
+
+		default:
+			return statusRequest{}, false
+		}
+	}
+}
+
+func (c *EdgeStackStatusUpdateCoordinator) UpdateStatus(r *http.Request, stackID portainer.EdgeStackID, updateFn statusUpdateFn) (*portainer.EdgeStack, error) {
+	respCh := make(chan statusResponse)
+	defer close(respCh)
+
+	msg := statusRequest{
+		respCh:   respCh,
+		stackID:  stackID,
+		updateFn: updateFn,
+	}
+
+	select {
+	case c.updateCh <- msg:
+		r := <-respCh
+
+		return r.Stack, r.Error
+
+	case <-r.Context().Done():
+		return nil, r.Context().Err()
+	}
+}

api/http/handler/edgestacks/edgestack_test.go

@@ -51,10 +51,14 @@ func setupHandler(t *testing.T) (*Handler, string) {
 		t.Fatal(err)
 	}
 
+	coord := NewEdgeStackStatusUpdateCoordinator(store)
+	go coord.Start()
+
 	handler := NewHandler(
 		security.NewRequestBouncer(store, jwtService, apiKeyService),
 		store,
 		edgestacks.NewService(store),
+		coord,
 	)
 
 	handler.FileService = fs
@@ -144,3 +148,15 @@ func createEdgeStack(t *testing.T, store dataservices.DataStore, endpointID port
 
 	return edgeStack
 }
+
+func createEdgeGroup(t *testing.T, store dataservices.DataStore) portainer.EdgeGroup {
+	edgeGroup := portainer.EdgeGroup{
+		ID:   1,
+		Name: "EdgeGroup 1",
+	}
+
+	if err := store.EdgeGroup().Create(&edgeGroup); err != nil {
+		t.Fatal(err)
+	}
+	return edgeGroup
+}

api/http/handler/edgestacks/edgestack_update.go

@@ -80,7 +80,7 @@ func (handler *Handler) edgeStackUpdate(w http.ResponseWriter, r *http.Request)
 func (handler *Handler) updateEdgeStack(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID, payload updateEdgeStackPayload) (*portainer.EdgeStack, error) {
 	stack, err := tx.EdgeStack().EdgeStack(stackID)
 	if err != nil {
-		return nil, handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
+		return nil, handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
 	}
 
 	relationConfig, err := edge.FetchEndpointRelationsConfig(tx)
@@ -107,7 +107,7 @@ func (handler *Handler) updateEdgeStack(tx dataservices.DataStoreTx, stackID por
 
 	hasWrongType, err := hasWrongEnvironmentType(tx.Endpoint(), relatedEndpointIds, payload.DeploymentType)
 	if err != nil {
-		return nil, httperror.BadRequest("unable to check for existence of non fitting environments: %w", err)
+		return nil, httperror.InternalServerError("unable to check for existence of non fitting environments: %w", err)
 	}
 	if hasWrongType {
 		return nil, httperror.BadRequest("edge stack with config do not match the environment type", nil)
@@ -138,48 +138,19 @@ func (handler *Handler) handleChangeEdgeGroups(tx dataservices.DataStoreTx, edge
 		return nil, nil, errors.WithMessage(err, "Unable to retrieve edge stack related environments from database")
 	}
 
-	oldRelatedSet := set.ToSet(oldRelatedEnvironmentIDs)
-	newRelatedSet := set.ToSet(newRelatedEnvironmentIDs)
+	oldRelatedEnvironmentsSet := set.ToSet(oldRelatedEnvironmentIDs)
+	newRelatedEnvironmentsSet := set.ToSet(newRelatedEnvironmentIDs)
 
-	endpointsToRemove := set.Set[portainer.EndpointID]{}
-	for endpointID := range oldRelatedSet {
-		if !newRelatedSet[endpointID] {
-			endpointsToRemove[endpointID] = true
-		}
+	relatedEnvironmentsToAdd := newRelatedEnvironmentsSet.Difference(oldRelatedEnvironmentsSet)
+	relatedEnvironmentsToRemove := oldRelatedEnvironmentsSet.Difference(newRelatedEnvironmentsSet)
+
+	if len(relatedEnvironmentsToRemove) > 0 {
+		tx.EndpointRelation().RemoveEndpointRelationsForEdgeStack(relatedEnvironmentsToRemove.Keys(), edgeStackID)
 	}
 
-	for endpointID := range endpointsToRemove {
-		relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
-		if err != nil {
-			return nil, nil, errors.WithMessage(err, "Unable to find environment relation in database")
-		}
-
-		delete(relation.EdgeStacks, edgeStackID)
-
-		if err := tx.EndpointRelation().UpdateEndpointRelation(endpointID, relation); err != nil {
-			return nil, nil, errors.WithMessage(err, "Unable to persist environment relation in database")
-		}
+	if len(relatedEnvironmentsToAdd) > 0 {
+		tx.EndpointRelation().AddEndpointRelationsForEdgeStack(relatedEnvironmentsToAdd.Keys(), edgeStackID)
 	}
 
-	endpointsToAdd := set.Set[portainer.EndpointID]{}
-	for endpointID := range newRelatedSet {
-		if !oldRelatedSet[endpointID] {
-			endpointsToAdd[endpointID] = true
-		}
-	}
-
-	for endpointID := range endpointsToAdd {
-		relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
-		if err != nil {
-			return nil, nil, errors.WithMessage(err, "Unable to find environment relation in database")
-		}
-
-		relation.EdgeStacks[edgeStackID] = true
-
-		if err := tx.EndpointRelation().UpdateEndpointRelation(endpointID, relation); err != nil {
-			return nil, nil, errors.WithMessage(err, "Unable to persist environment relation in database")
-		}
-	}
-
-	return newRelatedEnvironmentIDs, endpointsToAdd, nil
+	return newRelatedEnvironmentIDs, relatedEnvironmentsToAdd, nil
 }

api/http/handler/edgestacks/handler.go

@@ -22,21 +22,21 @@ type Handler struct {
 	GitService         portainer.GitService
 	edgeStacksService  *edgestackservice.Service
 	KubernetesDeployer portainer.KubernetesDeployer
+	stackCoordinator   *EdgeStackStatusUpdateCoordinator
 }
 
 // NewHandler creates a handler to manage environment(endpoint) group operations.
-func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStore, edgeStacksService *edgestackservice.Service) *Handler {
+func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStore, edgeStacksService *edgestackservice.Service, stackCoordinator *EdgeStackStatusUpdateCoordinator) *Handler {
 	h := &Handler{
 		Router:            mux.NewRouter(),
 		requestBouncer:    bouncer,
 		DataStore:         dataStore,
 		edgeStacksService: edgeStacksService,
+		stackCoordinator:  stackCoordinator,
 	}
 
 	h.Handle("/edge_stacks/create/{method}",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackCreate)))).Methods(http.MethodPost)
-	h.Handle("/edge_stacks",
-		bouncer.AdminAccess(bouncer.EdgeComputeOperation(middlewares.Deprecated(h, deprecatedEdgeStackCreateUrlParser)))).Methods(http.MethodPost) // Deprecated
 	h.Handle("/edge_stacks",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackList)))).Methods(http.MethodGet)
 	h.Handle("/edge_stacks/{id}",
@@ -53,15 +53,13 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 	edgeStackStatusRouter := h.NewRoute().Subrouter()
 	edgeStackStatusRouter.Use(middlewares.WithEndpoint(h.DataStore.Endpoint(), "endpoint_id"))
 
-	edgeStackStatusRouter.PathPrefix("/edge_stacks/{id}/status/{endpoint_id}").Handler(bouncer.PublicAccess(httperror.LoggerHandler(h.edgeStackStatusDelete))).Methods(http.MethodDelete)
-
 	return h
 }
 
-func (handler *Handler) handlerDBErr(err error, msg string) *httperror.HandlerError {
+func handlerDBErr(err error, msg string) *httperror.HandlerError {
 	httpErr := httperror.InternalServerError(msg, err)
 
-	if handler.DataStore.IsErrObjectNotFound(err) {
+	if dataservices.IsErrObjectNotFound(err) {
 		httpErr.StatusCode = http.StatusNotFound
 	}
 

api/http/handler/edgetemplates/edgetemplate_list.go

@@ -1,71 +0,0 @@
-package edgetemplates
-
-import (
-	"net/http"
-	"slices"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/client"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-
-	"github.com/segmentio/encoding/json"
-)
-
-type templateFileFormat struct {
-	Version   string               `json:"version"`
-	Templates []portainer.Template `json:"templates"`
-}
-
-// @id EdgeTemplateList
-// @deprecated
-// @summary Fetches the list of Edge Templates
-// @description **Access policy**: administrator
-// @tags edge_templates
-// @security ApiKeyAuth
-// @security jwt
-// @accept json
-// @produce json
-// @success 200 {array} portainer.Template
-// @failure 500
-// @router /edge_templates [get]
-func (handler *Handler) edgeTemplateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	settings, err := handler.DataStore.Settings().Settings()
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
-	}
-
-	url := portainer.DefaultTemplatesURL
-	if settings.TemplatesURL != "" {
-		url = settings.TemplatesURL
-	}
-
-	var templateData []byte
-	templateData, err = client.Get(url, 10)
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve external templates", err)
-	}
-
-	var templateFile templateFileFormat
-
-	err = json.Unmarshal(templateData, &templateFile)
-	if err != nil {
-		return httperror.InternalServerError("Unable to parse template file", err)
-	}
-
-	// We only support version 3 of the template format
-	// this is only a temporary fix until we have custom edge templates
-	if templateFile.Version != "3" {
-		return httperror.InternalServerError("Unsupported template version", nil)
-	}
-
-	filteredTemplates := make([]portainer.Template, 0)
-
-	for _, template := range templateFile.Templates {
-		if slices.Contains(template.Categories, "edge") && slices.Contains([]portainer.TemplateType{portainer.ComposeStackTemplate, portainer.SwarmStackTemplate}, template.Type) {
-			filteredTemplates = append(filteredTemplates, template)
-		}
-	}
-
-	return response.JSON(w, filteredTemplates)
-}

api/http/handler/edgetemplates/handler.go

@@ -1,32 +0,0 @@
-package edgetemplates
-
-import (
-	"net/http"
-
-	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/http/middlewares"
-	"github.com/portainer/portainer/api/http/security"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-
-	"github.com/gorilla/mux"
-)
-
-// Handler is the HTTP handler used to handle edge environment(endpoint) operations.
-type Handler struct {
-	*mux.Router
-	requestBouncer security.BouncerService
-	DataStore      dataservices.DataStore
-}
-
-// NewHandler creates a handler to manage environment(endpoint) operations.
-func NewHandler(bouncer security.BouncerService) *Handler {
-	h := &Handler{
-		Router:         mux.NewRouter(),
-		requestBouncer: bouncer,
-	}
-
-	h.Handle("/edge_templates",
-		bouncer.AdminAccess(middlewares.Deprecated(httperror.LoggerHandler(h.edgeTemplateList), func(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) { return "", nil }))).Methods(http.MethodGet)
-
-	return h
-}

api/http/handler/endpointedge/endpointedge_stack_inspect.go

@@ -1,8 +1,10 @@
 package endpointedge
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
+	"strconv"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/edge"
@@ -13,8 +15,12 @@ import (
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
+
+	"golang.org/x/sync/singleflight"
 )
 
+var edgeStackSingleFlightGroup = singleflight.Group{}
+
 // @summary Inspect an Edge Stack for an Environment(Endpoint)
 // @description **Access policy**: public
 // @tags edge, endpoints, edge_stacks
@@ -42,13 +48,26 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		return httperror.BadRequest("Invalid edge stack identifier route variable", fmt.Errorf("invalid Edge stack route variable: %w. Environment name: %s", err, endpoint.Name))
 	}
 
-	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
-	if handler.DataStore.IsErrObjectNotFound(err) {
-		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
-	} else if err != nil {
-		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+	s, err, _ := edgeStackSingleFlightGroup.Do(strconv.Itoa(edgeStackID), func() (any, error) {
+		edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
+		if handler.DataStore.IsErrObjectNotFound(err) {
+			return nil, httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+		}
+
+		return edgeStack, err
+	})
+	if err != nil {
+		var httpErr *httperror.HandlerError
+		if errors.As(err, &httpErr) {
+			return httpErr
+		}
+
+		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find Edge stack from the database: %w. Environment name: %s", err, endpoint.Name))
 	}
 
+	// WARNING: this variable must not be mutated
+	edgeStack := s.(*portainer.EdgeStack)
+
 	fileName := edgeStack.EntryPoint
 	if endpointutils.IsDockerEndpoint(endpoint) {
 		if fileName == "" {

api/http/handler/endpointedge/endpointedge_status_inspect.go

@@ -264,6 +264,9 @@ func (handler *Handler) buildSchedules(tx dataservices.DataStoreTx, endpointID p
 func (handler *Handler) buildEdgeStacks(tx dataservices.DataStoreTx, endpointID portainer.EndpointID) ([]stackStatusResponse, *httperror.HandlerError) {
 	relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
 	if err != nil {
+		if tx.IsErrObjectNotFound(err) {
+			return nil, nil
+		}
 		return nil, httperror.InternalServerError("Unable to retrieve relation object from the database", err)
 	}
 

api/http/handler/endpointgroups/endpoints.go

@@ -21,10 +21,17 @@ func (handler *Handler) updateEndpointRelations(tx dataservices.DataStoreTx, end
 	}
 
 	endpointRelation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil {
+	if err != nil && !tx.IsErrObjectNotFound(err) {
 		return err
 	}
 
+	if endpointRelation == nil {
+		endpointRelation = &portainer.EndpointRelation{
+			EndpointID: endpoint.ID,
+			EdgeStacks: make(map[portainer.EdgeStackID]bool),
+		}
+	}
+
 	edgeGroups, err := tx.EdgeGroup().ReadAll()
 	if err != nil {
 		return err
@@ -32,6 +39,9 @@ func (handler *Handler) updateEndpointRelations(tx dataservices.DataStoreTx, end
 
 	edgeStacks, err := tx.EdgeStack().EdgeStacks()
 	if err != nil {
+		if tx.IsErrObjectNotFound(err) {
+			return nil
+		}
 		return err
 	}
 

api/http/handler/endpoints/endpoint_delete.go

@@ -91,7 +91,7 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 // @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
 // @failure 403 "Unauthorized access or operation not allowed."
 // @failure 500 "Server error occurred while attempting to delete the specified environments."
-// @router /endpoints [delete]
+// @router /endpoints/delete [post]
 func (handler *Handler) endpointDeleteBatch(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	var p endpointDeleteBatchPayload
 	if err := request.DecodeAndValidateJSONPayload(r, &p); err != nil {
@@ -127,6 +127,27 @@ func (handler *Handler) endpointDeleteBatch(w http.ResponseWriter, r *http.Reque
 	return response.Empty(w)
 }
 
