+
+You can also add environments via the Portainer API.
+
+{% content-ref url="api.md" %}
+[api.md](api.md)
+{% endcontent-ref %}
+
diff --git a/admin/environments/add/aci.md b/admin/environments/add/aci.md
new file mode 100644
index 0000000..7b5e62a
--- /dev/null
+++ b/admin/environments/add/aci.md
@@ -0,0 +1,31 @@
+# Add an ACI environment
+
+Before connecting to your Azure subscription, you need to create an Azure AD application. For more information on this please refer to the [official Microsoft documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal).
+
+{% hint style="info" %}
+The following ACI features are not currently supported:
+
+* ACI Persistent Storage
+* Private networks
+{% endhint %}
+
+To add an ACI environment, click on **Environments** then click the **Add environment** button.
+
+
+
+Select **ACI** as your environment type and click **Start Wizard**. Enter the **environment details** using the table below as a guide.
+
+| Field | Overview |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Application ID | Enter the application ID for the app you created in your Azure account. This can be found on the **Overview** page of your app within the Azure Portal. |
+| Tenant ID | Enter the tenant ID for your app. This can be found on the **Overview** page of your app within the Azure Portal. |
+| Authentication Key | Enter the client secret for your app. This can be created under **Certificates & secrets** within your application in the Azure Portal. |
+
+
+
+As an optional step you can expand the **More settings** section and categorize the environment by adding it to a [group](../groups.md) or [tagging](../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/api.md b/admin/environments/add/api.md
new file mode 100644
index 0000000..fdf6cc5
--- /dev/null
+++ b/admin/environments/add/api.md
@@ -0,0 +1,165 @@
+# Add an environment via the Portainer API
+
+Portainer's [API](../../../api/docs.md) lets you perform the same actions as via the Portainer UI, including adding new environments. This article explains how to add the following types of environments via the API:
+
+* A local environment using Docker socket communication.
+* A remote environment using TCP communication.
+* A remote environment using TCP communication secured via TLS.
+
+{% hint style="info" %}
+The examples in this article use [httpie](https://httpie.io/) to make HTTP calls from the command line to the Portainer API. Feel free to replace httpie with your preferred method.
+{% endhint %}
+
+## Preparation
+
+After deploying Portainer, you'll need to initialize your admin user. First, initialize the admin password:
+
+```
+http POST https://my-portainer-server:9443/api/users/admin/init Username="admin" Password="adminpassword"
+```
+
+Now, use the admin account to authenticate against the API. Generate an authorization token for your username. This token will provide you with the same permissions as the user who generated it.
+
+```
+http POST https://my-portainer-server:9443/api/auth Username="admin" Password="adminpassword"
+```
+
+The response is a JSON object containing the JWT token inside the `jwt` field. Make a note of this token. You'll use it in the authorization header when making API calls.
+
+```
+{
+ "jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE"
+}
+```
+
+The authorization header value must take the form `Bearer JWT_TOKEN`. Using the above token as an example, the value would look like this:
+
+```
+Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
+```
+
+{% hint style="info" %}
+The JWT token is valid for 8 hours after it is generated. Once it expires, you will need to generate a new token.
+{% endhint %}
+
+## Adding an environment
+
+### Adding a local environment via the Docker socket
+
+This query will create an environment called `test-local` and will use the Docker socket to communicate with your environment.
+
+{% hint style="info" %}
+This example requires you to bind-mount the Docker socket when running Portainer.
+{% endhint %}
+
+Run the following command:
+
+```
+http --form POST https://my-portainer-server:9443/api/endpoints \
+ "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
+ Name="test-local" EndpointCreationType=1
+```
+
+The response is a JSON object representing the environment:
+
+```
+{
+ "AuthorizedTeams": [],
+ "AuthorizedUsers": [],
+ "Extensions": [],
+ "GroupId": 1,
+ "Id": 1,
+ "Name": "test-local",
+ "PublicURL": "",
+ "Type": 1,
+ "TLSConfig": {
+ "TLS": false,
+ "TLSSkipVerify": false
+ },
+ "Type": 1,
+ "URL": "unix:///var/run/docker.sock"
+}
+```
+
+Make a note of the `Id` value. It will be used to execute queries against the Docker Engine for the endpoint.
+
+### Adding a remote environment
+
+This query will create an environment called `test-remote`. It will communicate with your environment over TCP using the IP address `10.0.7.10` and port `2375`. Make sure you replace the example values with your own IP address and port.
+
+{% hint style="info" %}
+The Docker API must be exposed on the provided IP address and port. To learn how to do this, refer to the Docker documentation.
+{% endhint %}
+
+Run the following command:
+
+```
+http --form POST https://my-portainer-server:9443/api/endpoints \
+ "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
+ Name="test-remote" URL="tcp://10.0.7.10:2375" EndpointCreationType=1
+```
+
+The response is a JSON object representing the environment:
+
+```
+{
+ "AuthorizedTeams": [],
+ "AuthorizedUsers": [],
+ "Extensions": [],
+ "GroupId": 1,
+ "Id": 1,
+ "Type": 1,
+ "Name": "test-remote",
+ "PublicURL": "",
+ "TLSConfig": {
+ "TLS": false,
+ "TLSSkipVerify": false
+ },
+ "Type": 1,
+ "URL": "tcp://10.0.7.10:2375"
+}
+```
+
+Take a note of the `Id` value. It will be used to execute queries against the Docker Engine for the environment.
+
+### Adding a remote environment with TLS
+
+This query will create an environment called `test-remote-tls`. It will communicate with your environment over TCP (secured with TLS) using the IP address `10.0.7.10` and port `2376`. Make sure you replace the example values with your own IP address and port.
+
+{% hint style="info" %}
+The Docker API must be exposed on the provided IP address and port. To learn how to do this, refer to the Docker documentation.
+{% endhint %}
+
+Run the following command:
+
+```
+http --form POST https://my-portainer-server:9443/api/endpoints \
+ "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
+ Name="test-remote-tls" URL="tcp://10.0.7.10:2376" EndpointCreationType=1 TLS="true" TLSCACertFile@/path/to/ca.pem TLSCertFile@/path/to/cert.pem TLSKeyFile@/path/to/key.pem
+```
+
+The response is a JSON object representing the environment:
+
+```
+{
+ "AuthorizedTeams": [],
+ "AuthorizedUsers": [],
+ "Extensions": [],
+ "GroupId": 1,
+ "Id": 1,
+ "Type": 1,
+ "Name": "test-remote-tls",
+ "PublicURL": "",
+ "TLSConfig": {
+ "TLS": true,
+ "TLSCACert": "/data/tls/1/ca.pem",
+ "TLSCert": "/data/tls/1/cert.pem",
+ "TLSKey": "/data/tls/1/key.pem",
+ "TLSSkipVerify": false
+ },
+ "Type": 1,
+ "URL": "tcp://10.0.7.10:2376"
+}
+```
+
+Make a note of the `Id` value. It will be used to execute queries against the Docker Engine for the environment.
diff --git a/admin/environments/add/docker/README.md b/admin/environments/add/docker/README.md
new file mode 100644
index 0000000..dba8bf7
--- /dev/null
+++ b/admin/environments/add/docker/README.md
@@ -0,0 +1,15 @@
+# Add a Docker Standalone environment
+
+When connecting a Docker Standalone host to Portainer, there are a few different methods you can use depending on your particular requirements. You can install the Portainer Agent on the Docker Standalone host and connect via the agent, you can connect directly to the Docker API or the Docker socket, or you can deploy the Portainer Edge Agent in standard or async mode.
+
+Regardless of the method you choose, there are some generic requirements you will need to meet. You will require:
+
+* The latest version of Docker installed and working on your Docker Standalone host.
+* sudo, root, or Administrator access on your Docker Standalone host.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* Docker is running as root (for Linux) or an Administrator (for Windows). Portainer with rootless Docker has some limitations, and requires additional configuration.
+
+
diff --git a/admin/environments/add/docker/agent.md b/admin/environments/add/docker/agent.md
new file mode 100644
index 0000000..d63bd98
--- /dev/null
+++ b/admin/environments/add/docker/agent.md
@@ -0,0 +1,43 @@
+# Install Portainer Agent on Docker Standalone
+
+Portainer uses the _Portainer Agent_ container to communicate with the _Portainer Server_ instance and provide access to the node's resources. This document will outline how to install the Portainer Agent on your node and how to connect to it from your Portainer Server instance. If you do not have a working Portainer Server instance yet, please refer to the [Portainer Server installation guide](../../../../start/install/server/docker/linux.md) first.
+
+In addition to the generic requirements for Docker Standalone environments, you will need:
+
+* Port `9001` accessible on this machine from the Portainer Server instance. If this is not available, we recommend using the [Edge Agent](edge.md) instead.
+* If you are running Windows on your node, either:
+ * Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+ * Windows Container Services (WCS) configured and running.
+
+The Portainer Agent installation instructions also make the following additional assumptions about your environment:
+
+* You are accessing Docker via Unix sockets (or a named pipe when using WCS). The Portainer Agent does not support connecting to the Docker engine via TCP.
+* If running Linux, SELinux is disabled on the machine running Docker. If you require SELinux, you will need to pass the `--privileged` flag to Docker when deploying Portainer.
+* You have not set a custom `AGENT_SECRET` on your Portainer Server instance. If you have, you will need to provide that secret to your agent when deploying with:
+
+ `-e AGENT_SECRET=yoursecret`
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Next, select **Docker Standalone** as the environment type then click **Start Wizard**. Select the **Agent** option, then your environment type. Copy the command for your environment type and run it on your Docker Standalone instance. For example, if you are deploying on a Linux machine or a Windows machine with WSL installed, use the **Linux & Windows WSL** command. If you are deploying on a Windows machine with WCS, use the **Windows WCS** command.
+
+Once the Agent has been deployed, enter the environment details using the table below as a guide:
+
+| Field/Option | Overview |
+| ------------------- | -------------------------------------------------------------------------------------------------------------------- |
+| Name | Give the environment a descriptive name. |
+| Environment address | Enter the DNS name or IP address to connect to the Portainer Agent along with the port (the default port is `9001`). |
+
+
+
+As an optional step you can expand the **More settings** section to categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+{% hint style="info" %}
+GPU configuration has been moved to [Host Setup](../../../../user/docker/host/setup.md#other) and can be configured once the environment has been set up.
+{% endhint %}
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/docker/api.md b/admin/environments/add/docker/api.md
new file mode 100644
index 0000000..bf0e932
--- /dev/null
+++ b/admin/environments/add/docker/api.md
@@ -0,0 +1,27 @@
+# Connect to the Docker API
+
+Before you begin, you will need to ensure that your Docker instance is configured to admit remote connections. To learn how to do this, refer to Docker's own documentation. Once Docker is configured, you will be able to connect either with or without TLS.
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Next, select **Docker Standalone** as the environment type then click **Start Wizard**. Select the **API** option and your platform, then enter the environment details using the table below as a guide:
+
+
Field/Option
Overview
Name
Give the environment a descriptive name.
Docker API URL
Enter the DNS name or IP address to connect to the Docker host along with the port. When connecting without TLS, the default port is 2375. When connecting with TLS, the default port is 2376.
TLS
Toggle this option on if you wish to use TLS. Toggle it off if you don't want to use TLS.
Skip Certification Verification
Toggle this option on to skip the verification of the TLS certificate used by the Docker API. If this option is off, the below fields will not appear.
TLS CA certificate
Select your CA certificate.
TLS certificate
Select your certificate.
TLS key
Select the key that matches the certificate.
+
+{% hint style="info" %}
+Portainer expects TLS certificates and keys to be in PEM format.
+{% endhint %}
+
+
+
+As an optional step you can expand the **More settings** section to categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+{% hint style="info" %}
+GPU configuration has been moved to [Host Setup](../../../../user/docker/host/setup.md#other) and can be configured once the environment has been set up.
+{% endhint %}
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/docker/edge-async.md b/admin/environments/add/docker/edge-async.md
new file mode 100644
index 0000000..b66f5c0
--- /dev/null
+++ b/admin/environments/add/docker/edge-async.md
@@ -0,0 +1,69 @@
+# Install Edge Agent Async on Docker Standalone
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Async mode vs Standard mode
+
+The Portainer Edge Agent can be deployed in two different modes - standard mode and async mode. In standard mode, we provide the ability to connect to the remote Edge Agent through a tunnel that is established on-demand from the Edge Agent to the Portainer Server, letting you interact directly with the environment in real time.
+
+In async mode, this tunnel connectivity is not available. Instead, we provide the ability to browse snapshots of the remote environment, allowing you to see the state of the Edge Agent's environment based on a recent state capture sent through to the Portainer Server, as well as use this snapshot to perform actions on the remote environment.
+
+Async mode has been developed to use very small amounts of data and as such is suitable for environments that have limited or intermittent connectivity as well as connections with limited data caps, for example mobile networks.
+
+## Preparation
+
+In async mode, the Edge Agent requires only the UI port (usually `9443` or `30779` on Kubernetes with NodePort) to be open on the Portainer server instance. The tunnel port is not required for async mode. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to the UI port in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add an async Edge Agent to a Docker Standalone environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Docker Standalone** then click **Start Wizard**. Then select the **Edge Agent Async** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+
+
+
+As an optional step you can expand the **More settings** section and adjust the **Ping**, **Snapshot** and **Command** intervals for the environment - this defines how often this Edge Agent will check in with the Portainer Server for status updates, snapshot updates and to see if there are new pending commands to run, respectively. The default for each is once a minute, but the defaults can be adjusted in the [Edge Compute settings](../../../settings/edge.md#async-check-in-intervals).
+
+You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Choose your platform (**Linux** or **Windows**), copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge async environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/docker/edge.md b/admin/environments/add/docker/edge.md
new file mode 100644
index 0000000..71b855e
--- /dev/null
+++ b/admin/environments/add/docker/edge.md
@@ -0,0 +1,60 @@
+# Install Edge Agent Standard on Docker Standalone
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Preparation
+
+The Edge Agent requires two ports be open on the Portainer Server instance: the UI port (usually `9443` or `30779` on Kubernetes with NodePort) and the tunnel port ( `8000` or `30776` when using Kubernetes with NodePort). The tunnel port is used to provide a secure TLS tunnel between the Portainer Edge Agent and the Portainer Server instance. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to these ports in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add a standard Edge Agent to a Docker Standalone environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Docker Standalone** then click **Start Wizard**. Then select the **Edge Agent Standard** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+| Portainer tunnel server address |
Enter the address and port of your Portainer Server instance's tunnel server as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. In most cases, this will be the same address as the Portainer API server URL, but without the protocol and on port 8000. This field is only available in Portainer Business Edition. For Community Edition users, refer to this GitHub issue.
|
+
+
+
+As an optional step you can expand the **More settings** section and adjust the Poll frequency for the environment - this defines how often this Edge Agent will check the Portainer Server for new jobs. The default is every 5 seconds. You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Choose your platform (**Linux** or **Windows**), copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge standard environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/docker/socket.md b/admin/environments/add/docker/socket.md
new file mode 100644
index 0000000..eb3dc0d
--- /dev/null
+++ b/admin/environments/add/docker/socket.md
@@ -0,0 +1,27 @@
+# Connect to the Docker Socket
+
+Connecting to the Docker socket directly can only be done from the local environment. Before you begin, ensure the user running the Portainer Server container has permissions to access the Docker socket.
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Next, select **Docker Standalone** as the environment type then click **Start Wizard**. Select the **Socket** option and your platform. You will be shown the required parameter to pass to the Portainer container as part of your `docker run` command.
+
+
+
+Fill out the fields based on the table below.
+
+
Field/Option
Overview
Name
Give the environment a descriptive name.
Override default socket path
Toggle this option on to override the default /var/run/docker.sock socket path.
Socket Path
If Override default socket path is enabled, enter the path to the Docker socket.
+
+{% hint style="info" %}
+Ensure that if you change the Socket Path, that you update the required bind mount parameter above to suit.
+{% endhint %}
+
+
+
+As an optional step you can expand the **More settings** section to categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/kaas/README.md b/admin/environments/add/kaas/README.md
new file mode 100644
index 0000000..f83a985
--- /dev/null
+++ b/admin/environments/add/kaas/README.md
@@ -0,0 +1,15 @@
+# Provision KaaS Cluster
+
+Portainer supports the provisioning of new Kubernetes environments on select cloud providers directly from within the interface, allowing you to spin up a new cloud Kubernetes environment and deploy the Portainer Agent with a few clicks.
+
+{% hint style="info" %}
+This feature is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=kaas-provisioning).
+{% endhint %}
+
+To get started, select **Environments** from the left hand menu then click **Add Environment**.
+
+
+
+From the wizard select the **Provision KaaS Cluster** option and click **Start Wizard**. Then, select your provider. We currently support the following providers:
+
+
diff --git a/admin/environments/add/kaas/aks.md b/admin/environments/add/kaas/aks.md
new file mode 100644
index 0000000..e99647f
--- /dev/null
+++ b/admin/environments/add/kaas/aks.md
@@ -0,0 +1,37 @@
+# Azure
+
+Select the **Azure** option from the list of providers. If you haven't already configured credentials for Azure you'll be asked to provide them now. Enter a **name** for your credentials then enter your **Subscription ID**, **Tenant ID**, **Client ID** and **Client Secret**. Once this is done, click **Save**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your Azure account](../../../settings/credentials/aks.md) in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| Resource group | Select an existing resource group or add a new resource group for your cluster. |
+| Node pool name | Enter a name for your node pool. |
+| Node size | Select the size of the individual nodes in your cluster. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Availability zones | Select the availability zones to use for your cluster. |
+| API server availability | Select the uptime SLA you require for your cluster. |
+| DNS name prefix | Enter the DNS name prefix to use with your cluster. You will use this to connect to the Kubernetes API when managing containers after creating the cluster. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** under the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kaas/civo.md b/admin/environments/add/kaas/civo.md
new file mode 100644
index 0000000..ca4134f
--- /dev/null
+++ b/admin/environments/add/kaas/civo.md
@@ -0,0 +1,33 @@
+# Civo
+
+Select the **Civo** option from the list of providers. If you haven't already provided your Civo API token you'll be asked to provide credential details. Provide a **name** for your credentials and paste your Civo API token into the **API key** field and click **Add credentials**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your Civo account](../../../settings/credentials/civo.md) in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| ------------------ | -------------------------------------------------------------------- |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| Node size | Select the size of the individual nodes in your cluster. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Network ID | Select the network to add your cluster to. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster. |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** in the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kaas/digitalocean.md b/admin/environments/add/kaas/digitalocean.md
new file mode 100644
index 0000000..da2213a
--- /dev/null
+++ b/admin/environments/add/kaas/digitalocean.md
@@ -0,0 +1,32 @@
+# DigitalOcean
+
+Select the **DigitalOcean** option from the list of providers. If you haven't already provided your DigitalOcean API token you'll be asked to provide credentials. Provide a **name** for your credentials and paste your DigitalOcean API token into the **API key** field and click **Add credentials**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your DigitalOcean account](../../../settings/credentials/digitalocean.md) in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| ------------------ | -------------------------------------------------------------------- |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| Node size | Select the size of the individual nodes in your cluster. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster. |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** under the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kaas/eks.md b/admin/environments/add/kaas/eks.md
new file mode 100644
index 0000000..6eac4a8
--- /dev/null
+++ b/admin/environments/add/kaas/eks.md
@@ -0,0 +1,34 @@
+# AWS
+
+Select the **AWS** option from the list of providers. If you haven't already configured credentials for AWS you'll be asked to provide them now. Enter a **name** for your credentials then enter your **Access key ID** and **Secret access key**. Once this is done, click **Save**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your AWS account](../../../settings/credentials/eks.md) in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| AMI type | Select the AMI type to use for your nodes. |
+| Instance type | Select the instance type to use for your nodes. You will need to make sure that the instance type you choose is available in the region you choose or the provision will fail. |
+| Node disk size (GiB) | Enter the amount of disk space to provision on each node. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** under the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kaas/gke.md b/admin/environments/add/kaas/gke.md
new file mode 100644
index 0000000..939ac27
--- /dev/null
+++ b/admin/environments/add/kaas/gke.md
@@ -0,0 +1,34 @@
+# Google Cloud
+
+Select the **Google Cloud** option from the list of providers. If you haven't already configured credentials for Google Cloud you'll be asked to provide them now. Enter a **name** for your credentials then click **Upload file** and select your JSON private key. Once this is done, click **Save**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your Google Cloud account ](../../../settings/credentials/gke.md)in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------- |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| Node size | Select the size of the individual nodes in your cluster. |
+| Node disk space (GB) | Enter the amount of disk space to provision on each node. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Subnet | Select the subnet to attach to the cluster. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** under the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kaas/linode.md b/admin/environments/add/kaas/linode.md
new file mode 100644
index 0000000..0b23924
--- /dev/null
+++ b/admin/environments/add/kaas/linode.md
@@ -0,0 +1,32 @@
+# Linode
+
+Select the **Linode** option from the list of providers. If you haven't already provided your Linode API token you'll be asked to provide credentials. Provide a **name** for your credentials and paste your Linode API token into the **API key** field and click **Add credentials**.
+
+{% hint style="info" %}
+You can find more details on [setting up access to your Linode account](../../../settings/credentials/linode.md) in the [shared credentials documentation](../../../settings/credentials/).
+{% endhint %}
+
+
+
+Once you have added your credentials (or if you already had them set up) select your cluster options from the fields below.
+
+| Field/Option | Overview |
+| ------------------ | -------------------------------------------------------------------- |
+| Name | Enter a name for your cluster. |
+| Credentials | Select the set of credentials to use for the provision. |
+| Region | Select the region to deploy your cluster in. |
+| Node size | Select the size of the individual nodes in your cluster. |
+| Node count | Enter the number of nodes to provision in your cluster. |
+| Kubernetes version | Select the version of Kubernetes you want to deploy on your cluster. |
+
+{% hint style="info" %}
+The environment options are refreshed automatically if the information cached by Portainer is over 12 hours old. You can manually refresh the options by clicking **Reload cluster details** under the **Actions** section.
+{% endhint %}
+
+
+
+You can also expand the **More settings** section and set groups and tags for your environment now or you can do this later.
+
+
+
+Once you have made your selections, click **Provision environment** to begin the provision. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/kube-create/README.md b/admin/environments/add/kube-create/README.md
new file mode 100644
index 0000000..5da58e6
--- /dev/null
+++ b/admin/environments/add/kube-create/README.md
@@ -0,0 +1,13 @@
+# Create a Kubernetes cluster
+
+With Portainer Business Edition you can create a Kubernetes cluster on your existing infrastructure directly from the Portainer UI.
+
+{% hint style="info" %}
+Portainer uses SSH to connect to your infrastructure and deploy Kubernetes and the Portainer Agent. You can provide your SSH credentials during the deployment or [set them up ahead of time](../../../settings/credentials/ssh.md) in [Shared credentials](../../../settings/credentials/).
+{% endhint %}
+
+At present, we support deploying MicroK8s:
+
+{% content-ref url="microk8s.md" %}
+[microk8s.md](microk8s.md)
+{% endcontent-ref %}
diff --git a/admin/environments/add/kube-create/microk8s.md b/admin/environments/add/kube-create/microk8s.md
new file mode 100644
index 0000000..1c2401f
--- /dev/null
+++ b/admin/environments/add/kube-create/microk8s.md
@@ -0,0 +1,100 @@
+# MicroK8s
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight containers on Kubernetes. This document will outline how to connect Portainer to your existing infrastructure to deploy MicroK8s and install the Portainer Agent. If you do not have a working Portainer Server instance yet, please refer to the [Portainer Server installation guide](../../../../start/install/server/kubernetes/baremetal.md) first.
+
+## Prerequisites
+
+In order to connect to and deploy MicroK8s and the Portainer Agent on your existing infrastructure, you will need:
+
+* One or more Linux-based machines on which MicroK8s will be deployed. We have primarily tested on Ubuntu 20.04 LTS but most comparable Linux distributions should work. These machines can be bare metal servers or virtual machines.
+* Root or sudo-level SSH access to the above machines on port `22`. This is needed in order to install MicroK8s. Portainer supports both password-based and key-based authentication.
+* The `snap` tool installed on the above machines. You can find installation instructions for most Linux distributions [at the Snapcraft website](https://snapcraft.io/docs/installing-snapd). The `snap` tool is used to install MicroK8s and any selected addons.
+* Communication between the Portainer Server and the above machines, as well as communication between the individual machines in the cluster. This is to ensure the Portainer Server can reach the machines both for the initial installation and for communication with the Portainer Agent once the cluster is up and running, and so that the cluster nodes can communicate with each other.
+
+## What to expect
+
+By necessity, our MicroK8s deployment makes some configuration decisions for you.
+
+* The Portainer Agent is deployed using NodePort, on port `30778`.
+* There may be some configuration differences between versions of MicroK8s deployed. One notable difference is from version 1.25, if the `ingress` addon is installed an additional ingress named `nginx` is configured. This does not occur on version 1.24. We recommend referring to the [MicroK8s release notes](https://microk8s.io/docs/release-notes) for further detail.
+* The deployment does not configure any storage classes on your cluster (unless the `hostpath-storage` addon is installed, though this is not recommended for multiple node clusters). Due to the vast amount of potential storage class configurations, this is not something we currently provide automatically. We recommend configuring a storage class once provision completes.
+
+## Deployment
+
+To create and deploy MicroK8s and the Portainer Agent to your machines, from the menu select **Environments** then click **Add Environment**.
+
+
+
+Select **Create a Kubernetes cluster** and click **Start wizard**.
+
+If you have not yet [configured a set of SSH credentials](../../../settings/credentials/ssh.md), you will be asked to provide them now. If you already have a credential set configured, you can skip to [cluster configuration](microk8s.md#configure-your-cluster).
+
+### Add SSH credentials
+
+Fill in the fields based on the table below:
+
+| Field/Option | Overview |
+| -------------------------- | -------------------------------------------------------------------------------------------------------------------- |
+| Credentials name | Enter a name for this credential set. This is how it will be listed in Portainer. |
+| SSH username | Enter the username for your SSH account. |
+| SSH password | Enter the password for your SSH account. You can leave this field blank if you intend to use SSH key authentication. |
+| Use SSH key authentication | Enable this toggle to use SSH key authentication instead of password authentication. |
+| SSH private key passphrase | If your SSH private key is encrypted, provide the passphrase here. |
+| SSH private key | Paste your SSH private key in this field. |
+
+{% hint style="info" %}
+You can also choose to generate a new SSH key pair by clicking the **Generate new RSA SSH key pair** button, or upload an existing private key by clicking the **Upload SSH private key** button. You can find more detailed instructions for generating a new SSH key in our [SSH credentials documentation](../../../settings/credentials/ssh.md#generate-a-new-key-pair).
+{% endhint %}
+
+
+
+Once you have entered your credentials click **Add credentials**. The credential set will be saved under the name you entered, and you will be taken to the [cluster configuration](microk8s.md#configure-your-cluster).
+
+### Configure your cluster
+
+Once you have a set of credentials configured, you can proceed to configuring your cluster. Fill out the fields based on the table below:
+
+| Field/Option | Overview |
+| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. This is how the environment will appear in Portainer. |
+| Credentials | Select the set of SSH credentials to use from the dropdown. |
+| Control plane nodes | Enter a comma-separated or line-separated list of the IP addresses for the machines that will be the **control plane nodes** for your cluster. You can also specify a range of IP addresses with a hyphen. |
+| Worker nodes | Enter a comma-separated or line-separated list of the IP addresses for the machines that will be the **worker nodes** for your cluster. You can also specify a range of IP addresses with a hyphen. |
+
+
+
+Once you have selected a credential set and entered the node IPs, you can click **Test connections** to ensure the credentials work for all the IP addresses and that they are reachable from the Portainer Server instance. If there are any issues connecting to the nodes they will be displayed.
+
+
+
+You can now proceed to configuring MicroK8s itself. Fill out the fields based on the table below:
+
+| Field/Option | Overview |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Kubernetes version | Select the version of MicroK8s to deploy on your cluster. |
+| Addons | Optionally click the **Add addon** button to select one or more addons to deploy alongside the MicroK8s installation. You can also specify any arguments needed for each addon. |
+| Custom template | Optionally select a custom template to deploy on your cluster once the MicroK8s and Portainer Agent installations are complete. This is handy for pre-loading a new environment with your applications. The template will be deployed in the default namespace unless the template specifies a namespace to use. |
+
+
+
+As an optional step you can expand the **More settings** section to customize the deployment further.
+
+| Field/Option | Overview |
+| --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Custom Template | Select a custom template to deploy on your cluster once the MicroK8s and Portainer Agent installations are complete. This is handy for pre-loading a new environment with your applications. The template will be deployed in the default namespace unless the template specifies a namespace to use. You can also set any variables the template requires. |
+| Group | Select a [group](../../groups.md) to add the new environment to once provisioning completes. |
+| Tags | Select any [tags](../../tags.md) to add to the environment. |
+
+
+
+Once you have entered your cluster configuration details, click **Provision environment** to begin the provision. Portainer will start provisioning your cluster with the options you selected. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
+
+### Provision progress
+
+From the Environments page you will be able to see the progress of any running Kubernetes environment provisions. The status will be updated as the provision completes, and if the provision runs into problems an error will be displayed here. You can hover over the status or error for additional detail.
+
+
+
+Once the provision completes, you will be able to access the environment as you would any other Portainer-configured environment.
diff --git a/admin/environments/add/kubernetes/README.md b/admin/environments/add/kubernetes/README.md
new file mode 100644
index 0000000..a46a39d
--- /dev/null
+++ b/admin/environments/add/kubernetes/README.md
@@ -0,0 +1,14 @@
+# Add a Kubernetes environment
+
+When connecting a Kubernetes environment to Portainer, there are a few different methods you can use depending on your particular requirements. You can install the Portainer Agent on the Kubernetes cluster and connect via the agent, you can deploy the Portainer Edge Agent in standard or async mode, or you can choose to import an existing Kubernetes environment with a kubeconfig file.
+
+Regardless of the method you choose, there are some generic requirements you will need to meet. You will require:
+
+* A working and up to date Kubernetes cluster.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You will be using the `portainer` namespace for Portainer.
+
+
diff --git a/admin/environments/add/kubernetes/agent.md b/admin/environments/add/kubernetes/agent.md
new file mode 100644
index 0000000..19988ed
--- /dev/null
+++ b/admin/environments/add/kubernetes/agent.md
@@ -0,0 +1,85 @@
+# Install Portainer Agent on your Kubernetes environment
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight containers on Kubernetes. This document will outline how to install the Portainer Agent on your cluster and how to connect to it from your Portainer Server instance. If you do not have a working Portainer Server instance yet, please refer to the [Portainer Server installation guide](../../../../start/install/server/kubernetes/baremetal.md) first.
+
+In addition to the generic requirements for Kubernetes environments, you will need:
+
+* Access to run `kubectl` commands on your cluster.
+* Cluster Admin rights on your Kubernetes cluster. This is so Portainer can create the necessary `ServiceAccount` and `ClusterRoleBinding` for it to access the Kubernetes cluster.
+
+The installation instructions also make the following additional assumption about your environment:
+
+* You have not set a custom `AGENT_SECRET` on your Portainer Server instance. If you have, you will need to provide that secret to your agent by adding it to the YAML file within the agent deployment definition:
+
+ `env:`
+
+ `- name: AGENT_SECRET`
+
+ `value: yoursecret`
+
+To deploy Portainer Agent within a Kubernetes cluster you can use our provided YAML manifests.
+
+{% hint style="info" %}
+Helm charts for agent-only deployments will be available soon.
+{% endhint %}
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Select the **Kubernetes** option and click **Start Wizard**. Select the **Agent** option and choose the tab that matches your configuration (**Kubernetes via load balancer** or **Kubernetes via node port**). Copy the command, then run it on the control node of your Kubernetes cluster.
+
+{% hint style="info" %}
+Make sure you run this command on your Kubernetes node before continuing.
+{% endhint %}
+
+
+
+The deployment command will return something similar to this:
+
+```
+namespace/portainer created
+serviceaccount/portainer-sa-clusteradmin created
+clusterrolebinding.rbac.authorization.k8s.io/portainer-crb-clusteradmin created
+service/portainer-agent created
+service/portainer-agent-headless created
+deployment.apps/portainer-agent created
+```
+
+To validate that the agent is running, use this command:
+
+```
+ kubectl get pods --namespace=portainer
+```
+
+The result should look something like this:
+
+```
+NAME READY STATUS RESTARTS AGE
+portainer-agent-5988b5d966-bvm9m 1/1 Running 0 15m
+```
+
+Regardless of the method used, once the agent is running on the Kubernetes host, you must complete the appropriate environmental details.
+
+{% hint style="warning" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You do **not** need to add each node as an individual environment in Portainer. Adding just one node will allow Portainer to manage the entire cluster.
+{% endhint %}
+
+| Field/Option | Overview |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Give the environment a descriptive name. |
+| Environment address | Define the IP address or name used to connect to the environment (the Kubernetes host) and specify the port if required (`30778` when using NodePort; `9001` when using Load Balancer). |
+
+
+
+As an optional step you can expand the **More settings** section to customize the deployment further.
+
+| Field/Option | Overview |
+| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Custom Template | Select a custom template to deploy on your cluster. This is handy for pre-loading a new environment with your applications. The template will be deployed in the default namespace unless the template specifies a namespace to use. You can also set any variables the template requires. |
+| Group | Select a [group](../../groups.md) to add the new environment to once provisioning completes. |
+| Tags | Select any [tags](../../tags.md) to add to the environment. |
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/kubernetes/edge-async.md b/admin/environments/add/kubernetes/edge-async.md
new file mode 100644
index 0000000..59d9f57
--- /dev/null
+++ b/admin/environments/add/kubernetes/edge-async.md
@@ -0,0 +1,69 @@
+# Install Edge Agent Async on Kubernetes
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Async mode vs Standard mode
+
+The Portainer Edge Agent can be deployed in two different modes - standard mode and async mode. In standard mode, we provide the ability to connect to the remote Edge Agent through a tunnel that is established on-demand from the Edge Agent to the Portainer Server, letting you interact directly with the environment in real time.
+
+In async mode, this tunnel connectivity is not available. Instead, we provide the ability to browse snapshots of the remote environment, allowing you to see the state of the Edge Agent's environment based on a recent state capture sent through to the Portainer Server, as well as use this snapshot to perform actions on the remote environment.
+
+Async mode has been developed to use very small amounts of data and as such is suitable for environments that have limited or intermittent connectivity as well as connections with limited data caps, for example mobile networks.
+
+## Preparation
+
+In async mode, the Edge Agent requires only the UI port (usually `9443` or `30779` on Kubernetes with NodePort) to be open on the Portainer server instance. The tunnel port is not required for async mode. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to the UI port in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add an async Edge Agent to a Kubernetes environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Kubernetes** then click **Start Wizard**. Then select the **Edge Agent Async** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+
+
+
+As an optional step you can expand the **More settings** section and adjust the **Ping**, **Snapshot** and **Command** intervals for the environment - this defines how often this Edge Agent will check in with the Portainer Server for status updates, snapshot updates and to see if there are new pending commands to run, respectively. The default for each is once a minute, but the defaults can be adjusted in the [Edge Compute settings](../../../settings/edge.md#async-check-in-intervals).
+
+You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge async environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/kubernetes/edge.md b/admin/environments/add/kubernetes/edge.md
new file mode 100644
index 0000000..d61ea70
--- /dev/null
+++ b/admin/environments/add/kubernetes/edge.md
@@ -0,0 +1,60 @@
+# Install Edge Agent Standard on Kubernetes
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Preparation
+
+The Edge Agent requires two ports be open on the Portainer Server instance: the UI port (usually `9443` or `30779` on Kubernetes with NodePort) and the tunnel port ( `8000` or `30776` when using Kubernetes with NodePort). The tunnel port is used to provide a secure TLS tunnel between the Portainer Edge Agent and the Portainer Server instance. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to these ports in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add a standard Edge Agent to a Kubernetes environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Kubernetes** then click **Start Wizard**. Then select the **Edge Agent Standard** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+| Portainer tunnel server address |
Enter the address and port of your Portainer Server instance's tunnel server as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. In most cases, this will be the same address as the Portainer API server URL, but without the protocol and on port 8000. This field is only available in Portainer Business Edition. For Community Edition users, refer to this GitHub issue.
|
+
+
+
+As an optional step you can expand the **More settings** section and adjust the Poll frequency for the environment - this defines how often this Edge Agent will check the Portainer Server for new jobs. The default is every 5 seconds. You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge standard environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/kubernetes/import.md b/admin/environments/add/kubernetes/import.md
new file mode 100644
index 0000000..e721b5f
--- /dev/null
+++ b/admin/environments/add/kubernetes/import.md
@@ -0,0 +1,86 @@
+# Import an existing Kubernetes environment
+
+With Portainer you can import your existing Kubernetes environment through the use of a [kubeconfig](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) file. Portainer will use the information in the kubeconfig file to connect to your environment then deploy and configure the Portainer Agent for you.
+
+{% hint style="info" %}
+This feature is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=k8s-create-from-kubeconfig).
+{% endhint %}
+
+## Requirements
+
+While we have tried to support as many configurations as possible, there are a few requirements in order to fully support the import process:
+
+* Your cluster must have a load balancer configured and enabled.
+* Your kubeconfig file must specify `current-context`.
+* Your kubeconfig file must be self-contained (i.e., consist of only the one file with no external references).
+* Your kubeconfig file must provide cluster admin level credentials, in order for Portainer to deploy the agent on your cluster.
+
+## Generating a kubeconfig file for import
+
+Depending on your environment, there may be different methods for creating a supported kubeconfig file. The following environment types are currently supported:
+
+### On-premise clusters
+
+For an on-premise cluster, you can use the following kubectl command to generate a supported kubeconfig file:
+
+```
+kubectl config view --flatten=true --minify=true > kubeconfig.yml
+```
+
+### Civo
+
+To create a kubeconfig file from a Civo cluster, log into the Civo dashboard and go to **Kubernetes**. Select the cluster to import and click on **Click to Download** next to the **Kubeconfig** label.
+
+### Linode
+
+To create a kubeconfig file from a Linode cluster, log into the Linode dashboard and click on **Kubernetes** in the left hand menu. Select the cluster to import, and in the top right of the page select **Actions** then **Download Config**.
+
+### DigitalOcean
+
+To create a kubeconfig file from a DigitalOcean cluster, log into the DigitalOcean dashboard and in the left hand menu select **Manage** then **Kubernetes**. Alternatively, go to **Projects**, select the project containing your cluster, then look in the **Clusters** panel. Select the cluster to import, then click the **Kubeconfig** option to download the kubeconfig file.
+
+### Microsoft Azure
+
+To create a kubeconfig file from an Azure cluster, download and install the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) from Microsoft. Start a shell session on Linux or an administrator PowerShell session on Windows, and run the following:
+
+```
+az login
+```
+
+This command can take a couple of minutes to complete the first time it is used, and involves a browser window opening in order to authenticate you with Azure.
+
+Once this completes and you are authenticated, run the following command:
+
+```
+az aks get-credentials --resource-group [resource-group-name] --name [cluster-name] --file ./kubeconfig-azure.yml
+```
+
+Replace `[resource-group-name]` with the resource group containing your cluster. Replace `[cluster-name]` with your cluster.
+
+## Importing your kubeconfig
+
+Once you have your kubeconfig file created, click on **Environments** then **Add environment**.
+
+
+
+ Select the **Kubernetes** option and click **Start Wizard**. Then select the **Import** option.
+
+{% hint style="info" %}
+The import option is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=k8s-create-from-kubeconfig).
+{% endhint %}
+
+Enter a **name** for cluster then click **Select a file** to browse for your kubeconfig file.
+
+
+
+As an optional step you can expand the **More settings** section to customize the deployment further.
+
+| Field/Option | Overview |
+| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Custom Template | Select a custom template to deploy on your cluster. This is handy for pre-loading a new environment with your applications. The template will be deployed in the default namespace unless the template specifies a namespace to use. You can also set any variables the template requires. |
+| Group | Select a [group](../../groups.md) to add the new environment to once provisioning completes. |
+| Tags | Select any [tags](../../tags.md) to add to the environment. |
+
+
+
+When you're ready, click the **Connect** button. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments where you will see the progress of your provision.
diff --git a/admin/environments/add/local.md b/admin/environments/add/local.md
new file mode 100644
index 0000000..6abd594
--- /dev/null
+++ b/admin/environments/add/local.md
@@ -0,0 +1,5 @@
+# Add a local environment
+
+You can only add a local environment when the Portainer Server container is being created. You cannot add a local environment after Portainer is deployed.
+
+For more information about the installation process, visit the [Getting Started](../../../start/intro.md) section (in particular, the [installation steps](../../../start/install/)).
diff --git a/admin/environments/add/nomad.md b/admin/environments/add/nomad.md
new file mode 100644
index 0000000..21f2c7f
--- /dev/null
+++ b/admin/environments/add/nomad.md
@@ -0,0 +1,53 @@
+# Add a Nomad environment
+
+Nomad support in Portainer is provided through the use of the [Portainer Edge Agent](../../../advanced/edge-agent.md).
+
+To add a Nomad environment, click on **Environments** then click the **Add environment** button.
+
+
+
+Select **Nomad** as your environment type and click **Start Wizard**. Select the type of Edge Agent you want to deploy: **Edge Agent Standard** or **Edge Agent Async**.
+
+{% hint style="info" %}
+The Portainer Edge Agent can be deployed in two different modes - **standard mode** and **async mode**. In standard mode, we provide the ability to connect to the remote Edge Agent through a tunnel that is established on-demand from the Edge Agent to the Portainer Server, letting you interact directly with the environment in real time.
+
+In async mode, this tunnel connectivity is not available. Instead, we provide the ability to browse snapshots of the remote environment, allowing you to see the state of the Edge Agent's environment based on a recent state capture sent through to the Portainer Server, as well as use this snapshot to perform actions on the remote environment.
+
+Async mode has been developed to use very small amounts of data and as such is suitable for environments that have limited or intermittent connectivity as well as connections with limited data caps, for example mobile networks.
+{% endhint %}
+
+Enter the **environment details** using the table below as a guide.
+
+| Field | Overview |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Nomad environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+| Portainer tunnel server address |
Enter the address and port of your Portainer Server instance's tunnel server as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. In most cases, this will be the same address as the Portainer API server URL, but without the protocol and on port 8000. This field is only available in Portainer Business Edition, and is not required for Edge Agent Async deployments. For Community Edition users, refer to this GitHub issue.
|
+
+
+
+As an optional step you can expand the **More settings** section and adjust the **Poll frequency** for the environment (for Edge Agent Standard deployments) - this defines how often this Edge Agent will check the Portainer Server for new jobs. For Edge Agent Async deployments, you can adjust the **Ping**, **Snapshot** and **Command** intervals for the environment - this defines how often this Edge Agent will check in with the Portainer Server for status updates, snapshot updates and to see if there are new pending commands to run, respectively. The default values can be adjusted in the [Edge Compute settings](../../settings/edge.md#deployment-sync-options).
+
+You can also categorize the environment by adding it to a [group](../groups.md) or [tagging](../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. Then complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Nomad Authentication Enabled | Toggle this on if your Nomad installation has ACL enabled (recommended). |
+| Nomad Token | If the above toggle is on, this field is displayed. Enter the Secret ID from your Nomad installation. |
+| TLS | Toggle this on if your Nomad installation uses TLS. |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Copy the generated command based on your settings and run it on your Nomad environment to deploy the Edge Agent.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+If you have another Nomad environment to deploy you can click **Add another environment** to do so. If you have any other non-Nomad environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/swarm/README.md b/admin/environments/add/swarm/README.md
new file mode 100644
index 0000000..e5ca667
--- /dev/null
+++ b/admin/environments/add/swarm/README.md
@@ -0,0 +1,17 @@
+# Add a Docker Swarm environment
+
+When connecting a Docker Swarm environment to Portainer, there are a few different methods you can use depending on your particular requirements. You can install the Portainer Agent on the Docker Swarm cluster and connect via the agent, you can connect directly to the Docker API or the Docker socket, or you can deploy the Portainer Edge Agent in standard or async mode.
+
+Regardless of the method you choose, there are some generic requirements you will need to meet. You will require:
+
+* The latest version of Docker installed and working on your Docker Swarm nodes.
+* Swarm mode enabled and working, including the overlay network for the swarm service communication.
+* `sudo`, `root` or Administrator access on the manager node of your swarm cluster.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* Docker is running as root (for Linux) or an Administrator (for Windows). Portainer with rootless Docker has some limitations, and requires additional configuration.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+
diff --git a/admin/environments/add/swarm/agent.md b/admin/environments/add/swarm/agent.md
new file mode 100644
index 0000000..f2296b3
--- /dev/null
+++ b/admin/environments/add/swarm/agent.md
@@ -0,0 +1,72 @@
+# Install Portainer Agent on Docker Swarm
+
+Portainer uses the _Portainer Agent_ container to communicate with the _Portainer Server_ instance and provide access to the node's resources. This document will outline how to install the Portainer Agent on your environment and how to connect to it from your Portainer Server instance. If you do not have a working Portainer Server instance yet, please refer to the [Portainer Server installation guide](../../../../start/install/server/swarm/linux.md) first.
+
+In addition to the generic requirements for Docker Swarm environments, you will need:
+
+* The manager and worker nodes must be able to communicate with each other over port `9001`. In addition, the Portainer Server installation must be able to reach the nodes on port `9001`. If this is not possible, we advise looking at the [Edge Agent](edge.md) instead.
+* If you are running Windows on your node, either:
+ * Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+ * Windows Container Services (WCS) configured and running.
+
+The Portainer Agent installation instructions also make the following additional assumptions about your environment:
+
+* SELinux is disabled on the machines running Docker.
+* You are accessing Docker via Unix sockets (or a named pipe when using WCS).
+* You have not set a custom `AGENT_SECRET` on your Portainer Server instance. If you have, you will need to provide that secret to your agent by adding it to the stack file:
+
+ `environment:`
+
+ `- AGENT_SECRET: yoursecret`
+
+From the menu select **Environments** then click **Add environment**.
+
+{% hint style="warning" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You do **not** need to add each node as an individual environment in Portainer. Adding just one node (we recommend the manager node) will allow Portainer to manage the entire cluster.
+{% endhint %}
+
+
+
+Next, select **Docker Swarm** as the environment type then click **Start Wizard**. Select the **Agent** option and your platform. Copy the command, then run it on the manager node of your Docker Swarm cluster. For example, if you are deploying on a Linux machine or a Windows machine with WSL installed, use the **Linux & Windows WSL** command. If you are deploying on a Windows machine with WCS, use the **Windows WCS** command.
+
+{% hint style="info" %}
+You must run the command on the Docker Swarm cluster before entering the environment details.
+{% endhint %}
+
+
+
+The deployment command will return something similar to this:
+
+```
+Creating network portainer-agent_portainer_agent
+Creating service portainer-agent_agent
+```
+
+To validate the agent is running, run the following command:
+
+```
+ docker service ls
+```
+
+The result of which should look something like this:
+
+```
+ID NAME MODE REPLICAS IMAGE PORTS
+tshb6ee2710s portainer-agent_agent global 1/1 portainer/agent:latest
+```
+
+Once the agent is running on the Docker Swarm cluster, enter the environment details, using the table below as a guide.
+
+{% hint style="warning" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You do **not** need to add each node as an individual environment in Portainer. Adding just one node (we recommend the manager node) will allow Portainer to manage the entire cluster.
+{% endhint %}
+
+
Field
Overview
Name
Give the environment a descriptive name.
Environment address
Enter the IP or DNS name at which the Portainer Server instance can reach the environment along with the port (9001).
+
+
+
+As an optional step you can expand the **More settings** section and categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/swarm/api.md b/admin/environments/add/swarm/api.md
new file mode 100644
index 0000000..c032fa1
--- /dev/null
+++ b/admin/environments/add/swarm/api.md
@@ -0,0 +1,23 @@
+# Connect to the Docker API
+
+Before you begin, you will need to ensure that your Docker instance is configured to admit remote connections. To learn how to do this, refer to Docker's own documentation. Once Docker is configured, you will be able to connect either with or without TLS.
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Next, select **Docker Swarm** as the environment type then click **Start Wizard**. Select the **API** option and your platform, then enter the environment details using the table below as a guide:
+
+
Field/Option
Overview
Name
Give the environment a descriptive name.
Docker API URL
Enter the DNS name or IP address to connect to the Docker host along with the port. When connecting without TLS, the default port is 2375. When connecting with TLS, the default port is 2376.
TLS
Toggle this option on if you wish to use TLS. Toggle it off if you don't want to use TLS.
Skip Certification Verification
Toggle this option on to skip the verification of the TLS certificate used by the Docker API. If this option is off, the below fields will not appear.
TLS CA certificate
Select your CA certificate.
TLS certificate
Select your certificate.
TLS key
Select the key that matches the certificate.
+
+{% hint style="info" %}
+Portainer expects TLS certificates and keys to be in PEM format.
+{% endhint %}
+
+
+
+As an optional step you can expand the **More settings** section to categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/add/swarm/edge-async.md b/admin/environments/add/swarm/edge-async.md
new file mode 100644
index 0000000..3f76ae4
--- /dev/null
+++ b/admin/environments/add/swarm/edge-async.md
@@ -0,0 +1,69 @@
+# Install Edge Agent Async on Docker Swarm
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Async mode vs Standard mode
+
+The Portainer Edge Agent can be deployed in two different modes - standard mode and async mode. In standard mode, we provide the ability to connect to the remote Edge Agent through a tunnel that is established on-demand from the Edge Agent to the Portainer Server, letting you interact directly with the environment in real time.
+
+In async mode, this tunnel connectivity is not available. Instead, we provide the ability to browse snapshots of the remote environment, allowing you to see the state of the Edge Agent's environment based on a recent state capture sent through to the Portainer Server, as well as use this snapshot to perform actions on the remote environment.
+
+Async mode has been developed to use very small amounts of data and as such is suitable for environments that have limited or intermittent connectivity as well as connections with limited data caps, for example mobile networks.
+
+## Preparation
+
+In async mode, the Edge Agent requires only the UI port (usually `9443` or `30779` on Kubernetes with NodePort) to be open on the Portainer server instance. The tunnel port is not required for async mode. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to the UI port in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add an async Edge Agent to a Docker Swarm environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Docker Swarm** then click **Start Wizard**. Then select the **Edge Agent Async** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+
+
+
+As an optional step you can expand the **More settings** section and adjust the **Ping**, **Snapshot** and **Command** intervals for the environment - this defines how often this Edge Agent will check in with the Portainer Server for status updates, snapshot updates and to see if there are new pending commands to run, respectively. The default for each is once a minute, but the defaults can be adjusted in the [Edge Compute settings](../../../settings/edge.md#async-check-in-intervals).
+
+You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Choose your platform (**Linux** or **Windows**), copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge async environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/swarm/edge.md b/admin/environments/add/swarm/edge.md
new file mode 100644
index 0000000..87ecb65
--- /dev/null
+++ b/admin/environments/add/swarm/edge.md
@@ -0,0 +1,60 @@
+# Install Edge Agent Standard on Docker Swarm
+
+When a remote environment is not directly accessible from the Portainer Server instance, we recommend deploying the Portainer _Edge Agent_ to the remote environment. This allows you to manage the remote environment from your Portainer Server instance without having to open any ports on the environment. Rather than the traditional approach of the server connecting to Agents, the Edge Agent instead polls the Portainer Server periodically to see if there are any pending jobs to perform, and acts appropriately.
+
+{% hint style="info" %}
+For a technical summary of how the Edge Agent works, refer to our [advanced documentation](../../../../advanced/edge-agent.md).
+{% endhint %}
+
+## Preparation
+
+The Edge Agent requires two ports be open on the Portainer Server instance: the UI port (usually `9443` or `30779` on Kubernetes with NodePort) and the tunnel port ( `8000` or `30776` when using Kubernetes with NodePort). The tunnel port is used to provide a secure TLS tunnel between the Portainer Edge Agent and the Portainer Server instance. Our installation instructions configure Portainer Server to listen on both ports by default, and you will need to ensure your firewalling provides external access to these ports in order to proceed.
+
+{% hint style="warning" %}
+If your Portainer Server instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, then the agent will not be able to communicate with the Portainer Server instance.
+{% endhint %}
+
+In addition, our instructions assume your environment meets [our requirements](../../../../start/requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Deploying
+
+To add a standard Edge Agent to a Docker Swarm environment, click on **Environments** then **Add environment**.
+
+
+
+Select **Docker Swarm** then click **Start Wizard**. Then select the **Edge Agent Standard** option. Enter the environment details using the table below as a guide.
+
+| Field | Overview |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your environment. |
+| Portainer API server URL | Enter the URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. |
+| Portainer tunnel server address |
Enter the address and port of your Portainer Server instance's tunnel server as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. In most cases, this will be the same address as the Portainer API server URL, but without the protocol and on port 8000. This field is only available in Portainer Business Edition. For Community Edition users, refer to this GitHub issue.
|
+
+
+
+As an optional step you can expand the **More settings** section and adjust the Poll frequency for the environment - this defines how often this Edge Agent will check the Portainer Server for new jobs. The default is every 5 seconds. You can also categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Create**. If you are pre-staging your Edge Agent deployment, you can now retrieve the join token for use in your deployment.
+
+
+
+Otherwise, complete the new fields that have appeared using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment variables | Enter a comma separated list of environment variables that will be sourced from the host where the agent is deployed and provided to the agent. |
+| Allow self-signed certs | Toggle this on to allow self-signed certificates when the agent is connecting to Portainer via HTTPS. |
+
+
+
+Choose your platform (**Linux** or **Windows**), copy the generated command and run the command on your Edge environment to complete the installation.
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you **must** remember to explicitly provide this when deploying your Edge Agent.
+{% endhint %}
+
+
+
+If you have another Edge standard environment of the same type to deploy you can click **Add another environment** to do so. Otherwise if you have any other environments to configure click **Next** to proceed, or click **Close** to return to the list of environments.
diff --git a/admin/environments/add/swarm/socket.md b/admin/environments/add/swarm/socket.md
new file mode 100644
index 0000000..d94a4ea
--- /dev/null
+++ b/admin/environments/add/swarm/socket.md
@@ -0,0 +1,31 @@
+# Connect to the Docker Socket
+
+{% hint style="info" %}
+Connecting to the Docker socket on a Swarm environment is a legacy option and not recommended for new installs. We highly recommend using the [Portainer Agent](agent.md) instead.
+{% endhint %}
+
+Connecting to the Docker socket directly can only be done from the local environment. Before you begin, ensure the user running the Portainer Server container has permissions to access the Docker socket.
+
+From the menu select **Environments** then click **Add environment**.
+
+
+
+Next, select **Docker Swarm** as the environment type then click **Start Wizard**. Select the **Socket** option and your platform. You will be shown the required parameter to pass to the Portainer container as part of your Portainer Server deployment.
+
+
+
+Fill out the fields based on the table below.
+
+
Field/Option
Overview
Name
Give the environment a descriptive name.
Override default socket path
Toggle this option on to override the default /var/run/docker.sock socket path.
Socket Path
If Override default socket path is enabled, enter the path to the Docker socket.
+
+{% hint style="info" %}
+Ensure that if you change the Socket Path, that you update the required bind mount parameter above to suit.
+{% endhint %}
+
+
+
+As an optional step you can expand the **More settings** section to categorize the environment by adding it to a [group](../../groups.md) or [tagging](../../tags.md) it for better searchability.
+
+
+
+When you're ready, click **Connect**. If you have other environments to configure click **Next** to proceed, otherwise click **Close** to return to the list of environments.
diff --git a/admin/environments/aeec.md b/admin/environments/aeec.md
new file mode 100644
index 0000000..7d61066
--- /dev/null
+++ b/admin/environments/aeec.md
@@ -0,0 +1,46 @@
+# Auto onboarding
+
+This section allows you to create customized scripts to quickly onboard a number of Edge Agents automatically. Your selections will update the script provided at the bottom of the page which you can then run on your remote environments.
+
+First, select the type of Edge Agent deployment: **Edge Agent Standard** or **Edge Agent Async**.
+
+{% hint style="info" %}
+The Portainer Edge Agent can be deployed in two different modes - **standard mode** and **async mode**. In standard mode, we provide the ability to connect to the remote Edge Agent through a tunnel that is established on-demand from the Edge Agent to the Portainer Server, letting you interact directly with the environment in real time.
+
+In async mode, this tunnel connectivity is not available. Instead, we provide the ability to browse snapshots of the remote environment, allowing you to see the state of the Edge Agent's environment based on a recent state capture sent through to the Portainer Server, as well as use this snapshot to perform actions on the remote environment.
+
+Async mode has been developed to use very small amounts of data and as such is suitable for environments that have limited or intermittent connectivity as well as connections with limited data caps, for example mobile networks.
+{% endhint %}
+
+Your **Edge key** will also be shown here if you need to access it directly.
+
+
+
+Once you have made your type selection, configure the options and select the platform (Linux or Windows) to generate your Edge agent deployment scripts.
+
+| Field/Option | Overview |
+| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Portainer API server URL | This field displays your Portainer API server URL. This can be adjusted in the Edge Compute settings. |
+| Portainer tunnel server address | This field displays your Portainer tunnel server address. This can be adjusted in the Edge Compute settings, and is not used for Edge Agent Async deployments. |
+| Group | Select a [group](groups.md) for your Edge Agent deployments. |
+| Edge Groups | Select one or more [Edge Groups](../../user/edge/groups.md) for your Edge Agent deployments. |
+| Tags | Select one or more [tags](tags.md) for your Edge Agent deployments. |
+| Edge ID Generator | Provide a one-line script that will be used to generate a unique ID for your Edge devices. For Linux, an example would be using the `uuidgen` command. |
+| Environment variables | Define a comma separated list of environment variables that will be sourced from the Edge devices for use in Portainer. |
+| Allow self-signed certs | Toggle this to permit the use of self-signed certificates for the communication between the Edge Agent and the Portainer server. |
+
+
+
+The following options only appear if the **Nomad** option has been selected in the command section below.
+
+| Field/Option | Overview |
+| ---------------------------- | ------------------------------------------------------------------ |
+| Nomad Authentication Enabled | Toggle this on if your Nomad environments require authentication. |
+| Nomad Token | If Nomad authentication is enabled, define the Nomad token to use. |
+| TLS | Toggle this on if your Nomad installation uses TLS. |
+
+
+
+Select the environment of your deployment and click **Copy** to copy the script to your clipboard.
+
+
diff --git a/admin/environments/groups.md b/admin/environments/groups.md
new file mode 100644
index 0000000..60975a1
--- /dev/null
+++ b/admin/environments/groups.md
@@ -0,0 +1,34 @@
+# Groups
+
+Groups organize your environments in Portainer. As an example, you can create groups for development, staging and production to differentiate between environment roles. You can also use groups to define which environments are available to which users.
+
+{% hint style="info" %}
+Portainer Community Edition supports basic user and group assignments. For more complex user roles within groups, use Portainer Business Edition.
+{% endhint %}
+
+## Adding a group
+
+From the menu select **Environments**, select **Groups**, then click **Add group**.
+
+
+
+Define the properties of the group, using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------- | ------------------------------------------------------- |
+| Name | Give the group a descriptive name. |
+| Description | Optionally describe the group in more detail. |
+| Tags | Apply any tags to the group. |
+| Associated environments | Select the environments to be categorized in the group. |
+
+
+
+When you're finished, click **Create the group**.
+
+## Removing a group
+
+When you no longer need a group, you can remove it by ticking the box next to the group then clicking **Remove**.
+
+{% hint style="info" %}
+Removing a group will not delete environments and users in that group. However, it may change the environments accessible to users who have their access assigned via a group.
+{% endhint %}
diff --git a/admin/environments/tags.md b/admin/environments/tags.md
new file mode 100644
index 0000000..14016ff
--- /dev/null
+++ b/admin/environments/tags.md
@@ -0,0 +1,23 @@
+# Tags
+
+Tags can be applied to environments and are useful for defining node or resource metadata. For example, you could use tags to define the physical location of nodes, departments or owners of resources, and much more.
+
+## Creating a tag
+
+From the menu select **Environments** then select **Tags**.
+
+
+
+Enter a name for the tag then click **Create tag**. The tag appears in the list and can be assigned to environments.
+
+## Tagging an environment
+
+From the menu select **Environments** then select the environment you want to tag.
+
+
+
+From the **Tags** lookup select the tag then click **Update environment**.
+
+{% hint style="info" %}
+Environment tags will be visible on the Portainer home page. You can also search for environments based on their tags.
+{% endhint %}
diff --git a/admin/environments/update.md b/admin/environments/update.md
new file mode 100644
index 0000000..74e7fda
--- /dev/null
+++ b/admin/environments/update.md
@@ -0,0 +1,56 @@
+# Update & Rollback
+
+This feature lets you upgrade your Edge Agent deployments directly from Portainer, without the need to log into the remote environments and manually update.
+
+{% hint style="warning" %}
+This feature is currently in beta, and is only currently available for Edge Agents running on Docker Standalone or Nomad environments.
+{% endhint %}
+
+To view your currently scheduled updates or schedule a new update process, from the menu select **Environments** then select **Update & Rollback**.
+
+
+
+Here you will see a list of your pending and completed updates and rollbacks.
+
+## Schedule an update
+
+To add a new update schedule, click the **Add update & rollback schedule** button, then fill out the form.
+
+{% hint style="info" %}
+To schedule an update, Portainer must have a snapshot of all the environments you wish to upgrade.
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for the scheduled update. |
+| Groups | Select the Edge Group(s) containing the Edge devices you want to update. You can configure these groups under [Edge Groups](../../user/edge/groups.md). |
+| Version | Ensure the **Update** tab is selected, then select the version you want to upgrade to from the dropdown. |
+| Schedule date & time |
Select a date and time to schedule the update. When upgrading from a version prior to 2.17, this field will be unavailable and the upgrade will take place immediately on creation of the schedule.
|
+| Registry | If needed, you can select the registry to pull the updated Portainer Agent images from. The image you are updating to must exist in the registry with the `agent:version` name format, as must the `portainer-updater` image. This functionality is useful if you are running in an airgapped environment. |
+
+
+
+When you're ready, click **Create Schedule** to schedule the update. You will be returned to the Update & Rollback page where you can check the status of your scheduled update.
+
+
+
+## Schedule a rollback
+
+To schedule the rollback of an update, click the **Add update & rollback schedule** button, then fill out the form.
+
+{% hint style="info" %}
+To schedule a rollback, Portainer must have a snapshot of all the environments you wish to roll back.
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Name | Enter a name for the scheduled rollback. |
+| Group | Select the Edge Group(s) containing the Edge devices you want to roll back. You can configure these groups under [Edge Groups](../../user/edge/groups.md). |
+| Version |
Ensure the Rollback tab is selected, then select the version you want to roll back to from the dropdown. This dropdown is only available when multiple rollback versions are available.
|
+| Schedule date & time | Select a date and time to schedule the rollback. |
+| Registry | If needed, you can select the registry to pull the Portainer Agent images from. The image you are rolling back to must exist in the registry with the `agent:version` name format, as must the `portainer-updater` image. This functionality is useful if you are running in an airgapped environment. |
+
+
+
+When you're ready, click **Create Schedule** to schedule the rollback. You will be returned to the Update & Rollback page where you can check the status of your scheduled rollback.
+
diff --git a/admin/licenses.md b/admin/licenses.md
new file mode 100644
index 0000000..d8fc96c
--- /dev/null
+++ b/admin/licenses.md
@@ -0,0 +1,31 @@
+# Licenses
+
+Licensing in Portainer Business Edition is based on the [number of nodes](https://portal.portainer.io/knowledge/what-is-a-node-for-licensing-purposes) you are managing.
+
+From the menu select **Licenses**. The **License Information** section summarizes information about your license including how many nodes it covers and how many nodes are currently being used, as well as the license expiry date. You can click **Upgrade licenses** to purchase additional licenses.
+
+
+
+You can also view a list of each license applied to your Portainer installation.
+
+
+
+If you want to add more nodes to your environment than your license allows, first [upgrade your license](https://portal.portainer.io/knowledge/how-do-i-upgrade-my-license).
+
+## Add a new license
+
+To add a new license to Portainer, click **Add license**, enter your license key then click **Submit**.
+
+
+
+## Remove a license
+
+To remove a license (for example when you want to remove an expired license), tick the box next to the license and click **Remove**. You will be asked to confirm the removal.
+
+{% hint style="warning" %}
+Ensure you have enough licenses to cover the number of nodes you are using before committing to the removal. For more on how nodes are calculated, refer to [this knowledge base article](https://portal.portainer.io/knowledge/what-is-a-node-for-licensing-purposes).
+{% endhint %}
+
+
+
+To confirm, click **Remove**.
diff --git a/admin/logs/README.md b/admin/logs/README.md
new file mode 100644
index 0000000..db44572
--- /dev/null
+++ b/admin/logs/README.md
@@ -0,0 +1,19 @@
+# Authentication logs
+
+Within the Portainer Business Edition UI you can view a log of all authentication actions. The log is read-only and cannot be edited.
+
+{% hint style="info" %}
+Portainer also provides the ability to view [detailed activity logs](activity.md).
+{% endhint %}
+
+From the menu select **Authentication logs**.
+
+
+
+If you want to export logs, filter by date range then click **Export to CSV**.
+
+
+
+Authentication events are searchable and filterable, and the date and time, origin IP address, context, user and result are provided for each.
+
+
diff --git a/admin/logs/activity.md b/admin/logs/activity.md
new file mode 100644
index 0000000..56d3fe2
--- /dev/null
+++ b/admin/logs/activity.md
@@ -0,0 +1,19 @@
+# Activity logs
+
+Within the Portainer Business Edition UI you can view a log of all actions taken. The log is read-only and cannot be edited.
+
+From the menu select **Authentication logs** then select **Activity Logs**.
+
+
+
+If you want to export logs, filter by date range then click **Export to CSV**.
+
+
+
+Activity logs are searchable, and the date and time, user, endpoint, and action are provided for each.
+
+
+
+You can also click **inspect** to inspect the activity's payload.
+
+
diff --git a/admin/notifications.md b/admin/notifications.md
new file mode 100644
index 0000000..7b17fe3
--- /dev/null
+++ b/admin/notifications.md
@@ -0,0 +1,9 @@
+# Notifications
+
+The Notifications section contains a record of all the notification messages you have received in Portainer (the popup messages that appear in the top right of the interface). You can search through past notifications as well as remove specific notification records from the list.
+
+{% hint style="info" %}
+The 50 most recent notifications are also accessible by clicking the bell icon in the top right of any page in the Portainer UI.
+{% endhint %}
+
+
diff --git a/admin/registries/README.md b/admin/registries/README.md
new file mode 100644
index 0000000..91bb875
--- /dev/null
+++ b/admin/registries/README.md
@@ -0,0 +1,33 @@
+# Registries
+
+A registry is a repository of container images that can be pulled and deployed on a containerized infrastructure. Portainer supports connecting registries to the Portainer Server instance, allowing you to use those registries when deploying containers.
+
+
+
+{% content-ref url="add/" %}
+[add](add/)
+{% endcontent-ref %}
+
+{% content-ref url="add/custom.md" %}
+[custom.md](add/custom.md)
+{% endcontent-ref %}
+
+With Portainer Business Edition you can also browse and manage your registries within Portainer itself.
+
+{% content-ref url="browse.md" %}
+[browse.md](browse.md)
+{% endcontent-ref %}
+
+{% content-ref url="manage.md" %}
+[manage.md](manage.md)
+{% endcontent-ref %}
+
+## Hiding anonymous Docker Hub
+
+By default the **Docker Hub (anonymous)** registry is available to all users. If you would prefer to hide this from the registry selection, you can click **Hide for all users**.
+
+
+
+{% hint style="info" %}
+As the anonymous Docker Hub access is built into Docker itself this does not fully disable access to this registry, but it does hide it from the dropdown list of registries in the Portainer UI. In addition, if no other registries are available to a user the Docker Hub (anonymous) option will be displayed regardless of this setting.
+{% endhint %}
diff --git a/admin/registries/add/README.md b/admin/registries/add/README.md
new file mode 100644
index 0000000..8133c25
--- /dev/null
+++ b/admin/registries/add/README.md
@@ -0,0 +1,41 @@
+# Add a new registry
+
+From the menu select **Registries** then click **Add registry**.
+
+
+
+From the **Registry provider** section select the type of registry you want to add. Portainer provides configuration support for a number of popular registry providers:
+
+{% content-ref url="dockerhub.md" %}
+[dockerhub.md](dockerhub.md)
+{% endcontent-ref %}
+
+{% content-ref url="ecr.md" %}
+[ecr.md](ecr.md)
+{% endcontent-ref %}
+
+{% content-ref url="quay.md" %}
+[quay.md](quay.md)
+{% endcontent-ref %}
+
+{% content-ref url="proget.md" %}
+[proget.md](proget.md)
+{% endcontent-ref %}
+
+{% content-ref url="azure.md" %}
+[azure.md](azure.md)
+{% endcontent-ref %}
+
+{% content-ref url="gitlab.md" %}
+[gitlab.md](gitlab.md)
+{% endcontent-ref %}
+
+{% content-ref url="ghcr.md" %}
+[ghcr.md](ghcr.md)
+{% endcontent-ref %}
+
+You can also add your own custom registry:
+
+{% content-ref url="custom.md" %}
+[custom.md](custom.md)
+{% endcontent-ref %}
diff --git a/admin/registries/add/azure.md b/admin/registries/add/azure.md
new file mode 100644
index 0000000..240759f
--- /dev/null
+++ b/admin/registries/add/azure.md
@@ -0,0 +1,18 @@
+# Add an Azure registry
+
+From the menu select **Registries** then click **Add registry** and select **Azure** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | ---------------------------------------------------------------- |
+| Name | Enter the name you'd like to use in Portainer for your registry. |
+| Registry URL | Enter the URL of your Azure registry. |
+| Username | Enter the username you use to log into your Azure registry. |
+| Password | Enter the password that corresponds to the username above. |
+
+
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/add/custom.md b/admin/registries/add/custom.md
new file mode 100644
index 0000000..d64f7c4
--- /dev/null
+++ b/admin/registries/add/custom.md
@@ -0,0 +1,12 @@
+# Add a custom registry
+
+From the menu select **Registries** then click **Add registry**. Ensure **Custom registry** is selected.
+
+
+
+In the **Custom registry details** section, enter the registry name and URL (both mandatory). If authentication is required, toggle **Authentication** on and enter the username and password.
+
+
+
+When you're finished, click **Add registry**.
+
diff --git a/admin/registries/add/dockerhub.md b/admin/registries/add/dockerhub.md
new file mode 100644
index 0000000..1ed2006
--- /dev/null
+++ b/admin/registries/add/dockerhub.md
@@ -0,0 +1,20 @@
+# Add a DockerHub account
+
+Portainer provides built-in support for anonymous Docker Hub access, but in some cases you may need to log into Docker Hub (for example, private images or to support pulling a large number of images).
+
+From the menu select **Registries** then click **Add registry** and select **DockerHub** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for the registry. This is how it will appear in the list of registries and when selecting a registry to pull from. |
+| DockerHub username | Enter the username you use to connect to Docker Hub. |
+| DockerHub access token | Enter a Docker Hub personal access token that corresponds to the username above. You can create an access token by logging into Docker Hub, clicking your username in the top right and going to Account Settings then the Security tab. |
+
+
+
+When the form is complete, click **Add registry**.
+
diff --git a/admin/registries/add/ecr.md b/admin/registries/add/ecr.md
new file mode 100644
index 0000000..d7a5038
--- /dev/null
+++ b/admin/registries/add/ecr.md
@@ -0,0 +1,32 @@
+# Add an AWS ECR registry
+
+From the menu select **Registries** then click **Add registry** and select **AWS ECR** as the registry provider.
+
+
+
+## Preparation
+
+If your registry requires authentication to access, you must create an IAM user with access to the registry for Portainer to use. Instructions on creating an IAM user are available [from AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_users\_create.html#id\_users\_create\_console). When you have created the user, make note of the **Access key ID** and **Secret access key**, as you will need these below.
+
+{% hint style="info" %}
+At present we do not support IAM users with MFA enabled. We recommend creating a user specifically for Portainer to use with MFA disabled.
+{% endhint %}
+
+When creating the user you will need to attach one or more policies to provide registry access. For full registry management functionality within Portainer, we recommend the `AmazonEC2ContainerRegistryFullAccess` policy.
+
+## Add your registry
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter the name you'd like to use in Portainer for your registry. |
+| Registry URL | Enter the URL of your AWS ECR registry, including the account ID and region. You can find this in the AWS console under Amazon Container Services, ECR, Registries. |
+| Authentication | Enable this option if your registry requires authentication to access. |
+| AWS Access Key | Enter the Access key ID for the IAM user that will access the AWS ECR registry. |
+| AWS Secret Access Key | Enter the Secret access key for the above IAM user. |
+| Region | Enter the region your registry is in, for example `us-west-1`. |
+
+
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/add/ghcr.md b/admin/registries/add/ghcr.md
new file mode 100644
index 0000000..4c4f71b
--- /dev/null
+++ b/admin/registries/add/ghcr.md
@@ -0,0 +1,27 @@
+# Add a GitHub registry
+
+{% hint style="info" %}
+The GitHub registry option is only available in Portainer Business Edition.