+// @id EndpointDeleteBatchDeprecated
+// @summary Remove multiple environments
+// @deprecated
+// @description Deprecated: use the `POST` endpoint instead.
+// @description Remove multiple environments and optionally clean-up associated resources.
+// @description **Access policy**: Administrator only.
+// @tags endpoints
+// @security ApiKeyAuth || jwt
+// @accept json
+// @produce json
+// @param body body endpointDeleteBatchPayload true "List of environments to delete, with optional deleteCluster flag to clean-up associated resources (cloud environments only)"
+// @success 204 "Environment(s) successfully deleted."
+// @failure 207 {object} endpointDeleteBatchPartialResponse "Partial success. Some environments were deleted successfully, while others failed."
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 403 "Unauthorized access or operation not allowed."
+// @failure 500 "Server error occurred while attempting to delete the specified environments."
+// @router /endpoints [delete]
+func (handler *Handler) endpointDeleteBatchDeprecated(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	return handler.endpointDeleteBatch(w, r)
+}
+
 func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID portainer.EndpointID, deleteCluster bool) error {
 	endpoint, err := tx.Endpoint().Endpoint(endpointID)
 	if tx.IsErrObjectNotFound(err) {

api/http/handler/endpoints/handler.go

@@ -68,8 +68,8 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointUpdate))).Methods(http.MethodPut)
 	h.Handle("/endpoints/{id}",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDelete))).Methods(http.MethodDelete)
-	h.Handle("/endpoints",
-		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatch))).Methods(http.MethodDelete)
+	h.Handle("/endpoints/delete",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatch))).Methods(http.MethodPost)
 	h.Handle("/endpoints/{id}/dockerhub/{registryId}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.endpointDockerhubStatus))).Methods(http.MethodGet)
 	h.Handle("/endpoints/{id}/snapshot",
@@ -85,6 +85,7 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	// DEPRECATED
 	h.Handle("/endpoints/{id}/status", bouncer.PublicAccess(httperror.LoggerHandler(h.endpointStatusInspect))).Methods(http.MethodGet)
+	h.Handle("/endpoints", bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatchDeprecated))).Methods(http.MethodDelete)
 
 	return h
 }

api/http/handler/endpoints/update_edge_relations.go

@@ -23,6 +23,7 @@ func (handler *Handler) updateEdgeRelations(tx dataservices.DataStoreTx, endpoin
 
 		relation = &portainer.EndpointRelation{
 			EndpointID: endpoint.ID,
+			EdgeStacks: map[portainer.EdgeStackID]bool{},
 		}
 		if err := tx.EndpointRelation().Create(relation); err != nil {
 			return errors.WithMessage(err, "Unable to create environment relation inside the database")

api/http/handler/handler.go

@@ -11,7 +11,6 @@ import (
 	"github.com/portainer/portainer/api/http/handler/edgegroups"
 	"github.com/portainer/portainer/api/http/handler/edgejobs"
 	"github.com/portainer/portainer/api/http/handler/edgestacks"
-	"github.com/portainer/portainer/api/http/handler/edgetemplates"
 	"github.com/portainer/portainer/api/http/handler/endpointedge"
 	"github.com/portainer/portainer/api/http/handler/endpointgroups"
 	"github.com/portainer/portainer/api/http/handler/endpointproxy"
@@ -50,7 +49,6 @@ type Handler struct {
 	EdgeGroupsHandler      *edgegroups.Handler
 	EdgeJobsHandler        *edgejobs.Handler
 	EdgeStacksHandler      *edgestacks.Handler
-	EdgeTemplatesHandler   *edgetemplates.Handler
 	EndpointEdgeHandler    *endpointedge.Handler
 	EndpointGroupHandler   *endpointgroups.Handler
 	EndpointHandler        *endpoints.Handler
@@ -83,7 +81,7 @@ type Handler struct {
 }
 
 // @title PortainerCE API
-// @version 2.25.0
+// @version 2.27.1
 // @description.markdown api-description.md
 // @termsOfService
 
@@ -190,8 +188,6 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.EdgeGroupsHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/edge_jobs"):
 		http.StripPrefix("/api", h.EdgeJobsHandler).ServeHTTP(w, r)
-	case strings.HasPrefix(r.URL.Path, "/api/edge_templates"):
-		http.StripPrefix("/api", h.EdgeTemplatesHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/endpoint_groups"):
 		http.StripPrefix("/api", h.EndpointGroupHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/kubernetes"):

api/http/handler/helm/handler.go

@@ -53,12 +53,6 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 	h.Handle("/{id}/kubernetes/helm",
 		httperror.LoggerHandler(h.helmInstall)).Methods(http.MethodPost)
 
-	// Deprecated
-	h.Handle("/{id}/kubernetes/helm/repositories",
-		httperror.LoggerHandler(h.userGetHelmRepos)).Methods(http.MethodGet)
-	h.Handle("/{id}/kubernetes/helm/repositories",
-		httperror.LoggerHandler(h.userCreateHelmRepo)).Methods(http.MethodPost)
-
 	return h
 }
 

api/http/handler/helm/helm_install_test.go

@@ -45,7 +45,7 @@ func Test_helmInstall(t *testing.T) {
 	is.NotNil(h, "Handler should not fail")
 
 	// Install a single chart.  We expect to get these values back
-	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default", Repo: "https://charts.bitnami.com/bitnami"}
+	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default", Repo: "https://kubernetes.github.io/ingress-nginx"}
 	optdata, err := json.Marshal(options)
 	is.NoError(err)
 

api/http/handler/helm/helm_repo_search_test.go

@@ -20,7 +20,7 @@ func Test_helmRepoSearch(t *testing.T) {
 
 	assert.NotNil(t, h, "Handler should not fail")
 
-	repos := []string{"https://charts.bitnami.com/bitnami", "https://portainer.github.io/k8s"}
+	repos := []string{"https://kubernetes.github.io/ingress-nginx", "https://portainer.github.io/k8s"}
 
 	for _, repo := range repos {
 		t.Run(repo, func(t *testing.T) {

api/http/handler/helm/helm_show_test.go

@@ -31,7 +31,7 @@ func Test_helmShow(t *testing.T) {
 		t.Run(cmd, func(t *testing.T) {
 			is.NotNil(h, "Handler should not fail")
 
-			repoUrlEncoded := url.QueryEscape("https://charts.bitnami.com/bitnami")
+			repoUrlEncoded := url.QueryEscape("https://kubernetes.github.io/ingress-nginx")
 			chart := "nginx"
 			req := httptest.NewRequest("GET", fmt.Sprintf("/templates/helm/%s?repo=%s&chart=%s", cmd, repoUrlEncoded, chart), nil)
 			rr := httptest.NewRecorder()

api/http/handler/helm/user_helm_repos.go

@@ -1,127 +0,0 @@
-package helm
-
-import (
-	"net/http"
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/pkg/libhelm"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-
-	"github.com/pkg/errors"
-)
-
-type helmUserRepositoryResponse struct {
-	GlobalRepository string                         `json:"GlobalRepository"`
-	UserRepositories []portainer.HelmUserRepository `json:"UserRepositories"`
-}
-
-type addHelmRepoUrlPayload struct {
-	URL string `json:"url"`
-}
-
-func (p *addHelmRepoUrlPayload) Validate(_ *http.Request) error {
-	return libhelm.ValidateHelmRepositoryURL(p.URL, nil)
-}
-
-// @id HelmUserRepositoryCreateDeprecated
-// @summary Create a user helm repository
-// @description Create a user helm repository.
-// @description **Access policy**: authenticated
-// @tags helm
-// @security ApiKeyAuth
-// @security jwt
-// @accept json
-// @produce json
-// @param id path int true "Environment(Endpoint) identifier"
-// @param payload body addHelmRepoUrlPayload true "Helm Repository"
-// @success 200 {object} portainer.HelmUserRepository "Success"
-// @failure 400 "Invalid request"
-// @failure 403 "Permission denied"
-// @failure 500 "Server error"
-// @deprecated
-// @router /endpoints/{id}/kubernetes/helm/repositories [post]
-func (handler *Handler) userCreateHelmRepo(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	tokenData, err := security.RetrieveTokenData(r)
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve user authentication token", err)
-	}
-	userID := tokenData.ID
-
-	p := new(addHelmRepoUrlPayload)
-	err = request.DecodeAndValidateJSONPayload(r, p)
-	if err != nil {
-		return httperror.BadRequest("Invalid Helm repository URL", err)
-	}
-
-	// lowercase, remove trailing slash
-	p.URL = strings.TrimSuffix(strings.ToLower(p.URL), "/")
-
-	records, err := handler.dataStore.HelmUserRepository().HelmUserRepositoryByUserID(userID)
-	if err != nil {
-		return httperror.InternalServerError("Unable to access the DataStore", err)
-	}
-
-	// check if repo already exists - by doing case insensitive comparison
-	for _, record := range records {
-		if strings.EqualFold(record.URL, p.URL) {
-			errMsg := "Helm repo already registered for user"
-			return httperror.BadRequest(errMsg, errors.New(errMsg))
-		}
-	}
-
-	record := portainer.HelmUserRepository{
-		UserID: userID,
-		URL:    p.URL,
-	}
-
-	err = handler.dataStore.HelmUserRepository().Create(&record)
-	if err != nil {
-		return httperror.InternalServerError("Unable to save a user Helm repository URL", err)
-	}
-
-	return response.JSON(w, record)
-}
-
-// @id HelmUserRepositoriesListDeprecated
-// @summary List a users helm repositories
-// @description Inspect a user helm repositories.
-// @description **Access policy**: authenticated
-// @tags helm
-// @security ApiKeyAuth
-// @security jwt
-// @produce json
-// @param id path int true "User identifier"
-// @success 200 {object} helmUserRepositoryResponse "Success"
-// @failure 400 "Invalid request"
-// @failure 403 "Permission denied"
-// @failure 500 "Server error"
-// @deprecated
-// @router /endpoints/{id}/kubernetes/helm/repositories [get]
-func (handler *Handler) userGetHelmRepos(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	tokenData, err := security.RetrieveTokenData(r)
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve user authentication token", err)
-	}
-	userID := tokenData.ID
-
-	settings, err := handler.dataStore.Settings().Settings()
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
-	}
-
-	userRepos, err := handler.dataStore.HelmUserRepository().HelmUserRepositoryByUserID(userID)
-	if err != nil {
-		return httperror.InternalServerError("Unable to get user Helm repositories", err)
-	}
-
-	resp := helmUserRepositoryResponse{
-		GlobalRepository: settings.HelmRepositoryURL,
-		UserRepositories: userRepos,
-	}
-
-	return response.JSON(w, resp)
-}

api/http/handler/kubernetes/cron_job.go

@@ -0,0 +1,78 @@
+package kubernetes
+
+import (
+	"net/http"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
+)
+
+// @id GetKubernetesCronJobs
+// @summary Get a list of kubernetes Cron Jobs
+// @description Get a list of kubernetes Cron Jobs that the user has access to.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @produce json
+// @param id path int true "Environment identifier"
+// @success 200 {array} models.K8sCronJob "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier."
+// @failure 500 "Server error occurred while attempting to retrieve the list of Cron Jobs."
+// @router /kubernetes/{id}/cron_jobs [get]
+func (handler *Handler) getAllKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	cli, httpErr := handler.prepareKubeClient(r)
+	if httpErr != nil {
+		log.Error().Err(httpErr).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to prepare kube client")
+		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
+	}
+
+	cronJobs, err := cli.GetCronJobs("")
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to fetch Cron Jobs across all namespaces")
+		return httperror.InternalServerError("unable to fetch Cron Jobs. Error: ", err)
+	}
+
+	return response.JSON(w, cronJobs)
+}
+
+// @id DeleteCronJobs
+// @summary Delete Cron Jobs
+// @description Delete the provided list of Cron Jobs.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @accept json
+// @param id path int true "Environment identifier"
+// @param payload body models.K8sCronJobDeleteRequests true "A map where the key is the namespace and the value is an array of Cron Jobs to delete"
+// @success 204 "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
+// @failure 500 "Server error occurred while attempting to delete Cron Jobs."
+// @router /kubernetes/{id}/cron_jobs/delete [POST]
+func (handler *Handler) deleteKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload models.K8sCronJobDeleteRequests
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
+	}
+
+	cli, handlerErr := handler.getProxyKubeClient(r)
+	if handlerErr != nil {
+		return handlerErr
+	}
+
+	err = cli.DeleteCronJobs(payload)
+	if err != nil {
+		return httperror.InternalServerError("Unable to delete Cron Jobs", err)
+	}
+
+	return response.Empty(w)
+}

api/http/handler/kubernetes/handler.go

@@ -55,6 +55,10 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	endpointRouter.Handle("/applications/count", httperror.LoggerHandler(h.getAllKubernetesApplicationsCount)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps", httperror.LoggerHandler(h.GetAllKubernetesConfigMaps)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps/count", httperror.LoggerHandler(h.getAllKubernetesConfigMapsCount)).Methods(http.MethodGet)
+	endpointRouter.Handle("/cron_jobs", httperror.LoggerHandler(h.getAllKubernetesCronJobs)).Methods(http.MethodGet)
+	endpointRouter.Handle("/cron_jobs/delete", httperror.LoggerHandler(h.deleteKubernetesCronJobs)).Methods(http.MethodPost)
+	endpointRouter.Handle("/jobs", httperror.LoggerHandler(h.getAllKubernetesJobs)).Methods(http.MethodGet)
+	endpointRouter.Handle("/jobs/delete", httperror.LoggerHandler(h.deleteKubernetesJobs)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_roles", httperror.LoggerHandler(h.getAllKubernetesClusterRoles)).Methods(http.MethodGet)
 	endpointRouter.Handle("/cluster_roles/delete", httperror.LoggerHandler(h.deleteClusterRoles)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_role_bindings", httperror.LoggerHandler(h.getAllKubernetesClusterRoleBindings)).Methods(http.MethodGet)

api/http/handler/kubernetes/job.go

@@ -0,0 +1,85 @@
+package kubernetes
+
+import (
+	"net/http"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
+)
+
+// @id GetKubernetesJobs
+// @summary Get a list of kubernetes Jobs
+// @description Get a list of kubernetes Jobs that the user has access to.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @produce json
+// @param id path int true "Environment identifier"
+// @param includeCronJobChildren query bool false "Whether to include Jobs that have a cronjob owner"
+// @success 200 {array} models.K8sJob "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier."
+// @failure 500 "Server error occurred while attempting to retrieve the list of Jobs."
+// @router /kubernetes/{id}/jobs [get]
+func (handler *Handler) getAllKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	includeCronJobChildren, err := request.RetrieveBooleanQueryParameter(r, "includeCronJobChildren", true)
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Invalid query parameter includeCronJobChildren")
+		return httperror.BadRequest("an error occurred during the GetAllKubernetesJobs operation, invalid query parameter includeCronJobChildren. Error: ", err)
+	}
+
+	cli, httpErr := handler.prepareKubeClient(r)
+	if httpErr != nil {
+		log.Error().Err(httpErr).Str("context", "GetAllKubernetesJobs").Msg("Unable to prepare kube client")
+		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
+	}
+
+	jobs, err := cli.GetJobs("", includeCronJobChildren)
+	if err != nil {
+		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Unable to fetch Jobs across all namespaces")
+		return httperror.InternalServerError("unable to fetch Jobs. Error: ", err)
+	}
+
+	return response.JSON(w, jobs)
+}
+
+// @id DeleteJobs
+// @summary Delete Jobs
+// @description Delete the provided list of Jobs.
+// @description **Access policy**: Authenticated user.
+// @tags kubernetes
+// @security ApiKeyAuth || jwt
+// @accept json
+// @param id path int true "Environment identifier"
+// @param payload body models.K8sJobDeleteRequests true "A map where the key is the namespace and the value is an array of Jobs to delete"
+// @success 204 "Success"
+// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
+// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
+// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
+// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
+// @failure 500 "Server error occurred while attempting to delete Jobs."
+// @router /kubernetes/{id}/jobs/delete [POST]
+func (handler *Handler) deleteKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload models.K8sJobDeleteRequests
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
+	}
+
+	cli, handlerErr := handler.getProxyKubeClient(r)
+	if handlerErr != nil {
+		return handlerErr
+	}
+
+	err = cli.DeleteJobs(payload)
+	if err != nil {
+		return httperror.InternalServerError("Unable to delete Jobs", err)
+	}
+
+	return response.Empty(w)
+}

api/http/handler/registries/registry_list.go

@@ -36,5 +36,9 @@ func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *ht
 		return httperror.InternalServerError("Unable to retrieve registries from the database", err)
 	}
 
+	for idx := range registries {
+		hideFields(&registries[idx], false)
+	}
+
 	return response.JSON(w, registries)
 }

api/http/handler/settings/settings_update.go

@@ -46,7 +46,7 @@ type settingsUpdatePayload struct {
 	// Whether telemetry is enabled
 	EnableTelemetry *bool `example:"false"`
 	// Helm repository URL
-	HelmRepositoryURL *string `example:"https://charts.bitnami.com/bitnami"`
+	HelmRepositoryURL *string `example:"https://kubernetes.github.io/ingress-nginx"`
 	// Kubectl Shell Image
 	KubectlShellImage *string `example:"portainer/kubectl-shell:latest"`
 	// TrustOnFirstConnect makes Portainer accepting edge agent connection by default

api/http/handler/stacks/handler.go

@@ -11,7 +11,6 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
 	"github.com/portainer/portainer/api/docker/consts"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/internal/endpointutils"
@@ -62,8 +61,6 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	h.Handle("/stacks/create/{type}/{method}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackCreate))).Methods(http.MethodPost)
-	h.Handle("/stacks",
-		bouncer.AuthenticatedAccess(middlewares.Deprecated(h, deprecatedStackCreateUrlParser))).Methods(http.MethodPost) // Deprecated
 	h.Handle("/stacks",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackList))).Methods(http.MethodGet)
 	h.Handle("/stacks/{id}",

api/http/handler/stacks/stack_create.go

@@ -1,7 +1,6 @@
 package stacks
 
 import (
-	"fmt"
 	"net/http"
 
 	portainer "github.com/portainer/portainer/api"
@@ -141,53 +140,3 @@ func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *port
 
 	return response.JSON(w, stack)
 }
-
-func getStackTypeFromQueryParameter(r *http.Request) (string, error) {
-	stackType, err := request.RetrieveNumericQueryParameter(r, "type", false)
-	if err != nil {
-		return "", err
-	}
-
-	switch stackType {
-	case 1:
-		return "swarm", nil
-	case 2:
-		return "standalone", nil
-	case 3:
-		return "kubernetes", nil
-	}
-
-	return "", errors.New(request.ErrInvalidQueryParameter)
-}
-
-// @id StackCreate
-// @summary Deploy a new stack
-// @description Deploy a new stack into a Docker environment(endpoint) specified via the environment(endpoint) identifier.
-// @description **Access policy**: authenticated
-// @tags stacks
-// @security ApiKeyAuth
-// @security jwt
-// @accept json,multipart/form-data
-// @produce json
-// @param type query int true "Stack deployment type. Possible values: 1 (Swarm stack), 2 (Compose stack) or 3 (Kubernetes stack)." Enums(1,2,3)
-// @param method query string true "Stack deployment method. Possible values: file, string, repository or url." Enums(string, file, repository, url)
-// @param endpointId query int true "Identifier of the environment(endpoint) that will be used to deploy the stack"
-// @param body body object true "for body documentation see the relevant /stacks/create/{type}/{method} endpoint"
-// @success 200 {object} portainer.Stack
-// @failure 400 "Invalid request"
-// @failure 500 "Server error"
-// @deprecated
-// @router /stacks [post]
-func deprecatedStackCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
-	method, err := request.RetrieveQueryParameter(r, "method", false)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
-	}
-
-	stackType, err := getStackTypeFromQueryParameter(r)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: type", err)
-	}
-
-	return fmt.Sprintf("/stacks/create/%s/%s", stackType, method), nil
-}

api/http/handler/system/handler.go

@@ -59,10 +59,6 @@ func NewHandler(bouncer security.BouncerService,
 	// Deprecated /status endpoint, will be removed in the future.
 	h.Handle("/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.statusInspectDeprecated))).Methods(http.MethodGet)
-	h.Handle("/status/version",
-		bouncer.AuthenticatedAccess(http.HandlerFunc(h.versionDeprecated))).Methods(http.MethodGet)
-	h.Handle("/status/nodes",
-		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.statusNodesCountDeprecated))).Methods(http.MethodGet)
 
 	return h
 }

api/http/handler/system/nodes_count.go

@@ -3,12 +3,11 @@ package system
 import (
 	"net/http"
 
+	portainer "github.com/portainer/portainer/api"
 	statusutil "github.com/portainer/portainer/api/internal/nodes"
 	"github.com/portainer/portainer/api/internal/snapshot"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
-
-	"github.com/rs/zerolog/log"
 )
 
 type nodesCountResponse struct {
@@ -31,32 +30,15 @@ func (handler *Handler) systemNodesCount(w http.ResponseWriter, r *http.Request)
 		return httperror.InternalServerError("Failed to get environment list", err)
 	}
 
-	for i := range endpoints {
-		err = snapshot.FillSnapshotData(handler.dataStore, &endpoints[i])
-		if err != nil {
+	var nodes int
+
+	for _, endpoint := range endpoints {
+		if err := snapshot.FillSnapshotData(handler.dataStore, &endpoint); err != nil {
 			return httperror.InternalServerError("Unable to add snapshot data", err)
 		}
-	}
 
-	nodes := statusutil.NodesCount(endpoints)
+		nodes += statusutil.NodesCount([]portainer.Endpoint{endpoint})
+	}
 
 	return response.JSON(w, &nodesCountResponse{Nodes: nodes})
 }
-
-// @id statusNodesCount
-// @summary Retrieve the count of nodes
-// @deprecated
-// @description Deprecated: use the `/system/nodes` endpoint instead.
-// @description **Access policy**: authenticated
-// @security ApiKeyAuth
-// @security jwt
-// @tags status
-// @produce json
-// @success 200 {object} nodesCountResponse "Success"
-// @failure 500 "Server error"
-// @router /status/nodes [get]
-func (handler *Handler) statusNodesCountDeprecated(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	log.Warn().Msg("The /status/nodes endpoint is deprecated, please use the /system/nodes endpoint instead")
-
-	return handler.systemNodesCount(w, r)
-}

api/http/handler/system/system_info.go

@@ -3,6 +3,7 @@ package system
 import (
 	"net/http"
 
+	"github.com/pkg/errors"
 	"github.com/portainer/portainer/api/internal/endpointutils"
 	plf "github.com/portainer/portainer/api/platform"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
@@ -46,7 +47,12 @@ func (handler *Handler) systemInfo(w http.ResponseWriter, r *http.Request) *http
 
 	platform, err := handler.platformService.GetPlatform()
 	if err != nil {
-		return httperror.InternalServerError("Failed to get platform", err)
+		if !errors.Is(err, plf.ErrNoLocalEnvironment) {
+			return httperror.InternalServerError("Failed to get platform", err)
+		}
+		// If no local environment is detected, we assume the platform is Docker
+		// UI will stop showing the upgrade banner
+		platform = plf.PlatformDocker
 	}
 
 	return response.JSON(w, &systemInfoResponse{

api/http/handler/system/system_upgrade.go

@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"regexp"
 
+	ceplf "github.com/portainer/portainer/api/platform"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -45,6 +46,9 @@ func (handler *Handler) systemUpgrade(w http.ResponseWriter, r *http.Request) *h
 
 	environment, err := handler.platformService.GetLocalEnvironment()
 	if err != nil {
+		if errors.Is(err, ceplf.ErrNoLocalEnvironment) {
+			return httperror.NotFound("The system upgrade feature is disabled because no local environment was detected.", err)
+		}
 		return httperror.InternalServerError("Failed to get local environment", err)
 	}
 
@@ -53,8 +57,7 @@ func (handler *Handler) systemUpgrade(w http.ResponseWriter, r *http.Request) *h
 		return httperror.InternalServerError("Failed to get platform", err)
 	}
 
-	err = handler.upgradeService.Upgrade(platform, environment, payload.License)
-	if err != nil {
+	if err := handler.upgradeService.Upgrade(platform, environment, payload.License); err != nil {
 		return httperror.InternalServerError("Failed to upgrade Portainer", err)
 	}
 

api/http/handler/system/version.go

@@ -106,21 +106,3 @@ func HasNewerVersion(currentVersion, latestVersion string) bool {
 
 	return currentVersionSemver.LessThan(*latestVersionSemver)
 }
-
-// @id Version
-// @summary Check for portainer updates
-// @deprecated
-// @description Deprecated: use the `/system/version` endpoint instead.
-// @description Check if portainer has an update available
-// @description **Access policy**: authenticated
-// @security ApiKeyAuth
-// @security jwt
-// @tags status
-// @produce json
-// @success 200 {object} versionResponse "Success"
-// @router /status/version [get]
-func (handler *Handler) versionDeprecated(w http.ResponseWriter, r *http.Request) {
-	log.Warn().Msg("The /status/version endpoint is deprecated, please use the /system/version endpoint instead")
-
-	handler.version(w, r)
-}

api/http/handler/tags/tag_delete.go

@@ -133,10 +133,17 @@ func deleteTag(tx dataservices.DataStoreTx, tagID portainer.TagID) error {
 
 func updateEndpointRelations(tx dataservices.DataStoreTx, endpoint portainer.Endpoint, edgeGroups []portainer.EdgeGroup, edgeStacks []portainer.EdgeStack) error {
 	endpointRelation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil {
+	if err != nil && !tx.IsErrObjectNotFound(err) {
 		return err
 	}
 
+	if endpointRelation == nil {
+		endpointRelation = &portainer.EndpointRelation{
+			EndpointID: endpoint.ID,
+			EdgeStacks: make(map[portainer.EdgeStackID]bool),
+		}
+	}
+
 	endpointGroup, err := tx.EndpointGroup().Read(endpoint.GroupID)
 	if err != nil {
 		return err
@@ -147,6 +154,7 @@ func updateEndpointRelations(tx dataservices.DataStoreTx, endpoint portainer.End
 	for _, edgeStackID := range endpointStacks {
 		stacksSet[edgeStackID] = true
 	}
+
 	endpointRelation.EdgeStacks = stacksSet
 
 	return tx.EndpointRelation().UpdateEndpointRelation(endpoint.ID, endpointRelation)

api/http/handler/templates/handler.go

@@ -29,7 +29,5 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateList))).Methods(http.MethodGet)
 	h.Handle("/templates/{id}/file",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateFile))).Methods(http.MethodPost)
-	h.Handle("/templates/file",
-		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateFileOld))).Methods(http.MethodPost)
 	return h
 }

api/http/handler/templates/template_file_old.go

@@ -1,93 +0,0 @@
-package templates
-
-import (
-	"errors"
-	"net/http"
-
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-	"github.com/rs/zerolog/log"
-)
-
-type filePayload struct {
-	// URL of a git repository where the file is stored
-	RepositoryURL string `example:"https://github.com/portainer/portainer-compose" validate:"required"`
-	// Path to the file inside the git repository
-	ComposeFilePathInRepository string `example:"./subfolder/docker-compose.yml" validate:"required"`
-}
-
-func (payload *filePayload) Validate(r *http.Request) error {
-	if len(payload.RepositoryURL) == 0 {
-		return errors.New("Invalid repository url")
-	}
-
-	if len(payload.ComposeFilePathInRepository) == 0 {
-		return errors.New("Invalid file path")
-	}
-
-	return nil
-}
-
-func (handler *Handler) ifRequestedTemplateExists(payload *filePayload) *httperror.HandlerError {
-	response, httpErr := handler.fetchTemplates()
-	if httpErr != nil {
-		return httpErr
-	}
-
-	for _, t := range response.Templates {
-		if t.Repository.URL == payload.RepositoryURL && t.Repository.StackFile == payload.ComposeFilePathInRepository {
-			return nil
-		}
-	}
-	return httperror.InternalServerError("Invalid template", errors.New("requested template does not exist"))
-}
-
-// @id TemplateFileOld
-// @summary Get a template's file
-// @deprecated
-// @description Get a template's file
-// @description **Access policy**: authenticated
-// @tags templates
-// @security ApiKeyAuth
-// @security jwt
-// @accept json
-// @produce json
-// @param body body filePayload true "File details"
-// @success 200 {object} fileResponse "Success"
-// @failure 400 "Invalid request"
-// @failure 500 "Server error"
-// @router /templates/file [post]
-func (handler *Handler) templateFileOld(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	log.Warn().Msg("This api is deprecated. Please use /templates/{id}/file instead")
-
-	var payload filePayload
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return httperror.BadRequest("Invalid request payload", err)
-	}
-
-	if err := handler.ifRequestedTemplateExists(&payload); err != nil {
-		return err
-	}
-
-	projectPath, err := handler.FileService.GetTemporaryPath()
-	if err != nil {
-		return httperror.InternalServerError("Unable to create temporary folder", err)
-	}
-
-	defer handler.cleanUp(projectPath)
-
-	err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, "", "", "", false)
-	if err != nil {
-		return httperror.InternalServerError("Unable to clone git repository", err)
-	}
-
-	fileContent, err := handler.FileService.GetFileContent(projectPath, payload.ComposeFilePathInRepository)
-	if err != nil {
-		return httperror.InternalServerError("Failed loading file content", err)
-	}
-
-	return response.JSON(w, fileResponse{FileContent: string(fileContent)})
-
-}

api/http/models/kubernetes/cron_jobs.go

@@ -0,0 +1,36 @@
+package kubernetes
+
+import (
+	"errors"
+	"net/http"
+)
+
+type K8sCronJob struct {
+	Id        string   `json:"Id"`
+	Name      string   `json:"Name"`
+	Namespace string   `json:"Namespace"`
+	Command   string   `json:"Command"`
+	Schedule  string   `json:"Schedule"`
+	Timezone  string   `json:"Timezone"`
+	Suspend   bool     `json:"Suspend"`
+	Jobs      []K8sJob `json:"Jobs"`
+	IsSystem  bool     `json:"IsSystem"`
+}
+
+type (
+	K8sCronJobDeleteRequests map[string][]string
+)
+
+func (r K8sCronJobDeleteRequests) Validate(request *http.Request) error {
+	if len(r) == 0 {
+		return errors.New("missing deletion request list in payload")
+	}
+
+	for ns := range r {
+		if len(ns) == 0 {
+			return errors.New("deletion given with empty namespace")
+		}
+	}
+
+	return nil
+}

api/http/models/kubernetes/jobs.go

@@ -0,0 +1,44 @@
+package kubernetes
+
+import (
+	"errors"
+	"net/http"
+
+	corev1 "k8s.io/api/core/v1"
+)
+
+// K8sJob struct
+type K8sJob struct {
+	ID           string           `json:"Id"`
+	Namespace    string           `json:"Namespace"`
+	Name         string           `json:"Name"`
+	PodName      string           `json:"PodName"`
+	Container    corev1.Container `json:"Container,omitempty"`
+	Command      string           `json:"Command,omitempty"`
+	BackoffLimit int32            `json:"BackoffLimit,omitempty"`
+	Completions  int32            `json:"Completions,omitempty"`
+	StartTime    string           `json:"StartTime"`
+	FinishTime   string           `json:"FinishTime"`
+	Duration     string           `json:"Duration"`
+	Status       string           `json:"Status"`
+	FailedReason string           `json:"FailedReason"`
+	IsSystem     bool             `json:"IsSystem"`
+}
+
+type (
+	K8sJobDeleteRequests map[string][]string
+)
+
+func (r K8sJobDeleteRequests) Validate(request *http.Request) error {
+	if len(r) == 0 {
+		return errors.New("missing deletion request list in payload")
+	}
+
+	for ns := range r {
+		if len(ns) == 0 {
+			return errors.New("deletion given with empty namespace")
+		}
+	}
+
+	return nil
+}

api/http/proxy/factory/docker/transport.go

@@ -11,6 +11,7 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"sync"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
@@ -37,6 +38,8 @@ type (
 		dockerClientFactory  *dockerclient.ClientFactory
 		gitService           portainer.GitService
 		snapshotService      portainer.SnapshotService
+		dockerID             string
+		mu                   sync.Mutex
 	}
 
 	// TransportParameters is used to create a new Transport
@@ -679,9 +682,7 @@ func (transport *Transport) executeGenericResourceDeletionOperation(request *htt
 	}
 
 	if resourceControl != nil {
-		if err := transport.dataStore.ResourceControl().Delete(resourceControl.ID); err != nil {
-			return response, err
-		}
+		err = transport.dataStore.ResourceControl().Delete(resourceControl.ID)
 	}
 
 	return response, err

api/http/proxy/factory/docker/volumes.go

@@ -14,7 +14,6 @@ import (
 	"github.com/portainer/portainer/api/internal/snapshot"
 