+{% endhint %}
+
+From the menu select **Registries** then click **Add registry** and select **GitHub** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter the name you'd like to use in Portainer for your registry. |
+| Username | Enter the username you use to log into your GitHub registry. |
+| Personal Access Token |
Enter the personal access token (classic) that corresponds to the username above. Your personal access token (classic) will need the delete:packages, repo, and write:packages scopes assigned. GitHub does not currently support the use of fine-grained tokens for registry access.
|
+| Use organisation registry | Toggle this on if your registry is part of a Github organization. |
+| Organisation name | Enter the name of your GitHub organization. |
+
+
+
+{% hint style="info" %}
+For more information about creating a personal access token, see [GitHub's own documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
+{% endhint %}
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/add/gitlab.md b/admin/registries/add/gitlab.md
new file mode 100644
index 0000000..443e144
--- /dev/null
+++ b/admin/registries/add/gitlab.md
@@ -0,0 +1,21 @@
+# Add a Gitlab registry
+
+From the menu select **Registries** then click **Add registry** and select **Gitlab** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Username | Enter the username you use to log into your Gitlab registry. |
+| Personal Access Token | Enter the personal access token that corresponds to the username above. Your personal access token will need the `read_api` and `read_registry` scopes assigned. |
+| Override default configuration | If you need to make changes to the Portainer defaults for Gitlab, you can do so here. |
+
+
+
+{% hint style="info" %}
+For more information about creating a personal access token, see [Gitlab's own documentation](https://docs.gitlab.com/ee/user/profile/personal\_access\_tokens.html).
+{% endhint %}
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/add/proget.md b/admin/registries/add/proget.md
new file mode 100644
index 0000000..f264a16
--- /dev/null
+++ b/admin/registries/add/proget.md
@@ -0,0 +1,19 @@
+# Add a ProGet registry
+
+From the menu select **Registries** then click **Add registry** and select **ProGet** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | ---------------------------------------------------------------- |
+| Name | Enter the name you'd like to use in Portainer for your registry. |
+| Registry URL | Enter the URL of your ProGet registry, including the feed name. |
+| Base URL | Enter the base URL of your ProGet registry. |
+| Username | Enter the username you use to log into your ProGet registry. |
+| Password | Enter the password that corresponds to the username above. |
+
+
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/add/quay.md b/admin/registries/add/quay.md
new file mode 100644
index 0000000..31f36ca
--- /dev/null
+++ b/admin/registries/add/quay.md
@@ -0,0 +1,17 @@
+# Add a Quay.io registry
+
+From the menu select **Registries** then click **Add registry** and select **Quay.io** as the registry provider.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------------- | -------------------------------------------------------------------------------------------------- |
+| Username | Enter the username you use to connect to your Quay.io registry. |
+| Password | Enter the password that corresponds to the username above. |
+| Use organisation registry | Toggle on if you need to specify the organization to use when connecting to your Quay.io registry. |
+
+
+
+When the form is complete, click **Add registry**.
diff --git a/admin/registries/browse.md b/admin/registries/browse.md
new file mode 100644
index 0000000..eecf5ae
--- /dev/null
+++ b/admin/registries/browse.md
@@ -0,0 +1,21 @@
+# Browse a registry
+
+The registry manager extends your container management experience by giving you the ability to browse defined registries and manipulate their content. By using this feature, container users enjoy the benefit of having a single interface to manage any Docker registry deployment, providing a consistent look and feel across any provider.
+
+{% hint style="info" %}
+Your registry must support Docker Registry API v2 in order to integrate with Portainer.
+{% endhint %}
+
+From the menu select **Registries** then select **Browse** next to the registry that you want to browse.
+
+
+
+A list of the repositories within a registry, along with the number of tags for each repository appears. Select a repository to view its details.
+
+
+
+The **Repository information** page provides the repository name, tag and image count, as well as a list of all tags. You can retag an image in order to promote it through the deployment lifecycle, or simply add or remove tags to annotate changes or usage.
+
+This page also provides an option to clean up unused legacy images by safely deleting them. You can also remove the entire repository.
+
+
diff --git a/admin/registries/manage.md b/admin/registries/manage.md
new file mode 100644
index 0000000..22f5c01
--- /dev/null
+++ b/admin/registries/manage.md
@@ -0,0 +1,47 @@
+# Manage a registry
+
+The registry manager extends your container management experience by giving you the ability to browse defined registries and manipulate their content. By using this feature, container users enjoy the benefit of having a single interface to manage any Docker registry deployment, providing a consistent look and feel across any provider.
+
+## Adding a tag
+
+From the menu select **Registries**, select the registry you want to manage then click **browse**. From the list, select the repository you want to manage.
+
+
+
+In the **Add tag** section at the top-right of the page, enter the name of your tag, select the image from the dropdown, then click the **Add tag** button.
+
+
+
+## Retagging
+
+{% hint style="info" %}
+If you host your own Docker registry, and you want the ability to retag images, you will need to add the following to your Docker registry's environment variables:
+
+`REGISTRY_STORAGE_DELETE_ENABLED=TRUE`
+{% endhint %}
+
+From the menu select **Registries**, choose the registry you want to manage and click **browse**. From the list of repositories, select the repository you want to manage.
+
+
+
+In the **Tags** section, locate the image you want to retag then click **Retag** to its right. Enter the new tag for the image then click the tick icon.
+
+
+
+## Removing a tag
+
+{% hint style="info" %}
+If you host your own Docker registry, and want the ability to remove tags, you will need to add the following to your Docker registry's environment variables:
+
+`REGISTRY_STORAGE_DELETE_ENABLED=TRUE`
+{% endhint %}
+
+From the menu select **Registries**, select the registry you want to manage then click **Browse**. From the list, select the repository you want to manage.
+
+
+
+Tick the checkbox next to the tag you want to remove then click **Remove**.
+
+
+
+When the confirmation message appears, if you're sure, click **Remove**.
diff --git a/admin/settings/README.md b/admin/settings/README.md
new file mode 100644
index 0000000..5b72f9c
--- /dev/null
+++ b/admin/settings/README.md
@@ -0,0 +1,189 @@
+# Settings
+
+## Application settings
+
+### Snapshot interval
+
+Defines how often a data snapshot of environments is taken. A data snapshot consists of the information displayed on the home page for the environment as well as other basic information. The default is every 5 minutes.
+
+### Use custom logo
+
+Replaces our logo with your own. Toggle on and enter the URL to the logo. The recommended size is 155px by 55px.
+
+### Allow the collection of anonymous statistics
+
+We collect anonymized information about your Portainer installation to help with our product development. You can opt out during installation, or toggle this setting off at any time.
+
+
+
+### Login screen banner
+
+This setting allows you to specify a custom text banner that will appear on the login screen for all users. This could be used to provide informational detail, a warning message, or whatever you need. To enable this, toggle the **Login screen banner** option on and enter your message in the **Details** box.
+
+
+
+Your message will then be shown at the login screen.
+
+
+
+### App Templates
+
+You can deploy containers and services using Portainer's set of built-in app templates, or [replace them with your own](../../advanced/app-templates/build.md) set of templates. Once you have a JSON file containing the template definitions, you can provide the URL to it here.
+
+
+
+## Kubernetes settings
+
+### Helm Repository
+
+If you wish to use your own Helm repository in place of the Bitnami repository we include by default, you can enter the URL here.
+
+
+
+### Kubeconfig expiry
+
+Select the expiry time for [exported kubeconfig files](../../user/kubernetes/kubeconfig.md) from this dropdown. The new expiry time will only apply to configurations created after this value was changed.
+
+
+
+{% hint style="warning" %}
+Tokens used in `kubeconfig` files become invalid when Portainer restarts — irrespective of the value set for **Kubeconfig expiry**. In this case, you will need to re-download the `kubeconfig` file.
+{% endhint %}
+
+### Deployment options
+
+In this section you can configure various Kubernetes-specific deployment options.
+
+| Field/Option | Overview |
+| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Enforce code-based deployment | Enable this option to hide the Add with form button when deploying applications and prevent the adding or editing of Kubernetes resources via forms. |
+| Allow web editor and custom template use | When code-based deployment is enforced, enable this to allow the use of the web editor and custom templates when deploying an application. |
+| Allow specifying of a manifest via a URL | When code-based deployment is enforced, enable this allow the use of the URL option when deploying an application. |
+| Allow per-environment override | Enable this to allow the above enforcement options to be overridden on a per-environment basis. |
+| Require a note on applications | Enable this to require that deployments have the Notes field completed in order to deploy. This setting currently only applies when deploying via a form. |
+
+
+
+## Certificate Authority file for Kubernetes Helm repositories
+
+This section lets you supply a certificate authority (CA) file for use with HTTPS connections to Helm repositories from Portainer. This is useful if the TLS certificate your Helm repository uses is signed by a custom CA, and applies to both the Helm Repository configured above and to Helm repositories configured per environment.
+
+{% hint style="info" %}
+This feature is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=ca-file).
+{% endhint %}
+
+
+
+## SSL certificate
+
+During installation, Portainer by default creates a self-signed SSL certificate to encrypt traffic between the Portainer Server and the end user, as well as between the Portainer Server and the Portainer Agent. This certificate can be replaced with your own certificate.
+
+{% hint style="info" %}
+We recommend including the full chain in the certificate to ensure compatibility. If you do not have the full chain for your certificate, ask your certificate provider or use [What's My Chain Cert?](https://whatsmychaincert.com/) to generate it.
+{% endhint %}
+
+
+
+### Force HTTPS only
+
+If you have configured your Portainer Server instance to listen on `9443` (HTTPS) and `9000` (HTTP) you can toggle **Force HTTPS only** on to disable listening on port `9000`.
+
+{% hint style="danger" %}
+Make sure that your HTTPS configuration is working correctly **before** enabling this option. Failure to do so may result in you being [locked out of your Portainer installation](https://portal.portainer.io/knowledge/i-enabled-force-https-only-and-now-im-locked-out-of-portainer-how-do-i-get-back-in).
+{% endhint %}
+
+{% hint style="warning" %}
+Ensure that any Edge agents have been correctly configured for HTTPS communication before enabling this.
+{% endhint %}
+
+
+
+After making changes to this section, click **Apply Changes**.
+
+## Hidden containers
+
+Stops a container from appearing in the Portainer UI through the container label. Enter the name and value of the label, then click **Add filter**. Containers with matching labels will be hidden.
+
+
+
+## Experimental features
+
+This section allows you to enable experimental Portainer features for use in your deployment. These features are in early development and have gone through a limited set of testing, and are provided to users in order to gather feedback on the feature at an earlier stage of development.
+
+{% hint style="danger" %}
+Enabling experimental features on production deployments should be done cautiously and at your own risk.
+{% endhint %}
+
+| Field/Option | Overview |
+| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Enable OpenAI integration | Toggle this on to enable the OpenAI integration. When this is enabled, individual users will need to add their OpenAI key in their account settings for the feature to be available to them. |
+
+
+
+## Backup Portainer
+
+This setting contains all of the information that Portainer stores on the `/data` volume, archived in a `tar.gz` file, and is optionally encrypted with a password. This archive is all you need to restore Portainer.
+
+### Backing up to a local disk
+
+Log in as an admin user. From the menu select **Settings**, then scroll down to the **Backup Portainer** section.
+
+
+
+**Download backup file** is the default option. As an optional step, toggle **Password protect** on and enter a password to encrypt the backup file. When you click **Download backup**, a `tar.gz` file will be downloaded via the browser.
+
+### Backing up to S3
+
+With Portainer Business Edition you have the option to store a backup of your configuration in an S3 bucket, either on demand or on a defined schedule.
+
+To do this, log in as an admin user, select **Settings** from the menu, then scroll down to **Backup Portainer**.
+
+
+
+Select **Store in S3** and fill in the options, using the below as a guide.
+
+| Field/Option | Overview |
+| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Schedule automatic backups | Enable this to schedule an automatic backup of your configuration to an S3 bucket. |
+| Cron rule |
Define how often you want the backup to run using the cron format.
[minute] [hour] [day of month] [month] [day of week]
For example, the following would run a backup at 3:41am every Tuesday:
41 3 * * 2
|
+| Access Key ID | Enter the access key ID for your S3 bucket. |
+| Secret Access Key | Enter the secret key for your S3 bucket. |
+| Region | Enter the region where your bucket is located (for example, `us-west-1`). |
+| Bucket name | Enter the name of your S3 bucket. |
+| S3 compatible host | If you are using a non-AWS S3-compatible provider (such as MinIO), enter the URL (including the protocol and port if necessary) here. If you're using AWS S3, leave this blank. |
+| Password protect | Enable this to protect your backups with a password. |
+| Password | Enter the password to set on your backups. |
+
+
+
+### Restoring from a local file
+
+Restoring a configuration is only possible on a fresh instance of Portainer during the initial installation. When you need to restore Portainer, deploy a fresh instance of Portainer with an empty data volume and choose the **Restore Portainer from backup** option during setup.
+
+
+
+On the initialization page, expand **Restore Portainer from backup**. Click **Select file** then browse to and select the `tar.gz` backup file. If the backup was originally encrypted, enter the password then click **Restore Portainer**.
+
+The restore might take a few moments. When it has finished, you will be redirected to the login page. You can now log in with your previous credentials and your previous configuration will be restored.
+
+### Restoring from S3
+
+{% hint style="info" %}
+This feature is only available in Portainer Business Edition.
+{% endhint %}
+
+Restoring a configuration is only possible on a fresh instance of Portainer during the initial installation. When you need to restore Portainer, deploy a fresh instance of Portainer with an empty data volume and choose the **Restore Portainer from backup** option during setup, making sure to select **Retrieve from S3**. Complete the fields using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Access key ID | Enter the access key ID for your S3 bucket. |
+| Secret access key | Enter the secret key for your S3 bucket. |
+| Region | Enter the region where your bucket is located (for example, `us-west-1`). |
+| Bucket name | Enter the name of your S3 bucket. |
+| S3 Compatible Host | If you are using a non-AWS S3-compatible provider (such as MinIO), enter the URL (including the protocol and port if necessary) here. If you're using AWS S3, leave this blank. |
+| Filename | Enter the filename of the backup you want to restore. |
+| Password | Enter the password set on your backup (if any). |
+
+
+
+When you're ready, click **Restore Portainer**. The restore might take a few moments. When it has finished, you will be redirected to the login page. You can now log in with your previous credentials and your previous configuration will be restored.
diff --git a/admin/settings/authentication/README.md b/admin/settings/authentication/README.md
new file mode 100644
index 0000000..e9e9297
--- /dev/null
+++ b/admin/settings/authentication/README.md
@@ -0,0 +1,26 @@
+# Authentication
+
+Portainer provides its own internal authentication mechanism, encrypting user passwords and storing them in the local Portainer database. Alternatively, external authentication providers are available. In this section, we explain how to authenticate via LDAP, Active Directory and OAuth.
+
+{% hint style="info" %}
+For all authentication types you can adjust the session lifetime (the time before users are forced to reauthenticate). The default is 8 hours.
+{% endhint %}
+
+When using internal authentication, an administrator can set the minimum length for users' passwords. The default is 12 characters, but this can be adjusted using the slider. Any users with passwords that don't meet the requirements will be asked to update their passwords when they next log in.
+
+
+
+{% content-ref url="ldap.md" %}
+[ldap.md](ldap.md)
+{% endcontent-ref %}
+
+{% content-ref url="active-directory.md" %}
+[active-directory.md](active-directory.md)
+{% endcontent-ref %}
+
+{% content-ref url="oauth.md" %}
+[oauth.md](oauth.md)
+{% endcontent-ref %}
+
+
+
diff --git a/admin/settings/authentication/active-directory.md b/admin/settings/authentication/active-directory.md
new file mode 100644
index 0000000..de003ac
--- /dev/null
+++ b/admin/settings/authentication/active-directory.md
@@ -0,0 +1,86 @@
+# Authenticate via Active Directory
+
+Portainer Business Edition lets you connect to an existing Microsoft Active Directory service to manage your authentication settings in Portainer.
+
+To set up Active Directory authentication, from the menu select **Settings** then select **Authentication**. Under the **Authentication method** section select **Microsoft Active Directory**.
+
+
+
+A guide to all of the Active Directory configuration settings follows.
+
+## Automatic user provisioning
+
+Enabling this setting automatically creates users within Portainer once they are successfully authenticated by Active Directory (AD). If you do not enable this, you must [manually create users](ldap.md#manually-creating-ldap-users) with the same username as the corresponding AD user.
+
+
+
+## AD configuration
+
+Configure your Active Directory details using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| AD Controller | Enter the FQDN or IP address of your domain controller. If you need to add more than one server, click **Add additional server**. |
+| Service Account | Enter the account name that is used to connect to Active Directory and search users. |
+| Service Account Password | Enter the password for the above service account. |
+| Connectivity check | Perform a check to ensure there is connectivity and SSL handshaking between Portainer and your Active Directory server (if **Use StartTLS** or **Use TLS** are selected under the **AD Connectivity Security** section). |
+
+
+
+## AD Connectivity Security
+
+Configure the security settings using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Use StartTLS | Enable this option if want to use StartTLS to secure the connection to the server. Enabling this will hide and ignore the **Use TLS** option. |
+| Use TLS | Enable this option if you need to specify TLS certificates to connect to the LDAP server. Enabling this will hide and ignore the **Use StartTLS** option. |
+| Skip verification of server certificate | Toggle this option on if you want to skip the verification of the server TLS certificate. Not recommended on unsecured networks. |
+| TLS CA certificate | Lets you upload the CA certificate for your TLS certificate. |
+
+
+
+## User search configurations
+
+Configure the user search configurations using the table below as a guide. Click **add user search configuration** to set up multiple configurations.
+
+| Field/Option | Overview |
+| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
+| Username Format | Select the username format you want to use when logging into Portainer. Options are `username` and `username@domainname`. |
+| Root Domain | This will be filled with the domain of the domain controller. |
+| User Search Path (optional) | Click **add another entry** to define specific OUs or folders to search for users. |
+| Allowed Groups (optional) | Click **add another group** to define specific groups to be allowed access to Portainer. |
+| User Filter | This will be filled based on the options you selected previously. |
+| Display Users | Click this to use the settings provided to query the Active Directory server for a list of users matching the specified criteria. |
+
+
+
+## Group search configurations
+
+Configure the group search configurations using the table below as a guide. Click **add group search configuration** to set up multiple configurations.
+
+| Field/Option | Overview |
+| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Group Search Path (optional) | Click **add another entry** to define specific OUs or folders to search for groups. |
+| Group Base DN | Automatically updated based on previous selections. |
+| Groups | Click **add another group** to define specific groups by OU or folder name. |
+| Group Filter | This will be filled based on options previously selected. |
+| Display User/Group matching | Click this to use the settings provided in Portainer to query the Active Directory server for a list of users matching the criteria specified, and how they match to groups. |
+
+
+
+## Auto-populate team admins
+
+If desired, Portainer can configure specified AD groups of users to become Portainer administrators automatically.
+
+To configure this, first click **add group search configuration** and define the **Group Base DN**, **Groups** and **Group Filter** as required. Once done, click the **Fetch Admin Group(s)** button to retrieve the list of groups matching your search configuration.
+
+
+
+When you're happy with the group selection, enable this feature by toggling **Assign admin rights to group(s)** on.
+
+## Test login
+
+To test your settings are correct and that the right users and groups are configured for access, scroll down to **Test login**, enter a valid user and password then click **Test**. If everything is working as expected, a green tick will appear next to the button.
+
+
diff --git a/admin/settings/authentication/ldap.md b/admin/settings/authentication/ldap.md
new file mode 100644
index 0000000..271c565
--- /dev/null
+++ b/admin/settings/authentication/ldap.md
@@ -0,0 +1,143 @@
+# Authenticate via LDAP
+
+## Introduction
+
+Portainer can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if your organization has implemented LDAP authentication. When users attempt to log into Portainer, the application will authenticate them against your LDAP directory. If authentication is successful, the user is allowed to log into Portainer.
+
+To configure Portainer LDAP authentication, you first need to add a user to your directory service for the purpose of authenticating from Portainer to read the LDAP. The user should be a service account that needs read-only access to LDAP.
+
+## Enabling LDAP
+
+Log into Portainer as an administrator. From the menu select **Settings**, select **Authentication** then select the **LDAP Authentication** option. Extra fields will appear, allowing you to configure LDAP.
+
+
+
+### Automatic user provisioning
+
+Enabling this setting automatically creates users within Portainer once they are successfully authenticated by LDAP. If you do not enable this, you must [manually create users](ldap.md#manually-creating-ldap-users) with the same username as the corresponding LDAP directory.
+
+
+
+### Server Type
+
+Here you can select a custom configuration or a preconfigured OpenLDAP template.
+
+
+
+### LDAP configuration
+
+Enter the IP address/FQDN and port number of your LDAP server. Opt to either connect anonymously (your LDAP server must support this) or enter a user account that has READ access to the directory. Click **Test connectivity** to validate that you can connect.
+
+{% hint style="info" %}
+For OpenLDAP, the Reader DN format should be set to `cn=user,dc=domain,dc=tld`. If your configuration differs you will need to adjust this to suit.
+{% endhint %}
+
+
+
+If you want to add additional LDAP servers to provide for authentication fallback, click **Add additional server** and fill in the server details.
+
+### LDAP security
+
+Configure the remaining LDAP settings, using the table below as a guide:
+
+| Field/Option | Overview |
+| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Use StartTLS | Changes the insecure connection to secure after the initial connection. |
+| Use TLS | Initiates a connection to LDAP using TLS. |
+| Skip verification of server certificate | If you do not have access to the LDAP server certificate, skipping verification will enable encrypted communications. However, you must manually ensure that you are talking to the intended LDAP server that you specified in the URL. If that gets maliciously redirected, you could be talking to a different server. Use with caution. |
+
+
+
+| Field/Option | Overview |
+| ------------------ | -------------------------------------------------------------- |
+| TLS CA certificate | Lets you upload your CA certificate for the secure connection. |
+
+
+
+### User-search configurations
+
+#### BaseDN
+
+* Enter `dc=mydomain,dc=com` to search your entire directory for the username attempting to login.
+* Enter `ou=myou,dc=mydomain,dc=com` to search for users only within the specified OU.
+* Enter `cn=mycn,dc=mydomain,dc=com` if your users are only in a container.
+
+If you have a large number of users in your domain, narrow the scope Portainer searches on by using OUs.
+
+#### Username attribute
+
+For LDAP, enter `uid` unless your configuration differs.
+
+#### Filter
+
+{% hint style="info" %}
+These entries are case sensitive.
+{% endhint %}
+
+Enter filter criteria for the results returned from LDAP to Portainer. For example, to only allow users who are members of a group defined within an OU to login, set **Filter** to the following (the brackets are important, so copy the entire string):
+
+```
+(&(objectClass=user)(memberOf=cn=mycn,ou=myou,dc=mydomain,dc=com))
+```
+
+In the example below, the domain `portainer.local` has an OU called `Groups` and within that OU is a group called `PortainerDevUsers`. This search filter will only allow users who are members of the `PortainerDevUsers` LDAP group to log into Portainer.
+
+
+
+As an optional step, click **Add user search configuration** to define additional user-search configurations.
+
+### Group-search configurations
+
+In addition to user search, Portainer also gives you the option to set up group search. When configured, if an LDAP user is a member of an LDAP group, and that LDAP Group corresponds to an identically named Portainer [Team](../../users/teams/), then the LDAP user will automatically be placed into the Portainer Team based on their LDAP group membership. This is very useful for automatically granting access to Portainer environments via group membership.
+
+#### Group Base DN
+
+Enter either:
+
+* Enter `dc=mydomain,dc=com` to search your entire directory for the list of groups.
+* Enter `ou=myou,dc=mydomain,dc=com` to search for groups only within the specified OU.
+* Enter `cn=mycn,dc=mydomain,dc=com` if your groups are only in a container.
+
+If you have a large number of groups in your domain, narrow the scope Portainer searches on by using OUs.
+
+
+
+#### Group Membership Attribute
+
+Enter `member` as the attribute that determines if a user is a member of a group.
+
+#### Group Filter
+
+If you want to filter the list of groups to return only those that contain the string `Portainer` (for example: `PortainerDev`, `PortainerProd`, `PortainerUAT`), set up the filter like this:
+
+```
+(&(objectclass=group)(cn=*Portainer*))
+```
+
+
+
+As an optional step, click **Add group search configuration** to define additional group-search configurations.
+
+### Auto-populate team admins
+
+If desired, Portainer can configure specified LDAP groups of users to become Portainer administrators automatically.
+
+To configure this, first click **add group search configuration** and define the **Group Base DN**, **Groups** and **Group Filter** as required. Once done, click the **Fetch Admin Group(s)** button to retrieve the list of groups matching your search configuration.
+
+
+
+When you're happy with the group selection, enable this feature by toggling **Assign admin rights to group(s)** on.
+
+### Test login
+
+To test your configuration, you can enter a username and password and click the **Test** button.
+
+
+
+## Manually creating LDAP users
+
+{% hint style="info" %}
+This is an optional step and is required only if you do not use automatic user provisioning.
+{% endhint %}
+
+Once LDAP has been enabled, from the menu select **Users**. Create a username that matches your LDAP source users with the format defined when you enabled LDAP (either `username` or `username@mydomain.com`).
diff --git a/admin/settings/authentication/oauth.md b/admin/settings/authentication/oauth.md
new file mode 100644
index 0000000..45ec5a3
--- /dev/null
+++ b/admin/settings/authentication/oauth.md
@@ -0,0 +1,137 @@
+# Authenticate via OAuth
+
+## Configuring OAuth authentication in Portainer
+
+From the menu select **Settings** then select **Authentication**. Under the **Authentication method** section click **OAuth**.
+
+
+
+In the next screen, enter the credentials provided by your OAuth provider, using the table below as a guide.
+
+| Field/Option | Overview |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Use SSO | Enable SSO so that the OAuth provider won't be forced to ask for credentials when users are in a current logged-in session. |
+| Hide internal authentication prompt | Hide the ability to log in through internal authentication. |
+| Automatic user provisioning | If toggled on, users who exist at the OAuth provider's end will automatically be created in Portainer (you can define a default team to put those users in while this option is on). If toggled off, you'll need to [create users](../../users/add.md) in Portainer manually. |
+
+
+
+If you toggle **Automatic team membership** on, you can choose to automatically add OAuth users to certain Portainer teams based on the **Claim name**. Claim names will be matched with teams or you can manually link a claim name (using regex) with Portainer teams under the **Statically assigned teams** option. You can also define a **Default team** for users who don't belong to any other team.
+
+In addition, you can enable the automatic assignment of admin rights to specified groups if desired.
+
+
+
+## OAuth providers
+
+Portainer provides pre-configured OAuth provider options or you can set up your own custom OAuth provider. Each of the pre-configured providers can have their configuration overridden if you need to make changes to the Portainer defaults.
+
+### Microsoft
+
+Configure your OAuth provider using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------- | ----------------------------------------------------------------------------------------------------------------- |
+| Tenant ID | Enter the ID of the Azure Directory you wish to authenticate against. This is also known as the **Directory ID**. |
+| Application ID | Enter the public identifier of the OAuth application. |
+| Application key | Enter the secret key for the OAuth application. |
+
+You can find these details using the following steps:
+
+1. Log in to your Azure Portal as an administrator.
+
+
+
+
+2. Click on **Azure Active Directory** and then click on **Overview**. Your **Tenant ID** can be found in the right pane. Use this as the **Tenant ID** in Portainer.
+
+
+
+
+3. Still in Azure Active Directory, click on **App Registrations** then click **New registration**.
+
+
+
+ Enter a friendly name for the Portainer instance. Choose appropriate option for Supported account types, Choose `Web` type for **Redirect URI** and enter the FQDN or IP address that your Portainer instance listens on `eg: https://portainer.example.com:9443`. Then click **Register**.
+
+
+
+
+
+
+4. After creating the Registration, the screen below is displayed. Use the provided **Application ID** in the respective field in Portainer.
+
+
+
+
+5. Click on **Certificates & secrets** then click **Client secrets**, Click on **New client secret**. Add **Description** and choose Expiry date, then Click **Add.**
+
+
+
+ The secret will then be generated for you. Use the Value as the **Application key** in the respective field in Portainer.
+
+
+
+
+
+
+6. Click on **API Permissions** and **Add a permission**. Select **Microsoft Graph** in the **Request API permissions screen**. Select **Delegated permissions** and add `email, openid, profile` permissions.
+
+
+7. Optionally, to use **Automatic Team Membership** ability in Portainer, you need create groups claim. Click on **Token Configuration** and **Add groups claim**. Select **Security Groups** and click **Add**.
+
+
+
+
+
+When you're finished, click **Save settings**.
+
+### Google
+
+Configure your OAuth provider using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------- | ----------------------------------------------------- |
+| Client ID | Enter the public identifier of the OAuth application. |
+| Client secret | Enter the secret key for the OAuth application. |
+
+
+
+When you're finished, click **Save settings**.
+
+### Github
+
+Configure your OAuth provider using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------- | ----------------------------------------------------- |
+| Client ID | Enter the public identifier of the OAuth application. |
+| Client secret | Enter the secret key for the OAuth application. |
+
+
+
+When you're finished, click **Save settings**.
+
+### Custom
+
+Complete the **OAuth Configuration** section based on the table below.
+
+| Field/Option | Overview |
+| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Client ID | Enter the public identifier of the OAuth application. |
+| Client secret | Enter the token access to the OAuth application. |
+| Authorization URL | Enter the URL used to authenticate against the OAuth provider (will redirect users to the OAuth provider login screen). |
+| Access token URL | Enter the URL used to exchange a valid OAuth authentication code for an access token. |
+| Resource URL | Enter the URL used by Portainer to retrieve information about authenticated users. |
+| Redirect URL | Enter the URL used by the OAuth provider to redirect users after they are successfully authenticated (also referred to as the callback URL). You should set this to your Portainer instance URL. |
+| Logout URL | Enter the URL used by the OAuth provider to log users out. |
+| User identifier | Enter the identifier that Portainer will use to create accounts for authenticated users. Retrieved from the resource server specified in the **Resource URL** field. |
+| Scopes | Required by the OAuth provider to retrieve information about authenticated users. See your provider's own documentation for more information. |
+
+
+
+When you're finished, click **Save settings**.
+
+## Giving environment access to OAuth teams and users
+
+See [Managing user access to environments](../../environments/access.md).
diff --git a/admin/settings/credentials/README.md b/admin/settings/credentials/README.md
new file mode 100644
index 0000000..79986c1
--- /dev/null
+++ b/admin/settings/credentials/README.md
@@ -0,0 +1,17 @@
+# Shared credentials
+
+In this section you can manage the credentials used with our [KaaS provisioning functionality](../../environments/add/kaas/) and our Kubernetes provisioning feature.
+
+
+
+To add a new set of credentials, click the **Add credentials** button. Portainer currently supports the following credential types:
+
+* [Civo](civo.md)
+* [Linode](linode.md)
+* [DigitalOcean](digitalocean.md)
+* [Google Cloud](gke.md)
+* [Amazon Web Services (AWS)](eks.md)
+* [Microsoft Azure](aks.md)
+* [SSH](ssh.md) (for use with Kubernetes cluster deployments)
+
+To remove a set of credentials, check the box next to the credentials to remove and click **Remove**.
diff --git a/admin/settings/credentials/aks.md b/admin/settings/credentials/aks.md
new file mode 100644
index 0000000..9666489
--- /dev/null
+++ b/admin/settings/credentials/aks.md
@@ -0,0 +1,37 @@
+# Add Azure credentials
+
+Before you can add your Azure credentials to Portainer, you will need to retrieve your subscription ID, create an app and retrieve the related tenant ID and client ID, create a client secret and retrieve the value, and set the correct role or permissions on your resource group.
+
+## Configuring your Azure account
+
+Log in to the Azure portal. First, click **Subscriptions** and note down your **Subscription ID**.
+
+Then click the menu in the top left and select **Azure Active Directory**. Click **App registrations** in the left hand menu and select **New Registration**.
+
+Enter a name for your registration that makes sense to you and leave the other fields as they are. Click **Register** to create the registration. In the app page that appears, note down the **Application (client) ID** and **Directory (tenant) ID**.
+
+Next click on **Certificates & secrets** in the left hand menu. Click **New client secret** and enter a name for your secret. Select an expiry date for the secret and click **Add**. Copy the **Client Secret (value)** - you don't need the secret ID.
+
+Now we need to set permissions. Click the menu in the top left, then **Resource Groups** and select your resource group. If you don't already have one, you can create a new one.
+
+Click on **Access control (IAM)** in the left hand menu then click **Add role assignment**. We recommend selecting the `Contributor` role, but if you want to specify the exact set of permissions they are as follows:
+
+```
+Microsoft.ContainerService/managedClusters/read
+Microsoft.ContainerService/managedClusters/write
+Microsoft.Resources/deployments/*
+Microsoft.Resources/subscriptions/resourcegroups/read
+Microsoft.Resources/subscriptions/resourcegroups/write
+Microsoft.Resources/subscriptions/read
+Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action
+```
+
+Once you've chosen your permissions, click **Next**. Click **Select members** then search for the app you registered earlier. Click it, then click **Select** at the bottom of the page. Click **Review + assign**, then **Review + assign** again on the next page.
+
+## Adding your credentials
+
+To add credentials for an Azure account, from the [Cloud settings](./) page click **Add credentials**, then select the **Microsoft Azure** option. Enter a **name** for your credentials, then paste your **Subscription ID**, **Tenant ID**, **Client ID** and **Client Secret** into the fields.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on Azure](../../environments/add/kaas/aks.md).
diff --git a/admin/settings/credentials/civo.md b/admin/settings/credentials/civo.md
new file mode 100644
index 0000000..4cd99ab
--- /dev/null
+++ b/admin/settings/credentials/civo.md
@@ -0,0 +1,17 @@
+# Add Civo credentials
+
+Before you can add your Civo credentials to Portainer, you will need to retrieve your API token from Civo.
+
+## Retrieving your API token
+
+Log into the Civo dashboard and expand the **Settings** menu. Select **Profile**, then the **Security** tab.
+
+At the top of the page you should see your API key listed.
+
+## Adding your credentials
+
+To add credentials for a Civo account, from the [Shared credentials](./) page click **Add credentials**, then select the **Civo** option. Give your credential set a **name** and paste your **API key** into the box.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on Civo](../../environments/add/kaas/civo.md).
diff --git a/admin/settings/credentials/digitalocean.md b/admin/settings/credentials/digitalocean.md
new file mode 100644
index 0000000..d767901
--- /dev/null
+++ b/admin/settings/credentials/digitalocean.md
@@ -0,0 +1,15 @@
+# Add DigitalOcean credentials
+
+Before you can add your DigitalOcean credentials to Portainer, you will need to create an API token in your DigitalOcean account.
+
+## Creating your API token
+
+Log into the DigitalOcean dashboard and select **API** at the bottom left. Click **Generate New Token**, enter a token name and an expiration time, and ensure that both **Read** and **Write** scopes are ticked.
+
+## Adding your credentials
+
+To add credentials for a DigitalOcean account, from the [Shared credentials](./) page click **Add credentials**, then select the **DigitalOcean** option. Give your credential set a **name** and paste your **API key** into the box.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on DigitalOcean](../../environments/add/kaas/digitalocean.md).
diff --git a/admin/settings/credentials/eks.md b/admin/settings/credentials/eks.md
new file mode 100644
index 0000000..3089c59
--- /dev/null
+++ b/admin/settings/credentials/eks.md
@@ -0,0 +1,139 @@
+# Add AWS credentials
+
+Before you can add your AWS credentials to Portainer, you will need to configure your IAM account with the necessary access policies and create and retrieve an access key.
+
+## Configuring access to AWS
+
+While you can use an existing IAM user to communicate with Portainer, you may want to create a new user for just this purpose. The minimum IAM policies required for Portainer to provision are as follows:
+
+* `AmazonEC2FullAccess`
+* `AWSCloudFormationFullAccess`
+
+In addition, we require two custom policies, which you should create and assign to your IAM user:
+
+### EKSFullAccess
+
+```
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "eks:*",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:GetParameter",
+ "ssm:GetParameters"
+ ],
+ "Resource": [
+ "arn:aws:ssm:*::parameter/aws/*",
+ "arn:aws:ssm:*::parameter/aws/*"
+ ],
+ "Effect": "Allow"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant",
+ "kms:DescribeKey"
+ ],
+ "Resource": "*",
+ "Effect": "Allow"
+ },
+ {
+ "Action": [
+ "logs:PutRetentionPolicy"
+ ],
+ "Resource": "*",
+ "Effect": "Allow"
+ }
+ ]
+}
+```
+
+### IAMLimitedAccess
+
+```
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "iam:CreateInstanceProfile",
+ "iam:DeleteInstanceProfile",
+ "iam:GetInstanceProfile",
+ "iam:RemoveRoleFromInstanceProfile",
+ "iam:GetRole",
+ "iam:CreateRole",
+ "iam:DeleteRole",
+ "iam:AttachRolePolicy",
+ "iam:PutRolePolicy",
+ "iam:ListInstanceProfiles",
+ "iam:AddRoleToInstanceProfile",
+ "iam:ListInstanceProfilesForRole",
+ "iam:PassRole",
+ "iam:DetachRolePolicy",
+ "iam:DeleteRolePolicy",
+ "iam:GetRolePolicy",
+ "iam:GetOpenIDConnectProvider",
+ "iam:CreateOpenIDConnectProvider",
+ "iam:DeleteOpenIDConnectProvider",
+ "iam:TagOpenIDConnectProvider",
+ "iam:ListAttachedRolePolicies",
+ "iam:TagRole",
+ "iam:GetPolicy",
+ "iam:CreatePolicy",
+ "iam:DeletePolicy",
+ "iam:ListPolicyVersions"
+ ],
+ "Resource": [
+ "arn:aws:iam:::instance-profile/eksctl-*",
+ "arn:aws:iam:::role/eksctl-*",
+ "arn:aws:iam:::policy/eksctl-*",
+ "arn:aws:iam:::oidc-provider/*",
+ "arn:aws:iam:::role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup",
+ "arn:aws:iam:::role/eksctl-managed-*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Resource": [
+ "arn:aws:iam:::role/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "eks.amazonaws.com",
+ "eks-nodegroup.amazonaws.com",
+ "eks-fargate.amazonaws.com"
+ ]
+ }
+ }
+ }
+ ]
+}
+```
+
+Once you have your IAM user set up, log in to the AWS portal with the IAM user and in the top right menu - the user's name - select **Security Credentials**. Expand the **Access keys** section and click **Create New Access Key**.
+
+Copy the **Access key ID** and the **Secret access key** that are generated.
+
+## Adding your credentials
+
+To add credentials for an AWS account, from the [Shared credentials](./) page click **Add credentials**, then select the **Amazon Web Services (AWS)** option. Enter a **name** for your credentials, then paste your **access key ID** and and **secret access key** from AWS into the fields.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on AWS](../../environments/add/kaas/eks.md).
diff --git a/admin/settings/credentials/gke.md b/admin/settings/credentials/gke.md
new file mode 100644
index 0000000..60cd72e
--- /dev/null
+++ b/admin/settings/credentials/gke.md
@@ -0,0 +1,19 @@
+# Add Google Cloud credentials
+
+Before you can add your Google Cloud credentials to Portainer, you will need to configure your account for GKE, set up a service account, and retrieve the private key for that service account. Once this is complete, you can use the private key to set up access.
+
+## Creating your private key
+
+Log into the Google Cloud console and go to the dashboard for your project. To confirm GKE is enabled for your project, click on **Kubernetes Engine** in the left hand menu. If the section loads and displays the ability to create a cluster, you're set up already. Otherwise you'll be asked to **enable the Kubernetes Engine API**, which you should do.
+
+Once this is confirmed, we need to create a service account. From the navigation menu, hover over **IAM & Admin** and click **Service Accounts**, then click **Create Service Account**. Fill in the service account details with a name, ID and description that makes sense to you and click **Create and Continue**. In the **Grant this service account access to project** section, add the`Compute Engine Service Agent` and `Kubernetes Engine Service Agent` roles to the service account and click **Continue**, then click **Done** to create the account.
+
+Finally, we need to retrieve the private key for the service account. Click on the service account you just created, then select the **Keys** tab and click **Add Key** then **Create new key**. Select **JSON** as the type and click **Create**. This will download a file containing the private key for the service account.
+
+## Adding your credentials
+
+To add credentials for a Google Cloud account, from the [Shared credentials](./) page click **Add credentials**, then select the **Google Cloud** option. Give your credential set a **name** and upload the JSON private key for your service account.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on Google Cloud](../../environments/add/kaas/gke.md).
diff --git a/admin/settings/credentials/linode.md b/admin/settings/credentials/linode.md
new file mode 100644
index 0000000..5d1e594
--- /dev/null
+++ b/admin/settings/credentials/linode.md
@@ -0,0 +1,15 @@
+# Add Linode credentials
+
+Before you can add your Linode credentials to Portainer, you will need to create an API token in your Linode account.
+
+## Creating your API token
+
+Log into the Linode dashboard and click your account name in the top right. Select **API Tokens**. Click **Create a Personal Access Token**, give it a label and set an expiry. The Portainer provisioning functionality only requires **Read/Write** for the **Kubernetes** option, so disable the rest.
+
+## Adding your credentials
+
+To add credentials for a Linode account, from the [Shared credentials](./) page click **Add credentials**, then select the **Linode** option. Give your credential set a **name** and paste your **API key** into the box.
+
+
+
+When you're ready, click **Add credentials**. Your credentials will now be available to you when [provisioning a Kubernetes cluster on Linode](../../environments/add/kaas/linode.md).
diff --git a/admin/settings/credentials/ssh.md b/admin/settings/credentials/ssh.md
new file mode 100644
index 0000000..47d8aea
--- /dev/null
+++ b/admin/settings/credentials/ssh.md
@@ -0,0 +1,53 @@
+# Add SSH credentials
+
+SSH credentials are currently used by Portainer in our Kubernetes provisioning feature. Credentials created here will be usable by any admin-level user, though they will not be able to view the actual credentials directly.
+
+## Setting up your SSH user
+
+The exact method for configuring your SSH user will differ from platform to platform. For the Kubernetes provisioning feature, we assume the following for the user you create:
+
+* The user has sudo privileges or is a root user - this is because Portainer needs this level of access in order to install Kubernetes.
+* SSH is listening on port `22` on the server.
+
+We generally recommend the use of a SSH key for authentication rather than password authentication, but Portainer supports both methods.
+
+## Adding your credentials
+
+To add your SSH credentials, from the [Shared credentials](./) page click **Add credentials**, then select the **SSH** option. Fill out the relevant fields as below.
+
+| Field/Option | Overview |
+| -------------------------- | -------------------------------------------------------------------------------------------------------------------- |
+| Credentials name | Enter a name you will use to identify your credential set in the Portainer application. |
+| SSH username | Enter the username for your SSH account. |
+| SSH password | Enter the password for your SSH account. You can leave this field blank if you intend to use SSH key authentication. |
+| Use SSH key authentication | Enable this toggle to use SSH key authentication instead of password authentication. |
+| SSH private key passphrase | If your SSH private key is encrypted, provide the passphrase here. |
+| SSH private key | Paste your SSH private key in this field. |
+
+
+
+You can also choose to upload your private key by clicking **Upload SSH private key** and selecting the file to upload. This will replace anything in the SSH private key field with the contents of the uploaded file.
+
+When you are ready, click **Add credentials** to complete the process.
+
+### Generate a new key pair
+
+If you would like to create a new key pair for your SSH credentials, you can do so by clicking **Generate new RSA SSH key pair**. You will first be prompted to enter an optional passphrase for your private key, then click the **Generate SSH key pair** button to proceed.
+
+
+
+Portainer will then generate a new key pair for you and display the resulting private and public keys. You can copy the values to your clipboard with the Copy buttons, or download the individual files with the Download buttons.
+
+{% hint style="warning" %}
+Ensure you take a copy of both the public and private keys, as you will not be able to retrieve them.
+{% endhint %}
+
+
+
+Your newly generated public key should be added to the `authorized_keys` file for the SSH user you intend to use on your nodes for provisioning.
+
+{% hint style="info" %}
+Key pairs are generated with a key size of `4096` bits.
+{% endhint %}
+
+Once you have saved the public and private key files, click **Continue**. You will be returned to the previous screen and the SSH private key passphrase and SSH private key fields will be populated with your new key pair's passphrase and private key respectively.
diff --git a/admin/settings/edge.md b/admin/settings/edge.md
new file mode 100644
index 0000000..4530b9e
--- /dev/null
+++ b/admin/settings/edge.md
@@ -0,0 +1,110 @@
+# Edge Compute
+
+To enable and configure Edge Compute functionality in Portainer, select **Settings** from the menu then select **Edge Compute**.
+
+{% hint style="info" %}
+To learn how to use our Edge Compute functionality, please refer to the [Edge Compute](../../user/edge/) section of this documentation.
+{% endhint %}
+
+
+
+## Edge Compute settings
+
+In this section you can use the following options to enable and configure Edge Compute functionality within Portainer.
+
+| Field/Option | Overview |
+| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Enable Edge Compute features | Toggle this on to enable Edge Compute functionality including Edge Device features. |
+| Portainer API server URL |
Enter the default URL and port of your Portainer Server instance as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. This value can be overridden when manually deploying an Edge Agent. This feature is only available in Portainer Business Edition.
|
+| Portainer tunnel server address |
Enter the default address and port of your Portainer Server instance's tunnel server as it will be seen from your Edge environment. If using a FQDN, ensure that DNS is properly configured to provide this. In most cases, this will be the same address as the Portainer API server URL, but without the protocol and on port 8000. This value can be overridden when manually deploying an Edge Agent. This feature is only available in Portainer Business Edition. For Community Edition users, refer to this GitHub issue.
|
+| Enforce use of Portainer generated Edge ID | Enable this option to require that the Edge ID used by an Edge Agent deployment exist within Portainer's database (in other words, have an environment with the matching ID already created) in order to connect. |
+
+
+
+When you are done, click **Save Settings**.
+
+## Deployment sync options
+
+This section defines options that apply how Edge Agents sync with the Portainer Server instance.
+
+### Check-in intervals
+
+| Field/Option | Overview |
+| --------------------------------- | ------------------------------------------------------------------------------------------ |
+| Edge agent default poll frequency | Select how often Edge Agents in standard mode check in with the Portainer Server instance. |
+
+
+
+### Async Check-in intervals
+
+The following options apply to Edge Agents deployed in async mode.
+
+| Field/Option | Overview |
+| ------------------------------------- | --------------------------------------------------------------------------------------------------------- |
+| Edge agent default ping frequency | Select how often Edge Agents in async mode ping back to the Portainer Server instance. |
+| Edge agent default snapshot frequency | Select how often Edge Agents in async mode update their snapshot with the Portainer Server instance. |
+| Edge agent default command frequency | Select how often Edge Agents in async mode check with the Portainer Server instance for pending commands. |
+
+
+
+### mTLS Certificate
+
+This section allows you to enable the use of a separate certificate for mTLS and to upload that certificate and CA.
+
+{% hint style="info" %}
+For more information on mTLS read our advanced documentation.
+{% endhint %}
+
+| Field/Option | Overview |
+| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Use separate mTLS cert | Enable this toggle to use a separate mTLS certificate for Edge Agent communication. With this option disabled, Edge Agents will use the same TLS certificate as the Portainer UI. |
+| TLS CA Certificate | Select and upload the CA certificate for use with mTLS. |
+| TLS certificate | Select and upload the server certificate for use with mTLS. |
+| TLS key | Select and upload the key corresponding to the server certificate. |
+
+
+
+When you are done, click **Save Settings**.
+
+## Automatic Edge Environment Creation
+
+In this section you can configure how automatic Edge environment configuration functions as well as customize and retrieve your Edge agent deployment script, for use when preloading Edge Devices with a Portainer Edge Agent container and configuration.
+
+| Field/Option | Overview |
+| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Disable Edge Environment Waiting Room | Toggle this on to disable the [waiting room](../../user/edge/waiting-room.md) feature for Edge devices. This will allow any Edge Device that connects to the Portainer instance to automatically associate with Portainer. We recommend leaving this off (the waiting room enabled). |
+
+
+
+Configure the options and select the platform (Linux or Windows) to generate your Edge agent deployment scripts.
+
+| Field/Option | Overview |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Edge ID Generator | Provide a one-line script that will be used to generate a unique ID for your Edge devices. For Linux, an example would be using the `uuidgen` command. |
+| Nomad Authentication Enabled | If you have selected a Nomad environment, toggle this to enable authentication. |
+| Nomad Token | If Nomad authentication is enabled, define the Nomad token to use. |
+| TLS | Toggle this on if your Nomad installation uses TLS. |
+| Environment variables | Define a comma separated list of environment variables that will be sourced from the Edge device for use in Portainer. |
+| Allow self-signed certs | Toggle this to permit the use of self-signed certificates for the communication between the Edge Agent and the Portainer server. |
+
+
+
+Select the environment of your deployment and click **Copy** to copy the script to your clipboard.
+
+## Intel OpenAMT
+
+This section controls the configuration of the [Intel OpenAMT](../../user/home/openamt.md) functionality in Portainer.
+
+| Field/Option | Overview |
+| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Enable OpenAMT | Toggle this option on to enable Portainer's OpenAMT functionality. This can only be enabled when **Enable Edge Compute features** is toggled on, and when on will reveal the below fields. |
+| MPS Server | Enter the FQDN or IP address of your MPS server. |
+| MPS User | Enter the username used to connect to your MPS server. |
+| MPS Password | Enter the password for the MPS User defined above. The password must be between 8 and 32 characters and include at least one upper case letter, at least one lower case letter, at least one base-10 digit and at least one special character. |
+| Domain Name | Enter the fully-qualified domain name associated with the provisioning certificate. |
+| Provisioning Certificate File (.pfx) |
Click Upload file to upload your PFX-format certificate. The PFX must contain the private key. On AMT 15 based devices you must use SHA2.
Currently supported CAs are Comodo, DigiCert, Entrust and GoDaddy.
|
+| Provisioning Certificate Password | Enter the password for the provisioning certificate. The password must be between 8 and 32 characters and include at least one upper case letter, at least one lower case letter, at least one base-10 digit and at least one special character. |
+
+
+
+When you have finished making changes, click **Save Settings**.
diff --git a/admin/users/README.md b/admin/users/README.md
new file mode 100644
index 0000000..7a81773
--- /dev/null
+++ b/admin/users/README.md
@@ -0,0 +1,25 @@
+# Users
+
+Give access to individual users then manage them as their needs change over time.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="promote.md" %}
+[promote.md](promote.md)
+{% endcontent-ref %}
+
+{% content-ref url="password.md" %}
+[password.md](password.md)
+{% endcontent-ref %}
+
+Add users to teams then assign them to roles (Business Edition).
+
+{% content-ref url="teams/" %}
+[teams](teams/)
+{% endcontent-ref %}
+
+{% content-ref url="roles.md" %}
+[roles.md](roles.md)
+{% endcontent-ref %}
diff --git a/admin/users/add.md b/admin/users/add.md
new file mode 100644
index 0000000..e38e569
--- /dev/null
+++ b/admin/users/add.md
@@ -0,0 +1,11 @@
+# Add a new user
+
+From the menu select **Users**.
+
+
+
+Enter a username and a strong password (and confirm it). You can also set whether this user is an Administrator as well as add the user to any teams you have created.
+
+
+
+Once you're ready, click **Create user**.
diff --git a/admin/users/password.md b/admin/users/password.md
new file mode 100644
index 0000000..d21e30c
--- /dev/null
+++ b/admin/users/password.md
@@ -0,0 +1,9 @@
+# Reset a user's password
+
+From the menu select **Users** then select the user whose password you want to reset.
+
+
+
+Enter a new strong password, re-enter the password to confirm it then click **Update password**.
+
+
diff --git a/admin/users/promote.md b/admin/users/promote.md
new file mode 100644
index 0000000..1cdfd1a
--- /dev/null
+++ b/admin/users/promote.md
@@ -0,0 +1,9 @@
+# Turn a user into an administrator
+
+From the menu select **Users** then select the user you want to promote to administrator.
+
+
+
+Toggle **Administrator** on then click **Save**.
+
+
diff --git a/admin/users/roles.md b/admin/users/roles.md
new file mode 100644
index 0000000..8cee9ab
--- /dev/null
+++ b/admin/users/roles.md
@@ -0,0 +1,45 @@
+# Roles
+
+Portainer Business Edition comes with Role-Based Access Control (RBAC) features that refine the access privileges available natively within Portainer. The RBAC feature allows you to create granular user access across all resources and all environments defined within Portainer.
+
+## The basics
+
+* A _role_ is a predefined set of privileges.
+* _Privileges_ define the rights to perform actions.
+* Users are assigned roles, and each role has specific privileges.
+* To assign privileges, pair a user or team with a role then associate that pairing with an environment or environment group.
+* A single user or team can have different roles for different environments in the Portainer inventory.
+
+## Built-in roles
+
+There are several types of roles:
+
+* **Environment administrator** has full access within a given environment, but cannot make any changes to the infrastructure that underpins an environment (i.e. no host management), nor are they able to make changes to Portainer internal settings. Environment administrators are also unable to change ownership of resources.
+* **Operator** has operational control over the resources deployed within a given environment. Operator can update, re-deploy, start and stop containers/services, check logs and console into containers, but cannot create or delete any resources.
+* **Helpdesk** has read-only access to the resources deployed within a given environment but cannot make changes to any resource, nor can they open a console to a container or make changes to a container’s volumes.
+* **Standard User** has complete control over the resources that a user deploys, or if the user is a member of a team, has complete control over the resources that users of that team deploy.
+* **Read-Only User** has read-only access to the resources they are entitled to see (resources created by members of their team, and public resources).
+
+
+
+The **Administrator** role sits outside of the other roles and effectively acts as a 'Global Admin'. A user assigned to this role has complete control over Portainer settings, and all resources on every environment under Portainer's control.
+
+{% hint style="info" %}
+The **Team Leader** role (which can be defined when [adding a new team](teams/add.md)) is designed for setups that are using internal authentication only, and in a future version the role will be disabled when external authentication is enabled.
+{% endhint %}
+
+## Viewing user access
+
+Portainer's **Effective access viewer** lets you see what access a user has. From the menu select **Users** then select **Roles**.
+
+
+
+Select a user from the **User** dropdown. The user's roles and their access on your environments will display. Select **Manage access** on any row to be taken to the [environment's access configuration](../environments/access.md).
+
+
+
+## Docker vs Kubernetes
+
+Because Docker does not natively provide role-based access control, we implement our own role management in order to provide this functionality. On a Kubernetes environment, we leverage the RBAC functionality built into Kubernetes alongside our own role management to provide security and flexibility to roles and access.
+
+For more information on the permissions that each role has for Docker and Swarm environments, see our [Docker roles and permissions documentation](../../advanced/docker-roles-and-permissions.md). For more information about how we map Portainer roles to Kubernetes roles, see our [roles and bindings documentation](../../advanced/kubernetes-roles-and-bindings.md).
diff --git a/admin/users/teams/README.md b/admin/users/teams/README.md
new file mode 100644
index 0000000..7707d66
--- /dev/null
+++ b/admin/users/teams/README.md
@@ -0,0 +1,12 @@
+# Teams
+
+Use teams to control user access to environments, container and service enablement, and volume control.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="add-user.md" %}
+[add-user.md](add-user.md)
+{% endcontent-ref %}
+
diff --git a/admin/users/teams/add-user.md b/admin/users/teams/add-user.md
new file mode 100644
index 0000000..8158370
--- /dev/null
+++ b/admin/users/teams/add-user.md
@@ -0,0 +1,9 @@
+# Add a user to a team
+
+From the menu select **Users** then select **Teams**.
+
+
+
+Select the team you want to add users to then click **Add** next to the user.
+
+
diff --git a/admin/users/teams/add.md b/admin/users/teams/add.md
new file mode 100644
index 0000000..496cd2c
--- /dev/null
+++ b/admin/users/teams/add.md
@@ -0,0 +1,15 @@
+# Add a new team
+
+From the menu select **Users** then select **Teams**.
+
+
+
+Enter the name of the team and optionally select team leaders. Team leaders can add and remove existing users to and from their team, as well as promote existing team members to co-team leaders.
+
+{% hint style="warning" %}
+If your Portainer installation uses external authentication and teams are synced from your external authentication provider, the team leader role is disabled.
+{% endhint %}
+
+
+
+When you're ready, click **Create team**.
diff --git a/advanced/access-control.md b/advanced/access-control.md
new file mode 100644
index 0000000..14c288f
--- /dev/null
+++ b/advanced/access-control.md
@@ -0,0 +1,78 @@
+# Access control
+
+All Docker and Docker Swarm resources (except images) deployed through Portainer have access control settings. You can set these when resources are deployed or at a later time. Resources deployed through a stack or a service will inherit the same access as the parent.
+
+## Resources deployed through Portainer
+
+### Access to administrators only
+
+This is an example access control section, showing access control enabled. With these settings, only Portainer administrators will have access to the resource and any other resources created by it (for example, a stack that creates containers, services, volumes, networks and secrets).
+
+
+
+### Access to all users
+
+This is an example access control section showing access control disabled. All Portainer users will have access to the resource and any resources created by it.
+
+
+
+### Access restricted to specific groups or users
+
+This is an example access control section showing access control enabled in **Restricted** mode. After you select the Restricted option, you can select more teams and users and give them access to the resource.
+
+
+
+## Resources deployed outside of Portainer
+
+Any resources deployed to Docker or Docker Swarm outside of Portainer will be marked as `external` and you will have limited control over these resources. By default, these resources will have administrator-only access, but you can enable access control using these labels (examples used, swap out for your own parameters):
+
+| Label | Access Granted |
+| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
+| `io.portainer.accesscontrol.public` | All Portainer users have access to the resource. Takes precedence over team/user assignments. |
+| `io.portainer.accesscontrol.teams=dev,prod` | Access restricted to teams `dev` and `prod` only. Can be used in conjunction with `io.portainer.accesscontrol.users` |
+| `io.portainer.accesscontrol.users=bob,adam` | Access is restricted to users `bob` and `adam` only. Can be used in conjunction with `io.portainer.accesscontrol.teams` |
+
+### Example 1
+
+Deploy a stack using Docker Compose and restrict access to teams `dev` and `prod`:
+
+```
+version: '3.2'
+services:
+ ltest:
+ image: busybox:latest
+ command: "ping localhost"
+ labels:
+ io.portainer.accesscontrol.teams: dev,prod
+```
+
+### Example 2
+
+Deploy a stack using the Docker CLI and restrict access to team `testers` and users `bob` and `adam`:
+
+```
+version: '3.2'
+services:
+ ltest:
+ image: busybox:latest
+ command: "ping localhost"
+ labels:
+ io.portainer.accesscontrol.teams: testers
+ io.portainer.accesscontrol.users: bob,adam
+```
+
+### Example 3
+
+Deploy a container using the Docker CLI and make it accessible to all Portainer users:
+
+```
+docker run -d --label io.portainer.accesscontrol.public nginx:latest
+```
+
+### Example 4
+
+Deploy a container using the Docker CLI and restrict access to teams `dev` and `prod` and users `bob`:
+
+```
+docker run -d --label io.portainer.accesscontrol.teams=dev,prod --label io.portainer.accesscontrol.users=bob nginx:latest
+```
diff --git a/advanced/app-templates/README.md b/advanced/app-templates/README.md
new file mode 100644
index 0000000..75a7e4b
--- /dev/null
+++ b/advanced/app-templates/README.md
@@ -0,0 +1,12 @@
+# App templates
+
+You can deploy containers and services using Portainer's set of built-in app templates, or replace them with your own set of templates.
+
+{% content-ref url="build.md" %}
+[build.md](build.md)
+{% endcontent-ref %}
+
+{% content-ref url="format.md" %}
+[format.md](format.md)
+{% endcontent-ref %}
+
diff --git a/advanced/app-templates/build.md b/advanced/app-templates/build.md
new file mode 100644
index 0000000..8abb846
--- /dev/null
+++ b/advanced/app-templates/build.md
@@ -0,0 +1,23 @@
+# Build and host your own app templates
+
+To provide your own template files, you will need to host your files somewhere accessible by the Portainer Server instance. This could be somewhere like GitHub, a web server, or perhaps a container running nginx.
+
+As an example, the Portainer templates repository includes a `Dockerfile` that lets you start it as a container to serve the JSON file. To set this up, first clone the [Portainer templates repository](https://github.com/portainer/templates), edit the templates file, then build and run the container:
+
+```
+git clone https://github.com/portainer/templates.git portainer-templates
+cd portainer-templates
+# Edit the file templates.json
+docker build -t portainer-templates .
+docker run -d -p "8080:80" portainer-templates
+```
+
+Access your template definitions at `http://docker-host:8080/templates.json`.
+
+You can also mount the `templates.json` file inside the container, so you can edit the file and see live changes:
+
+```
+docker run -d -p "8080:80" -v "${PWD}/templates.json:/usr/share/nginx/html/templates.json" portainer-templates
+```
+
+For more information about the format of the app template, go [here](format.md).
diff --git a/advanced/app-templates/format.md b/advanced/app-templates/format.md
new file mode 100644
index 0000000..2a4084c
--- /dev/null
+++ b/advanced/app-templates/format.md
@@ -0,0 +1,524 @@
+# App template JSON format
+
+App template definitions are written in JSON. Valid templates consist of an array, and every template definition consists of one element.
+
+## Container template definition format
+
+A container template element must be a valid JSON object, composed of both mandatory and optional data fields. Here's an example of the format:
+
+```
+{
+ "version": "2",
+ "templates": [
+ {
+ // template1
+ },
+ {
+ // template2
+ },
+ ...
+ ]
+}
+```
+
+### type
+
+* **Description:** The template type.
+* **Format:** Integer
+* **Valid values:** `1` = container; `2` = Swarm stack; `3` = Compose stack
+* **Required/Optional:** Required
+* **Other information:** Type `3` is limited to using the version `"2"` stack format (this is a docker/libcompose limitation).
+
+### title
+
+* **Description:** The template title.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Required
+
+### description
+
+* **Description:** The template description.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Required
+
+### image
+
+* **Description:** The Docker image associated with a template.
+* **Format:** String
+* **Valid values:** Any valid URL.
+* **Required/Optional:** Required
+
+### administrator-only
+
+* **Description:** Indicates whether or not a template should be available just to admin users.
+* **Format:** Boolean
+* **Valid values:** `true` = available to admins only; `false` = available to all users
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "administrator-only": true
+}
+```
+
+### name
+
+* **Description:** The default name of a template (shows in the Portainer UI).
+* **Format:** String
+* **Valid values:** Any valid string.
+* **Required/Optional:** Optional
+
+### logo
+
+* **Description:** The template logo.
+* **Format:** String
+* **Valid values:** Any valid URL.
+* **Required/Optional:** Optional
+
+### registry
+
+* **Description:** The registry where the Docker image is stored. If not specified, Portainer will use Docker Hub as the default.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Optional
+
+### command
+
+* **Description:** The command to run in the container. If not specified, the container will use the default command in its Dockerfile.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "command": "/bin/bash -c \"echo hello\" && exit 777"
+}
+```
+
+### env
+
+* **Description:** A JSON array describing the environment variables required by a template. Each element in the array must be a valid JSON object. An input will be generated in the templates view for each element in the array. Depending on the object properties, different types of inputs can be generated (text input, select).
+* **Format:** Array
+* **Required/Optional:** Optional
+
+Array format:
+
+```
+{
+ "name": "the name of the environment variable, as supported in the container image (mandatory)",
+ "label": "label for the input in the UI (mandatory unless set is present)",
+ "description": "a short description for this input, will be available as a tooltip in the UI (optional)",
+ "default": "default value associated to the variable (optional)",
+ "preset": "boolean. If set to true, the UI will not generate an input (optional)",
+ "select": "an array of possible values, will generate a select input (optional)"
+}
+```
+
+Example:
+
+```
+{
+ "env": [
+ {
+ "name": "MYSQL_ROOT_PASSWORD",
+ "label": "Root password",
+ "description": "Password used by the root user."
+ },
+ {
+ "name": "ENV_VAR_WITH_DEFAULT_VALUE",
+ "default": "default_value",
+ "preset": true
+ },
+ {
+ "name": "ENV_VAR_WITH_SELECT_VALUE",
+ "label": "An environment variable",
+ "description": "A description for this env var",
+ "select": [
+ {
+ "text": "Yes, I agree",
+ "value": "Y",
+ "default": true
+ },
+ {
+ "text": "No, I disagree",
+ "value": "N"
+ },
+ {
+ "text": "Maybe",
+ "value": "YN"
+ }
+ ],
+ "description": "Some environment variable."
+ }
+ ]
+}
+```
+
+### network
+
+* **Description:** A string that corresponds to the name of an existing Docker network. Will auto-select the network in the templates view.
+* **Format:** String
+* **Valid values:** Any string value. If the string does not match an existing network name when the template is used it will fall back to the first available network.
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "network": "host"
+}
+```
+
+### volumes
+
+* **Description:** A JSON array describing the volumes associated with a template. Each element in the array must be a valid JSON object with a required container property. For each element in the array, a Docker volume will be created and associated when starting the container. If a `bind` property is defined, it will be used as the source of a bind mount. If a `readonly` property is is defined and = true, the volume will be mounted in `readonly` mode.
+* **Format:** Array
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "volumes": [
+ {
+ "container": "/etc/nginx"
+ },
+ {
+ "container": "/usr/share/nginx/html",
+ "bind": "/var/www",
+ "readonly": true
+ }
+ ]
+}
+```
+
+### ports
+
+* **Description:** A JSON array describing the ports exposed by a template. Each element in the array must be a valid JSON string specifying the port number in the container, as well as the protocol. Can be optionally prefixed with a port number and colon (for example `8080:`) to define the port to be mapped on the host. If the host port is not specified, the Docker host will automatically assign it when starting the container.
+* **Format:** Array
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "ports": ["8080:80/tcp", "443/tcp"]
+}
+```
+
+### labels
+
+* **Description:** A JSON array describing the labels associated with a template. Each element in the array must be a valid JSON object with two properties (`name:` and `""`).
+* **Format:** Array
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "labels": [
+ { "name": "com.example.vendor", "value": "Acme" },
+ { "name": "com.example.license", "value": "GPL" },
+ { "name": "com.example.version", "value": "1.0" }
+ ]
+}
+```
+
+### privileged
+
+* **Description:** Indicates whether or not the container should be started in `privileged` mode. Defaults to `false` if not specified.
+* **Format:** Boolean
+* **Valid values:** `true` = start the container in privileged mode; `false` = do not start the container in privileged mode
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "privileged": true
+}
+```
+
+### interactive
+
+* **Description:** Indicates whether or not the container should be started in `foreground` mode. Defaults to `false` if not specified.
+* **Format:** Boolean
+* **Valid values:** `true` = start the container in foreground mode; `false` = do not start the container in foreground mode
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "interactive": true
+}
+```
+
+### restart\_policy
+
+* **Description:** The restart policy associated with the container. Will default to `"always"` if no value is specified.
+* **Format:** String
+* **Valid values:**
+ * `"always"` Always restart the container regardless of the exit status.
+ * `"no"` Never automatically restart the container.
+ * `"on-failure"` Restart the container only if it exits with a non-zero status.
+ * `"unless-stopped"` Always restart the container regardless of the exit status (unless the container was manually stopped).
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "restart_policy": "unless-stopped"
+}
+```
+
+### hostname
+
+* **Description:** The hostname of the container. Will default to Docker if not specified.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "hostname": "mycontainername"
+}
+```
+
+### note
+
+* **Description:** Extra information about a template, for example what it is used for. Displayed inside the template-creation form in the Portainer UI. Supports HTML.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "note": "You can use this field to record extra information about a template."
+}
+```
+
+### platform
+
+* **Description:** The supported platform. Displays a small platform-related icon in the Portainer UI. Must contain a valid value.
+* **Format:** String
+* **Valid values:** `"linux"`; `"windows"`
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "platform": "linux"
+}
+```
+
+### categories
+
+* **Description:** An array of categories associated with a template. Populates the category filter in the Portainer UI.
+* **Format:** Array
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "categories": ["webserver", "open-source"]
+}
+```
+
+## Stack template definition format
+
+A stack template element must be a valid JSON object, composed of mandatory and optional data fields. Here's an example of the format:
+
+```
+{
+ "type": 2,
+ "title": "CockroachDB",
+ "description": "CockroachDB cluster",
+ "note": "Deploys an insecure CockroachDB cluster, please refer to CockroachDB documentation for production deployments.",
+ "categories": ["database"],
+ "platform": "linux",
+ "logo": "https://cloudinovasi.id/assets/img/logos/cockroachdb.png",
+ "repository": {
+ "url": "https://github.com/portainer/templates",
+ "stackfile": "stacks/cockroachdb/docker-stack.yml"
+ }
+}
+```
+
+### type
+
+* **Description:** The template type. A Swarm stack will be deployed using the equivalent of `docker stack deploy`. A Compose stack will be deployed using the equivalent of `docker-compose.`
+* **Format:** Integer
+* **Valid values:** `1` = container; `2` = Swarm stack; `3` = Compose stack
+* **Required/Optional:** Required
+* **Other information:** Type `3` is limited to using the version `"2"` stack format (this is a docker/libcompose limitation).
+
+### title
+
+* **Description:** The template title.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Required
+
+### description
+
+* **Description:** The template description.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Required
+
+### repository
+
+* **Description:** A JSON object describing the public Git repository from where the stack template will be loaded. It indicates the URL of the Git repository as well as the path to the Compose file inside the repository.
+* **Format:** Object
+* **Valid values:** See the example below.
+* **Required/Optional:** Required
+
+{% hint style="warning" %}
+This value **must** reference a Git repository.
+{% endhint %}
+
+Object format:
+
+```
+{
+ "url": "URL of the public git repository (mandatory)",
+ "stackfile": "Path to the Compose file inside the repository (mandatory)",
+}
+```
+
+Example:
+
+```
+{
+ "url": "https://github.com/portainer/templates",
+ "stackfile": "stacks/cockroachdb/docker-stack.yml"
+}
+```
+
+### administrator\_only
+
+* **Description:** Indicates whether or not a template should be available just to admin users.
+* **Format:** Boolean
+* **Valid values:** `true` = available to admins only; `false` = available to all users
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "administrator_only": true
+}
+```
+
+### name
+
+* **Description:** The default name of a template (shows in the Portainer UI).
+* **Format:** String
+* **Valid values:** Any valid string.
+* **Required/Optional:** Optional
+
+### logo
+
+* **Description:** The template logo.
+* **Format:** String
+* **Valid values:** Any valid URL.
+* **Required/Optional:** Optional
+
+### env
+
+* **Description:** A JSON array describing the environment variables required by a template. Each element in the array must be a valid JSON object. An input will be generated in the templates view for each element in the array. Depending on the object properties, different types of inputs can be generated (text input, select).
+* **Format:** Array
+* **Required/Optional:** Optional
+
+An input will be generated in the templates view for each element in the array. Depending on the object properties, different types of inputs can be generated (text input, select).
+
+Array format:
+
+```
+{
+ "name": "the name of the environment variable, as supported in the container image (mandatory)",
+ "label": "label for the input in the UI (mandatory unless set is present)",
+ "description": "a short description for this input, will be available as a tooltip in the UI (optional)",
+ "default": "default value associated to the variable (optional)",
+ "preset": "boolean. If set to true, the UI will not generate an input (optional)",
+ "select": "an array of possible values, will generate a select input (optional)"
+}
+```
+
+Example:
+
+```
+{
+ "env": [
+ {
+ "name": "MYSQL_ROOT_PASSWORD",
+ "label": "Root password",
+ "description": "Password used by the root user."
+ },
+ {
+ "name": "ENV_VAR_WITH_DEFAULT_VALUE",
+ "default": "default_value",
+ "preset": true
+ },
+ {
+ "name": "ENV_VAR_WITH_SELECT_VALUE",
+ "label": "An environment variable",
+ "description": "A description for this env var",
+ "select": [
+ {
+ "text": "Yes, I agree",
+ "value": "Y",
+ "default": true
+ },
+ {
+ "text": "No, I disagree",
+ "value": "N"
+ },
+ {
+ "text": "Maybe",
+ "value": "YN"
+ }
+ ],
+ "description": "Some environment variable."
+ }
+ ]
+}
+```
+
+### note
+
+* **Description:** Extra information about a template, for example what it is used for. Displayed inside the template-creation form in the Portainer UI. Supports HTML.
+* **Format:** String
+* **Valid values:** Any string value.
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "note": "You can use this field to record extra information about a template."
+}
+```
+
+### platform
+
+* **Description:** The supported platform. Displays a small platform-related icon in the Portainer UI. Must contain a valid value.
+* **Format:** String
+* **Valid values:** `"linux"`; `"windows"`
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{ "platform": "linux" }
+```
+
+### categories
+
+* **Description:** An array of categories associated with a template. Populates the category filter in the Portainer UI.
+* **Format:** Array
+* **Required/Optional:** Optional
+* **Example:** See below.