 	"github.com/docker/docker/client"
-	"github.com/rs/zerolog/log"
 )
 
 const volumeObjectIdentifier = "ResourceID"
@@ -50,15 +49,6 @@ func (transport *Transport) volumeListOperation(response *http.Response, executo
 
 	volumeData := responseObject["Volumes"].([]any)
 
-	if transport.snapshotService != nil {
-		// Filling snapshot data can improve the performance of getVolumeResourceID
-		if err = transport.snapshotService.FillSnapshotData(transport.endpoint); err != nil {
-			log.Info().Err(err).
-				Int("endpoint id", int(transport.endpoint.ID)).
-				Msg("snapshot is not filled into the endpoint.")
-		}
-	}
-
 	for _, volumeObject := range volumeData {
 		volume := volumeObject.(map[string]any)
 
@@ -147,7 +137,7 @@ func (transport *Transport) decorateVolumeResourceCreationOperation(request *htt
 		}
 		defer cli.Close()
 
-		if _, err = cli.VolumeInspect(context.Background(), volumeID); err == nil {
+		if _, err := cli.VolumeInspect(context.Background(), volumeID); err == nil {
 			return &http.Response{
 				StatusCode: http.StatusConflict,
 			}, errors.New("a volume with the same name already exists")
@@ -222,14 +212,27 @@ func (transport *Transport) getVolumeResourceID(volumeName string) (string, erro
 }
 
 func (transport *Transport) getDockerID() (string, error) {
-	if len(transport.endpoint.Snapshots) > 0 {
-		dockerID, err := snapshot.FetchDockerID(transport.endpoint.Snapshots[0])
-		// ignore err - in case of error, just generate not from snapshot
-		if err == nil {
-			return dockerID, nil
+	transport.mu.Lock()
+	defer transport.mu.Unlock()
+
+	// Local cache
+	if transport.dockerID != "" {
+		return transport.dockerID, nil
+	}
+
+	// Snapshot cache
+	if transport.snapshotService != nil {
+		endpoint := portainer.Endpoint{ID: transport.endpoint.ID}
+
+		if err := transport.snapshotService.FillSnapshotData(&endpoint); err == nil && len(endpoint.Snapshots) > 0 {
+			if dockerID, err := snapshot.FetchDockerID(endpoint.Snapshots[0]); err == nil {
+				transport.dockerID = dockerID
+				return dockerID, nil
+			}
 		}
 	}
 
+	// Remote value
 	client, err := transport.dockerClientFactory.CreateClient(transport.endpoint, "", nil)
 	if err != nil {
 		return "", err
@@ -242,8 +245,11 @@ func (transport *Transport) getDockerID() (string, error) {
 	}
 
 	if info.Swarm.Cluster != nil {
-		return info.Swarm.Cluster.ID, nil
+		transport.dockerID = info.Swarm.Cluster.ID
+		return transport.dockerID, nil
 	}
 
-	return info.ID, nil
+	transport.dockerID = info.ID
+
+	return transport.dockerID, nil
 }

api/http/server.go

@@ -24,7 +24,6 @@ import (
 	"github.com/portainer/portainer/api/http/handler/edgegroups"
 	"github.com/portainer/portainer/api/http/handler/edgejobs"
 	"github.com/portainer/portainer/api/http/handler/edgestacks"
-	"github.com/portainer/portainer/api/http/handler/edgetemplates"
 	"github.com/portainer/portainer/api/http/handler/endpointedge"
 	"github.com/portainer/portainer/api/http/handler/endpointgroups"
 	"github.com/portainer/portainer/api/http/handler/endpointproxy"
@@ -161,14 +160,14 @@ func (server *Server) Start() error {
 	edgeJobsHandler.FileService = server.FileService
 	edgeJobsHandler.ReverseTunnelService = server.ReverseTunnelService
 
-	var edgeStacksHandler = edgestacks.NewHandler(requestBouncer, server.DataStore, server.EdgeStacksService)
+	edgeStackCoordinator := edgestacks.NewEdgeStackStatusUpdateCoordinator(server.DataStore)
+	go edgeStackCoordinator.Start()
+
+	var edgeStacksHandler = edgestacks.NewHandler(requestBouncer, server.DataStore, server.EdgeStacksService, edgeStackCoordinator)
 	edgeStacksHandler.FileService = server.FileService
 	edgeStacksHandler.GitService = server.GitService
 	edgeStacksHandler.KubernetesDeployer = server.KubernetesDeployer
 
-	var edgeTemplatesHandler = edgetemplates.NewHandler(requestBouncer)
-	edgeTemplatesHandler.DataStore = server.DataStore
-
 	var endpointHandler = endpoints.NewHandler(requestBouncer)
 	endpointHandler.DataStore = server.DataStore
 	endpointHandler.FileService = server.FileService
@@ -303,7 +302,6 @@ func (server *Server) Start() error {
 		EdgeGroupsHandler:      edgeGroupsHandler,
 		EdgeJobsHandler:        edgeJobsHandler,
 		EdgeStacksHandler:      edgeStacksHandler,
-		EdgeTemplatesHandler:   edgeTemplatesHandler,
 		EndpointGroupHandler:   endpointGroupHandler,
 		EndpointHandler:        endpointHandler,
 		EndpointHelmHandler:    endpointHelmHandler,

api/internal/edge/edgestacks/service.go

@@ -99,12 +99,15 @@ func (service *Service) PersistEdgeStack(
 	stack.ManifestPath = manifestPath
 	stack.ProjectPath = projectPath
 	stack.EntryPoint = composePath
-	stack.NumDeployments = len(relatedEndpointIds)
 
 	if err := tx.EdgeStack().Create(stack.ID, stack); err != nil {
 		return nil, err
 	}
 
+	if err := tx.EndpointRelation().AddEndpointRelationsForEdgeStack(relatedEndpointIds, stack.ID); err != nil {
+		return nil, fmt.Errorf("unable to add endpoint relations: %w", err)
+	}
+
 	if err := service.updateEndpointRelations(tx, stack.ID, relatedEndpointIds); err != nil {
 		return nil, fmt.Errorf("unable to update endpoint relations: %w", err)
 	}
@@ -119,6 +122,9 @@ func (service *Service) updateEndpointRelations(tx dataservices.DataStoreTx, edg
 	for _, endpointID := range relatedEndpointIds {
 		relation, err := endpointRelationService.EndpointRelation(endpointID)
 		if err != nil {
+			if tx.IsErrObjectNotFound(err) {
+				continue
+			}
 			return fmt.Errorf("unable to find endpoint relation in database: %w", err)
 		}
 
@@ -144,17 +150,8 @@ func (service *Service) DeleteEdgeStack(tx dataservices.DataStoreTx, edgeStackID
 		return errors.WithMessage(err, "Unable to retrieve edge stack related environments from database")
 	}
 
-	for _, endpointID := range relatedEndpointIds {
-		relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
-		if err != nil {
-			return errors.WithMessage(err, "Unable to find environment relation in database")
-		}
-
-		delete(relation.EdgeStacks, edgeStackID)
-
-		if err := tx.EndpointRelation().UpdateEndpointRelation(endpointID, relation); err != nil {
-			return errors.WithMessage(err, "Unable to persist environment relation in database")
-		}
+	if err := tx.EndpointRelation().RemoveEndpointRelationsForEdgeStack(relatedEndpointIds, edgeStackID); err != nil {
+		return errors.WithMessage(err, "unable to remove environment relation in database")
 	}
 
 	if err := tx.EdgeStack().DeleteEdgeStack(edgeStackID); err != nil {

api/internal/edge/edgestacks/status.go

@@ -9,7 +9,6 @@ func NewStatus(oldStatus map[portainer.EndpointID]portainer.EdgeStackStatus, rel
 	status := map[portainer.EndpointID]portainer.EdgeStackStatus{}
 
 	for _, environmentID := range relatedEnvironmentIDs {
-
 		newEnvStatus := portainer.EdgeStackStatus{
 			Status:     []portainer.EdgeStackDeploymentStatus{},
 			EndpointID: environmentID,

api/internal/snapshot/snapshot.go

@@ -16,7 +16,7 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
-// Service repesents a service to manage environment(endpoint) snapshots.
+// Service represents a service to manage environment(endpoint) snapshots.
 // It provides an interface to start background snapshots as well as
 // specific Docker/Kubernetes environment(endpoint) snapshot methods.
 type Service struct {
@@ -174,30 +174,6 @@ func (service *Service) FillSnapshotData(endpoint *portainer.Endpoint) error {
 	return FillSnapshotData(service.dataStore, endpoint)
 }
 
-func FillSnapshotData(tx dataservices.DataStoreTx, endpoint *portainer.Endpoint) error {
-	snapshot, err := tx.Snapshot().Read(endpoint.ID)
-	if tx.IsErrObjectNotFound(err) {
-		endpoint.Snapshots = []portainer.DockerSnapshot{}
-		endpoint.Kubernetes.Snapshots = []portainer.KubernetesSnapshot{}
-
-		return nil
-	}
-
-	if err != nil {
-		return err
-	}
-
-	if snapshot.Docker != nil {
-		endpoint.Snapshots = []portainer.DockerSnapshot{*snapshot.Docker}
-	}
-
-	if snapshot.Kubernetes != nil {
-		endpoint.Kubernetes.Snapshots = []portainer.KubernetesSnapshot{*snapshot.Kubernetes}
-	}
-
-	return nil
-}
-
 func (service *Service) snapshotKubernetesEndpoint(endpoint *portainer.Endpoint) error {
 	kubernetesSnapshot, err := service.kubernetesSnapshotter.CreateSnapshot(endpoint)
 	if err != nil {
@@ -285,11 +261,16 @@ func (service *Service) snapshotEndpoints() error {
 
 		snapshotError := service.SnapshotEndpoint(&endpoint)
 
-		service.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+		if err := service.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
 			updateEndpointStatus(tx, &endpoint, snapshotError, service.pendingActionsService)
 
 			return nil
-		})
+		}); err != nil {
+			log.Error().
+				Err(err).
+				Int("endpoint_id", int(endpoint.ID)).
+				Msg("unable to update environment status")
+		}
 	}
 
 	return nil
@@ -340,12 +321,31 @@ func FetchDockerID(snapshot portainer.DockerSnapshot) (string, error) {
 		return info.ID, nil
 	}
 
-	swarmInfo := info.Swarm
-	if swarmInfo.Cluster == nil {
+	if info.Swarm.Cluster == nil {
 		return "", errors.New("swarm environment is missing cluster info snapshot")
 	}
 
-	clusterInfo := swarmInfo.Cluster
-
-	return clusterInfo.ID, nil
+	return info.Swarm.Cluster.ID, nil
+}
+
+func FillSnapshotData(tx dataservices.DataStoreTx, endpoint *portainer.Endpoint) error {
+	snapshot, err := tx.Snapshot().Read(endpoint.ID)
+	if tx.IsErrObjectNotFound(err) {
+		endpoint.Snapshots = []portainer.DockerSnapshot{}
+		endpoint.Kubernetes.Snapshots = []portainer.KubernetesSnapshot{}
+
+		return nil
+	} else if err != nil {
+		return err
+	}
+
+	if snapshot.Docker != nil {
+		endpoint.Snapshots = []portainer.DockerSnapshot{*snapshot.Docker}
+	}
+
+	if snapshot.Kubernetes != nil {
+		endpoint.Kubernetes.Snapshots = []portainer.KubernetesSnapshot{*snapshot.Kubernetes}
+	}
+
+	return nil
 }

api/internal/ssl/ssl.go

@@ -64,8 +64,7 @@ func (service *Service) Init(host, certPath, keyPath string) error {
 	// path not supplied and certificates doesn't exist - generate self-signed
 	certPath, keyPath = service.fileService.GetDefaultSSLCertsPath()
 
-	err = generateSelfSignedCertificates(host, certPath, keyPath)
-	if err != nil {
+	if err := generateSelfSignedCertificates(host, certPath, keyPath); err != nil {
 		return errors.Wrap(err, "failed generating self signed certs")
 	}
 
@@ -98,8 +97,7 @@ func (service *Service) SetCertificates(certData, keyData []byte) error {
 		return errors.New("missing certificate files")
 	}
 
-	_, err := tls.X509KeyPair(certData, keyData)
-	if err != nil {
+	if _, err := tls.X509KeyPair(certData, keyData); err != nil {
 		return err
 	}
 
@@ -108,8 +106,7 @@ func (service *Service) SetCertificates(certData, keyData []byte) error {
 		return err
 	}
 
-	err = service.cacheInfo(certPath, keyPath, false)
-	if err != nil {
+	if err := service.cacheInfo(certPath, keyPath, false); err != nil {
 		return err
 	}
 
@@ -130,8 +127,7 @@ func (service *Service) SetHTTPEnabled(httpEnabled bool) error {
 
 	settings.HTTPEnabled = httpEnabled
 
-	err = service.dataStore.SSLSettings().UpdateSettings(settings)
-	if err != nil {
+	if err := service.dataStore.SSLSettings().UpdateSettings(settings); err != nil {
 		return err
 	}
 
@@ -152,8 +148,7 @@ func (service *Service) cacheCertificate(certPath, keyPath string) error {
 }
 
 func (service *Service) cacheInfo(certPath string, keyPath string, selfSigned bool) error {
-	err := service.cacheCertificate(certPath, keyPath)
-	if err != nil {
+	if err := service.cacheCertificate(certPath, keyPath); err != nil {
 		return err
 	}
 

api/internal/testhelpers/datastore.go

@@ -9,6 +9,8 @@ import (
 	"github.com/portainer/portainer/api/dataservices/errors"
 )
 
+var _ dataservices.DataStore = &testDatastore{}
+
 type testDatastore struct {
 	customTemplate          dataservices.CustomTemplateService
 	edgeGroup               dataservices.EdgeGroupService
@@ -227,6 +229,30 @@ func (s *stubEndpointRelationService) UpdateEndpointRelation(ID portainer.Endpoi
 	return nil
 }
 