+
+```
+{
+ "categories": ["webserver", "open-source"]
+```
diff --git a/advanced/cli.md b/advanced/cli.md
new file mode 100644
index 0000000..51a48c0
--- /dev/null
+++ b/advanced/cli.md
@@ -0,0 +1,223 @@
+# CLI configuration options
+
+## Configuration flags available at the command line
+
+| Flag | Description |
+| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `--admin-password` | Specifies a bcrypt hashed password for the admin user. This can only be used when first creating the admin user (such as during installation) and not to change the admin user's password after installation. |
+| `--admin-password-file` | Specifies the path to the file containing the password for the admin user. This can only be used when first creating the admin user (such as during installation) and not to change the admin user's password after installation. |
+| `--base-url` | Specifies the path that Portainer is running under if you are running Portainer within a subpath (for example use `--baseurl /portainer` if you are running Portainer at `https://yourdomain/portainer`). Defaults to `/`. |
+|
--bind
-p
| Specifies the address and port from which to serve Portainer (default: `:9000`). |
+| `--bind-https` | Specifies the address and port from which to serve Portainer via HTTPS (default: `:9443`). |
+|
--data
-d
| Specifes the directory where Portainer data will be stored (default: `/data` on Linux, `C:\data` on Windows). |
+| `--edge-compute` | Automatically enables Edge Compute features. |
+|
--hide-label
-l
| Hides containers with a specific label in the UI. |
+| `--http-disabled` | Serve Portainer only on HTTPS. Overrides `--http-enabled`. Ensure your HTTPS configuration is fully working and any agents are configured for HTTPS before enabling this. |
+| `--http-enabled` | Serve Portainer on HTTP. If used in combination with `--http-disabled`, this is ignored. |
+|
--host
-H
| Specifies the Docker daemon endpoint. |
+| `--license-key` | Specifies the license key to use. Only applicable to Portainer Business Edition. |
+| `--logo` | Specifies the URL to the image to be displayed as a logo in the UI. If not specified, the Portainer logo is used instead. |
+| `--mtlscacert` | Specifies the path to the certificate authority (CA) certificate used for mTLS communication. |
+| `--mtlscert` | Specifies the path to the certificate used for mTLS communication. |
+| `--mtlskey` | Specifies the path to the certificate key used for mTLS communication. |
+| `--snapshot-interval` | Specifies the time interval between two environment snapshot jobs expressed as a string. For example 30s, 5m, 1h… Supported by the `time.ParseDuration` method (default: 5m). |
+| `--sslcacert` | Specifies the path to the certificate authority (CA) certificate used to secure the Portainer instance. |
+| `--sslcert` | Specifies the path to the SSL certificate used to secure the Portainer instance (default: `/certs/portainer.crt` on Linux, `C:\certs\portainer.crt` on Windows). |
+| `--sslkey` | Specifies the path to the SSL key used to secure the Portainer instance (default: `/certs/portainer.key` on Linux, `C:\certs\portainer.key` on Windows). |
+|
--templates
-t
| Specifies the URL to the templates (apps) definitions. |
+| `--tlscacert` | Specifies the path to the CA used for Docker daemon connections (default: `/certs/ca.pem` on Linux, `C:\certs\ca.pem` on Windows). |
+| `--tlscert` | Specifies the path to the TLS certificate file used for Docker daemon connections (default: `/certs/cert.pem`, `C:\certs\cert.pem` on Windows). |
+| `--tlskey` | Specifies the path to the TLS key used for Docker daemon connections (default: `/certs/key.pem`, `C:\certs\key.pem` on Windows). |
+| `--tlsverify` | TLS support (default: `false`). |
+| `--tlsskipverify` | Disable TLS server verification. |
+| `--tunnel-addr` | Specifies the tunnel address to listen on for use with the Edge Agent. Defaults to `0.0.0.0` (all interfaces). |
+| `--tunnel-port` | Specifies an alternate tunnel port to use with the Edge Agent. Use `--tunnel-port 8001` with `-p 8001:8001` to make the Edge Agent communicate on port `8001`. |
+| `--version` | Display the version of Portainer. |
+
+## Creating an admin account and password
+
+{% hint style="info" %}
+The commands in this section will automatically create an administrator account called `admin` with the password you specify. This can only be used when first creating the admin user (such as during installation) and not to change the admin user's password after installation.
+{% endhint %}
+
+### Method 1: Creating the account from the command line
+
+You can specify a bcrypt-encrypted password from the command line for the admin account. If you have installed the `apache2-utils` package, create the password using the following command:
+
+```
+htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
+```
+
+If your system does not have that command, use a container to run the command instead:
+
+```
+docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
+```
+
+Once the password has been created, specify the admin password from the command line by starting Portainer with the `--admin-password` flag:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ee:latest --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
+```
+{% endtab %}
+{% endtabs %}
+
+### Method 2: Creating the account using a file
+
+You can also store a plain text password inside a file and use the `--admin-password-file` flag. First, add the password to a file using the following example command as a guide:
+
+```
+echo -n mypassword > /tmp/portainer_password
+```
+
+Next, start the Portainer container:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ee:latest --admin-password-file /tmp/portainer_password
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce:latest --admin-password-file /tmp/portainer_password
+```
+{% endtab %}
+{% endtabs %}
+
+This also works well with Docker Swarm and Docker Secrets:
+
+```
+echo -n mypassword | docker secret create portainer-pass -
+```
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker service create \
+ --name portainer \
+ --secret portainer-pass \
+ --publish 9443:9443 \
+ --publish 8000:8000 \
+ --replicas=1 \
+ --constraint 'node.role == manager' \
+ --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
+ portainer/portainer-ee:latest \
+ --admin-password-file '/run/secrets/portainer-pass' \
+ -H unix:///var/run/docker.sock
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker service create \
+ --name portainer \
+ --secret portainer-pass \
+ --publish 9443:9443 \
+ --publish 8000:8000 \
+ --replicas=1 \
+ --constraint 'node.role == manager' \
+ --mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
+ portainer/portainer-ce:latest \
+ --admin-password-file '/run/secrets/portainer-pass' \
+ -H unix:///var/run/docker.sock
+```
+{% endtab %}
+{% endtabs %}
+
+## Hiding specific containers
+
+Portainer lets you hide containers with a specific label by using the `-l` flag. Here's an example showing a container labeled `owner=acme`:
+
+```
+docker run -d --label owner=acme nginx
+```
+
+To hide this container, when starting Portainer add the `-l owner=acme` option on the CLI:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ee:latest -l owner=acme
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest -l owner=acme
+```
+{% endtab %}
+{% endtabs %}
+
+To hide multiple containers, repeat the `-l` flag:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ee:latest -l owner=acme -l service=secret
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest -l owner=acme -l service=secret
+```
+{% endtab %}
+{% endtabs %}
+
+## Using your own logo
+
+{% hint style="info" %}
+Images must be exactly 155px by 55px in size.
+{% endhint %}
+
+Replace our logo with your own using the `--logo` flag to specify the location of the image file:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ee:latest --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
+```
+{% endtab %}
+{% endtabs %}
+
+You can also update the logo in the Portainer UI (**Settings** menu).
+
+## Defining your own app templates
+
+{% hint style="info" %}
+We suggest hosting template files on [GitHub](https://www.github.com/) so Portainer can access them without authentication.
+{% endhint %}
+
+Portainer allows you to rapidly [deploy containers using app templates](../user/docker/templates/deploy-container.md). By default, Portainer templates will be used but you can also define your own.
+
+Templates are loaded once when Portainer is first started. If you already deployed a Portainer instance then decide to use your own templates, you’ll need to clear the default templates either in the user interface or through the HTTP API. Use the `--templates` flag to specify a URL where the template file can be accessed via HTTP.
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ee:latest --templates http://my-host.my-domain/templates.json
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce:latest --templates http://my-host.my-domain/templates.json
+```
+{% endtab %}
+{% endtabs %}
diff --git a/advanced/db-encryption.md b/advanced/db-encryption.md
new file mode 100644
index 0000000..e1bd028
--- /dev/null
+++ b/advanced/db-encryption.md
@@ -0,0 +1,168 @@
+# Encrypting the Portainer database
+
+Portainer uses a BoltDB database to store the configuration, kept in the `portainer_data` volume created during installation. This database can be encrypted for additional security through the use of a secret provided when the Portainer Server is started. Encryption can be added during the initial installation or at a later date.
+
+{% hint style="warning" %}
+At present, encryption of the database is not reversible.
+{% endhint %}
+
+## Docker Standalone
+
+To enable encryption on Docker Standalone, you will first need to create a secret key, then modify your docker run command to mount the secret in the container.
+
+### Create a secret
+
+Create a text file on the system running Docker Standalone that is accessible to the Docker executable, yet somewhere secure. For this example, we'll assume the file is called `/root/secrets/portainer_key`. In this file enter a secret. This will be the key used to encrypt the Portainer database.
+
+### Mount the secret
+
+If Portainer is already running, you will need to stop and remove the Portainer container before continuing:
+
+```
+docker stop portainer
+docker rm portainer
+```
+
+To encrypt the database, add a bind mount to the `docker run` command that mounts your secret in `/run/secrets/portainer`:
+
+```
+-v /root/secrets/portainer_key:/run/secrets/portainer
+```
+
+Your final `docker run` command may look like this:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer \
+ --restart=always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /root/secrets/portainer_key:/run/secrets/portainer \
+ portainer/portainer-ee:latest
+```
+
+When the Portainer container starts, it will encrypt any existing database, or for a fresh install will create a new encrypted database as part of the install process.
+
+## Docker Swarm
+
+To enable encryption on Docker Swarm, you will first need to create a secret. You will then either update the service to incorporate the new secret (if you have an existing Portainer installation) or edit the compose file used to create the stack to include the secret (if this is a fresh installation of Portainer).
+
+### Create a secret
+
+On a manager node, you can run the following command to create a secret:
+
+```
+echo "This is a secret" | docker secret create portainer_key -
+```
+
+Replace `This is a secret` with your secret. This will create a secret named `portainer_key`, which will be the key used to encrypt the Portainer database.
+
+{% hint style="info" %}
+You can also create a secret in Portainer if you are adding encryption to an existing installation.
+{% endhint %}
+
+### Existing installations: Update the service
+
+To add encryption to an existing Portainer deployment on Docker Swarm, you can use the following command on a manager node:
+
+```
+docker service update \
+ --secret-add src=portainer_key,target="/run/secrets/portainer" \
+ portainer
+```
+
+The service will add the new secret and encrypt the database.
+
+### New installations: Edit the compose file
+
+To install Portainer on Docker Swarm with encryption, you will need to edit the compose file you downloaded as part of the installation process. Add a secrets section to the `portainer` service definition:
+
+```
+secrets:
+ - portainer_key
+```
+
+This tells the service to use the `portainer_key` secret created earlier. With the secret added, your full `portainer` service definition may look like this:
+
+```
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify
+ ports:
+ - "9443:9443"
+ - "9000:9000"
+ - "8000:8000"
+ volumes:
+ - portainer_data:/data
+ networks:
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ secrets:
+ - portainer_key
+```
+
+Save your changes, then use the compose file to deploy your Portainer installation as covered in the Swarm installation instructions. The database will be deployed encrypted as part of the installation process.
+
+## Kubernetes
+
+To enable encryption on Kubernetes you will first need to create a secret. You will then mount this secret as a volume in Portainer.
+
+### Create a secret
+
+From the command line on your Kubernetes cluster, you can run the following command to create your secret:
+
+```
+kubectl create secret generic portainer-key --from-literal=secret=IAmASecretKey
+```
+
+Replace `IAmASecretKey` with your secret. This will create a secret named `portainer-key`, which will be the key used to encrypt the Portainer database.
+
+### Modify the YAML file
+
+Once the secret has been created, we need to modify the YAML file to mount the secret as a volume in Portainer. Download the YAML file for your particular deployment and locate the `container` definition for the `portainer` container. It should look something like this:
+
+```
+containers:
+ - name: portainer
+ image: "portainer/portainer-ee:latest"
+ imagePullPolicy: Always
+ args:
+ volumeMounts:
+ - name: data
+ mountPath: /data
+```
+
+In the `volumeMounts` section, add a definition for the secret created earlier:
+
+```
+volumeMounts:
+ - name: data
+ mountPath: /data
+ - name: portainer-key
+ mountPath: /run/secrets/portainer
+```
+
+We also need to add a definition to the `volumes` definition for the `spec`:
+
+```
+spec:
+ containers:
+ portainer:
+ ...
+ volumes:
+ - name: portainer-key
+ secret:
+ secret_name: portainer-key
+
+```
+
+Save the file, then apply it to your running configuration:
+
+```
+kubectl apply -f portainer.yaml
+```
+
+Replace `portainer.yaml` with the name of your modified YAML file.
diff --git a/advanced/deprecated.md b/advanced/deprecated.md
new file mode 100644
index 0000000..fcf7a1c
--- /dev/null
+++ b/advanced/deprecated.md
@@ -0,0 +1,14 @@
+# Deprecated and removed features
+
+This table lists deprecated and removed features and functionality that are no longer supported and should not be used. The **Deprecated** column shows the release in which the feature was tagged as deprecated. The **Remove** column shows the release in which the feature was or will be removed (TBD means 'to be decided').
+
+| Feature | Deprecated | Remove |
+| -------------------------------------------------------------------------------- | ---------- | ------ |
+| Enabling SSL via `--ssl` (now enabled by default) | 2.9.0 | TBD |
+| Disabling analytics via `--no-analytics` | 2.0 | TBD |
+| Kompose deployments | 2.15.0 | 2.17.0 |
+| Specifying external environments in JSON via `--external-endpoints` | | 2.0 |
+| Setting time between environment synchronization requests via `--sync-interval` | | 2.0 |
+| Disabling Portainer internal authentication via `--no-auth` | | 2.0 |
+| Specifying a templates file to load on first run via `--templates-file` | | 2.0 |
+| Preventing Portainer from running a snapshot of environments via `--no-snapshot` | | 2.0 |
diff --git a/advanced/docker-roles-and-permissions.md b/advanced/docker-roles-and-permissions.md
new file mode 100644
index 0000000..7ca2882
--- /dev/null
+++ b/advanced/docker-roles-and-permissions.md
@@ -0,0 +1,94 @@
+# Docker roles and permissions
+
+This document describes the permission levels each [RBAC role](../admin/users/roles.md) has within the Portainer application for both Docker Standalone and Docker Swarm environments. Refer to the linked notes for further requirements on each operation.
+
+{% hint style="info" %}
+Role-Based Access Control is only available in Portainer Business Edition.
+{% endhint %}
+
+## Legend
+
+
+
+### Stacks
+
+Access to these operations can be affected by the **Disable the use of Stacks for non-administrators** security setting ([Docker](../user/docker/host/setup.md#docker-security-settings), [Swarm](../user/docker/swarm/setup.md#docker-security-settings)).
+
+
+
+
+
+## Notes
+
+1. Standard / Read only users (and Operators in the case of ownership operations) have permission only if they are given access to the resource. This can be inherited, for example inheriting a service from a stack.
+2. This operation is only relevant for Swarm environments.
+3. This operation can be affected by the following security settings ([Docker](../user/docker/host/setup.md#docker-security-settings), [Swarm](../user/docker/swarm/setup.md#docker-security-settings)):
+ 1. **Disable privileged mode for non-administrators**
+ 2. **Disable the use of host PID 1 for non-administrators**
+ 3. **Disable device mappings for non-administrators**
+ 4. **Disable container capabilities for non-administrators**
+ 5. **Disable bind mounts for non-administrators**
+4. This operation can be affected by the **Enable volume management for non-administrators** setting ([Docker](../user/docker/host/setup.md#enable-volume-management-for-non-administrators), [Swarm](../user/docker/swarm/setup.md#host-and-filesystem)), and requires the use of the Portainer Agent.
+5. This operation can only be performed under the allowed registry.
diff --git a/advanced/edge-agent.md b/advanced/edge-agent.md
new file mode 100644
index 0000000..94c8430
--- /dev/null
+++ b/advanced/edge-agent.md
@@ -0,0 +1,76 @@
+# The Portainer Edge Agent
+
+## The back story
+
+
For standard deployments, we used to assume that the Portainer instance and any environments shared the same network and could communicate seamlessly. If remote environments were on a different network (say, across the Internet) we could not manage them.
+
+Then we changed the Edge agent architecture so only the environments need to access Portainer. There is now no need to expose the Portainer agents to the Internet.
+
+Portainer now requires that only the `9443` and `8000` TCP ports are exposed. We used to serve the UI and the Portainer API from port `9000`, but we extended the API to allow the remote agents to poll for instructions. Port `8000` is a TLS tunnel server used to create a secure tunnel between the agent and the Portainer instance. More about that soon.
+
+{% hint style="warning" %}
+If your Portainer instance is deployed with TLS, the agent will use HTTPS for the connection it makes back to Portainer. However, if your Portainer instance uses a self-signed certificate, the Edge Agent must be deployed with the `-e EDGE_INSECURE_POLL=1` flag. If you do not deploy the Edge Agent with this flag, the agent won't be able to communicate with the Portainer instance.
+{% endhint %}
+
+## Creating an Edge Agent in Portainer
+
+
When you create an Edge Agent, you are first asked for a human-friendly endpoint name. You are then asked to confirm the FQDN:PORT of your Portainer instance. This is what agents will use to connect, so make sure it’s correct and that the DNS resolves.
+
+During the creation process, an Edge ID is dynamically generated. This is a random UUID which is assigned to each environment. You can see it in the command syntax which is provided during the setup process.
+
+
+
+
The Edge ID and the join token are unique per environment. The join token (`EDGE_KEY`) is made up of the following base64 encoded data separated by the pipe (`|`) character:
+
+* The Portainer instance API URL. This is how the Edge Agent knows how to ‘call home’ to your Portainer instance.
+* The Portainer instance reverse tunnel server address. This is identical to the API URL (unless [changed during deployment](../admin/environments/add/docker/edge.md#deploying) or in [Edge Compute settings](../admin/settings/edge.md#edge-compute-settings)) but with the tunnel server port (`8000` is the default).
+* The environment identifier key (endpoint ID).
+* The Portainer instance reverse-tunnel server fingerprint (prevents MITM when creating a tunnel).
+
+Use the command syntax to deploy an Edge Agent across your remote node or remote swarm cluster.
+
+## How Portainer and the Edge Agent communicate
+
+### Polling
+
+
Agents poll the Portainer instance every 5 seconds by default (this is defined in Portainer settings).
+
+### Connection process and checks
+
+The agent says to Portainer, “Hi, I'm an agent. My join token is `abc123`. Do you need me right now?”. Portainer checks its database to ensure the Edge UUID and the join token match. If no UUID can be associated with the join token provided, Portainer will associate the UUID provided by the agent to the environment’s join token.
+
+If the UUID/join token do not match, the connection is rejected. If the UUID/join token match, the Portainer instance responds with either: "No, I don’t need you. Please check in again in X seconds." (where X is the agent polling frequency), or "Yes, I do need you. Please connect using these tunnel credentials.”.
+
+{% hint style="info" %}
+Portainer encrypts the tunnel credentials using the Edge UUID as the encryption key (intended as one-time-use credentials).
+{% endhint %}
+
+### Opening a tunnel between the agent and Portainer
+
+Once confirmation is received, the Edge Agent decrypts the credentials and opens a tunnel on port `8000` to the Portainer instance. If a remote environment is a swarm cluster, every node will run an instance of the agent (and every instance will poll Portainer). The 'you are required' flag causes the first agent in the cluster to establish the tunnel. Once in place, Portainer can then query the agent where the tunnel is open. If the tunnel closes for any reason, the agent will immediately re-establish it.
+
+### When Portainer forces the Edge Agent to establish a tunnel
+
+Sometimes Portainer will ask the agent to establish a tunnel. This happens when an admin selects an Edge environment for interactive management via the Portainer UI or the API. Once selected, the 'you are required' flag triggers the connection process. If default settings are in use, it takes about 10 seconds for the agent to poll and establish a tunnel. That’s about 5 seconds wait time until polling then a few seconds for the tunnel to open. The admin is shown this message while this happens:
+
+
+
+
+
+
+
+### Terminating the connection
+
+The agent keeps a record of when Portainer last communicated with it. After 5 minutes of inactivity, it sends a snapshot of the current config to Portainer for its records, closes the tunnel and revokes the credentials. When admins have an active session with an Edge environment, ‘keep alives’ are sent every minute (even if the admin is not performing a task) so they are not kicked out by mistake.
+
+## Network performance
+
+### Adjusting the polling frequency to improve performance
+
+Thousands of endpoints polling Portainer every 5 seconds is a lot. That’s about 324b/second per agent, not per environment. If you don’t do a lot of environment admin, we suggest you go into Portainer settings and increase the polling frequency. Simply change it back when you need to do some admin so you are not kept waiting.
+
+
+
+### Ongoing improvements
+
+We load-tested Portainer with 15,000 actively connected environments with a polling frequency of 5 seconds. This generated 7Mbps of network traffic to the Portainer instance, and Portainer needed 4 CPUs to handle the encryption/tunnel load. This Edge Agent release is our first attempt at massive-scale centralized management. Our end goal is to reduce the network overhead associated with polling.
diff --git a/advanced/helm-chart-configuration-options.md b/advanced/helm-chart-configuration-options.md
new file mode 100644
index 0000000..330198f
--- /dev/null
+++ b/advanced/helm-chart-configuration-options.md
@@ -0,0 +1,34 @@
+# Helm chart configuration options
+
+The following table lists the configurable parameters of the Portainer Helm chart and their default values. Find the values file under `deploy/helm/portainer/values.yaml`.
+
+| Parameter | Description | Default |
+| ---------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------- |
+| `replicaCount` | Number of Portainer service replicas (always set to 1). | `1` |
+| `image.repository` | Portainer Docker Hub repository. | `portainer/portainer-ce` |
+| `image.tag` | Tag for the Portainer image. | `latest` |
+| `image.pullPolicy` | Portainer image-pulling policy. | `IfNotPresent` |
+| `imagePullSecrets` | If the Portainer image needs to be in a private repository. | `nil` |
+| `nodeSelector` | Used to apply a nodeSelector to the deployment. | `{}` |
+| `serviceAccount.annotations` | Annotations to add to the service account. | `null` |
+| `serviceAccount.name` | The name of the service account to use. | `portainer-sa-clusteradmin` |
+| `service.type` | Service type for the main Portainer Service. Valid values: `ClusterIP`, `NodePort`, `LoadBalancer`. | `LoadBalancer` |
+| `service.httpPort` | HTTP port for accessing the Portainer web interface. | `9000` |
+| `service.httpNodePort` | Static NodePort for accessing the Portainer web interface. Specify only if the type is `NodePort`. | `30777` |
+| `service.edgePort` | TCP port for accessing Portainer Edge. | `8000` |
+| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is `NodePort`. | `30776` |
+| `service.annotations` | Annotations to add to the service. | `{}` |
+| `ingress.enabled` | Creates an ingress for Portainer. | `false` |
+| `ingress.annotations` |
Annotations to add to the ingress. For example: kubernetes.io/ingress.class: nginx
| `{}` |
+| `ingress.hosts.host` | URL for Portainer Web. For example, `portainer.example.io`. | `nil` |
+| `ingress.hosts.paths.path` | Path for the Portainer web interface. | `/` |
+| `ingress.hosts.paths.port` | Port for the Portainer web interface. | `9000` |
+| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance. | `[]` |
+| `resources` | Portainer resource requests and limits. | `{}` |
+| `persistence.enabled` | Whether or not to enable data persistence. | `true` |
+| `persistence.existingClaim` | Name of an existing PVC to use for data persistence. | `nil` |
+| `persistence.size` | Size of the PVC used for persistence. | `10Gi` |
+| `persistence.annotations` | Annotations to apply to PVC used for persistence. | `{}` |
+| `persistence.storageClass` | StorageClass to apply to PVC used for persistence. | `default` |
+| `persistence.accessMode` | AccessMode for persistence. | `ReadWriteOnce` |
+| `persistence.selector` | Selector for persistence. | `nil` |
diff --git a/advanced/kubernetes-roles-and-bindings.md b/advanced/kubernetes-roles-and-bindings.md
new file mode 100644
index 0000000..5c3d2f5
--- /dev/null
+++ b/advanced/kubernetes-roles-and-bindings.md
@@ -0,0 +1,119 @@
+# Kubernetes roles and bindings
+
+{% hint style="info" %}
+Role-Based Access Control is only available in Portainer Business Edition.
+{% endhint %}
+
+When managing a Kubernetes environment with Portainer, the Role-Based Access Control (RBAC) configuration is based on two components:
+
+* Kubernetes' cluster roles and namespace roles (which restrict access to Kubernetes itself)
+* Portainer's authorization flags (which [restrict access](kubernetes-roles-and-bindings.md#portainer-access-restrictions) to Portainer's functionality)
+
+The following tables provide a reference for how our Portainer roles map to capabilities within Kubernetes.
+
+## Role Allocations
+
+| Portainer Role | Cluster Role Binding | Namespace Role Binding |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Environment Administrator | cluster-admin (k8s system) | N/A |
+| Operator | [portainer-operator](kubernetes-roles-and-bindings.md#portainer-operator), [portainer-helpdesk](kubernetes-roles-and-bindings.md#portainer-helpdesk) | [portainer-view](kubernetes-roles-and-bindings.md#portainer-view) (all non-system namespaces) |
+| User | [portainer-basic](kubernetes-roles-and-bindings.md#portainer-basic) | [portainer-edit](kubernetes-roles-and-bindings.md#portainer-edit), [portainer-view](kubernetes-roles-and-bindings.md#portainer-view) (only assigned namespaces) |
+| Helpdesk | [portainer-helpdesk](kubernetes-roles-and-bindings.md#portainer-helpdesk) | [portainer-view](kubernetes-roles-and-bindings.md#portainer-view) (all non-system namespaces) |
+| Read-Only | [portainer-basic](kubernetes-roles-and-bindings.md#portainer-basic) | [portainer-view](kubernetes-roles-and-bindings.md#portainer-view) (only assigned namespaces) |
+
+## Cluster Roles
+
+### portainer-basic
+
+| API Group | Resources | Verbs |
+| ----------------- | ----------------------- | --------- |
+| (Empty) | namespaces, nodes | get, list |
+| storage.k8s.io | storageclasses | list |
+| metrics.k8s.io | namespaces, pods, nodes | get, list |
+| networking.k8s.io | ingressclasses | list |
+
+### portainer-helpdesk
+
+| API Group | Resources | Verbs |
+| ----------------- | ------------------------------------------------------- | ---------------- |
+| (Empty) | componentstatuses, endpoints, events, namespaces, nodes | get, list, watch |
+| storage.k8s.io | storageclasses | get, list, watch |
+| networking.k8s.io | ingresses | get, watch |
+| networking.k8s.io | ingressclasses | list |
+| metrics.k8s.io | pods, nodes, nodes/stats, namespace | get, list, watch |
+
+### portainer-operator
+
+| API Group | Resources | Verbs |
+| -------------- | ------------------------------------- | ---------------- |
+| (Empty) | configmaps | update |
+| (Empty) | pods | delete |
+| apps | daemonsets, deployments, statefulsets | patch |
+| metrics.k8s.io | pods, nodes, nodes/stats, namespaces | get, list, watch |
+
+## Namespace Roles
+
+### portainer-edit
+
+| API Group | Resources | Verbs |
+| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
+| (Empty) | configmaps, endpoints, persistentvolumeclaims, pods, pods/attach, pods/exec, pods/portforward, pods/proxy, replicationcontrollers, replicationcontrollers/scale, secrets, serviceaccounts, services, services/proxy | create, delete, deletecollection, patch, update |
+| (Empty) | pods/attach, pods/exec, pods/portforward, pods/proxy, secrets, services/proxy | get, list, watch |
+| apps | daemonsets, deployments, deployments/rollback, deployments/scale, replicasets, replicasets/scale, statefulsets, statefulsets/scale | create, delete, deletecollection, patch, update |
+| autoscaling | horizontalpodautoscalers | create, delete, deletecollection, patch, update |
+| batch | cronjobs, jobs | create, delete, deletecollection, patch, update |
+| extensions | daemonsets, deployments, deployments/rollback, deployments/scale, ingresses, networkpolicies, replicasets, replicasets/scale, replicationcontrollers/scale | create, delete, deletecollection, patch, update |
+| networking.k8s.io | ingresses, networkpolicies | create, delete, deletecollection, patch, update |
+| policy | poddisruptionbudgets | create, delete, deletecollection, patch, update |
+
+### portainer-view
+
+| API Group | Resources | Verbs |
+| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| (Empty) | bindings, componentstatuses, configmaps, endpoints, events, limitranges, namespaces, namespaces/status, persistentvolumeclaims, persistentvolumeclaims/status, pods, pods/log, pods/status, replicationcontrollers, replicationcontrollers/scale, replicationcontrollers/status, resourcequotas, resourcequotas/status, secrets, serviceaccounts, services, services/status | get, list, watch |
+| apps | controllerrevisions, daemonsets, daemonsets/status, deployments, deployments/scale, deployments/status, replicasets, replicasets/scale, replicasets/status, statefulsets, statefulsets/scale, statefulsets/status | get, list, watch |
+| autoscaling | horizontalpodautoscalers, horizontalpodautoscalers/status | get, list, watch |
+| batch | cronjobs, cronjobs/status, jobs, jobs/status | get, list, watch |
+| extensions | daemonsets, daemonsets/status, deployments, deployments/scale, deployments/status, ingresses, ingresses/status, networkpolicies, replicasets, replicasets/scale, replicasets/status, replicationcontrollers/scale | get, list, watch |
+| networking.k8s.io | ingresses, ingresses/status, networkpolicies | get, list, watch |
+| policy | poddisruptionbudgets, poddisruptionbudgets/status | get, list, watch |
+
+## Portainer Access Restrictions
+
+| Function | Endpoint admin | Operator | Helpdesk | Standard User | Read-only User |
+| --------------------------- | -------------- | ------------------ | ------------------ | ------------------ | ------------------ |
+| Namespace Scope | All | All, EXCEPT System | All, EXCEPT System | Default + Assigned | Default + Assigned |
+| Namespaces | RW | R | R | R | R |
+| Namespace Details | RW | R | R | R | R |
+| Namespace Access Management | RW | | | | |
+| Applications | RW | R | R | RW | R |
+| Application Details | RW | R | R | RW | R |
+| Pod Delete | Yes | Yes | | | |
+| Application Console | RW | RW | | | |
+| Advanced Deployment | RW | | | RW | |
+| ConfigMaps & Secrets | RW | R | R | RW | R |
+| ConfigMap & Secret Details | RW | RW | R | RW | R |
+| Volumes | RW | R | R | RW | R |
+| Volume Details | RW | R | R | RW | R |
+| Cluster | RW | R | R | | |
+| Cluster Node View | RW | R | R | | |
+| Cluster Setup | RW | | | | |
+| Application Error Details | R | R | R | | |
+| Storage Class Disabled | R | R | R | | |
+
+## Community Edition
+
+The following tables cover the two roles available in Portainer Community Edition (CE). Note there is no Portainer access restriction in Portainer CE.
+
+| Portainer Role | Cluster Role Binding | Namespace Role Binding |
+| -------------- | ----------------------------------------------------------------------- | ------------------------------------------------- |
+| Admin | (no restriction) | (no restriction) |
+| User | [portainer-cr-user](kubernetes-roles-and-bindings.md#portainer-cr-user) | edit (default k8s role, only assigned namespaces) |
+
+### portainer-cr-user
+
+| API Group | Resources | Verbs |
+| ----------------- | ----------------- | ----- |
+| (Empty) | namespaces, nodes | list |
+| storage.k8s.io | storageclasses | list |
+| networking.k8s.io | ingresses | list |
diff --git a/advanced/mtls.md b/advanced/mtls.md
new file mode 100644
index 0000000..6b04b63
--- /dev/null
+++ b/advanced/mtls.md
@@ -0,0 +1,238 @@
+# Using mTLS with Portainer
+
+Mutual TLS (or **mTLS**) is a certificate-based system whereby the client and server (in this case, the Portainer Edge Agent and the Portainer Server) authenticate each other cryptographically via a trusted source (a certificate authority). This can be used as an extra layer of security to protect the communications between the Edge Agent and Portainer. Under this setup, if a third-party system attempts to communicate with the Portainer Server and is not using a certificate signed by the certificate authority it will be rejected.
+
+This article will walk you through the process of deploying the Portainer Server and the Edge Agents with mTLS support.
+
+{% hint style="info" %}
+mTLS support is only available in Portainer Business Edition.
+{% endhint %}
+
+## Requirements
+
+In order to configure Portainer with mTLS support, you will need the following:
+
+* A Portainer Server and a Portainer Edge Agent.
+* A certificate authority (CA). You can use your own corporate CA or a CA for which you completely control the certificate issuance policy.
+* The CA certificate for your certificate authority, in PEM format (`mtlsca.crt`).
+* A domain (or subdomain) you can point to your Portainer Server instance to be specifically used for mTLS. This will be the domain the server certificate is issued for.
+* A server certificate (`mtlsserver.crt`) and corresponding key (`mtlsserver.key`) issued by your CA for the Portainer Server, in PEM format. Ensure these are issued with `serverAuth` selected for `extendedKeyUsage`. This certificate should have the domain (or subdomain) that will be used for mTLS as the Subject Alternative Name (SAN).
+* A client certificate (`client.crt`) and corresponding key (`client.key`) issued by your CA for the Edge Agent, in PEM format. Ensure these are issued with `clientAuth` selected for `extendedKeyUsage`.
+
+## Configuring the Portainer Server
+
+To use mTLS with your Edge Agents, the Portainer Server instance must be configured with mTLS support. This can either be done during the initial installation of the Portainer Server instance, or after installation through the [Edge Compute settings](../admin/settings/edge.md#mtls-certificate).
+
+### Configure mTLS during installation
+
+When deploying your Portainer Server, you will need to make the CA certificate, server certificate and server key available to Portainer. How you do this will depend on your deployment.
+
+#### Docker Standalone
+
+On your Docker host, upload your CA certificate (`mtlsca.crt`), server certificate (`mtlsserver.crt`) and server key (`mtlsserver.key`) into a directory that will be bind mounted into the Portainer container. In this example we assume your certificates are located at `/root/certs`.
+
+Modify your `docker run` command to mount the `/root/certs` directory to `/certs` and add the `--mtlscacert`, `--mtlscert`, and `--mtlskey` options:
+
+```bash
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /root/certs:/certs
+ portainer/portainer-ee:latest \
+ --mtlscacert /certs/mtlsca.crt \
+ --mtlscert /certs/mtlsserver.crt \
+ --mtlskey /certs/mtlsserver.key
+
+```
+
+This will start Portainer using your provided CA and certificates.
+
+#### Docker Swarm
+
+To add mTLS certificates to Portainer Server on Docker Swarm during installation, we recommend adding the necessary files as secrets and then referencing those secrets within the YAML used to deploy Portainer.
+
+First, upload your CA certificate (`mtlsca.crt`), server certificate (`mtlsserver.crt`) and server key (`mtlsserver.key`) into a directory that will be referenced by the secret creation. In this example we assume your certificates are located at `/root/certs`. Once you have uploaded the files, create your secrets as follows:
+
+```
+docker secret create portainer.mtlscacert /root/certs/mtlsca.crt
+docker secret create portainer.mtlscert /root/certs/mtlsserver.crt
+docker secret create portainer.mtlskey /root/certs/mtlsserver.key
+```
+
+Modify your Portainer YAML file to attach the secrets and add the `--mtlscacert`, `--mtlscert` and `--mtlskey` options:
+
+```yaml
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify --mtlscacert /run/secrets/portainer.mtlscacert --mtlscert /run/secrets/portainer.mtlscert --mtlskey /run/secrets/portainer.mtlskey
+ ports:
+ - "9443:9443"
+ - "9000:9000"
+ - "8000:8000"
+ volumes:
+ - portainer_data:/data
+ networks:
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ secrets:
+ - portainer.mtlscacert
+ - portainer.mtlsscert
+ - portainer.mtlskey
+```
+
+and to add the `secrets` definitions to include the secrets we just created:
+
+```yaml
+secrets:
+ portainer.mtlscacert:
+ external: true
+ portainer.mtlscert:
+ external: true
+ portainer.mtlskey:
+ external: true
+```
+
+#### Kubernetes (via Helm)
+
+If it doesn't already exist, create the `portainer` namespace:
+
+```
+kubectl create namespace portainer
+```
+
+Next, create a secret containing the CA, certificate and matching private key:
+
+```
+kubectl create secret generic portainer-mtls-certs-secret -n portainer \
+ --from-file=mtlsca.crt=ca.crt \
+ --from-file=mtlscert.crt=server.crt \
+ --from-file=mtlskey.key=server.key
+```
+
+Replace `ca.crt`, `server.crt` and `server.key` in the above command with the paths to your CA certificate, certificate and matching key respectively.
+
+Install Portainer via Helm with the `mtls.existingSecret` parameter set to the name of the secret you just created:
+
+{% tabs %}
+{% tab title="NodePort" %}
+```
+helm install -n portainer portainer portainer/portainer \
+ --set mtls.existingSecret=portainer-mtls-certs-secret \
+ --set enterpriseEdition.enabled=true
+```
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+```
+helm install -n portainer portainer portainer/portainer \
+ --set mtls.existingSecret=portainer-mtls-secret \
+ --set service.type=LoadBalancer \
+ --set enterpriseEdition.enabled=true
+```
+{% endtab %}
+{% endtabs %}
+
+### Configure mTLS post installation
+
+If you already have Portainer Server deployed, you can configure mTLS support through the Portainer UI.
+
+As an admin user, from the left menu select **Settings** then **Edge Compute**. Toggle on **Enable Edge Compute features** if it isn't already on and click **Save Settings**. Then scroll down to the **mTLS Certificate** section.
+
+
+
+Here you can enable the use of mTLS with the **Use separate mTLS cert** toggle, and upload the CA certificate, server certificate and server key using the buttons for **TLS CA certificate**, **TLS certificate** and **TLS key** respectively.
+
+## Deploying the Edge Agents
+
+Once you have the Portainer Server instance configured to use mTLS, you can then configure your Edge Agent deployments to use it as well.
+
+When deploying an Edge Agent you will be provided with a command to run by the Portainer UI. We will take that command and modify it for mTLS support.
+
+### Docker Standalone
+
+On your Docker host, upload your CA certificate (`mtlsca.crt`), client certificate (`client.crt`) and client key (`client.key`) into a directory that will be bind mounted into the Edge Agent container. In this example we assume your certificates are located at `/root/certs`.
+
+Once the certificates are in place and the secrets created, you can begin to set up your Edge Agent within the Portainer UI.
+
+{% hint style="warning" %}
+When doing so, remember to use the domain (or subdomain) you chose for mTLS usage (and that the server certificate was issued for) as the Portainer API server URL and tunnel address (if appropriate).
+{% endhint %}
+
+When you have completed the Edge Agent setup in the Portainer UI and have your deployment command, modify the command to mount the `/root/certs` directory to `/certs`, change the `EDGE_INSECURE_POLL` option to `0`, and add the `--mtlscacert`, `--mtlscert`, and `--mtlskey` options:
+
+```bash
+docker run -d \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v /var/lib/docker/volumes:/var/lib/docker/volumes \
+ -v /:/host \
+ -v /root/certs:/certs
+ -v portainer_agent_data:/data \
+ --restart always \
+ -e EDGE=1 \
+ -e EDGE_ID=your-edge-id \
+ -e EDGE_KEY=your-edge-key \
+ -e EDGE_INSECURE_POLL=0 \
+ --name portainer_edge_agent \
+ portainer/agent:latest \
+ --mtlscacert /certs/mtlsca.crt \
+ --mtlscert /certs/client.crt \
+ --mtlskey /certs/client.key
+```
+
+Run the command to deploy your Edge Agent with mTLS support.
+
+### Docker Swarm
+
+To add mTLS certificates to the Edge Agent, we recommend adding the necessary files as secrets and then referencing those secrets within the YAML used to deploy Portainer.
+
+First, upload your CA certificate (`mtlsca.crt`), client certificate (`client.crt`) and client key (`client.key`) into a directory that will be referenced by the secret creation. In this example we assume your certificates are located at `/root/certs`. Once you have uploaded the files, create your secrets as follows:
+
+```
+docker secret create portainer.mtlscacert /root/certs/mtlsca.crt
+docker secret create portainer.mtlscert /root/certs/client.crt
+docker secret create portainer.mtlskey /root/certs/client.key
+```
+
+Once the certificates are in place and the secrets created, you can begin to set up your Edge Agent within the Portainer UI.
+
+{% hint style="warning" %}
+When doing so, remember to use the domain (or subdomain) you chose for mTLS usage (and that the server certificate was issued for) as the Portainer API server URL and tunnel address (if appropriate).
+{% endhint %}
+
+When you have completed the Edge Agent setup in the Portainer UI and have your deployment command, modify the command to change the `EDGE_INSECURE_POLL` option to `0` and add the `--mtlscacert`, `--mtlscert` and `--mtlskey` options, using the secrets we defined above:
+
+```bash
+docker network create \
+ --driver overlay \
+ portainer_agent_network;
+
+docker service create \
+ --name portainer_edge_agent \
+ --network portainer_agent_network \
+ -e EDGE=1 \
+ -e EDGE_ID=your-edge-id \
+ -e EDGE_KEY=your-edge-key \
+ -e EDGE_INSECURE_POLL=0 \
+ -e AGENT_CLUSTER_ADDR=tasks.portainer_edge_agent \
+ --mode global \
+ --constraint 'node.platform.os == linux' \
+ --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
+ --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
+ --mount type=bind,src=//,dst=/host \
+ --mount type=volume,src=portainer_agent_data,dst=/data \
+ portainer/agent:latest \
+ --mtlscacert /run/secrets/portainer.mtlscacert \
+ --mtlscert /run/secrets/portainer.mtlscert \
+ --mtlskey /run/secrets/portainer.mtlskey
+
+```
+
+Run the commands to deploy your Edge Agent with mTLS support.
+
+### Kubernetes
+
+At present, mTLS support for the Portainer Agent running on a Kubernetes environment is a work in progress. If you require instructions for deploying a Portainer Agent with mTLS on a Kubernetes environment, please [get in touch with our support team](../#getting-support).
diff --git a/advanced/reset-admin.md b/advanced/reset-admin.md
new file mode 100644
index 0000000..7d82c0b
--- /dev/null
+++ b/advanced/reset-admin.md
@@ -0,0 +1,152 @@
+# Reset the admin user's password
+
+If your Portainer admin forgets their password, follow these steps to reset it. There are three methods depending on your Portainer environment.
+
+## Method 1: Resetting the admin password if Portainer runs as a container
+
+{% hint style="info" %}
+You would typically use this method if you run the Portainer Server on Docker Standalone.
+{% endhint %}
+
+First, go to our [reset password container helper](https://github.com/portainer/helper-reset-password) in GitHub, then stop the Portainer container by running this command:
+
+```
+docker stop "id-portainer-container"
+```
+
+Next, run the helper using the following command (you'll need to mount the Portainer data volume):
+
+```
+docker pull portainer/helper-reset-password
+docker run --rm -v portainer_data:/data portainer/helper-reset-password
+```
+
+If successful, the output should look like this:
+
+```
+2020/06/04 00:13:58 Password successfully updated for user: admin
+2020/06/04 00:13:58 Use the following password to login: &_4#\3^5V8vLTd)E"NWiJBs26G*9HPl1
+```
+
+If the helper is unable to find an admin user to update, it will create a new one for you. If the username `admin` is already used, it will create a user named `admin-[randomstring]`:
+
+```
+2022/08/10 07:36:33 [WARN] Unable to retrieve user with ID 1, will try to create, err: object not found inside the database
+2022/08/10 07:36:33 Admin user admin-u0512b3f0v4dqk7o successfully created
+2022/08/10 07:36:33 Use the following password to login: Sr#]YL_6D0k8Pd{pA9^|}F32j5J4I=av
+```
+
+Finally, use this command to start the Portainer container then try logging in with the new password:
+
+```
+docker start "id-portainer-container"
+```
+
+## Method 2: Resetting the admin password if Portainer runs as a stack/service
+
+{% hint style="info" %}
+You would typically use this method if you run the Portainer Server on Docker Swarm.
+{% endhint %}
+
+First, scale the Portainer service to zero using this command:
+
+```
+docker service scale portainer_portainer=0
+```
+
+Next, run the [reset password container helper](https://github.com/portainer/helper-reset-password) using the same bind-mount/volume as the data volume:
+
+```
+docker pull portainer/helper-reset-password
+docker run --rm -v portainer_portainer_data:/data portainer/helper-reset-password
+```
+
+If successful, the output should look like this:
+
+```
+2020/06/04 00:13:58 Password successfully updated for user: admin
+2020/06/04 00:13:58 Use the following password to login: &_4#\3^5V8vLTd)E"NWiJBs26G*9HPl1
+```
+
+If the helper is unable to find an admin user to update, it will create a new one for you. If the username `admin` is already used, it will create a user named `admin-[randomstring]`:
+
+```
+2022/08/10 07:36:33 [WARN] Unable to retrieve user with ID 1, will try to create, err: object not found inside the database
+2022/08/10 07:36:33 Admin user admin-u0512b3f0v4dqk7o successfully created
+2022/08/10 07:36:33 Use the following password to login: Sr#]YL_6D0k8Pd{pA9^|}F32j5J4I=av
+```
+
+Finally, start up the Portainer service scaling using this command then try logging in with the new password:
+
+```
+docker service scale portainer_portainer=1
+```
+
+## Method 3: Resetting the admin password if Portainer is deployed in a Kubernetes cluster
+
+{% hint style="info" %}
+You would typically use this method if you run the Portainer Server on a Kubernetes cluster.
+{% endhint %}
+
+First, scale the Portainer deployment to zero using this command:
+
+```
+kubectl scale deploy portainer --replicas=0 -n portainer
+```
+
+Next, create a pod using the [reset password container helper](https://github.com/portainer/helper-reset-password) image and mount the Portainer data volume. Create a pod YAML file using the command below:
+
+{% hint style="info" %}
+You may need to change the YAML below to match your Portainer deployment (for example if using a different `claimName`).
+{% endhint %}
+
+```
+cat > passreset.yml<< EOF
+apiVersion: v1
+kind: Pod
+metadata:
+ name: passreset
+spec:
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: portainer
+ containers:
+ - name: passreset
+ image: portainer/helper-reset-password
+ volumeMounts:
+ - mountPath: "/data"
+ name: data
+EOF
+```
+
+Create the password reset pod using the command below:
+
+```
+kubectl apply -f passreset.yml -n portainer
+```
+
+Once the new pod is created and transitions into a completed state, you can see the new password in the pod logs:
+
+```
+kubectl logs passreset -n portainer
+```
+
+If successful, the output should look something like this:
+
+```
+2020/06/04 00:13:58 Password successfully updated for user: admin
+2020/06/04 00:13:58 Use the following password to login: &_4#\3^5V8vLTd)E"NWiJBs26G*9HPl1
+```
+
+Finally, scale up the Portainer deployment using this command then try logging in with the new password:
+
+```
+kubectl scale deploy portainer --replicas=1 -n portainer
+```
+
+You can delete the password reset pod using the below command:
+
+```
+kubectl delete pod passreset -n portainer
+```
diff --git a/advanced/reverse-proxy/README.md b/advanced/reverse-proxy/README.md
new file mode 100644
index 0000000..76d2a8a
--- /dev/null
+++ b/advanced/reverse-proxy/README.md
@@ -0,0 +1,12 @@
+# Using Portainer with reverse proxies
+
+If you need to, you can run Portainer behind a reverse proxy. We have guides for Traefik and nginx:
+
+{% content-ref url="traefik.md" %}
+[traefik.md](traefik.md)
+{% endcontent-ref %}
+
+{% content-ref url="nginx.md" %}
+[nginx.md](nginx.md)
+{% endcontent-ref %}
+
diff --git a/advanced/reverse-proxy/nginx.md b/advanced/reverse-proxy/nginx.md
new file mode 100644
index 0000000..87615ba
--- /dev/null
+++ b/advanced/reverse-proxy/nginx.md
@@ -0,0 +1,265 @@
+# Deploying Portainer behind nginx reverse proxy
+
+## Deploying in a Docker Standalone scenario
+
+To deploy Portainer behind an nginx proxy in a Docker standalone scenario you must use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the nginx proxy and the Portainer Server.
+
+{% hint style="info" %}
+This example uses the excellent [nginxproxy/nginx-proxy](https://hub.docker.com/r/nginxproxy/nginx-proxy) image as the proxy container, which requires no additional configuration beyond the two environment variables added to the `portainer` container's definition.
+{% endhint %}
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+version: "2"
+
+services:
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy
+ restart: always
+ ports:
+ - "80:80"
+ volumes:
+ - "/var/run/docker.sock:/tmp/docker.sock:ro"
+
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H unix:///var/run/docker.sock
+ restart: always
+ environment:
+ - VIRTUAL_HOST=portainer.yourdomain.com
+ - VIRTUAL_PORT=9000
+ ports:
+ - 8000:8000
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - portainer_data:/data
+
+volumes:
+ portainer_data:
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+version: "2"
+
+services:
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy
+ restart: always
+ ports:
+ - "80:80"
+ volumes:
+ - "/var/run/docker.sock:/tmp/docker.sock:ro"
+
+ portainer:
+ image: portainer/portainer-ce:latest
+ command: -H unix:///var/run/docker.sock
+ restart: always
+ environment:
+ - VIRTUAL_HOST=portainer.yourdomain.com
+ - VIRTUAL_PORT=9000
+ ports:
+ - 8000:8000
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - portainer_data:/data
+
+volumes:
+ portainer_data:
+```
+{% endtab %}
+{% endtabs %}
+
+To start working with this recipe, change the `VIRTUAL_HOST` value then deploy Portainer by running the following:
+
+```
+docker-compose up -d
+```
+
+When this has finished, run `docker ps` . You should see an output similar to this:
+
+```
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+8c8f2eac7c9a portainer/portainer-ee:latest "/portainer -H unix:…" 4 minutes ago Up 4 minutes 9000/tcp, 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 9443/tcp portainer_portainer_1
+3e7c8b5d71d7 nginxproxy/nginx-proxy "/app/docker-entrypo…" 4 minutes ago Up 4 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp portainer_nginx-proxy_1
+```
+
+Once the deployment has finished you can browse `portainer.yourdomain.com`.
+
+## Deploying in a Docker Swarm scenario
+
+Deploying Portainer in Docker Swarm behind nginx has similar steps to the Docker Standalone scenario. Before deploying, you need to create two elements: networks and volumes.
+
+{% hint style="warning" %}
+This deployment assumes you are running one manager node. If you are using multiple managers we advise [reading this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+{% endhint %}
+
+First, create two networks:
+
+* One for the agent and the communication with the Portainer Server.
+* One to 'expose' the Portainer container to the same network as the reverse proxy.
+
+```
+ docker network create -d overlay proxy
+```
+
+```
+ docker network create -d overlay agent_network
+```
+
+Next, create the volume:
+
+```
+ docker volume create portainer_data
+```
+
+And finally, save the following recipe as `portainer.yml`:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+version: '3.2'
+
+services:
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy
+ networks:
+ - proxy
+ ports:
+ - "80:80"
+ volumes:
+ - "/var/run/docker.sock:/tmp/docker.sock:ro"
+ - "./vhost.d:/etc/nginx/vhost.d:ro"
+
+ agent:
+ image: portainer/agent:latest
+ environment:
+ # REQUIRED: Should be equal to the service name prefixed by "tasks." when
+ # deployed inside an overlay network
+ AGENT_CLUSTER_ADDR: tasks.agent
+ # AGENT_PORT: 9001
+ # LOG_LEVEL: DEBUG
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /var/lib/docker/volumes:/var/lib/docker/volumes
+ networks:
+ - agent_network
+ deploy:
+ mode: global
+ placement:
+ constraints: [node.platform.os == linux]
+
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify
+ volumes:
+ - data:/data
+ environment:
+ - VIRTUAL_HOST=portainer.yourdomain.com
+ - VIRTUAL_PORT=9000
+ ports:
+ - 8000:8000
+ networks:
+ - proxy
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+
+
+networks:
+ proxy:
+ external: true
+ agent_network:
+ external: true
+
+volumes:
+ data:
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+version: '3.2'
+
+services:
+ nginx-proxy:
+ image: nginxproxy/nginx-proxy
+ networks:
+ - proxy
+ ports:
+ - "80:80"
+ volumes:
+ - "/var/run/docker.sock:/tmp/docker.sock:ro"
+ - "./vhost.d:/etc/nginx/vhost.d:ro"
+
+ agent:
+ image: portainer/agent:latest
+ environment:
+ # REQUIRED: Should be equal to the service name prefixed by "tasks." when
+ # deployed inside an overlay network
+ AGENT_CLUSTER_ADDR: tasks.agent
+ # AGENT_PORT: 9001
+ # LOG_LEVEL: DEBUG
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /var/lib/docker/volumes:/var/lib/docker/volumes
+ networks:
+ - agent_network
+ deploy:
+ mode: global
+ placement:
+ constraints: [node.platform.os == linux]
+
+ portainer:
+ image: portainer/portainer-ce:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify
+ volumes:
+ - data:/data
+ environment:
+ - VIRTUAL_HOST=portainer.yourdomain.com
+ - VIRTUAL_PORT=9000
+ ports:
+ - 8000:8000
+ networks:
+ - proxy
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+
+
+networks:
+ proxy:
+ external: true
+ agent_network:
+ external: true
+
+volumes:
+ data:
+```
+{% endtab %}
+{% endtabs %}
+
+To start working with this recipe, change the `VIRTUAL_HOST` value then deploy Portainer by running the following:
+
+```
+ docker stack deploy portainer -c portainer.yml
+```
+
+To check the deployment, run `docker service ls`. You should see an output similar to the following:
+
+```
+ID NAME MODE REPLICAS IMAGE PORTS
+gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
+jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 nginxproxy/nginx-proxy:latest *:80->80/tcp
+5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ee:latest *:8000->8000/tcp
+```
+
+Once the services are running, you will be able to access Portainer from the URL you defined earlier, for example: `portainer.yourdomain.com`.
diff --git a/advanced/reverse-proxy/traefik.md b/advanced/reverse-proxy/traefik.md
new file mode 100644
index 0000000..8de7e3f
--- /dev/null
+++ b/advanced/reverse-proxy/traefik.md
@@ -0,0 +1,374 @@
+# Deploying Portainer behind Traefik Proxy
+
+[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
+
+## Deploying in a Docker Standalone scenario
+
+To deploy Portainer behind Traefik Proxy in a Docker standalone scenario you must use a Docker Compose file. In the following `docker-compose.yml` you will find the configuration for Portainer Traefik with SSL support and the Portainer Server.
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+version: "3.3"
+
+services:
+ traefik:
+ container_name: traefik
+ image: "traefik:latest"
+ command:
+ - --entrypoints.web.address=:80
+ - --entrypoints.websecure.address=:443
+ - --providers.docker
+ - --log.level=ERROR
+ - --certificatesresolvers.leresolver.acme.httpchallenge=true
+ - --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
+ - --certificatesresolvers.leresolver.acme.storage=./acme.json
+ - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ - "./acme.json:/acme.json"
+ labels:
+ - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+ - "traefik.http.routers.http-catchall.entrypoints=web"
+ - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+ - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H unix:///var/run/docker.sock
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - portainer_data:/data
+ labels:
+ # Frontend
+ - "traefik.enable=true"
+ - "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
+ - "traefik.http.routers.frontend.entrypoints=websecure"
+ - "traefik.http.services.frontend.loadbalancer.server.port=9000"
+ - "traefik.http.routers.frontend.service=frontend"
+ - "traefik.http.routers.frontend.tls.certresolver=leresolver"
+
+ # Edge
+ - "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+ - "traefik.http.routers.edge.entrypoints=websecure"
+ - "traefik.http.services.edge.loadbalancer.server.port=8000"
+ - "traefik.http.routers.edge.service=edge"
+ - "traefik.http.routers.edge.tls.certresolver=leresolver"
+
+
+volumes:
+ portainer_data:
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+version: "3.3"
+
+services:
+ traefik:
+ container_name: traefik
+ image: "traefik:latest"
+ command:
+ - --entrypoints.web.address=:80
+ - --entrypoints.websecure.address=:443
+ - --providers.docker
+ - --log.level=ERROR
+ - --certificatesresolvers.leresolver.acme.httpchallenge=true
+ - --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
+ - --certificatesresolvers.leresolver.acme.storage=./acme.json
+ - --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ - "./acme.json:/acme.json"
+ labels:
+ - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+ - "traefik.http.routers.http-catchall.entrypoints=web"
+ - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+ - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+ portainer:
+ image: portainer/portainer-ce:latest
+ command: -H unix:///var/run/docker.sock
+ restart: always
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - portainer_data:/data
+ labels:
+ # Frontend
+ - "traefik.enable=true"
+ - "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
+ - "traefik.http.routers.frontend.entrypoints=websecure"
+ - "traefik.http.services.frontend.loadbalancer.server.port=9000"
+ - "traefik.http.routers.frontend.service=frontend"
+ - "traefik.http.routers.frontend.tls.certresolver=leresolver"
+
+ # Edge
+ - "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+ - "traefik.http.routers.edge.entrypoints=websecure"
+ - "traefik.http.services.edge.loadbalancer.server.port=8000"
+ - "traefik.http.routers.edge.service=edge"
+ - "traefik.http.routers.edge.tls.certresolver=leresolver"
+
+
+volumes:
+ portainer_data:
+```
+{% endtab %}
+{% endtabs %}
+
+Before you run this file in Docker, you will need to create the `acme.json` file with permission `600` that will store the SSL certificates. Once it has been created, you can define the file path in the following sections in the Docker Compose file:
+
+In the volumes and command section of the Traefik Proxy container:
+
+```
+- "./acme.json:/acme.json"
+```
+
+```
+- --certificatesresolvers.leresolver.acme.storage=./acme.json
+```
+
+You also need to enter your email address for Let's Encrypt registration.
+
+```
+- --certificatesresolvers.leresolver.acme.email=your-email
+```
+
+Next, customize some labels in the Traefik container. The following labels need to be updated with the URL that you want use to access Portainer:
+
+```
+- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
+```
+
+```
+- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+```
+
+Once this is done, you're ready to deploy Portainer:
+
+```
+docker-compose up -d
+```
+
+After the images have been downloaded and deployed you will able to access Portainer from the URL you defined earlier, for example: `https://portainer.yourdomain.com`.
+
+## Deploying in a Docker Swarm scenario
+
+To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario you must use a Docker Compose file. In the following `docker-compose.yml` you will find the configuration for Portainer Traefik with SSL support and the Portainer Server.
+
+{% hint style="warning" %}
+This deployment assumes you are running one manager node. If you are using multiple managers we advise [reading this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+{% endhint %}
+
+Before deploying the Docker Compose file, you need to create two elements: networks and volumes.
+
+First, create two overlay networks:
+
+```
+ docker network create -d overlay agent_network
+```
+
+```
+ docker network create -d overlay public
+```
+
+Then create the volume:
+
+```
+ docker volume create portainer_data
+```
+
+Save this recipe as `portainer.yml`:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+version: '3.2'
+
+services:
+ traefik:
+ image: "traefik:latest"
+ command:
+ - --entrypoints.web.address=:80
+ - --entrypoints.websecure.address=:443
+ - --providers.docker=true
+ - --providers.docker.swarmMode=true
+ - --providers.docker.exposedbydefault=false
+ - --providers.docker.network=public
+ - --api
+ - --log.level=ERROR
+ ports:
+ - "80:80"
+ - "443:443"
+ networks:
+ - public
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+ agent:
+ image: portainer/agent:latest
+ environment:
+ # REQUIRED: Should be equal to the service name prefixed by "tasks." when
+ # deployed inside an overlay network
+ AGENT_CLUSTER_ADDR: tasks.agent
+ # AGENT_PORT: 9001
+ # LOG_LEVEL: debug
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /var/lib/docker/volumes:/var/lib/docker/volumes
+ networks:
+ - agent_network
+ deploy:
+ mode: global
+ placement:
+ constraints: [node.platform.os == linux]
+
+ portainer:
+ image: portainer/portainer-ee:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify
+ volumes:
+ - data:/data
+ networks:
+ - public
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
+ - "traefik.http.routers.portainer.entrypoints=web"
+ - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+ - "traefik.http.routers.portainer.service=portainer"
+ # Edge
+ - "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+ - "traefik.http.routers.edge.entrypoints=web"
+ - "traefik.http.services.edge.loadbalancer.server.port=8000"
+ - "traefik.http.routers.edge.service=edge"
+
+networks:
+ public:
+ external: true
+ agent_network:
+ external: true
+
+volumes:
+ data:
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+version: '3.2'
+
+services:
+ traefik:
+ image: "traefik:latest"
+ command:
+ - --entrypoints.web.address=:80
+ - --entrypoints.websecure.address=:443
+ - --providers.docker=true
+ - --providers.docker.swarmMode=true
+ - --providers.docker.exposedbydefault=false
+ - --providers.docker.network=public
+ - --api
+ - --log.level=ERROR
+ ports:
+ - "80:80"
+ - "443:443"
+ networks:
+ - public
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+ agent:
+ image: portainer/agent:latest
+ environment:
+ # REQUIRED: Should be equal to the service name prefixed by "tasks." when
+ # deployed inside an overlay network
+ AGENT_CLUSTER_ADDR: tasks.agent
+ # AGENT_PORT: 9001
+ # LOG_LEVEL: debug
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /var/lib/docker/volumes:/var/lib/docker/volumes
+ networks:
+ - agent_network
+ deploy:
+ mode: global
+ placement:
+ constraints: [node.platform.os == linux]
+
+ portainer:
+ image: portainer/portainer-ce:latest
+ command: -H tcp://tasks.agent:9001 --tlsskipverify
+ volumes:
+ - data:/data
+ networks:
+ - public
+ - agent_network
+ deploy:
+ mode: replicated
+ replicas: 1
+ placement:
+ constraints: [node.role == manager]
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
+ - "traefik.http.routers.portainer.entrypoints=web"
+ - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+ - "traefik.http.routers.portainer.service=portainer"
+ # Edge
+ - "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+ - "traefik.http.routers.edge.entrypoints=web"
+ - "traefik.http.services.edge.loadbalancer.server.port=8000"
+ - "traefik.http.routers.edge.service=edge"
+
+networks:
+ public:
+ external: true
+ agent_network:
+ external: true
+
+volumes:
+ data:
+```
+{% endtab %}
+{% endtabs %}
+
+Finally, customize these labels to match the URL that you want to use to access Portainer:
+
+```
+- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
+```
+
+```
+- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
+```
+
+You can now deploy Portainer by executing the following:
+
+```
+ docker stack deploy portainer -c portainer.yml
+```
+
+To check the deployment, run `docker service ls`. You should see an output similar to the following:
+
+```
+ID NAME MODE REPLICAS IMAGE PORTS
+lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
+m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ee:latest
+tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp
+```
+
+Once the services are running, you will able to access Portainer from the URL you defined earlier, for example: `portainer.yourdomain.com`.
diff --git a/advanced/security.md b/advanced/security.md
new file mode 100644
index 0000000..c25d9a1
--- /dev/null
+++ b/advanced/security.md
@@ -0,0 +1,9 @@
+# Security and compliance
+
+Portainer runs exclusively on your servers, within your network, behind your own firewalls. As a result, we do not currently hold any SOC or PCI/DSS compliance because we do not host any of your infrastructure. You can even run Portainer completely disconnected (air-gapped) without any impact on functionality.
+
+We comply with GDPR in relation to the anonymous analytics we collect. Data collection can be disabled at startup (or at any time), and if you are disconnected, it silently fails.
+
+The Portainer code itself does not undergo any formal code analysis, however we scan our published images for vulnerabilities as part of the DockerHub process.
+
+We are also the subject of regular third-party vulnerability analyses. No issues have been reported for some time, and any issues that are discovered are resolved within six weeks.
diff --git a/advanced/ssl.md b/advanced/ssl.md
new file mode 100644
index 0000000..b8bf011
--- /dev/null
+++ b/advanced/ssl.md
@@ -0,0 +1,192 @@
+# Using your own SSL certificate with Portainer
+
+By default, Portainer’s web interface and API is exposed over HTTPS with a self-signed certificate generated by the installation. This can be replaced with your own SSL certificate either after installation [via the Portainer UI](../admin/settings/#ssl-certificate) or during installation, as explained in this article.
+
+{% hint style="info" %}
+When using your own externally-issued certificate, ensure that you include the full certificate chain (including any intermediate certificates) in the file you provide via `--sslcert`. Without this you may face certificate validation issues. Your certificate chain can be obtained either from your certificate issuer or the [What's My Chain Cert?](https://whatsmychaincert.com/) website.
+{% endhint %}
+
+## Using your own SSL certificate on Docker Standalone
+
+{% hint style="info" %}
+Portainer expects certificates in PEM format.
+{% endhint %}
+
+Use the `--sslcert` and `--sslkey` flags during installation.
+
+{% hint style="info" %}
+If you are using certificates signed by your own CA, you may need to supply your CA certificate as well with the `--sslcacert` flag.
+{% endhint %}
+
+Upload your certificate (including the chain) and key to the server running Portainer, then start Portainer referencing them. The following command assumes your certificates are stored in `/path/to/your/certs` with the filenames `portainer.crt` and `portainer.key`, and bind-mounts the directory to `/certs` in the Portainer container:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 \
+ --name portainer --restart always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /path/to/your/certs:/certs \
+ portainer/portainer-ee:latest \
+ --sslcert /certs/portainer.crt \
+ --sslkey /certs/portainer.key
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 \
+ --name portainer --restart always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /path/to/your/certs:/certs \
+ portainer/portainer-ce:latest \
+ --sslcert /certs/portainer.crt \
+ --sslkey /certs/portainer.key
+```
+{% endtab %}
+{% endtabs %}
+
+Alternatively, Certbot can be used to generate a certificate and a key. Because Docker has issues with symlinks, if you use Certbot you will need to pass both the 'live' and 'archive' directories as volumes, as well as use the full chain certificate. For example:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 \
+ --name portainer --restart always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /etc/letsencrypt/live/yourdomain:/certs/live/yourdomain:ro \
+ -v /etc/letsencrypt/archive/yourdomain:/certs/archive/yourdomain:ro \
+ portainer/portainer-ee:latest \
+ --sslcert /certs/live/yourdomain/fullchain.pem \
+ --sslkey /certs/live/yourdomain/privkey.pem
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 9443:9443 -p 8000:8000 \
+ --name portainer --restart always \
+ -v /var/run/docker.sock:/var/run/docker.sock \
+ -v portainer_data:/data \
+ -v /etc/letsencrypt/live/yourdomain:/certs/live/yourdomain:ro \
+ -v /etc/letsencrypt/archive/yourdomain:/certs/archive/yourdomain:ro \
+ portainer/portainer-ce:latest \
+ --sslcert /certs/live/yourdomain/fullchain.pem \
+ --sslkey /certs/live/yourdomain/privkey.pem
+```
+{% endtab %}
+{% endtabs %}
+
+When you're finished, you can navigate to `https://$ip-docker-host:9443`.
+
+## Using your own SSL certificate on Docker Swarm
+
+To provide your own SSL certificate for Docker Swarm, simply define the `portainer.sslcert` and `portainer.sslkey` secrets, and the installation manifest will automatically detect and use them:
+
+```
+docker secret create portainer.sslcert /path/to/your/certificate.crt
+docker secret create portainer.sslkey /path/to/your/certificate.key
+```
+
+{% hint style="info" %}
+If you are using certificates signed by your own CA, you may need to supply your CA certificate as well via a `portainer.sslcacert` secret and modifying the below YAML files to include the `--sslcacert` flag.
+{% endhint %}
+
+Next, retrieve the stack YML manifest:
+
+{% tabs %}
+{% tab title="Linux and Windows with Docker Desktop" %}
+**Business Edition:**
+
+```
+curl -L https://downloads.portainer.io/ee2-19/portainer-agent-stack-ssl.yml -o portainer-agent-stack.yml
+```
+
+**Community Edition:**
+
+```
+curl -L https://downloads.portainer.io/ce2-19/portainer-agent-stack-ssl.yml -o portainer-agent-stack.yml
+```
+{% endtab %}
+
+{% tab title="Windows Container Services" %}
+**Business Edition:**
+
+```
+curl https://downloads.portainer.io/ee2-19/portainer-windows-stack-ssl.yml -o portainer-agent-stack.yml
+```
+
+**Community Edition:**
+
+```
+curl https://downloads.portainer.io/ce2-19/portainer-windows-stack-ssl.yml -o portainer-agent-stack.yml
+```
+{% endtab %}
+{% endtabs %}
+
+Finally, use the downloaded YML manifest to deploy your stack:
+
+```
+docker stack deploy -c portainer-agent-stack.yml portainer
+```
+
+For more information about secrets, read [Docker's own documentation](https://docs.docker.com/compose/compose-file/#secrets).
+
+## Using your own SSL certificate on Kubernetes (via Helm)
+
+If it doesn't already exist, create the `portainer` namespace:
+
+```
+kubectl create namespace portainer
+```
+
+Next, create a TLS secret containing the full certificate chain and matching private key:
+
+```
+kubectl create secret tls portainer-tls-secret -n portainer \
+ --cert=/path/to/cert/file \
+ --key=/path/to/key/file
+```
+
+Install via helm with the `tls.existingSecret` parameter set to the name of the secret you just created:
+
+{% tabs %}
+{% tab title="NodePort" %}
+**Business Edition:**
+
+```
+helm install -n portainer portainer portainer/portainer \
+ --set tls.existingSecret=portainer-tls-secret \
+ --set enterpriseEdition.enabled=true
+```
+
+**Community Edition:**
+
+```
+helm install -n portainer portainer portainer/portainer \
+ --set tls.existingSecret=portainer-tls-secret
+```
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+Business Edition:
+
+```
+helm install -n portainer portainer portainer/portainer \
+ --set tls.existingSecret=portainer-tls-secret \
+ --set service.type=LoadBalancer \
+ --set enterpriseEdition.enabled=true
+```
+
+Community Edition:
+
+```
+helm install -n portainer portainer portainer/portainer \
+ --set tls.existingSecret=portainer-tls-secret \
+ --set service.type=LoadBalancer
+```
+{% endtab %}
+{% endtabs %}
diff --git a/api/access.md b/api/access.md
new file mode 100644
index 0000000..acad61f
--- /dev/null
+++ b/api/access.md
@@ -0,0 +1,108 @@
+# Accessing the Portainer API
+
+To access the Portainer API, you will need a few things:
+
+* A user in Portainer
+* An access token for that user
+* The ability to make HTTPS requests to the Portainer server on port `9443` (or `9000` for legacy HTTP)
+
+## Creating a new user
+
+API access is provided on a per-user basis, with each users' API access dependent on that user's permissions within Portainer. For example, if your user had access to only one environment, API calls for that user would also be restricted to that environment.
+
+To create a new user within Portainer, refer to our documentation:
+
+{% content-ref url="../admin/users/add.md" %}
+[add.md](../admin/users/add.md)
+{% endcontent-ref %}
+
+Once the user has been created, log in to Portainer as that user to create an API access token.
+
+## Creating an access token
+
+Once the user has been created, you can add an access token to that user. The access token will provide the same level of access to Portainer functionality as would be available to that user had they logged into the Portainer UI.
+
+Once logged in as the user, click on **my account** in the top right.
+
+
+
+Scroll down to the **Access tokens** section. Here you can see any access tokens that exist for the user.
+
+
+
+To add a new access token, click the **Add access token** button. You will be taken to a new page where you can set a Description for your access token. We recommend making this something recognizable for future reference.
+
+
+
+Once you have provided a description, click the **Add access token** button to generate your access token.
+
+Your new access token will now be displayed. Please copy the access token and keep it in a safe place, as you will not be able to view the token again after creation.
+
+
+
+When you have copied the access token, click the **Done** button to return to the User settings page. Your access token is ready to use.
+
+## Using your access token
+
+Now that you have created a user and access token, you are ready to access the API. The Portainer API follows the RESTful architecture, accepting `GET` / `POST` / `PUT` / `DELETE` requests and responding with JSON objects.
+
+{% hint style="info" %}
+The following examples use [httpie](https://httpie.org/) to execute API calls against Portainer. Feel free to replace this with your method of choice.
+{% endhint %}
+
+To make an API request, you will need to include your access token in the `X-API-Key` header to authenticate your request. For example, you can use the `/stacks` endpoint to list the stacks you have access to:
+
+```
+http GET https://portainer-url:9443/api/stacks X-API-Key:your_api_key_here
+```
+
+This will return a JSON object listing your stacks:
+
+```
+[
+ {
+ "AdditionalFiles": null,
+ "AutoUpdate": null,
+ "CreatedBy": "admin",
+ "CreationDate": 1631852794,
+ "EndpointId": 4,
+ "EntryPoint": "docker-compose.yml",
+ "Env": null,
+ "GitConfig": {
+ "Authentication": null,
+ "ConfigFilePath": "docker-compose.yml",
+ "ConfigHash": "2e71920bf1ee1bbac976d320f8f274411fba3bad",
+ "ReferenceName": "refs/heads/master",
+ "URL": "https://github.com/mygithubaccount/wordpress-stack"
+ },
+ "Id": 5,
+ "IsComposeFormat": true,
+ "Name": "",
+ "Namespace": "my-namespace",
+ "ProjectPath": "/data/compose/5",
+ "ResourceControl": null,
+ "Status": 1,
+ "SwarmId": "",
+ "Type": 3,
+ "UpdateDate": 0,
+ "UpdatedBy": ""
+ },
+]
+```
+
+If a user tries to access an area they do not have permission to access, an error message will be returned. For example, assume that a non-administrator user attempted to access the `/settings` endpoint, which requires administrator access:
+
+```
+http GET https://portainer:9443/api/settings X-API-Key:your_api_key_here
+```
+
+The user would be presented with the following response:
+
+```
+{
+ "details": "Unauthorized",
+ "message": "Access denied"
+}
+```
+
+Now that you have access to the Portainer API, you can learn more about how to use it from the [API documentation](docs.md) and our [usage examples](examples.md).
diff --git a/api/docs.md b/api/docs.md
new file mode 100644
index 0000000..e737234
--- /dev/null
+++ b/api/docs.md
@@ -0,0 +1,19 @@
+# API documentation
+
+Portainer exposes an HTTP API that you can use to automate everything you do via the Portainer UI. You can also use Portainer as a gateway (HTTP queries against the Portainer API) to the underlying Docker/Kubernetes API.
+
+{% hint style="info" %}
+You will need an access token in order to use the Portainer API. If you have not already set up an access token for the API, we have [instructions on how to do so](access.md).
+{% endhint %}
+
+You can find our API documentation at SwaggerHub:
+
+* [Business Edition (BE) 2.19.0 API Documentation](https://app.swaggerhub.com/apis/portainer/portainer-ee/2.19.0)
+* [Community Edition (CE) 2.19.0 API Documentation](https://app.swaggerhub.com/apis/portainer/portainer-ce/2.19.0)
+
+We have also provided some examples of API usage.