+func (s *stubEndpointRelationService) AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	for _, endpointID := range endpointIDs {
+		for i, r := range s.relations {
+			if r.EndpointID == endpointID {
+				s.relations[i].EdgeStacks[edgeStackID] = true
+			}
+		}
+	}
+
+	return nil
+}
+
+func (s *stubEndpointRelationService) RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
+	for _, endpointID := range endpointIDs {
+		for i, r := range s.relations {
+			if r.EndpointID == endpointID {
+				delete(s.relations[i].EdgeStacks, edgeStackID)
+			}
+		}
+	}
+
+	return nil
+}
+
 func (s *stubEndpointRelationService) DeleteEndpointRelation(ID portainer.EndpointID) error {
 	return nil
 }

api/kubernetes/cli/cronjob.go

@@ -0,0 +1,123 @@
+package cli
+
+import (
+	"context"
+	"strings"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	"github.com/portainer/portainer/api/internal/errorlist"
+	batchv1 "k8s.io/api/batch/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GetCronJobs returns all cronjobs in the given namespace
+// If the user is a kube admin, it returns all cronjobs in the namespace
+// Otherwise, it returns only the cronjobs in the non-admin namespaces
+func (kcl *KubeClient) GetCronJobs(namespace string) ([]models.K8sCronJob, error) {
+	if kcl.IsKubeAdmin {
+		return kcl.fetchCronJobs(namespace)
+	}
+
+	return kcl.fetchCronJobsForNonAdmin(namespace)
+}
+
+// fetchCronJobsForNonAdmin returns all cronjobs in the given namespace
+// It returns only the cronjobs in the non-admin namespaces
+func (kcl *KubeClient) fetchCronJobsForNonAdmin(namespace string) ([]models.K8sCronJob, error) {
+	cronJobs, err := kcl.fetchCronJobs(namespace)
+	if err != nil {
+		return nil, err
+	}
+
+	nonAdminNamespaceSet := kcl.buildNonAdminNamespacesMap()
+	results := make([]models.K8sCronJob, 0)
+	for _, cronJob := range cronJobs {
+		if _, ok := nonAdminNamespaceSet[cronJob.Namespace]; ok {
+			results = append(results, cronJob)
+		}
+	}
+
+	return results, nil
+}
+
+// fetchCronJobs returns all cronjobs in the given namespace
+// It returns all cronjobs in the namespace
+func (kcl *KubeClient) fetchCronJobs(namespace string) ([]models.K8sCronJob, error) {
+	cronJobs, err := kcl.cli.BatchV1().CronJobs(namespace).List(context.TODO(), metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	jobs, err := kcl.cli.BatchV1().Jobs(namespace).List(context.TODO(), metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	results := make([]models.K8sCronJob, 0)
+	for _, cronJob := range cronJobs.Items {
+		results = append(results, kcl.parseCronJob(cronJob, jobs))
+	}
+
+	return results, nil
+}
+
+// parseCronJob converts a batchv1.CronJob object to a models.K8sCronJob object.
+func (kcl *KubeClient) parseCronJob(cronJob batchv1.CronJob, jobsList *batchv1.JobList) models.K8sCronJob {
+	jobs, err := kcl.getCronJobExecutions(cronJob.Name, jobsList)
+	if err != nil {
+		return models.K8sCronJob{}
+	}
+
+	timezone := "<none>"
+	if cronJob.Spec.TimeZone != nil {
+		timezone = *cronJob.Spec.TimeZone
+	}
+
+	suspend := false
+	if cronJob.Spec.Suspend != nil {
+		suspend = *cronJob.Spec.Suspend
+	}
+
+	return models.K8sCronJob{
+		Id:        string(cronJob.UID),
+		Name:      cronJob.Name,
+		Namespace: cronJob.Namespace,
+		Command:   strings.Join(cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Command, " "),
+		Schedule:  cronJob.Spec.Schedule,
+		Timezone:  timezone,
+		Suspend:   suspend,
+		Jobs:      jobs,
+		IsSystem:  kcl.isSystemCronJob(cronJob.Namespace),
+	}
+}
+
+func (kcl *KubeClient) isSystemCronJob(namespace string) bool {
+	return kcl.isSystemNamespace(namespace)
+}
+
+// DeleteCronJobs deletes the provided list of cronjobs in its namespace
+// it returns an error if any of the cronjobs are not found or if there is an error deleting the cronjobs
+func (kcl *KubeClient) DeleteCronJobs(payload models.K8sCronJobDeleteRequests) error {
+	var errors []error
+	for namespace := range payload {
+		for _, cronJobName := range payload[namespace] {
+			client := kcl.cli.BatchV1().CronJobs(namespace)
+
+			_, err := client.Get(context.Background(), cronJobName, metav1.GetOptions{})
+			if err != nil {
+				if k8serrors.IsNotFound(err) {
+					continue
+				}
+
+				errors = append(errors, err)
+			}
+
+			if err := client.Delete(context.Background(), cronJobName, metav1.DeleteOptions{}); err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+
+	return errorlist.Combine(errors)
+}

api/kubernetes/cli/cronjob_test.go

@@ -0,0 +1,66 @@
+package cli
+
+import (
+	"context"
+	"testing"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	batchv1 "k8s.io/api/batch/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	kfake "k8s.io/client-go/kubernetes/fake"
+)
+
+// TestFetchCronJobs tests the fetchCronJobs method for both admin and non-admin clients
+// It creates a fake Kubernetes client and passes it to the fetchCronJobs method
+// It then logs the fetched Cron Jobs
+// non-admin client will have access to the default namespace only
+func (kcl *KubeClient) TestFetchCronJobs(t *testing.T) {
+	t.Run("admin client can fetch Cron Jobs from all namespaces", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+		kcl.IsKubeAdmin = true
+
+		cronJobs, err := kcl.GetCronJobs("")
+		if err != nil {
+			t.Fatalf("Failed to fetch Cron Jobs: %v", err)
+		}
+
+		t.Logf("Fetched Cron Jobs: %v", cronJobs)
+	})
+
+	t.Run("non-admin client can fetch Cron Jobs from the default namespace only", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+		kcl.IsKubeAdmin = false
+		kcl.NonAdminNamespaces = []string{"default"}
+
+		cronJobs, err := kcl.GetCronJobs("")
+		if err != nil {
+			t.Fatalf("Failed to fetch Cron Jobs: %v", err)
+		}
+
+		t.Logf("Fetched Cron Jobs: %v", cronJobs)
+	})
+
+	t.Run("delete Cron Jobs", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+
+		_, err := kcl.cli.BatchV1().CronJobs("default").Create(context.Background(), &batchv1.CronJob{
+			ObjectMeta: metav1.ObjectMeta{Name: "test-cronjob"},
+		}, metav1.CreateOptions{})
+		if err != nil {
+			t.Fatalf("Failed to create cron job: %v", err)
+		}
+
+		err = kcl.DeleteCronJobs(models.K8sCronJobDeleteRequests{
+			"default": []string{"test-cronjob"},
+		})
+
+		if err != nil {
+			t.Fatalf("Failed to delete Cron Jobs: %v", err)
+		}
+
+		t.Logf("Deleted Cron Jobs")
+	})
+}

api/kubernetes/cli/job.go

@@ -0,0 +1,227 @@
+package cli
+
+import (
+	"context"
+	"fmt"
+	"sort"
+	"strings"
+	"time"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	"github.com/portainer/portainer/api/internal/errorlist"
+	"github.com/rs/zerolog/log"
+	batchv1 "k8s.io/api/batch/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// GetJobs returns all jobs in the given namespace
+// If the user is a kube admin, it returns all jobs in the namespace
+// Otherwise, it returns only the jobs in the non-admin namespaces
+func (kcl *KubeClient) GetJobs(namespace string, includeCronJobChildren bool) ([]models.K8sJob, error) {
+	if kcl.IsKubeAdmin {
+		return kcl.fetchJobs(namespace, includeCronJobChildren)
+	}
+
+	return kcl.fetchJobsForNonAdmin(namespace, includeCronJobChildren)
+}
+
+// fetchJobsForNonAdmin returns all jobs in the given namespace
+// It returns only the jobs in the non-admin namespaces
+func (kcl *KubeClient) fetchJobsForNonAdmin(namespace string, includeCronJobChildren bool) ([]models.K8sJob, error) {
+	jobs, err := kcl.fetchJobs(namespace, includeCronJobChildren)
+	if err != nil {
+		return nil, err
+	}
+
+	nonAdminNamespaceSet := kcl.buildNonAdminNamespacesMap()
+	results := make([]models.K8sJob, 0)
+	for _, job := range jobs {
+		if _, ok := nonAdminNamespaceSet[job.Namespace]; ok {
+			results = append(results, job)
+		}
+	}
+
+	return results, nil
+}
+
+// fetchJobs returns all jobs in the given namespace
+// It returns all jobs in the namespace
+func (kcl *KubeClient) fetchJobs(namespace string, includeCronJobChildren bool) ([]models.K8sJob, error) {
+	jobs, err := kcl.cli.BatchV1().Jobs(namespace).List(context.TODO(), metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	results := make([]models.K8sJob, 0)
+	for _, job := range jobs.Items {
+		if !includeCronJobChildren && checkCronJobOwner(job) {
+			continue
+		}
+
+		results = append(results, kcl.parseJob(job))
+	}
+
+	return results, nil
+}
+
+// checkCronJobOwner checks if the job has a cronjob owner
+// it returns true if the job has a cronjob owner
+// otherwise, it returns false
+func checkCronJobOwner(job batchv1.Job) bool {
+	for _, owner := range job.OwnerReferences {
+		if owner.Kind == "CronJob" {
+			return true
+		}
+	}
+
+	return false
+}
+
+// parseJob converts a batchv1.Job object to a models.K8sJob object.
+func (kcl *KubeClient) parseJob(job batchv1.Job) models.K8sJob {
+	times := parseJobTimes(job)
+	status, failedReason := determineJobStatus(job)
+	podName := getJobPodName(kcl, job)
+
+	return models.K8sJob{
+		ID:           string(job.UID),
+		Namespace:    job.Namespace,
+		Name:         job.Name,
+		PodName:      podName,
+		Command:      strings.Join(job.Spec.Template.Spec.Containers[0].Command, " "),
+		Container:    job.Spec.Template.Spec.Containers[0],
+		BackoffLimit: *job.Spec.BackoffLimit,
+		Completions:  *job.Spec.Completions,
+		StartTime:    times.start,
+		FinishTime:   times.finish,
+		Duration:     times.duration,
+		Status:       status,
+		FailedReason: failedReason,
+		IsSystem:     kcl.isSystemJob(job.Namespace),
+	}
+}
+
+func (kcl *KubeClient) isSystemJob(namespace string) bool {
+	return kcl.isSystemNamespace(namespace)
+}
+
+type jobTimes struct {
+	start    string
+	finish   string
+	duration string
+}
+
+func parseJobTimes(job batchv1.Job) jobTimes {
+	times := jobTimes{
+		start:    "N/A",
+		finish:   "N/A",
+		duration: "N/A",
+	}
+
+	if st := job.Status.StartTime; st != nil {
+		times.start = st.Time.Format(time.RFC3339)
+		times.duration = time.Since(st.Time).Truncate(time.Minute).String()
+
+		if ct := job.Status.CompletionTime; ct != nil {
+			times.finish = ct.Time.Format(time.RFC3339)
+			times.duration = ct.Time.Sub(st.Time).String()
+		}
+	}
+
+	return times
+}
+
+func determineJobStatus(job batchv1.Job) (status, failedReason string) {
+	failedReason = "N/A"
+
+	switch {
+	case job.Status.Failed > 0:
+		return "Failed", getLatestJobCondition(job.Status.Conditions)
+	case job.Status.Succeeded > 0:
+		return "Succeeded", failedReason
+	case job.Status.Active == 0:
+		return "Completed", failedReason
+	default:
+		return "Running", failedReason
+	}
+}
+
+func getJobPodName(kcl *KubeClient, job batchv1.Job) string {
+	pod, err := kcl.getLatestJobPod(job.Namespace, job.Name)
+	if err != nil {
+		log.Warn().Err(err).
+			Str("job", job.Name).
+			Str("namespace", job.Namespace).
+			Msg("Failed to get latest job pod")
+		return ""
+	}
+
+	if pod != nil {
+		return pod.Name
+	}
+	return ""
+}
+
+// getCronJobExecutions returns the jobs for a given cronjob
+// it returns the jobs for the cronjob
+func (kcl *KubeClient) getCronJobExecutions(cronJobName string, jobs *batchv1.JobList) ([]models.K8sJob, error) {
+	maxItems := 5
+
+	results := make([]models.K8sJob, 0)
+	for _, job := range jobs.Items {
+		for _, owner := range job.OwnerReferences {
+			if owner.Kind == "CronJob" && owner.Name == cronJobName {
+				results = append(results, kcl.parseJob(job))
+
+				if len(results) >= maxItems {
+					return results, nil
+				}
+			}
+		}
+	}
+
+	return results, nil
+}
+
+// DeleteJobs deletes the provided list of jobs
+// it returns an error if any of the jobs are not found or if there is an error deleting the jobs
+func (kcl *KubeClient) DeleteJobs(payload models.K8sJobDeleteRequests) error {
+	var errors []error
+	for namespace := range payload {
+		for _, jobName := range payload[namespace] {
+			client := kcl.cli.BatchV1().Jobs(namespace)
+
+			_, err := client.Get(context.Background(), jobName, metav1.GetOptions{})
+			if err != nil {
+				if k8serrors.IsNotFound(err) {
+					continue
+				}
+
+				errors = append(errors, err)
+			}
+
+			if err := client.Delete(context.Background(), jobName, metav1.DeleteOptions{}); err != nil {
+				errors = append(errors, err)
+			}
+		}
+	}
+
+	return errorlist.Combine(errors)
+}
+
+// getLatestJobCondition returns the latest condition of the job
+// it returns the latest condition of the job
+// this is only used for the failed reason
+func getLatestJobCondition(conditions []batchv1.JobCondition) string {
+	if len(conditions) == 0 {
+		return "No conditions"
+	}
+
+	sort.Slice(conditions, func(i, j int) bool {
+		return conditions[i].LastTransitionTime.After(conditions[j].LastTransitionTime.Time)
+	})
+
+	latest := conditions[0]
+	return fmt.Sprintf("%s: %s", latest.Type, latest.Message)
+}

api/kubernetes/cli/job_test.go

@@ -0,0 +1,64 @@
+package cli
+
+import (
+	"context"
+	"testing"
+
+	models "github.com/portainer/portainer/api/http/models/kubernetes"
+	batchv1 "k8s.io/api/batch/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	kfake "k8s.io/client-go/kubernetes/fake"
+)
+
+// TestFetchJobs tests the fetchJobs method for both admin and non-admin clients
+// It creates a fake Kubernetes client and passes it to the fetchJobs method
+// It then logs the fetched jobs
+// non-admin client will have access to the default namespace only
+func (kcl *KubeClient) TestFetchJobs(t *testing.T) {
+	t.Run("admin client can fetch jobs from all namespaces", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+		kcl.IsKubeAdmin = true
+
+		jobs, err := kcl.GetJobs("", false)
+		if err != nil {
+			t.Fatalf("Failed to fetch jobs: %v", err)
+		}
+
+		t.Logf("Fetched jobs: %v", jobs)
+	})
+
+	t.Run("non-admin client can fetch jobs from the default namespace only", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+		kcl.IsKubeAdmin = false
+		kcl.NonAdminNamespaces = []string{"default"}
+
+		jobs, err := kcl.GetJobs("", false)
+		if err != nil {
+			t.Fatalf("Failed to fetch jobs: %v", err)
+		}
+
+		t.Logf("Fetched jobs: %v", jobs)
+	})
+
+	t.Run("delete jobs", func(t *testing.T) {
+		kcl.cli = kfake.NewSimpleClientset()
+		kcl.instanceID = "test"
+
+		_, err := kcl.cli.BatchV1().Jobs("default").Create(context.Background(), &batchv1.Job{
+			ObjectMeta: metav1.ObjectMeta{Name: "test-job"},
+		}, metav1.CreateOptions{})
+		if err != nil {
+			t.Fatalf("Failed to create job: %v", err)
+		}
+
+		err = kcl.DeleteJobs(models.K8sJobDeleteRequests{
+			"default": []string{"test-job"},
+		})
+
+		if err != nil {
+			t.Fatalf("Failed to delete jobs: %v", err)
+		}
+	})
+}

api/kubernetes/cli/pod.go

@@ -275,3 +275,22 @@ func isPodUsingSecret(pod *corev1.Pod, secretName string) bool {
 
 	return false
 }
+
+// getLatestJobPod returns the pods that are owned by a job
+// it returns an error if there is an error fetching the pods
+func (kcl *KubeClient) getLatestJobPod(namespace string, jobName string) (*corev1.Pod, error) {
+	pods, err := kcl.cli.CoreV1().Pods(namespace).List(context.TODO(), metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	for _, pod := range pods.Items {
+		for _, owner := range pod.OwnerReferences {
+			if owner.Kind == "Job" && owner.Name == jobName {
+				return &pod, nil
+			}
+		}
+	}
+
+	return nil, nil
+}

api/oauth/oauth.go

@@ -50,7 +50,7 @@ func (*Service) Authenticate(code string, configuration *portainer.OAuthSettings
 		return "", err
 	}
 
-	maps.Copy(idToken, resource)
+	maps.Copy(resource, idToken)
 
 	username, err := GetUsername(resource, configuration.UserIdentifier)
 	if err != nil {

api/platform/service.go

@@ -5,13 +5,19 @@ import (
 	"fmt"
 	"slices"
 	"strings"
+	"sync"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/internal/endpointutils"
+
 	"github.com/rs/zerolog/log"
 )
 