+
+{% content-ref url="examples.md" %}
+[examples.md](examples.md)
+{% endcontent-ref %}
+
diff --git a/api/examples.md b/api/examples.md
new file mode 100644
index 0000000..4f99fe2
--- /dev/null
+++ b/api/examples.md
@@ -0,0 +1,117 @@
+# API usage examples
+
+Portainer exposes an HTTP API that you can use to automate everything you do via the Portainer UI. You can also use Portainer as a gateway (HTTP queries against the Portainer API) to the underlying Docker/Kubernetes API.
+
+{% hint style="info" %}
+The following examples use [httpie](https://httpie.org/) to execute API calls against Portainer.
+{% endhint %}
+
+## Initialize the admin password
+
+On a fresh install of Portainer, you need to create an admin account to initialize Portainer. You will be asked for this when you visit the Portainer URL for the first time. You can achieve the same outcome using this API call:
+
+```
+http POST /api/users/admin/init Username="" Password=""
+```
+
+## Authenticate against the API using the admin account
+
+```
+http POST /api/auth Username="" Password=""
+```
+
+The response is a JSON object containing the JWT token inside the `jwt` field. You will need to pass this token inside the authorization header when executing an authentication query against the API.
+
+```
+{
+ "jwt":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE"
+}
+```
+
+The value of the authorization header must be of the form `Bearer `:
+
+```
+Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
+```
+
+{% hint style="info" %}
+This token is valid for 8 hours. Once it expires, you will need to generate another token to execute authenticated queries.
+{% endhint %}
+
+## Adding a new environment
+
+On a fresh install, Portainer has no environments configured. You will first need to add an environment for Portainer to manage.
+
+You can add an environment to manage [via the Portainer API](../admin/environments/add/api.md), or via the web interface both during the initial setup and after setup is complete.
+
+## Execute Docker queries against a specific environment
+
+The Portainer HTTP API endpoint acts as a reverse-proxy to the Docker HTTP API and can be used to execute any of the Docker HTTP API requests:
+
+`/api/endpoints//docker`
+
+{% hint style="info" %}
+Read [Docker's API documentation](https://docs.docker.com/engine/api/) to learn how to query the Docker Engine.
+{% endhint %}
+
+### **List all containers**
+
+This call lists all of the containers available in a specific environment:
+
+```
+http GET /api/endpoints/1/docker/containers/json \
+ X-API-Key:your_access-token \
+ all==true
+```
+
+The response is identical to that returned by the `ContainerList` operation of the Docker API. See [Docker's documentation about this operation](https://docs.docker.com/engine/api/v1.41/#operation/ContainerList).
+
+### **Create a container**
+
+You can create a container in a specific environment using the Portainer HTTP API as a gateway. The following query will create a new Docker container inside the environment using ID 1. The container will be named `web01` and will use the `nginx:latest` Docker image. It will publish container port `80` on port `8080` on the host.
+
+```
+http POST /api/endpoints/1/docker/containers/create \
+ X-API-Key:your_access-token \
+ name=="web01" Image="nginx:latest" \
+ ExposedPorts:='{ "80/tcp": {} }' \
+ HostConfig:='{ "PortBindings": { "80/tcp": [{ "HostPort": "8080" }] } }'
+```
+
+The response is identical to that returned by the `ContainerCreate` operation of the Docker API. See [Docker's documentation about this operation](https://docs.docker.com/engine/api/v1.41/#operation/ContainerCreate).
+
+Here is an example response:
+
+```
+{
+ "Id": "5fc2a93d7a3d426a1c3937436697fc5e5343cc375226f6110283200bede3b107",
+ "Warnings": null
+}
+```
+
+You will need the container ID in order to execute actions against that container.
+
+### **Start a container**
+
+Using the ID you retrieved previously, you can start your new container using this endpoint:
+
+`/api/endpoints//docker/containers//start`
+
+```
+http POST /api/endpoints/1/docker/containers/5fc2a93d7a3d426a1c3937436697fc5e5343cc375226f6110283200bede3b107/start \
+ X-API-Key:your_access-token
+```
+
+The response is identical to that returned by the `ContainerStart` operation of the Docker API. See [Docker's documentation about this operation](https://docs.docker.com/engine/api/v1.41/#operation/ContainerStart).
+
+### **Delete a container**
+
+You can create a container using the endpoint `/api/endpoints//docker/containers/`:
+
+```
+http DELETE /api/endpoints/1/docker/containers/5fc2a93d7a3d426a1c3937436697fc5e5343cc375226f6110283200bede3b107 \
+ X-API-Key:your_access-token \
+ force==true
+```
+
+The response is identical to that returned by the `ContainerDelete` operation of the Docker API. See [Docker's documentation about this operation](https://docs.docker.com/engine/api/v1.41/#operation/ContainerDelete).
diff --git a/contribute/build/README.md b/contribute/build/README.md
new file mode 100644
index 0000000..2a6ad2e
--- /dev/null
+++ b/contribute/build/README.md
@@ -0,0 +1,51 @@
+# Build instructions
+
+This article explains how to set up your local development environment so you can contribute to the Portainer codebase.
+
+{% hint style="info" %}
+Make sure you have installed the dependencies for this project on your [Mac](mac.md) or [Linux](linux.md) machine before continuing.
+{% endhint %}
+
+{% hint style="warning" %}
+Windows is currently not supported by the Portainer development environment.
+{% endhint %}
+
+## Instructions
+
+Navigate to the folder where you will store Portainer project code. This can be anywhere such as on your desktop or in your downloads folder.
+
+Now, download the Portainer project:
+
+```
+git clone https://github.com/portainer/portainer.git
+```
+
+Next, navigate into the Portainer project you downloaded:
+
+```
+cd portainer
+```
+
+Install the development dependencies:
+
+```
+make deps
+```
+
+And finally, build and run the project:
+
+```
+make dev
+```
+
+You should now be able to access Portainer at `https://localhost:9443` and UI dev server runs on `http://localhost:8999`.
+
+For additional commands, run `make help`.
+
+{% hint style="info" %}
+The frontend application will update and refresh when you save your changes to any of the sources.
+{% endhint %}
+
+## Contribution Guidelines
+
+When contributing to the Portainer codebase, please follow [our contribution guidelines](https://github.com/portainer/portainer/blob/develop/CONTRIBUTING.md).
diff --git a/contribute/build/linux.md b/contribute/build/linux.md
new file mode 100644
index 0000000..a8e589e
--- /dev/null
+++ b/contribute/build/linux.md
@@ -0,0 +1,191 @@
+# Set up a Linux build environment
+
+As an open source product, we encourage users to edit our code and submit patches to it. This article explains how to set up a local environment on Linux so you can build your own copy of Portainer and test your changes.
+
+{% hint style="info" %}
+We tested these instructions on Ubuntu 18.04.2 LTS. For instructions that relate to other systems, see the linked documentation below.
+{% endhint %}
+
+## Dependencies
+
+* [Docker CE](https://docs.docker.com/install/) is the Docker application that runs on your machine to enable the use of Docker features. The latest version is not a requirement for this development stack, however we recommend staying up to date with the latest improvements and security fixes.
+* [Yarn](https://yarnpkg.com/en/docs/install#mac-stable) is a package manager for installing new software packages on your system, and is used to run the Portainer development environment.
+* [Node.JS](https://nodejs.org/en/download/) is a JavaScript package used when building applications that leverage networking, such as Portainer. Version 18 or later is required.
+* [Golang](https://golang.org/dl/) is the open source language that we use to build the majority of Portainer software. Version 1.18 of Golang is required.
+* Wget is a package used to retrieve files using common internet protocols such as HTTP and FTP.
+
+## Part 1: Installing Docker
+
+{% hint style="info" %}
+The following instructions were run on Ubuntu, for up-to-date instructions on this and other Linux distributions read the [official Docker CE documentation](https://docs.docker.com/install/).
+{% endhint %}
+
+{% hint style="info" %}
+You must configure the Docker repository before you install Docker.
+{% endhint %}
+
+### Step 1: Configure the Docker repository
+
+First, update your system's packages using this command:
+
+```
+sudo apt-get update
+```
+
+Next, install the required packages to use repos over HTTPS:
+
+```
+sudo apt-get install \
+ apt-transport-https \
+ ca-certificates \
+ curl \
+ gnupg-agent \
+ software-properties-common
+```
+
+Now install the official GPG key for Docker:
+
+```
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+```
+
+Use this fingerprint to confirm that you have the correct key:
+
+`9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88`
+
+```
+sudo apt-key fingerprint 0EBFCD88
+```
+
+The correct output should be:
+
+```
+pub rsa4096 2017-02-22 [SCEA]
+ 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
+uid [ unknown] Docker Release (CE deb)
+sub rsa4096 2017-02-22 [S]
+```
+
+And finally, use the following command to set up the stable repository:
+
+```
+sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+ $(lsb_release -cs) \
+ stable"
+```
+
+### Step 2: Install Docker
+
+{% hint style="info" %}
+We always recommend installing software using the most up-to-date instructions from the official vendor. This step is based on Docker's own [installation instructions for Docker on Linux](https://docs.docker.com/install/).
+{% endhint %}
+
+First, update your system's packages using this command:
+
+```
+sudo apt-get update
+```
+
+Next, install Docker and its associated packages:
+
+```
+sudo apt-get install docker-ce docker-ce-cli containerd.io
+```
+
+Finally, verify that Docker was correctly installed and is running on your system. This command should download a test image that you can run in a container, print an informational message for then exit out of.
+
+```
+sudo docker run hello-world
+```
+
+## Part 2: Installing Yarn
+
+{% hint style="info" %}
+If you are running a different Linux distribution than Ubuntu, read Yarn's own [installation instructions for Yarn on Linux](https://yarnpkg.com/en/docs/install).
+{% endhint %}
+
+{% hint style="info" %}
+If you have issues installing or using Yarn, read their [official documentation](https://yarnpkg.com/en/docs/install#mac-stable).
+{% endhint %}
+
+Run this command in the terminal to configure the Yarn repository on your system:
+
+```
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+```
+
+Update your system's packages and install Yarn using this command:
+
+```
+sudo apt-get update && sudo apt-get install yarn
+```
+
+Finally, run this command in the terminal to confirm that the Yarn installation was a success:
+
+```
+yarn --version
+```
+
+The current version of Yarn should print out in your terminal, indicating that that it installed successfully and is running on your system.
+
+## Part 3: Installing or updating Node.JS
+
+{% hint style="info" %}
+This procedure makes use of NVM to install Node.JS (Node.JS version 12 or later is required). NVM allows multiple different versions of Node.JS to be installed on a system and provides an easy way to switch between them.
+{% endhint %}
+
+{% hint style="info" %}
+If you have issues installing or updating Node.JS, read NVM's [documentation](https://github.com/creationix/nvm).
+{% endhint %}
+
+First, install or update to the latest version of Node.JS by running this command in the terminal:
+
+```
+nvm install node
+```
+
+Finally, check if Node is installed on your system:
+
+```
+node --version
+```
+
+The latest version of Node.JS should now print out.
+
+## Part 4: Installing Golang using a Linux tar file
+
+{% hint style="info" %}
+Go version 1.17 must be installed. If you're upgrading from an older version, you must [remove the existing version](https://golang.org/doc/install#uninstall) first before installing version 1.17. For the most up-to-date installation instructions, read [Go's own documentation](https://golang.org/doc/install#install).
+{% endhint %}
+
+{% hint style="info" %}
+If you have issues installing or using Go, read the _Getting help_ section in their [official documentation](https://golang.org/doc/install#help).
+{% endhint %}
+
+First, [download](https://golang.org/dl/) the appropriate version of Go for your system. Navigate to where it was downloaded then extract it to the `/usr/local` directory using this command:
+
+```
+sudo tar -C /usr/local -xzf go1.17.6.linux-amd64.tar.gz
+```
+
+Next, add `/usr/local/go/bin` to the PATH environment variable inside your shell profile. Here's an example using bash:
+
+```
+echo "export PATH=$PATH:$HOME/go/bin:/usr/local/go/bin" >> ~/.bashrc
+```
+
+{% hint style="info" %}
+You may need to log out and log back in for this to take effect.
+{% endhint %}
+
+And finally, follow the _Test your installation_ section in [Golang's official documentation](https://golang.org/doc/code.html#Testing) to ensure that Go installed correctly.
+
+## Part 5: Installing Wget
+
+{% hint style="info" %}
+If you have issues installing or using Wget, read their [documentation](https://www.gnu.org/software/wget/manual/).
+{% endhint %}
+
+To install Wget on Linux, simply run the `apt-get install wget` command in the terminal.
diff --git a/contribute/build/mac.md b/contribute/build/mac.md
new file mode 100644
index 0000000..7510295
--- /dev/null
+++ b/contribute/build/mac.md
@@ -0,0 +1,65 @@
+# Set up a macOS build environment
+
+As an open source product, we encourage users to edit our code and submit patches to it. This article explains how to set up a local environment on Mac so you can build your own copy of Portainer and test your changes.
+
+{% hint style="info" %}
+We tested these instructions on macOS 10.14.3 (Mojave).
+{% endhint %}
+
+## Dependencies
+
+* [Docker for Mac](https://www.docker.com/products/docker-desktop) installs the Docker application and other Docker tools. The latest version is not a requirement for this development stack, however we recommend staying up to date with the latest improvements and security fixes.
+* [Yarn](https://yarnpkg.com/en/docs/install#mac-stable) is a package manager for installing new software packages on your system, and is used to run the Portainer development environment.
+* [Node.JS](https://nodejs.org/en/download/) is a JavaScript package used when building applications that leverage networking, such as Portainer. Version 18 or later is required.
+* [Golang](https://golang.org/dl/) is the open source language that we use to build the majority of Portainer software. Version 1.18 of Golang is required.
+* Wget is a package used to retrieve files using common internet protocols such as HTTP and FTP.
+
+## Part 1: Installing Docker for macOS
+
+{% hint style="warning" %}
+Docker for macOS requires OSX Mountain Lion or later or it will not work. Please check that you have the right version before you begin.
+{% endhint %}
+
+### Step 1: Install Docker
+
+{% hint style="info" %}
+We always recommend installing software using the most up-to-date instructions from the official vendor. This step is based on Docker's own [installation instructions for Docker on macOS](https://runnable.com/docker/install-docker-on-macos).
+{% endhint %}
+
+[Download Docker](https://www.docker.com/products/docker-desktop) then navigate to the `Docker.dmg` file and double-click to open. Drag and drop Docker into your applications folder. Authorize the installation using your system password then wait for Docker to finish installing.
+
+To check that Docker installed successfully, double-click Docker inside your applications folder to start it. The whale icon should appear in your status bar, indicating Docker is running and accessible.
+
+### Step 2: Check the installed Docker version
+
+Click the Docker icon in the status bar then select **About Docker Desktop** from the menu (or a similarly named menu item, depending on your Docker version). A window should open, displaying the current version of Docker and its supporting software.
+
+## Part 2: Installing Yarn
+
+{% hint style="info" %}
+This procedure uses the Homebrew package manager. Go [here](https://brew.sh/) to learn how install it. If you don't want to use Homebrew, Yarn provides [some alternatives](https://yarnpkg.com/en/docs/install#mac-stable).
+{% endhint %}
+
+{% hint style="info" %}
+If you have issues installing or using Yarn, read their [official documentation](https://yarnpkg.com/en/docs/install#mac-stable).
+{% endhint %}
+
+Running `brew install yarn` in the macOS terminal will install Yarn. To confirm it installed successfully, run `yarn --version` in the macOS terminal.
+
+If successful, the current version of Yarn should print out in your terminal, indicating that it installed successfully and is running on your system.
+
+## Part 3: Installing or updating Node.JS
+
+{% hint style="info" %}
+If you used Homebrew to install Yarn, Node.JS should have automatically installed alongside it. If not, you can install it by following the [Node.JS documentation](https://nodejs.org/en/download/).
+{% endhint %}
+
+{% hint style="info" %}
+If you have issues installing or updating Node.JS using Homebrew, read [Homebrew's troubleshooting guide](https://docs.brew.sh/Common-Issues).
+{% endhint %}
+
+To check if Node.JS is installed on your system, run `node --version` in your terminal. The current version of Node.JS should print out. If the version is version 6 or later, updating it to the latest version is optional (but we recommend it because it's good practice to stay up to date).
+
+If you are running a version of Node.JS that is older than version 6, you must upgrade in order to run the Portainer development environment.
+
+If Homebrew was installed at the same time as Yarn (using Homebrew), follow these steps to update Node.JS:
diff --git a/contribute/contribute.md b/contribute/contribute.md
new file mode 100644
index 0000000..25a91d6
--- /dev/null
+++ b/contribute/contribute.md
@@ -0,0 +1,17 @@
+# Contribute
+
+## Reporting bugs
+
+If you find a bug, please tell us so we can triage it. All bugs are managed in this [GitHub repo](https://github.com/portainer/portainer/issues/new?assignees=\&labels=bug%2Fneed-confirmation%2C+kind%2Fbug\&template=Bug\_report.md\&title=). When you click through, our template makes it easy to record all of the details. Before you report a bug, please check our list of [open bugs](https://github.com/portainer/portainer/labels/kind%2Fbug) in case someone else has already reported it.
+
+[This knowledge base article](https://portal.portainer.io/knowledge/how-do-you-decide-which-bugs-and-features-to-work-on-first) covers how we prioritize bug fixes.
+
+## Feature requests
+
+You can request new features by posting an Idea in our [GitHub Discussions](https://github.com/orgs/portainer/discussions/categories/ideas) forum. Please check to see if someone has already requested the feature you want, and give it an upvote if so.
+
+Learn how we prioritize feature development [in this knowledge base article](https://portal.portainer.io/knowledge/how-do-you-decide-which-bugs-and-features-to-work-on-first).
+
+## Contributing to the Portainer CE codebase
+
+The Portainer CE codebase is available in [GitHub](https://github.com/portainer/portainer). Please follow our build instructions and [contribution guidelines](https://github.com/portainer/portainer/blob/develop/CONTRIBUTING.md) when making a contribution.
diff --git a/faq/concepts.md b/faq/concepts.md
new file mode 100644
index 0000000..73ba493
--- /dev/null
+++ b/faq/concepts.md
@@ -0,0 +1,5 @@
+# Portainer Concepts
+
+{% hint style="info" %}
+This content has moved to the [Portainer Knowledge Base](https://portal.portainer.io/knowledge/getting-started).
+{% endhint %}
diff --git a/faq/contributing.md b/faq/contributing.md
new file mode 100644
index 0000000..c5a8fa8
--- /dev/null
+++ b/faq/contributing.md
@@ -0,0 +1,5 @@
+# Contributing
+
+{% hint style="info" %}
+This content has moved to the [Portainer Knowledge Base](https://portal.portainer.io/knowledge/contributing).
+{% endhint %}
diff --git a/faq/installing.md b/faq/installing.md
new file mode 100644
index 0000000..83340d2
--- /dev/null
+++ b/faq/installing.md
@@ -0,0 +1,5 @@
+# Installing
+
+{% hint style="info" %}
+This content has moved to the [Portainer Knowledge Base](https://portal.portainer.io/knowledge/installing).
+{% endhint %}
diff --git a/faq/troubleshooting.md b/faq/troubleshooting.md
new file mode 100644
index 0000000..67d8cd1
--- /dev/null
+++ b/faq/troubleshooting.md
@@ -0,0 +1,5 @@
+# Troubleshooting
+
+{% hint style="info" %}
+This content has moved to the [Portainer Knowledge Base](https://portal.portainer.io/knowledge/troubleshooting).
+{% endhint %}
diff --git a/faq/upgrading.md b/faq/upgrading.md
new file mode 100644
index 0000000..17f7667
--- /dev/null
+++ b/faq/upgrading.md
@@ -0,0 +1,5 @@
+# Upgrading
+
+{% hint style="info" %}
+This content has moved to the [Portainer Knowledge base](https://portal.portainer.io/knowledge/upgrading-and-downgrading).
+{% endhint %}
diff --git a/release-notes.md b/release-notes.md
new file mode 100644
index 0000000..136386f
--- /dev/null
+++ b/release-notes.md
@@ -0,0 +1,1870 @@
+# Release Notes
+
+The following release notes are for the **Business Edition** of Portainer. For **Community Edition** release notes, refer to the [GitHub releases page](https://github.com/portainer/portainer/releases).
+
+## Release 2.19.0
+
+August 31, 2023
+
+### Breaking changes
+
+* Introduced the ability for admins and environment admins to enable/disable community addons on a MicroK8s cluster created via Portainer. Note: On upgrade to this release, existing MicroK8s clusters created via Portainer are set to allow community addons.
+* A number of components/views have been migrated from Angular to React.
+* Helm, eksctl, and docker-compose have been updated to newer versions.
+* Internal versioning on stacks feature has introduced file structure changes in 2.19.
+* We have addressed an API issue in which an incorrect parameter was being used for API endpoint /edge\_groups. Users relying on the HasEdgeGroup parameter should now use HasEdgeJob to achieve the intended functionality.
+
+### Resolved CVEs
+
+* Updated the Docker Compose binary to v2.20.2, to resolve CVEs. [portainer/portainer#10099](https://github.com/portainer/portainer/issues/10099)
+* Updated the Helm binary to v3.12.2, to resolve CVEs. [portainer/portainer#10100](https://github.com/portainer/portainer/issues/10100)
+* Resolve identified CVEs.
+* Updated various packages to resolve CVEs. [portainer/portainer#9224](https://github.com/portainer/portainer/issues/9224)
+* Updated various packages in the agent, to resolve CVEs.
+
+### Edge
+
+* Fixed an issue where the edge agent was getting disconnected due to user updates to their remote update scheduler.
+* Resolved an issue where users were unable to create a rollback and subsequently edit it from the scheduler.
+* Introduced visual enhancement of dynamic progress bar for clearer edge stack status tracking. Get real-time deployment progress at a glance.
+* Fixed an issue where deploying a large volume edge stack triggered a 'URI too large' error. [portainer/portainer#10128](https://github.com/portainer/portainer/issues/10128)
+* Resolved an issue where edge devices were not fully shown in the waiting room when the total amount exceeded 100
+* Introducing new statuses - 'Running', 'Deploying', and 'Partially running' - for increased transparency in edge stack monitoring.
+* Introduced staggered deployment & rollback for edge stacks. Update in stages, reduce risks & revert failed updates seamlessly.
+* Introduced internal versioning & Git commit ID as edge stack version. Clearer version tracking for Git-deployed stacks.
+* Added support for relative paths in Git-deployed edge stacks.
+* Resolved an issue where the 'change windows setting' option was shifting outside of the div when a user was using a smaller screen
+* Fixed an API issue where the incorrect parameter HasEdgeGroup was being used instead of HasEdgeJob for endpoint /edge\_groups. Users relying on the HasEdgeGroup parameter should now use HasEdgeJob to achieve the intended functionality.
+* Introducing the ability to use environment variables for edge stack.
+* Introducing a new feature: [GitOps Edge Configurations](user/edge/stacks/add.md#gitops-edge-configurations), which simplify edge device configurations with GitOps. Effortlessly manage settings via version-controlled Git repositories for enhanced configuration control.
+* Introducing the latest commit ID display in edge stacks. Perfect for GitOps updates, this feature lets you easily track your running version. Stay informed and up-to-date effortlessly.
+* Introduced ability to push per-device configurations effortlessly. Bundle settings in a zip package, Portainer matches and delivers to edge devices. Simplify management, enhance precision.
+* Fixed an issue where the count of edge stack deployments was incorrect when dealing with asynchronous devices exceeding 100.
+* Fixed an issue where the order of the list changed while logs were being retrieved, and where previously cleared logs were reappearing after retrieving logs for a different environment.
+* Improved logging for edge agent when polling fails. This enhancement provides more informative and detailed logs when polling encounters failures, aiding in quicker identification and resolution of issues. [portainer/portainer#10143](https://github.com/portainer/portainer/issues/10143)
+* Introduced a feature that empowers you to associate edge devices with newly selected or dynamically generated meta values. Enhance flexibility and precision in device management with this innovative addition.
+* Introduced an informative enhancement to the waiting room experience. With the addition of the 'Last Check-In' field, users now have valuable insights into when edge devices last communicated with the Portainer server.
+* Introduced ability to remove edge devices that you no longer want sitting in the waiting room. This feature empowers you with streamlined waiting room management, enabling you to maintain a dynamic and optimised edge environment.
+* Resolved an issue where editing an existing scheduler caused an error due to a missing edge stack on a related endpoint.
+* Resolved an issue where users were able to create schedulers with an empty edge group, which is no longer allowed to ensure proper functionality and avoid potential errors [portainer/portainer#10149](https://github.com/portainer/portainer/issues/10149)
+* Resolved an issue with Portainer tunnel server address validation error during migration. This fix ensures that when migrating, tunnel server addresses are validated correctly.
+* Fixed an issue where Edge groups were incorrectly marked as 'in use' after a scheduler was executed.
+* Addressed an issue where snapshot information was not reliable when the environment was offline. This fix ensures that snapshot information is now accurately presented even when the environment is offline.
+* Resolved an issue where the count for acknowledged edge stacks was dropping after deployment.
+* Resolved an issue where the edge agent default poll frequency selector was not lining up correctly [portainer/portainer#10150](https://github.com/portainer/portainer/issues/10150)
+* Resolved an issue where users were unable to create an edge group when there were no members present in that group. Edge groups can now be created without requiring initial members, offering greater flexibility in edge device and configuration management. [portainer/portainer#10153](https://github.com/portainer/portainer/issues/10153)
+* Introduce an enhancement to our snapshot creation process for edge devices which streamlines the snapshot creation experience, providing users with a more efficient and user-friendly way to capture snapshots on edge devices. [portainer/portainer#10154](https://github.com/portainer/portainer/issues/10154)
+* Introduced ability to seamlessly browse snapshots for your asynchronous environment and access detailed stack information.
+* Fixed an issue where environment files were not functioning properly in Git deployments for edge stacks. [portainer/portainer#10171](https://github.com/portainer/portainer/issues/10171)
+* Introduced webhooks for edge stack, you can now set up webhooks for your edge stacks, enabling automated polling for GitOps updates. [portainer/portainer#10178](https://github.com/portainer/portainer/issues/10178)
+
+### Docker
+
+* Addressed an issue where the Docker client was not utilizing version negotiation. [portainer/portainer#10125](https://github.com/portainer/portainer/issues/10125)
+* Resolved an issue where the image name was displayed incorrectly when a user tried to duplicate or edit a container [portainer/portainer#10126](https://github.com/portainer/portainer/issues/10126)
+* Fixed an issue in the API where sending files to a Docker endpoint resulted in a panic. [portainer/portainer#10129](https://github.com/portainer/portainer/issues/10129)
+* Resolved an issue with Docker Proxy's performance, resulting in improved overall performance and responsiveness when using the Docker Proxy feature. [portainer/portainer#10131](https://github.com/portainer/portainer/issues/10131)
+* Resolved an issue in the Docker Container List where searching by published ports was no longer working. [portainer/portainer#6656](https://github.com/portainer/portainer/issues/6656)
+* Resolved an issue where '.' was not allowed in the image name (but should be) when building a Docker image via the UI. [portainer/portainer#8047](https://github.com/portainer/portainer/issues/8047)
+* Resolved some minor UI issues in Docker Services-related screens. [portainer/portainer#10117](https://github.com/portainer/portainer/issues/10117)
+
+### Swarm
+
+* Fixed an issue in Docker Swarm version 24.0.0 where image tags were not being displayed. [portainer/portainer#10134](https://github.com/portainer/portainer/issues/10134)
+* Resolved an issue where clicking into the details page of a Swarm stack would redirect users to the service section instead of the top of the page [portainer/portainer#10151](https://github.com/portainer/portainer/issues/10151)
+
+### Kubernetes
+
+* Resolved an issue around Operator role users not being able to perform rolling restart, redeploy and rollback to previous version for Deployment, DaemonSet and StatefulSet resources. [portainer/portainer#10105](https://github.com/portainer/portainer/issues/10105)
+* Resolved an issue introduced in 2.18 that prevented the use of Amazon EKS provisioning of a Kubernetes as a Service (KaaS) cluster.
+* Fixed a Kubernetes environment issue when restricting access to the default namespace, where any other namespace with a resource quota may have the resource reservations of its apps incorrectly calculated, preventing standard users from editing the apps.
+* Amended the path for the eksctl binary (used by Amazon EKS KaaS cluster provisioning functionality) to a new expected location.
+* Adjusted Kubernetes Cluster setup screen's ingress settings to be clearer and to give info on ingress defaults. [portainer/portainer#10101](https://github.com/portainer/portainer/issues/10101)
+* Resolved an issue with Kubernetes ECR image pull where the secret token was not updating on manifest deployment. [portainer/portainer#10119](https://github.com/portainer/portainer/issues/10119)
+* Resolved an issue on use of the 'Restrict Proc Mount Types' Kubernetes pod security constraint where the restriction was not being applied.
+* Resolved an issue in the Kubernetes Advanced deployment screen, where a backend panic could occur when deploying some invalid YAML manifests.
+* Updated the link to Portainer documentation (following docs reorganization) for Kubernetes Add Environment via kubeconfig Import. [portainer/portainer#9999](https://github.com/portainer/portainer/issues/9999)
+* Resolved an issue where Node stats for a Google Kubernetes Engine (GKE) cluster gave an error 'unable to retrieve node metrics'. [portainer/portainer#10114](https://github.com/portainer/portainer/issues/10114)
+* Migrated the Kubernetes Add/Edit Application screen's Services section from Angular to React. [portainer/portainer#9235](https://github.com/portainer/portainer/issues/9235)
+* Reintroduced the ability to specify and use (via Add/Edit Application) ingress defaults (hostname and annotations). [portainer/portainer#10030](https://github.com/portainer/portainer/issues/10030)
+* Reintroduced the ability to publish via ingress from the Add/Edit Application screen. [portainer/portainer#10103](https://github.com/portainer/portainer/issues/10103)
+* Introduced the ability to force setting of a note when creating/editing a Kubernetes application (via form), so it can immediately be labelled with its intended use.
+* Introduced correct redirecting of the user, following deployment of a Kubernetes manifest. Previously the user was always returned to the Applications List but will now arrive back at the screen from which they accessed the Advanced Deployment function. [portainer/portainer#10115](https://github.com/portainer/portainer/issues/10115)
+* Migrated the Kubernetes Application Details screen's Summary and Details sections from Angular to React. [portainer/portainer#10102](https://github.com/portainer/portainer/issues/10102)
+* Introduced a loading spinner to the Add/Edit ingress screen's ingress class dropdown, to indicate that available options are still being retrieved. [portainer/portainer#10000](https://github.com/portainer/portainer/issues/10000)
+* Resolved an issue that was occurring on the exposing of Portainer over a subpath, where Kubernetes Cluster Setup and other screens failed to load and reported an error. [portainer/portainer#10112](https://github.com/portainer/portainer/issues/10112)
+* Resolved an issue around limiting of Kubernetes pod security constraints updates.
+* Split the Kubernetes ConfigMaps & Secrets functionality in order to provide better performance and a clearer user experience. We now have separate tabs in the list screen and separate add/edit functions. [portainer/portainer#9222](https://github.com/portainer/portainer/issues/9222)
+* Introduced the ability to set annotations against Kubernetes Services, so they can be configured for service meshes and other tools.
+* Resolved an issue with Kubernetes pages where a warning showed in the browser console ('findDOMNode is deprecated in StrictMode') when resource assignment was first toggled on for the namespace. [portainer/portainer#10111](https://github.com/portainer/portainer/issues/10111)
+* Updated BE Kubernetes Add/Edit Ingress screen to allow use of NodePort or LoadBalancer service types (in addition to existing ClusterIP).
+* Updated Kubernetes ConfigMaps & Secrets terminology that was previously shown as Configurations, so as to align more clearly with Kubernetes. [portainer/portainer#10025](https://github.com/portainer/portainer/issues/10025)
+* Introduced the ability to specify a manifest to be auto deployed to a Kubernetes cluster when connecting or provisioning one. This allows the environment to be initialized with users, namespaces, secrets, etc., as required.
+* In the Dashboard screen of Kubernetes environments, Ingresses and Services panels have now been introduced, providing a count of these resources and an easy means to click through and access their list screens. [portainer/portainer#9223](https://github.com/portainer/portainer/issues/9223)
+* Introduced showing of the error that occurs when a Kubernetes deployment is prevented by any pod security constraints that have been enabled.
+* Migrated Kubernetes Application console page from Angular to React. [portainer/portainer#9177](https://github.com/portainer/portainer/issues/9177)
+* Resolved a Node details issue where nodes showed incorrect role of 'Worker' due to deprecated 'node-role.kubernetes.io/master' K8s label (now 'control-plane'). Also where MicroK8s cluster nodes were incorrectly identified (though not due to labels). [portainer/portainer#10104](https://github.com/portainer/portainer/issues/10104)
+
+### KaaS
+
+* Ensured Kubernetes 1.27 is supported with Google Kubernetes Engine (GKE) provisioning of KaaS clusters.
+* Ensured Kubernetes 1.26 is supported with Google Kubernetes Engine (GKE) provisioning of KaaS clusters.
+* Ensured Kubernetes 1.27 is supported with Azure Kubernetes Service (AKS) provisioning of KaaS clusters.
+* Ensured Kubernetes 1.27 is supported with Digital Ocean Kubernetes (DOKS) provisioning of KaaS clusters.
+* Ensured Kubernetes 1.26 is supported with Linode Kubernetes Engine (LKE) provisioning of KaaS clusters.
+* Applied updates and ensured Kubernetes 1.27 is supported with Amazon Elastic Kubernetes Service (EKS) provisioning of KaaS clusters.
+
+### MicroK8s
+
+* Added Beta support for MicroK8s version 1.28 when creating and managing MicroK8s clusters. Note that 1.27 is still the default option for now, as only limited testing of 1.28 has been performed.
+* Introduced the ability for admins to enable the nfs addon (that has prerequisites) for a MicroK8s cluster, and for admins and environments admins to enable or disable the nfs addon for a MicroK8s cluster, after is has been provisioned.
+* Introduced the ability for admins to enable the openebs addon (that has prerequisites) for a MicroK8s cluster, and for admins and environments admins to enable or disable the openebs addon for a MicroK8s cluster, after is has been provisioned.
+* Introduced the ability for admins and environment admins to retrieve a status report on each control plane node of a MicroK8s cluster.
+* Introduced the ability for admins and environment admins to enable and disable addons that require arguments and generally specify arguments for addons for a MicroK8s cluster.
+* Introduced the ability for admins and environment admins to connect via SSH console to nodes in a MicroK8s cluster.
+* Introduced the ability for admins and environment admins to enable/disable community addons on a MicroK8s cluster created via Portainer. Note: On upgrade to this release, existing MicroK8s clusters created via Portainer are set to allow community addons.
+* Introduced the ability for admins and environment admins to enable or disable addons for a MicroK8s cluster, after it has been provisioned.
+* Introduced the ability for admins, when removing a MicroK8s environment, to also delete the cluster on the nodes, leaving them in a fresh state, ready to begin again.
+* Introduced the ability for admins and environment admins to horizontally scale up or down a MicroK8s cluster (i.e. add or remove nodes), after it has been provisioned.
+* Introduced the ability for admins and environment admins to upgrade the version of a MicroK8s cluster.
+* Added support for MicroK8s version 1.27 when creating MicroK8s clusters and removed warnings in the UI around a Metrics Server issue with MicroK8s 1.25 and 1.26, now that they've been patched to resolve the issue.
+* Fixed an issue in Environment and Cluster Details screens for a MicroK8s cluster that failed to provision via Portainer. In this scenario, the display of enabled addons no longer triggers (whereas, it would previously still attempt it, causing a problem).
+* Added info text to Kubernetes MicroK8s functionality to inform that nodes must be internet routable and open on certain ports.
+
+### Portainer
+
+* Fixed an issue where a bad gateway response occurred when updating an environment with an empty URL. [portainer/portainer#10123](https://github.com/portainer/portainer/issues/10123)
+* Resolved an issue where users were unable to deploy a stack when utilising an image from a private GitLab registry. [portainer/portainer#10124](https://github.com/portainer/portainer/issues/10124)
+* To identify Portainer submenus more clearly, their sub-options are now indented. [portainer/portainer#9216](https://github.com/portainer/portainer/issues/9216)
+* Added a link to the Portainer Assistant/Chatbot settings taking you to an explanatory blogpost.
+* Fixed an issue where the Portainer Assistant/Chatbot icon could eclipse list table screens' pagination.
+* Introducing a new feature that enhances version tracking and clarity for stacks deployed from Git repositories.
+* Resolved an issue around orphaned environments being included in the total count of nodes.
+* Renamed "Automatic updates" in Git deployment section to "GitOps Updates" to clarify the feature at first glance for users. Please note this is a name change only and no functionality has been altered. [portainer/portainer#10175](https://github.com/portainer/portainer/issues/10175)
+* Resolved an issue with the App Templates screen, where a Kubernetes icon was incorrectly showing for Docker Swarm stacks. Also updated the Swagger API documentation to detail the existence of a 'Compose edge stack' App Template (numbered 4) type. [portainer/portainer#10028](https://github.com/portainer/portainer/issues/10028)
+* Fixed an issue where saving Git credentials and subsequently redeploying a stack resulted in an error.
+* Resolved a minor UI issue where warning icons were smaller in size in multi-line warning messages. [portainer/portainer#10118](https://github.com/portainer/portainer/issues/10118)
+* Fixed an issue where standard users were unable to create Azure Container Instances (ACI) resources. [portainer/portainer#10152](https://github.com/portainer/portainer/issues/10152)
+* Fixed an issue where line break HTML tags were showing in some pop-up dialogs instead of actual line breaks. [portainer/portainer#9226](https://github.com/portainer/portainer/issues/9226)
+* Improved App Templates page with enhanced cursor icon and tile highlighting [portainer/portainer#10136](https://github.com/portainer/portainer/issues/10136)
+* Improved rolling back to CE from a CE to BE migration, by providing better logging and performing a check that the db file exists. [portainer/portainer#9225](https://github.com/portainer/portainer/issues/9225)
+* Fixed an issue where edge devices were incorrectly counted as nodes while in the waiting room. Now, waiting room devices are excluded from node count, ensuring accurate resource allocation and adherence to policy.
+* Fixed an issue where the primary environment remained permanently down after restoring from backup. [portainer/portainer#10137](https://github.com/portainer/portainer/issues/10137)
+* Introduced validation to prevent the use of invalid names when creating or editing Kubernetes or Docker Custom Templates. [portainer/portainer#10113](https://github.com/portainer/portainer/issues/10113)
+* Fixed an issue where the 'Skip TLS Verification' option was not functioning properly for custom templates. [portainer/portainer#10138](https://github.com/portainer/portainer/issues/10138)
+* Resolved a minor UI issue where multi-line text-tip and form-error icons were incorrectly vertically center-aligned rather than top-aligned. [portainer/portainer#10118](https://github.com/portainer/portainer/issues/10118)
+* Fixed an issue where the hover interaction for the environment tile on the homepage was missing [portainer/portainer#10136](https://github.com/portainer/portainer/issues/10136)
+* Fixed a security issue where usernames and passwords were displayed in responses. [portainer/portainer#10140](https://github.com/portainer/portainer/issues/10140)
+* Improved error logging in libhttp to provide more useful context. [portainer/portainer#10142](https://github.com/portainer/portainer/issues/10142)
+* Addressed an issue where TLS handshake error messages were being logged, which should only occur when using the DEBUG log level. [portainer/portainer#10144](https://github.com/portainer/portainer/issues/10144)
+* Fixed an issue where using spaces in an Organizational Unit (OU) or Common Name (CN) name caused incorrect data to be displayed in the Active Directory configuration. [portainer/portainer#10145](https://github.com/portainer/portainer/issues/10145)
+* Fixed an issue where Git deployment did not synchronize authentication status.
+* Resolved an issue where unnecessary snapshots were being loaded on the home page, leading to improved loading times and a smoother user experience [portainer/portainer#10147](https://github.com/portainer/portainer/issues/10147)
+* Resolved an issue where users were not being notified about the proper referencing of their uploaded .env files, requiring them to now utilize "stack.env" for appropriate referencing [portainer/portainer#10148](https://github.com/portainer/portainer/issues/10148)
+* Introduced a 'copy to clipboard' button to web editors within the Portainer UI. [portainer/portainer#10116](https://github.com/portainer/portainer/issues/10116)
+* Introduced the ability to manage time in seconds or milliseconds for container logs, expanding your time management options beyond seconds for more insightful troubleshooting. [portainer/portainer#10176](https://github.com/portainer/portainer/issues/10176)
+* Resolved a logging issue with database migrations, where, if an error occurred causing a rollback to the pre-upgrade version of the database, that error was no longer output to the console. [portainer/portainer#10110](https://github.com/portainer/portainer/issues/10110)
+* Provided icons for 'image up to date' indicators (in place of the previous colored circles) shown in Docker Stacks, Services and Containers list screens. This improves accessibility for color-blind users.
+* Resolved an issue that prevented users from stopping stacks with invalid project names during their upgrade from versions 2.6 or 2.7 to 2.13, 2.14, 2.15, 2.16, and subsequent versions. [portainer/portainer#10163](https://github.com/portainer/portainer/issues/10163)
+* Resolved an issue that prevented users from deleting stacks with invalid project names during their upgrade from versions 2.6 or 2.7 to 2.13, 2.14, 2.15, 2.16, and subsequent versions. [portainer/portainer#10164](https://github.com/portainer/portainer/issues/10164)
+* Resolved an issue where users were unable to browse image tags in a private Sonatype registry.
+* Resolved an issue where mouse clicks were not functioning within the "Display Users" section of Active Directory under authentication settings.
+* Resolved an issue where users were encountering difficulties when attempting to push images using a service principal account on Azure Registry. [portainer/portainer#10155](https://github.com/portainer/portainer/issues/10155)
+* Fixed an issue where delete confirmation modals were absent for edge stacks, Docker images, environment groups, and tags. [portainer/portainer#10156](https://github.com/portainer/portainer/issues/10156)
+* Fixed an issue where the creation of manifest file paths slice was incorrect. [portainer/portainer#10170](https://github.com/portainer/portainer/issues/10170)
+* Resolved a minor grammatical issue with a log line recorded when the Docker image up to date indicator check runs but there are no registries defined.
+* Community contribution - The enhancement ensures that the response rewrite operation is properly wrapped with a valid status check, contributing to a more robust and reliable system behavior. [portainer/portainer#2705](https://github.com/portainer/portainer/issues/2705)
+* Fixed an issue where enabling GPU support on existing containers resulted in errors. [portainer/portainer#10174](https://github.com/portainer/portainer/issues/10174)
+* Addressed an issue where users were unable to update the TLS certificate for the Docker API environment. [portainer/portainer#10166](https://github.com/portainer/portainer/issues/10166)
+* Resolved an issue where incorrect AWS ECR icon was used when creating registry [portainer/portainer#10162](https://github.com/portainer/portainer/issues/10162)
+* Added a feature that allows users to update to the latest Portainer Business Edition version directly from within the app
+* Improved the way ANSI escape codes are handled in logs. With this enhancement, logs will now provide clearer and more readable information by effectively stripping out ANSI escape codes.
+* Fixed a user interface issue where only up to 100 groups were being displayed. [portainer/portainer#10160](https://github.com/portainer/portainer/issues/10160)
+* Addressed an issue where using incorrect Azure registry credentials resulted in errors, even after updating with correct credentials, the issue persisted. [portainer/portainer#10159](https://github.com/portainer/portainer/issues/10159)
+* Resolved an issue where custom templates created from Git were not being pulled again at deploy time. This improvement has also been extended to Kubernetes custom templates. [portainer/portainer#10157](https://github.com/portainer/portainer/issues/10157)
+
+### Development
+
+* Resolved an issue with new React version list screens where filter icons were not positioned next to the correct column heading but were abutting the next heading along. [portainer/portainer#10098](https://github.com/portainer/portainer/issues/10098)
+* Applied changes to the helper-reset-password utility to prevent it being accidentally used with the Docker Desktop Extension version of Portainer (where it could break access to the Portainer instance). [portainer/portainer#10109](https://github.com/portainer/portainer/issues/10109)
+* Replaced archived gorilla/securecookie library with just the function that we need extracted out. [portainer/portainer#10008](https://github.com/portainer/portainer/issues/10008)
+* Transitioned Edge stack environments table to React, delivering a more dynamic user experience with modernized interface, improved performance, and interactive management. [portainer/portainer#10210](https://github.com/portainer/portainer/issues/10210)
+
+### REST API Changes
+
+* Corrected API method from 'GET' to 'POST' and path for generate edge key in Swagger API docs
+* Documented 'excludeSnapshots' in Swagger API docs [portainer/portainer#10130](https://github.com/portainer/portainer/issues/10130)
+* Documented webhook types in Swagger API docs [portainer/portainer#9121](https://github.com/portainer/portainer/issues/9121)
+* Resolved a 2.0 validation error in our Swagger API documentation [portainer/portainer#10135](https://github.com/portainer/portainer/issues/10135)
+* Corrected an error in our Swagger API documentation where 'EdgeTunnelServerAddress' was marked as required. It is now correctly marked as optional
+* Corrected 'EdgeCheckinInterval' to 'CheckinInterval' in Swagger API docs [portainer/portainer#10139](https://github.com/portainer/portainer/issues/10139)
+* Corrected missing type and 'file' to 'File' in Swagger API documentation for custom templates [portainer/portainer#10141](https://github.com/portainer/portainer/issues/10141)
+* Added descriptions to the Swagger API documentation for Kubernetes API endpoints that were previously missing from the docs. [portainer/portainer#10106](https://github.com/portainer/portainer/issues/10106)
+* Fixed an API issue where requests to create edge stacks with invalid deployment types were erroneously accepted [portainer/portainer#10168](https://github.com/portainer/portainer/issues/10168)
+* Addressed an issue in the 'edgeStackCreate' API where sending an incorrect request resulted in a 500 error response instead of the expected 400 error. [portainer/portainer#10169](https://github.com/portainer/portainer/issues/10169)
+* Fixed an issue in Swagger API documentation where 'endpointId' was incorrectly marked as optional. It is now correctly set as a required field [portainer/portainer#10173](https://github.com/portainer/portainer/issues/10173)
+* Removed the incorrect documentation for the DELETE method on the license API, as it is not supported. Documented the correct way to perform the operation using the POST method on the license API in Swagger API documentation.
+* Corrected Swagger API documentation for starting or stopping stacks [portainer/portainer#8001](https://github.com/portainer/portainer/issues/8001)
+* Corrected 'ResourceId' and 'endpointId' as required instead of optional in Swagger API documentation for webhooks [portainer/portainer#9121](https://github.com/portainer/portainer/issues/9121)
+* Fixed the Swagger API documentation to require 'endpointId' when updating a stack [portainer/portainer#10161](https://github.com/portainer/portainer/issues/10161)
+* Corrected 'Endpoints' to be listed in alphabetical order in Swagger API docs [portainer/portainer#10158](https://github.com/portainer/portainer/issues/10158)
+
+## Release 2.18.4
+
+July 7, 2023
+
+This release includes an experimental ChatGPT integration. Although it promises exciting possibilities, it's in the early stages of development. We recommend its use for testing and development, and urge caution in production environments. We greatly appreciate your feedback and understanding during this phase. [portainer/portainer#9116](https://github.com/portainer/portainer/issues/9116)
+
+### Resolved CVEs
+
+
+
+Portainer dependencies
+
+* CVE-2023-28840 [portainer/portainer#9058](https://github.com/portainer/portainer/issues/9058)
+
+
+
+### Docker
+
+* Upgraded Docker Compose version to v2.17.2 for Portainer Agent. [portainer/portainer#9095](https://github.com/portainer/portainer/issues/9095)
+* Resolve a problem building Portainer due to an issue with v1.53.0 of golangci-lint. [portainer/portainer#9057](https://github.com/portainer/portainer/issues/9057)
+
+### Swarm
+
+* Resolved an issue where users were unable to migrate or duplicate their swarm stack. [portainer/portainer#9097](https://github.com/portainer/portainer/issues/9097)
+
+### Portainer
+
+* Resolved an issue where the static IP addresses in a macvlan were unexpectedly changed. [portainer/portainer#9101](https://github.com/portainer/portainer/issues/9101)
+* Enhanced the user experience of the 'Skip TLS Verification' feature by adding a confirmation modal. [portainer/portainer#9098](https://github.com/portainer/portainer/issues/9098)
+* Resolved an issue where recreate containers fail when it has a shared and external volumes. [portainer/portainer#9102](https://github.com/portainer/portainer/issues/9102)
+* Fixed issue where registry credential does not sync between registry configuration page and registry details page.
+* Fixed an issue around prompting for a new license.
+* Improved the way node count shows for trial licenses.
+* Resolved an issue where update or rollback was only executed when connection was re-established.
+* Introduced a change to allow removal of all Portainer licenses.
+* Fixed an issue where a warning banner was not always showing in the Homepage or Licenses page when licenses were close to expiring.
+
+### REST API Changes
+
+* Resolved an issue where the response from the API was inconsistent when querying all endpoints and a specific endpoint. [portainer/portainer#9096](https://github.com/portainer/portainer/issues/9096)
+* Corrected 'container' to 'containers' in Swagger API docs (Business Edition).
+
+## Release 2.18.3
+
+May 22, 2023
+
+In this release, we introduce an experimental ChatGPT integration. Although it promises exciting possibilities, it's in the early stages of development. We recommend its use for testing and development, and urge caution in production environments. We greatly appreciate your feedback and understanding during this phase.
+
+### Edge
+
+* Fixed issue preventing configuration of Portainer authentication settings with an alternative mTLS certificate
+* Resolved issue causing edge agent to skip command processing during full snapshot resend
+
+### Kubernetes
+
+* Restored options and wording in the Kubernetes Advanced deployment screen's Automatic updates section, following regression from changes in 2.17. ([portainer/portainer#8950](https://github.com/portainer/portainer/issues/8950))
+
+### Docker
+
+* Resolved issue preventing correct display of network details when containers are running on an unexpected Docker swarm node. ([portainer/portainer#8981](https://github.com/portainer/portainer/issues/8981))
+
+### Portainer
+
+* Introduced ChatGPT integration as an experimental feature, currently not recommended for production environment use
+* Fixed issue preventing LDAP server from creating a connection when using TLS 1.2. ([portainer/portainer#8980](https://github.com/portainer/portainer/issues/8980))
+* Implemented minor UI changes to clarify existing experimental and beta features, ensuring accurate icon and wording display. ([portainer/portainer#8951](https://github.com/portainer/portainer/issues/8951))
+* Corrected an issue causing the polling indicator to float incorrectly in UI when pulling Git repo list on the stack creation page. ([portainer/portainer#8982](https://github.com/portainer/portainer/issues/8982))
+* Resolved syntax styling display issue in web editor. ([portainer/portainer#8984](https://github.com/portainer/portainer/issues/8984))
+* Improved button color contrast in web editor. ([portainer/portainer#8985](https://github.com/portainer/portainer/issues/8985))
+* Fixed visual hierarchy in web editor selection behavior. ([portainer/portainer#8986](https://github.com/portainer/portainer/issues/8986))
+
+### REST API Changes
+
+* Corrected 'team' to 'teams' in Swagger API docs. ([portainer/portainer#8983](https://github.com/portainer/portainer/issues/8983))
+
+## Release 2.18.2
+
+May 1, 2023
+
+### Upgrade notice
+
+* Users upgrading from 2.16.x should note that a bug was introduced then which prevented enforcing of TLS verifications. This has now been fixed but, in circumstances where certificates were not set up correctly and appeared to work due to the bug, you may now need to resolve the certificate issue or deliberately set the new ‘Skip verification’ toggle.
+
+### Edge
+
+* Fixed issue where users were unable to update their Edge Agent to the latest version because the corresponding option was not available when creating a scheduled update
+
+### Kubernetes
+
+* Increased potential success rate of updating Portainer with larger databases by changing Kubernetes manifest and Helm chart for Portainer to have `initialDelaySeconds` of 45 (sec) and `failureThreshold` of 3. [portainer/portainer#8860](https://github.com/portainer/portainer/issues/8860)
+
+### Docker
+
+* Fixed issue where users were unable to pull the latest image from the image details page [portainer/portainer#8847](https://github.com/portainer/portainer/issues/8847)
+
+### Portainer
+
+* Fixed issue where the option to skip TLS verification was missing when editing a stack created from git. Additionally, to adhere to security best practices, the option’s default value has been corrected to be set to off during migration [portainer/portainer#8853](https://github.com/portainer/portainer/issues/8853)
+* Fixed issue where TLS verification was being skipped when creating / editing stacks created from git in version 2.16.x [portainer/portainer#8853](https://github.com/portainer/portainer/issues/8853)
+* Fixed issue where the port number in the displayed webhook link was incorrect when Portainer was running behind a reverse proxy
+* Resolved an issue with the updated web editor component, where it was not loading long YAML files correctly [portainer/portainer#8848](https://github.com/portainer/portainer/issues/8848)
+
+## Release 2.18.1
+
+April 18, 2023
+
+Please note 2.18.0 is not publicly available. This release is 2.18.1 and is our next GA release since "2.17.x". This was done due to the need to provide an upgradeable preview image to a customer.
+
+### Breaking changes
+
+* For breaking changes in the API, please see the [REST API changes](release-notes.md#rest-api-changes) section.
+* The Kompose functionality in Kubernetes has been removed since 2.17.0. Compose yaml can no longer be deployed on Kubernetes.
+* Moved edge devices to the homepage view and removed edge devices menu option under edge compute.
+* Add devices button is replaced with new UX in environment wizard.
+
+### Resolved CVEs
+
+
+
+Portainer dependencies
+
+* SNYK-JS-BOOTBOX-174704
+* SNYK-JS-FASTJSONPATCH-3182961
+* SNYK-JS-MINIMATCH-3050818
+* SNYK-JS-SANITIZEHTML-2957526
+* SNYK-JS-XMLDOMXMLDOM-3042243
+* SNYK-JS-XMLDOMXMLDOM-3092934
+* CVE-2022-23471
+* CVE-2021-41092
+* CVE-2022-41717
+* CVE-2022-32149
+* CVE-2022-27664
+* SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
+
+
+
+
+
+Agent dependencies
+
+* CVE-2022-41717
+* SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322
+
+
+
+### Upgrade notice
+
+* Since release 2.17.x we have added the ability to upgrade Edge Agents from Portainer when running on Docker Standalone / Docker Swarm / Nomad. Before using this feature we strongly advise to test this on a non-production environment first and have an alternative method available to connect to the Edge Device.
+* Any clusters connected to Portainer of version 1.23 Kubernetes and above will have their Pod Security Policies (if they have any and are using the pod security constraints feature) updated to the Pod Security Standards
+
+### Edge
+
+* Introduced a retry policy for edge stack deployment to improve success rate
+* Fixed issue where browse snapshot button was clickable for Kubernetes and Nomad edge agents in async mode
+* Fixed issue where upgrading edge agent from ECR private registry using certificates failed
+* Fixed issue when browsing async edge agents before first snapshot is received.
+* Provide feature flag for FDO feature to be shown in UI [portainer/portainer#8696](https://github.com/portainer/portainer/issues/8696)
+* Fixed issue when browsing non-existent async agent snapshot cause backend panic
+* Fixed issue for remote update schedules error incorrectly displaying for non admin users
+* Fixed the issue where the edge stack is not removed from edge agent when it has been deleted while edge agent is offline
+* Fixed issue where live connect button is clickable for async environment when it shouldn't be [portainer/portainer#8697](https://github.com/portainer/portainer/issues/8697)
+* Fixed issue where edge agent panics with malformed edge key
+* Introduced ability to view container's environment variable when browsing snapshot
+* Removed "Add Edge devices" from Edge Compute and introduced to Environment wizard by renaming Edge Agent to Edge Agent Standard and introduced Edge Agent Async UI options [portainer/portainer#8783](https://github.com/portainer/portainer/issues/8783)
+* Fixed an issue where "copy token" button was missing from edge agent environment wizard [portainer/portainer#8554](https://github.com/portainer/portainer/issues/8554)
+* Introduced remote updating edge agent from a private registry for docker standalone environment
+* Introduced ability to assign group, edge groups and tags to edge environment when using AEEC script
+* Fixed issue where live connect button is clickable for async environment when it shouldn't be [portainer/portainer#8697](https://github.com/portainer/portainer/issues/8697)
+* Fixed issue where edge job logs was not retrieved correctly when edge groups contain async devices
+* Changed default value for async check-in intervals from disabled to 1 minute to improve success rate of initial edge agent connection
+* Renamed AEEC to "Auto onboarding" for better user understanding
+
+### Kubernetes
+
+* Introduced a new feature to allow creating of a MicroK8s Kubernetes cluster on existing machines.
+* Improved performance of Kubernetes screens by adjusting rate limiting of Kubernetes go client. [portainer/portainer#8682](https://github.com/portainer/portainer/issues/8682)
+* Fixed an issue when provisioning a Civo Kubernetes cluster with the Kubernetes version left as the latest, due to Civo introducing Talos as a new Kubernetes cluster type (instead of K3s on Alpine) which then only applied to the latest Kubernetes version.
+* Improved Kubernetes Applications page performance by introducing a namespace filter. [portainer/portainer#8637](https://github.com/portainer/portainer/issues/8637)
+* Improved Kubernetes Dashboard page performance. [portainer/portainer#8635](https://github.com/portainer/portainer/issues/8635)
+* Improved the load time of various Kubernetes pages by removing existing API calls that retrieve namespace resource quota information, where they are not needed. [portainer/portainer#8571](https://github.com/portainer/portainer/issues/8571)
+* Introduced the ability to set annotations against various different Kubernetes objects via the existing form pages.
+* Introduced a new Services screen in Kubernetes environments to improve the visibility of all services that may exist in a cluster, and enable removing where they've inadvertently been left behind after manual removal of applications/deployments. [portainer/portainer#8613](https://github.com/portainer/portainer/issues/8613)
+* Introduced the ability to upload an internal SSL/TLS certificate which can then be used to access a Helm repository hosted on a private server.
+* Updated the pod security constraints feature to use newer OPA Gatekeeper 2.9 and moved the feature away from using Pod Security Policy resources with Kubernetes clusters of 1.23 and above (as they are now removed in Kubernetes 1.25 and above).
+* Added migration to ensure existing pod security constraints work on environments with new Pod Security Standards of updated OPA Gatekeeper 2.9. This includes migrating edge environments on post-upgrade connect that may occur on clicking into via Homepage.
+* Resolved an issue where pod security constraints were not being enforced (since 2.16).
+
+### Docker
+
+* Fixed issue where users are not able to re-create container with multiple networks
+* Fixed issue with relative path not working when private registry is used, due to private registry credentials not passing to unpacker
+* Resolved an issue where default storage detection logic that runs on Kubernetes environment connection was incorrectly running on Docker environment connection, and was therefore causing an error to be output to the logs (but was otherwise benign). [portainer/portainer#8606](https://github.com/portainer/portainer/issues/8606)
+* Improved the existing UI around GPU support for Docker Standalone environments, introduced an overall toggle to turn this on or off and generally improved performance in Docker Containers and Stacks screens where GPU columns may show. [portainer/portainer#8646](https://github.com/portainer/portainer/issues/8646)
+* Defaulted the image up to date indicator to on for new Docker environments added, or on upgrade from CE to BE for all Docker environments (now that caching and Ajax load performance improvements have been applied to this feature).
+* Fixed an issue where stack name validation was missing, causing deployments to fail [portainer/portainer#8629](https://github.com/portainer/portainer/issues/8629)
+
+### Nomad
+
+* Fixed issue where Nomad Edge Agent install script causes error when using environment variables
+* Introduced ability to upgrade edge agent in Nomad environment from within portainer UI
+
+### Portainer
+
+* Fixed issue where container log not showing when logs contain NULL value
+* Added form validation for S3 compatible host field
+* Resolved a minor UI issue with the Container details page's container health panel alignment and content label wrapping. [portainer/portainer#8636](https://github.com/portainer/portainer/issues/8636)
+* Fixed a typo in the placeholder text for the access control component's Authorized users dropdown where it said 'teams' but should have said 'users'. [portainer/portainer#8565](https://github.com/portainer/portainer/issues/8565)
+* Fixed issue where stack can not be deleted if relative path is removed from the mount point
+* Fixed issue where logs in JSON format displayed incorrectly in log viewer [portainer/portainer#8787](https://github.com/portainer/portainer/issues/8787)
+* Resolved an issue with slow performance of certain actions (such as bulk removing of unused container volumes or adding of Kubernetes ingresses) when a user has a long list of notifications (shown via the bell icon in the page header). [portainer/portainer#8604](https://github.com/portainer/portainer/issues/8604)
+* Fixed issue where you can not connect or configure Azure private registry from Portainer while registry is empty
+* Added release testing of ARM32 architecture for Portainer Agent
+* Resolved an issue that occurred when updating user preferences. [portainer/portainer#8570](https://github.com/portainer/portainer/issues/8570)
+* Introduced UI mechanism for automatic retrying of tunnel connection when it fails due to high latency [portainer/portainer#8784](https://github.com/portainer/portainer/issues/8784)
+* Added certificate support of AWS IAM Role Anywhere authentication for Agent and Edge Agent [portainer/portainer#8789](https://github.com/portainer/portainer/issues/8789)
+* Updated hide internal authentication prompt option to default to off
+* Fixed issue where searching is not functional in associated edge environment when creating edge group [portainer/portainer#8589](https://github.com/portainer/portainer/issues/8589)
+* Fixed issue with Docker Swarm environment where containers count weren't displaying correctly in homepage. [portainer/portainer#8695](https://github.com/portainer/portainer/issues/8695)
+* Fixed issue where skipping https verification was default to true for Azure git deployment [portainer/portainer#8698](https://github.com/portainer/portainer/issues/8698)
+* Fixed issue where TLS Min Version was not fully enforced [portainer/portainer#8788](https://github.com/portainer/portainer/issues/8788)
+* Fixed a minor issue on restarting a container where the toaster pop-up message shown had an extraneous slash in front of the container name. [portainer/portainer#8563](https://github.com/portainer/portainer/issues/8563)
+* Introduced ability to use different certificate for mTLS communication between Portainer server and agent.
+* Fixed an issue while in dark mode, where, with any auto-filled text in fill-ins, the cursor completely disappeared until you started typing again. [portainer/portainer#8564](https://github.com/portainer/portainer/issues/8564)
+* Resolved a minor issue in the Browse Registry screen on Kubernetes environments, where the Registries breadcrumb link would take non-admin users back to the Homepage instead of the Registries list screen.
+* Provide feature flag for FDO feature to be shown in UI [portainer/portainer#8696](https://github.com/portainer/portainer/issues/8696)
+* Fixed issue of missing requirement of TLS definition for endpoint creation and correct tagids parameter in swagger API [portainer/portainer#8780](https://github.com/portainer/portainer/issues/8780)
+* Improved Edge Agent Health status indicator and keep consistency with API response [portainer/portainer#8781](https://github.com/portainer/portainer/issues/8781)
+* Fixed issue where git deployment failed to edit or redeploy when compose path begin with slash [portainer/portainer#8782](https://github.com/portainer/portainer/issues/8782)
+* Fixed an issue in the restore from backup function, where a timeout error can occur and Portainer does not restart with the backup restored. [portainer/portainer#8792](https://github.com/portainer/portainer/issues/8792)
+
+### Development
+
+* Improved the layering of the Portainer Dockerfile to ensure internal development-related aspects are excluded where possible. [portainer/portainer#8559](https://github.com/portainer/portainer/issues/8559)
+* Migrated git deployment page form Angular to React [portainer/portainer#8785](https://github.com/portainer/portainer/issues/8785)
+* Migrated code editor component from Angular to React [portainer/portainer#8786](https://github.com/portainer/portainer/issues/8786)
+* Introduced Tailwind prettier which will group utility classes project-wide and order them in a recommended way, making it easier to work with them. [portainer/portainer#8560](https://github.com/portainer/portainer/issues/8560)
+* Introduced replacement for bootbox with react components [portainer/portainer#8588](https://github.com/portainer/portainer/issues/8588)
+* Improved the feature flag architecture to make it easier to use. [portainer/portainer#8562](https://github.com/portainer/portainer/issues/8562)
+* Resolved incorrect usage of log.fatal to ensure the application exits only as necessary. [portainer/portainer#8561](https://github.com/portainer/portainer/issues/8561)
+
+### REST API Changes
+
+* Fixed the API Swagger/OpenAPI documentation for some IDs that were defined as strings but should be integers. [portainer/portainer#8794](https://github.com/portainer/portainer/issues/8794)
+* Added to the API Swagger/OpenAPI documentation that you can upload a file to a Docker Standalone host when the host management feature is enabled. [portainer/portainer#8793](https://github.com/portainer/portainer/issues/8793)
+
+
+
+New Endpoints: 2
+
+* GET `/edge_update_schedules/previous_versions`
+* POST `/sshkeygen`
+
+
+
+
+
+Deleted Endpoints: 2
+
+* GET `/system/info`
+* POST `/system/upgrade`
+
+
+
+
+
+Modified Endpoints: 39
+
+* POST `/cloud/{provider}`
+* POST `/cloudcredentials`
+ * Description changed from 'Create a cloud credential **Access policy**: authenticated' to 'delete delete a cloud credential by ID **Access policy**: authenticated'
+ * New query param: `id`
+* POST `/custom_templates`
+* PUT `/custom_templates/{id}`
+* POST `/edge_groups`
+* PUT `/edge_groups/{id}`
+* POST `/edge_jobs`
+* POST `/edge_jobs/{id}`
+* POST `/edge_stacks`
+* PUT `/edge_stacks/{id}`
+* POST `/edge_update_schedules`
+* GET `/edge_update_schedules/active`
+* GET `/edge_update_schedules/agent_versions`
+* POST `/endpoint_groups`
+* PUT `/endpoint_groups/{id}`
+* GET `/endpoints`
+ * New query param: `edgeAsync`
+ * Deleted query param: `edgeDevice`
+ * Modified query param: `edgeDeviceUntrusted`
+ * Description changed from 'if true, show only untrusted endpoints, if false show only trusted (relevant only for edge devices, and if edgeDevice is true)' to 'if true, show only untrusted edge agents, if false show only trusted edge agents (relevant only for edge agents)'
+* POST `/endpoints`
+* PUT `/endpoints/{id}`
+* POST `/endpoints/{id}/docker/v2/browse/put`
+ * Description changed from 'Upload a file under a specific path on the file system of an environment (endpoint). **Access policy**: authenticated' to 'Use this environment(endpoint) to upload TLS files. **Access policy**: administrator'
+ * Responses changed
+ * New response: `204`
+ * Deleted response: `200`
+* GET `/endpoints/{id}/kubernetes/helm`
+ * Modified query param: `filter`
+ * Required changed from `true` to `false`
+ * Modified query param: `namespace`
+ * Required changed from `true` to `false`
+ * Modified query param: `selector`
+ * Required changed from `true` to `false`
+* DELETE `/endpoints/{id}/kubernetes/helm/{release}`
+ * Modified query param: `namespace`
+ * Required changed from `true` to `false`
+* PUT `/endpoints/{id}/registries/{registryId}`
+* PUT `/endpoints/{id}/settings`
+* POST `/gitops/repo/files/search`
+* POST `/gitops/repo/refs`
+* POST `/ldap/admin-groups`
+* POST `/ldap/check`
+* POST `/ldap/groups`
+* POST `/ldap/test`
+* POST `/ldap/users`
+* POST `/registries`
+* PUT `/registries/{id}`
+* POST `/resource_controls`
+* PUT `/settings`
+* POST `/stacks`
+* POST `/team`
+* POST `/webhooks`
+* PUT `/webhooks/{id}`
+* PUT `/webhooks/{id}/reassign`
+
+
+
+## Release 2.17.1
+
+February 22, 2023
+
+### Resolved CVEs
+
+* Resolved the false positive report of Portainer binaries from VirusTotal. [portainer/portainer#8519](https://github.com/portainer/portainer/issues/8519)
+
+### Docker
+
+* Fixed issue with recreating containers in the Portainer UI if they have been originally created via the CLI. [portainer/portainer#8507](https://github.com/portainer/portainer/issues/8507)
+
+### Portainer
+
+* Fixed an issue where upgrading to Business Edition leaves behind limited stack. [portainer/portainer#8516](https://github.com/portainer/portainer/issues/8516)
+* Fixed an issue where Edge Agent updater leaves behind limited stack.
+* Fixed grammar of placeholder for region field in S3 backup configuration. [portainer/portainer#8515](https://github.com/portainer/portainer/issues/8515)
+* Fixed an issue where an error occurred for upgrading Portainer to 2.17.0 version when Docker engine version is 19.03. [portainer/portainer#8514](https://github.com/portainer/portainer/issues/8514)
+* Fixed an issue where node enforcement message displayed incorrectly for trial license users.
+* Fixed an issue where git credentials are not selected when editing stack deployed from git repository.
+
+## Release 2.17.0
+
+February 7, 2023
+
+### Known issues
+
+* Running Portainer with Docker Engine <= 19.03 (Docker API <= 1.40) will cause a fatal error similar to `failed initializing upgrade service | error="failed to determine container platform: failed to retrieve docker info: Error response from daemon: client version 1.41 is too new. Maximum supported API version is 1.40"`
+
+### Breaking changes
+
+* For breaking changes in the API, please see the [REST API changes](release-notes.md#rest-api-changes) section
+* The Kompose functionality in Kubernetes has been removed. Compose yaml can no longer be deployed on Kubernetes.
+* Moved Edge Devices to the homepage view and removed Edge Devices menu option under Edge Compute
+* Add devices button is temporarily located on the Edge Compute Settings page
+
+### Resolved CVEs
+
+#### Portainer dependencies
+
+* [SNYK-GOLANG-GITHUBCOMURFAVENEGRONI-1658297](https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMURFAVENEGRONI-1658297) - Negroni
+* [CVE-2022-27191](https://nvd.nist.gov/vuln/detail/CVE-2022-27191) - golang.org/x/crypto/ssh in Go
+* [GHSA-8c26-wmh5-6g9v](https://github.com/advisories/GHSA-8c26-wmh5-6g9v) - golang.org/x/crypto/ssh in Go
+* [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) - net/http in Go
+* [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526) - Go
+* [SNYK-JS-XMLDOMXMLDOM-3092934](https://security.snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3092934) - javascript
+* [CVE-2022-23806](https://nvd.nist.gov/vuln/detail/CVE-2022-23806) - kompose
+* [CVE-2022-41720](https://nvd.nist.gov/vuln/detail/CVE-2022-41720) - kompose
+* [CVE-2022-41716](https://nvd.nist.gov/vuln/detail/CVE-2022-41716) - kompose
+* [CVE-2022-41715](https://nvd.nist.gov/vuln/detail/CVE-2022-41715) - kompose
+* [CVE-2022-32189](https://nvd.nist.gov/vuln/detail/CVE-2022-32189) - kompose
+* [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635) - kompose
+* [CVE-2022-30634](https://nvd.nist.gov/vuln/detail/CVE-2022-30634) - kompose
+* [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633) - kompose
+* [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632) - kompose
+* [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631) - kompose
+* [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630) - kompose
+* [CVE-2022-30580](https://nvd.nist.gov/vuln/detail/CVE-2022-30580) - kompose
+* [CVE-2022-29804](https://nvd.nist.gov/vuln/detail/CVE-2022-29804) - kompose
+* [CVE-2022-2880](https://nvd.nist.gov/vuln/detail/CVE-2022-2880) - kompose
+* [CVE-2022-2879](https://nvd.nist.gov/vuln/detail/CVE-2022-2879) - kompose
+* [CVE-2022-28327](https://nvd.nist.gov/vuln/detail/CVE-2022-28327) - kompose
+* [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131) - kompose
+* [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) - kompose
+* [CVE-2022-24921](https://nvd.nist.gov/vuln/detail/CVE-2022-24921) - kompose
+* [CVE-2022-24675](https://nvd.nist.gov/vuln/detail/CVE-2022-24675) - kompose
+* [CVE-2022-23772](https://nvd.nist.gov/vuln/detail/CVE-2022-23772) - kompose
+* [CVE-2021-44716](https://nvd.nist.gov/vuln/detail/CVE-2021-44716) - kompose
+* [CVE-2021-41772](https://nvd.nist.gov/vuln/detail/CVE-2021-41772) - kompose
+* [CVE-2021-41771](https://nvd.nist.gov/vuln/detail/CVE-2021-41771) - kompose
+* [CVE-2021-39293](https://nvd.nist.gov/vuln/detail/CVE-2021-39293) - kompose
+* [CVE-2021-33198](https://nvd.nist.gov/vuln/detail/CVE-2021-33198) - kompose
+* [CVE-2021-33196](https://nvd.nist.gov/vuln/detail/CVE-2021-33196) - kompose
+* [CVE-2021-33195](https://nvd.nist.gov/vuln/detail/CVE-2021-33195) - kompose
+* [CVE-2021-27918](https://nvd.nist.gov/vuln/detail/CVE-2021-27918) - kompose
+* [CVE-2020-16845](https://nvd.nist.gov/vuln/detail/CVE-2020-16845) - kompose
+* [CVE-2022-41717](https://nvd.nist.gov/vuln/detail/CVE-2022-41717) - kompose
+* [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148) - kompose
+* [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526) - kompose
+* [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962) - kompose
+* [CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705) - kompose
+* [CVE-2021-44717](https://nvd.nist.gov/vuln/detail/CVE-2021-44717) - kompose
+* [CVE-2021-36221](https://nvd.nist.gov/vuln/detail/CVE-2021-36221) - kompose
+* [CVE-2021-34558](https://nvd.nist.gov/vuln/detail/CVE-2021-34558) - kompose
+* [CVE-2021-33197](https://nvd.nist.gov/vuln/detail/CVE-2021-33197) - kompose
+* [CVE-2021-31525](https://nvd.nist.gov/vuln/detail/CVE-2021-31525) - kompose
+* [CVE-2021-3114](https://nvd.nist.gov/vuln/detail/CVE-2021-3114) - kompose
+* [CVE-2020-24553](https://nvd.nist.gov/vuln/detail/CVE-2020-24553) - kompose
+* [CVE-2020-15586](https://nvd.nist.gov/vuln/detail/CVE-2020-15586) - kompose
+* [CVE-2020-14039](https://nvd.nist.gov/vuln/detail/CVE-2020-14039) - kompose
+* [CVE-2022-30629](https://nvd.nist.gov/vuln/detail/CVE-2022-30629) - kompose
+
+#### Agent dependencies
+
+* [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) - net/http in Go
+
+### Upgrade notice
+
+* This release has added the ability to upgrade Edge Agents from Portainer when running on Docker Standalone. Before using this feature we strongly advise to test this on a non-production environment first and have an alternative method available to connect to the Edge Device.