+var (
+	ErrNoLocalEnvironment = errors.New("No local environment was detected")
+)
+
 type Service interface {
 	GetLocalEnvironment() (*portainer.Endpoint, error)
 	GetPlatform() (ContainerPlatform, error)
@@ -21,38 +27,46 @@ type service struct {
 	dataStore   dataservices.DataStore
 	environment *portainer.Endpoint
 	platform    ContainerPlatform
+	mu          sync.Mutex
 }
 
-func NewService(dataStore dataservices.DataStore) (Service, error) {
+func NewService(dataStore dataservices.DataStore) (*service, error) {
+	return &service{dataStore: dataStore}, nil
+}
 
-	return &service{
-		dataStore: dataStore,
-	}, nil
+func (service *service) loadEnvAndPlatform() error {
+	if service.environment != nil {
+		return nil
+	}
+
+	environment, platform, err := detectLocalEnvironment(service.dataStore)
+	if err != nil {
+		return err
+	}
+
+	service.environment = environment
+	service.platform = platform
+
+	return nil
 }
 
 func (service *service) GetLocalEnvironment() (*portainer.Endpoint, error) {
-	if service.environment == nil {
-		environment, platform, err := guessLocalEnvironment(service.dataStore)
-		if err != nil {
-			return nil, err
-		}
+	service.mu.Lock()
+	defer service.mu.Unlock()
 
-		service.environment = environment
-		service.platform = platform
+	if err := service.loadEnvAndPlatform(); err != nil {
+		return nil, err
 	}
 
 	return service.environment, nil
 }
 
 func (service *service) GetPlatform() (ContainerPlatform, error) {
-	if service.environment == nil {
-		environment, platform, err := guessLocalEnvironment(service.dataStore)
-		if err != nil {
-			return "", err
-		}
+	service.mu.Lock()
+	defer service.mu.Unlock()
 
-		service.environment = environment
-		service.platform = platform
+	if err := service.loadEnvAndPlatform(); err != nil {
+		return "", err
 	}
 
 	return service.platform, nil
@@ -63,7 +77,7 @@ var platformToEndpointType = map[ContainerPlatform][]portainer.EndpointType{
 	PlatformKubernetes: {portainer.KubernetesLocalEnvironment},
 }
 
-func guessLocalEnvironment(dataStore dataservices.DataStore) (*portainer.Endpoint, ContainerPlatform, error) {
+func detectLocalEnvironment(dataStore dataservices.DataStore) (*portainer.Endpoint, ContainerPlatform, error) {
 	platform := DetermineContainerPlatform()
 
 	if !slices.Contains([]ContainerPlatform{PlatformDocker, PlatformKubernetes}, platform) {
@@ -90,19 +104,20 @@ func guessLocalEnvironment(dataStore dataservices.DataStore) (*portainer.Endpoin
 	}
 
 	for _, endpoint := range endpoints {
-		if slices.Contains(endpointTypes, endpoint.Type) {
-			if platform != PlatformDocker {
-				return &endpoint, platform, nil
-			}
+		if !slices.Contains(endpointTypes, endpoint.Type) {
+			continue
+		}
 
-			dockerPlatform := checkDockerEnvTypeForUpgrade(&endpoint)
-			if dockerPlatform != "" {
-				return &endpoint, dockerPlatform, nil
-			}
+		if platform != PlatformDocker {
+			return &endpoint, platform, nil
+		}
+
+		if dockerPlatform := checkDockerEnvTypeForUpgrade(&endpoint); dockerPlatform != "" {
+			return &endpoint, dockerPlatform, nil
 		}
 	}
 
-	return nil, "", errors.New("failed to find local environment")
+	return nil, "", ErrNoLocalEnvironment
 }
 
 func checkDockerEnvTypeForUpgrade(environment *portainer.Endpoint) ContainerPlatform {

api/portainer.go

@@ -370,6 +370,7 @@ type (
 		Error string
 		// EE only feature
 		RollbackTo *int
+		Version    int `json:"Version,omitempty"`
 	}
 
 	// EdgeStackStatusType represents an edge stack status type
@@ -587,7 +588,7 @@ type (
 		// User identifier
 		UserID UserID `json:"UserId" example:"1"`
 		// Helm repository URL
-		URL string `json:"URL" example:"https://charts.bitnami.com/bitnami"`
+		URL string `json:"URL" example:"https://kubernetes.github.io/ingress-nginx"`
 	}
 
 	// QuayRegistryData represents data required for Quay registry to work
@@ -983,8 +984,8 @@ type (
 		KubeconfigExpiry string `json:"KubeconfigExpiry" example:"24h"`
 		// Whether telemetry is enabled
 		EnableTelemetry bool `json:"EnableTelemetry" example:"false"`
-		// Helm repository URL, defaults to "https://charts.bitnami.com/bitnami"
-		HelmRepositoryURL string `json:"HelmRepositoryURL" example:"https://charts.bitnami.com/bitnami"`
+		// Helm repository URL, defaults to ""
+		HelmRepositoryURL string `json:"HelmRepositoryURL"`
 		// KubectlImage, defaults to portainer/kubectl-shell
 		KubectlShellImage string `json:"KubectlShellImage" example:"portainer/kubectl-shell"`
 		// TrustOnFirstConnect makes Portainer accepting edge agent connection by default
@@ -1395,6 +1396,13 @@ type (
 		Prune                bool
 	}
 
+	ComposeDownOptions struct {
+		// RemoveVolumes will remove the named volumes declared in the compose file
+		// and anonymous volumes attached to the stack's containers
+		// Drives `docker compose down --volumes`
+		RemoveVolumes bool
+	}
+
 	ComposeRunOptions struct {
 		ComposeOptions
 
@@ -1483,7 +1491,8 @@ type (
 		StoreSSLCertPair(cert, key []byte) (string, string, error)
 		CopySSLCertPair(certPath, keyPath string) (string, string, error)
 		CopySSLCACert(caCertPath string) (string, error)
-		StoreMTLSCertificates(cert, caCert, key []byte) (string, string, string, error)
+		StoreMTLSCertificates(caCert, cert, key []byte) (string, string, string, error)
+		GetMTLSCertificates() (string, string, string, error)
 		GetDefaultChiselPrivateKeyPath() string
 		StoreChiselPrivateKey(privateKey []byte) error
 	}
@@ -1628,9 +1637,9 @@ type (
 
 const (
 	// APIVersion is the version number of the Portainer API
-	APIVersion = "2.25.0"
+	APIVersion = "2.27.1"
 	// Support annotation for the API version ("STS" for Short-Term Support or "LTS" for Long-Term Support)
-	APIVersionSupport = "STS"
+	APIVersionSupport = "LTS"
 	// Edition is what this edition of Portainer is called
 	Edition = PortainerCE
 	// ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax
@@ -1664,8 +1673,8 @@ const (
 	DefaultEdgeAgentCheckinIntervalInSeconds = 5
 	// DefaultTemplatesURL represents the URL to the official templates supported by Portainer
 	DefaultTemplatesURL = "https://raw.githubusercontent.com/portainer/templates/v3/templates.json"
-	// DefaultHelmrepositoryURL represents the URL to the official templates supported by Bitnami
-	DefaultHelmRepositoryURL = "https://charts.bitnami.com/bitnami"
+	// DefaultHelmrepositoryURL set to empty string until oci support is added
+	DefaultHelmRepositoryURL = ""
 	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared
 	DefaultUserSessionTimeout = "8h"
 	// DefaultUserSessionTimeout represents the default timeout after which the user session is cleared

app/constants.ts

@@ -5,7 +5,6 @@ export const API_ENDPOINT_CUSTOM_TEMPLATES = 'api/custom_templates';
 export const API_ENDPOINT_EDGE_GROUPS = 'api/edge_groups';
 export const API_ENDPOINT_EDGE_JOBS = 'api/edge_jobs';
 export const API_ENDPOINT_EDGE_STACKS = 'api/edge_stacks';
-export const API_ENDPOINT_EDGE_TEMPLATES = 'api/edge_templates';
 export const API_ENDPOINT_ENDPOINTS = 'api/endpoints';
 export const API_ENDPOINT_ENDPOINT_GROUPS = 'api/endpoint_groups';
 export const API_ENDPOINT_KUBERNETES = 'api/kubernetes';

app/docker/helpers/imageHelper.js

@@ -1,4 +1,4 @@
-import { buildImageFullURIFromModel, imageContainsURL } from '@/react/docker/images/utils';
+import { buildImageFullURIFromModel, imageContainsURL, fullURIIntoRepoAndTag } from '@/react/docker/images/utils';
 
 angular.module('portainer.docker').factory('ImageHelper', ImageHelperFactory);
 function ImageHelperFactory() {
@@ -18,8 +18,12 @@ function ImageHelperFactory() {
    * @param {PorImageRegistryModel} registry
    */
   function createImageConfigForContainer(imageModel) {
+    const fromImage = buildImageFullURIFromModel(imageModel);
+    const { tag, repo } = fullURIIntoRepoAndTag(fromImage);
     return {
-      fromImage: buildImageFullURIFromModel(imageModel),
+      fromImage,
+      tag,
+      repo,
     };
   }
 

app/docker/views/containers/edit/containerController.js

@@ -207,9 +207,9 @@ angular.module('portainer.docker').controller('ContainerController', [
     async function commitContainerAsync() {
       $scope.config.commitInProgress = true;
       const registryModel = $scope.config.RegistryModel;
-      const imageConfig = ImageHelper.createImageConfigForContainer(registryModel);
+      const { repo, tag } = ImageHelper.createImageConfigForContainer(registryModel);
       try {
-        await commitContainer(endpoint.Id, { container: $transition$.params().id, repo: imageConfig.fromImage });
+        await commitContainer(endpoint.Id, { container: $transition$.params().id, repo, tag });
         Notifications.success('Image created', $transition$.params().id);
         $state.reload();
       } catch (err) {

app/docker/views/images/edit/imageController.js

@@ -2,7 +2,6 @@ import _ from 'lodash-es';
 import { PorImageRegistryModel } from 'Docker/models/porImageRegistry';
 import { confirmImageExport } from '@/react/docker/images/common/ConfirmExportModal';
 import { confirmDelete } from '@@/modals/confirm';
-import { fullURIIntoRepoAndTag } from '@/react/docker/images/utils';
 
 angular.module('portainer.docker').controller('ImageController', [
   '$async',
@@ -71,8 +70,7 @@ angular.module('portainer.docker').controller('ImageController', [
     $scope.tagImage = function () {
       const registryModel = $scope.formValues.RegistryModel;
 
-      const image = ImageHelper.createImageConfigForContainer(registryModel);
-      const { repo, tag } = fullURIIntoRepoAndTag(image.fromImage);
+      const { repo, tag } = ImageHelper.createImageConfigForContainer(registryModel);
 
       ImageService.tagImage($transition$.params().id, repo, tag)
         .then(function success() {

app/docker/views/images/import/importImageController.js

@@ -1,5 +1,4 @@
 import { PorImageRegistryModel } from 'Docker/models/porImageRegistry';
-import { fullURIIntoRepoAndTag } from '@/react/docker/images/utils';
 
 angular.module('portainer.docker').controller('ImportImageController', [
   '$scope',
@@ -34,8 +33,7 @@ angular.module('portainer.docker').controller('ImportImageController', [
     async function tagImage(id) {
       const registryModel = $scope.formValues.RegistryModel;
       if (registryModel.Image) {
-        const image = ImageHelper.createImageConfigForContainer(registryModel);
-        const { repo, tag } = fullURIIntoRepoAndTag(image.fromImage);
+        const { repo, tag } = ImageHelper.createImageConfigForContainer(registryModel);
         try {
           await ImageService.tagImage(id, repo, tag);
         } catch (err) {

app/docker/views/services/edit/service.html

@@ -1,274 +1,281 @@
 <page-header title="'Service details'" breadcrumbs="[{label:'Services', link:'docker.services'}, service.Name]" reload="true"> </page-header>
 