+
+### Edge
+
+* Introduced the ability to remotely update edge agents from within Portainer
+* Moved Edge Devices to the homepage view: [portainer/portainer#8333](https://github.com/portainer/portainer/issues/8333)
+* Introduced the ability to browse snapshots of async edge environments from homepage view: [portainer/portainer#8336](https://github.com/portainer/portainer/issues/8336)
+* Optimized performance for scaling large numbers of edge agents: [portainer/portainer#8349](https://github.com/portainer/portainer/issues/8349)
+* Introduced option for pre-pull of images for edge stack deployment to increase deployment success rate
+* Added edge group support in edge jobs to allow execution across many devices
+* Introduce the ability to edit edge agent tunnel URL and API server URL from within Portainer
+* Introduced improved environment tile layout to address consistency when edge devices moved to homepage: [portainer/portainer#8334](https://github.com/portainer/portainer/issues/8334)
+* Clarified UX around polling intervals and poll frequency option in edge compute settings between async and normal edge agents.
+* Added info text to waiting room view
+* Fixed issue where edge stack incorrectly deployed to default namespace when there is a specified namespace defined in the manifest: [portainer/portainer#8346](https://github.com/portainer/portainer/issues/8346)
+* Fixed issue where select all checkbox is missing for edge stack and edge job tables: [portainer/portainer#8029](https://github.com/portainer/portainer/issues/8029)
+* Fixed issue with Edge device tags not showing on Create Edge Group screen: [portainer/portainer#7936](https://github.com/portainer/portainer/issues/7936)
+* Fixed issue where delete edge device does not remove it from the edge groups mapping: [portainer/portainer#8348](https://github.com/portainer/portainer/issues/8348)
+* Fixed issue where edge stack failed to deploy with private registry in async mode
+* Fixed issue where actions icon under edit edge stack page is not consistent
+
+### Kubernetes
+
+* Introduced new log viewer to Portainer Business Edition
+* Introduced the ability to edit the YAML manifest of Kubernetes objects and apply the changes via the Kubernetes patch function
+* Introduced global and cluster-level options to allow enforcing of code-based deployment of Kubernetes objects, preventing the use of Portainer forms and other less easy-to-repeat workflows
+* Introduced a new setting in the Cluster setup screen of a Kubernetes environment to allow enforcing of admin-only deploying of ingresses
+* Introduced the ability to specify updates to existing environment variables of a deployment via query string parameters on the Kubernetes application redeploy webhook
+* Added a rolling restart button to the Kube application UI
+* Introduced a new rollout-restart parameter to Kube application redeploy webhooks to allow remote initiating of zero-downtime deployment rolling restarts
+* Introduced an alternate means of authenticating connections to the Google Cloud platform (used by our KaaS provisioning of Google Kubernetes Engine environments), following their deprecation of the gcp auth plugin in Kubernetes v1.22 and removal in v1.26
+* Introduced experimental Kubernetes functionality (behind a feature flag) to allow installing of MicroK8s to existing machines
+* The Kubernetes deployment option for docker-compose format manifests and the Kompose conversion tool that enabled this have now been removed due to long-standing Common Vulnerabilities and Exposures (CVEs) in Kompose: [portainer/portainer#8355](https://github.com/portainer/portainer/issues/8355)
+* Improved the explanatory tooltips and info text for Kube application automatic updates functionality: [portainer/portainer#8223](https://github.com/portainer/portainer/issues/8223)
+* Updated Kubernetes as a Service (KaaS) cluster provisioning to use the latest eksctl tool for the AWS EKS platform, and support up to v1.23 of Kubernetes (use of this version was previously failing)
+* Resolved an issue where Kubernetes secrets were no longer shown in an expand panel for each application listed in the Applications list screen: [portainer/portainer#8118](https://github.com/portainer/portainer/issues/8118)
+* Improved config setting defaults when connecting clusters: ingress controllers (with a class) are auto detected/set as allowed, metrics API features setting is on (if metrics server is deployed), and storage classes with the 'default' annotation are on: [portainer/portainer#8240](https://github.com/portainer/portainer/issues/8240)
+* The Kubernetes Operator role is not intended to have secrets update permission and hence, as a security consideration, this permission is now removed from Portainer
+* Corrected the look of the fallback icon used for Helm charts that don't have their own icon: [portainer/portainer#8116](https://github.com/portainer/portainer/issues/8116)
+* Made a change to default the resource quota's resource assignment setting to off for new Kubernetes namespaces but always show the toggle (although it can be disabled for change if the cluster's (BE only) allow over-commit setting is off): [portainer/portainer#8122](https://github.com/portainer/portainer/issues/8122)
+* In the Kubernetes Add ingress screen, corrected the namespace selection dropdown to only show those that the user has access to: [portainer/portainer#8150](https://github.com/portainer/portainer/issues/8150)
+* Added a check in Kube Cluster setup and Namespace -> Manage access to see if Kube RBAC addon is enabled in the cluster, and if not, show a warning that Portainer RBAC functionality will be limited. Warning also gives info on enabling RBAC in the cluster: [portainer/portainer#8171](https://github.com/portainer/portainer/issues/8171)
+* Resolved an issue that was causing an 'Unable to get k8s environment access' error on deleting of a Kubernetes edge environment
+* When connecting a Kubernetes environment to Portainer via kubeconfig import, stop deleting of any extant 'portainer' namespace in the cluster
+* When using Kubernetes (KaaS) cluster provisioning and choosing the Azure Kubernetes Service (AKS) option, only node size options that are valid for provisioning now show. Previously, there was at least one option which gave an error on use
+* Resolved two scenarios where importing of the kubeconfig of a Kubernetes cluster raised an error that caused a stuck 'Deploying' status
+* In Kube Create namespace and Namespace details screens, made the resource assignment toggle always visible - even when the cluster's resource over-commit option is off (when it will show but be disabled for change)
+* Fixed an issue introduced in 2.16, where deploying of an ingress via the Portainer Add ingress form does not label the ingress object in the cluster with a Portainer 'internal' deployment label. Any deployment of ingress via Portainer should have this: [portainer/portainer#8337](https://github.com/portainer/portainer/issues/8337)
+* Fixed an issue introduced in 2.16, where, when attaching a ConfigMap to an application being deployed via the Portainer Add application form, the ConfigMap is wrongly included as a Secret in the manifest and the deployment could therefore fail: [portainer/portainer#8323](https://github.com/portainer/portainer/issues/8323)
+* Fixed an incorrect mention in the UI of a 'docker-compose file' which was showing when editing a Kube application deployed from git: [portainer/portainer#8228](https://github.com/portainer/portainer/issues/8228)
+* Fixed an issue preventing adding of a Helm repo that has a redirect: [portainer/portainer#7892](https://github.com/portainer/portainer/issues/7892)
+* Fixed an issue where the kubectl shell does not work when Istio Proxy is installed in the cluster: [portainer/portainer#8321](https://github.com/portainer/portainer/issues/8321)
+* Fixed an issue introduced in 2.16 where the Kube Create namespace screen's CPU and Memory resource allocation max limits did not have other namespaces' resource amounts subtracted when the cluster's allow resource over-commit option was turned off
+
+### Docker
+
+* Introduced support of relative paths for volumes when creating a Docker Standalone or Swarm stack that uses a git repository. Support in edge stacks is excluded at present: [portainer/portainer#6390](https://github.com/portainer/portainer/issues/6390)
+* Introduced new log viewer to Portainer Business Edition
+* Introduced pull image param for stack webhook to turn pull-image on and off
+* Introduced 24 hour caching for new image notification
+* Upgraded docker compose to v2.13.0: [portainer/portainer#8289](https://github.com/portainer/portainer/issues/8289)
+* Provided clarification and rewording in the UI around the 'Pull latest image' toggle in Stacks, Swarm Services and Service details update and Container recreate: [portainer/portainer#8226](https://github.com/portainer/portainer/issues/8226)
+* Updated embedded docker binaries in Portainer and agent from 20.10.13 to 20.10.18: [portainer/portainer#8290](https://github.com/portainer/portainer/issues/8290)
+* Fixed issue of not been able to associate stack created from other docker environments: [portainer/portainer#8030](https://github.com/portainer/portainer/issues/8030)
+* Fixed issue where content overlap edge of screen and left column becomes too narrow: [portainer/portainer#8161](https://github.com/portainer/portainer/issues/8161)
+* Fixed issue where default option for access control is not selected when editing public resource: [portainer/portainer#8162](https://github.com/portainer/portainer/issues/8162)
+* Fixed incorrect wording for private box selector under user access control: [portainer/portainer#7969](https://github.com/portainer/portainer/issues/7969)
+* Fixed issue where text input jumps to the end of the input box in repository form: [portainer/portainer#8214](https://github.com/portainer/portainer/issues/8214)
+* Fixed issue where scrollbar always visible in web editor form regardless contents of web editor: [portainer/portainer#7968](https://github.com/portainer/portainer/issues/7968)
+* Fixed issue where number of stopped container does not display in dashboard correctly: [portainer/portainer#7925](https://github.com/portainer/portainer/issues/7925)
+* Fixed an issue where deleting a network, config or secret did not show a confirmation warning modal: [portainer/portainer#7920](https://github.com/portainer/portainer/issues/7920)
+* Fixed an issue where a user cannot upload a stack file as a custom template: [portainer/portainer#7921](https://github.com/portainer/portainer/issues/7921)
+* Fixed an issue where the old-style UI was still being used in a Docker template-related page: [portainer/portainer#7950](https://github.com/portainer/portainer/issues/7950)
+* Fixed issue where container webhook URL always changed on each recreation
+* Fixed issue where new image notification only relies on checking first digest which is not always accurate: [portainer/portainer#7148](https://github.com/portainer/portainer/issues/7148)
+
+### Portainer
+
+* Introduced support for S3 compatible hosts for backup and restore: [portainer/portainer#6555](https://github.com/portainer/portainer/issues/6555)
+* Introduced support for GitHub container registry as a registry type
+* On the header context sensitive help icon, the red dot notification has been removed. This was put there to highlight the new feature in 2.16: [portainer/portainer#8167](https://github.com/portainer/portainer/issues/8167)
+* Updated Portainer dependencies of Business Edition
+* Upgraded version of golang.org/x/net from v0.0.0 to v0.1.0 for agent: [portainer/portainer#8073](https://github.com/portainer/portainer/issues/8073)
+* Upgraded jwt version to 4.4.2: [portainer/portainer#7970](https://github.com/portainer/portainer/issues/7970)
+* Improved Portainer tooltips to allow them to stay open long enough for clicking of links and selecting of text in them. Also left-justified them for better readability: [portainer/portainer#8224](https://github.com/portainer/portainer/issues/8224)
+* Resolved an issue related to revoking of user permissions: [portainer/portainer#8338](https://github.com/portainer/portainer/issues/8338)
+* Fixed issue where password could be leaked to the log files when errors occur: [portainer/portainer#8343](https://github.com/portainer/portainer/issues/8343)
+* Fixed issue when navigating to the login page log as a unique visitor in Matomo: [portainer/portainer#8344](https://github.com/portainer/portainer/issues/8344)
+* Fixed an svg attribute height error in the page (visible via the browser console): [portainer/portainer#8105](https://github.com/portainer/portainer/issues/8105)
+* Fixed typo where "occured" is used in error message instead of "occurred": [portainer/portainer#8027](https://github.com/portainer/portainer/issues/8027)
+* Fixed issue where long notification is pushed out of table making it hard to read: [portainer/portainer#8215](https://github.com/portainer/portainer/issues/8215)
+* Fixed incorrect link for other settings and agent setup: [portainer/portainer#8347](https://github.com/portainer/portainer/issues/8347)
+* Fixed issue where deleted environment does not clear in table and sidebar when deleting current selected environment: [portainer/portainer#8291](https://github.com/portainer/portainer/issues/8291)
+* Fixed issue where standard users were not able to change ownership to their own team: [portainer/portainer#8216](https://github.com/portainer/portainer/issues/8216)
+* Fixed issue where user encountered an error by deleting tags associated to deleted environments: [portainer/portainer#8089](https://github.com/portainer/portainer/issues/8089)
+* Fixed an issue where the 'hide for all users' button styling behaves differently in dark mode: [portainer/portainer#7926](https://github.com/portainer/portainer/issues/7926)
+* Fixed a minor issue where the pages and items per page elements in data table pagination controls did not quite vertically align with each other: [portainer/portainer#8227](https://github.com/portainer/portainer/issues/8227)
+* Fixed issue where team lead feature is unexpectedly enabled when external authentication is enabled with team sync: [portainer/portainer#7972](https://github.com/portainer/portainer/issues/7972)
+* Fixed issue where response from API when creating edge environments wasn't clearly specifying that URL is compulsory: [portainer/portainer#7997](https://github.com/portainer/portainer/issues/7997)
+* Fixed issue where internal authentication setting is not saved when switch from other authentication method without refreshing browser manually: [portainer/portainer#8028](https://github.com/portainer/portainer/issues/8028)
+* Fixed issue where admin users are not able to delete expired or revoked license
+* Fixed issue where user unable to remove group configuration with active directory authentication: [portainer/portainer#7558](https://github.com/portainer/portainer/issues/7558)
+* Fixed issue where user is not removed from team when removed from LDAP group
+
+### Nomad
+
+* Fixed issue around task logs not loading if they are empty
+* Fixed issue where old UI components were still being used for Nomad related pages
+
+### Development
+
+* Replaced Feather svg icon set with Lucide, a Feather fork that is actively maintained and has a larger and improved range of icons: [portainer/portainer#8121](https://github.com/portainer/portainer/issues/8121)
+* Removed Font Awesome and all remaining references to it. All icons are now svg-based: [portainer/portainer#8120](https://github.com/portainer/portainer/issues/8120)
+* Redesigned Portainer database migration versioning to improve the robustness of the upgrade process: [portainer/portainer#8153](https://github.com/portainer/portainer/issues/8153)
+* Replaced aws-sdk-go with aws-sdk-go-v2
+* Fixed issue where random number generator is not seeded causing predictable outputs: [portainer/portainer#8342](https://github.com/portainer/portainer/issues/8342)
+* Resolved issues building Portainer (caused by third-party deletion of the github.com/rkl-/digest package) by replacing the package with imported code. This provides HTTP Digest Authentication for Portainer's FIDO Device Onboard (FDO) protocol support: [portainer/portainer#8177](https://github.com/portainer/portainer/issues/8177)
+* Corrected a minor UI issue around a corrupted file-code.svg icon: [portainer/portainer#8117](https://github.com/portainer/portainer/issues/8117)
+* Removed the Go experimental module golang.org/x/exp, replacing the small amount of functionality that we use from it with direct code: [portainer/portainer#8176](https://github.com/portainer/portainer/issues/8176)
+* Deprecated the github.com/portainer/libhelm Helm wrapper and moved the code into CE, since EE can now share from CE. This is used by Portainer's Helm functionality: [portainer/portainer#8178](https://github.com/portainer/portainer/issues/8178)
+* Fixed issue where struct tag is malformed with incorrect blank space in template\_file.go: [portainer/portainer#7923](https://github.com/portainer/portainer/issues/7923)
+* (swagger) fix licenses attach route
+
+### REST API changes
+
+#### New Endpoints
+
+* GET `/docker/{environmentId}/containers/{containerID}/image_status`
+* GET `/docker/{environmentId}/services/{serviceID}/image_status`
+* GET `/docker/{environmentId}/stacks/{id}/images_status`
+* GET `/kubernetes/{id}/namespaces/{namespace}/applications`
+* GET `/kubernetes/{id}/namespaces/{namespace}/applications/{kind}/{name}`
+* GET `/kubernetes/{id}/rbac_enabled`
+* GET `/nomad/endpoints/{endpointID}/leader`
+* GET `/system/info`
+* GET `/system/nodes`
+* GET `/system/status`
+* POST `/system/upgrade`
+* GET `/system/version`
+* PUT `/webhooks/{id}/reassign`
+
+#### Deleted Endpoints
+
+* GET `/nomad/endpoints/{endpointID}/status`
+
+#### Deprecated Endpoints
+
+* GET `/status` - Deprecated: use the `/system/status` endpoint instead to retrieve the Portainer status.
+* GET `/status/nodes` - Deprecated: use the `/system/nodes` endpoint instead.
+* GET `/status/version` - Deprecated: use the `/system/version` endpoint instead to check if portainer has an update available.
+
+#### Modified Endpoints
+
+* POST `/backup/s3/execute`
+* POST `/backup/s3/restore`
+* POST `/backup/s3/settings`
+* POST `/edge_jobs`
+* POST `/edge_jobs/{id}`
+* POST `/edge_stacks`
+* PUT `/edge_stacks/{id}`
+* POST `/edge_update_schedules`
+* GET `/edge_update_schedules/active`
+* PUT `/endpoints/{id}`
+* PUT `/endpoints/{id}/settings`
+* POST `/registries`
+* PUT `/registries/{id}`
+* PUT `/settings`
+* POST `/stacks`
+
+
+
+## Release 2.16.2
+
+November 21, 2022
+
+### Edge
+
+* Fixed issue where the Git repository section is missing when creating an Edge Stack via the Git repository option. [portainer/portainer#8072](https://github.com/portainer/portainer/issues/8072)
+
+### Portainer
+
+* Fixed issue where the effective viewer is not showing the correct user access role of environments they have access to. [portainer/portainer#8070](https://github.com/portainer/portainer/issues/8070)
+
+
+
+## Release 2.16.1
+
+November 9, 2022
+
+### Kubernetes
+
+* Fixed an issue with view/edit of an external application (i.e. one originally added to the cluster outside of Portainer) where a 'cannot read properties' error was shown.
+* Fixed an issue with view/edit of Kubernetes namespaces where memory and CPU resource limit sliders were positioned incorrectly and erroneous warnings were shown.
+
+### Docker
+
+* Fixed issue of update stack button being disabled when updating an existing stack.
+
+### Portainer
+
+* Fixed license key issue where node counts were not updated when environments are deleted.
+* Fixed issue with JSON formatted logs failing in 2.16.0.
+
+
+
+## Release 2.16.0
+
+October 31, 2022
+
+### Deprecation notice
+
+* Proposing to deprecate ACI (Azure Container Instances) and remove the functionality to connect to ACI, view existing containers and deploy new containers.
+
+### Upgrade notice
+
+* `portainer/portainer:latest` moved to `portainer/portainer:2.16`.
+
+### React migration
+
+* Migrated from Angular to React: Tag selector for Environment Details view.
+* Migrated from Angular to React: Teams view.
+
+### Kubernetes
+
+* When upgrading to 2.16, if you already have ingress controllers in a Kubernetes cluster/environment linked to Portainer and used Portainer to set them at the cluster and namespace level, and if these ingress controllers were not used by any ingresses, after the upgrade, you may end up with dummy ingresses visible in the new Ingresses screen in Portainer (that are not actually used for any deployment). This is simply an artifact of how we retained information about ingress controllers in earlier Portainer releases. If you find these kinds of dummy ingresses, you can safely delete them.
+* Introduced the ability to auto-detect ingress classes in the environment. [portainer/portainer#7827](https://github.com/portainer/portainer/issues/7827)
+* Added an Ingress menu option in the sidebar that lists all Ingresses in the cluster. [portainer/portainer#7839](https://github.com/portainer/portainer/issues/7839)
+* Introduced the ability to set the type of a Kubernetes secret (e.g. TLS or a user-defined/custom type). Existing secrets were previously always of type Opaque (which remains the default). [portainer/portainer#7842](https://github.com/portainer/portainer/issues/7842)
+* Improved ingress options on the cluster setup page, allowing admins to define ingresses without assigning them to a namespace. [portainer/portainer#7832](https://github.com/portainer/portainer/issues/7832)
+* Introduce TLS and HTTPS support for ingresses. [portainer/portainer#7843](https://github.com/portainer/portainer/issues/7843)
+* Moved the Ingress management from the Application details page to a new Ingress section. [portainer/portainer#7828](https://github.com/portainer/portainer/issues/7828)
+* Resolved an issue when OAuth is in use and Kubernetes updates are deployed via manifest from git. The user email address used in labels/annotations for Kube objects now has disallowed characters (such as the at symbol) replaced with a dot (period symbol). [portainer/portainer#7720](https://github.com/portainer/portainer/issues/7720)
+* The Homepage's kubeconfig download dialog now only includes those environments that show on the Homepage. Those with a connection error or provisioning error (these states were introduced in recent releases) are now excluded.
+* Resolved an issue where Node stats would not work for Google Kubernetes Engine (GKE) clusters. [portainer/portainer#7668](https://github.com/portainer/portainer/issues/7668)
+* Fixed the issue of missing Kubernetes definition for Kubernetes application deployment in the swagger API documentation. [portainer/portainer#7741](https://github.com/portainer/portainer/issues/7741)
+* Fixed issue with deploying custom templates on Kubernetes that are using mustache variables.
+
+### Docker
+
+* Updated the Compose version to 2.10.2. [portainer/portainer#7838](https://github.com/portainer/portainer/issues/7838)
+* Added support for shared memory when creating or editing a container by allowing to set --shm-size from portainer. [portainer/portainer#4992](https://github.com/portainer/portainer/issues/4992)
+* Introduced support for uploading of local files to be included in a Docker image when using Portainer to build an image. [portainer/portainer#7796](https://github.com/portainer/portainer/issues/7796)
+* Set notification of new image for docker default to off.
+* Introduced a setting to turn on/off per host showing of out-of-date image indicators. [portainer/portainer#7219](https://github.com/portainer/portainer/issues/7219)
+* Resolved an issue in Docker Services, Containers, and Stacks, where loading of the recently added out-of-date image indicator delayed showing of a row's action icons.
+* Added information for rebuilding images from stacks on docker standalone environments. [portainer/portainer#7829](https://github.com/portainer/portainer/issues/7829)
+* Added information to the build image from the URL page, including a link to additional documentation. [portainer/portainer#7771](https://github.com/portainer/portainer/issues/7771)
+* Fixed an issue where environment variables for stacks could not be set to empty. [portainer/portainer#7780](https://github.com/portainer/portainer/issues/7780)
+* Fixed an issue where assigning user access to a stack, showed users that don't have access to the Environment. [portainer/portainer#7695](https://github.com/portainer/portainer/issues/7695)
+* Fixed the issue of missing agent deployment script for the docker standalone environment. [portainer/portainer#7757](https://github.com/portainer/portainer/issues/7757)
+* Fixed the issue of the misconfigured stack being saved and subsequently can not be deleted. [portainer/portainer#7798](https://github.com/portainer/portainer/issues/7798)
+* Fixed an issue where the Swarm secret values incorrectly were being trimmed. [portainer/portainer#7772](https://github.com/portainer/portainer/issues/7772)
+* Fixed the issue where the container webhook toggle was not being saved.
+* Fixed an issue where the Docker API section in the add environment wizard incorrectly was showing the docker.sock code block. [portainer/portainer#7650](https://github.com/portainer/portainer/issues/7650)
+* Fixed an issue where a console error was showing for GPU when using Swarm because GPU is not supported on Swarm.
+* Fixed an issue where renaming a deployed container resulted in an error. [portainer/portainer#7778](https://github.com/portainer/portainer/issues/7778)
+* Fixed an issue where the image pull limits weren't being shown for standard users.
+* Fixed error message when adding new docker environments with invalid CA certs for TLS. [portainer/portainer#7934](https://github.com/portainer/portainer/issues/7934)
+* Adjusted the "remove" buttons as per the UI guidelines that were introduced in the 2.15 release. [portainer/portainer#7739](https://github.com/portainer/portainer/issues/7739)
+
+### Gitops
+
+* Introduced the offering of auto-suggestions retrieved from the git repo when entering the Compose path.
+* Added the ability to store git credentials in user settings.
+
+### Portainer
+
+* Introduced a new section that shows past toaster notifications, which are stored in the browser's local storage. [portainer/portainer#7756](https://github.com/portainer/portainer/issues/7756)
+* Introduced a context sensitive help button that links to the relevant documentation based on the current page. [portainer/portainer#7744](https://github.com/portainer/portainer/issues/7744)
+* Introduced login screen banner to the login page.
+* Added banner for "new version available" in portainer business edition.
+* Updated dependencies of PCIDB/GHW for the portainer agent. [portainer/portainer#7705](https://github.com/portainer/portainer/issues/7705)
+* Updated version of chart.js to 2.9.4 and moment to 2.29.4. [portainer/portainer#7681](https://github.com/portainer/portainer/issues/7681)
+* Update golang and image dependencies for API and portainer binary ( EE ).
+* Updated binary version for docker-compose and helm (to v3.9.3). [portainer/portainer#7704](https://github.com/portainer/portainer/issues/7704)
+* Updated the agent library dependencies. [portainer/portainer#7420](https://github.com/portainer/portainer/issues/7420)
+* Fixed an issue where the Microsoft OAuth information was not being retrieved correctly when editing the settings.
+* Fixed select all behavior in environments page.
+* Fixed the issue of handling images built by buildx or buildkit in the registry browser.
+* Fixed an issue where the browser tab title did not update with the actually selected environment. [portainer/portainer#7651](https://github.com/portainer/portainer/issues/7651)
+* Fixed issue with text color and text background color on auto-filled text.
+* Fixed issue where the dropdown menu has incorrect background color in dark mode. [portainer/portainer#7678](https://github.com/portainer/portainer/issues/7678)
+* Fixed styling issues in the Runtime & Resources tab. [portainer/portainer#7779](https://github.com/portainer/portainer/issues/7779)
+* Fixed an issue where the new styling wasn't being applied to links. [portainer/portainer#7740](https://github.com/portainer/portainer/issues/7740)
+* Adjusted the warning text color as per the UI guidelines that were introduced in the 2.15 release. [portainer/portainer#7667](https://github.com/portainer/portainer/issues/7667)
+* Introduced UI info components while browsing snapshots.
+
+### Edge
+
+* Introduced the ability to run remote commands on edge environments connected via Async using mTLS.
+* Introduced UI info components while browsing snapshots.
+
+### Nomad
+
+* Fixed issue around Home page loading time when you have Nomad environments connected.
+* Removed extension validation from compose path field. [portainer/portainer#7652](https://github.com/portainer/portainer/issues/7652)
+* Fixed an issue where the Group and Tag could not be set for Nomad environments when adding it via the wizard. [portainer/portainer#7703](https://github.com/portainer/portainer/issues/7703)
+* Fixed an issue where Nomad system jobs would prevent other jobs from being shown. [portainer/portainer#7229](https://github.com/portainer/portainer/issues/7229)
+
+### Development
+
+* Improved unit tests by using T.TempDir to create a temporary test directory. [portainer/portainer#7675](https://github.com/portainer/portainer/issues/7675)
+* Replaced the logrus logging framework with Zerolog. [portainer/portainer#7935](https://github.com/portainer/portainer/issues/7935)
+* Fixed an issue where new installations that use the develop branch didn't apply the analytics setting correctly. [portainer/portainer#7584](https://github.com/portainer/portainer/issues/7584)
+
+
+
+## Release 2.15.1
+
+September 16, 2022
+
+### Docker
+
+* Fixed an issue with connecting to the local Docker environment when using Windows Container Services. [portainer/portainer#7618](https://github.com/portainer/portainer/issues/7618)
+* Fixed an issue where the build image button would stay inactive when using a tar file. [portainer/portainer#7624](https://github.com/portainer/portainer/issues/7624)
+
+### Portainer
+
+* Fixed an issue where some colors in dark mode appeared too brown. [portainer/portainer#7616](https://github.com/portainer/portainer/issues/7616)
+* Fixed an issue when using leading or trailing spaces in a password would break the login process. [portainer/portainer#7621](https://github.com/portainer/portainer/issues/7621)
+
+
+
+## Release 2.15.0
+
+September 6, 2022
+
+### Deprecation notice
+
+* Proposing to deprecate Kompose and remove the functionality to deploy compose yaml on Kubernetes. [portainer/portainer#7514](https://github.com/portainer/portainer/issues/7514)
+
+### Breaking changes
+
+* Breaking change in API where the endpoint filter `edgeDeviceFilter` has been replaced by `edgeDevice` and `edgeDeviceUntrusted`.
+
+### Browser cache
+
+* Improved caching to prepare a resolution for an issue where certain browsers need a manual browser refresh for new version assets to load. The change only takes effect for upgrades subsequent to migration to 2.15. [portainer/portainer#7443](https://github.com/portainer/portainer/issues/7443)
+
+### React migration
+
+* Migrated docker/containers/list views to React.
+* Migrated the Docker console.
+* Migrated Azure Container Instances views to React.
+* Migrated the sidebar menu and adjusted the Settings page.
+* Migrated the Kubectl shell window.
+* Migrated tooltip into react component.
+* Migrated page header into React component.
+
+### Kubernetes
+
+* Introduced the ability to define pod security constraints per Kubernetes cluster.
+* Introduced an option to forcibly remove a Kubernetes namespace that's in a 'Terminating' state. [portainer/portainer#4580](https://github.com/portainer/portainer/issues/4580)
+* Improved the kubeconfig download dialog by providing pagination (including choosing of the number of items per page), an option to 'select all in page' and selection across multiple pages. [portainer/portainer#7261](https://github.com/portainer/portainer/issues/7261)
+* Resolved an issue where the link shown for an application that is exposed via an ingress was including an incorrect port (the servicePort). [portainer/portainer#7337](https://github.com/portainer/portainer/issues/7337)
+* Resolved some errors and wording issues in recent KaaS cluster provisioning and import kubeconfig functionality.
+* When using Kubernetes (KaaS) cluster provisioning and choosing the DigitalOcean option, only node size options that are valid for provisioning now show. Previously, there was at least one option which gave an 'invalid droplet size' error on use.
+
+### Docker
+
+* Added GPU support to Docker containers. [portainer/portainer#3143](https://github.com/portainer/portainer/issues/3143)
+* Introduced the ability to disable use of the anonymous Docker Hub registry option via the Portainer UI for all users.
+* Added support to read value from .env in subfolder for git deployment in Docker Standalone Environment. [portainer/portainer#7265](https://github.com/portainer/portainer/issues/7265)
+* Added message explaining that changed env values only take effect after redeployment or auto update via webhook. [portainer/portainer#7242](https://github.com/portainer/portainer/issues/7242)
+* Provided prune option for stack deployment from Git. [portainer/portainer#7224](https://github.com/portainer/portainer/issues/7224)
+* Removed "Show Container Template" toggle on App templates page and introduced filter and sort by dropdown options. [portainer/portainer#7394](https://github.com/portainer/portainer/issues/7394)
+* Fixed recreate of container so it pulls the image using the SHA256 hash if its tag no longer exists, and if the image is still inaccessible (as it no longer exists or the tag or name is now incorrect) warn the user and disable 'Pull latest image' option. [portainer/portainer#6566](https://github.com/portainer/portainer/issues/6566)
+* Introduced support for checking images held in private registries to the recently added functionality that shows a visual image indication on stacks, services and containers that are running with an out-of-date image.
+* Introduced improved validation to the Docker build image function, to prevent invalid image names. [portainer/portainer#7463](https://github.com/portainer/portainer/issues/7463)
+* Fixed host info being sent when host management feature is turned off. [portainer/portainer#7277](https://github.com/portainer/portainer/issues/7277)
+* Following the introduction of v2 Docker Compose, changed any front-end wording that mentions 'docker-compose' to say 'docker compose', to clarify and bring in line with official documentation. [portainer/portainer#7141](https://github.com/portainer/portainer/issues/7141)
+
+### Portainer
+
+* Introduced license enforcement for 5 nodes free in business edition.
+* Introduced new styling for Portainer. [portainer/portainer#7528](https://github.com/portainer/portainer/issues/7528)
+* Introduced Portainer UI redesign with changes for common configuration pages. [portainer/portainer#7527](https://github.com/portainer/portainer/issues/7527)
+* Included build information in Portainer for easier debug. [portainer/portainer#7317](https://github.com/portainer/portainer/issues/7317)
+* Introduced the ability to show/hide the password you are entering on login. [portainer/portainer#7461](https://github.com/portainer/portainer/issues/7461)
+* Introduced CTRL+F (or CMD+F on MacOS) to search in web editors. [portainer/portainer#6537](https://github.com/portainer/portainer/issues/6537)
+* Introduced the ability to filter connection type and agent version on the home page. [portainer/portainer#7468](https://github.com/portainer/portainer/issues/7468)
+* Improved environment address entry to handle http:// or https:// prefixes when adding an environment via Docker or Kubernetes (agent) options. [portainer/portainer#7462](https://github.com/portainer/portainer/issues/7462)
+* Introduced a change to the Homepage's multi-select filters to keep the dropdown open after a single selection until the user closes it themselves, or the last remaining option is selected. [portainer/portainer#7548](https://github.com/portainer/portainer/issues/7548)
+* Added tips for entering Portainer license key.
+* Updated the agent library dependencies [portainer/portainer#7420](https://github.com/portainer/portainer/issues/7420)
+* Fixed issue where Automatic team membership did not always work for Azure.
+* Fixed an issue where auto populate team admins LDAP feature didn't work on upgrade from CE to BE.
+* Fixed issue of authentication logs not working behind reverse proxy. [portainer/portainer#7120](https://github.com/portainer/portainer/issues/7120)
+* Fixed license expiry message flashing even license is not expired or close to expiring.
+* Fixed a few typos in various locations. [portainer/portainer#7243](https://github.com/portainer/portainer/issues/7243)
+* Fixed issue with environment page table losing selection on table refresh. [portainer/portainer#7395](https://github.com/portainer/portainer/issues/7395)
+* Fixed missing BE feature indicators. [portainer/portainer#7396](https://github.com/portainer/portainer/issues/7396)
+* Fixed issue where certificate uploading is not functional for StartTLS/TLS in LDAP configuration. [portainer/portainer#6271](https://github.com/portainer/portainer/issues/6271)
+* Reworded error message for JWT token missing to more user-friendly message.
+
+### Edge
+
+* Introduced the ability to get logs for edge stacks of specific environments.
+* Fixed connection issue ("Environment is unreachable") after deploying Nomad environment with AEEC script.
+* Updated UI of Add devices page to match the Add environment page. [portainer/portainer#7393](https://github.com/portainer/portainer/issues/7393)
+* Fixed issue where editing edge jobs changed the configured cron expression. [portainer/portainer#7432](https://github.com/portainer/portainer/issues/7432)
+* Fixed known issue with manually adding an Edge Device environment through the edge device page when using Async mode, does not retain Async settings and needs to be manually added through the environment details page.
+* Removed Beta label on Edge Jobs. [portainer/portainer#7162](https://github.com/portainer/portainer/issues/7162)
+* Improved image parsing for Kubernetes Edge Stacks that use private registries so that the same parsing as Docker ones is used.
+
+### Registry
+
+* Improved Registry details screen with better prompting for relevant fields. [portainer/portainer#3015](https://github.com/portainer/portainer/issues/3015)
+* Resolved an issue around not being able to add multiple Quay registries. [portainer/portainer#7430](https://github.com/portainer/portainer/issues/7430)
+* Improved the Registry details screen to show the registry provider and made the Add registry screen default to Docker Hub as the provider. [portainer/portainer#7246](https://github.com/portainer/portainer/issues/7246)
+
+### Nomad
+
+* Standardized the behavior of Nomad edge environments to be the same as non-Nomad edge environments.
+
+
+
+## Release 2.14.2
+
+July 26, 2022
+
+### Known issues
+
+* Known issue with manually adding an Edge Device environment through the Edge Device page when using Async mode, does not retain Async settings and needs to be manually added through the environment details page.
+* Image update notifications are currently not supported for private registries and private images in DockerHub. This is due to be fixed in our next major version.
+
+### Kubernetes
+
+* Fixed an issue where the kubeconfig downloadable from Portainer always had port 9443 in its URLs, even though the actual Portainer instance was being accessed via another port. [portainer/portainer#7059](https://github.com/portainer/portainer/issues/7059)
+
+### Docker
+
+* Fixed certificate file validation for .pem files [portainer/portainer#7183](https://github.com/portainer/portainer/issues/7183)
+* Fixed an issue when using a Mustache variable (e.g. \{{service\}}) multiple times in the YAML, where the UI should prompt for it only once and then reuse it (rather than prompting for it multiple times).
+* Fixed an issue when using a Mustache variable (e.g. \{{path\}}) with special characters in the value, where the resulting value would end up being HTML encoded.
+* Fixed issue around access control labels being ignored.
+
+### Portainer
+
+* Fixed an issue where the original admin user was unable to change their password when external authentication is enabled. [portainer/portainer#7291](https://github.com/portainer/portainer/issues/7291)
+* Fixed toggle state reset issue for custom logo and anonymous statistics. [portainer/portainer#7278](https://github.com/portainer/portainer/issues/7278)
+* Fixed issue with not being able to add users to teams while LDAP authentication is enabled without auto teams population. [portainer/portainer#7252](https://github.com/portainer/portainer/issues/7252)
+* Fixed an issue where auto populate team admins LDAP feature didn't work on upgrade from CE to BE.
+* Resolved an issue where new installs of recent Portainer releases had an extraneous (although innocuous) db version update on restart.
+
+### Edge
+
+* Fixed pagination issue on Add edge jobs page for listed environments. [portainer/portainer#7312](https://github.com/portainer/portainer/issues/7312)
+
+
+
+## Release 2.14.1
+
+July 12, 2022
+
+### Known issues
+
+* Known issue with manually adding an Edge Device environment through the Edge Device page when using Async mode, does not retain Async settings and needs to be manually added through the environment details page.
+* Image update notifications are currently not supported for private registries and private images in DockerHub. This is due to be fixed in our next major version.
+* When using a Mustache variable (e.g. `{{ service }}`) multiple times in the YAML, the UI also prompts for it multiple times, rather than prompting for it a single time and then reusing it.
+
+### Kubernetes
+
+* Improved KaaS cluster provisioning's cluster name validation to enforce restrictions that Google GKE expects.
+* Fixed issue of variable inputs not showing on deployment view when using custom templates.
+* Improved Portainer logging to better record the output from eksctl, the CLI tool used for Amazon EKS (KaaS) cluster provisioning.
+* Fixed an issue where, upon initiating AWS KaaS cluster/environment provisioning and subsequently restarting Portainer in a short space of time, the requested environment would become stuck and unusable in Portainer, and couldn't be deleted.
+
+### Docker
+
+* Resolved an issue where users running Portainer with non-root access were receiving a 'Permission denied on docker-compose' error since the recent update to Docker Compose V2. [portainer/portainer#6906](https://github.com/portainer/portainer/issues/6906)
+
+### Portainer
+
+* Fix to improve LDAP, etc. authentication/login speed when there are many thousands of users.
+* Resolved an issue where users upgrading a Portainer install, where the portainer\_data volume is stored on a network volume, receive a 'Permission denied' error when the upgrade attempts a backup of the database. [portainer/portainer#7144](https://github.com/portainer/portainer/issues/7144)
+* Fixed "Create user" button in disabled stage when external Auth enabled. [portainer/portainer#7214](https://github.com/portainer/portainer/issues/7214)
+
+### Edge
+
+* Fixed issue where the edge agent could not connect when running Portainer behind a reverse proxy only supporting TLS v1.2. [portainer/portainer#7167](https://github.com/portainer/portainer/issues/7167)
+
+
+
+## Release 2.14.0
+
+June 28, 2022
+
+### Known issues
+
+* Known issue with manually adding an Edge Device environment through the Edge Device page when using Async mode, does not retain Async settings and needs to be manually added through the environment details page.
+* Image update notifications are currently not supported for private registries and private images in DockerHub. This is due to be fixed in our next major version.
+
+### Breaking changes
+
+* With the upgrade to Docker Compose V2, container names now use hyphens as separators instead of underscores. This may affect you if you are generating container names instead of explicitly defining them, then using them as references.
+
+### Kubernetes
+
+* Introduced ability to set up a new Kubernetes environment in Portainer via upload of a kubeconfig file for an existing on premises or on-cloud cluster.
+* Fixed issue around Git clone working with Main (in addition to existing Master) branch type. [portainer/portainer#6002](https://github.com/portainer/portainer/issues/6002)
+* Updated packaged components to recent stable release versions: Docker 20.10.9, Docker Compose plugin 2.5.1, kubectl 1.24.1, Helm 3.9.0. [portainer/portainer#6074](https://github.com/portainer/portainer/issues/6074)
+* Administrators can now set up cloud provider settings via a list page and separate add page in a similar way to other records in Portainer.
+* Introduced support for provisioning of a Kubernetes cluster on the Amazon (AWS) EKS platform from within Portainer, alleviating the need to do so in the cloud provider's portal. The AWS eksctl binary is auto downloaded when first using this functionality.
+* Introduced support for provisioning of a Kubernetes cluster on the Microsoft Azure AKS platform from within Portainer, alleviating the need to do so in the cloud provider's portal.
+* Introduced support for provisioning of a Kubernetes cluster on the Google Cloud GKE platform from within Portainer, alleviating the need to do so in the cloud provider's portal.
+* Fixed a typo in the Kubernetes -> Namespaces -> Create from manifest (advanced deployment) page. [portainer/portainer#6968](https://github.com/portainer/portainer/issues/6968)
+* Fixed an issue with cluster provisioning via Civo KaaS, where if the Civo account has an issue with its defined networks, the environment was stuck waiting to complete provisioning and never ultimately errored.
+* Introduced the ability to set the group and tags against the environment in Portainer when an admin provisions a Kubernetes as a Service cluster.
+* Introduced slight improvements to editing of sensitive cloud credentials values.
+* Fixed an issue in the Settings -> Environments page, where an environment that was disabled or still being provisioned could be selected for removal and then removed.
+* Added the ability to manually refresh pulling of Kubernetes as a Service cluster provisioning options from cloud providers.
+* Improved error handling around KaaS provisioning in the environment wizard.
+* Kubernetes as a Service (cloud) provisioned environments will now appear in the 'new environments' side panel in the environments wizard.
+
+### Docker
+
+* Introduced a visual indication of stacks, services and containers that are running with an out-of-date image. [portainer/portainer#1304](https://github.com/portainer/portainer/issues/1304)
+* Fixed issue around Git clone working with Main (in addition to existing Master) branch type. [portainer/portainer#6002](https://github.com/portainer/portainer/issues/6002)
+* Updated packaged components to recent stable release versions: Docker 20.10.9, Docker Compose plugin 2.5.1, kubectl 1.24.1, Helm 3.9.0. [portainer/portainer#6074](https://github.com/portainer/portainer/issues/6074)
+* Fixed issue for standard user having an empty network as default when creating containers on Windows environments [portainer/portainer#6959](https://github.com/portainer/portainer/issues/6959)
+* Introduced ability to pass environment variables on the webhooks in Docker stack deployment.
+* Provide a stack template for dokku deployment within portainer. [portainer/portainer#7011](https://github.com/portainer/portainer/issues/7011)
+* Resolved an issue when updating an application and changing its service from replicated to global, where an error occurs and the deployed application is deleted. [portainer/portainer#7056](https://github.com/portainer/portainer/issues/7056)
+* Third-party developer Inedo has fixed their ProGet registry software to resolve an intermittent error admins were experiencing in Portainer on retag or delete of a tagged image. This is planned to ship 10 June 2022 in ProGet 6.0.16, before Portainer 2.14.
+* Introduced support in the container webhook for pull/recreate of containers from images residing in private registries.
+* Fixed an issue in the Containers page, where choosing 'Recreate' enabled the webhook for the container, even though it was not currently turned on.
+* Fixed an issue where, when calling Swarm update API through Portainer, incorrect overriding of the registry authentication header occurred, preventing pull of an image. [portainer/portainer#7095](https://github.com/portainer/portainer/issues/7095)
+
+### Portainer
+
+* Redesigned team leader feature. [portainer/portainer#7093](https://github.com/portainer/portainer/issues/7093)
+* Fixed an issue where the delete environment confirmation dialog was positioned too low on-screen. [portainer/portainer#6983](https://github.com/portainer/portainer/issues/6983)
+* Fixed an issue where agent and edge agent install command instructions do not list the agent\_secret option. [portainer/portainer#6801](https://github.com/portainer/portainer/issues/6801)
+* Fixed an issue where the home (environments) page no longer showed the words 'No tags' for environments without tags. [portainer/portainer#6967](https://github.com/portainer/portainer/issues/6967)
+* Introduced support for provisioning of a Kubernetes cluster on the Amazon (AWS) EKS platform from within Portainer, alleviating the need to do so in the cloud provider's portal. The AWS eksctl binary is auto downloaded when first using this functionality.
+* The Add environment page and Environment wizard are now consolidated into a single consistent, improved wizard-style experience. [portainer/portainer#7022](https://github.com/portainer/portainer/issues/7022)
+* Introduced support for provisioning of a Kubernetes cluster on the Microsoft Azure AKS platform from within Portainer, alleviating the need to do so in the cloud provider's portal.
+* Introduced support for provisioning of a Kubernetes cluster on the Google Cloud GKE platform from within Portainer, alleviating the need to do so in the cloud provider's portal.
+* Fixed Go panic state for the environments list handler [portainer/portainer#7047](https://github.com/portainer/portainer/issues/7047)
+* Introduced ability for admin to set required password length. [portainer/portainer#7055](https://github.com/portainer/portainer/issues/7055)
+* Fixed an issue recently introduced in the environments page where the name of an environment that was down no longer linked through to its details page.
+* Resolved an issue preventing migration from EE 2.12 to 2.13 (or now 2.14) for Portainer instances that had previously migrated to EE from a CE instance with Allow Volume Browser for Regular Users toggled on for an environment.
+* Increased the click/touch area in expandable panels so it's easier to open/close them. [portainer/portainer#7036](https://github.com/portainer/portainer/issues/7036)
+* Fixed propagation of Portainer agent polling frequency when changed before deploying via automatic edge environment creation
+* Introduced the ability to paste in an existing license, revalidate with the license server and replace it in the database. This can be used to fix a corrupted license.
+
+### Edge
+
+* Fixed issue with status indicator on Edge Stacks not updating when removing tags from edge environments/groups [portainer/portainer#6950](https://github.com/portainer/portainer/issues/6950)
+* Introduced the ability to define the 3 polling intervals for Async
+* For edge agents, the URL shown in the Environment summary page (access from the Home page) has now been removed, as it caused confusion since it simply showed the Portainer Server URL. [portainer/portainer#6978](https://github.com/portainer/portainer/issues/6978)
+* Fixed Data race in the operations of the edge key in the Edge Agent [portainer/portainer#7024](https://github.com/portainer/portainer/issues/7024)
+* Added "goto page" to the Edge devices page view [portainer/portainer#6982](https://github.com/portainer/portainer/issues/6982)
+* Added the ability to add edge agents in the environment wizard [portainer/portainer#7023](https://github.com/portainer/portainer/issues/7023)
+
+### Nomad
+
+* Added HTTPS support for Nomad Edge Agent.
+* Added display of BE feature highlights in CE for new Nomad, KaaS provisioning and kubeconfig import functionality. [portainer/portainer#7051](https://github.com/portainer/portainer/issues/7051)
+
+## Release 2.13.1
+
+May 12, 2022
+
+### Portainer
+
+* Changed the minimum TLS version of Portainer from 1.3 to 1.2 to avoid issues with nginx reverse proxies: [portainer/portainer#6902](https://github.com/portainer/portainer/issues/6902)
+* Fixed issue with the Portainer authentication settings page not being able to save: [portainer/portainer#6899](https://github.com/portainer/portainer/issues/6899)
+* Changed the password policy to require 12 characters for all Portainer internal users: [portainer/portainer#6904](https://github.com/portainer/portainer/issues/6904)
+
+## Release 2.13.0
+
+May 9. 2022
+
+### Known issues
+
+* When provisioning a Civo cluster while there are multiple default networks defined on the Civo account, the environment will fail to provision and Portainer will end up waiting for the environment to be ready indefinitely. This can be resolved from the Civo console by deleting the cluster and using a non-default network for the provision.
+
+### Breaking changes
+
+* The minimum TLS version of Portainer was changed from 1.2 to 1.3. If you are running a proxy in front of Portainer with HTTPS you will need to ensure it is configured to support TLS 1.3.
+* Standard users can browse registries including edit and delete
+* Introduced the ability for non admin users to browse image registries
+* Added strong password policy for all Portainer internal users. When using a weak password and logging in you will be required to update your password.
+
+### Kubernetes
+
+* Improve how Portainer helps you set up ingresses (especially Nginx ones), including support of regular expressions in paths - by assisting with required annotations and correcting a rewrite issue: [portainer/portainer#6854](https://github.com/portainer/portainer/issues/6854)
+* Introduce support for provisioning of a Kubernetes cluster on a cloud provider's KaaS offering from within Portainer, alleviating the need to do so in the provider's own portal. Initial supported providers are Civo, DigitalOcean and Linode.
+* Fixed an issue where, on setting up (on a namespace) an ingress controller for a k8s cluster and I create an app with two ingress routes on the controller, app details show only the second of the paths: [portainer/portainer#6856](https://github.com/portainer/portainer/issues/6856)
+* Fixed an issue where Portainer's validation of a K8s namespace's hostnames was disallowing wildcards (e.g. \*abc.com): [portainer/portainer#6855](https://github.com/portainer/portainer/issues/6855)
+* Fixed issue with default helm repo not populating in settings page: [portainer/portainer#6849](https://github.com/portainer/portainer/issues/6849)
+* Created documentation around using GKE ingress with Portainer: [portainer/portainer#6848](https://github.com/portainer/portainer/issues/6848)
+* Added input validation for kubernetes workload names: [portainer/portainer#5363](https://github.com/portainer/portainer/issues/5363)
+* Fixed issue where changing Portainer to HTTPS crashed Portainer: portainer/portainer#6836
+* Fixed issue where Helm Charts could not be deployed when using SSL certs with Portainer: [portainer/portainer#6742](https://github.com/portainer/portainer/issues/6742)
+* Fixed issue of not being able to use a name previously used for kubernetes resources: [portainer/portainer#6830](https://github.com/portainer/portainer/issues/6830)
+* Fixed issue where the Kube cluster resource stats had a rounding issue: [portainer/portainer#6472](https://github.com/portainer/portainer/issues/6472)
+* Fixed an issue when deploying Portainer client with AGENT\_SECRET without configuring Kubernetes agent with AGENT\_SECRET where an "Failure unknown" error shows rather than "agent already paired" : [portainer/portainer#6791](https://github.com/portainer/portainer/issues/6791)
+
+### Docker
+
+* Standard users can browse registries including edit and delete
+* Introduced the ability for non admin users to browse image registries
+* Fixed issue where the Disable bind mounts for non-administrators setting would prevent existing volumes from being used: [portainer/portainer#6387](https://github.com/portainer/portainer/issues/6387)
+* Fixed issue with creating a CIFS volume that uses a hostname: [portainer/portainer#6338](https://github.com/portainer/portainer/issues/6338)
+* Fixed issue where webhooks for services were accepting invalid tags: [portainer/portainer#6493](https://github.com/portainer/portainer/issues/6493)
+* Fixed issue with libcompose logging where error output is attempted to be included when an error did not occur: [portainer/portainer#6857](https://github.com/portainer/portainer/issues/6857)
+* Fixed an issue where 'Pull and Redeploy' and 'Force redeploy' don't work on ARM: [portainer/portainer#6788](https://github.com/portainer/portainer/issues/6788)
+* Documented deviation from the Docker standard when using the /docker/images/create API endpoint in conjunction with a private registry: [portainer/portainer#6712](https://github.com/portainer/portainer/issues/6712)
+* Fixed issue where credentials from different registries were being used: [portainer/portainer#6087](https://github.com/portainer/portainer/issues/6087)
+* Fixed issue where stack name was stated inaccurately in the message which informs users that a container/service inherited its access control settings from a specific stack: [portainer/portainer#6478](https://github.com/portainer/portainer/issues/6478)
+* Fixed issue with displaying container template when connected to docker swarm in the app templates page view: [portainer/portainer#6837](https://github.com/portainer/portainer/issues/6837)
+* Fixed text color on modal when updating a service: [portainer/portainer#6839](https://github.com/portainer/portainer/issues/6839)
+* Fixed issue where Watchtower did not work for standalone stacks on Arm64: [portainer/portainer#5799](https://github.com/portainer/portainer/issues/5799)
+
+### Portainer
+
+* Enforced strong password policy for all Portainer Users: [portainer/portainer#6846](https://github.com/portainer/portainer/issues/6846)
+* Improved the database migration to become more resilient: [portainer/portainer#6778](https://github.com/portainer/portainer/issues/6778)
+* Introduced the ability to filter and sort environments on the Home page: [portainer/portainer#6823](https://github.com/portainer/portainer/issues/6823)
+* When changing the user password the user gets redirected to the login page: [portainer/portainer#6456](https://github.com/portainer/portainer/issues/6456)
+* Fixed issue where upgrading to the Business Edition and then downgrading back to the Community Edition did not work
+* Improved security for custom templates when using Git repos that contain symlinks: [portainer/portainer#6847](https://github.com/portainer/portainer/issues/6847)
+* Improved how the installation page times out: [portainer/portainer#6740](https://github.com/portainer/portainer/issues/6740)
+* Improved file type validation when selecting multiple files when deploying from Git repository
+* Removed superfluous warning message for the Enable Change Window setting
+* Fixed bug relating to environment status in home page: [portainer/portainer#6047](https://github.com/portainer/portainer/issues/6047)
+* Improved concurrency in agent code to prevent race conditions: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Improved concurrency in backend code to prevent race conditions: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Fixed duplicate naming issue for registries: [portainer/portainer#6838](https://github.com/portainer/portainer/issues/6838)
+* Fixed issue around user accessing agent environment after changing an invalid environment url to a valid one: [portainer/portainer#6824](https://github.com/portainer/portainer/issues/6824)
+* Fixed issue with the menu when connecting to another environment fails: [portainer/portainer#6449](https://github.com/portainer/portainer/issues/6449)
+* Updated registry form wording from Password to "Dockerhub access token" : [portainer/portainer#6308](https://github.com/portainer/portainer/issues/6308)
+* Fixed text color for change window warning text
+* Fixed an issue where the hover-over tooltip for nav menu items always just showed 'Settings' rather than the menu item text: [portainer/portainer#6779](https://github.com/portainer/portainer/issues/6779)
+* Fixed issue where the green success notification was not showing up after deleting a custom app template: [portainer/portainer#6724](https://github.com/portainer/portainer/issues/6724)
+* Improved UX for setting themes by removing save button: [portainer/portainer#6840](https://github.com/portainer/portainer/issues/6840)
+
+### Edge
+
+* Renamed Trust on first connect to "Waiting Room"
+* Introduced the ability to pass env variables from local system to edge stacks for Kubernetes environments
+* Created the ability for Automatic Edge Environment Creation (AEEC) within Portainer Server
+* Introduced support for using credentials with private registries for edge stacks
+* Resolved data race on stack deploy for edge agents: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Added environment variable to the agent to adjust the probe timeout and interval: [portainer/agent#293](https://github.com/portainer/agent/issues/293)
+* Introduce the ability to pass env variables from a local system on edge devices to the edge stack: [portainer/portainer#6832](https://github.com/portainer/portainer/issues/6832)
+* Fixed issue with edge environments having faulty heartbeat on Edge Devices page: [portainer/portainer#6825](https://github.com/portainer/portainer/issues/6825)
+* Improved concurrency in edge code to prevent race conditions: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Fixed data race in poll service on Edge Agent: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Resolved some race conditions with the edge agent: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Resolved data race on tunnels for edge agents: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Resolved data race with activity timer for edge agents: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+* Fixed issue with displaying AMT device table for non-activated devices: [portainer/portainer#6835](https://github.com/portainer/portainer/issues/6835)
+* Fixed minor UI issues in Edge devices page view around Action buttons: [portainer/portainer#6844](https://github.com/portainer/portainer/issues/6844)
+* Fixed issue when creating edge job from file returning 404: [portainer/portainer#6826](https://github.com/portainer/portainer/issues/6826)
+
+### Development
+
+* Updated the Go library dependencies: [portainer/portainer#6777](https://github.com/portainer/portainer/issues/6777)
+* Migrated AngularJS components to ReactJS: [portainer/portainer#6031](https://github.com/portainer/portainer/issues/6031)
+* Reorganized the file structure of the agent installation yaml files: [portainer/portainer#6776](https://github.com/portainer/portainer/issues/6776)
+* Removed the integration with Storidge clusters: [portainer/portainer#6512](https://github.com/portainer/portainer/issues/6512)
+
+## Release 2.12.2
+
+April 4, 2022
+
+### Nomad
+
+* Introduced Nomad integration
+* Allows Nomad to be added as an environment in Portainer by using the Edge Agent
+* Allows Edge Stacks to be deployed on Nomad as Nomad Jobs
+* Allows Nomad Jobs and Tasks to be listed
+* Allows Nomad logs and events to be viewed for Tasks
+
+### Kubernetes
+
+* Fixed issue where changing Portainer to HTTPS crashed Portainer
+* Fixed issue around deploying in default namespace via manifest using the portainer namespace instead
+* Fixed bug causing domain names to not displaying correctly under publish application options
+* Fixed issue with first service naming having a suffix attached.
+* Improved error message being displayed when deploying a malformed Kubernetes manifest from GitOps
+
+### Portainer
+
+* Fixed issue with GitOps automatic update
+* Fixed issues around migration path for CE to BE
+* Fixed missing operator role when migrating from 1.x
+* Improved concurrency in edge code to prevent race conditions: [portainer/portainer#6677](https://github.com/portainer/portainer/issues/6677)
+
+### Edge
+
+* Resolved some race conditions with the Edge Agent
+
+## Release 2.12.1
+
+March 9, 2022
+
+### Portainer
+
+* Fixed bug where redeploying a stack causes an error and success message at the same time.
+* Fixed bug that was preventing ability to edit application with persisted folder on Kubernetes.
+
+## Release 2.12.0
+
+March 8, 2022
+
+### Breaking changes
+
+* When OAuth is enabled, Portainer users can no longer use their Portainer internal password: [portainer/portainer#5889](https://github.com/portainer/portainer/issues/5889)
+* Deploying a manifest without a namespace definition and selecting the Default namespace in Portainer may deploy the application into the portainer namespace in certain circumstances
+
+### Kubernetes
+
+* Added input validation for kubernetes workload names: [portainer/portainer#5363](https://github.com/portainer/portainer/issues/5363)
+* Fixed issue where the Kube cluster resource stats had a rounding issue: [portainer/portainer#6472](https://github.com/portainer/portainer/issues/6472)
+* Migrated to use the networking.k8s.io/v1 ingress API, available from Kubernetes v1.19: [portainer/portainer#6396](https://github.com/portainer/portainer/issues/6396)
+* Allow Services to be managed for Kubernetes applications, which can be deployed within Portainer or outside of it: [portainer/portainer#5941](https://github.com/portainer/portainer/issues/5941)
+* Restarting Portainer will no longer result in invalid kubeconfig credentials, which would have required the user to download a new kubeconfig file again: [portainer/portainer#5940](https://github.com/portainer/portainer/issues/5940)
+* Provides a single process so that users can gain access to all their environments contexts from within the Portainer UI: [portainer/portainer#5945](https://github.com/portainer/portainer/issues/5945)
+* Improved how a namespace gets selected when using Advanced deployment: [portainer/portainer#5557](https://github.com/portainer/portainer/issues/5557)
+* Added warning that a secret will be created when adding registry access to a namespace: [portainer/portainer#5845](https://github.com/portainer/portainer/issues/5845)
+* Fixed issue where selecting a Helm chart did not scroll to the top: [portainer/portainer#6146](https://github.com/portainer/portainer/issues/6146)
+* Fixed issue when clearing Helm repo in global settings and added text notification in Helm charts page: [portainer/portainer#5996](https://github.com/portainer/portainer/issues/5996)
+* Fixed issue where Helm charts fail to load in ARM cloud environments: [portainer/portainer#5937](https://github.com/portainer/portainer/issues/5937)
+* Fixed issue where the kubectl shell wasn't working when Portainer runs on ARM64: [portainer/portainer#5723](https://github.com/portainer/portainer/issues/5723)
+* Fixed bug so that Kubernetes terminology is used when deploying through Kubernetes: [portainer/portainer#6099](https://github.com/portainer/portainer/issues/6099)
+* Fixed issue where error notice was coming up when deleting an application through kubeshell: [portainer/portainer#5939](https://github.com/portainer/portainer/issues/5939)
+* Fixed issue where Portainer stacks were not being removed when removing a namespace: [portainer/portainer#5897](https://github.com/portainer/portainer/issues/5897)
+* Fixed issue where standard users were unable to access the pod and node stats view: [portainer/portainer#5898](https://github.com/portainer/portainer/issues/5898)
+* Fixed issue where the namespace details page showed an object object error: [portainer/portainer#5802](https://github.com/portainer/portainer/issues/5802)
+* Fixed issue when selecting Cluster Setup in the menu: [portainer/portainer#6033](https://github.com/portainer/portainer/issues/6033)
+* Fixed order of registries to be alphabetical in the select registry dropdown in namespaces: [portainer/portainer#6175](https://github.com/portainer/portainer/issues/6175)
+* Fixed issue with publishing method defaulting to Ingress when changing to Cluster IP: [portainer/portainer#6190](https://github.com/portainer/portainer/issues/6190)
+
+### Docker
+
+* Introduced the ability to pull latest images when redeploying: [portainer/portainer#6155](https://github.com/portainer/portainer/issues/6155)
+* Fixed issue where webhooks for services were accepting invalid tags: [portainer/portainer#6493](https://github.com/portainer/portainer/issues/6493)
+* When updating a Swarm service and enabling Pull latest image, it would change the tag to latest: [portainer/portainer#6352](https://github.com/portainer/portainer/issues/6352)
+* Fixed issue with displaying container template when connected to docker swarm in the app templates page view
+* Fixed issue where updating the Stack always recreated the containers: [portainer/portainer#6306](https://github.com/portainer/portainer/issues/6306)
+* Added the ability to filter the Swarm services published ports column: [portainer/portainer#6161](https://github.com/portainer/portainer/issues/6161)
+* Added a warning when the same Swarm secret is assigned multiple times to a service: [portainer/portainer#2821](https://github.com/portainer/portainer/issues/2821)
+* Added the option to detach Stacks deployed from Git to make them editable: [portainer/portainer#5748](https://github.com/portainer/portainer/issues/5748)
+* Removed the ability to edit the Portainer container: [portainer/portainer#5121](https://github.com/portainer/portainer/issues/5121)
+* Fixed issue where an error message would not be shown when failing to pull an image: [portainer/portainer#6239](https://github.com/portainer/portainer/issues/6239)
+* Fixed issue where the default user for the container console was incorrectly auto filled: [portainer/portainer#6315](https://github.com/portainer/portainer/issues/6315)
+* Fixed issue where uploading large files to a volume would fail: [portainer/portainer#4453](https://github.com/portainer/portainer/issues/4453)
+* Fixed issue where stacks deployed from App Templates behaved as if they were deployed from Git: [portainer/portainer#5748](https://github.com/portainer/portainer/issues/5748)
+* Fixed issue where stacks with environment variables in the networks section could not be removed: [portainer/portainer#5779](https://github.com/portainer/portainer/issues/5779)
+* Allow the resource settings of a container to be updated without redeploying the container: [portainer/portainer#5906](https://github.com/portainer/portainer/issues/5906)
+* Added support for .bz2 and .xz compression formats when importing Docker images: [portainer/portainer#5220](https://github.com/portainer/portainer/issues/5220)
+* Enhancement of the Docker image import feature to support manually adding tags to the imported image: [portainer/portainer#5944](https://github.com/portainer/portainer/issues/5944)
+* Improved how to change the image when editing a Service by pre-populating the fields in the UI: [portainer/portainer#5150](https://github.com/portainer/portainer/issues/5150)
+* Fixed issue where automatic updates of stacks fail after restarting Portainer: [portainer/portainer#5914](https://github.com/portainer/portainer/issues/5914)
+* Fixed issue where pull and redeploy button was not functioning as expected: [portainer/portainer#5948](https://github.com/portainer/portainer/issues/5948)
+* Fixed UI issue when using a personal access token to deploy from Git: [portainer/portainer#5847](https://github.com/portainer/portainer/issues/5847)
+* Fixed issue where certain docker events showed as Unsupported: [portainer/portainer#2717](https://github.com/portainer/portainer/issues/2717)
+* Fixed issue with stack names when migrating from Swarm to docker standalone: [portainer/portainer#6139](https://github.com/portainer/portainer/issues/6139)
+* Fixed issue where migrating a stack shows up twice: [portainer/portainer#5159](https://github.com/portainer/portainer/issues/5159)
+* Fixed issue where using a webhook with an image registry running on a custom port did not work: [portainer/portainer#4526](https://github.com/portainer/portainer/issues/4526)
+* Fixed issue where downloading container log files added extra carriage returns: [portainer/portainer#5312](https://github.com/portainer/portainer/issues/5312)
+* Fixed issue where copying container log files added trailing commas: [portainer/portainer#4318](https://github.com/portainer/portainer/issues/4318)
+* Fixed issue where the scale labels of the stats graph was showing multiple times: [portainer/portainer#5843](https://github.com/portainer/portainer/issues/5843)
+* Fixed issue where stats were not working on windows containers: [portainer/portainer#5826](https://github.com/portainer/portainer/issues/5826)
+* Fixed UI issue with empty stack dropdown when deploying an application via the form: [portainer/portainer#5848](https://github.com/portainer/portainer/issues/5848)
+* Fixed issue with Custom Template on Docker being created when the file does not exist on a git repo: [portainer/portainer#6184](https://github.com/portainer/portainer/issues/6184)
+
+### Portainer
+
+* Fixed issue where upgrading from CE to BE failed due to missing RBAC roles
+* Fixed trivy Helm and Portainer vulnerabilities relating to direct dependencies. [portainer/portainer#6342](https://github.com/portainer/portainer/issues/6342)
+* Standard users will no longer be able to remove or export images. Also, Operators, Help Desk, and ready only users will no longer be able to export images.
+* When changing the user password the user gets redirected to the login page: [portainer/portainer#6456](https://github.com/portainer/portainer/issues/6456)
+* Fixed issue with default helm repo not populating in settings page
+* Fixed ability for a Standard User to start/stop stacks [portainer/portainer#6369](https://github.com/portainer/portainer/issues/6369)
+* Removed the integration with Storidge clusters: [portainer/portainer#6512](https://github.com/portainer/portainer/issues/6512)
+* Changed the default Microsoft OAuth logout URL: [portainer/portainer#6405](https://github.com/portainer/portainer/issues/6405)
+* Portainer users can no longer use their Portainer internal password when OAuth is enabled: [portainer/portainer#5889](https://github.com/portainer/portainer/issues/5889)
+* Option to encrypt values in Portainer database: [portainer/portainer#6412](https://github.com/portainer/portainer/issues/6412)
+* Added the ability to override the "Force HTTPS only" option: [portainer/portainer#6126](https://github.com/portainer/portainer/issues/6126)
+* Supporting the ability for Portainer to run inside a subpath: [portainer/portainer#3901](https://github.com/portainer/portainer/issues/3901)
+* Updated the defaults for the Git authentication toggles: [portainer/portainer#6406](https://github.com/portainer/portainer/issues/6406)
+* Fixed display issue for environment tags in the Home page view [portainer/portainer#6276](https://github.com/portainer/portainer/issues/6276)
+* Fixed issue where scrollbars would show in confirmation dialogs: [portainer/portainer#6257](https://github.com/portainer/portainer/issues/6257)
+* Fixed issue where the `--sslcert` flag was being ignored: [portainer/portainer#6021](https://github.com/portainer/portainer/issues/6021)
+* The ability for users to easily interact with the Portainer API through the use of Personal Access Tokens: [portainer/portainer#813](https://github.com/portainer/portainer/issues/813)
+* Automatically sync Portainer dark/light theme with the browser dark/light theme settings: [portainer/portainer#5753](https://github.com/portainer/portainer/issues/5753)
+* Fixed issue where the CPU and memory were not shown on the Home screen: [portainer/portainer#6143](https://github.com/portainer/portainer/issues/6143)
+* Added confirmation modal when deleting an Environment: [portainer/portainer#5952](https://github.com/portainer/portainer/issues/5952)
+* Fixed issue where removing an environment did not update the tree: [portainer/portainer#6127](https://github.com/portainer/portainer/issues/6127)
+* Fixed issue where the DockerHub anonymous registry was being used instead of one with an account: [portainer/portainer#5896](https://github.com/portainer/portainer/issues/5896)
+* Fixed issue where environment displayed as offline after starting Portainer: [portainer/portainer#5732](https://github.com/portainer/portainer/issues/5732)
+* Fixed issue where the custom logo settings showed incorrectly in the UI: [portainer/portainer#4437](https://github.com/portainer/portainer/issues/4437)
+* Fixed issue where uploading a backup file could not select a file on Mac: [portainer/portainer#5357](https://github.com/portainer/portainer/issues/5357)
+* Fixed issue where apple touch Portainer icon had non standard image dimensions [portainer/portainer#5887](https://github.com/portainer/portainer/issues/5887)
+* Fixed issue with widget header not displaying correctly for application settings: [portainer/portainer#6191](https://github.com/portainer/portainer/issues/6191)
+
+### Edge
+
+* Introduce the ability to pass env variables from a local system on edge devices to the edge stack
+* Fixed minor UI behavior with toggles in Edge Compute settings view
+* Fixed issue with displaying AMT device table for non-activated devices
+* Fixed minor UI issues in Edge devices page view around Action buttons
+* Introduced the ability to control and interact with OpenAMT: devices [portainer/portainer#6444](https://github.com/portainer/portainer/issues/6444)
+* Introduce the ability to add edge devices through FDO: [portainer/portainer#6445](https://github.com/portainer/portainer/issues/6445)
+* Added behavior for Edge agents to reject connections if not connected to within 72hrs: [portainer/portainer#6420](https://github.com/portainer/portainer/issues/6420)
+* Optimize disk performance for Edge Agent [portainer/portainer#6455](https://github.com/portainer/portainer/issues/6455)
+* Fixed issues with the Edge Agent reverse tunnel timing out: [portainer/portainer#5725](https://github.com/portainer/portainer/issues/5725)
+* Fixed issue where the URL of an Environment would change to localhost: [portainer/portainer#5803](https://github.com/portainer/portainer/issues/5803)
+
+### Registry
+
+* Fixed issue with duplicating registries during upgrade process. [portainer/portainer#6062](https://github.com/portainer/portainer/issues/6062)
+* Bring users the ability to use Amazon Elastic Container Registry: [portainer/portainer#1533](https://github.com/portainer/portainer/issues/1533)
+
+### ACI
+
+* Fixed issue where ACI stopped working when the number of exposed ports and container ports were different: [portainer/portainer#5335](https://github.com/portainer/portainer/issues/5335)
+
+### Development
+
+* Upgraded golang version to 1.17 [portainer/portainer#6342](https://github.com/portainer/portainer/issues/6342)
+* Updated the Swagger documentation: [portainer/portainer#6019](https://github.com/portainer/portainer/issues/6019)
+* Deprecated EndpointProvider in the code and moving away from its use: [portainer/portainer#5524](https://github.com/portainer/portainer/issues/5524)
+* Introduced ReactJS support in the frontend: [portainer/portainer#6031](https://github.com/portainer/portainer/issues/6031)
+* Updated docker and kubernetes library dependencies: [portainer/portainer#6137](https://github.com/portainer/portainer/issues/6137)
+* Updated the Swagger documentation: [portainer/portainer#5338](https://github.com/portainer/portainer/issues/5338)
+* Added logging to migrations: [portainer/portainer#6183](https://github.com/portainer/portainer/issues/6183)
+
+## Release 2.10.0
+
+November 15, 2021
+
+### Known issues
+
+* Both Portainer and the Agent need to be upgraded at the same time: [portainer/agent#187](https://github.com/portainer/agent/issues/187)
+* Restarting Portainer will invalidate all downloaded Kubeconfig files: [portainer/portainer#5574](https://github.com/portainer/portainer/issues/5574)
+* Access can not be assigned to registries when defining multiple registries with the same URL
+* Browser cache causes UI abnormalities after upgrading from a prior version. Force a cache refresh (Ctrl-Shift-R) to remedy
+
+### Breaking changes
+
+* Default HTTPS support has been added: [portainer/portainer#5462](https://github.com/portainer/portainer/issues/5462)
+
+ As a consequence the `--ssl` flag has been deprecated. If you are using the `--sslcert` and `--sslkey` flags, then after the upgrade port `9000` will serve `http` and port `9443` will serve `https` with the provided certificate. To retain the old behavior consider using the port mapping `-p 9000:9443` instead.