-<div class="row">
-  <div ng-if="isUpdating" class="col-lg-12 col-md-12 col-xs-12">
-    <div class="alert alert-info" role="alert" id="service-update-alert">
-      <p>This service is being updated. Editing this service is currently disabled.</p>
-      <a ui-sref="docker.services.service({id: service.Id}, {reload: true})">Refresh to see if this service has finished updated.</a>
+<div ng-if="!isLoading">
+  <div class="row">
+    <div ng-if="isUpdating" class="col-lg-12 col-md-12 col-xs-12">
+      <div class="alert alert-info" role="alert" id="service-update-alert">
+        <p>This service is being updated. Editing this service is currently disabled.</p>
+        <a ui-sref="docker.services.service({id: service.Id}, {reload: true})">Refresh to see if this service has finished updated.</a>
+      </div>
     </div>
   </div>
-</div>
-<div class="row">
-  <div class="col-lg-9 col-md-9 col-xs-9">
-    <rd-widget>
-      <rd-widget-header icon="shuffle" title-text="Service details"></rd-widget-header>
-      <rd-widget-body classes="no-padding">
-        <table class="table">
-          <tbody>
-            <tr>
-              <td class="w-1/5">Name</td>
-              <td ng-if="applicationState.endpoint.apiVersion <= 1.24">
-                <input
-                  type="text"
-                  class="form-control"
-                  ng-model="service.Name"
-                  ng-change="updateServiceAttribute(service, 'Name')"
-                  ng-disabled="isUpdating"
-                  data-cy="docker-service-edit-name"
-                />
-              </td>
-              <td ng-if="applicationState.endpoint.apiVersion >= 1.25"> {{ service.Name }} </td>
-            </tr>
-            <tr>
-              <td>ID</td>
-              <td> {{ service.Id }} </td>
-            </tr>
-            <tr ng-if="service.CreatedAt">
-              <td>Created at</td>
-              <td>{{ service.CreatedAt | getisodate }}</td>
-            </tr>
-            <tr ng-if="service.UpdatedAt">
-              <td>Last updated at</td>
-              <td>{{ service.UpdatedAt | getisodate }}</td>
-            </tr>
-            <tr ng-if="service.Version">
-              <td>Version</td>
-              <td>{{ service.Version }}</td>
-            </tr>
-            <tr>
-              <td>Scheduling mode</td>
-              <td>{{ service.Mode }}</td>
-            </tr>
-            <tr ng-if="service.Mode === 'replicated'">
-              <td>Replicas</td>
-              <td>
-                <span ng-if="service.Mode === 'replicated'">
+  <div class="row">
+    <div class="col-lg-9 col-md-9 col-xs-9">
+      <rd-widget>
+        <rd-widget-header icon="shuffle" title-text="Service details"></rd-widget-header>
+        <rd-widget-body classes="no-padding">
+          <table class="table">
+            <tbody>
+              <tr>
+                <td class="w-1/5">Name</td>
+                <td ng-if="applicationState.endpoint.apiVersion <= 1.24">
                   <input
-                    class="input-sm"
-                    type="number"
-                    data-cy="docker-service-edit-replicas-input"
-                    ng-model="service.Replicas"
-                    ng-change="updateServiceAttribute(service, 'Replicas')"
-                    disable-authorization="DockerServiceUpdate"
+                    type="text"
+                    class="form-control"
+                    ng-model="service.Name"
+                    ng-change="updateServiceAttribute(service, 'Name')"
+                    ng-disabled="isUpdating"
+                    data-cy="docker-service-edit-name"
                   />
-                </span>
-              </td>
-            </tr>
-            <tr>
-              <td>Image</td>
-              <td>{{ service.Image }}</td>
-            </tr>
-            <tr ng-if="isAdmin && applicationState.endpoint.type !== 4">
-              <td>
-                <div class="inline-flex items-center">
-                  <div> Service webhook </div>
-                  <portainer-tooltip
-                    message="'Webhook (or callback URI) used to automate the update of this service. Sending a POST request to this callback URI (without requiring any authentication) will pull the most up-to-date version of the associated image and re-deploy this service.'"
-                  >
-                  </portainer-tooltip>
-                </div>
-              </td>
-              <td>
-                <div class="flex flex-wrap items-center">
-                  <por-switch-field label-class="'!mr-0'" checked="WebhookExists" disabled="disabledWebhookButton(WebhookExists)" on-change="(onWebhookChange)"></por-switch-field>
-                  <span ng-if="webhookURL">
-                    <span class="text-muted">{{ webhookURL | truncatelr }}</span>
-                    <button type="button" class="btn btn-sm btn-primary btn-sm space-left" ng-if="webhookURL" ng-click="copyWebhook()">
-                      <pr-icon icon="'copy'" class-name="'mr-1'"></pr-icon>
-                      Copy link
-                    </button>
-                    <span>
-                      <pr-icon id="copyNotification" icon="'check'" mode="'success'" style="display: none"></pr-icon>
-                    </span>
+                </td>
+                <td ng-if="applicationState.endpoint.apiVersion >= 1.25"> {{ service.Name }} </td>
+              </tr>
+              <tr>
+                <td>ID</td>
+                <td> {{ service.Id }} </td>
+              </tr>
+              <tr ng-if="service.CreatedAt">
+                <td>Created at</td>
+                <td>{{ service.CreatedAt | getisodate }}</td>
+              </tr>
+              <tr ng-if="service.UpdatedAt">
+                <td>Last updated at</td>
+                <td>{{ service.UpdatedAt | getisodate }}</td>
+              </tr>
+              <tr ng-if="service.Version">
+                <td>Version</td>
+                <td>{{ service.Version }}</td>
+              </tr>
+              <tr>
+                <td>Scheduling mode</td>
+                <td>{{ service.Mode }}</td>
+              </tr>
+              <tr ng-if="service.Mode === 'replicated'">
+                <td>Replicas</td>
+                <td>
+                  <span ng-if="service.Mode === 'replicated'">
+                    <input
+                      class="input-sm"
+                      type="number"
+                      data-cy="docker-service-edit-replicas-input"
+                      ng-model="service.Replicas"
+                      ng-change="updateServiceAttribute(service, 'Replicas')"
+                      disable-authorization="DockerServiceUpdate"
+                    />
                   </span>
-                </div>
-              </td>
-            </tr>
-            <tr authorization="DockerServiceLogs, DockerServiceUpdate, DockerServiceDelete">
-              <td colspan="2">
-                <p class="small text-muted" authorization="DockerServiceUpdate">
-                  Note: you can only rollback one level of changes. Clicking the rollback button without making a new change will undo your previous rollback </p
-                ><div class="flex flex-wrap gap-x-2 gap-y-1">
-                  <a
-                    authorization="DockerServiceLogs"
-                    ng-if="applicationState.endpoint.apiVersion >= 1.3"
-                    class="btn btn-primary btn-sm"
-                    type="button"
-                    ui-sref="docker.services.service.logs({id: service.Id})"
-                  >
-                    <pr-icon icon="'file-text'"></pr-icon>Service logs</a
-                  >
-                  <button
-                    authorization="DockerServiceUpdate"
-                    type="button"
-                    class="btn btn-primary btn-sm !ml-0"
-                    ng-disabled="state.updateInProgress || isUpdating"
-                    ng-click="forceUpdateService(service)"
-                    button-spinner="state.updateInProgress"
-                    ng-if="applicationState.endpoint.apiVersion >= 1.25"
-                  >
-                    <span ng-hide="state.updateInProgress" class="vertical-center">
-                      <pr-icon icon="'refresh-cw'"></pr-icon>
-                      Update the service</span
+                </td>
+              </tr>
+              <tr>
+                <td>Image</td>
+                <td>{{ service.Image }}</td>
+              </tr>
+              <tr ng-if="isAdmin && applicationState.endpoint.type !== 4">
+                <td>
+                  <div class="inline-flex items-center">
+                    <div> Service webhook </div>
+                    <portainer-tooltip
+                      message="'Webhook (or callback URI) used to automate the update of this service. Sending a POST request to this callback URI (without requiring any authentication) will pull the most up-to-date version of the associated image and re-deploy this service.'"
                     >
-                    <span ng-show="state.updateInProgress">Update in progress...</span>
-                  </button>
-                  <button
-                    authorization="DockerServiceUpdate"
-                    type="button"
-                    class="btn btn-primary btn-sm !ml-0"
-                    ng-disabled="state.rollbackInProgress || isUpdating"
-                    ng-click="rollbackService(service)"
-                    button-spinner="state.rollbackInProgress"
-                    ng-if="applicationState.endpoint.apiVersion >= 1.25"
-                  >
-                    <span ng-hide="state.rollbackInProgress" class="vertical-center">
-                      <pr-icon icon="'rotate-ccw'"></pr-icon>
-                      Rollback the service</span
+                    </portainer-tooltip>
+                  </div>
+                </td>
+                <td>
+                  <div class="flex flex-wrap items-center">
+                    <por-switch-field
+                      label-class="'!mr-0'"
+                      checked="WebhookExists"
+                      disabled="disabledWebhookButton(WebhookExists)"
+                      on-change="(onWebhookChange)"
+                    ></por-switch-field>
+                    <span ng-if="webhookURL">
+                      <span class="text-muted">{{ webhookURL | truncatelr }}</span>
+                      <button type="button" class="btn btn-sm btn-primary btn-sm space-left" ng-if="webhookURL" ng-click="copyWebhook()">
+                        <pr-icon icon="'copy'" class-name="'mr-1'"></pr-icon>
+                        Copy link
+                      </button>
+                      <span>
+                        <pr-icon id="copyNotification" icon="'check'" mode="'success'" style="display: none"></pr-icon>
+                      </span>
+                    </span>
+                  </div>
+                </td>
+              </tr>
+              <tr authorization="DockerServiceLogs, DockerServiceUpdate, DockerServiceDelete">
+                <td colspan="2">
+                  <p class="small text-muted" authorization="DockerServiceUpdate">
+                    Note: you can only rollback one level of changes. Clicking the rollback button without making a new change will undo your previous rollback </p
+                  ><div class="flex flex-wrap gap-x-2 gap-y-1">
+                    <a
+                      authorization="DockerServiceLogs"
+                      ng-if="applicationState.endpoint.apiVersion >= 1.3"
+                      class="btn btn-primary btn-sm"
+                      type="button"
+                      ui-sref="docker.services.service.logs({id: service.Id})"
                     >
-                    <span ng-show="state.rollbackInProgress">Rollback in progress...</span>
-                  </button>
-                  <button
-                    authorization="DockerServiceDelete"
-                    type="button"
-                    class="btn btn-danger btn-sm !ml-0"
-                    ng-disabled="state.deletionInProgress || isUpdating"
-                    ng-click="removeService()"
-                    button-spinner="state.deletionInProgress"
-                  >
-                    <span ng-hide="state.deletionInProgress" class="vertical-center">
-                      <pr-icon icon="'trash-2'"></pr-icon>
-                      Delete the service</span
+                      <pr-icon icon="'file-text'"></pr-icon>Service logs</a
                     >
-                    <span ng-show="state.deletionInProgress">Deletion in progress...</span>
-                  </button>
-                </div>
-              </td>
-            </tr>
-          </tbody>
-        </table>
-      </rd-widget-body>
-      <rd-widget-footer authorization="DockerServiceUpdate">
-        <p class="small text-muted">
-          Do you need help? View the Docker Service documentation <a href="https://docs.docker.com/engine/reference/commandline/service_update/" target="self">here</a>.
-        </p>
-        <div class="btn-toolbar" role="toolbar">
-          <div class="btn-group" role="group">
-            <button type="button" class="btn btn-primary" ng-disabled="!hasChanges(service, ['Mode', 'Replicas', 'Name', 'Webhooks'])" ng-click="updateService(service)"
-              >Apply changes</button
-            >
-            <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-              <pr-icon icon="'chevron-down'"></pr-icon>
-            </button>
-            <ul class="dropdown-menu">
-              <li><a ng-click="cancelChanges(service, ['Mode', 'Replicas', 'Name'])">Reset changes</a></li>
-              <li><a ng-click="cancelChanges(service)">Reset all changes</a></li>
-            </ul>
+                    <button
+                      authorization="DockerServiceUpdate"
+                      type="button"
+                      class="btn btn-primary btn-sm !ml-0"
+                      ng-disabled="state.updateInProgress || isUpdating"
+                      ng-click="forceUpdateService(service)"
+                      button-spinner="state.updateInProgress"
+                      ng-if="applicationState.endpoint.apiVersion >= 1.25"
+                    >
+                      <span ng-hide="state.updateInProgress" class="vertical-center">
+                        <pr-icon icon="'refresh-cw'"></pr-icon>
+                        Update the service</span
+                      >
+                      <span ng-show="state.updateInProgress">Update in progress...</span>
+                    </button>
+                    <button
+                      authorization="DockerServiceUpdate"
+                      type="button"
+                      class="btn btn-primary btn-sm !ml-0"
+                      ng-disabled="state.rollbackInProgress || isUpdating"
+                      ng-click="rollbackService(service)"
+                      button-spinner="state.rollbackInProgress"
+                      ng-if="applicationState.endpoint.apiVersion >= 1.25"
+                    >
+                      <span ng-hide="state.rollbackInProgress" class="vertical-center">
+                        <pr-icon icon="'rotate-ccw'"></pr-icon>
+                        Rollback the service</span
+                      >
+                      <span ng-show="state.rollbackInProgress">Rollback in progress...</span>
+                    </button>
+                    <button
+                      authorization="DockerServiceDelete"
+                      type="button"
+                      class="btn btn-danger btn-sm !ml-0"
+                      ng-disabled="state.deletionInProgress || isUpdating"
+                      ng-click="removeService()"
+                      button-spinner="state.deletionInProgress"
+                    >
+                      <span ng-hide="state.deletionInProgress" class="vertical-center">
+                        <pr-icon icon="'trash-2'"></pr-icon>
+                        Delete the service</span
+                      >
+                      <span ng-show="state.deletionInProgress">Deletion in progress...</span>
+                    </button>
+                  </div>
+                </td>
+              </tr>
+            </tbody>
+          </table>
+        </rd-widget-body>
+        <rd-widget-footer authorization="DockerServiceUpdate">
+          <p class="small text-muted">
+            Do you need help? View the Docker Service documentation <a href="https://docs.docker.com/engine/reference/commandline/service_update/" target="self">here</a>.
+          </p>
+          <div class="btn-toolbar" role="toolbar">
+            <div class="btn-group" role="group">
+              <button type="button" class="btn btn-primary" ng-disabled="!hasChanges(service, ['Mode', 'Replicas', 'Name', 'Webhooks'])" ng-click="updateService(service)"
+                >Apply changes</button
+              >
+              <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                <pr-icon icon="'chevron-down'"></pr-icon>
+              </button>
+              <ul class="dropdown-menu">
+                <li><a ng-click="cancelChanges(service, ['Mode', 'Replicas', 'Name'])">Reset changes</a></li>
+                <li><a ng-click="cancelChanges(service)">Reset all changes</a></li>
+              </ul>
+            </div>
           </div>
-        </div>
-      </rd-widget-footer>
-    </rd-widget>
+        </rd-widget-footer>
+      </rd-widget>
+    </div>
+
+    <div class="col-lg-3 col-md-3 col-xs-3">
+      <rd-widget>
+        <rd-widget-header icon="menu" title-text="Quick navigation"></rd-widget-header>
+        <rd-widget-body classes="no-padding">
+          <ul class="nav nav-pills nav-stacked">
+            <li><a href ng-click="goToItem('service-env-variables')">Environment variables</a></li>
+            <li><a href ng-click="goToItem('service-container-image')">Container image</a></li>
+            <li><a href ng-click="goToItem('service-container-labels')">Container labels</a></li>
+            <li><a href ng-click="goToItem('service-mounts')">Mounts</a></li>
+            <li><a href ng-click="goToItem('service-network-specs')">Network &amp; published ports</a></li>
+            <li><a href ng-click="goToItem('service-resources')">Resource limits &amp; reservations</a></li>
+            <li><a href ng-click="goToItem('service-placement-constraints')">Placement constraints</a></li>
+            <li ng-if="applicationState.endpoint.apiVersion >= 1.3"><a href ng-click="goToItem('service-placement-preferences')">Placement preferences</a></li>
+            <li><a href ng-click="goToItem('service-restart-policy')">Restart policy</a></li>
+            <li><a href ng-click="goToItem('service-update-config')">Update configuration</a></li>
+            <li><a href ng-click="goToItem('service-logging')">Logging</a></li>
+            <li><a href ng-click="goToItem('service-labels')">Service labels</a></li>
+            <li><a href ng-click="goToItem('service-configs')">Configs</a></li>
+            <li ng-if="applicationState.endpoint.apiVersion >= 1.25"><a href ng-click="goToItem('service-secrets')">Secrets</a></li>
+            <li><a href ng-click="goToItem('service-tasks')">Tasks</a></li>
+          </ul>
+        </rd-widget-body>
+      </rd-widget>
+    </div>
   </div>
 