+* The `/stacks` API has renamed from `ComposeFilePathInRepository` to `ComposeFile`, and the non-mandatory fields `AdditionalFiles` and `AutoUpdate` were added: [portainer/portainer#5461](https://github.com/portainer/portainer/issues/5461)
+
+### Security
+
+* It is advisable to upgrade to this version, since some security improvements have been made with regards to embedding images: [portainer/portainer#5805](https://github.com/portainer/portainer/issues/5805)
+
+### Kubernetes
+
+* Introduced the ability to keep the deployments of stacks and applications in sync with the definitions in Git
+* Introduced the ability to open a shell in Portainer to use kubectl: [portainer/portainer#5574](https://github.com/portainer/portainer/issues/5574)
+* Introduced the ability to download a kubeconfig file and use Portainer as a proxy: [portainer/portainer#5574](https://github.com/portainer/portainer/issues/5574)
+* Introduced the ability to install Helm charts: [portainer/portainer#5479](https://github.com/portainer/portainer/issues/5479)
+* Introduced the ability to use any public Helm repository: [portainer/portainer#5480](https://github.com/portainer/portainer/issues/5480)
+* Introduced the ability to automatically sync a manifest from a git repository: [portainer/portainer#5494](https://github.com/portainer/portainer/issues/5494)
+* Introduced a visual indicator for applications to see if they're fully replicated: [portainer/portainer#5718](https://github.com/portainer/portainer/issues/5718)
+* Introduced the ability to filter Kubernetes applications by type: [portainer/portainer#5726](https://github.com/portainer/portainer/issues/5726)
+* Introduced the ability to remove all workloads of a manifest based deployment: [portainer/portainer#5715](https://github.com/portainer/portainer/issues/5715)
+* Added the ability to display Helm chart deployments in the applications list: [portainer/portainer#5478](https://github.com/portainer/portainer/issues/5478)
+* Added the ability to update and redeploy an application created from a git repository: [portainer/portainer#5486](https://github.com/portainer/portainer/issues/5486)
+* Added support for deploying images stored on private registries for Docker and Kubernetes: [portainer/portainer#4393](https://github.com/portainer/portainer/issues/4393)
+* Introduced the ability to mark and unmark namespaces as system: [portainer/portainer#4389](https://github.com/portainer/portainer/issues/4389)
+* Added functionality to define a manifest as custom template: [portainer/portainer#5489](https://github.com/portainer/portainer/issues/5489)
+* Added the ability to deploy a manifest from a URL: [portainer/portainer#5556](https://github.com/portainer/portainer/issues/5556)
+* Added memory and CPU usage indicators to the namespace and cluster details: [portainer/portainer#5460](https://github.com/portainer/portainer/issues/5460)
+* Added status information to list of namespaces: [portainer/portainer#5555](https://github.com/portainer/portainer/issues/5555)
+* Added Pod IP address information to the application details: [portainer/portainer#5713](https://github.com/portainer/portainer/issues/5713)
+* Added input validation when adding an ingress: [portainer/portainer#5716](https://github.com/portainer/portainer/issues/5716)
+* Improved the validation of resource allocation available on any of the nodes when adding an application: [portainer/portainer#5530](https://github.com/portainer/portainer/issues/5530)
+* Improved UI so that accessing the advanced deployment functionality is similar to accessing the form: [portainer/portainer#5558](https://github.com/portainer/portainer/issues/5558)
+* Renamed configuration and the networking area in the UI: [portainer/portainer#5804](https://github.com/portainer/portainer/issues/5804)
+* Improved UI for the metrics API toggle in the cluster setup: [portainer/portainer#5508](https://github.com/portainer/portainer/issues/5508)
+* Removed validation of any ingresses that are already in use in other namespaces: [portainer/portainer#5526](https://github.com/portainer/portainer/issues/5526)
+* Introduced the ability to use Edge Stacks on Kubernetes via edge agents: [portainer/portainer#5472](https://github.com/portainer/portainer/issues/5472)
+* Added warning that a secret will be created when adding registry access to a namespace: [portainer/portainer#5845](https://github.com/portainer/portainer/issues/5845)
+* Fixed issue where the metrics server API was being queried when disabled: [portainer/portainer#5523](https://github.com/portainer/portainer/issues/5523)
+* Fixed issue where the node events would not be showing: [portainer/portainer#5474](https://github.com/portainer/portainer/issues/5474)
+* Fixed issue where applications deployed via Helm in Portainer were marked as external: [portainer/portainer#5727](https://github.com/portainer/portainer/issues/5727)
+* Fixed issue where the kubectl shell would close when performing other actions: [portainer/portainer#5721](https://github.com/portainer/portainer/issues/5721)
+* Fixed issue where the kubectl shell wasn't working when Portainer runs on ARM64: [portainer/portainer#5723](https://github.com/portainer/portainer/issues/5723)
+* Fixed issue where the cluster status was incorrectly shown: [portainer/portainer#5293](https://github.com/portainer/portainer/issues/5293)
+* Fixed issue where the application details incorrectly showed how it was deployed : [portainer/portainer#5728](https://github.com/portainer/portainer/issues/5728)
+* Fixed issue where standard users were unable to access the pod and node stats view: [portainer/portainer#5898](https://github.com/portainer/portainer/issues/5898)
+* Fixed issue where editing an application could not expose it via Ingress: [portainer/portainer#5915](https://github.com/portainer/portainer/issues/5915)
+* Fixed issue when clearing Helm repo in global settings and added text notification in Helm charts page: [portainer/portainer#5996](https://github.com/portainer/portainer/issues/5996)
+* Fixed issue where Helm charts fail to load in ARM cloud environments: [portainer/portainer#5937](https://github.com/portainer/portainer/issues/5937)
+* Fixed issue where the namespace details page showed an object object error: [portainer/portainer#5802](https://github.com/portainer/portainer/issues/5802)
+* Fixed issue where Environment variables with empty values are not showing when editing a Kubernetes application
+* Fixed issue where standard users could not see the quota set in the namespace details page
+
+### Docker
+
+* Introduced the ability to keep the deployments of stacks and applications in sync with the definitions in Git
+* Introduced the ability to automatically sync a stack from a git repository: [portainer/portainer#5461](https://github.com/portainer/portainer/issues/5461)
+* Introduced the ability to use stacks on docker standalone on ARM64: [portainer/portainer#4776](https://github.com/portainer/portainer/issues/4776)
+* Introduced the ability to use Edge Stacks on ARM64: [portainer/portainer#4776](https://github.com/portainer/portainer/issues/4776)
+* Added support for deploying images stored on private registries for Docker and Kubernetes: [portainer/portainer#4393](https://github.com/portainer/portainer/issues/4393)
+* Added the ability to edit a stopped stack: [portainer/portainer#4944](https://github.com/portainer/portainer/issues/4944)
+* Added the ability to edit environment variables for stacks on docker standalone: [portainer/portainer#3441](https://github.com/portainer/portainer/issues/3441)
+* Docker container stats graphs now support cgroups v2: [portainer/portainer#4818](https://github.com/portainer/portainer/issues/4818)
+* Improved how to change the image when editing a Service by pre-populating the fields in the UI: [portainer/portainer#5150](https://github.com/portainer/portainer/issues/5150)
+* Fixed issue where all images regardless of their tag would be pulled: [portainer/portainer#4870](https://github.com/portainer/portainer/issues/4870)
+* Fixed issue where volumes would lose their access control settings: [portainer/portainer#4851](https://github.com/portainer/portainer/issues/4851)
+* Fixed issue where standard users were unable to browse volumes created by stacks: [portainer/portainer#4929](https://github.com/portainer/portainer/issues/4929)
+* Fixed issue where ports would show for IPv4 as well as IPv6: [portainer/portainer#5038](https://github.com/portainer/portainer/issues/5038)
+* Fixed issue where `container_name` validation would not take stopped containers into account: [portainer/portainer#5522](https://github.com/portainer/portainer/issues/5522)
+* Fixed issue where editing a stack would warn about the container name being in use: [portainer/portainer#5130](https://github.com/portainer/portainer/issues/5130)
+* Fixed issue where navigating away incorrectly showed a changes not saved popup: [portainer/portainer#5512](https://github.com/portainer/portainer/issues/5512)
+* Fixed issue where the stack name would contain spaces or upper case characters: [portainer/portainer#5153](https://github.com/portainer/portainer/issues/5153)
+* Fixed issue where the UI would incorrectly report that an image was successfully pulled: [portainer/portainer#3123](https://github.com/portainer/portainer/issues/3123)
+* Fixed issue where the Stack editor would not always load its content: [portainer/portainer#5102](https://github.com/portainer/portainer/issues/5102)
+* Fixed issue where environment variables were incorrectly showing when the value contained an equals sign: [portainer/portainer#5395](https://github.com/portainer/portainer/issues/5395)
+* Fixed issue where the browser console would show errors in the container and image details view: [portainer/portainer#5511](https://github.com/portainer/portainer/issues/5511)
+* Fixed issue where dashes and underscores in stack names were being removed: [portainer/portainer#5759](https://github.com/portainer/portainer/issues/5759)
+* Fixed UI issue where adding a Service with a mix of TCP and UDP was being prevented: [portainer/portainer#5521](https://github.com/portainer/portainer/issues/5521)
+* Fixed issue where images could be used in custom templates notes: [portainer/portainer#5805](https://github.com/portainer/portainer/issues/5805)
+* Fixed issue where automatic updates would keep polling when the user that created the stack is removed: [portainer/portainer#5719](https://github.com/portainer/portainer/issues/5719)
+* Fixed issue where automatic updates of stacks fail after restarting Portainer: [portainer/portainer#5914](https://github.com/portainer/portainer/issues/5914)
+* Fixed issue where stack names were not being validated when using custom templates: [portainer/portainer#5841](https://github.com/portainer/portainer/issues/5841)
+* Fixed issue where stats were not working on windows containers: [portainer/portainer#5826](https://github.com/portainer/portainer/issues/5826)
+* Fixed issue where the scale labels of the stats graph was showing multiple times: [portainer/portainer#5843](https://github.com/portainer/portainer/issues/5843)
+* Fixed UI issue when using a personal access token to deploy from Git: [portainer/portainer#5847](https://github.com/portainer/portainer/issues/5847)
+* Fixed UI issue with empty stack dropdown when deploying an application via the form: [portainer/portainer#5848](https://github.com/portainer/portainer/issues/5848)
+* Fixed issue where migrating a stack shows up twice: [portainer/portainer#5159](https://github.com/portainer/portainer/issues/5159)
+* Fixed issue where switching from docker standalone to swarm would show duplicate stacks
+
+### Portainer
+
+* Added automatic updates of stacks and applications to the activity logs
+* Introduced the ability to define a time based change window in which automatic updates of stacks and applications can take place
+* Introduced the ability to automatically set OAuth users as a Portainer Admin
+* Introduced the ability to automatically set LDAP users as a Portainer Admin
+* Added a Portainer and Agent Juju Charm to the Charmhub marketplace
+* Introduced dark theme and high contrast mode: [portainer/portainer#5493](https://github.com/portainer/portainer/issues/5493)
+* Introduced the ability to access Portainer via HTTPS: [portainer/portainer#5462](https://github.com/portainer/portainer/issues/5462)
+* Renamed Endpoints to Environments in the UI: [portainer/portainer#5492](https://github.com/portainer/portainer/issues/5492)
+* Improved the menu UI to indicate the existence of sub items: [portainer/portainer#5528](https://github.com/portainer/portainer/issues/5528)
+* Improved UI how to add environments to Portainer when doing a new installation: [portainer/portainer#5477](https://github.com/portainer/portainer/issues/5477)
+* Added functionality to copy error messages from toast notifications: [portainer/portainer#5720](https://github.com/portainer/portainer/issues/5720)
+* Improved how a Portainer upgrade can be rolled back: [portainer/portainer#5482](https://github.com/portainer/portainer/issues/5482)
+* Improved UI where the table background wasn't working very well in dark mode: [portainer/portainer#5714](https://github.com/portainer/portainer/issues/5714)
+* Fixed issue where Git content could not be cloned when Portainer is behind a proxy: [portainer/portainer#3286](https://github.com/portainer/portainer/issues/3286)
+* Fixed issue where the SSL certificates were not included in the Portainer backup: [portainer/portainer#5497](https://github.com/portainer/portainer/issues/5497)
+* Fixed issue where editing an endpoint results in errors: [portainer/portainer#5318](https://github.com/portainer/portainer/issues/5318)
+* Fixed upgrade issue where disconnected endpoints caused the upgrade to fail: [portainer/portainer#5764](https://github.com/portainer/portainer/issues/5764)
+* Fixed issue with the layout of the add Environment Wizard: [portainer/portainer#5801](https://github.com/portainer/portainer/issues/5801)
+* Fixed issue where the custom logo was not used in all places: [portainer/portainer#5447](https://github.com/portainer/portainer/issues/5447)
+* Fixed issue where the DockerHub anonymous registry was being used instead of one with an account: [portainer/portainer#5896](https://github.com/portainer/portainer/issues/5896)
+* Fixed issue where upgrade fails: [portainer/portainer#5969](https://github.com/portainer/portainer/issues/5969)
+* Fixed issue where the Quick Setup wizard wasn't showing correctly when using the dark theme: [portainer/portainer#5842](https://github.com/portainer/portainer/issues/5842)
+* Fixed issue where uploading a backup file could not select a file on Mac: [portainer/portainer#5357](https://github.com/portainer/portainer/issues/5357)
+* Fixed issue where the URL of an Environment would change to localhost: [portainer/portainer#5803](https://github.com/portainer/portainer/issues/5803)
+* Fixed issue where RBAC settings would be retained after removing an Environment from Portainer
+* Fixed issue where certificates would end up in the activity logs
+* Fixed issue when exporting activity logs as CSV without a data range set
+* Added a build for Windows Server 20H2: [portainer/portainer#4971](https://github.com/portainer/portainer/issues/4971)
+* Added a build for Windows Server 21H2: [portainer/portainer#5763](https://github.com/portainer/portainer/issues/5763)
+
+### Registries
+
+* Improved UI to provide information for correctly using a ProGet registry: [portainer/portainer#5510](https://github.com/portainer/portainer/issues/5510)
+* Fixed UI issue where the registry list incorrectly showed that there's no registry available: [portainer/portainer#5731](https://github.com/portainer/portainer/issues/5731)
+
+### ACI
+
+* Fixed issue where ACI stopped working when the number of exposed ports and container ports were different: [portainer/portainer#5335](https://github.com/portainer/portainer/issues/5335)
+* Fixed issue where ACI would show errors when a resource group had multiple containers: [portainer/portainer#5335](https://github.com/portainer/portainer/issues/5335)
+
+### Edge
+
+* Introduced the ability to use Edge Stacks on Kubernetes via Edge Agents: [portainer/portainer#5472](https://github.com/portainer/portainer/issues/5472)
+* Introduced the ability to re-associate an edge endpoint to a new Edge Agent: [portainer/portainer#5473](https://github.com/portainer/portainer/issues/5473)
+* Improved the REST API access of the Edge Agent in Docker standalone: [portainer/agent#187](https://github.com/portainer/agent/issues/187)
+* Fixed issue where the heartbeat indicator was not reliable: [portainer/portainer#5569](https://github.com/portainer/portainer/issues/5569)
+* Fixed issues with the Edge Agent reverse tunnel timing out: [portainer/portainer#5725](https://github.com/portainer/portainer/issues/5725)
+
+### Development
+
+* Added the ability to query the endpoints by type through the Portainer API: [portainer/portainer#4786](https://github.com/portainer/portainer/issues/4786)
+* Integrated with Logrus for the internal logging mechanism: [portainer/portainer#5509](https://github.com/portainer/portainer/issues/5509)
+* Updated the Golang version to 1.16: [portainer/portainer#5463](https://github.com/portainer/portainer/issues/5463)
+* Improved the Portainer API documentation for adding users: [portainer/portainer#5136](https://github.com/portainer/portainer/issues/5136)
+* Fixed inconsistencies in the Portainer API documentation: [portainer/portainer#5527](https://github.com/portainer/portainer/issues/5527)
+* Updated the Swagger documentation: [portainer/portainer#5338](https://github.com/portainer/portainer/issues/5338)
+
+## Release 2.7.0
+
+July 29, 2021
+
+### **Docker**
+
+* Added the ability to update and redeploy a stack created from a git repository
+* Added I/O usage to the container statistics
+* Enhanced environment variables UI/UX for Docker
+* sysctl options are available when creating a container
+* Show the number of Swarm nodes for the endpoint on the Home page
+* Show how many Docker pulls are remaining for DockerHub to avoid exceeding the quota
+* Introduced support for compose version 3.8 on docker swarm environments
+* Display the container IP address(es) in the list of containers
+* Improved layout of the toggles on the create container setting tab
+* For Docker Standalone, prevent a stack from being created if the Compose has a container\_name that already exists
+* Creating a container from a DockerHub image will show a search button in the UI
+* Fixed issue where deploying a stack from Git did not work for Azure DevOps
+* Fixed issue where stacks with a status of 0 are hidden in the UI
+* Fixed issue where pulling a large image is failing when using an Agent due to a timeout
+* Fixed issue where listing the services with Auto-refresh on collapses all services after refresh
+* Fixed issue where dash characters got removed from the stack name on Docker Standalone
+* Fixed issue where access control management via labels was not fault tolerant
+* Fixed issue where the label showing the default location of secrets was incorrect for Windows
+* Fixed typo in the error message "Unable to start stack"
+
+### **Registries**
+
+* Added ProGet as a specific registry type when adding a registry
+* Fixed issue where pushing to a quay.io registry failed due to not including the username in the quay registry URL
+
+### **Templates**
+
+* Fixed issue where creating a custom template from uploading a compose file failed
+* Fixed issue where switching custom template in the template tab of stack create view doesn't update editor
+* Fixed issue with an invalid template documentation URL in the Settings
+
+### **Volumes**
+
+* Added validation to prevent adding empty mount to an existing service
+* Fixed issue with the MountType and nfsvers when creating NFS4 volumes
+* Fixed issue where editing the properties of volumes on a service did not enable the apply button
+
+### **Kubernetes**
+
+* Introduced the ability to deploy a manifest from a git repository when using advanced deployment
+* The advanced deployment feature has been made available to standard users
+* Introduced a summary of Kubernetes actions when deploying a Kubernetes resource
+* Added the ability to display realtime node metrics in Kubernetes
+* Added functionality to allow multiple ingress networks per kubernetes namespace, with a differing config per ingress
+* Added the ability to redeploy an externally deployed application
+* Added the ability to expand the YAML tab of a Kubernetes application to full size
+* Added the ability to cordon/uncordon/drain nodes
+* Added a warning in the placement tab when an application can't be scheduled on the cluster
+* Renamed Resource Pools to Namespaces in the UI
+* Improved UI for the placement policies when creating an application
+* Improved how application image names are shown
+* Form validation has been added for Configuration keys
+* Environment variable are sorted alphabetically to improve the readability
+* Display the ImagePull policy in the details of an application
+* Default to the kube-system namespace in the advanced deployment view on ARM
+* Fixed minor UI inconsistency when creating an application with an ingress
+* Fixed issue with the UI layout when creating an application with ingress
+* Fixed issue where updating the Kubernetes endpoint URL did not get persisted
+* Fixed issue where the endpoint url is not updated when updating a kubernetes local endpoint
+* Fixed issue where renaming the endpoint of a kubernetes agent breaks the endpoint
+* Fixed issue where environment variables with empty values are not showing when editing a kubernetes application
+* Fixed issue where environment variable validation when creating an application was too restrictive
+* Fixed issue where creating an application with two different ingresses incorrectly populates the hostname UI fields
+* Fixed issue where an application with persisted data can't update, after the storage option is disabled in the cluster settings
+* Fixed issue where adding an ingress route is not prevented when editing an application with existing ingress route and ingress is disabled
+* Fixed issue where adding an application does not allow Global to be set
+
+### **ACI**
+
+* Fixed issue where ACI stops working after persistence or networking gets added
+
+### **Edge**
+
+* Added the ability to deploy Edge stacks on Docker standalone Edge endpoints
+* Show the status of the edge agent check-in on the home page dashboard
+* Hide the webhook UI in the service creation view of an edge endpoint, since it's not applicable
+* Fixed issue where accessing a down Kubernetes Edge endpoint should redirect the user to the home view
+
+### **Portainer**
+
+* Added the ability to sync Portainer teams with group memberships provided via OAuth
+* Added SSO support for OAuth and do not enforce a login prompt. Use `/#!/internal-auth` to login with internal admin.
+* Added the ability to manage orphaned stacks when Portainer has the compose file
+* Added the option to specify the local socket location when adding a docker endpoint
+* Search filters are retained within the browser session
+* Properly expose backend error when using image management features
+* Prevent web editor related views from being accidentally closed
+* Improved descriptions for Portainer initialization errors
+* Disable sysctl settings for non-administrators incorrectly defaults to being on
+* Fixed issue where the File select windows gets shown when pressing enter in text fields
+* Fixed issue where restoring Portainer from a backup file fails in certain circumstances related to the activity logs
+* Fixed issue where a custom snapshot interval cannot be changed
+* Fixed issue with incorrect Windows agent deployment command in the agent endpoint creation tab
+
+### **Podman**
+
+* Introduced initial experimental support for Podman. Known limitations are listed in https://github.com/portainer/portainer/issues/5188
+
+### **Development**
+
+* Introduce buildx to support Windows 1903+ Base Images
+* Added the ability to debug through VSCode
+* Added check for missing angularJS inject annotation
+* Removed grunt-karma ang grunt-html2js dependencies
+* Fixed issue where webpack complains about charset source maps
+* Fixed issue where babel complains about missing core-js dependency
+
+### **Known Issues**
+
+* Logging into Portainer as a Standard User fails to load home page when using 'microk8s v1.21.3-3+6343a564e351b0'
+* Host Management features do not work on Windows Hosts [#4450](https://github.com/portainer/portainer/issues/4450)
+* Host Browser function does not work for Non-Admin users.
+
+## Release 2.4.0
+
+May 4, 2021
+
+### **Kubernetes**
+
+* Pods without workloads are now displayed as applications
+* Improved UI/UX of configurations for creation / edition
+* Introduced request of confirmation upon volume removal
+* Introduced the advanced deployment panel to each resource list view
+* Updated validation to prevent a user from exposing an application over an external load balancer with mixed protocols
+* Introduced the ability to display the access policy associated to the storage of a volume
+* Clarified advanced deployment feature
+* Clarified sensitive configuration creation
+* Clarified ingress controller configuration in the cluster setup view
+* Renamed the create entry from file button when creating a configuration
+* Improved validation warnings in the application creation / edition views
+* Removed extra whitespace in stacks and storage datatables
+* Fixed issue with access management feature on resource pools
+* Fixed issue with ability to retrieve configs when a config is a binary file
+* Fixed issue with advanced deployment feature on agent and Edge agent endpoints
+* Fixed an issue that would mark a sensitive configuration as external without owner after an update
+* Fixed issue with access to configuration details view for a configuration containing binary data
+* Fixed labels to display system labels first in the node details view
+* Fixed refresh issue on the view with the YAML panel selected
+* Fixed invalid display issue when accessing the load balancer panel from the application panel
+* Fixed issue when accessing the cluster setup incorrectly expanding the Endpoint sidebar
+* Fixed issue with exposed configuration keys over filesystem inside an application not being applied
+* Fixed issue when Adding a key to existing used configuration that would throw an error when editing an application using that configuration
+* Fixed an issue with the form validation in the configuration creation view
+* Fixed issue with resource pool “created” attribute not showing actual creation time
+* Fixed issue with ability to apply a note to a Pod type application
+* Fixed issue with creating Kubernetes resources with a username longer than 63 characters
+* Fixed issue with special characters in usernames when creating Kubernetes resources
+* Fixed issue with ability to retrieve config map error when trying to manager newly create resource pool
+
+### **Activity Logging **
+
+* Introduced user authentication activity logging
+* Introduced user activity logging
+
+### **RBAC **
+
+* Introduced new RBAC “Operator” Role
+* Fixed issue with user in 2 team with mix of helpdesk & endpoint admin resulting in the user having permissions of endpoint admin
+
+### **Registries **
+
+* Fixed issue causing Portainer to forget the password associated to a registry after an update
+* Fixed issue preventing the registry manager feature to work properly with a ProGet registry
+* Improved description for advanced mode usage with private registries
+
+### **Swarm **
+
+* Introduced validation to prevent adding a mount with nothing filled to and exiting service
+* Fixed issue in service creation, switching to bind mode from volume mode with a volume selected fills the host field with {object Object}
+
+### **Stacks **
+
+* Introduced support for creating stacks with the same name across different endpoints
+* Introduced extra stack information: creation, last update time and user who created the stack
+* Minor UX change for the start/stop stack action
+* Fixed issue with ability to use private registries with Standalone stacks
+* Fixed issue showing editor tab on limited stacks when it should not
+* Fixed issue when editing a stack, hitting backspace or delete keys with contents of web editor selected hides the entire editor UI element
+* Fixed issue with stack create via API with a regular user account are incorrectly marked as administrator only
+* Fixed issue of error being displayed when creating a stack on docker standalone despite the stack is created
+* Fixed issue of stacks being created via API incorrectly marked private with no owner
+
+### **Docker **
+
+* Introduced support for Compose > v2 when deploying a stack on a Docker standalone environment
+* Introduced the ability to download log file from Docker container/service views
+* Display labels in Image Details
+* Clarify the description of the restrict external access to the network property when creating a network
+
+### **User Management **
+
+* Automatically lowercase username when authenticating users
+* Update the authentication UX to put an emphasis on OAuth when OAuth is enabled
+
+### **Portainer**
+
+* Introduced the ability to backup / restore Portainer
+* Fixed issue of version not being shown correctly after update
+* Support starting Portainer without having to specify any endpoint
+
+### **ACI**
+
+* Introduced RBAC to ACI
+* Introduced UAC to ACI
+
+### **Minor Changes**
+
+* Removed the new version check
+* Changed the license server errors to be a silent fail for offline environments
+* Added JS source map for Portainer UI
+
+## Release 2.0.1
+
+February 22, 2021
+
+### **Fixes**
+
+* **Fix an issue preventing a user from creating Kubernetes resources if they have a `@` character in their username**\
+ Users with a `@` character in their username were not able to create the following Kubernetes resources:
+ * Resource pool
+ * Application
+ * Configuration
+* **Fix platform issues with the Docker image for Portainer Business**\
+ The Docker image can now be successfully deployed on the following platforms:
+ * Linux ARM64
+ * Linux ARM
+* **Minor update to the license server mechanism**\
+ The license server mechanism has been updated.
+
+## Release 2.0.0
+
+December 3, 2020
+
+Initial release of Portainer Business
diff --git a/start/agent.md b/start/agent.md
new file mode 100644
index 0000000..a6196ae
--- /dev/null
+++ b/start/agent.md
@@ -0,0 +1,11 @@
+# Add an environment to an existing installation
+
+If you want to add another environment to your existing Portainer installation, first select the type of environment you would like to add.
+
+You can choose to connect to existing environments:
+
+
Docker Standalone
Connect to Docker Standalone via URL/IP, API or Socket
diff --git a/start/architecture.md b/start/architecture.md
new file mode 100644
index 0000000..1b75402
--- /dev/null
+++ b/start/architecture.md
@@ -0,0 +1,29 @@
+# Portainer architecture
+
+## Overview of Portainer architecture
+
+Portainer consists of two elements: the Portainer Server and the Portainer Agent. Both run as lightweight containers on your existing containerized infrastructure. The Portainer Agent should be deployed to each node in your cluster and configured to report back to the Portainer Server container.
+
+A single Portainer Server will accept connections from any number of Portainer Agents, providing the ability to manage multiple clusters from one centralized interface. To do this, the Portainer Server container requires data persistence. The Portainer Agents are stateless, with data being shipped back to the Portainer Server container.
+
+
+
+{% hint style="info" %}
+We don't currently support running multiple instances of the Portainer Server container to manage the same clusters. We recommend running the Portainer Server on a specific management node, with Portainer Agents deployed across the remaining nodes.
+{% endhint %}
+
+## Agent vs Edge Agent
+
+In standard deployments, the central Portainer Server instance and any environments it manages are assumed to be on the same network, that is, Portainer Server and the Portainer Agents are able to seamlessly communicate with one another. However, in configurations where the remote environments are on a completely separate network to Portainer Server, say, across the internet, historically we would have been unable to centrally manage these devices.
+
+With the new Edge Agent, we altered the architecture. Rather than the Portainer Server needing seamless access to the remote environment, only the remote environments need to be able to access the Portainer Server. This communication is performed over an encrypted TLS tunnel. This is important in Internet-connected configurations where there is no desire to expose the Portainer Agent to the internet.
+
+## Security and compliance
+
+Portainer runs exclusively on your servers, within your network, behind your own firewalls. As a result, we do not currently hold any SOC or PCI/DSS compliance because we do not host any of your infrastructure. You can even run Portainer completely disconnected (air-gapped) without any impact on functionality.
+
+While we do (optionally) collect anonymous usage analytics from Portainer installations, we remain compliant with GDPR. Data collection can be disabled when you install the product, or at any time after that. If your installation is air-gapped, collection will silently fail without any adverse effects.
+
+{% content-ref url="requirements-and-prerequisites.md" %}
+[requirements-and-prerequisites.md](requirements-and-prerequisites.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/README.md b/start/install-ce/README.md
new file mode 100644
index 0000000..2e82a92
--- /dev/null
+++ b/start/install-ce/README.md
@@ -0,0 +1,19 @@
+# Install Portainer CE
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../install/).
+{% endhint %}
+
+Portainer Community Edition is straightforward to install. There are two options: installing new or adding an environment to an existing installation.
+
+{% hint style="info" %}
+If you haven't already, please check that your environments meet [our requirements](../requirements-and-prerequisites.md) before proceeding.
+{% endhint %}
+
+{% content-ref url="server/" %}
+[server](server/)
+{% endcontent-ref %}
+
+{% content-ref url="../agent.md" %}
+[agent.md](../agent.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/README.md b/start/install-ce/server/README.md
new file mode 100644
index 0000000..2616b5d
--- /dev/null
+++ b/start/install-ce/server/README.md
@@ -0,0 +1,19 @@
+# Set up a new Portainer CE Server installation
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../install/server/).
+{% endhint %}
+
+Select the environment for your new Portainer installation:
+
+{% content-ref url="docker/" %}
+[docker](docker/)
+{% endcontent-ref %}
+
+{% content-ref url="swarm/" %}
+[swarm](swarm/)
+{% endcontent-ref %}
+
+{% content-ref url="kubernetes/" %}
+[kubernetes](kubernetes/)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/docker/README.md b/start/install-ce/server/docker/README.md
new file mode 100644
index 0000000..feea140
--- /dev/null
+++ b/start/install-ce/server/docker/README.md
@@ -0,0 +1,20 @@
+# Docker Standalone
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/docker/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="linux.md" %}
+[linux.md](linux.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
+{% content-ref url="wcs.md" %}
+[wcs.md](wcs.md)
+{% endcontent-ref %}
+
diff --git a/start/install-ce/server/docker/linux.md b/start/install-ce/server/docker/linux.md
new file mode 100644
index 0000000..d6a36ef
--- /dev/null
+++ b/start/install-ce/server/docker/linux.md
@@ -0,0 +1,70 @@
+# Install Portainer CE with Docker on Linux
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/docker/linux.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Linux environment. To add a new Linux environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working
+* sudo access on the machine that will host your Portainer Server instance
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled on the machine running Docker. If you require SELinux, you will need to pass the `--privileged` flag to Docker when deploying Portainer.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database:
+
+```bash
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-standalone) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+Portainer Server has now been installed. You can check to see whether the Portainer Server container has started by running `docker ps`:
+
+```bash
+root@server:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+de5b28eb2fa9 portainer/portainer-ce:latest "/portainer" 2 weeks ago Up 9 days 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp portainer
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/docker/wcs.md b/start/install-ce/server/docker/wcs.md
new file mode 100644
index 0000000..50fd5a7
--- /dev/null
+++ b/start/install-ce/server/docker/wcs.md
@@ -0,0 +1,89 @@
+# Install Portainer CE with Docker on Windows Container Service
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/docker/wcs.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* Administrator access on the machine that will host your Portainer Server instance
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+
+The installation instructions also make the following assumption about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Preparation
+
+To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:
+
+```
+netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
+netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
+netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
+netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
+netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
+netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
+```
+
+You will also need to install the Windows Container Host Service and install Docker:
+
+```
+Enable-WindowsOptionalFeature -Online -FeatureName containers -All
+Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
+Install-Package -Name docker -ProviderName DockerMsftProvider
+```
+
+Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database. Using PowerShell:
+
+```
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce:latest
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="warning" %}
+If you see an error message similar to:
+
+`"\\.\pipe\dockerDesktopEngine" includes invalid characters for a local volume name`
+
+then you may not have Windows containers properly enabled. If you are using Docker Desktop, right click the icon in your tray and select **Switch to Windows Containers**.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/docker/wsl.md b/start/install-ce/server/docker/wsl.md
new file mode 100644
index 0000000..288efd1
--- /dev/null
+++ b/start/install-ce/server/docker/wsl.md
@@ -0,0 +1,71 @@
+# Install Portainer CE with Docker on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/docker/wsl.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows environment with WSL and Docker Desktop. To add a new WSL / Docker Desktop environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker Desktop installed and working.
+* Administrator access on the machine that will host your Portainer Server instance.
+* Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled within the Linux distribution used by WSL. If you require SELinux, you will need to pass the `--privileged` flag to Docker when deploying Portainer.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database:
+
+```bash
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-standalone) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+Portainer Server has now been installed. You can check to see whether the Portainer Server container has started by running `docker ps`:
+
+```bash
+root@server:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+f4ab79732007 portainer/portainer-ce:latest "/portainer" 2 weeks ago Up 29 hours 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9000/tcp, :::9443->9443/tcp portainer
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/kubernetes/README.md b/start/install-ce/server/kubernetes/README.md
new file mode 100644
index 0000000..208e8b2
--- /dev/null
+++ b/start/install-ce/server/kubernetes/README.md
@@ -0,0 +1,16 @@
+# Kubernetes
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/kubernetes/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="baremetal.md" %}
+[baremetal.md](baremetal.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
diff --git a/start/install-ce/server/kubernetes/baremetal.md b/start/install-ce/server/kubernetes/baremetal.md
new file mode 100644
index 0000000..c7f59e6
--- /dev/null
+++ b/start/install-ce/server/kubernetes/baremetal.md
@@ -0,0 +1,215 @@
+# Install Portainer CE on your Kubernetes environment
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/kubernetes/baremetal.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight containers on Kubernetes.
+
+To get started, you will need:
+
+* A working and up to date Kubernetes cluster.
+* Access to run `helm` or `kubectl` commands on your cluster.
+* Cluster Admin rights on your Kubernetes cluster. This is so Portainer can create the necessary `ServiceAccount` and `ClusterRoleBinding` for it to access the Kubernetes cluster.
+* A `default` StorageClass configured (see below).
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* Kubernetes RBAC is enabled and working (this is required for the access control functionality in Portainer).
+* You will be using the `portainer` namespace for Portainer. At present this is a requirement - other namespaces are currently unsupported.
+* Kubernetes' metrics server is installed and working (if you wish to use the metrics within Portainer).
+
+## Data Persistence
+
+Portainer requires data persistence, and as a result needs at least one StorageClass available to use. Portainer will attempt to use the default StorageClass during deployment. If you do not have a StorageClass tagged as `default` the deployment will likely fail.
+
+You can check if you have a default StorageClass by running the following command on your cluster:
+
+```
+kubectl get sc
+```
+
+and looking for a StorageClass with `(default)` after its name:
+
+```
+root@kubemaster01:~# kubectl get sc
+NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
+managed-nfs-storage (default) k8s-sigs.io/nfs-subdir-external-provisioner Delete Immediate false 11d
+```
+
+To set a StorageClass as default, you can use the following:
+
+```
+kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+```
+
+replacing `` with the name of your StorageClass. Alternatively, if you are installing using our Helm chart, you can pass the following parameter in your helm install command to specify the StorageClass to use for Portainer:
+
+```
+--set persistence.storageClass=
+```
+
+{% hint style="info" %}
+In some Kubernetes clusters (for example microk8s), the default StorageClass simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
+
+While this behavior is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the Portainer pod to a particular node. You can do this by editing your own values.yaml file to set the nodeSelector value:
+
+`nodeSelector: kubernetes.io/hostname: \`
+
+or alternatively follow the instructions below for each deployment method.
+{% endhint %}
+
+## Deployment
+
+To deploy Portainer within a Kubernetes cluster you can use our provided Helm charts or YAML manifests.
+
+### Deploy using Helm
+
+{% hint style="info" %}
+Ensure you're using at least Helm v3.2, which includes support for the `--create-namespace` argument.
+{% endhint %}
+
+First add the Portainer Helm repository by running the following commands:
+
+```
+helm repo add portainer https://portainer.github.io/k8s/
+helm repo update
+```
+
+Once the update completes, you're ready to begin the installation. Which method you choose will depend on how you wish to expose the Portainer service:
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+Using the following command, Portainer will be available on port `30779` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer --set tls.force=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP on port `30777`, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Ingress" %}
+In this example, Portainer will be deployed to your cluster and assigned a Cluster IP, with an nginx Ingress Controller at the defined hostname. For more on Ingress options, refer to the list of [Chart Configuration Options](../../../../advanced/helm-chart-configuration-options.md).
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set service.type=ClusterIP \
+ --set tls.force=true \
+ --set ingress.enabled=true \
+ --set ingress.ingressClassName= \
+ --set ingress.annotations."nginx\.ingress\.kubernetes\.io/backend-protocol"=HTTPS \
+ --set ingress.hosts[0].host= \
+ --set ingress.hosts[0].paths[0].path="/"
+```
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+Using the following command, Portainer will be available at an assigned Load Balancer IP on port `9443` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set service.type=LoadBalancer \
+ --set tls.force=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP on port `9000`, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+If you want to explicitly set the target node when deploying the Helm chart on the CLI, include `--set nodeSelector.kubernetes\.io/hostname=` in your `helm install` command.
+{% endhint %}
+
+### Deploy using YAML manifests
+
+Our YAML manifests support exposing Portainer via either NodePort or Load Balancer.
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+To expose via NodePort, you can use the following command (Portainer will be available on port `30777` for HTTP and `30779` for HTTPS):
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+To expose via Load Balancer, use the following command to provision Portainer at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer-lb.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+If you want to explicitly set the target node when deploying using YAML manifests, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
+{% endhint %}
+
+```
+kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance. Depending on how you chose to expose your Portainer installation, open a web browser and navigate to the following URL:
+
+{% tabs %}
+{% tab title="NodePort" %}
+```bash
+https://localhost:30779/ or http://localhost:30777/
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+{% endtab %}
+
+{% tab title="Ingress" %}
+```bash
+https:///
+```
+
+Replace `` with the FQDN of your Portainer instance.
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+```bash
+https://:9443/ or http://:9000/
+```
+
+Replace `` with the IP address or FQDN of the load balancer, and adjust the port if you changed it earlier.
+{% endtab %}
+{% endtabs %}
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/kubernetes/wsl.md b/start/install-ce/server/kubernetes/wsl.md
new file mode 100644
index 0000000..81c2f3b
--- /dev/null
+++ b/start/install-ce/server/kubernetes/wsl.md
@@ -0,0 +1,169 @@
+# Install Portainer CE with Kubernetes on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/kubernetes/wsl.md).
+{% endhint %}
+
+## Introduction
+
+The following instructions will guide you in setting up _Portainer Server_ with Kubernetes running on Docker Desktop with WSL.
+
+{% hint style="info" %}
+This scenario is for testing purposes only.
+{% endhint %}
+
+{% hint style="warning" %}
+We are aware of an issue where namespace and application access privileges are not fully implemented when running Kubernetes via Docker Desktop. We are looking into the root cause and hope to have a resolution soon.
+{% endhint %}
+
+## Preparation
+
+Before you start, you must make sure that Kubernetes is enabled and running within your Docker Desktop installation. To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click **Dashboard**:
+
+
+
+Click **Settings**, then select **Kubernetes**, tick **Enable Kubernetes**, then click **Apply and Restart** (clicking **Install** in the dialog to install Kubernetes):
+
+
+
+After a few minutes, you will see that Kubernetes is running in the bottom left status bar of Docker Desktop:
+
+
+
+## Deployment
+
+To deploy Portainer within a Kubernetes cluster you can use our provided Helm charts or YAML manifests.
+
+### Deploy using Helm
+
+{% hint style="info" %}
+Ensure you're using at least Helm v3.2, which includes support for the `--create-namespace` argument.
+{% endhint %}
+
+First add the Portainer Helm repository by running the following commands:
+
+```
+helm repo add portainer https://portainer.github.io/k8s/
+helm repo update
+```
+
+Once the update completes, you're ready to begin the installation. Which method you choose will depend on how you wish to expose the Portainer service:
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+Using the following command, Portainer will be available on port `30777` for HTTP and `30779` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](https://app.gitbook.com/admin/settings#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Ingress" %}
+In this example, Portainer will be deployed to your cluster and assigned a Cluster IP, with an nginx Ingress Controller at the defined hostname. For more on Ingress options, refer to the list of [Chart Configuration Options](../../../../advanced/helm-chart-configuration-options.md).
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set service.type=ClusterIP \
+ --set tls.force=true \
+ --set ingress.enabled=true \
+ --set ingress.ingressClassName= \
+ --set ingress.annotations."nginx\.ingress\.kubernetes\.io/backend-protocol"=HTTPS \
+ --set ingress.hosts[0].host= \
+ --set ingress.hosts[0].paths[0].path="/"
+```
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+Using the following command, Portainer will be available at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer --set service.type=LoadBalancer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](https://app.gitbook.com/admin/settings#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+To explicitly set the target node when deploying the Helm chart on the CLI, include `--set nodeSelector.kubernetes.io/hostname=` in your `helm install` command.
+{% endhint %}
+
+### Deploy using YAML manifests
+
+Our YAML manifests support exposing Portainer via either NodePort or Load Balancer.
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+To expose via NodePort, you can use the following command (Portainer will be available on port `30777` for HTTP and `30779` for HTTPS):
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+To expose via Load Balancer, use the following command to provision Portainer at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer-lb.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+To explicitly set the target node when deploying using YAML manifests, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
+{% endhint %}
+
+```
+kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance. Depending on how you chose to expose your Portainer installation, open a web browser and navigate to the following URL:
+
+{% tabs %}
+{% tab title="NodePort" %}
+```bash
+https://localhost:30779/ or http://localhost:30777/
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+{% endtab %}
+
+{% tab title="Ingress" %}
+```bash
+https:///
+```
+
+Replace `` with the FQDN of your Portainer instance.
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+```bash
+https://:9443/ or http://:9000/
+```
+
+Replace `` with the IP address or FQDN of the load balancer, and adjust the port if you changed it earlier.
+{% endtab %}
+{% endtabs %}
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/setup.md b/start/install-ce/server/setup.md
new file mode 100644
index 0000000..86ddd16
--- /dev/null
+++ b/start/install-ce/server/setup.md
@@ -0,0 +1,25 @@
+# Initial setup
+
+Once the Portainer Server has been deployed, and you have navigated to the instance's URL, you are ready for the initial setup.
+
+## Creating the first user
+
+Your first user will be an administrator. The username defaults to `admin` but you can change it if you prefer. The password must be at least 12 characters long and meet the listed password requirements.
+
+
+
+## Enabling or disabling the collection of statistics
+
+We use a tool called [Matomo](https://matomo.org/) to collect anonymous information about how Portainer is used. We recommend enabling this option so we can make improvements based on usage. For more about what we do with the information we collect, read our [privacy policy](https://www.portainer.io/privacy-policy).
+
+During installation, you can enable or disable connection statistics using the checkbox. If you change your mind later, you can easily update this option under [Settings](../../../admin/settings/) in the Portainer UI.
+
+
+
+## Connecting Portainer to your environments
+
+Once the admin user has been created, the **Environment Wizard** will automatically launch. The wizard will help get you started with Portainer.
+
+
+
+The installation process automatically detects your local environment and sets it up for you. If you want to add additional environments to manage with this Portainer instance, click **Add Environments**. Otherwise, click **Get Started** to start using Portainer!
diff --git a/start/install-ce/server/swarm/README.md b/start/install-ce/server/swarm/README.md
new file mode 100644
index 0000000..765a999
--- /dev/null
+++ b/start/install-ce/server/swarm/README.md
@@ -0,0 +1,19 @@
+# Docker Swarm
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/swarm/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="linux.md" %}
+[linux.md](linux.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
+{% content-ref url="wcs.md" %}
+[wcs.md](wcs.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/swarm/linux.md b/start/install-ce/server/swarm/linux.md
new file mode 100644
index 0000000..a0364d0
--- /dev/null
+++ b/start/install-ce/server/swarm/linux.md
@@ -0,0 +1,75 @@
+# Install Portainer CE with Docker Swarm on Linux
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/swarm/linux.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you deploy the Portainer Server and Agent containers on your Linux environment. To add a new Linux Swarm environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working
+* Swarm mode enabled and working, including the overlay network for the swarm service communication
+* `sudo` access on the manager node of your swarm cluster
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Connecting via TCP is not supported in Docker Swarm.
+* SELinux is disabled on the machine running Docker.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+First, retrieve the stack YML manifest:
+
+```
+curl -L https://downloads.portainer.io/ce2-19/portainer-agent-stack.yml -o portainer-agent-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```
+docker stack deploy -c portainer-agent-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+Portainer Server and the Agents have now been installed. You can check to see whether the Portainer Server and Agent containers have started by running `docker ps`:
+
+```
+root@manager01:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+59ee466f6b15 portainer/agent:latest "./agent" About a minute ago Up About a minute portainer_agent.xbb8k6r7j1tk9gozjku7e43wr.5sa6b3e8cl6hyu0snlt387sgv
+2db7dd4bfba0 portainer/portainer-ce:latest "/portainer -H tcp:/…" About a minute ago Up About a minute 8000/tcp, 9443/tcp portainer_portainer.1.gpuvu3pqmt1m19zxfo44v7izx
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/swarm/wcs.md b/start/install-ce/server/swarm/wcs.md
new file mode 100644
index 0000000..2fd1a96
--- /dev/null
+++ b/start/install-ce/server/swarm/wcs.md
@@ -0,0 +1,86 @@
+# Install Portainer CE with Docker Swarm on Windows Container Service
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/swarm/wcs.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working.
+* Swarm mode enabled and working, including the overlay network for the swarm service communication.
+* Administrator access on the manager node of your Swarm cluster.
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Preparation
+
+To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:
+
+```
+netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
+netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
+netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
+netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
+netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
+netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
+```
+
+You will also need to install the Windows Container Host Service and install Docker:
+
+```
+Enable-WindowsOptionalFeature -Online -FeatureName containers -All
+Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
+Install-Package -Name docker -ProviderName DockerMsftProvider
+```
+
+Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+You can use our YML manifest to run Portainer in Windows using Windows Containers. In PowerShell, run:
+
+```
+curl https://downloads.portainer.io/ce2-19/portainer_windows_stack.yml -o portainer-windows-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```bash
+docker stack deploy --compose-file=portainer-windows-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install-ce/server/swarm/wsl.md b/start/install-ce/server/swarm/wsl.md
new file mode 100644
index 0000000..7bce685
--- /dev/null
+++ b/start/install-ce/server/swarm/wsl.md
@@ -0,0 +1,67 @@
+# Install Portainer CE with Docker Swarm on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Community Edition (CE). For Portainer Business Edition (BE) refer to the [BE install documentation](../../../install/server/swarm/wsl.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows environment with WSL and Docker Desktop. To add a new WSL / Docker Desktop Swarm environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker Desktop installed and working.
+* Swarm mode enabled and working, including the overlay network for the swarm service communication.
+* Administrator access on the manager node of your Swarm cluster.
+* Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled within the Linux distribution used by WSL.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker Swarm cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+To begin the installation, first retrieve the stack YML manifest:
+
+```
+curl -L https://downloads.portainer.io/ce2-19/portainer-agent-stack.yml -o portainer-agent-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```bash
+docker stack deploy -c portainer-agent-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/README.md b/start/install/README.md
new file mode 100644
index 0000000..ea6febd
--- /dev/null
+++ b/start/install/README.md
@@ -0,0 +1,21 @@
+# Install Portainer BE
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../install-ce/).
+{% endhint %}
+
+Portainer Business Edition is straightforward to install. There are two options: installing new or adding an environment to an existing installation.
+
+For a detailed, step-by-step guide to setting up Portainer for production, have a look at our [Best Practice Install Guide](https://academy.portainer.io/install/) in the Portainer Academy.
+
+{% hint style="info" %}
+If you haven't already, please check that your environments meet [our requirements](../requirements-and-prerequisites.md) before proceeding.
+{% endhint %}
+
+{% content-ref url="server/" %}
+[server](server/)
+{% endcontent-ref %}
+
+{% content-ref url="../agent.md" %}
+[agent.md](../agent.md)
+{% endcontent-ref %}
diff --git a/start/install/server/README.md b/start/install/server/README.md
new file mode 100644
index 0000000..7c4f508
--- /dev/null
+++ b/start/install/server/README.md
@@ -0,0 +1,19 @@
+# Set up a new Portainer BE Server installation
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../install-ce/server/).
+{% endhint %}
+
+Select the environment for your new Portainer installation:
+
+{% content-ref url="docker/" %}
+[docker](docker/)
+{% endcontent-ref %}
+
+{% content-ref url="swarm/" %}
+[swarm](swarm/)
+{% endcontent-ref %}
+
+{% content-ref url="kubernetes/" %}
+[kubernetes](kubernetes/)
+{% endcontent-ref %}
diff --git a/start/install/server/docker/README.md b/start/install/server/docker/README.md
new file mode 100644
index 0000000..47e1818
--- /dev/null
+++ b/start/install/server/docker/README.md
@@ -0,0 +1,20 @@
+# Docker Standalone
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/docker/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="linux.md" %}
+[linux.md](linux.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
+{% content-ref url="wcs.md" %}
+[wcs.md](wcs.md)
+{% endcontent-ref %}
+
diff --git a/start/install/server/docker/linux.md b/start/install/server/docker/linux.md
new file mode 100644
index 0000000..089ee00
--- /dev/null
+++ b/start/install/server/docker/linux.md
@@ -0,0 +1,70 @@
+# Install Portainer BE with Docker on Linux
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/docker/linux.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Linux environment. To add a new Linux environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working
+* sudo access on the machine that will host your Portainer Server instance
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled on the machine running Docker. If you require SELinux, you will need to pass the `--privileged` flag to Docker when deploying Portainer.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database:
+
+```bash
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-standalone) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+Portainer Server has now been installed. You can check to see whether the Portainer Server container has started by running `docker ps`:
+
+```bash
+root@server:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+de5b28eb2fa9 portainer/portainer-ee:latest "/portainer" 2 weeks ago Up 9 days 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp portainer
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/docker/wcs.md b/start/install/server/docker/wcs.md
new file mode 100644
index 0000000..e7db518
--- /dev/null
+++ b/start/install/server/docker/wcs.md
@@ -0,0 +1,90 @@
+# Install Portainer BE with Docker on Windows Container Service
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/docker/wcs.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* Administrator access on the machine that will host your Portainer Server instance
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumption about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+
+## Preparation
+
+To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:
+
+```
+netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
+netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
+netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
+netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
+netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
+netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
+```
+
+You will also need to install the Windows Container Host Service and install Docker:
+
+```
+Enable-WindowsOptionalFeature -Online -FeatureName containers -All
+Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
+Install-Package -Name docker -ProviderName DockerMsftProvider
+```
+
+Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database. Using PowerShell:
+
+```
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ee:latest
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="warning" %}
+If you see an error message similar to:
+
+`"\\.\pipe\dockerDesktopEngine" includes invalid characters for a local volume name`
+
+then you may not have Windows containers properly enabled. If you are using Docker Desktop, right click the icon in your tray and select **Switch to Windows Containers**.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/docker/wsl.md b/start/install/server/docker/wsl.md
new file mode 100644
index 0000000..10cd9a8
--- /dev/null
+++ b/start/install/server/docker/wsl.md
@@ -0,0 +1,72 @@
+# Install Portainer BE with Docker on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/docker/wsl.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows environment with WSL and Docker Desktop. To add a new WSL / Docker Desktop environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/docker/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker Desktop installed and working.
+* Administrator access on the machine that will host your Portainer Server instance.
+* Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+* By default, Portainer Server will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled within the Linux distribution used by WSL. If you require SELinux, you will need to pass the `--privileged` flag to Docker when deploying Portainer.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+
+## Deployment
+
+First, create the volume that Portainer Server will use to store its database:
+
+```bash
+docker volume create portainer_data
+```
+
+Then, download and install the Portainer Server container:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-standalone) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you require HTTP port `9000` open for legacy reasons, add the following to your `docker run` command:
+
+`-p 9000:9000`
+{% endhint %}
+
+Portainer Server has now been installed. You can check to see whether the Portainer Server container has started by running `docker ps`:
+
+```bash
+root@server:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+f4ab79732007 portainer/portainer-ee:latest "/portainer" 2 weeks ago Up 29 hours 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9000/tcp, :::9443->9443/tcp portainer
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/kubernetes/README.md b/start/install/server/kubernetes/README.md
new file mode 100644
index 0000000..19a65f8
--- /dev/null
+++ b/start/install/server/kubernetes/README.md
@@ -0,0 +1,16 @@
+# Kubernetes
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/kubernetes/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="baremetal.md" %}
+[baremetal.md](baremetal.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
diff --git a/start/install/server/kubernetes/baremetal.md b/start/install/server/kubernetes/baremetal.md
new file mode 100644
index 0000000..c5a33aa
--- /dev/null
+++ b/start/install/server/kubernetes/baremetal.md
@@ -0,0 +1,218 @@
+# Install Portainer BE on your Kubernetes environment
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/kubernetes/baremetal.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight containers on Kubernetes.
+
+To get started, you will need:
+
+* A working and up to date Kubernetes cluster.
+* Access to run `helm` or `kubectl` commands on your cluster.
+* Cluster Admin rights on your Kubernetes cluster. This is so Portainer can create the necessary `ServiceAccount` and `ClusterRoleBinding` for it to access the Kubernetes cluster.
+* A `default` StorageClass configured (see below).
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* Kubernetes RBAC is enabled and working (this is required for the access control functionality in Portainer).
+* You will be using the `portainer` namespace for Portainer. At present this is a requirement - other namespaces are currently unsupported.
+* Kubernetes' metrics server is installed and working (if you wish to use the metrics within Portainer).
+
+## Data Persistence
+
+Portainer requires data persistence, and as a result needs at least one StorageClass available to use. Portainer will attempt to use the default StorageClass during deployment. If you do not have a StorageClass tagged as `default` the deployment will likely fail.
+
+You can check if you have a default StorageClass by running the following command on your cluster:
+
+```
+kubectl get sc
+```
+
+and looking for a StorageClass with `(default)` after its name:
+
+```
+root@kubemaster01:~# kubectl get sc
+NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
+managed-nfs-storage (default) k8s-sigs.io/nfs-subdir-external-provisioner Delete Immediate false 11d
+```
+
+To set a StorageClass as default, you can use the following:
+
+```
+kubectl patch storageclass -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+```
+
+replacing `` with the name of your StorageClass. Alternatively, if you are installing using our Helm chart, you can pass the following parameter in your helm install command to specify the StorageClass to use for Portainer:
+
+```
+--set persistence.storageClass=
+```
+
+{% hint style="info" %}
+In some Kubernetes clusters (for example microk8s), the default StorageClass simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
+
+While this behavior is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the Portainer pod to a particular node. You can do this by editing your own values.yaml file to set the nodeSelector value:
+
+`nodeSelector: kubernetes.io/hostname: \`
+
+or alternatively follow the instructions below for each deployment method.
+{% endhint %}
+
+## Deployment
+
+To deploy Portainer within a Kubernetes cluster you can use our provided Helm charts or YAML manifests.
+
+### Deploy using Helm
+
+{% hint style="info" %}
+Ensure you're using at least Helm v3.2, which includes support for the `--create-namespace` argument.
+{% endhint %}
+
+First add the Portainer Helm repository by running the following commands:
+
+```
+helm repo add portainer https://portainer.github.io/k8s/
+helm repo update
+```
+
+Once the update completes, you're ready to begin the installation. Which method you choose will depend on how you wish to expose the Portainer service:
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+Using the following command, Portainer will be available on port `30779` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer --set enterpriseEdition.enabled=true --set tls.force=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP on port `30777`, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Ingress" %}
+In this example, Portainer will be deployed to your cluster and assigned a Cluster IP, with an nginx Ingress Controller at the defined hostname. For more on Ingress options, refer to the list of [Chart Configuration Options](../../../../advanced/helm-chart-configuration-options.md).
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set enterpriseEdition.enabled=true \
+ --set service.type=ClusterIP \
+ --set tls.force=true \
+ --set ingress.enabled=true \
+ --set ingress.ingressClassName= \
+ --set ingress.annotations."nginx\.ingress\.kubernetes\.io/backend-protocol"=HTTPS \
+ --set ingress.hosts[0].host= \
+ --set ingress.hosts[0].paths[0].path="/"
+```
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+Using the following command, Portainer will be available at an assigned Load Balancer IP on port `9443` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set service.type=LoadBalancer \
+ --set enterpriseEdition.enabled=true \
+ --set tls.force=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+{% hint style="info" %}
+If you need to access Portainer via HTTP on port `9000`, remove the `--set tls.force=true` option.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+If you want to explicitly set the target node when deploying the Helm chart on the CLI, include `--set nodeSelector.kubernetes\.io/hostname=` in your `helm install` command.
+{% endhint %}
+
+### Deploy using YAML manifests
+
+Our YAML manifests support exposing Portainer via either NodePort or Load Balancer.
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+To expose via NodePort, you can use the following command (Portainer will be available on port `30777` for HTTP and `30779` for HTTPS):
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+To expose via Load Balancer, use the following command to provision Portainer at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-lb.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+If you want to explicitly set the target node when deploying using YAML manifests, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
+{% endhint %}
+
+```
+kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance. Depending on how you chose to expose your Portainer installation, open a web browser and navigate to the following URL:
+
+{% tabs %}
+{% tab title="NodePort" %}
+```bash
+https://localhost:30779/ or http://localhost:30777/
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+{% endtab %}
+
+{% tab title="Ingress" %}
+```bash
+https:///
+```
+
+Replace `` with the FQDN of your Portainer instance.
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+```bash
+https://:9443/ or http://:9000/
+```
+
+Replace `` with the IP address or FQDN of the load balancer, and adjust the port if you changed it earlier.
+{% endtab %}
+{% endtabs %}
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/kubernetes/wsl.md b/start/install/server/kubernetes/wsl.md
new file mode 100644
index 0000000..5a7659e
--- /dev/null
+++ b/start/install/server/kubernetes/wsl.md
@@ -0,0 +1,170 @@
+# Install Portainer BE with Kubernetes on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/kubernetes/wsl.md).
+{% endhint %}
+
+## Introduction
+
+The following instructions will guide you in setting up _Portainer Server_ with Kubernetes running on Docker Desktop with WSL.
+
+{% hint style="info" %}
+This scenario is for testing purposes only.
+{% endhint %}
+
+{% hint style="warning" %}
+We are aware of an issue where namespace and application access privileges are not fully implemented when running Kubernetes via Docker Desktop. We are looking into the root cause and hope to have a resolution soon.
+{% endhint %}
+
+## Preparation
+
+Before you start, you must make sure that Kubernetes is enabled and running within your Docker Desktop installation. To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click **Dashboard**:
+
+
+
+Click **Settings**, then select **Kubernetes**, tick **Enable Kubernetes**, then click **Apply and Restart** (clicking **Install** in the dialog to install Kubernetes):
+
+
+
+After a few minutes, you will see that Kubernetes is running in the bottom left status bar of Docker Desktop:
+
+
+
+## Deployment
+
+To deploy Portainer within a Kubernetes cluster you can use our provided Helm charts or YAML manifests.
+
+### Deploy using Helm
+
+{% hint style="info" %}
+Ensure you're using at least Helm v3.2, which includes support for the `--create-namespace` argument.
+{% endhint %}
+
+First add the Portainer Helm repository by running the following commands:
+
+```
+helm repo add portainer https://portainer.github.io/k8s/
+helm repo update
+```
+
+Once the update completes, you're ready to begin the installation. Which method you choose will depend on how you wish to expose the Portainer service:
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+Using the following command, Portainer will be available on port `30777` for HTTP and `30779` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer --set enterpriseEdition.enabled=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](https://app.gitbook.com/admin/settings#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Ingress" %}
+In this example, Portainer will be deployed to your cluster and assigned a Cluster IP, with an nginx Ingress Controller at the defined hostname. For more on Ingress options, refer to the list of [Chart Configuration Options](../../../../advanced/helm-chart-configuration-options.md).
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
+ --set enterpriseEdition.enabled=true \
+ --set service.type=ClusterIP \
+ --set tls.force=true \
+ --set ingress.enabled=true \
+ --set ingress.ingressClassName= \
+ --set ingress.annotations."nginx\.ingress\.kubernetes\.io/backend-protocol"=HTTPS \
+ --set ingress.hosts[0].host= \
+ --set ingress.hosts[0].paths[0].path="/"
+```
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+Using the following command, Portainer will be available at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+helm upgrade --install --create-namespace -n portainer portainer portainer/portainer --set service.type=LoadBalancer --set enterpriseEdition.enabled=true
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](https://app.gitbook.com/admin/settings#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+To explicitly set the target node when deploying the Helm chart on the CLI, include `--set nodeSelector.kubernetes.io/hostname=` in your `helm install` command.
+{% endhint %}
+
+### Deploy using YAML manifests
+
+Our YAML manifests support exposing Portainer via either NodePort or Load Balancer.
+
+{% tabs %}
+{% tab title="Expose via NodePort" %}
+To expose via NodePort, you can use the following command (Portainer will be available on port `30777` for HTTP and `30779` for HTTPS):
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `30779`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+
+{% tab title="Expose via Load Balancer" %}
+To expose via Load Balancer, use the following command to provision Portainer at an assigned Load Balancer IP on port `9000` for HTTP and `9443` for HTTPS:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-lb.yaml
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-kubernetes-via-helm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+{% hint style="info" %}
+To explicitly set the target node when deploying using YAML manifests, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
+{% endhint %}
+
+```
+kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance. Depending on how you chose to expose your Portainer installation, open a web browser and navigate to the following URL:
+
+{% tabs %}
+{% tab title="NodePort" %}
+```bash
+https://localhost:30779/ or http://localhost:30777/
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+{% endtab %}
+
+{% tab title="Ingress" %}
+```bash
+https:///
+```
+
+Replace `` with the FQDN of your Portainer instance.
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+```bash
+https://:9443/ or http://:9000/
+```
+
+Replace `` with the IP address or FQDN of the load balancer, and adjust the port if you changed it earlier.
+{% endtab %}
+{% endtabs %}
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/setup.md b/start/install/server/setup.md
new file mode 100644
index 0000000..90797b2
--- /dev/null
+++ b/start/install/server/setup.md
@@ -0,0 +1,33 @@
+# Initial setup
+
+Once the Portainer Server has been deployed, and you have navigated to the instance's URL, you are ready for the initial setup.
+
+## Creating the first user
+
+Your first user will be an administrator. The username defaults to `admin` but you can change it if you prefer. The password must be at least 12 characters long and meet the listed password requirements.
+
+
+
+## Enabling or disabling the collection of statistics
+
+We use a tool called [Matomo](https://matomo.org/) to collect anonymous information about how Portainer is used. We recommend enabling this option so we can make improvements based on usage. For more about what we do with the information we collect, read our [privacy policy](https://www.portainer.io/privacy-policy).
+
+During installation, you can enable or disable connection statistics using the checkbox. If you change your mind later, you can easily update this option under [Settings](../../../admin/settings/) in the Portainer UI.
+
+
+
+## Add your license key
+
+You will now be asked to provide your license key. You will have been provided this when signing up for Business Edition or the free trial. If you don't have a license key, you can either click the **Don't have a license?** link or [get in touch with our team](mailto:success@portainer.io).
+
+Paste the license key you were provided into the box and click **Submit**.
+
+
+
+## Connecting Portainer to your environments
+
+Once the admin user has been created, the **Environment Wizard** will automatically launch. The wizard will help get you started with Portainer.
+
+
+
+The installation process automatically detects your local environment and sets it up for you. If you want to add additional environments to manage with this Portainer instance, click **Add Environments**. Otherwise, click **Get Started** to start using Portainer!
diff --git a/start/install/server/swarm/README.md b/start/install/server/swarm/README.md
new file mode 100644
index 0000000..6176308
--- /dev/null
+++ b/start/install/server/swarm/README.md
@@ -0,0 +1,19 @@
+# Docker Swarm
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/swarm/).
+{% endhint %}
+
+Installation instructions can differ between platforms. Please choose your platform below:
+
+{% content-ref url="linux.md" %}
+[linux.md](linux.md)
+{% endcontent-ref %}
+
+{% content-ref url="wsl.md" %}
+[wsl.md](wsl.md)
+{% endcontent-ref %}
+
+{% content-ref url="wcs.md" %}
+[wcs.md](wcs.md)
+{% endcontent-ref %}
diff --git a/start/install/server/swarm/linux.md b/start/install/server/swarm/linux.md
new file mode 100644
index 0000000..0bd591b
--- /dev/null
+++ b/start/install/server/swarm/linux.md
@@ -0,0 +1,76 @@
+# Install Portainer BE with Docker Swarm on Linux
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/swarm/linux.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_ and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you deploy the Portainer Server and Agent containers on your Linux environment. To add a new Linux Swarm environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working
+* Swarm mode enabled and working, including the overlay network for the swarm service communication
+* `sudo` access on the manager node of your swarm cluster
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Connecting via TCP is not supported in Docker Swarm.
+* SELinux is disabled on the machine running Docker.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+First, retrieve the stack YML manifest:
+
+```
+curl -L https://downloads.portainer.io/ee2-19/portainer-agent-stack.yml -o portainer-agent-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```
+docker stack deploy -c portainer-agent-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+Portainer Server and the Agents have now been installed. You can check to see whether the Portainer Server and Agent containers have started by running `docker ps`:
+
+```
+root@manager01:~# docker ps
+CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+59ee466f6b15 portainer/agent:latest "./agent" About a minute ago Up About a minute portainer_agent.xbb8k6r7j1tk9gozjku7e43wr.5sa6b3e8cl6hyu0snlt387sgv
+2db7dd4bfba0 portainer/portainer-ee:latest "/portainer -H tcp:/…" About a minute ago Up About a minute 8000/tcp, 9443/tcp portainer_portainer.1.gpuvu3pqmt1m19zxfo44v7izx
+```
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/swarm/wcs.md b/start/install/server/swarm/wcs.md
new file mode 100644
index 0000000..c1c073c
--- /dev/null
+++ b/start/install/server/swarm/wcs.md
@@ -0,0 +1,89 @@
+# Install Portainer BE with Docker Swarm on Windows Container Service
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/swarm/wcs.md).
+{% endhint %}
+
+
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker installed and working.
+* Swarm mode enabled and working, including the overlay network for the swarm service communication.
+* Administrator access on the manager node of your Swarm cluster.
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Preparation
+
+To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:
+
+```
+netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
+netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
+netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
+netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
+netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
+netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
+```
+
+You will also need to install the Windows Container Host Service and install Docker:
+
+```
+Enable-WindowsOptionalFeature -Online -FeatureName containers -All
+Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
+Install-Package -Name docker -ProviderName DockerMsftProvider
+```
+
+Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+You can use our YML manifest to run Portainer in Windows using Windows Containers. In PowerShell, run:
+
+```
+curl https://downloads.portainer.io/ee2-19/portainer_windows_stack.yml -o portainer-windows-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```bash
+docker stack deploy --compose-file=portainer-windows-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/install/server/swarm/wsl.md b/start/install/server/swarm/wsl.md
new file mode 100644
index 0000000..1d9b01c
--- /dev/null
+++ b/start/install/server/swarm/wsl.md
@@ -0,0 +1,68 @@
+# Install Portainer BE with Docker Swarm on WSL / Docker Desktop
+
+{% hint style="info" %}
+These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the [CE install documentation](../../../install-ce/server/swarm/wsl.md).
+{% endhint %}
+
+## Introduction
+
+Portainer consists of two elements, the _Portainer Server_, and the _Portainer Agent_. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows environment with WSL and Docker Desktop. To add a new WSL / Docker Desktop Swarm environment to an existing Portainer Server installation, please refer to the [Portainer Agent installation instructions](../../../../admin/environments/add/swarm/agent.md).
+
+To get started, you will need:
+
+* The latest version of Docker Desktop installed and working.
+* Swarm mode enabled and working, including the overlay network for the swarm service communication.
+* Administrator access on the manager node of your Swarm cluster.
+* Windows Subsystem for Linux (WSL) installed and a Linux distribution selected. For a new installation we recommend WSL2.
+* By default, Portainer will expose the UI over port `9443` and expose a TCP tunnel server over port `8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
+* The manager and worker nodes must be able to communicate with each other over port `9001`.
+* A license key for Portainer Business Edition.
+
+The installation instructions also make the following assumptions about your environment:
+
+* Your environment meets [our requirements](../../../requirements-and-prerequisites.md). While Portainer may work with other configurations, it may require configuration changes or have limited functionality.
+* You are accessing Docker via Unix sockets. Alternatively, you can also connect via TCP.
+* SELinux is disabled within the Linux distribution used by WSL.
+* Docker is running as root. Portainer with rootless Docker has some limitations, and requires additional configuration.
+* You are running a single manager node in your swarm. If you have more than one, please [read this knowledge base article](https://portal.portainer.io/knowledge/how-can-i-ensure-portainers-configuration-is-retained) before proceeding.
+* If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.
+
+## Deployment
+
+Portainer can be directly deployed as a service in your Docker Swarm cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
+
+{% hint style="danger" %}
+Only do this **once** for your environment, regardless of how many nodes are in the cluster. You **do not** need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.
+{% endhint %}
+
+To begin the installation, first retrieve the stack YML manifest:
+
+```
+curl -L https://downloads.portainer.io/ee2-19/portainer-agent-stack.yml -o portainer-agent-stack.yml
+```
+
+Then use the downloaded YML manifest to deploy your stack:
+
+```bash
+docker stack deploy -c portainer-agent-stack.yml portainer
+```
+
+{% hint style="info" %}
+By default, Portainer generates and uses a self-signed SSL certificate to secure port `9443`. Alternatively you can provide your own SSL certificate [during installation](../../../../advanced/ssl.md#using-your-own-ssl-certificate-on-docker-swarm) or [via the Portainer UI](../../../../admin/settings/#ssl-certificate) after installation is complete.
+{% endhint %}
+
+## Logging In
+
+Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:
+
+```bash
+https://localhost:9443
+```
+
+Replace `localhost` with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.
+
+You will be presented with the initial setup page for Portainer Server.
+
+{% content-ref url="../setup.md" %}
+[setup.md](../setup.md)
+{% endcontent-ref %}
diff --git a/start/intro.md b/start/intro.md
new file mode 100644
index 0000000..666c4f0
--- /dev/null
+++ b/start/intro.md
@@ -0,0 +1,12 @@
+# Introduction
+
+This section explains the Portainer architecture and how to install it. We recommend that you read the entire section to ensure your installation goes smoothly.
+
+Learn about the [architecture](architecture.md) first, get familiar with the [prerequisites to installation](requirements-and-prerequisites.md), then finally, step through how to [install the product](install/) in your environment.
+
+{% content-ref url="architecture.md" %}
+[architecture.md](architecture.md)
+{% endcontent-ref %}
+
+
+
diff --git a/start/requirements-and-prerequisites.md b/start/requirements-and-prerequisites.md
new file mode 100644
index 0000000..ffaa4ec
--- /dev/null
+++ b/start/requirements-and-prerequisites.md
@@ -0,0 +1,120 @@
+# Requirements and prerequisites
+
+Requirements specific to your environment will be covered in the installation process.
+
+## Valid configurations
+
+Every Portainer release goes through functional, release and post-release testing to ensure it works as expected. Because we cannot test against every configuration variant out there, we test against a subset.
+
+The following tables list all of the configurations that we have tested, validated and consider to be functional. If a variant is not listed, it doesn't mean it won't work, it just means it hasn't been tested.
+
+{% hint style="info" %}
+**A note on Podman support**
+
+At present, Portainer does not fully support running on Podman environments. While some aspects of Portainer do function with Podman, it isn't a platform that we test on or build for, and there are [known issues](https://github.com/orgs/portainer/discussions/9723). We currently do not have an ETA on when full Podman support will be implemented in Portainer.