-  <div class="col-lg-3 col-md-3 col-xs-3">
-    <rd-widget>
-      <rd-widget-header icon="menu" title-text="Quick navigation"></rd-widget-header>
-      <rd-widget-body classes="no-padding">
-        <ul class="nav nav-pills nav-stacked">
-          <li><a href ng-click="goToItem('service-env-variables')">Environment variables</a></li>
-          <li><a href ng-click="goToItem('service-container-image')">Container image</a></li>
-          <li><a href ng-click="goToItem('service-container-labels')">Container labels</a></li>
-          <li><a href ng-click="goToItem('service-mounts')">Mounts</a></li>
-          <li><a href ng-click="goToItem('service-network-specs')">Network &amp; published ports</a></li>
-          <li><a href ng-click="goToItem('service-resources')">Resource limits &amp; reservations</a></li>
-          <li><a href ng-click="goToItem('service-placement-constraints')">Placement constraints</a></li>
-          <li ng-if="applicationState.endpoint.apiVersion >= 1.3"><a href ng-click="goToItem('service-placement-preferences')">Placement preferences</a></li>
-          <li><a href ng-click="goToItem('service-restart-policy')">Restart policy</a></li>
-          <li><a href ng-click="goToItem('service-update-config')">Update configuration</a></li>
-          <li><a href ng-click="goToItem('service-logging')">Logging</a></li>
-          <li><a href ng-click="goToItem('service-labels')">Service labels</a></li>
-          <li><a href ng-click="goToItem('service-configs')">Configs</a></li>
-          <li ng-if="applicationState.endpoint.apiVersion >= 1.25"><a href ng-click="goToItem('service-secrets')">Secrets</a></li>
-          <li><a href ng-click="goToItem('service-tasks')">Tasks</a></li>
-        </ul>
-      </rd-widget-body>
-    </rd-widget>
+  <!-- access-control-panel -->
+  <access-control-panel
+    ng-if="service"
+    resource-id="service.Id"
+    resource-control="service.ResourceControl"
+    resource-type="resourceType"
+    on-update-success="(onUpdateResourceControlSuccess)"
+    environment-id="endpoint.Id"
+  >
+  </access-control-panel>
+  <!-- !access-control-panel -->
+
+  <div class="row">
+    <hr />
+    <div class="col-lg-12 col-md-12 col-xs-12">
+      <h3 id="container-specs">Container specification</h3>
+      <div id="service-container-spec" class="padding-top" ng-include="'app/docker/views/services/edit/includes/container-specs.html'"></div>
+      <div id="service-container-image" class="padding-top" ng-include="'app/docker/views/services/edit/includes/image.html'"></div>
+      <div id="service-env-variables" class="padding-top" ng-include="'app/docker/views/services/edit/includes/environmentvariables.html'"></div>
+      <div id="service-container-labels" class="padding-top" ng-include="'app/docker/views/services/edit/includes/containerlabels.html'"></div>
+      <div id="service-mounts" class="padding-top" ng-include="'app/docker/views/services/edit/includes/mounts.html'"></div>
+    </div>
   </div>
+
+  <div class="row">
+    <hr />
+    <div class="col-lg-12 col-md-12 col-xs-12">
+      <h3 id="service-network-specs">Networks &amp; ports</h3>
+      <div id="service-networks" class="padding-top" ng-include="'app/docker/views/services/edit/includes/networks.html'"></div>
+
+      <docker-service-ports-mapping-field
+        id="service-published-ports"
+        class="block padding-top"
+        values="formValues.ports"
+        on-change="(onChangePorts)"
+        has-changes="hasChanges(service, ['Ports'])"
+        on-reset="(onResetPorts)"
+        on-submit="(onSubmit)"
+      ></docker-service-ports-mapping-field>
+
+      <div id="service-hosts-entries" class="padding-top" ng-include="'app/docker/views/services/edit/includes/hosts.html'"></div>
+    </div>
+  </div>
+
+  <div class="row">
+    <hr />
+    <div class="col-lg-12 col-md-12 col-xs-12">
+      <h3 id="service-specs">Service specification</h3>
+      <div id="service-resources" class="padding-top" ng-include="'app/docker/views/services/edit/includes/resources.html'"></div>
+      <div id="service-placement-constraints" class="padding-top" ng-include="'app/docker/views/services/edit/includes/constraints.html'"></div>
+      <div
+        id="service-placement-preferences"
+        ng-if="applicationState.endpoint.apiVersion >= 1.3"
+        class="padding-top"
+        ng-include="'app/docker/views/services/edit/includes/placementPreferences.html'"
+      ></div>
+      <div id="service-restart-policy" class="padding-top" ng-include="'app/docker/views/services/edit/includes/restart.html'"></div>
+      <div id="service-update-config" class="padding-top" ng-include="'app/docker/views/services/edit/includes/updateconfig.html'"></div>
+      <div id="service-logging" class="padding-top" ng-include="'app/docker/views/services/edit/includes/logging.html'"></div>
+      <div id="service-labels" class="padding-top" ng-include="'app/docker/views/services/edit/includes/servicelabels.html'"></div>
+      <div id="service-configs" class="padding-top" ng-include="'app/docker/views/services/edit/includes/configs.html'"></div>
+      <div id="service-secrets" ng-if="applicationState.endpoint.apiVersion >= 1.25" class="padding-top" ng-include="'app/docker/views/services/edit/includes/secrets.html'"></div>
+    </div>
+  </div>
+
+  <div id="service-tasks" class="padding-top" ng-include="'app/docker/views/services/edit/includes/tasks.html'"></div>
 </div>
-
-<!-- access-control-panel -->
-<access-control-panel
-  ng-if="service"
-  resource-id="service.Id"
-  resource-control="service.ResourceControl"
-  resource-type="resourceType"
-  on-update-success="(onUpdateResourceControlSuccess)"
-  environment-id="endpoint.Id"
->
-</access-control-panel>
-<!-- !access-control-panel -->
-
-<div class="row">
-  <hr />
-  <div class="col-lg-12 col-md-12 col-xs-12">
-    <h3 id="container-specs">Container specification</h3>
-    <div id="service-container-spec" class="padding-top" ng-include="'app/docker/views/services/edit/includes/container-specs.html'"></div>
-    <div id="service-container-image" class="padding-top" ng-include="'app/docker/views/services/edit/includes/image.html'"></div>
-    <div id="service-env-variables" class="padding-top" ng-include="'app/docker/views/services/edit/includes/environmentvariables.html'"></div>
-    <div id="service-container-labels" class="padding-top" ng-include="'app/docker/views/services/edit/includes/containerlabels.html'"></div>
-    <div id="service-mounts" class="padding-top" ng-include="'app/docker/views/services/edit/includes/mounts.html'"></div>
-  </div>
-</div>
-
-<div class="row">
-  <hr />
-  <div class="col-lg-12 col-md-12 col-xs-12">
-    <h3 id="service-network-specs">Networks &amp; ports</h3>
-    <div id="service-networks" class="padding-top" ng-include="'app/docker/views/services/edit/includes/networks.html'"></div>
-
-    <docker-service-ports-mapping-field
-      id="service-published-ports"
-      class="block padding-top"
-      values="formValues.ports"
-      on-change="(onChangePorts)"
-      has-changes="hasChanges(service, ['Ports'])"
-      on-reset="(onResetPorts)"
-      on-submit="(onSubmit)"
-    ></docker-service-ports-mapping-field>
-
-    <div id="service-hosts-entries" class="padding-top" ng-include="'app/docker/views/services/edit/includes/hosts.html'"></div>
-  </div>
-</div>
-
-<div class="row">
-  <hr />
-  <div class="col-lg-12 col-md-12 col-xs-12">
-    <h3 id="service-specs">Service specification</h3>
-    <div id="service-resources" class="padding-top" ng-include="'app/docker/views/services/edit/includes/resources.html'"></div>
-    <div id="service-placement-constraints" class="padding-top" ng-include="'app/docker/views/services/edit/includes/constraints.html'"></div>
-    <div
-      id="service-placement-preferences"
-      ng-if="applicationState.endpoint.apiVersion >= 1.3"
-      class="padding-top"
-      ng-include="'app/docker/views/services/edit/includes/placementPreferences.html'"
-    ></div>
-    <div id="service-restart-policy" class="padding-top" ng-include="'app/docker/views/services/edit/includes/restart.html'"></div>
-    <div id="service-update-config" class="padding-top" ng-include="'app/docker/views/services/edit/includes/updateconfig.html'"></div>
-    <div id="service-logging" class="padding-top" ng-include="'app/docker/views/services/edit/includes/logging.html'"></div>
-    <div id="service-labels" class="padding-top" ng-include="'app/docker/views/services/edit/includes/servicelabels.html'"></div>
-    <div id="service-configs" class="padding-top" ng-include="'app/docker/views/services/edit/includes/configs.html'"></div>
-    <div id="service-secrets" ng-if="applicationState.endpoint.apiVersion >= 1.25" class="padding-top" ng-include="'app/docker/views/services/edit/includes/secrets.html'"></div>
-  </div>
-</div>
-
-<div id="service-tasks" class="padding-top" ng-include="'app/docker/views/services/edit/includes/tasks.html'"></div>

app/docker/views/services/edit/serviceController.js

@@ -731,6 +731,7 @@ angular.module('portainer.docker').controller('ServiceController', [
     };
 
     function initView() {
+      $scope.isLoading = true;
       var apiVersion = $scope.applicationState.endpoint.apiVersion;
       var agentProxy = $scope.applicationState.endpoint.mode.agentProxy;
 
@@ -855,6 +856,9 @@ angular.module('portainer.docker').controller('ServiceController', [
           $scope.secrets = [];
           $scope.configs = [];
           Notifications.error('Failure', err, 'Unable to retrieve service details');
+        })
+        .finally(() => {
+          $scope.isLoading = false;
         });
     }
 

app/kubernetes/__module.js

@@ -581,6 +581,19 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
       abstract: true,
     };
 
+    const jobs = {
+      name: 'kubernetes.moreResources.jobs',
+      url: '/jobs?tab',
+      views: {
+        'content@': {
+          component: 'jobsView',
+        },
+      },
+      data: {
+        docs: '/user/kubernetes/more-resources/jobs',
+      },
+    };
+
     const serviceAccounts = {
       name: 'kubernetes.moreResources.serviceAccounts',
       url: '/serviceAccounts',
@@ -661,6 +674,7 @@ angular.module('portainer.kubernetes', ['portainer.app', registriesModule, custo
     $stateRegistryProvider.register(ingressesEdit);
 
     $stateRegistryProvider.register(moreResources);
+    $stateRegistryProvider.register(jobs);
     $stateRegistryProvider.register(serviceAccounts);
     $stateRegistryProvider.register(clusterRoles);
     $stateRegistryProvider.register(roles);

app/kubernetes/components/helm/helm-templates/helm-templates-list/helm-templates-list.html

@@ -31,10 +31,34 @@
       >Select the Helm chart to use. Bring further Helm charts into your selection list via
       <a ui-sref="portainer.account({'#': 'helm-repositories'})">User settings - Helm repositories</a>.</div
     >
-    <beta-alert
-      is-html="true"
-      message="'Beta feature - so far, this functionality has been tested in limited scenarios. For more information, see this <a href=\'https://www.portainer.io/blog/portainer-now-with-helm-support\' target=\'_blank\' class=\'hyperlink\'>blog post on Portainer Helm support</a>.'"
-    ></beta-alert>
+    <div class="relative flex w-fit gap-1 rounded-lg bg-gray-modern-3 p-4 text-sm th-highcontrast:bg-legacy-grey-3 th-dark:bg-legacy-grey-3 mt-2">
+      <div class="mt-0.5 shrink-0">
+        <svg
+          xmlns="http://www.w3.org/2000/svg"
+          width="24"
+          height="24"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="2"
+          stroke-linecap="round"
+          stroke-linejoin="round"
+          class="lucide lucide-lightbulb h-4 text-warning-7 th-highcontrast:text-warning-6 th-dark:text-warning-6"
+        >
+          <path d="M15 14c.2-1 .7-1.7 1.5-2.5 1-.9 1.5-2.2 1.5-3.5A6 6 0 0 0 6 8c0 1 .2 2.2 1.5 3.5.7.7 1.3 1.5 1.5 2.5"></path>
+          <path d="M9 18h6"></path>
+          <path d="M10 22h4"></path>
+        </svg>
+      </div>
+      <div>
+        <p class="align-middle text-[0.9em] font-medium pr-10 mb-2">Disclaimer</p>
+        <div class="small">
+          At present Portainer does not support OCI format Helm charts. Support for OCI charts will be available in a future release.<br />
+          If you would like to provide feedback on OCI support or get access to early releases to test this functionality,
+          <a href="https://bit.ly/3WVkayl" target="_blank" rel="noopener noreferrer">please get in touch</a>.
+        </div>
+      </div>
+    </div>
   </div>
 
   <div class="blocklist !px-0" role="list">
@@ -45,7 +69,7 @@
       on-select="($ctrl.selectAction)"
     >
     </helm-templates-list-item>
-    <div ng-if="!allCharts.length" class="text-muted small mt-4"> No Helm charts found </div>
+    <div ng-if="!$ctrl.loading && !allCharts.length && $ctrl.charts.length !== 0" class="text-muted small mt-4"> No Helm charts found </div>
     <div ng-if="$ctrl.loading" class="text-muted text-center">
       Loading...
       <div class="text-muted text-center"> Initial download of Helm charts can take a few minutes </div>

app/kubernetes/converters/configuration.js

@@ -5,6 +5,7 @@ class KubernetesConfigurationConverter {
   static secretToConfiguration(secret) {
     const res = new KubernetesConfiguration();
     res.Kind = KubernetesConfigurationKinds.SECRET;
+    res.kind = 'Secret';
     res.Id = secret.Id;
     res.Name = secret.Name;
     res.Type = secret.Type;
@@ -19,8 +20,15 @@ class KubernetesConfigurationConverter {
     res.IsRegistrySecret = secret.IsRegistrySecret;
     res.SecretType = secret.SecretType;
     if (secret.Annotations) {
-      const serviceAccountAnnotation = secret.Annotations.find((a) => a.key === 'kubernetes.io/service-account.name');
-      res.ServiceAccountName = serviceAccountAnnotation ? serviceAccountAnnotation.value : undefined;
+      const serviceAccountKey = 'kubernetes.io/service-account.name';
+      if (typeof secret.Annotations === 'object') {
+        res.ServiceAccountName = secret.Annotations[serviceAccountKey];
+      } else if (Array.isArray(secret.Annotations)) {
+        const serviceAccountAnnotation = secret.Annotations.find((a) => a.key === 'kubernetes.io/service-account.name');
+        res.ServiceAccountName = serviceAccountAnnotation ? serviceAccountAnnotation.value : undefined;
+      } else {
+        res.ServiceAccountName = undefined;
+      }
     }
     res.Labels = secret.Labels;
     return res;
@@ -29,6 +37,7 @@ class KubernetesConfigurationConverter {
   static configMapToConfiguration(configMap) {
     const res = new KubernetesConfiguration();
     res.Kind = KubernetesConfigurationKinds.CONFIGMAP;
+    res.kind = 'ConfigMap';
     res.Id = configMap.Id;
     res.Name = configMap.Name;
     res.Namespace = configMap.Namespace;

app/kubernetes/models/configuration/formvalues.js

@@ -9,6 +9,7 @@ const _KubernetesConfigurationFormValues = Object.freeze({
   Name: '',
   ConfigurationOwner: '',
   Kind: KubernetesConfigurationKinds.CONFIGMAP,
+  kind: 'ConfigMap',
   Data: [],
   DataYaml: '',
   IsSimple: true,

app/kubernetes/react/views/index.ts

@@ -21,6 +21,9 @@ import { RolesView } from '@/react/kubernetes/more-resources/RolesView';
 import { VolumesView } from '@/react/kubernetes/volumes/ListView/VolumesView';
 import { NamespaceView } from '@/react/kubernetes/namespaces/ItemView/NamespaceView';
 import { AccessView } from '@/react/kubernetes/namespaces/AccessView/AccessView';
+import { JobsView } from '@/react/kubernetes/more-resources/JobsView/JobsView';
+import { ClusterView } from '@/react/kubernetes/cluster/ClusterView';
+import { HelmApplicationView } from '@/react/kubernetes/helm/HelmApplicationView';
 
 export const viewsModule = angular
   .module('portainer.kubernetes.react.views', [])
@@ -77,6 +80,14 @@ export const viewsModule = angular
       []
     )
   )
+  .component(
+    'kubernetesHelmApplicationView',
+    r2a(withUIRouter(withReactQuery(withCurrentUser(HelmApplicationView))), [])
+  )
+  .component(
+    'kubernetesClusterView',
+    r2a(withUIRouter(withReactQuery(withCurrentUser(ClusterView))), [])
+  )
   .component(
     'kubernetesConfigureView',
     r2a(withUIRouter(withReactQuery(withCurrentUser(ConfigureView))), [])
@@ -89,6 +100,10 @@ export const viewsModule = angular
     'kubernetesConsoleView',
     r2a(withUIRouter(withReactQuery(withCurrentUser(ConsoleView))), [])
   )
+  .component(
+    'jobsView',
+    r2a(withUIRouter(withReactQuery(withCurrentUser(JobsView))), [])
+  )
   .component(
     'serviceAccountsView',
     r2a(withUIRouter(withReactQuery(withCurrentUser(ServiceAccountsView))), [])

app/kubernetes/views/applications/helm/helm.controller.js

@@ -1,52 +0,0 @@
-import PortainerError from 'Portainer/error';
-
-export default class KubernetesHelmApplicationController {
-  /* @ngInject */
-  constructor($async, $state, Authentication, Notifications, HelmService) {
-    this.$async = $async;
-    this.$state = $state;
-    this.Authentication = Authentication;
-    this.Notifications = Notifications;
-    this.HelmService = HelmService;
-  }
-
-  /**
-   * APPLICATION
-   */
-  async getHelmApplication() {
-    try {
-      this.state.dataLoading = true;
-      const releases = await this.HelmService.listReleases(this.endpoint.Id, { filter: `^${this.state.params.name}$`, namespace: this.state.params.namespace });
-      if (releases.length > 0) {
-        this.state.release = releases[0];
-      } else {
-        throw new PortainerError(`Release ${this.state.params.name} not found`);
-      }
-    } catch (err) {
-      this.Notifications.error('Failure', err, 'Unable to retrieve helm application details');
-    } finally {
-      this.state.dataLoading = false;
-    }
-  }
-
-  $onInit() {
-    return this.$async(async () => {
-      this.state = {
-        dataLoading: true,
-        viewReady: false,
-        params: {
-          name: this.$state.params.name,
-          namespace: this.$state.params.namespace,
-        },
-        release: {
-          name: undefined,
-          chart: undefined,
-          app_version: undefined,
-        },
-      };
-
-      await this.getHelmApplication();
-      this.state.viewReady = true;
-    });
-  }
-}

app/kubernetes/views/applications/helm/helm.css

@@ -1,5 +0,0 @@
-.release-table tr {
-  display: grid;
-  grid-auto-flow: column;
-  grid-template-columns: 1fr 4fr;
-}