+{% endhint %}
+
+### Portainer Business Edition (BE)
+
+| Portainer Version | Release Date | Docker Version | Kubernetes Version | Architectures |
+| -------------------------------------------------------------- | ------------------ | ------------------------- | ------------------------ | ------------------------------------------------------------------------------------------------------ |
+| [Business 2.19.0 (latest)](../release-notes.md#release-2.19.0) | August 31, 2023 | 23.0.6 24.0.4 | 1.23 1.24 1.26 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.18.4](../release-notes.md#release-2.18.4) | July 7, 2023 | 23.0.6 24.0.4 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.18.3](../release-notes.md#release-2.18.3) | May 22, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.18.2](../release-notes.md#release-2.18.2) | May 1, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.18.1](../release-notes.md#release-2.18.1) | April 18, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.17.1](../release-notes.md#release-2.17.1) | February 22, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.17.0](../release-notes.md#release-2.17.0) | February 7, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.16.2](../release-notes.md#release-2.16.2) | November 21, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.16.1](../release-notes.md#release-2.16.1) | November 9, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.16.0](../release-notes.md#release-2.16.0) | October 31, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.15.1](../release-notes.md#release-2.15.1) | September 16, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.15.0](../release-notes.md#release-2.15.0) | September 6, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.14.2](../release-notes.md#release-2.14.2) | July 26, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.14.1](../release-notes.md#release-2.14.1) | July 12, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.14.0](../release-notes.md#release-2.14.0) | June 28, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.13.1](../release-notes.md#release-2.13.1) | May 12, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.13.0](../release-notes.md#release-2.13.0) | May 9, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.12.2](../release-notes.md#release-2.12.2) | April 4, 2022 | 20.10.7 20.10.11 20.10.12 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.12.1](../release-notes.md#release-2.12.1) | March 9, 2022 | 20.10.7 20.10.11 20.10.12 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.12.0](../release-notes.md#release-2.12.0) | March 8, 2022 | 20.10.7 20.10.11 20.10.12 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.10.0](../release-notes.md#release-2.10.0) | November 15, 2021 | 20.10.6 20.10.7 20.10.8 | 1.19.11 1.20.7 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.7.0](../release-notes.md#release-2.7.0) | July 29, 2021 | 20.10.6 20.10.7 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.4.0](../release-notes.md#release-2.4.0) | May 4, 2021 | 20.10.5 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.0.1](../release-notes.md#release-2.0.1) | February 22, 2021 | 19.03.13 | 1.17.3 1.18.6 1.19.3 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| [Business 2.0.0](../release-notes.md#release-2.0.0) | December 3, 2020 | 19.03.13 | 1.17.3 1.18.6 1.19.3 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+
+### Portainer Community Edition (CE)
+
+| Portainer Version | Release Date | Docker Version | Kubernetes Version | Architectures |
+| ------------------------- | ------------------ | ------------------------- | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Community 2.19.0 (latest) | August 31, 2023 | 23.0.6 24.0.4 | 1.23 1.24 1.26 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.18.4 | July 7, 2023 | 23.0.6 24.0.4 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.18.3 | May 22, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.18.2 | May 1, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.18.1 | April 18, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.17.1 | February 22, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.17.0 | February 7, 2023 | 20.10.9 20.10.13 20.10.17 | 1.22 1.23 1.24 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.16.2 | November 21, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.16.1 | November 9, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.16.0 | October 31, 2022 | 20.10.9 20.10.13 20.10.17 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.15.1 | September 16, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.15.0 | September 6, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.14.2 | July 26, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.14.1 | July 12, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.14.0 | June 28, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.13.1 | May 12, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.13.0 | May 9, 2022 | 20.10.9 20.10.12 20.10.13 | 1.21.7 1.22 1.23 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.11.1 | February 8, 2022 | 20.10.8 20.10.11 20.10.12 | 1.20.13 1.21.7 1.22.4 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.11.0 | December 9, 2021 | 20.10.6 20.10.8 20.10.11 | 1.19.11 1.20.7 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.9.3 | November 22, 2021 | 20.10.5 20.10.6 | 1.19.11 1.20.7 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.9.2 | October 26, 2021 | 20.10.5 20.10.6 | 1.19 1.20 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.9.1 | October 11, 2021 | 20.10.5 20.10.6 | 1.19 1.20 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.9.0 | September 23, 2021 | 20.10.5 20.10.6 | 1.19 1.20 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.6.3 | August 27, 2021 | 20.10.5 20.10.6 | 1.19 1.20 1.21 1.22 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.6.2 | August 2, 2021 | 20.10.5 20.10.6 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.6.1 | July 12, 2021 | 20.10.5 20.10.6 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.6.0 | June 25, 2021 | 20.10.5 20.10.6 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.5.1 | May 18, 2021 | 20.10.5 20.10.6 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.5.0 | May 18, 2021 | 20.10.5 | 1.19 1.20.2 1.21 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.1.x | February 2, 2021 | 20.10.2 | 1.20.0 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.0.1 | January 7, 2021 | 20.10.0 | 1.17.13 1.18.9 1.19.3 1.20.0 | [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| Community 2.0 | August 31, 2020 | 19.03.12 | 1.17.13 1.18.6 1.18.9 1.19.3 | [ARM32](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| 1.24.1 | July 23, 2020 | 19.03.12 | N/A | [ARM32](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| 1.24.0 | June 2, 2020 | 19.03.10 | N/A | [ARM32](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+| 1.23.2 | March 25, 2020 | 19.03.6 | N/A | [ARM32](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), [ARM64](https://portal.portainer.io/knowledge/which-arm-architectures-does-portainer-support), x86\_64 |
+
+{% hint style="info" %}
+If you find an issue with an unlisted configuration, before reporting a bug, update your environment to a valid configuration and try to replicate the issue.
+{% endhint %}
+
+## Persistent storage
+
+The Portainer Server requires persistent storage in order to maintain the database and configuration information it needs to function. The installation process provides a basic storage configuration for your platform. By default, both Docker and Kubernetes provide local (to the node) storage only, and if cluster-wide persistent storage is desired we recommend implementing it at the infrastructure level (for example, via NFS).
+
+## Ports
+
+In order to access the UI and API, and for the Portainer Server instance and the Portainer Agents to communicate, certain ports need to be accessible.
+
+On the Portainer Server the following ports must be open:
+
+* TCP port `9443` (or `30779` for Kubernetes with NodePort) for the UI and API
+* TCP port `8000` (or `30776` for Kubernetes with NodePort) for the TCP tunnel server for Edge Agents. This port is optional and only required if using Edge Compute features with Edge Agents.
+
+For the Portainer Agent:
+
+* TCP port `9001` (or `30778` for Kubernetes with NodePort) must be accessible on the Agent from the Portainer Server instance.
+
+The Portainer Edge Agent does not require any open ports.
+
+{% hint style="info" %}
+All ports can be changed during installation.
+{% endhint %}
+
+{% content-ref url="install/" %}
+[install](install/)
+{% endcontent-ref %}
+
+{% content-ref url="install-ce/" %}
+[install-ce](install-ce/)
+{% endcontent-ref %}
diff --git a/start/upgrade/README.md b/start/upgrade/README.md
new file mode 100644
index 0000000..22e6672
--- /dev/null
+++ b/start/upgrade/README.md
@@ -0,0 +1,65 @@
+# Updating Portainer
+
+Portainer releases contain new features and bug fixes so it's important to keep your installation up to date. We have [tested and validated](../requirements-and-prerequisites.md#valid-configurations) all Portainer version upgrades from 2.0.0 up to the latest release.
+
+While it's possible that an untested unvalidated update path might work, we recommend that all update paths are tested and validated on a non-critical system before applying them to your production systems.
+
+{% hint style="info" %}
+We added a [backup and restore feature](../../admin/settings/#backup-portainer) to Portainer BE 2.7 and strongly recommend that you take a backup of your Portainer instance before updating.
+{% endhint %}
+
+{% hint style="info" %}
+Starting with CE 2.9 and BE 2.10 Portainer is HTTPS enabled by default and uses port `9443` to serve the UI. HTTP can still be enabled on port `9000` if required.
+{% endhint %}
+
+## Update order
+
+In general, we recommend updating your Portainer Server deployment _before_ you update the Portainer Agents. When we release new versions of Portainer we ensure that Portainer Server is able to talk to older versions of the Agent, and in most cases the reverse is true, but in some instances we make changes to the Agent that are not fully backward compatible with older versions of Portainer Server.
+
+## Updating Portainer
+
+### From within Portainer
+
+From 2.19, Business Edition users are able to update their Portainer installation directly from within Portainer. To do so, click the **Update now** link in the update notification in the bottom left of the Portainer UI.
+
+
+
+In the confirmation dialog, click **Start update** to proceed with the update.
+
+{% hint style="warning" %}
+Remember to [back up your Portainer installation](../../admin/settings/#backup-portainer) before updating!
+{% endhint %}
+
+
+
+### Manually update Portainer
+
+If you would prefer to manually update your Portainer installation, choose your platform then follow the instructions:
+
+{% content-ref url="docker.md" %}
+[docker.md](docker.md)
+{% endcontent-ref %}
+
+{% content-ref url="swarm.md" %}
+[swarm.md](swarm.md)
+{% endcontent-ref %}
+
+{% content-ref url="kubernetes.md" %}
+[kubernetes.md](kubernetes.md)
+{% endcontent-ref %}
+
+### Update the Portainer Agent
+
+If you are using the Portainer Edge Agent, we have specific update instructions for you:
+
+{% content-ref url="edge.md" %}
+[edge.md](edge.md)
+{% endcontent-ref %}
+
+### Upgrading to Business Edition
+
+If you are coming from Portainer CE or the 1.24.x branch, we have guides for you as well.
+
+{% content-ref url="tobe/" %}
+[tobe](tobe/)
+{% endcontent-ref %}
diff --git a/start/upgrade/docker.md b/start/upgrade/docker.md
new file mode 100644
index 0000000..a267069
--- /dev/null
+++ b/start/upgrade/docker.md
@@ -0,0 +1,113 @@
+# Updating on Docker Standalone
+
+{% hint style="info" %}
+Always match the agent version to the Portainer Server version. In other words, when you're installing or updating to Portainer 2.19.0 make sure all of the agents are also on version 2.19.0.
+{% endhint %}
+
+{% hint style="danger" %}
+Before beginning any update, we highly recommend [taking a backup](../../admin/settings/#backup-portainer) of your current Portainer configuration.
+{% endhint %}
+
+## Updating your Portainer Server
+
+{% hint style="warning" %}
+Starting from Portainer CE 2.9 and BE 2.10, HTTPS is enabled by default on port `9443.` These instructions will configure Portainer to use 9443 for HTTPS and do not expose 9000 for HTTP. If you need to retain HTTP access, you can add:
+
+`-p 9000:9000`
+
+to your command.
+
+You can also choose to [completely disable HTTP](../../admin/settings/#force-https-only) after the update. Before you make Portainer HTTPS only, make sure you have all your Agents and Edge Agents already communicating with Portainer using HTTPS.
+{% endhint %}
+
+{% hint style="info" %}
+This article assumes that you used our recommended deployment scripts.
+{% endhint %}
+
+To update to the latest version of Portainer Server, use the following commands to stop then remove the old version. Your other applications/containers will not be removed.
+
+```
+docker stop portainer
+```
+
+```
+docker rm portainer
+```
+
+Now that you have stopped and removed the old version of Portainer, you must ensure that you have the latest version of the image locally. You can do this with a `docker pull` command:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker pull portainer/portainer-ee:latest
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker pull portainer/portainer-ce:latest
+```
+{% endtab %}
+{% endtabs %}
+
+Finally, deploy the updated version of Portainer:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
+```
+{% endtab %}
+{% endtabs %}
+
+{% hint style="warning" %}
+These `docker run` commands include opening port `8000` which is used for Edge Agent communication as included in our [installation instructions](../install/server/docker/linux.md). If you do not need this port open, you can remove it from the command.
+{% endhint %}
+
+{% hint style="info" %}
+To provide your own SSL certs you may use `--sslcert` and `--sslkey` flags as below to provide the certificate and key files. The certificate file needs to be the full chain and in PEM format. For example, for Business Edition:
+
+```
+docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest --sslcert /path/to/cert/portainer.crt --sslkey /path/to/cert/portainer.key
+```
+{% endhint %}
+
+The newest version of Portainer will now be deployed on your system, using the persistent data from the previous version, and will also upgrade the Portainer database to the new version.
+
+When the deployment is finished, go to `https://your-server-address:9443` or `http://your-server-address:9000` and log in. You should notice that the update notification has disappeared and the version number has been updated.
+
+## Agent-only upgrade
+
+To update to the latest version of Portainer Agent, use the following commands to stop then remove the old version. Your other applications/containers will not be removed.
+
+```
+docker stop portainer_agent
+```
+
+```
+docker rm portainer_agent
+```
+
+Next, pull the updated version of the image:
+
+```
+docker pull portainer/agent:latest
+```
+
+Finally, start the agent with the updated image:
+
+```
+docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:latest
+```
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you must remember to explicitly provide this when updating your agent:
+
+`-e AGENT_SECRET=yoursecret`
+{% endhint %}
diff --git a/start/upgrade/edge.md b/start/upgrade/edge.md
new file mode 100644
index 0000000..2d044bc
--- /dev/null
+++ b/start/upgrade/edge.md
@@ -0,0 +1,88 @@
+# Updating the Edge Agent
+
+To update the Portainer Edge Agent to the latest version, follow the below instructions for your Edge environment.
+
+{% hint style="info" %}
+Always match the agent version to the Portainer Server version. In other words, when you're installing or updating to Portainer 2.19.0 make sure all of the agents are also on version 2.19.0.
+{% endhint %}
+
+{% hint style="danger" %}
+Before beginning any update, we highly recommend [taking a backup](../../admin/settings/#backup-portainer) of your current Portainer configuration.
+{% endhint %}
+
+## Docker Standalone
+
+{% hint style="info" %}
+Portainer now also has the ability to update Edge Agents on Docker Standalone [directly from within the UI](../../admin/environments/update.md).
+{% endhint %}
+
+To upgrade the Portainer Edge Agent on a Docker Standalone platform, you will first need to note the **Edge identifier** and the **Edge key** for the Edge environment. To find these values, log into Portainer and click **Environments**, then click the name of the environment you are updating.
+
+At the top of the page in the **Edge information** section, you will see the two values you require in the next steps.
+
+
+
+Next, on the Edge environment, we need to stop and remove the Edge Agent container.
+
+```
+docker stop portainer_edge_agent
+docker rm portainer_edge_agent
+```
+
+We also want to ensure we have the updated version of the container image locally:
+
+```
+docker pull portainer/agent:latest
+```
+
+To deploy the updated Edge Agent, replace the `your-edge-identifier-here` and `your-edge-key-here` values in the following command with those you retrieved earlier, then run the command:
+
+```
+docker run -d -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -v /:/host -v portainer_agent_data:/data --restart always -e EDGE=1 -e EDGE_ID=your-edge-identifier-here -e EDGE_KEY=your-edge-key-here -e EDGE_INSECURE_POLL=1 --name portainer_edge_agent portainer/agent:latest
+```
+
+## Docker Swarm
+
+To update the Portainer Edge Agent on a Docker Swarm environment, run the following commands.
+
+First, to ensure you have the updated container image locally, pull the image:
+
+```
+docker pull portainer/agent:latest
+```
+
+Then, update the service to use the new image version:
+
+```
+docker service update --image portainer/agent:latest --force portainer_edge_agent
+```
+
+## Kubernetes
+
+To update the Portainer Edge Agent on a Kubernetes environment, you will need to first download an updated YAML manifest, then apply that manifest to your existing environment.
+
+To download the manifest, you can use one of the following commands:
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+curl -L https://downloads.portainer.io/ee2-19/portainer-agent-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+curl -L https://downloads.portainer.io/ce2-19/portainer-agent-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml
+```
+{% endtab %}
+{% endtabs %}
+
+To apply this manifest to your environment, run the following command:
+
+```
+kubectl apply -f portainer-agent-edge-k8s.yaml
+```
+
+## Nomad
+
+For Nomad-specific update instructions, please refer to [Updating on Nomad](nomad.md).
diff --git a/start/upgrade/kubernetes.md b/start/upgrade/kubernetes.md
new file mode 100644
index 0000000..8cae086
--- /dev/null
+++ b/start/upgrade/kubernetes.md
@@ -0,0 +1,222 @@
+# Updating on Kubernetes
+
+{% hint style="info" %}
+Always match the agent version to the Portainer Server version. In other words, when you're installing or updating to Portainer 2.19.0 make sure all of the agents are also on version 2.19.0.
+{% endhint %}
+
+{% hint style="warning" %}
+Starting from Portainer CE 2.9 and BE 2.10, HTTPS is enabled by default on port `9443.` These instructions will configure Portainer to use both `9443` for HTTPS and `9000` for HTTP. You can choose to [completely disable HTTP](../../admin/settings/#force-https-only) after the update.
+
+Before you make Portainer HTTPS only, make sure you have all your Agents and Edge Agents already communicating with Portainer using HTTPS.
+{% endhint %}
+
+{% hint style="danger" %}
+Before beginning any update, we highly recommend [taking a backup](../../admin/settings/#backup-portainer) of your current Portainer configuration.
+{% endhint %}
+
+Select the Portainer update method which matches the original installation method used.
+
+## Method 1: Updating using Helm
+
+Add the Portainer Helm repository by running the following commands. Ignore any warnings about the repo already being there:
+
+```
+helm repo add portainer https://portainer.github.io/k8s/
+helm repo update
+```
+
+Next, run the following command to update to the latest version of Portainer:
+
+```
+helm upgrade -n portainer portainer portainer/portainer
+```
+
+## Method 2: Upgrading using YAML Manifest
+
+### Option 1: Via the Portainer UI
+
+The easiest way to upgrade is to use the Portainer UI along with our manifest files. Copy the contents of the manifest file that matches the method you used to deploy Portainer:
+
+{% tabs %}
+{% tab title="NodePort" %}
+Copy the contents of the relevant NodePort manifest file:
+
+**Business Edition:**
+
+```
+https://downloads.portainer.io/ee2-19/portainer.yaml
+```
+
+**Community Edition:**
+
+```
+https://downloads.portainer.io/ce2-19/portainer.yaml
+```
+
+For an agent-only deployment, use one of the following manifests instead:
+
+**Business Edition:**
+
+```
+https://downloads.portainer.io/ee2-19/portainer-agent-k8s-nodeport.yaml
+```
+
+**Community Edition:**
+
+```
+https://downloads.portainer.io/ce2-19/portainer-agent-k8s-nodeport.yaml
+```
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you must remember to explicitly provide this in the YAML when updating your agent:
+
+`environment:`
+
+ `- AGENT_SECRET: yoursecret`
+{% endhint %}
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+Copy the contents of the relevant Load Balancer manifest file:
+
+**Business Edition:**
+
+```
+https://downloads.portainer.io/ee2-19/portainer-lb.yaml
+```
+
+**Community Edition:**
+
+```
+https://downloads.portainer.io/ce2-19/portainer-lb.yaml
+```
+
+For an agent-only deployment, use one of the following manifests instead:
+
+**Business Edition:**
+
+```
+https://downloads.portainer.io/ee2-19/portainer-agent-k8s-lb.yaml
+```
+
+**Community Edition:**
+
+```
+https://downloads.portainer.io/ce2-19/portainer-agent-k8s-lb.yaml
+```
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you must remember to explicitly provide this in the YAML when updating your agent:
+
+`environment:`
+
+ `- AGENT_SECRET: yoursecret`
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+Log into Portainer and connect to the Kubernetes environment where Portainer is installed. From the menu select **Applications** then select **Create from manifest**. Toggle **Use namespace(s) specified from manifest** to on, then enter `portainer` in the **Name** field.
+
+{% hint style="warning" %}
+If you used a different name for your Portainer deployment, use that instead.
+{% endhint %}
+
+From the **Build method** selection choose **Web Editor** and ensure **Kubernetes** is selected as the **Deploy type**. Paste the contents of the YAML file then click **Deploy**. Portainer will process the manifest and should return you to the login page once the update is complete.
+
+### Option 2: Via the command line
+
+If you prefer to use the command line to update, you can do so using `kubectl` commands:
+
+{% tabs %}
+{% tab title="NodePort" %}
+Log into the control node of your Kubernetes cluster and run one of the following commands:
+
+**Business Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer.yaml
+```
+
+**Community Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer.yaml
+```
+
+For an agent-only deployment, use one of the following commands instead:
+
+**Business Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-agent-k8s-nodeport.yaml
+```
+
+**Community Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer-agent-k8s-nodeport.yaml
+```
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you must remember to explicitly provide this in the YAML when updating your agent:
+
+`environment:`
+
+ `- AGENT_SECRET: yoursecret`
+{% endhint %}
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+Log into the control node of your Kubernetes cluster and run one of the following commands:
+
+**Business Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-lb.yaml
+```
+
+**Community Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer.yaml
+```
+
+For an agent-only deployment, use one of the following commands instead:
+
+**Business Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-agent-k8s-lb.yaml
+```
+
+**Community Edition:**
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ce2-19/portainer-agent-k8s-lb.yaml
+```
+
+{% hint style="warning" %}
+If you have set a custom `AGENT_SECRET` on your Portainer Server instance you must remember to explicitly provide this in the YAML when updating your agent:
+
+`environment:`
+
+ `- AGENT_SECRET: yoursecret`
+{% endhint %}
+{% endtab %}
+{% endtabs %}
+
+When the deployment is finished you will be able to log into Portainer. You should notice the new version number at the bottom-left of the Portainer UI.
+
+## Method 3: Force an update
+
+If Portainer does not update after running the above commands, you can force a download of the latest image by running the following command:
+
+```
+kubectl -n portainer rollout restart deployment.apps/portainer
+```
+
+Or, for an agent-only deployment, use this command instead:
+
+```
+kubectl -n portainer rollout restart deployment.apps/portainer-agent
+```
diff --git a/start/upgrade/nomad.md b/start/upgrade/nomad.md
new file mode 100644
index 0000000..3ee2d91
--- /dev/null
+++ b/start/upgrade/nomad.md
@@ -0,0 +1,25 @@
+# Updating on Nomad
+
+To update the version of the Portainer Agent on a Nomad device, please use the following steps.
+
+{% hint style="info" %}
+If you are using Nomad authentication, you will need to retrieve your Nomad token before proceeding.
+{% endhint %}
+
+In the Portainer UI, select **Environments** then select the Nomad environment you want to update. Make note of the **Edge key** and **Edge identifier** as we will need these later.
+
+
+
+Once you have the values recorded, click the **Disassociate** button, then click **Disassociate** in the warning that appears.
+
+
+
+You will then be provided with a script generation dialog.
+
+Select **Nomad**, and if you are using authentication toggle the **Enable authentication** option and enter your **Nomad token**. Enter any other customizations you have for your environment such as environment variables.
+
+
+
+Copy the generated command for environment installation, but don't run it yet. First, edit the copied command and replace the **Edge key** and **Edge identifier** values with those noted earlier.
+
+Finally, run the modified command on your Nomad device. The job will be deployed and updated, retaining your previous settings.
diff --git a/start/upgrade/swarm.md b/start/upgrade/swarm.md
new file mode 100644
index 0000000..f3dcc07
--- /dev/null
+++ b/start/upgrade/swarm.md
@@ -0,0 +1,58 @@
+# Updating on Docker Swarm
+
+{% hint style="info" %}
+Always match the agent version to the Portainer Server version. In other words, when you're installing or updating to Portainer 2.19.0 make sure all of the agents are also on version 2.19.0.
+{% endhint %}
+
+{% hint style="warning" %}
+Starting from Portainer CE 2.9 and BE 2.10, HTTPS is enabled by default on port `9443.` These instructions will configure Portainer to use 9443 for HTTPS and 9000 for HTTP. You can choose to [completely disable HTTP](../../admin/settings/#force-https-only) after the update.
+
+Before you make Portainer HTTPS only, make sure you have all your Agents and Edge Agents already communicating with Portainer using HTTPS.
+{% endhint %}
+
+{% hint style="danger" %}
+Before beginning any update, we highly recommend [taking a backup](../../admin/settings/#backup-portainer) of your current Portainer configuration.
+{% endhint %}
+
+To update the Portainer Server and the agents on Docker Swarm, first run the following command on the manager node of your Docker Swarm cluster:
+
+```
+docker service ls
+```
+
+Make note of the service names for Portainer. You will need them later.
+
+```
+ID NAME MODE REPLICAS IMAGE PORTS
+tb9gtxc647fw portainer-agent_agent global 3/3 portainer/agent:latest
+m3a3mtuy55ed portainer_portainer replicated 1/1 portainer/portainer-ee:latest *:8000->8000/tcp, *:9000->9000/tcp
+```
+
+To update Portainer Server to the latest version, run one of the sets of commands below depending on your edition of Portainer (replace the `portainer_portainer` service name if your setup differs):
+
+{% tabs %}
+{% tab title="Business Edition" %}
+```
+docker pull portainer/portainer-ee:latest
+docker service update --image portainer/portainer-ee:latest --publish-add 9443:9443 --force portainer_portainer
+```
+{% endtab %}
+
+{% tab title="Community Edition" %}
+```
+docker pull portainer/portainer-ce:latest
+docker service update --image portainer/portainer-ce:latest --publish-add 9443:9443 --force portainer_portainer
+```
+{% endtab %}
+{% endtabs %}
+
+To update the Portainer Agent to the latest version, run the commands below (replace the `portainer_agent` service name if your setup differs):
+
+```
+docker pull portainer/agent:latest
+docker service update --image portainer/agent:latest --force portainer_agent
+```
+
+This will deploy the newest version of Portainer and the agent across your swarm and upgrade the Portainer database to match.
+
+When this is finished, go to `https://your-server-address:9443` or `http://your-server-address:9000` and log in. You should notice that the update notification has disappeared and the version number has been updated.
diff --git a/start/upgrade/tobe/README.md b/start/upgrade/tobe/README.md
new file mode 100644
index 0000000..3ef9b25
--- /dev/null
+++ b/start/upgrade/tobe/README.md
@@ -0,0 +1,30 @@
+# Switching to Portainer Business Edition
+
+It’s easy and quick to upgrade from Portainer CE (both 1.x and 2.x branches) to Portainer Business Edition without losing your data. The following instructions apply whether you’re using a 5 node free license or you’ve purchased a license for Portainer Business Edition.
+
+From version 2.17, you can upgrade your Portainer CE installation to Portainer BE from within Portainer itself.
+
+{% content-ref url="inapp.md" %}
+[inapp.md](inapp.md)
+{% endcontent-ref %}
+
+If you would like to upgrade manually, you can find instructions for your environment at the following links:
+
+{% content-ref url="docker.md" %}
+[docker.md](docker.md)
+{% endcontent-ref %}
+
+{% content-ref url="swarm.md" %}
+[swarm.md](swarm.md)
+{% endcontent-ref %}
+
+{% content-ref url="kubernetes.md" %}
+[kubernetes.md](kubernetes.md)
+{% endcontent-ref %}
+
+For Agent-only deployments, you do not need to upgrade the Agent to Business Edition.
+
+{% content-ref url="agent.md" %}
+[agent.md](agent.md)
+{% endcontent-ref %}
+
diff --git a/start/upgrade/tobe/agent.md b/start/upgrade/tobe/agent.md
new file mode 100644
index 0000000..9f13ff6
--- /dev/null
+++ b/start/upgrade/tobe/agent.md
@@ -0,0 +1,3 @@
+# Upgrading Agent-only deployments
+
+Both Portainer Community Edition and Portainer Business Edition use the same Portainer Agent container image to run, so if you are upgrading from CE to BE and have Agent-only environments, you don't need to upgrade them as well - just ensure they are on the same version (for example, if the Portainer Server is version 2.19.0 then the Portainer Agent should be 2.19.0 as well).
diff --git a/start/upgrade/tobe/docker.md b/start/upgrade/tobe/docker.md
new file mode 100644
index 0000000..2d9f61a
--- /dev/null
+++ b/start/upgrade/tobe/docker.md
@@ -0,0 +1,78 @@
+# Docker Standalone
+
+{% hint style="warning" %}
+This article assumes that you used our recommended deployment scripts.
+{% endhint %}
+
+{% hint style="info" %}
+Before you begin, copy the license key from the email we sent you.
+{% endhint %}
+
+The process for switching to Portainer Business Edition is straightforward but does depend on which version of Portainer you are currently running. Start from the instructions for your current version and work your way down.
+
+* [Version 1.24.0 or older](docker.md#upgrading-from-versions-older-than-1.24.1)
+* [Version 1.24.1 or 1.24.2](docker.md#upgrading-from-1.24.1-and-1.24.2)
+* [Version 2.0.0 or newer](docker.md#upgrading-from-version-2.0.0-and-later)
+
+## **Upgrading from versions older than 1.24.1**
+
+If you are running a version prior to 1.24.1, you must first upgrade to `portainer/portainer:1.24.2`. Your other applications/containers will not be removed. Use the following commands to stop then remove the old version, then run Portainer release 1.24.2:
+
+```
+docker stop portainer
+
+docker rm portainer
+
+docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer:1.24.2
+```
+
+Verify that you are running version 1.24.2 by logging into Portainer and reading the version number on the bottom-left of the UI. You should now proceed to [upgrade to version 2.0.0](docker.md#upgrading-from-1.24.1-and-1.24.2).
+
+## Upgrading from 1.24.1 and 1.24.2
+
+If you are running a version prior to 1.24.1 and want to upgrade to the latest Portainer release, you must first upgrade to `portainer/portainer-ce:2.0.0`, use the following commands to stop then remove the old version. Your other applications/containers will not be removed.
+
+```
+docker stop portainer
+```
+
+```
+docker rm portainer
+```
+
+Now that you have stopped and removed the old version of Portainer, you must ensure that you have the latest version of the image locally. You can do this with a `docker pull` command:
+
+```
+docker pull portainer/portainer-ce:2.0.0
+```
+
+Finally, deploy the updated version of Portainer:
+
+```
+docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:2.0.0
+```
+
+Portainer CE 2.0.0 will now be deployed on your system, using the persistent data from the previous version, and will also upgrade the Portainer database to the new version.
+
+When the deployment is finished, go to `http://your-server-address:9000` and log in. Verify that you are running version 2.0.0 by logging into Portainer and reading the version number on the bottom-left of the UI. You can now [upgrade to the latest version](docker.md#upgrading-from-version-2.0.0-and-later) of Portainer Business Edition.
+
+## Upgrading from version 2.0.0 and later
+
+To upgrade to Portainer Business Edition for Docker Standalone, use the following commands to stop then remove the old version. Your other applications/containers will not be removed.
+
+```
+docker stop portainer
+docker rm portainer
+```
+
+Now that you have stopped and removed the old version of Portainer, run this command to deploy the latest version of Portainer Business:
+
+```
+docker run -d -p 8000:8000 -p 9000:9000 -p 9443:9443 --name=portainer --restart=always --pull=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
+```
+
+Log out of Portainer (if currently logged in) then log back in. When you log in for the first time, you'll be asked to enter your license key. Paste this in from the email we sent you.
+
+
+
+'Business Edition' now appears in the bottom-left corner.
diff --git a/start/upgrade/tobe/inapp.md b/start/upgrade/tobe/inapp.md
new file mode 100644
index 0000000..2f15425
--- /dev/null
+++ b/start/upgrade/tobe/inapp.md
@@ -0,0 +1,22 @@
+# Upgrade to Business Edition from Portainer
+
+To upgrade from Portainer Community Edition to Portainer Business Edition from within Portainer, log in as an administrator and click the **Upgrade to Business Edition** message in the top left.
+
+
+
+If you already have a license for Portainer Business Edition, paste it in the box and click **Start upgrade** to begin the upgrade process.
+
+If you do not currently have a license, click **Get a license** and fill out the form to receive a trial key.
+
+
+
+Your trial key will be sent to the email address you provided and you will be returned to the license entry form.
+
+{% hint style="info" %}
+Your license should be sent automatically within a few minutes. If you have not received it please check your spam folders, or [get in touch with our team](mailto:success@portainer.io) if you have not received it in 24 hours.
+{% endhint %}
+
+
+
+When you receive your license, paste the key into the box and click **Start upgrade** to begin the upgrade process.
+
diff --git a/start/upgrade/tobe/kubernetes.md b/start/upgrade/tobe/kubernetes.md
new file mode 100644
index 0000000..f7b6dc1
--- /dev/null
+++ b/start/upgrade/tobe/kubernetes.md
@@ -0,0 +1,51 @@
+# Kubernetes
+
+{% hint style="info" %}
+Select the Portainer CE to Portainer Business upgrade method below which matches the original installation method used.
+{% endhint %}
+
+## Method 1: Upgrade via Helm
+
+To update your Helm repository, run this command first:
+
+```
+helm repo update
+```
+
+Run this command next to deploy the latest version of Portainer Business on your Kubernetes cluster with all of the settings used in your Helm deployment:
+
+```
+helm upgrade -n portainer portainer portainer/portainer --set enterpriseEdition.enabled=true
+```
+
+## Method 2: Upgrade via YAML Manifests
+
+Choose the right YAML manifest based on your original deployment:
+
+{% tabs %}
+{% tab title="NodePort" %}
+Use the following `kubectl` command to update a NodePort deployment:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer.yaml
+```
+{% endtab %}
+
+{% tab title="Load Balancer" %}
+Use the following `kubectl` command to update a Load Balancer deployment:
+
+```
+kubectl apply -n portainer -f https://downloads.portainer.io/ee2-19/portainer-lb.yaml
+```
+{% endtab %}
+{% endtabs %}
+
+This will deploy the newest version of Portainer Business on your Kubernetes cluster.
+
+## Logging back in
+
+When the upgrade is complete, log out of Portainer (if currently logged in) then log back in. When you log in for the first time, you'll be asked to enter your license key. Paste this in from the email we sent you.
+
+
+
+'Business Edition' now appears in the bottom-left corner.
diff --git a/start/upgrade/tobe/swarm.md b/start/upgrade/tobe/swarm.md
new file mode 100644
index 0000000..1446812
--- /dev/null
+++ b/start/upgrade/tobe/swarm.md
@@ -0,0 +1,21 @@
+# Docker Swarm
+
+{% hint style="warning" %}
+This article assumes that you used our recommended deployment scripts.
+{% endhint %}
+
+{% hint style="info" %}
+Before you begin, copy the license key from the email we sent you.
+{% endhint %}
+
+To upgrade to Portainer Business Edition for Docker Swarm, use the following commands to deploy the newest version of Portainer Business on your Swarm Cluster:
+
+```
+docker service update --image portainer/portainer-ee:latest --force portainer_portainer
+```
+
+Log out of Portainer (if currently logged in) then log back in. When you log in for the first time, you'll be asked to enter your license key. Paste this in from the email we sent you.
+
+
+
+'Business Edition' now appears in the bottom-left corner.
diff --git a/user/account-settings.md b/user/account-settings.md
new file mode 100644
index 0000000..aac5b5c
--- /dev/null
+++ b/user/account-settings.md
@@ -0,0 +1,57 @@
+# Account settings
+
+To get access to and update your user settings, click your username in the top-right of the Portainer UI and select **My account**.
+
+
+
+## Changing your password
+
+Enter the following details, using the table below as a guide. When you're finished, click **Update password**.
+
+
+
+| Field/Option | Overview |
+| ---------------- | ----------------------------------------------------------- |
+| Current password | Enter the password you currently use to log into Portainer. |
+| New password | Enter a new password for your account. |
+| Confirm password | Enter the new password again. |
+
+[Minimum password length requirements](../admin/settings/authentication/) are set by the administrator.
+
+## Access tokens
+
+This section allows you to manage your API access tokens. You can see a list of the access tokens that exist for your user as well as add and remove tokens as required.
+
+
+
+For more information on access tokens, refer to our [API access documentation](../api/access.md#creating-an-access-token).
+
+## Git credentials
+
+This section lets you manage your saved Git credentials for use in deployments. These credentials are available only to your user.
+
+{% hint style="info" %}
+This feature is only available in Portainer Business Edition.
+{% endhint %}
+
+
+
+To add a new credential, click the **Add git credential** button and fill out the fields using the table below as a guide:
+
+| Field | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------ |
+| Name | Enter a name for this credential entry. This is how it will appear when selecting it for use when deploying. |
+| Username | Enter the username, if relevant. |
+| Personal Access Token | Enter the personal access token. |
+
+
+
+Once you've entered the relevant details, click **Save git credential** to save the entry.
+
+## Changing the theme
+
+Portainer lets you choose between light, dark and high-contrast themes, or to auto-select the theme based on your system theme. The chosen theme applies only to this user.
+
+Select a theme from the options. The change will be automatically applied.
+
+
diff --git a/user/aci/README.md b/user/aci/README.md
new file mode 100644
index 0000000..07cf0de
--- /dev/null
+++ b/user/aci/README.md
@@ -0,0 +1,16 @@
+# Azure ACI
+
+{% hint style="info" %}
+Support for Azure ACI is currently experimental.
+{% endhint %}
+
+The following sections describe how to manage an Azure ACI environment using menu options available in the Portainer Server. To learn how to add an Azure ACI environment, see our [environment guide](../../admin/environments/add/aci.md).
+
+{% content-ref url="dashboard.md" %}
+[dashboard.md](dashboard.md)
+{% endcontent-ref %}
+
+{% content-ref url="containers/" %}
+[containers](containers/)
+{% endcontent-ref %}
+
diff --git a/user/aci/containers/README.md b/user/aci/containers/README.md
new file mode 100644
index 0000000..4de0f6e
--- /dev/null
+++ b/user/aci/containers/README.md
@@ -0,0 +1,15 @@
+# Container instances
+
+The **Container Instances** page allows you to interact with containers in your Azure application, letting you add and remove containers as needed.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
+
+
+\
diff --git a/user/aci/containers/add.md b/user/aci/containers/add.md
new file mode 100644
index 0000000..e05f6b7
--- /dev/null
+++ b/user/aci/containers/add.md
@@ -0,0 +1,23 @@
+# Add a new container
+
+From the menu select **Container instances** then click **Add container**.
+
+
+
+Complete the configuration, using the table below as a guide:
+
+| Field/Option | Overview |
+| -------------- | ------------------------------------------------------------------------------------ |
+| Subscription | Select the subscription you want to use for the container. |
+| Resource group | If two or more resource groups exist, select where you want to deploy the container. |
+| Location | Select which datacenter to run the container in. |
+| Name | Give the container a descriptive name. |
+| Image | Enter the name of the image that will be used to deploy the container. |
+| OS | Select the OS (typically Linux or Windows). |
+| Port mapping | Select the port needed to publish to the Internet. |
+| CPU | Define how much CPU to allocate to the container. |
+| Memory | Define how much memory to allocate to the container. |
+
+
+
+When you're ready, click **Deploy the container**. When the deployment has finished, you'll see it in the list of Azure container instances.
diff --git a/user/aci/containers/remove.md b/user/aci/containers/remove.md
new file mode 100644
index 0000000..f6a7e09
--- /dev/null
+++ b/user/aci/containers/remove.md
@@ -0,0 +1,9 @@
+# Remove a container
+
+From the menu select **Container instances**, tick the checkbox next to the container you want to remove then click **Remove**.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
diff --git a/user/aci/dashboard.md b/user/aci/dashboard.md
new file mode 100644
index 0000000..10f8090
--- /dev/null
+++ b/user/aci/dashboard.md
@@ -0,0 +1,5 @@
+# Dashboard
+
+The Azure ACI dashboard summarizes your Azure ACI environment and shows the components that make up the environment. Tiles show the number of subscriptions and resource groups that make up your Azure application.
+
+
diff --git a/user/docker/README.md b/user/docker/README.md
new file mode 100644
index 0000000..c193697
--- /dev/null
+++ b/user/docker/README.md
@@ -0,0 +1,56 @@
+# Docker/Swarm
+
+The following sections describe how to manage a Docker Standalone or Docker Swarm environment using menu options available in the Portainer Server.
+
+{% content-ref url="dashboard.md" %}
+[dashboard.md](dashboard.md)
+{% endcontent-ref %}
+
+{% content-ref url="templates/" %}
+[templates](templates/)
+{% endcontent-ref %}
+
+{% content-ref url="stacks/" %}
+[stacks](stacks/)
+{% endcontent-ref %}
+
+{% content-ref url="services/" %}
+[services](services/)
+{% endcontent-ref %}
+
+{% content-ref url="containers/" %}
+[containers](containers/)
+{% endcontent-ref %}
+
+{% content-ref url="images/" %}
+[images](images/)
+{% endcontent-ref %}
+
+{% content-ref url="networks/" %}
+[networks](networks/)
+{% endcontent-ref %}
+
+{% content-ref url="volumes/" %}
+[volumes](volumes/)
+{% endcontent-ref %}
+
+{% content-ref url="configs/" %}
+[configs](configs/)
+{% endcontent-ref %}
+
+{% content-ref url="secrets/" %}
+[secrets](secrets/)
+{% endcontent-ref %}
+
+{% content-ref url="events.md" %}
+[events.md](events.md)
+{% endcontent-ref %}
+
+{% content-ref url="host/" %}
+[host](host/)
+{% endcontent-ref %}
+
+{% content-ref url="swarm/" %}
+[swarm](swarm/)
+{% endcontent-ref %}
+
diff --git a/user/docker/configs/README.md b/user/docker/configs/README.md
new file mode 100644
index 0000000..75d8f49
--- /dev/null
+++ b/user/docker/configs/README.md
@@ -0,0 +1,20 @@
+# Configs
+
+{% hint style="info" %}
+The **Configs** menu is only available to Docker Swarm environments.
+{% endhint %}
+
+Docker 17.06 introduced swarm service configs which allow you to store non-sensitive information, such as configuration files, outside a service’s image or running containers. This allows you to keep your images as generic as possible, without the need to bind-mount configuration files into the containers or use environment variables. [Secrets](../secrets/) is another option for storing sensitive information.
+
+
+
+In Portainer you can add and remove custom configurations for use in deployments.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
diff --git a/user/docker/configs/add.md b/user/docker/configs/add.md
new file mode 100644
index 0000000..9d6159e
--- /dev/null
+++ b/user/docker/configs/add.md
@@ -0,0 +1,12 @@
+# Add a new config
+
+From the menu select **Configs** then click **Add config**.
+
+
+
+ In the editor, write the configuration. You can also add labels and configure access control.
+
+
+
+When you're finished, click **Create config**.
+
diff --git a/user/docker/configs/remove.md b/user/docker/configs/remove.md
new file mode 100644
index 0000000..4ea9af6
--- /dev/null
+++ b/user/docker/configs/remove.md
@@ -0,0 +1,5 @@
+# Remove a config
+
+From the menu select **Configs**, tick the checkbox next to the config you want to remove then click **Remove**.
+
+
diff --git a/user/docker/containers/README.md b/user/docker/containers/README.md
new file mode 100644
index 0000000..f999d48
--- /dev/null
+++ b/user/docker/containers/README.md
@@ -0,0 +1,66 @@
+# Containers
+
+Put simply, a container is a runnable instance of an image. Containers do not hold any persistent data and therefore can be destroyed and recreated as needed.
+
+
+
+When the [new image notification](../host/setup.md#other) feature is enabled, the circle to the left of the image name indicates whether the local image is up to date, with a green tick indicating it is up to date and an orange cross indicating that there is a newer version of the image available at the remote registry. A grey hyphen indicates Portainer was unable to determine whether there is an update available for the image.
+
+For more on how this works, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-does-the-image-update-notification-icon-work).
+
+To add a new container, click **Add container**.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+Once a container has been created you can inspect it, edit or duplicate it, toggle a container webhook, attach volumes, view logs and statistics, edit ownership, and access its console.
+
+{% content-ref url="view.md" %}
+[view.md](view.md)
+{% endcontent-ref %}
+
+{% content-ref url="inspect.md" %}
+[inspect.md](inspect.md)
+{% endcontent-ref %}
+
+{% content-ref url="edit.md" %}
+[edit.md](edit.md)
+{% endcontent-ref %}
+
+{% content-ref url="advanced.md" %}
+[advanced.md](advanced.md)
+{% endcontent-ref %}
+
+{% content-ref url="webhooks.md" %}
+[webhooks.md](webhooks.md)
+{% endcontent-ref %}
+
+{% content-ref url="attach-volume.md" %}
+[attach-volume.md](attach-volume.md)
+{% endcontent-ref %}
+
+{% content-ref url="logs.md" %}
+[logs.md](logs.md)
+{% endcontent-ref %}
+
+{% content-ref url="ownership.md" %}
+[ownership.md](ownership.md)
+{% endcontent-ref %}
+
+{% content-ref url="stats.md" %}
+[stats.md](stats.md)
+{% endcontent-ref %}
+
+{% content-ref url="console.md" %}
+[console.md](console.md)
+{% endcontent-ref %}
+
+If you no longer need a container, you can remove it.
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
+
+
diff --git a/user/docker/containers/add.md b/user/docker/containers/add.md
new file mode 100644
index 0000000..4680e01
--- /dev/null
+++ b/user/docker/containers/add.md
@@ -0,0 +1,58 @@
+# Add a new container
+
+Select **Containers** from the menu then click **Add container**.
+
+
+
+Configure the container settings as required.
+
+## Image configuration section
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
+| Name | Give the container a descriptive name. |
+| Registry | Select the registry that contains the image that you want to use for your container. |
+| Image | Enter the name of the image you want to use. |
+| Always pull the image | Toggle on to enforce pulling the image from the registry instead of using the locally cached copy (if you have used the image previously). |
+
+
+
+{% hint style="info" %}
+When using Docker Hub you can use the **Search** button to search for the image you have entered, and ensure that you have the correct name and tag. Portainer also displays the number of pulls remaining for your Docker Hub account when using an anonymous account.
+{% endhint %}
+
+Alternatively you can switch to advanced mode to manually enter registry and image details. This is useful if you want to do a one-off container deployment from a registry that isn't configured within Portainer.
+
+
+
+## Webhooks
+
+Toggle **Create a container webhook** on to create a [webhook](webhooks.md) for the container. You can send a POST request to this endpoint to automate pulling the most up-to-date image and re-deploy your container.
+
+
+
+## Network ports configuration section
+
+| Field/Option | Overview |
+| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- |
+| Publish all exposed network ports to random host ports | Toggle on to allow Portainer to randomly assign ports on the host to the exposed ports in the container. |
+| Manual network port publishing | Click **publish a new network port** to create manual port mappings for the container. |
+
+
+
+## Actions section
+
+| Field/Option | Overview |
+| ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Auto remove | Toggle this option on to automatically remove the container once it exits. This is useful if you want to run a container only once. |
+
+
+
+Once complete, set any advanced options (see below) then click **Deploy the container.** If successful your container will be shown in the container list.
+
+## Advanced container settings
+
+Choose from a [range of options](advanced.md) to customize the deployment.
+
+
+
diff --git a/user/docker/containers/advanced.md b/user/docker/containers/advanced.md
new file mode 100644
index 0000000..da2ad51
--- /dev/null
+++ b/user/docker/containers/advanced.md
@@ -0,0 +1,142 @@
+# Advanced container settings
+
+When creating or editing a container you can configure a number of additional settings in the **Advanced container settings** section.
+
+
+
+## Command & logging
+
+In this section you can configure the command that runs when the container starts as well as configure logging for the container.
+
+| Field/Option | Overview |
+| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Command | Set the command that is run when the container starts. Select `Default` to use the default command provided by the container's image, or select `Override` and provide a command to override the default value. |
+| Entrypoint | Set the entrypoint for the container. Select `Default` to use the default entrypoint provided by the container's image, or select `Override` and provide an entrypoint to override the default value. |
+| Working Dir | Set the working directory your container should start in (within the container's filesystem). |
+| User | Specify the user that the container's command should run as. |
+| Console | Set the console configuration for your container. |
+| Driver | Select the logging driver to use for your container. Available options will depend on the logging drivers configured on your Docker host. |
+| Options | Set additional options for your logging driver. To add a new option click **add logging driver option** and configure accordingly. |
+
+
+
+## Volumes
+
+Here you can configure volume mappings for your container. You can map to [existing named volumes](../volumes/) or bind mount to locations on your Docker host.
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Container path | Specify where you want to make the volume or bind mount available within the container's filesystem. |
+| Mapping type | Select `Volume` to map a named volume, or select `Bind` to map a bind mount. |
+| Volume | If using the `Volume` mapping type, select the named volume to mount from the dropdown. |
+| Host path | If using the `Bind` mapping type, specify the path on the Docker host you want to bind mount in the container. |
+| Writable / Read-only | Select `Writable` if you want the container to be able to write to the mapping. Select `Read-only` if the container should **not** be able to write to the mapping. |
+
+
+
+## Network
+
+In this section you can configure the network settings for the container.
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Network | Select the [network](../networks/) to attach the container to from the dropdown. |
+| Hostname | Specify the hostname for the container. |
+| Domain Name | Specify the domain name for the container. |
+| Mac Address | Specify the MAC address to set on the container. |
+| IPv4 Address | Specify the IPv4 address to use for the container. This must be within the range for the chosen network and should not be already assigned to a container. |
+| IPv6 Address | Specify the IPv6 address to use for the container. This must be within the range for the chosen network and should not be already assigned to a container. |
+| Primary DNS Server | Specify the primary DNS server to use within the container. |
+| Secondary DNS Server | Specify the secondary DNS server to use within the container. |
+| Hosts file entries | Click **add additional entry** to add a new host file entry for the container. Host file values should be formatted as `hostname:address` (for example `database:192.168.1.1`). |
+
+
+
+## Env
+
+Use this section to add or edit environment variables made available in the container. Click **Add an environment variable** to create a new variable, or edit an existing variable with the fields provided. You can also click **Load variables from .env file** to import an existing .env file with your variables. To remove a variable, click the trash can icon to the right of the variable to remove.
+
+| Field/Option | Overview |
+| ------------ | ------------------------------------------- |
+| Name | Set the name for the environment variable. |
+| Value | Set the value for the environment variable. |
+
+
+
+If you want to add multiple variables at once, click on **Advanced mode** to switch to an editor view where you can paste a block of variables and values.
+
+## Labels
+
+You can set labels on your container using this section. Click add label to add a new label, or edit an existing label using the fields provided. To remove a label, click the trash can icon to the right of the label to remove.
+
+| Field/Option | Overview |
+| ------------ | ---------------------------- |
+| Name | Set the name for the label. |
+| Value | Set the value for the label. |
+
+
+
+## Restart policy
+
+Use this section to configure the restart policy for your container. Possible options are:
+
+* **Never**: Do not automatically restart the container when it exits. This is the default.
+* **Always**: Always restart the container regardless of the exit status. When you specify always, Docker will try to restart the container indefinitely. The container will also always start on Docker startup, regardless of the current state of the container.
+* **On failure**: Restart only if the container exits with a non-zero exit status.
+* **Unless stopped**: Always restart the container regardless of the exit status, including on Docker startup, except if the container was put into a stopped state before Docker was stopped.
+
+
+
+## Runtime & Resources
+
+This section lets you configure runtime options for your container, add or configure GPUs for use within the container, and specify resource limitations on the container.
+
+### Runtime
+
+Here you can configure runtime options for the container.
+
+| Field/Option | Overview |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Privileged mode | Enable this option to run the container in [privileged mode](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities). |
+| Init | Enable this option to tell Docker that an init process should be used as PID 1 in the container. |
+| Runtime | Select the runtime to use to start the container. Options will depend on available runtimes on your Docker host. |
+| Devices | Use this option to make devices on your Docker host available within the container. Click **add device** to add a new device, and define the **host** path for the device and the **container** path for where you want the device to appear within the container. |
+| Sysctls | Use this option to specify sysctls to make available within the container. Click **add sysctl** to add a new sysctl, and set the **name** and **value** for your sysctl as required. |
+| Shared memory size | Specify the size (in MB) of the shared memory device (`/dev/shm`) for the container. |
+
+
+
+### GPU
+
+Here you can enable GPU access for the container and configure the GPU settings as required.
+
+{% hint style="info" %}
+GPU support is currently only available on Docker Standalone environments.
+{% endhint %}
+
+| Field/Option | Overview |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Enable GPU | Toggle this option on to enable GPU access for the container. |
+| GPU selector | Select the GPU(s) to make available to the container, or choose `Use All GPUs` to provide access to all the GPUs on the Docker host. |
+| Capabilities | Select the capabilities you want to use with the container. Portainer preselects `compute` and `utility` as they are the defaults when not specifying capabilities. |
+| Control | View a generated equivalent of the Docker CLI's `--gpus` option based on your selections above. |
+
+
+
+### Resources
+
+Here you can configure resource limits for your container. You can use the sliders to set the value or enter a value in the fields.
+
+| Field/Option | Overview |
+| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Memory reservation (MB) | Specify the amount of memory (in MB) to reserve for the container. |
+| Memory limit (MB) | Specify the maximum amount of memory (in MB) the container is allowed to use. |
+| Maximum CPU usage | Specify the maximum amount of CPU the container is allowed to use. This is specified based on the number of processing threads available on your Docker host. |
+
+
+
+## Capabilities
+
+In this section you can configure the individual capabilities for your container. For more information refer to the [Docker documentation](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities).
+
+
diff --git a/user/docker/containers/attach-volume.md b/user/docker/containers/attach-volume.md
new file mode 100644
index 0000000..1696bc1
--- /dev/null
+++ b/user/docker/containers/attach-volume.md
@@ -0,0 +1,23 @@
+# Attach a volume to a container
+
+{% hint style="danger" %}
+This article explains how to attach a new [volume](../volumes/) to a running container. This operation destroys the running container and starts a new one with the volume attached.
+
+**Always back up your data before running this operation.**
+{% endhint %}
+
+From the menu select **Containers**, select the container that you want to attach a volume to, then click **Duplicate/Edit**.
+
+
+
+Scroll down to **Advanced container settings**. Click **Volumes** then click **map additional volume**.
+
+
+
+In the **container** field enter the path. In the **volume** field enter the volume to attach to the container.
+
+
+
+When you're ready, click **Deploy the container**. When the confirmation message appears, click **Replace**.
+
+
diff --git a/user/docker/containers/console.md b/user/docker/containers/console.md
new file mode 100644
index 0000000..6238bd1
--- /dev/null
+++ b/user/docker/containers/console.md
@@ -0,0 +1,17 @@
+# Access a container's console
+
+From the menu select **Containers**, select the container then select **Console**.
+
+
+
+Select the command and the user you want to give access to, then click **Connect**.
+
+{% hint style="info" %}
+For Alpine Linux containers, you must select the`/bin/ash` command.
+{% endhint %}
+
+
+
+If you need to define a command other than those provided, toggle the **Use custom command** option on. Once connected, you can run commands in the console the same as any other Linux system.
+
+
diff --git a/user/docker/containers/edit.md b/user/docker/containers/edit.md
new file mode 100644
index 0000000..35abd26
--- /dev/null
+++ b/user/docker/containers/edit.md
@@ -0,0 +1,26 @@
+# Edit or duplicate a container
+
+{% hint style="warning" %}
+Editing a container effectively creates a new container with the updated settings and replaces the old container.
+{% endhint %}
+
+## Editing a running container
+
+From the menu select **Containers**, select the container you want to edit then click **Duplicate/Edit**.
+
+
+
+Make the required changes to the container configuration. When you're finished, click **Deploy the container**. When the confirmation message appears, click **Replace**.
+
+
+
+If successful, a message will appear confirming that a new container has been created with the new settings, replacing the old container.
+
+## Duplicating a running container
+
+From the menu select **Containers**, select the container you want to duplicate then click **Duplicate/Edit**.
+
+
+
+Make the required changes to the container configuration, making sure you enter a new container name in order to create a duplicate. When you're finished, click **Deploy the container**.
+
diff --git a/user/docker/containers/inspect.md b/user/docker/containers/inspect.md
new file mode 100644
index 0000000..11d22ca
--- /dev/null
+++ b/user/docker/containers/inspect.md
@@ -0,0 +1,15 @@
+# Inspect a container
+
+View information about any container, such as network settings, volumes and images.
+
+From the menu select **Containers**, select the container then select **Inspect**.
+
+
+
+All of the information about the container will display in a tree view. Select any parameter to show more details (if available).
+
+
+
+You can also inspect the container in a raw JSON format by clicking **Text**.
+
+
diff --git a/user/docker/containers/logs.md b/user/docker/containers/logs.md
new file mode 100644
index 0000000..201beb4
--- /dev/null
+++ b/user/docker/containers/logs.md
@@ -0,0 +1,19 @@
+# View container logs
+
+From the menu select **Containers**, select the container then select **Logs**.
+
+
+
+Here you can see the contents of the Docker logs for your container.
+
+
Field/Option
Overview
Search
Enter a string to search the log output. You can see the number of results for your search and move through each result with the up and down arrows.
Filter search results
When enabled, display only the log lines that contain your search string.
Copy
Click this button to copy the currently displayed log lines to your clipboard.
Download logs
Click this button to download your log.
+
+
+
+You can also set various options for how the logs are displayed:
+
+
Field/Option
Overview
Auto-refresh
Toggle this option off to disable auto refreshing of the log view. When off, you can click the refresh icon to the right of the toggle to manually refresh the view.
Fetch
Select the time period from which to retrieve the logs.
Lines
Limit the number of lines per log file (the default is 1000).
Show timestamp
When enabled, display a timestamp before each log line.
Show line numbers
When enabled, display line numbers for each log line.
Wrap line
When enabled, lines longer than the screen width will be wrapped onto the next line.
Full screen
Click the full screen icon to expand the log display to fill your screen.
+
+
+
+
diff --git a/user/docker/containers/ownership.md b/user/docker/containers/ownership.md
new file mode 100644
index 0000000..d6afe02
--- /dev/null
+++ b/user/docker/containers/ownership.md
@@ -0,0 +1,21 @@
+# Change container ownership
+
+Portainer allows you to limit container management to specific teams or users.
+
+From the menu select **Containers** then select the container whose ownership you want to change.
+
+
+
+Under the **Access control** section tick the **Change ownership** checkbox then select the new ownership type, using the table below as a guide.
+
+| Ownership Type | Overview |
+| -------------- | ----------------------------------------------------------------------------------------------------------- |
+| Administrators | Only Portainer administrators can manage the container. |
+| Restricted | Only teams or users you specify can manage the container. |
+| Public | Anyone who has [access to the environment](../../../admin/environments/access.md) can manage the container. |
+
+
+
+When you've made your selection, click **Update ownership**. When the confirmation message appears, click **Change ownership**.
+
+
diff --git a/user/docker/containers/remove.md b/user/docker/containers/remove.md
new file mode 100644
index 0000000..1415bf8
--- /dev/null
+++ b/user/docker/containers/remove.md
@@ -0,0 +1,9 @@
+# Remove a container
+
+From the menu select **Containers**, tick the checkbox next to the container you want to remove then click **Remove**.
+
+
+
+When the confirmation message appears, opt whether or not to automatically remove non-persistent volumes then click **Remove**.
+
+
diff --git a/user/docker/containers/stats.md b/user/docker/containers/stats.md
new file mode 100644
index 0000000..a52d906
--- /dev/null
+++ b/user/docker/containers/stats.md
@@ -0,0 +1,21 @@
+# View container statistics
+
+From the menu select **Containers**, select the container then select **Stats**.
+
+
+
+The information available includes:
+
+* Memory usage.
+* CPU usage.
+* Network usage (RX and TX).
+* I/O usage.
+* Processes running in the container
+
+
+
+
+
+{% hint style="info" %}
+You can change the refresh rate at any time.
+{% endhint %}
diff --git a/user/docker/containers/view.md b/user/docker/containers/view.md
new file mode 100644
index 0000000..7502689
--- /dev/null
+++ b/user/docker/containers/view.md
@@ -0,0 +1,17 @@
+# View a container's details
+
+From the menu select **Containers**, then select the container you want to view.
+
+
+
+Here you can view the container's status and details, including port configurations, environment variables, labels, attached volumes and networks, and more. You also have a number of actions available, including starting, stopping and removing the container.
+
+
+
+You can also toggle the container [webhook](webhooks.md), view the [container logs](logs.md), [inspect](inspect.md) the container's configuration, view container [stats](stats.md), access the [console](console.md), and (if the container is running in interactive mode) attach to the running container.
+
+
+
+You can create an image from a deployed container to use when creating other containers.
+
+
diff --git a/user/docker/containers/webhooks.md b/user/docker/containers/webhooks.md
new file mode 100644
index 0000000..9e5c134
--- /dev/null
+++ b/user/docker/containers/webhooks.md
@@ -0,0 +1,41 @@
+# Webhooks
+
+A webhook is a POST request sent to a URL that you define in Docker Hub or another registry. Use webhooks to trigger an action in response to an event such as a repository push.
+
+{% hint style="info" %}
+This functionality is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=container-webhook).
+{% endhint %}
+
+{% hint style="info" %}
+Webhooks are only available on non-Edge environments (environments running Portainer Server or Portainer Agent, not the Portainer Edge Agent). This is because the tunnel to the Portainer Edge Agent is only opened on-demand, and therefore would mean there is no way to expose a webhook permanently.
+{% endhint %}
+
+## Enabling a container webhook
+
+From the menu select **Containers** then select the container that you want to configure the webhook for.
+
+
+
+In the **Container details** screen toggle the **Container webhook** option on. When the URL appears, click **Copy link**. This URL will be used to configure the webhook in your chosen registry.
+
+
+
+This example shows how to trigger the webhook using `redeploy`:
+
+```
+
+```
+
+This example shows how to trigger the webhook to update the container to use a different image tag:
+
+```
+
+```
+
+## Configuring the webhook in Docker Hub
+
+To finish the configuration, refer to [Docker's own documentation](https://docs.docker.com/docker-hub/webhooks/).
diff --git a/user/docker/dashboard.md b/user/docker/dashboard.md
new file mode 100644
index 0000000..421a14d
--- /dev/null
+++ b/user/docker/dashboard.md
@@ -0,0 +1,30 @@
+# Dashboard
+
+The Docker/Swarm dashboard summarizes your Docker Standalone or Docker Swarm environment and shows the components that make up the environment.
+
+## Environment info
+
+{% hint style="info" %}
+This section is visible only to Docker Standalone environments.
+{% endhint %}
+
+This section shows the environment name, its URL and port along with any [tags](../../admin/environments/tags.md#tagging-an-environment). You can also see the number of CPU cores (and their available memory), the Docker version, and whether or not the Portainer Agent is installed.
+
+
+
+## Cluster information
+
+{% hint style="info" %}
+This section is visible only to Docker Swarm environments.
+{% endhint %}
+
+This section shows how many nodes are in the cluster and a link to the [cluster visualizer](swarm/cluster-visualizer.md).
+
+
+
+## Summary tiles
+
+The remaining dashboard is made up of tiles showing the number of [stacks](stacks/), [services](services/) (for Docker Swarm), [containers](containers/) (including health and running-status metrics), [images](images/) (and how much disk space they consume), [volumes](volumes/) and [networks](networks/), and GPUs (if enabled).
+
+
+
diff --git a/user/docker/events.md b/user/docker/events.md
new file mode 100644
index 0000000..e24a45d
--- /dev/null
+++ b/user/docker/events.md
@@ -0,0 +1,10 @@
+# Events
+
+{% hint style="info" %}
+The **Events** menu is only available to Docker Standalone environments.
+{% endhint %}
+
+The **Events** section in Portainer lists container events that have occurred. You can filter the list using search, and you can also [view more information about each container](containers/inspect.md).
+
+
+
diff --git a/user/docker/host/README.md b/user/docker/host/README.md
new file mode 100644
index 0000000..05ef0a0
--- /dev/null
+++ b/user/docker/host/README.md
@@ -0,0 +1,33 @@
+# Host
+
+{% hint style="info" %}
+The **Host** menu is only available to Docker Standalone environments.
+{% endhint %}
+
+The **Host** section provides an overview of your environment. You can view information about your environment as well as configure environment-specific settings.
+
+{% content-ref url="setup.md" %}
+[setup.md](setup.md)
+{% endcontent-ref %}
+
+## Host Details
+
+This section describes the host's basic configuration, including the hostname, OS information, kernel version, total CPU and memory. If the environment has the Portainer Agent installed, [host management features](setup.md#enable-host-management-features) are enabled, and a `/host` mount has been configured, you can also browse the host file system from here.
+
+
+
+## Engine Details
+
+Learn more about the Docker engine running on your environment, including the Docker version, the root directory, storage and logging drivers and available volume and network plugins.
+
+
+
+## PCI Devices and Physical Disks
+
+These sections list the available PCI devices and physical disks on the host.
+
+{% hint style="info" %}
+These sections are only visible when [host management features](setup.md#enable-host-management-features) are enabled for the environment.
+{% endhint %}
+
+
diff --git a/user/docker/host/registries.md b/user/docker/host/registries.md
new file mode 100644
index 0000000..c00d1c2
--- /dev/null
+++ b/user/docker/host/registries.md
@@ -0,0 +1,27 @@
+# Registries
+
+**Registries** lets you manage access to each of the registries that are currently available.
+
+{% hint style="warning" %}
+Registry access assigned here only applies to the selected environment. It is not global.
+{% endhint %}
+
+## Adding a new registry
+
+From the menu select **Host**, select **Registries** then click **Add registry**. When the global registries page appears, follow [these instructions](../../../admin/registries/add/).
+
+
+
+## Managing access
+
+To configure access to a registry, from the menu select **Host** then select **Registries**.
+
+
+
+Find the registry you want to manage then select **Manage access**.
+
+
+
+From the dropdown, select the users or teams that you would like to have access, then click **Create access**.
+
+
diff --git a/user/docker/host/setup.md b/user/docker/host/setup.md
new file mode 100644
index 0000000..158a68b
--- /dev/null
+++ b/user/docker/host/setup.md
@@ -0,0 +1,73 @@
+# Setup
+
+{% hint style="info" %}
+The **Host Setup** section is only available to Docker Standalone environments.
+{% endhint %}
+
+Under **Setup**, you can make changes to your environment, enabling and disabling features and security settings.
+
+## Host and Filesystem
+
+For environments running the Portainer Agent, this section is where you configure how Portainer interacts with elements of the host.
+
+{% hint style="danger" %}
+For security, these features are disabled by default. Be sure that you understand their impact before enabling them.
+{% endhint %}
+
+
+
+### Enable host management features
+
+Enabling host management features allows you to see the available devices and storage on the physical node as well as browse the node's filesystem. The environment must be [running the Portainer Agent](../../../start/agent.md) to use this functionality, and for filesystem browsing, the root of the host must be bind-mounted to`/host` in the agent deployment:
+
+```
+-v /:/host
+```
+
+For example, starting the Portainer Agent on Linux with the host filesystem mounted at `/host`:
+
+```
+docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes -v /:/host portainer/agent:latest
+```
+
+### Enable volume management for non-administrators
+
+Enabling this feature allows non-administrator users to manage volumes on an environment. If this is disabled, users below administrator level have read-only access to volumes.
+
+## Change Window Settings
+
+This setting allows you to specify a window within which [GitOps updates](../stacks/add.md#gitops-updates) to your applications can be applied.
+
+{% hint style="warning" %}
+If this setting is enabled and an update is made to an application outside of this window, it will not be applied.
+{% endhint %}
+
+
+
+## Docker Security Settings
+
+This section allows you to toggle assorted Docker-related security settings for the environment.
+
+
+
+| Option | Overview |
+| ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Disable bind mounts for non-administrators | Prevents non-admin users within Portainer from using bind mounts when creating containers and/or services/stacks. When toggled on, the option to attach to a host file system path is removed. |
+| Disable privileged mode for non-administrators | Prevents non-admin users from elevating the privilege of a container to bypass SELinux/AppArmor. When toggled on, the option to select **Privileged** mode when [adding a container](../containers/add.md) is removed. |
+| Disable the use of host PID 1 for non-administrators | Prevents non-admin users from requesting that a deployed container operates as the host PID. This is a security risk if used by a non-trustworthy authorized user because when they operate as PID1, they are in effect able to run any command in the container console as root on the host. |
+| Disable the use of Stacks for non-administrators | This is a 'sledgehammer' approach to removing any possibility for non-admin users within Portainer to find and use weaknesses in the Docker architecture. Whilst Portainer has the ability to disable some of the more common exploits, we cannot possibly block them all because there are any number of capabilities that could be added to a container to attempt to gain access to the host. This feature simply allows an admin to disable all possible entry points. |
+| Disable device mappings for non-administrators | Blocks users from mapping host devices into containers. Whilst the ability to map devices is generally used for good (e.g. mapping a GPU into a container), it can equally be used by non-trustworthy authorized users to map a physical storage device into a container. It is possible to mount `/dev/sda1` into a container, and then from a console of that container, the user would have complete access to the sda1 device without restriction. By toggling this on, Portainer blocks the ability for non-admins to map ANY devices into containers. |
+| Disable container capabilities for non-administrators | Toggle on to hide the **Container capabilities** tab for non-administrators when they are [adding a container](../containers/add.md). |
+| Disable sysctl settings for non-administrators | Toggle on to stop non-admin users from using sysctl options, preventing them from recreating, duplicating or editing containers. |
+
+## Other
+
+This section contains other assorted environment-specific settings.
+
+
+
+| Option | Overview |
+| ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Show GPU in the UI | Toggle on to enable GPU assignments in the Portainer UI. This adds additional processing to the container and stack listing pages, so if you are not using GPUs on your environment we recommend toggling this off. |
+| Add GPU |
When Show GPU in the UI is toggled on, click Add GPU to add GPUs to your environment for use by your containers. To add a GPU, provide a name for the GPU and an index or UUID to reference the GPU.
|
+| Show an image(s) up to date indicator for Stacks, Services and Containers |
Toggle on to enable the new image notification feature for this environment. Toggle off to disable the feature.
This feature is only available in Portainer Business Edition.
|
diff --git a/user/docker/images/README.md b/user/docker/images/README.md
new file mode 100644
index 0000000..2787065
--- /dev/null
+++ b/user/docker/images/README.md
@@ -0,0 +1,26 @@
+# Images
+
+Images are what is used to build containers. Each image defines the pieces required to build and configure a container and can be reused many times. The **Images** section in Portainer lets you interact with the images in an environment.
+
+
+
+You can pull images from Docker Hub or any other [registry](../../../admin/registries/add/):
+
+{% content-ref url="pull.md" %}
+[pull.md](pull.md)
+{% endcontent-ref %}
+
+You can also view a list of the images that are currently available in an environment, including their IDs, usage states, tags, sizes and creation dates. There are many other options available:
+
+{% content-ref url="build.md" %}
+[build.md](build.md)
+{% endcontent-ref %}
+
+{% content-ref url="import.md" %}
+[import.md](import.md)
+{% endcontent-ref %}
+
+{% content-ref url="export.md" %}
+[export.md](export.md)
+{% endcontent-ref %}
+
diff --git a/user/docker/images/build.md b/user/docker/images/build.md
new file mode 100644
index 0000000..36b9eae
--- /dev/null
+++ b/user/docker/images/build.md
@@ -0,0 +1,71 @@
+# Build a new image
+
+There are three ways you can build new images.
+
+{% hint style="info" %}
+On a multi-node environment, the built image will only be available on the node you select in the **Deployment** section. To make the image available to all nodes, consider [adding a registry](../../../admin/registries/add/) to Portainer.
+{% endhint %}
+
+{% hint style="warning" %}
+When building an image with Portainer, you are unable to use `ADD` or `COPY` commands referencing files on the host. We recommend using `wget` or similar to retrieve files from a HTTP/S URL instead.
+{% endhint %}
+
+## Method 1: Using the Portainer web editor
+
+From the menu select **Images** then click **Build a new image**.
+
+
+
+Next, give the image a descriptive name (you can enter multiple names), select the **Web editor** option under **Build method**, then write your Dockerfile in the web editor.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+Optionally, you can upload one or more local files to be included in an image by clicking **Select files** and selecting the files to include. You can then reference them in your Dockerfile.
+
+
+
+Select the node you want to save the image on (if on a multi-node environment) then click **Build the image**.
+
+
+
+When the build is finished, select the **Output** tab to view the build history and the result.
+
+## Method 2: Uploading a Dockerfile
+
+If you have an existing Dockerfile, you can upload it to Portainer and use it to build the image.
+
+From the menu select **Images** then click **Build a new image**.
+
+
+
+Next, give the image a descriptive name (you can enter multiple names), select the **Upload** option under **Build method**, then browse to and upload the Dockerfile.
+
+
+
+Scroll down and select the node you want to save the image on (if on a multi-node environment) then click **Build the image**.
+
+
+
+When the build is finished, select the **Output** tab to view the build history and the result.
+
+## Method 3: Providing a Dockerfile from a URL
+
+If the Dockerfile is hosted on the Internet (either in a tarball or a public GitHub repository), you can download it directly to Portainer via its URL.
+
+From the menu select **Images** then click **Build a new image**.
+
+
+
+Next, give the image a descriptive name (you can enter multiple names), select the **Upload** option under **Build method**, then enter the **URL** of the file and the **Dockerfile path** within the tarball or repository.
+
+
+
+Scroll down and select the node you want to save the image on (if on a multi-node environment) click **Build the image**.
+
+
+
+When the build is finished, select the **Output** tab to view the build history and the result.
diff --git a/user/docker/images/export.md b/user/docker/images/export.md
new file mode 100644
index 0000000..6aa0098
--- /dev/null
+++ b/user/docker/images/export.md
@@ -0,0 +1,17 @@
+# Export an image
+
+You can export any Docker image stored on any node. This is useful when you need to move a container from one host to another, or simply make a backup of the images.
+
+{% hint style="warning" %}
+If you export a container to a tar file, the volumes won't get exported with it. You will need to save the data from those volumes using a different method.
+{% endhint %}
+
+From the menu select **Images**, select the image you want to export then click **Export this image**.
+
+
+
+When the warning message appears, click **Continue**.
+
+
+
+When the image has downloaded, a success message will appear, and your browser should automatically download the resulting tar file.\
diff --git a/user/docker/images/import.md b/user/docker/images/import.md
new file mode 100644
index 0000000..706d5ca
--- /dev/null
+++ b/user/docker/images/import.md
@@ -0,0 +1,30 @@
+# Import an image
+
+You can import images from other Portainer instances, the Docker CLI or the Docker Swarm CLI.
+
+From the menu select **Images** then click **Import**.
+
+
+
+Click **Select file** to browse for the image file to upload. Portainer supports `.tar`, `.tar.gz`, `.tar.bz2` and `.tar.xz` files. If you are on a multi-node environment, select the node where you wish to save the image.
+
+{% hint style="info" %}
+On a multi-node environment, the image you import will only be available on the node selected under **Deployment**. If you want to make the image available to all nodes, consider [adding a registry](../../../admin/registries/add/) to Portainer.
+{% endhint %}
+
+
+
+When importing an image you can also select to tag the image using a registry you have preconfigured in Portainer. Select the **Registry** from the dropdown and enter the image name and tag.
+
+
+
+If you wish to tag the image with a registry that is not configured within Portainer, click **Advanced mode** and enter the registry, port, image and tag as required.
+
+{% hint style="info" %}
+If you want to tag the image locally rather than in a registry, use **Advanced mode** and simply specify the image name and tag, without a registry.
+{% endhint %}
+
+
+
+When you're ready, click **Upload** to import your image.
+
diff --git a/user/docker/images/pull.md b/user/docker/images/pull.md
new file mode 100644
index 0000000..402396f
--- /dev/null
+++ b/user/docker/images/pull.md
@@ -0,0 +1,27 @@
+# Pull an image
+
+You can pull images from any registry that has been [added to Portainer](../../../admin/registries/), or using advanced mode, from a custom external registry.
+
+{% hint style="info" %}
+On a multi-node environment, the pulled image will only be available on the node you select in the **Deployment** section. To make the image available to all nodes, consider [adding a registry](../../../admin/registries/add/) to Portainer.
+{% endhint %}
+
+## Method 1: Pulling images in simple mode
+
+This method lets you pull images from Docker Hub or from another registry that you have connected with before.
+
+From the menu select **Images**. Select the registry to use then enter the name of the image. On a multi-node environment, select the node to deploy to.
+
+
+
+When you're ready, click **Pull the image**.
+
+## Method 2: Pulling images in advanced mode
+
+Using advanced mode, you can define a custom registry URL, port and image. This is ideal if you run your own private registry but don't want to add it to the [registries](../../../admin/registries/) list in Portainer.
+
+From the menu select **Images** then select **Advanced mode**. Next, enter the registry, port and image in the **Image** box. On a multi-node environment, select the node to deploy to.
+
+
+
+When you're ready, click **Pull the image**.
diff --git a/user/docker/networks/README.md b/user/docker/networks/README.md
new file mode 100644
index 0000000..967d4e0
--- /dev/null
+++ b/user/docker/networks/README.md
@@ -0,0 +1,33 @@
+# Networks
+
+Portainer lets you add, remove and manage networks in your environment.
+
+
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
+## Supported network types
+
+Portainer supports these types of networks:
+
+### bridge
+
+If you don’t specify a driver, this type of network will be created by default. Bridge networks are normally used when your applications run in standalone containers that need to communicate with each other.
+
+### macvlan
+
+macvlan networks allow you to assign a MAC address to a container, making it appear as a physical device on your network. The Docker daemon routes traffic to containers based on their MAC addresses. Using the macvlan driver is sometimes the best choice when dealing with legacy applications that expect to be directly connected to the physical network, rather than routed through the Docker host’s network stack.
+
+### ipvlan
+
+Similar to macvlan, the key difference being that the endpoints have the same MAC address. ipvlan supports L2 and L3 modes. In ipvlan L2 mode, each endpoint gets the same MAC address but different IP addresses. In ipvlan L3 mode, packets are routed between endpoints, giving better scalability.
+
+### overlay
+
+overlay networks connect multiple Docker daemons together and enable swarm services to communicate with each other. You can also use overlay networks to facilitate communication between a swarm service and a standalone container, or between two standalone containers on different Docker daemons.
diff --git a/user/docker/networks/add.md b/user/docker/networks/add.md
new file mode 100644
index 0000000..3411975
--- /dev/null
+++ b/user/docker/networks/add.md
@@ -0,0 +1,25 @@
+# Add a new network
+
+From the menu select **Networks** then click **Add network**.
+
+
+
+Define the new network, using the table below as a guide.
+
+| Field/Option | Overview |
+| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Give the network a descriptive name. |
+| Driver | Define the [type of network](./#supported-network-types) you will use. |
+| Driver options | Set in place any options related to your network driver, if required. |
+| IPv4 Network configuration | Define IPv4 range, subnet, gateway and exclude IP. If no information is entered here, Docker will automatically assign an IPv4 range. |
+| IPv6 Network configuration | Define IPv6 range, subnet, gateway and exclude IP. If no information is entered here, Docker will automatically assign an IPv6 range. |
+| Labels | Add labels to the network. |
+| Isolated network | Toggle this option on to isolate any containers created in this network to this network only, with no inbound or outbound connectivity. |
+| Enable manual container attachment | Toggle this option on to allow users to attach the network to running containers. |
+| Deployment | On multi-node clusters, select the node where the network will be created. |
+
+
+
+
+
+When you're finished, click **Create the network**.
diff --git a/user/docker/networks/remove.md b/user/docker/networks/remove.md
new file mode 100644
index 0000000..5118c53
--- /dev/null
+++ b/user/docker/networks/remove.md
@@ -0,0 +1,9 @@
+# Remove a network
+
+{% hint style="warning" %}
+You must detach all containers from a network before you can remove it.
+{% endhint %}
+
+From the menu select **Networks**, tick the checkbox next to the network you want to remove then click **Remove**.
+
+
diff --git a/user/docker/secrets/README.md b/user/docker/secrets/README.md
new file mode 100644
index 0000000..fb358ea
--- /dev/null
+++ b/user/docker/secrets/README.md
@@ -0,0 +1,34 @@
+# Secrets
+
+{% hint style="info" %}
+The Secrets menu is only available to Docker Swarm environments.
+{% endhint %}
+
+A secret is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network, stored unencrypted in a Dockerfile, or stored in your application’s source code. In Docker 1.13 and later, you can use Docker Secrets to centrally manage this data and securely transmit it only to those containers that need access to it.
+
+
+
+Secrets are encrypted during transit and at rest in Docker Swarm. A given secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.
+
+You can use secrets to manage any sensitive data that a container needs at runtime, but you don’t want to store in the image or in source control, such as:
+
+* Usernames and passwords.
+* TLS certificates and keys.
+* SSH keys.
+* Other important data such as the name of a database or internal server.
+* Generic strings or binary content (up to 500Kb in size).
+
+For less sensitive data or larger content, see [configs](../configs/).
+
+In Portainer you can add and remove secrets for use in deployments.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
+
+
diff --git a/user/docker/secrets/add.md b/user/docker/secrets/add.md
new file mode 100644
index 0000000..63972c7
--- /dev/null
+++ b/user/docker/secrets/add.md
@@ -0,0 +1,11 @@
+# Add a new secret
+
+From the menu select **Secrets** then click **Add secret**.
+
+
+
+Next, give the secret a descriptive name and write a definition of the secret in the **Secret** field. Toggle **Encode secret** on if you want to encode the secret (useful when you use a plain-text password).
+
+
+
+ When you're finished, click **Create the secret**.
diff --git a/user/docker/secrets/remove.md b/user/docker/secrets/remove.md
new file mode 100644
index 0000000..800d414
--- /dev/null
+++ b/user/docker/secrets/remove.md
@@ -0,0 +1,5 @@
+# Remove a secret
+
+From the menu select **Secrets**, tick the checkbox next to the secret you want remove then click **Remove**.
+
+
diff --git a/user/docker/services/README.md b/user/docker/services/README.md
new file mode 100644
index 0000000..2286771
--- /dev/null
+++ b/user/docker/services/README.md
@@ -0,0 +1,48 @@
+# Services
+
+{% hint style="info" %}
+The **Services** menu is only available to Docker Swarm endpoints.
+{% endhint %}
+
+A service consists of an image definition and container configuration as well as instructions on how those containers will be deployed across a Swarm cluster.
+
+
+
+When the [new image notification](../swarm/setup.md#other) feature is enabled, the circle to the left of the image name indicates whether the local image is up to date, with a green tick indicating it is up to date and an orange cross indicating that there is a newer version of the image available at the remote registry. A grey hyphen indicates Portainer was unable to determine whether there is an update available for the image.
+
+For more on how this works, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-does-the-image-update-notification-icon-work).
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="configure.md" %}
+[configure.md](configure.md)
+{% endcontent-ref %}
+
+Once a service has been created you can scale it to meet your needs, as well as view individual task status and logs.
+
+{% content-ref url="scale.md" %}
+[scale.md](scale.md)
+{% endcontent-ref %}
+
+{% content-ref url="tasks.md" %}
+[tasks.md](tasks.md)
+{% endcontent-ref %}
+
+{% content-ref url="logs.md" %}
+[logs.md](logs.md)
+{% endcontent-ref %}
+
+If you need to undo some changes to a service, you can roll it back.
+
+{% content-ref url="rollback.md" %}
+[rollback.md](rollback.md)
+{% endcontent-ref %}
+
+You can also configure webhooks for your services.
+
+{% content-ref url="webhooks.md" %}
+[webhooks.md](webhooks.md)
+{% endcontent-ref %}
+
diff --git a/user/docker/services/add.md b/user/docker/services/add.md
new file mode 100644
index 0000000..91ae5de
--- /dev/null
+++ b/user/docker/services/add.md
@@ -0,0 +1,23 @@
+# Add a new service
+
+From the menu click **Services** then click **Add service**.
+
+
+
+Complete the fields, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Name | Give the service a descriptive name. |
+| Registry | Select the registry that contains the image you wish to use for the service. |
+| Image | Enter the name of the image. If you're using Docker Hub you can also search for images from here. |
+| Scheduling mode | Select either to replicate the service on the same host or deploy it globally with one container on each host. |
+| Replicas | Set the number of replicas (only if the scheduling mode is set to **Replicated**). |
+| Port mapping | Define the ports to expose on the new service. |
+| Create a service webhook | Toggle on to create a [webhook](webhooks.md) for the service. You can send a POST request to this endpoint to automate pulling the most up-to-date image and re-deploy your service. |
+
+
+
+You can also configure any advanced options for the service in the bottom section.
+
+When you're finished click **Create the service**.
diff --git a/user/docker/services/configure.md b/user/docker/services/configure.md
new file mode 100644
index 0000000..ef3392b
--- /dev/null
+++ b/user/docker/services/configure.md
@@ -0,0 +1,137 @@
+# Configure service options
+
+From the menu select **Services** then select the service you want to configure.
+
+
+
+## Service details
+
+In this section you can:
+
+* View a summary of the details about the service.
+* Configure the number of replicas.
+* Toggle the [service webhook](webhooks.md) on or off.
+* View the [service logs](logs.md).
+* Update, [roll back](rollback.md) or delete the service.
+
+
+
+## Container specification configuration options
+
+### Change container image
+
+Here you can replace the container image with a different image. Select the registry, enter the image name, then click **Apply changes**.
+
+
+
+### Environment variables
+
+It's best to set environment variables when you [create a container](../containers/add.md) and before deployment. You can still set or edit these variables after deployment if you wish.
+
+
+
+### Container labels
+
+Labels give you a way to record information about a container, such as the way it's configured. Labels can also be used by Portainer to [hide containers from the interface](../../../admin/settings/#hidden-containers).
+
+
+
+### Mounts
+
+You have the option to either mount or bind volumes in Portainer, and you can also make them read only. To add a mount, first select either **Volume** or **Bind** from the **Type** dropdown.
+
+#### For volume mounts:
+
+Select the volume from the **Source** dropdown, enter the container path in the **Target** field tick **Read only** if required then click **Apply changes**.
+
+
+
+#### For bind mounts:
+
+Enter the source path in the **Source** field, enter the container path in the **Target** field, tick **Read only** if required then click **Apply changes**.
+
+
+
+## Networks & ports configuration options
+
+### Networks
+
+You can define one or more networks for a service either before or after deployment. Simply select the network from the dropdown then click **Apply changes**.
+
+
+
+### Published ports
+
+Use this setting to publish ports so they can access a container from outside of the host. You can either add new ports or update existing ports.
+
+
+
+### Hosts file entries
+
+Lets you manually specify a hostname or URL and associate the URL to an internal or external IP address.
+
+
+
+## Service specification settings
+
+### Resource limits and reservations
+
+Sets limits on resource utilization, such as memory, CPU reservation and CPU limit.
+
+
+
+### Placement constraints
+
+Use placement constraints to control which nodes a service can be assigned to.
+
+
+
+### Placement preferences
+
+While placement constraints limit the nodes a service can run on, placement preferences attempt to place tasks on appropriate nodes in an algorithmic way (by default they are spread evenly).
+
+
+
+### Restart policy
+
+Docker's restart policies ensure that linked containers are restarted in the correct order, and control the conditions under which they are restarted:
+
+* **Any**: Restart the container under any conditions (restarted host or Docker daemon).
+* **On Failure**: Restart the container if it exits due to an error which manifests as a non-zero exit code.
+* **None**: Do not automatically restart the container.
+
+You can also adjust the restart delay, maximum attempts and restart window.
+
+
+
+### Update configuration
+
+Updates a service according to the parameters you specify. The parameters specified here are the same as `docker service create` (see [Docker's own documentation](https://docs.docker.com/engine/reference/commandline/service\_create/) for more information).
+
+Normally, updating a service will only cause the service’s tasks to be replaced with new ones if a change to the service requires recreating the tasks for it to take effect.
+
+
+
+### Logging driver
+
+Docker includes logging mechanisms called _logging drivers_ that get information from the containers and services you're running. Each Docker daemon has a default logging driver which each container will use, unless you configure them to use a different logging driver.
+
+
+
+### Service labels
+
+Lets you add metadata to containers using Docker labels either via an array or a dictionary. We recommend that you use reverse-DNS notation to stop labels from conflicting with those used by other software.
+
+
+
+### Configs
+
+Docker 17.06 introduced Swarm service configs. These allow you to store non-sensitive information such as configuration files outside a service’s image or running containers. This keeps images as generic as possible and removes the need to bind-mount configuration files into containers or use environment variables.
+
+
+
+### Secrets
+
+In the context of Docker Swarm services, a secret is a blob of data such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network or stored unencrypted in a Dockerfile or in your application’s source code.
+
+
diff --git a/user/docker/services/logs.md b/user/docker/services/logs.md
new file mode 100644
index 0000000..3fca207
--- /dev/null
+++ b/user/docker/services/logs.md
@@ -0,0 +1,17 @@
+# View service logs
+
+From the menu select **Services**, select the service whose logs you want to view then click **Service logs**.
+
+
+
+Here you can see the contents of the Docker logs for your service.
+
+
Field/Option
Overview
Search
Enter a string to search the log output. You can see the number of results for your search and move through each result with the up and down arrows.
Filter search results
When enabled, display only the log lines that contain your search string.
Copy
Click this button to copy the currently displayed log lines to your clipboard.
Download logs
Click this button to download your log.
+
+
+
+You can also set various options for how the logs are displayed:
+
+
Field/Option
Overview
Auto-refresh
Toggle this option off to disable auto refreshing of the log view. When off, you can click the refresh icon to the right of the toggle to manually refresh the view.
Fetch
Select the time period from which to retrieve the logs.
Lines
Limit the number of lines per log file (the default is 1000).
Show timestamp
When enabled, display a timestamp before each log line.
Show line numbers
When enabled, display line numbers for each log line.
Wrap line
When enabled, lines longer than the screen width will be wrapped onto the next line.
Full screen
Click the full screen icon to expand the log display to fill your screen.
+
+
diff --git a/user/docker/services/rollback.md b/user/docker/services/rollback.md
new file mode 100644
index 0000000..8550797
--- /dev/null
+++ b/user/docker/services/rollback.md
@@ -0,0 +1,11 @@
+# Roll back a service
+
+If you make a change to a service in Docker Swarm and your applications are no longer working as you expect, you can roll back to the previous state.
+
+From the menu select **Services**, select the service to roll back then click **Rollback the service**.
+
+
+
+When the confirmation message appears, click **Yes**.
+
+
diff --git a/user/docker/services/scale.md b/user/docker/services/scale.md
new file mode 100644
index 0000000..a225d3f
--- /dev/null
+++ b/user/docker/services/scale.md
@@ -0,0 +1,11 @@
+# Scale a service
+
+From the menu select **Services** then select **scale** next to the service you want to scale (in the **Scheduling Mode** column).
+
+
+
+Select the number of replicas you want to create for the service then click the tick icon to apply. If scaling is successful, a success message will appear at the top-right of the screen. Refresh the page until the running replicas appear.
+
+{% hint style="info" %}
+Depending on container size, there might be a slight delay before the replicas appear on screen.
+{% endhint %}
diff --git a/user/docker/services/tasks.md b/user/docker/services/tasks.md
new file mode 100644
index 0000000..4976e8b
--- /dev/null
+++ b/user/docker/services/tasks.md
@@ -0,0 +1,11 @@
+# View the status of a service task
+
+Services in a Docker Swarm environment are a collection of tasks (or individual containers). This article explains how to quickly see the status of the containers that make up each service.
+
+From the menu select **Services** then click the down-arrow to the left of the service you want to inspect. The tasks that make up the service will be shown.
+
+
+
+Select any individual task to go to the container details page for that task. You can also perform various actions on individual tasks by using the icons in the **Actions** column.
+
+
diff --git a/user/docker/services/webhooks.md b/user/docker/services/webhooks.md
new file mode 100644
index 0000000..8a61f3f
--- /dev/null
+++ b/user/docker/services/webhooks.md
@@ -0,0 +1,59 @@
+# Webhooks
+
+A webhook is a POST request sent to a URL that you define in Docker Hub or another registry. Use webhooks to trigger an action or a service in response to a repository push event.
+
+{% hint style="info" %}
+Webhooks are only available on non-Edge environments (environments running Portainer Server or Portainer Agent, not the Portainer Edge Agent). This is because the tunnel to the Portainer Edge Agent is only opened on-demand, and therefore would mean there is no way to expose a webhook permanently.
+{% endhint %}
+
+## Enabling a service webhook
+
+From the menu select **Services** then select the service that you want to configure the webhook for.
+
+
+
+In the **Service details** screen toggle the **Service webhook** option on. When the URL appears, click **Copy link**. This URL will be used to configure the webhook in your chosen registry.
+
+
+
+This example shows how to trigger the webhook using `redeploy`:
+
+```
+
+```
+
+This example shows how to trigger the webhook using `update service image with a different tag`:
+
+```
+
+```
+
+## Using environment variables with webhooks
+
+When triggering a webhook, environment variables can be passed through the endpoint and referenced within services' compose files.
+
+{% hint style="info" %}
+This functionality is only available in Portainer Business Edition.
+{% endhint %}
+
+To specify an environment variable on a webhook, add it as a variable to the URL. For example, to pass a `SERVICE_TAG` variable with the value `development`:
+
+```
+https://portainer:9443/api/webhooks/1d251d96-fb34-4172-a0a1-d0655467b897?SERVICE_TAG=development
+```
+
+To reference the `SERVICE_TAG` variable in your compose file with a fallback to the value `stable`:
+
+```
+services:
+ my-service:
+ image: repository/image:${SERVICE_TAG:-stable}
+```
+
+## Configuring the webhook in Docker Hub
+
+To finish the configuration, refer to [Docker's own documentation](https://docs.docker.com/docker-hub/webhooks/).
diff --git a/user/docker/stacks/README.md b/user/docker/stacks/README.md
new file mode 100644
index 0000000..25d1daf
--- /dev/null
+++ b/user/docker/stacks/README.md
@@ -0,0 +1,33 @@
+# Stacks
+
+A stack is a collection of services, usually related to one application or usage. For example, a WordPress stack definition may include a web server container (such as nginx) and a database container (such as MySQL).
+
+
+
+When the [new image notification](../host/setup.md#other) feature is enabled, the **Images up to date** column indicates whether the local images in the stack are up to date, with a green tick indicating they are up to date and an orange cross indicating that there is a newer version of an image available at the remote registry. A grey hyphen indicates Portainer was unable to determine whether there is an update available for the images.
+
+For more on how this works, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-does-the-image-update-notification-icon-work).
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="edit.md" %}
+[edit.md](edit.md)
+{% endcontent-ref %}
+
+{% content-ref url="template.md" %}
+[template.md](template.md)
+{% endcontent-ref %}
+
+{% content-ref url="webhooks.md" %}
+[webhooks.md](webhooks.md)
+{% endcontent-ref %}
+
+{% content-ref url="migrate.md" %}
+[migrate.md](migrate.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
diff --git a/user/docker/stacks/add.md b/user/docker/stacks/add.md
new file mode 100644
index 0000000..fb990e7
--- /dev/null
+++ b/user/docker/stacks/add.md
@@ -0,0 +1,201 @@
+# Add a new stack
+
+## Options when deploying a new stack
+
+There are four ways to deploy a new stack from Portainer:
+
+| Option | Overview |
+| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------- |
+| [Web editor](add.md#option-1-web-editor) | Use our web editor to define the services for the stack using a docker-compose format. |
+| [Upload](add.md#option-2-upload) | If you have a `stack.yml` file, you can upload it from your computer and use it to deploy the stack. |
+| [Git repository](add.md#option-3-git-repository) | You can use a docker-compose format file hosted in a Git repository. |
+| Custom template | If you have created a [custom stack template](../templates/custom.md), you can deploy using this option. |
+
+## Option 1: Web editor
+
+From the menu select **Stacks**, click **Add stack**, give the stack a descriptive name then select **Web editor**. Use the web editor to define the services.
+
+
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+As part of the stack creation you can enable a stack webhook, allowing you to remotely trigger redeployments of the stack from your repository, for example. You can read more on this in our documentation on [stack webhooks](webhooks.md).
+
+
+
+As an optional step, you can also use the web editor to define environment variables. You can use these to define values in your compose file that would vary between deployments (for example, hostnames, database names, etc).
+
+Environment variables can be set individually within Portainer or you can use **Load variables from .env file** to upload a file containing your environment variables. Environment variables you define (either individually or via a .env file) will be available to use in your compose file using an `environment` definition:
+
+```
+environment:
+ MY_ENVIRONMENT_VARIABLE: ${MY_ENVIRONMENT_VARIABLE}
+```
+
+Alternatively, on Docker Standalone environments you can add `stack.env` as an `env_file` definition to add all the environment variables that you have defined individually as well as those included in an uploaded .env file:
+
+```
+env_file:
+ - stack.env
+```
+
+**Note:** Using `env_file` to define a file does not work in Docker Swarm due to the lack of `env_file` support in `docker stack deploy` (used on Swarm environments to deploy your stack). On Docker Swarm, you will need to define each environment variable manually.
+
+{% hint style="info" %}
+Note the compose file is not changed when environment variables are used - this allows variables to be updated within Portainer without editing the compose file itself. You will still see the `${MY_ENVIRONMENT_VARIABLE}` style entry in the compose file.
+{% endhint %}
+
+
+
+When you're ready, click **Deploy the stack**.
+
+## Option 2: Upload
+
+In Portainer you can create stacks from Compose YML files. To do this, from the menu select **Stacks**, click **Add stack**, then give the stack a descriptive name.
+
+
+
+Select **Upload** then select the Compose file from your computer.
+
+As part of the stack creation you can enable a stack webhook, allowing you to remotely trigger redeployments of the stack from your repository, for example. You can read more on this in our documentation on [stack webhooks](webhooks.md).
+
+
+
+As an optional step, enter any environment variables. You can use these to define values in your compose file that would vary between deployments (for example, hostnames, database names, etc).
+
+Environment variables can be set individually within Portainer or you can use **Load variables from .env file** to upload a file containing your environment variables. Environment variables you define (either individually or via a .env file) will be available to use in your compose file using an `environment` definition:
+
+```
+environment:
+ MY_ENVIRONMENT_VARIABLE: ${MY_ENVIRONMENT_VARIABLE}
+```
+
+Alternatively, you can add `stack.env` as an `env_file` definition to add all the environment variables that you have defined individually as well as those included in an uploaded .env file:
+
+```
+env_file:
+ - stack.env
+```
+
+{% hint style="info" %}
+Note the compose file is not changed when environment variables are used - this allows variables to be updated within Portainer without editing the compose file itself which would take it out of sync with your local copy. You will still see the `${MY_ENVIRONMENT_VARIABLE}` style entry in the compose file.
+{% endhint %}
+
+
+
+When you're ready click **Deploy the stack**.
+
+## Option 3: Git repository
+
+If your Compose file is hosted in a Git repository, you can deploy from there. From the menu select **Stacks**, click **Add stack**, then give the stack a descriptive name.
+
+
+
+Select **Git Repository** then enter information about your Git repo.
+
+{% hint style="info" %}
+Any Git-compatible repository should work here. Substitute the details as required.
+{% endhint %}
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Authentication | Toggle this on if your Git repository requires authentication. |
+| Git Credentials | If the **Authentication** toggle is enabled and you have [configured Git credentials](../../account-settings.md#git-credentials), you can select them from this dropdown. |
+| Username | Enter your Git username. |
+| Personal Access Token | Enter your personal access token or password. |
+| Save credential | Check this option to save the credentials entered above for future use under the name provided in the **credential name** field. |
+
+{% hint style="info" %}
+If you have 2FA configured in GitHub, your passcode is your password.
+{% endhint %}
+
+
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Repository URL | Enter the repository URL. If you have enabled Authentication above the credentials will be used to access the repository. The below options will be populated by what is found in the repository. |
+| Repository reference | Select the reference to use when deploying the stack (for example, the branch). |
+| Compose path | Enter the path to the Compose file from the root of the repository. |
+| Additional paths | Click **Add file** to add additional files to be parsed by the build (for example, an environment-specific compose file). |
+| GitOps updates | Toggle this on to enable GitOps updates (see below). |
+| Skip TLS verification | Toggle this on to skip the verification of TLS certificates used by your repository. This is useful if your repo uses a self-signed certificate. |
+
+
+
+### GitOps updates
+
+Portainer supports automatically updating your stacks deployed from Git repositories. To enable this, toggle on **GitOps updates** and configure your settings.
+
+{% hint style="info" %}
+For more detail on how GitOps updates function under the hood, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-do-automatic-updates-for-stacks-applications-work).
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Mechanism | Select the method to use when checking for updates: |
+| |
Polling: Periodically poll the Git repository from Portainer to check for updates to the repository.
Webhook: Generate a webhook URL to add to your Git repository to trigger the update on demand (for example via GitHub actions).
|
+| Fetch interval | If **Polling** is selected, how often Portainer will check the Git repository for updates. |
+| Webhook | When **Webhook** is selected, displays the webhook URL to use in your integration. Click **Copy link** to copy the webhook URL to the clipboard. |
+
+
Enable this setting to always pull the most recent version of container images when updating the stack. This is equivalent to the --pull=always flag for docker run. This option was previously labeled as Pull latest image.
|
+| Force redeployment |
Enable this setting to force the redeployment of your stack at the specified interval (or when the webhook is triggered), overwriting any changes that have been made in the local environment, even if there has been no update to the stack in Git. This is useful if you want to ensure that your Git repository is the source of truth for your stacks and are happy with the local stack being replaced.
If this option is left disabled, automatic updates will only trigger if Portainer detects a change in the remote Git repository.
|
+
+
+
+### Relative path volumes
+
+When you toggle **Enable relative path volumes** to on, you are able to specify relative path references in your compose files. Portainer will create the required directory structure and populate the directories with the relevant files from your Git repository.
+
+{% hint style="info" %}
+This feature is only available in Portainer Business Edition.
+{% endhint %}
+
+On Docker Standalone environments, specify the path at which you want your files to be created on your host filesystem in the **Local filesystem path** field.
+
+{% hint style="warning" %}
+Ensure this directory exists on your local filesystem and is writable.
+{% endhint %}
+
+
+
+On Docker Swarm environments, specify the path at which you want your files to be created in the Network filesystem path field.
+
+{% hint style="warning" %}
+Ensure that this path is available on all of your Docker Swarm nodes and is writable.
+{% endhint %}
+
+
+
+### Environment variables
+
+As an optional step, you can also set environment variables. You can use these to define values in your compose file that would vary between deployments (for example, hostnames, database names, etc).
+
+Environment variables can be set individually within Portainer or you can use **Load variables from .env file** to upload a file containing your environment variables. Environment variables you define (either individually or via a .env file) will be available to use in your compose file using an `environment` definition:
+
+```
+environment:
+ MY_ENVIRONMENT_VARIABLE: ${MY_ENVIRONMENT_VARIABLE}
+```
+
+Alternatively, you can add `stack.env` as an `env_file` definition to add all the environment variables that you have defined individually as well as those included in an uploaded .env file:
+
+```
+env_file:
+ - stack.env
+```
+
+{% hint style="info" %}
+Note the compose file is not changed when environment variables are used - this allows variables to be updated within Portainer without editing the compose file itself which would take it out of sync with the Git repository. You will still see the `${MY_ENVIRONMENT_VARIABLE}` style entry in the compose file.
+{% endhint %}
+
+
+
+Enter environment variables if required then click **Deploy the stack**.
diff --git a/user/docker/stacks/edit.md b/user/docker/stacks/edit.md
new file mode 100644
index 0000000..a02b74d
--- /dev/null
+++ b/user/docker/stacks/edit.md
@@ -0,0 +1,81 @@
+# Inspect or edit a stack
+
+## Inspecting a stack
+
+From the menu select **Stacks** then select the stack you want to inspect.
+
+
+
+From here you can stop, delete or [create a template from the stack](template.md), and if deployed from Git you can [detach the stack from the Git repository](edit.md#detach-from-git).
+
+
+
+If the stack was deployed from a Git repository, you can:
+
+* Configure [GitOps updates](add.md#gitops-updates) or manually pull and redeploy the stack.
+* View and edit the stack's environment variables.
+
+
+
+If the stack was deployed using the [Web Editor](add.md#option-1-web-editor) or [uploaded](add.md#option-2-upload), you will have the option to [edit your compose file manually](edit.md#editing-a-stack).
+
+Regardless of the deployment method used, you can also [migrate or duplicate](migrate.md) the stack.
+
+### Docker Standalone
+
+When using Docker Standalone, you can:
+
+* View the containers that make up the stack.
+* Check to see if they are running or stopped.
+* Get access to logs.
+* Inspect individual containers.
+* View container statistics.
+* Get access to the container's console.
+
+
+
+### Docker Swarm
+
+When using Docker Swarm, you can:
+
+* View the services that make up the stack.
+* Check to see if they are running or stopped.
+* See how many replicas are running on each host.
+* Get access to logs.
+* Inspect individual services.
+* View service statistics.
+* Get access to the service's console.
+
+
+
+## Editing a stack
+
+Editing a stack allows you to make changes to the configuration and redeploy those changes. To edit a stack, from the menu select **Stacks**, select the stack you want to edit, then select the **Editor** tab.
+
+{% hint style="info" %}
+The Editor tab is only available for stacks that were deployed using the [Web Editor](add.md#option-1-web-editor). For stacks deployed from a Git repository, the compose file must be edited in the repository itself.
+{% endhint %}
+
+
+
+Here, you can edit the Compose file for the stack to suit your needs. Using the **Version** dropdown you can also select a previous version of your stack file (if one exists) to switch back to if required. Selecting a different version from the dropdown will replace the contents of the editor with that of the selected version.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+In this section you can also toggle the stack [webhook](webhooks.md) and retrieve the webhook URL, as well as make changes to environment variables for the stack, and on Docker Swarm environments you can prune services if you have made changes that remove some services from the stack.
+
+
+
+When you have finished making changes, click **Update the stack**.
+
+## Detach from Git
+
+If your stack was created from a Git repository, you have the option to detach the stack from the repository. This means you can [edit the stack directly within Portainer](edit.md#editing-a-stack), but it does mean that the stack can't be updated from Git anymore. This action also cannot be reversed.
+
+{% hint style="info" %}
+Detaching downloads the main compose file for the stack and stores it in Portainer. It does not download any additional compose files or `.env` files that may be contained within the repository.
+{% endhint %}
+
+Click **Detach from Git** to detach. You will be asked to confirm the action - click **Detach** to do so.
diff --git a/user/docker/stacks/migrate.md b/user/docker/stacks/migrate.md
new file mode 100644
index 0000000..0fbccfa
--- /dev/null
+++ b/user/docker/stacks/migrate.md
@@ -0,0 +1,28 @@
+# Migrate or duplicate a stack
+
+## Migrating a stack to another swarm cluster
+
+From the menu select **Stacks** then select the stack you want to migrate.
+
+
+
+In the **Stack duplication / migration** section, select the destination environment for the stack, and optionally define a new name for the stack. Click **Migrate**.
+
+
+
+When the confirmation message appears, click **Migrate**.
+
+
+
+## Duplicating a stack
+
+From the menu select **Stacks** then select the stack you want to duplicate.
+
+
+
+In the **Stack duplication / migration** section, give the new stack a descriptive name then select the environment that the stack is currently on.
+
+
+
+When you're ready, click **Duplicate**.
+
diff --git a/user/docker/stacks/remove.md b/user/docker/stacks/remove.md
new file mode 100644
index 0000000..488ea36
--- /dev/null
+++ b/user/docker/stacks/remove.md
@@ -0,0 +1,9 @@
+# Remove a stack
+
+From the menu select **Stacks**, tick the checkbox next to the stack you want to remove, then click **Delete this stack**.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
diff --git a/user/docker/stacks/template.md b/user/docker/stacks/template.md
new file mode 100644
index 0000000..3498ab9
--- /dev/null
+++ b/user/docker/stacks/template.md
@@ -0,0 +1,30 @@
+# Create a template from a deployed stack
+
+In Portainer you can create an [app template](../templates/) from deployed stacks. This is useful if you need to deploy the same stack several times.
+
+From the menu select **Stacks**, select the already-deployed stack, then click **Create template from stack**.
+
+
+
+Define some properties for the new template, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | -------------------------------------------------------------------------------------------- |
+| Title | Give the template a descriptive name. |
+| Description | Enter a brief description of what your template includes. |
+| Note | Note any extra information about the template (optional). |
+| Icon URL | Enter the URL to an icon to be used for the template when it appears in the list (optional). |
+| Platform | Select the compatible platform for the template. Options are **Linux** or **Windows**. |
+| Type | Select the type of template. Options are **Standalone** or **Swarm**. |
+
+
+
+The **Web editor** will be pre-populated with the Compose file for your stack. Make any changes you need here.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+When you're ready, click **Create custom template**.
diff --git a/user/docker/stacks/webhooks.md b/user/docker/stacks/webhooks.md
new file mode 100644
index 0000000..e9ac339
--- /dev/null
+++ b/user/docker/stacks/webhooks.md
@@ -0,0 +1,73 @@
+# Webhooks
+
+A webhook is a POST request sent to a URL that you define in Docker Hub or another registry. Use webhooks to trigger an action in response to an event such as a repository push.
+
+{% hint style="info" %}
+This functionality is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=stack-webhook).
+{% endhint %}
+
+{% hint style="info" %}
+Webhooks are only available on non-Edge environments (environments running Portainer Server or Portainer Agent, not the Portainer Edge Agent). This is because the tunnel to the Portainer Edge Agent is only opened on-demand, and therefore would mean there is no way to expose a webhook permanently.
+{% endhint %}
+
+## Enabling a stack webhook
+
+From the menu select **Stacks** then select the container that you want to configure the webhook for. Then select the **Edit** tab.
+
+
+
+Scroll down to the **Webhooks** section and toggle the **Create a stack webhook** option on. When the URL appears, click **Copy link**. This URL will be used to configure the webhook in your chosen registry.
+
+
+
+This example shows how to trigger the webhook using `redeploy`:
+
+```
+
+```
+
+This example shows how to trigger the webhook to update the stack to use a different image tag:
+
+```
+
+```
+
+## Preventing a pull
+
+In some cases you may want to override the pulling of images when using the webhook to do a redeploy. In that scenario, you can specify `pullimage=false` as a parameter on your webhook to disable pulling of images.
+
+{% hint style="info" %}
+This option is only available in Portainer Business Edition.
+{% endhint %}
+
+```
+
+```
+
+## Using environment variables with webhooks
+
+When triggering a webhook, environment variables can be passed through the endpoint and referenced within stacks' compose files.
+
+To specify an environment variable on a webhook, add it as a variable to the URL. For example, to pass a `SERVICE_TAG` variable with the value `development`:
+
+```
+https://portainer:9443/api/stacks/webhooks/1d251d96-fb34-4172-a0a1-d0655467b897?SERVICE_TAG=development
+```
+
+To reference the `SERVICE_TAG` variable in your compose file with a fallback to the value `stable`:
+
+```
+services:
+ my-service:
+ image: repository/image:${SERVICE_TAG:-stable}
+```
+
+## Configuring the webhook in Docker Hub
+
+To finish the configuration, refer to [Docker's own documentation](https://docs.docker.com/docker-hub/webhooks/).
diff --git a/user/docker/swarm/README.md b/user/docker/swarm/README.md
new file mode 100644
index 0000000..2c2a162
--- /dev/null
+++ b/user/docker/swarm/README.md
@@ -0,0 +1,61 @@
+# Swarm
+
+{% hint style="info" %}
+The **Swarm** menu is only available to Docker Swarm environments.
+{% endhint %}
+
+This section provides an overview of your Swarm environment. You can view information about environments and nodes, view cluster information, and configure environment-specific settings.
+
+{% content-ref url="setup.md" %}
+[setup.md](setup.md)
+{% endcontent-ref %}
+
+## Cluster status
+
+This section describes the cluster's basic configuration, including the number of nodes, the Docker API version, and the total CPU and memory available. A link to the [cluster visualizer](cluster-visualizer.md) is also included.
+
+
+
+## Nodes
+
+Lists all of the nodes in the cluster along with a summary of each node, including:
+
+* The role of the node.
+* The number of CPUs and memory available on the node.
+* The Docker Engine version running on the node.
+* The node's IP address.
+* The status and availability of the node.
+
+
+
+Clicking on an individual node's name will take you to an overview page for that node.
+
+## Node overview
+
+### Host Details
+
+This section describes the node's basic configuration, including the hostname, OS information, and total CPU and memory.
+
+
+
+### Engine Details
+
+Information such as the Docker version and the available volume and network plugins helps you to understand more about the Docker engine running on your node.
+
+
+
+### PCI Devices and Physical Disks
+
+These sections list the available PCI devices and physical disks on the node.
+
+{% hint style="info" %}
+These sections are only visible when [host management features](setup.md#host-and-filesystem) are enabled for the cluster.
+{% endhint %}
+
+
+
+### Node Details
+
+Here you'll find details about the node's configuration as part of the cluster. You can view the role, set the availability status of the node, view the current status and apply labels to the node.
+
+
diff --git a/user/docker/swarm/cluster-visualizer.md b/user/docker/swarm/cluster-visualizer.md
new file mode 100644
index 0000000..13e72b5
--- /dev/null
+++ b/user/docker/swarm/cluster-visualizer.md
@@ -0,0 +1,30 @@
+# Cluster visualizer
+
+{% hint style="info" %}
+This feature is only available to Docker Swarm environments.
+{% endhint %}
+
+The **Cluster visualizer** section gives you an overview of your cluster and the tasks on it.
+
+## Cluster information
+
+View the details about the cluster including the number of nodes, services and tasks. You can also adjust the visualizer display.
+
+
+
+### Options
+
+**Only display running tasks** filters the task list in the visualizer to only include running tasks.
+
+**Display node labels** toggles the display of labels on the nodes in the visualizer.
+
+### Refresh
+
+Use this option to define the refresh rate of the visualizer (the default is every 5 seconds).
+
+## Cluster visualizer
+
+The **Cluster visualizer** section gives you a visual representation of the nodes in your cluster and the tasks on each node.
+
+
+
diff --git a/user/docker/swarm/registries.md b/user/docker/swarm/registries.md
new file mode 100644
index 0000000..fd88523
--- /dev/null
+++ b/user/docker/swarm/registries.md
@@ -0,0 +1,27 @@
+# Registries
+
+**Registries** lets you manage access to each of the registries that are currently available.
+
+{% hint style="warning" %}
+Registry access assigned here only applies to the selected environment. It is not global.
+{% endhint %}
+
+## Adding a new registry
+
+From the menu select **Swarm**, select **Registries** then click **Add registry**. When the global registries page appears, follow [these instructions](../../../admin/registries/add/).
+
+
+
+## Managing access
+
+To configure access to a registry, from the menu select **Swarm** then select **Registries**.
+
+
+
+Find the registry you want to manage then select **Manage access**.
+
+
+
+From the dropdown, select the users or teams that you would like to have access then click **Create access**.
+
+
diff --git a/user/docker/swarm/setup.md b/user/docker/swarm/setup.md
new file mode 100644
index 0000000..92dc22c
--- /dev/null
+++ b/user/docker/swarm/setup.md
@@ -0,0 +1,61 @@
+# Setup
+
+{% hint style="info" %}
+The **Swarm Setup** section is only available to Docker Swarm environments.
+{% endhint %}
+
+Under **Setup**, you can make changes to your environment, enabling and disabling features and security settings.
+
+## Host and Filesystem
+
+This section is where you configure how Portainer interacts with elements of the host.
+
+{% hint style="danger" %}
+For security, these features are disabled by default. Be sure that you understand their impact before enabling them.
+{% endhint %}
+
+
+
+| Option | Overview |
+| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Enable host management features | Enabling host management features allows you to see the available devices and storage on the physical nodes across your cluster as well as browse the nodes' filesystems. |
+| Enable volume management for non-administrators | Enabling this feature allows non-administrator users to manage volumes on an environment. If this is disabled, users below administrator level have read-only access to volumes. |
+
+## Change Window Settings
+
+This setting allows you to specify a window within which [GitOps updates](../stacks/add.md#gitops-updates) to your applications can be applied.
+
+{% hint style="warning" %}
+If this setting is enabled and an update is made to an application outside of this window, it will not be applied.
+{% endhint %}
+
+
+
+## Docker Security Settings
+
+This section allows you to toggle assorted Docker-related security settings for an environment.
+
+
+
+
+
+| Option | Overview |
+| ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Disable bind mounts for non-administrators | Prevents non-admin users within Portainer from using bind mounts when creating containers and/or services/stacks. When toggled on, the option to attach to a host file system path is removed. |
+| Disable privileged mode for non-administrators | Prevents non-admin users from elevating the privilege of a container to bypass SELinux/AppArmor. When toggled on, the option to select **Privileged** mode when [adding a container](../containers/add.md) is removed. |
+| Disable the use of host PID 1 for non-administrators | Prevents non-admin users from requesting that a deployed container operates as the host PID. This is a security risk if used by a non-trustworthy authorized user because when they operate as PID1, they are in effect able to run any command in the container console as root on the host. |
+| Disable the use of Stacks for non-administrators | This is a 'sledgehammer' approach to removing any possibility for non-admin users within Portainer to find and use weaknesses in the Docker architecture. Whilst Portainer has the ability to disable some of the more common exploits, we cannot possibly block them all because there are any number of capabilities that could be added to a container to attempt to gain access to the host. This feature simply allows an admin to disable all possible entry points. |
+| Disable device mappings for non-administrators | Blocks users from mapping host devices into containers. Whilst the ability to map devices is generally used for good (e.g. mapping a GPU into a container), it can equally be used by non-trustworthy authorized users to map a physical storage device into a container. It is possible to mount `/dev/sda1` into a container, and then from a console of that container, the user would have complete access to the sda1 device without restriction. By toggling this on, Portainer blocks the ability for non-admins to map ANY devices into containers. |
+| Disable container capabilities for non-administrators | Toggle on to hide the **Container capabilities** tab for non-administrators when they are [adding a container](../containers/add.md). |
+| Disable sysctl settings for non-administrators | Toggle on to stop non-admin users from using sysctl options, preventing them from recreating, duplicating or editing containers. |
+
+## Other
+
+This section contains other assorted environment-specific settings.
+
+
+
+| Option | Overview |
+| ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Show GPU in the UI | GPU functionality is currently not available in Docker Swarm environments so this toggle is disabled. |
+| Show an image(s) up to date indicator for Stacks, Services and Containers |
Toggle on to enable the new image notification feature for this environment. Toggle off to disable the feature.
This feature is only available in Portainer Business Edition.
|
diff --git a/user/docker/templates/README.md b/user/docker/templates/README.md
new file mode 100644
index 0000000..84f9a0b
--- /dev/null
+++ b/user/docker/templates/README.md
@@ -0,0 +1,28 @@
+# App Templates
+
+An app template lets you deploy a container (or a stack of containers) to an environment with a set of predetermined configuration values while still allowing you to customize the configuration (for example, environment variables).
+
+
+
+Portainer supports templates of both individual containers and stacks of containers.
+
+{% content-ref url="deploy-stack.md" %}
+[deploy-stack.md](deploy-stack.md)
+{% endcontent-ref %}
+
+{% content-ref url="deploy-container.md" %}
+[deploy-container.md](deploy-container.md)
+{% endcontent-ref %}
+
+By default, Portainer provides a pre-built set of app templates, but you are free to modify or [replace these with your own](../../../advanced/app-templates/build.md). You can also create your own custom templates either manually or from an existing stack.
+
+{% content-ref url="custom.md" %}
+[custom.md](custom.md)
+{% endcontent-ref %}
+
+{% content-ref url="../stacks/template.md" %}
+[template.md](../stacks/template.md)
+{% endcontent-ref %}
+
+
+
diff --git a/user/docker/templates/custom.md b/user/docker/templates/custom.md
new file mode 100644
index 0000000..4a11673
--- /dev/null
+++ b/user/docker/templates/custom.md
@@ -0,0 +1,82 @@
+# Custom templates
+
+A custom template can be used to help streamline the deployment of a container or stack.
+
+{% hint style="info" %}
+You can also [create a template from an existing deployed stack](../stacks/template.md).
+{% endhint %}
+
+## Viewing the list of custom templates
+
+To view a list of custom templates, from the menu select **App Templates** then select **Custom Templates**.
+
+
+
+## Creating a new custom template
+
+### Entering the basic information
+
+Click **Add Custom Template** then complete the details, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | -------------------------------------------------------------------------------------------- |
+| Title | Give the template a descriptive name. |
+| Description | Enter a brief description of what your template includes. |
+| Note | Note any extra information about the template (optional). |
+| Icon URL | Enter the URL to an icon to be used for the template when it appears in the list (optional). |
+| Platform | Select the compatible platform for the template. Options are **Linux** or **Windows**. |
+| Type | Select the type of template. Options are **Standalone** or **Swarm**. |
+
+
+
+### Selecting the build method
+
+Next, choose the build method that suits your needs. You can use the web editor to manually enter your docker-compose file, upload a docker-compose.yml file from your local computer, or pull the compose file from a Git repository.
+
+#### Web editor
+
+Paste the contents of your docker-compose file into the box provided. Once all the details have been completed, click **Create custom template**.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+#### Upload
+
+Click **Select file** to browse for a docker-compose file to upload. Once all the details have been completed, click **Create custom template**.
+
+
+
+#### Git repository
+
+Fill in the details for your Git repository.
+
+| Field/Option | Overview |
+| -------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| Repository URL | Enter the URL to your Git repository. |
+| Repository reference | Enter the repository reference to define the branch or tag to pull from. If blank, the default `HEAD` reference will be used. |
+| Compose path | Enter the path within the repository to your docker-compose file. |
+
+
+
+If your repository requires access authentication, toggle **Authentication** on then enter the username and personal access token. When all the details have been entered, click **Create custom template**.
+
+## Variables in templates
+
+Custom templates support the use of variables to provide further customization of the deployed stack. A stack can define a variable that can then be adjusted by the user at deployment.
+
+{% hint style="info" %}
+This feature is only available in Portainer Business Edition.
+{% endhint %}
+
+Variables are identified in stacks with `{{ }}`. For example, the following stack provides a `MYSQL_PASSWORD` variable:
+
+
+
+When a variable is defined, options appear to customize how the variable appears when deploying the stack. You can set the **label**, **description** and **default value**.
+
+When a template is deployed, any variables that have been configured are editable:
+
+
diff --git a/user/docker/templates/deploy-container.md b/user/docker/templates/deploy-container.md
new file mode 100644
index 0000000..d7f41bb
--- /dev/null
+++ b/user/docker/templates/deploy-container.md
@@ -0,0 +1,17 @@
+# Deploy a container
+
+Portainer lets you deploy a standalone container from the default templates list.
+
+From the menu select **App Templates**. Toggle **Show container templates** on then select the app that you want to deploy.
+
+
+
+Define a name, a network, port mapping and volumes, and toggle **Enable access control** on if needed.
+
+
+
+You can also make changes to container settings such as port and volume mapping, host file entries, labels and the hostname by clicking **Show advanced options**.
+
+
+
+Once you have configured the container, click **Deploy the container**.
diff --git a/user/docker/templates/deploy-stack.md b/user/docker/templates/deploy-stack.md
new file mode 100644
index 0000000..4de0711
--- /dev/null
+++ b/user/docker/templates/deploy-stack.md
@@ -0,0 +1,19 @@
+# Deploy a stack
+
+Portainer lets you deploy an entire stack from either a default template or a custom template.
+
+{% hint style="info" %}
+You can also [create a template from a stack](../stacks/template.md).
+{% endhint %}
+
+From the menu select **App Templates** then select the template you want to deploy. In this example we'll create a WordPress stack.
+
+
+
+Enter a name for the stack and set any required configuration values (these will differ from template to template). Toggle **Enable access control** on or off as required.
+
+
+
+Click **Deploy the stack** then wait for the deployment to finish. If the deployment is successful, the new stack will appear in the list. Select it to view the [deployment details](../stacks/edit.md).
+
+
diff --git a/user/docker/volumes/README.md b/user/docker/volumes/README.md
new file mode 100644
index 0000000..8c997af
--- /dev/null
+++ b/user/docker/volumes/README.md
@@ -0,0 +1,26 @@
+# Volumes
+
+A volume is a data storage area that can be mounted into a container to provide persistent storage. Unlike bind mounts, volumes are independent of the underlying OS and are fully managed by the Docker Engine.
+
+
+
+A volume with the **external** flag was created outside of Portainer, which means Portainer has limited knowledge on it compared to one created within Portainer. A label of **unused** means that Portainer cannot see any applications that are using this volume. This label may also appear on **external** resources because of the limited information available.
+
+In Portainer you can view a list of the volumes on your environment, add new volumes and remove existing volumes.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
+
+If you're running Docker Swarm or the Portainer Agent on your environment, you can also browse existing volumes on that environment.
+
+{% content-ref url="browse.md" %}
+[browse.md](browse.md)
+{% endcontent-ref %}
+
+
+
diff --git a/user/docker/volumes/add.md b/user/docker/volumes/add.md
new file mode 100644
index 0000000..e3fb85f
--- /dev/null
+++ b/user/docker/volumes/add.md
@@ -0,0 +1,121 @@
+# Add a new volume
+
+## Adding a local volume
+
+From the menu select **Volumes** then click **Add volume**.
+
+
+
+Complete the information in the **Create volume** screen, using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------- | ------------------------------------------------------------------- |
+| Name | Give the volume a descriptive name. |
+| Driver | Select `local`. |
+| Use NFS volume | Toggle this off. |
+| Use CIFS volume | Toggle this off. |
+| Deployment | On a multi-node cluster, define the node that will hold the volume. |
+
+
+
+When you're finished, click **Create the volume**.
+
+## Adding an NFS volume
+
+{% hint style="info" %}
+In Portainer, you can mount an NFS volume to persist the data of your containers.
+{% endhint %}
+
+From the menu select **Volumes** then click **Add volume**.
+
+
+
+Complete the information in the **Create volume** screen, using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------- | ------------------------------------------------------------------- |
+| Name | Give the volume a descriptive name. |
+| Driver | Select `local`. |
+| Use NFS volume | Toggle this on. |
+| Use CIFS volume | Toggle this off. |
+| Deployment | On a multi-node cluster, define the node that will hold the volume. |
+
+
+
+Under the **NFS Settings** section, complete the following.
+
+| Field/Option | Overview |
+| ------------ | --------------------------------------------------------------------- |
+| Address | Enter the hostname or IP address of your NFS server. |
+| NFS Version | Select the NFS version that your NFS server uses. |
+| Mount point | Enter the path where the volume is mounted, for example `/mnt/nfs01`. |
+| Options | Leave the default values. |
+
+
+
+When you're finished, click **Create the volume**.
+
+## Adding a CIFS volume
+
+{% hint style="info" %}
+In Portainer, you can mount a CIFS volume to persist the data of your containers.
+{% endhint %}
+
+From the menu select **Volumes** then click **Add volume**.
+
+
+
+Complete the information in the **Create volume** screen, using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------- | ------------------------------------------------------------------- |
+| Name | Give the volume a descriptive name. |
+| Driver | Select `local`. |
+| Use NFS volume | Toggle this off. |
+| Use CIFS volume | Toggle this on. |
+| Deployment | On a multi-node cluster, define the node that will hold the volume. |
+
+
+
+Under the **CIFS Settings** section, complete the following:
+
+| Field/Option | Overview |
+| ------------ | ------------------------------------------- |
+| Address | Enter the CIFS server name or IP address. |
+| Share | Enter the name of the share resource. |
+| CIFS Version | Select the CIFS version that you are using. |
+| Username | Enter the user to authenticate. |
+| Password | Enter the password to authenticate. |
+
+
+
+When you're finished, click **Create the volume**.
+
+## Adding a tmpfs volume
+
+From the menu select **Volumes** then click **Add volume**.
+
+
+
+Complete the information in the **Create volume** screen, using the table below as a guide.
+
+| Field/Option | Overview |
+| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Give the volume a descriptive name. |
+| Driver | Select `local`. |
+| Driver options | Click **add driver option** then add the following name/value combinations: |
+| |
name: type
value: tmpfs
name: device
value: tmpfs
name: o
value: size=100m,uid=1000 (customize these values to suit your needs)
|
+| Use NFS volume | Toggle this off. |
+| Use CIFS volume | Toggle this off. |
+| Deployment | On a multi-node cluster, define the node that will hold the volume. |
+
+
+
+When you're finished, click **Create the volume**. The volume can now be attached to a container in the same way as any other volume.
+
+
+
+Once attached, you can confirm that the tmpfs volume has been mounted correctly within the container:
+
+
+
diff --git a/user/docker/volumes/browse.md b/user/docker/volumes/browse.md
new file mode 100644
index 0000000..9823636
--- /dev/null
+++ b/user/docker/volumes/browse.md
@@ -0,0 +1,13 @@
+# Browse a volume
+
+{% hint style="info" %}
+This feature is only available when running Docker Swarm or the Portainer Agent on the environment.
+{% endhint %}
+
+From the menu select **Volumes** then click **browse** next to the volume you want to explore.
+
+
+
+You can upload files to the volume (by clicking the icon in the top right), and quickly expose them to the container without the need for a CLI. You can also download, rename and delete files in the volume.
+
+
diff --git a/user/docker/volumes/remove.md b/user/docker/volumes/remove.md
new file mode 100644
index 0000000..5240783
--- /dev/null
+++ b/user/docker/volumes/remove.md
@@ -0,0 +1,18 @@
+# Remove a volume
+
+{% hint style="danger" %}
+When you delete a volume, all of the content inside the volume will be erased.
+{% endhint %}
+
+From the menu select **Volumes**, tick the checkbox next to the volume you want remove then click **Remove**.
+
+{% hint style="info" %}
+You cannot remove volumes attached to a container. If you want to do this, first remove the container then remove the volumes.
+{% endhint %}
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
+
diff --git a/user/edge/README.md b/user/edge/README.md
new file mode 100644
index 0000000..1be8edb
--- /dev/null
+++ b/user/edge/README.md
@@ -0,0 +1,28 @@
+# Edge Compute
+
+The following sections describe how to manage Edge Compute environments using menu options available in the Portainer Server.
+
+{% hint style="info" %}
+This functionality requires you to [enable Edge Compute](../../admin/settings/edge.md) features.
+{% endhint %}
+
+{% content-ref url="groups.md" %}
+[groups.md](groups.md)
+{% endcontent-ref %}
+
+{% content-ref url="stacks/" %}
+[stacks](stacks/)
+{% endcontent-ref %}
+
+{% content-ref url="jobs.md" %}
+[jobs.md](jobs.md)
+{% endcontent-ref %}
+
+{% content-ref url="configurations.md" %}
+[configurations.md](configurations.md)
+{% endcontent-ref %}
+
+{% content-ref url="waiting-room.md" %}
+[waiting-room.md](waiting-room.md)
+{% endcontent-ref %}
+
diff --git a/user/edge/configurations.md b/user/edge/configurations.md
new file mode 100644
index 0000000..685eb34
--- /dev/null
+++ b/user/edge/configurations.md
@@ -0,0 +1,75 @@
+# Edge Configurations
+
+Edge Configurations are sets of files that can be pre-deployed to your Edge environments in order to provide dynamic configurability on each Edge environment as well as avoid storing large amounts of config files in deployment repositories.
+
+From the menu under **Edge compute** select **Edge Configurations**.
+
+
+
+Here you can see a list of your current configurations, the Edge groups they apply to, creation and update dates, as well as the progress in pushing the configuration to your Edge environments.
+
+
+
+## Add a new configuration
+
+To add a new configuration, click **Add configuration** and fill in the resulting form.
+
+| Field/Option | Overview |
+| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | Enter a name for your configuration. |
+| Edge Groups | Select the Edge groups this configuration will apply to. |
+| Directory | Enter the directory on the Edge device that will be used to store the configurations. This directory should be the same on all devices, and should be writable by the user the Edge Agent runs as. |
+
+
+
+### Type
+
+Next select the **Type** of configuration to deploy. When choosing the **General configuration** type, the contents of your configuration will be deployed to all devices in the selected groups in the directory specified, and the resulting configuration files will be available to all the devices in the same location.
+
+
+
+Alternatively you can choose **Device specific configuration**, which will let you deploy subsets of the configuration to the devices you specify based on the Portainer Edge ID of the device.
+
+{% hint style="info" %}
+You can find the Edge IDs for your Edge environments under **Environments**, select the environment, and note the **Edge identifier** value in the **Edge information** box. It will look like the following:
+
+`73149964-56f4-473b-81b3-5ecdc397e490`
+{% endhint %}
+
+You can specify the **Matching rule** to match either the file name or folder name within your configuration to the Portainer Edge ID.
+
+
+
+When using **file name** matching, any files in your configuration package with a filename (any extension) matching an Edge ID will be deployed to the matching remote Edge environment, in the location specified in the **Directory** field.
+
+When using **folder name** matching, any folders in your configuration package with a name matching an Edge ID will have their contents deployed to the matching remote Edge environment, in the location specified in the **Directory** field.
+
+### Configuration
+
+Finally, select a package to upload by clicking **Upload from package**. This package should be a ZIP file containing the configuration files you want to deploy on your Edge environments, with the contents structured based on the **Type** selected above.
+
+{% hint style="info" %}
+When using folder name matching, your Edge ID named folders should be in the base directory of the package file contents and not in any subdirectories.
+{% endhint %}
+
+
+
+When you're ready, click **Create configuration and push**. Your configuration will be uploaded to Portainer and deployed to the relevant Edge environments based on your selections.
+
+## Using your Edge Configurations in an Edge Stack
+
+When using Edge Configurations, your files will be available at the path you specified on the selected Edge devices. You can reference this path directly in your Edge Stack configuration to access the files within.
+
+When using a device specific configuration, your uploaded configuration will have a file name or folder name (depending on your **Matching rule** selection) based on the Portainer Edge ID of each device. You can reference this ID in your stack files with the `PORTAINER_EDGE_ID` environment variable. For example, to mount the device-specific folder in your container on each of the devices, you can use the following syntax:
+
+```
+version: '3'
+
+services:
+ myservice:
+ image: myimage:latest
+ volumes:
+ - /var/edge/configs/${PORTAINER_EDGE_ID}:/my-device-config
+```
+
+In this example, each Edge device the stack was deployed to would mount their specific device (based on the Portainer Edge ID) folder to the `/my-device-config` folder in the container.
diff --git a/user/edge/groups.md b/user/edge/groups.md
new file mode 100644
index 0000000..d2e63c0
--- /dev/null
+++ b/user/edge/groups.md
@@ -0,0 +1,36 @@
+# Edge Groups
+
+The Edge Groups feature lets you group together Edge environments either by manually selecting them or based on their [tags](../../admin/environments/tags.md). This is useful if you manage multiple Edge environments in multiple zones.
+
+{% hint style="info" %}
+This functionality requires you to [enable Edge Compute](../../admin/settings/edge.md) features.
+{% endhint %}
+
+From the menu select **Edge Groups** then click **Add Edge group**.
+
+
+
+Give the group a descriptive name then select either **Static** or **Dynamic**:
+
+
+
+### **Option 1: Static**
+
+This option lets you manually add environments to the group from a list. Select the required environments then click **Add edge group**.
+
+
+
+### Option 2: Dynamic
+
+This option lets you automatically associate environments via their tags. If you choose this option you will need to refine how Edge environments are dynamically associated.
+
+| Option | Overview |
+| ------------- | --------------------------------------------------------------------------------------------------------------------- |
+| Partial Match | Will associate any environments matching at least one of the selected tags (environments can have more than one tag). |
+| Full Match | Will associate any environments matching all of the selected tags. |
+
+When you select a tag from the dropdown, environments with that tag will appear in the results.
+
+
+
+Click **Add edge group** to associate the environments to the group.
diff --git a/user/edge/jobs.md b/user/edge/jobs.md
new file mode 100644
index 0000000..6400fee
--- /dev/null
+++ b/user/edge/jobs.md
@@ -0,0 +1,46 @@
+# Edge Jobs
+
+{% hint style="warning" %}
+This is a beta feature.
+{% endhint %}
+
+Adding an Edge job is a great way to schedule jobs in your Edge hosts. Jobs can be used to run any scripts you need, for example running a backup in a specified period of time.
+
+{% hint style="info" %}
+This functionality requires you to [enable Edge Compute](../../admin/settings/edge.md) features, and is currently only available for Docker Standalone environments that use `/etc/cron.d` for job scheduling.
+{% endhint %}
+
+{% hint style="danger" %}
+Edge jobs run by modifying the crontab on the underlying host, not in a container. This means that Edge jobs can make changes to the host directly, which is very powerful but also very dangerous, so use with caution.
+{% endhint %}
+
+From the menu select **Edge Jobs** then click **Add Edge job**.
+
+
+
+Give the job a descriptive name then select one of the following options:
+
+| Option | Overview |
+| ---------------------- | -------------------------------- |
+| Basic Configuration | Select a date from the calendar. |
+| Advanced Configuration | Write your own `cron` rule. |
+
+If you select **Recurring Edge job** also enter the **Edge job time**.
+
+{% hint style="info" %}
+The Edge job time is based on the time on the host, not the Portainer Server. Bear this in mind when scheduling jobs across time zones.
+{% endhint %}
+
+
+
+You can then use the web editor to write the script or paste a copy in.
+
+Once your script is ready, you can choose where to deploy it. You can select [Edge Groups](groups.md) to deploy to with the **Edge Groups** dropdown.
+
+
+
+You can also select environments individually in **Target environments**. Click on an environment in the **Available environments** list to move it to the **Associated environments** list as a deployment target.
+
+
+
+Once you have made your selections, click **Create edge job** to create and run the job.
diff --git a/user/edge/stacks/README.md b/user/edge/stacks/README.md
new file mode 100644
index 0000000..6eee0b0
--- /dev/null
+++ b/user/edge/stacks/README.md
@@ -0,0 +1,120 @@
+# Edge Stacks
+
+Edge Stacks is a feature that lets you deploy multiple applications to multiple environments from a single page and multiple sources, regardless of their current state.
+
+{% hint style="info" %}
+This functionality requires you to [enable Edge Compute](../../../admin/settings/edge.md) features.
+{% endhint %}
+
+The Edge Stacks page displays a list of Edge Stacks deployed across your environments and devices and includes their name, the status of the deployment across the relevant environments (acknowledged, images pre-pulled, deployments received and failed, as well as a generic status) and the creation date. You can hover over each of the bars for more detail.
+
+
+
+You can click on an individual stack's name to view the stack's details or edit the stack:
+
+
+
+You can also view details about the stack's deployment across environments on the **Environments** tab.
+
+
+
+## Add a new stack
+
+From the menu select **Edge Stacks** then click **Add stack**.
+
+
+
+Give the stack a descriptive name then select one or more [Edge Groups](../groups.md).
+
+
+
+In **Deployment type**, select the type of deployment you are performing.
+
+{% hint style="info" %}
+This may be auto-selected by your choice of [Edge Groups](../groups.md).
+{% endhint %}
+
+
+
+In the **Build Method**, define how to deploy your app from one of the following options:
+
+| Option | Overview |
+| ---------- | ------------------------------------------------------------------------------- |
+| Web editor | Use the Portainer web editor to write or paste in your build file. |
+| Upload | Upload a build file from your computer. |
+| Repository | Use a GitHub repo where the build file is stored. |
+| Template | Use an Edge stack template. Only available for the **Compose** deployment type. |
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+### Web editor
+
+
+
+### Upload
+
+
+
+### Repository
+
+
+
+### Template
+
+### Registry
+
+If your stack requires access to images in private registries, you can specify which registry to use as part of the deployment.
+
+
+
+### Pre-pull images
+
+By default, Docker will start containers within the stack that it already has images for, while at the same time pulling any other images it needs from the upstream registries. In some cases you may want to wait until all of the needed images are pulled to the device before starting the stack. To do this, enable the **Pre-pull images** toggle. This can also help to avoid issues when some images in a stack are unable to be pulled, leading to an incomplete or partial deployment.
+
+
+
+### Retry deployment
+
+If a deployment of an Edge Stack fails (for example if the remote Edge environment is unavailable), by default Portainer will not try and redeploy the stack. If you wish to enable retrying of failed deployments, you can toggle **Retry deployment** to on.
+
+
+
+When Retry deployment is enabled for an Edge Stack and the deployment of the Edge Stack fails, Portainer will:
+
+1. Retry the deployment every 10 seconds for the first hour.
+2. After the first hour, retry once an hour for 7 days.
+3. After 7 days, Portainer will stop retrying and the Edge Stack will be given a "failed" status.
+
+### Update configurations
+
+This section lets you define the method in which your stack updates are deployed across your Edge devices. You can choose to deploy to **All edge devices at once**, or select **Parallel edge device(s)** to specify how many devices to update concurrently.
+
+{% hint style="warning" %}
+These settings do **not** apply to the _initial_ provision of your Edge Stack. These only apply to the process that will occur when your stack is updated _after_ deployment.
+{% endhint %}
+
+
+
+If **Parallel edge device(s)** is selected, you can choose to either deploy in static group sizes or in an exponential rollout strategy. For static group sizes, choose the **Number of device(s)** option and specify your group size.
+
+
+
+For an exponential rollout, choose the **Exponential rollout** option and specify how many devices to start with, then select the multiplier to apply to the initial size. For example, selecting a start size of 5 and a multiplier of 2, stack updates would be rolled out to 5 devices, then 10 (5 x 2), then 20 (10 x 2), and so forth.
+
+
+
+When using parallel rollouts, you can also specify the **Timeout** (in minutes) before Portainer considers the update to have failed, as well as the **Update delay** (in minutes) between each group of updates are applied.
+
+In addition, you can define the **Update failure action** that will be taken if the update fails:
+
+* **Continue** will move on to the next group of devices to update.
+* **Pause** will halt the update process but will keep the update applied to any devices that have already been deployed to.
+* **Rollback** will halt the update process and roll back the update on devices already updated.
+
+
+
+Once the configuration is completed, click **Deploy the stack**.
diff --git a/user/edge/stacks/add.md b/user/edge/stacks/add.md
new file mode 100644
index 0000000..74ba8e7
--- /dev/null
+++ b/user/edge/stacks/add.md
@@ -0,0 +1,253 @@
+# Add a new Edge Stack
+
+From the menu select **Edge Stacks** then click **Add stack**.
+
+
+
+Give the stack a descriptive name then select one or more [Edge Groups](../groups.md).
+
+
+
+In **Deployment type**, select the type of deployment you are performing.
+
+{% hint style="info" %}
+This may be auto-selected by your choice of [Edge Groups](../groups.md).
+{% endhint %}
+
+
+
+In the **Build Method**, define how to deploy your app from one of the following options:
+
+| Option | Overview |
+| ---------- | ------------------------------------------------------------------------------- |
+| Web editor | Use the Portainer web editor to write or paste in your build file. |
+| Upload | Upload a build file from your computer. |
+| Repository | Use a GitHub repo where the build file is stored. |
+| Template | Use an Edge stack template. Only available for the **Compose** deployment type. |
+
+
+
+## Web editor
+
+Use the web editor to define the services for your deployment.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+## Upload
+
+Click **Select a file** to upload a file from your computer containing your stack definition.
+
+
+
+## Repository
+
+Enter the information about your Git repository to deploy your Edge Stack from Git.
+
+| Field/Option | Overview |
+| --------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
+| Authentication | Toggle this on if your Git repository requires authentication. |
+| Git Credentials | If the **Authentication** toggle is enabled and you have configured Git credentials, you can select them from this dropdown. |
+| Username | Enter your Git username. |
+| Personal Access Token | Enter your personal access token or password. |
+| Save credential | Check this option to save the credentials entered above for future use under the name provided in the **credential name** field. |
+
+{% hint style="info" %}
+If you have 2FA configured in GitHub, your passcode is your password.
+{% endhint %}
+
+
+
+| Field/Option | Overview |
+| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Repository URL | Enter the repository URL. If you have enabled Authentication above the credentials will be used to access the repository. The below options will be populated by what is found in the repository. |
+| Repository reference | Select the reference to use when deploying the stack (for example, the branch). |
+| Compose path / manifest path | Enter the path to the Compose or manifest file from the root of the repository. |
+| Additional paths | Click **Add file** to add additional files to be parsed by the build (for example, an environment-specific compose or manifest file). |
+| GitOps updates | Toggle this on to enable GitOps updates (see below). |
+| Skip TLS verification | Toggle this on to skip the verification of TLS certificates used by your repository. This is useful if your repo uses a self-signed certificate. |
+
+
+
+### GitOps updates
+
+Portainer supports automatically updating your Edge Stacks deployed from Git repositories. To enable this, toggle on **GitOps updates** and configure your settings.
+
+{% hint style="info" %}
+For more detail on how automatic updates function under the hood, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-do-automatic-updates-for-stacks-applications-work).
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Mechanism | Select the method to use when checking for updates: |
+| |
Polling: Periodically poll the Git repository from Portainer to check for updates to the repository.
Webhook: Generate a webhook URL to add to your Git repository to trigger the update on demand (for example via GitHub actions).
|
+| Fetch interval | If **Polling** is selected, how often Portainer will check the Git repository for updates. |
+| Webhook | When **Webhook** is selected, displays the webhook URL to use in your integration. Click **Copy link** to copy the webhook URL to the clipboard. |
+
+
GitOps updates when using polling
+
+
GitOps updates when using webhooks
+
+| | |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Re-pull image | When **Webhook** is selected, displays the webhook URL to use in your integration. Click **Copy link** to copy the webhook URL to the clipboard. |
+| Force redeployment |
Enable this setting to force the redeployment of your stack at the specified interval (or when the webhook is triggered), overwriting any changes that have been made in the local environment, even if there has been no update to the stack in Git. This is useful if you want to ensure that your Git repository is the source of truth for your stacks and are happy with the local stack being replaced.
If this option is left disabled, automatic updates will only trigger if Portainer detects a change in the remote Git repository.
|
+
+
+
+### Relative path volumes
+
+When you toggle **Enable relative path volumes** to on, you are able to specify relative path references in your compose files. Portainer will create the required directory structure and populate the directories with the relevant files from your Git repository.
+
+{% hint style="info" %}
+This feature is only available for Docker Standalone and Docker Swarm environments.
+{% endhint %}
+
+On Docker Standalone environments, specify the path at which you want your files to be created on your host filesystem in the **Local filesystem path** field.
+
+{% hint style="warning" %}
+Ensure this directory exists on your local filesystem and is writable.
+{% endhint %}
+
+
+
+On Docker Swarm environments, specify the path at which you want your files to be created in the **Network filesystem path** field.
+
+{% hint style="warning" %}
+Ensure that this path is available on all of your Docker Swarm nodes and is writable.
+{% endhint %}
+
+
+
+### GitOps Edge configurations
+
+When relative path volumes are enabled, you can also choose to deploy device-specific configurations from your Git repository to the devices your Edge stack will be deployed to. To use this, enable the **GitOps Edge configurations** toggle, enter the **Directory** (relative to the root of your Git repository) and select the **Matching rule** that corresponds to your configuration.
+
+
+
+Within your Git repository at the **Directory** you define, you should have file names or folder names (depending on your **Matching rule** selection) that correspond to the Portainer Edge IDs for the devices you will be deploying the stack to. You can reference this ID in your stack files with the `PORTAINER_EDGE_ID` environment variable.
+
+{% hint style="info" %}
+You can find the Edge IDs for your Edge environments under **Environments**, select the environment, and note the **Edge identifier** value in the **Edge information** box. It will look like the following:
+
+`73149964-56f4-473b-81b3-5ecdc397e490`
+{% endhint %}
+
+For example, when using folder name matching and a directory of `config` , you can use the following syntax:
+
+```
+version: '3'
+
+services:
+ myservice:
+ image: myimage:latest
+ volumes:
+ - ./config/${PORTAINER_EDGE_ID}:/my-device-config
+```
+
+In this example, each Edge device the stack was deployed to would mount their specific device (based on the Portainer Edge ID) folder from within the `config` directory of the Git repository to the `/my-device-config` folder in the container.
+
+If you deploy your stack to a device that does not have a file or folder with the corresponding Portainer Edge ID in the GitOps Edge configuration directory, the stack will deploy as normal but with no device specific configuration deployed.
+
+## Template
+
+Select an Edge Stack template to deploy from the Template dropdown, and make any configuration adjustments as required.
+
+
+
+## Additional settings
+
+### Webhooks
+
+For the Web editor, Upload and Template build methods you can choose to enable an Edge Stack webhook. This webhook will allow you to trigger updates to the stack by sending a POST request to a specific URL, instructing Portainer to pull the most up to date version of the associated image and re-deploy the stack.
+
+{% hint style="info" %}
+For Git deployed stacks, this functionality is available via [GitOps updates](add.md#gitops-updates).
+{% endhint %}
+
+
+
+### Environment variables
+
+As an optional step, you can also set environment variables. You can use these to define values in your compose file that would vary between deployments (for example, hostnames, database names, etc).
+
+{% hint style="info" %}
+This feature is only available on Docker Standalone and Docker Swarm environments.
+{% endhint %}
+
+Environment variables can be set individually within Portainer or you can use **Load variables from .env file** to upload a file containing your environment variables. Environment variables you define (either individually or via a .env file) will be available to use in your compose file using an `environment` definition:
+
+```
+environment:
+ MY_ENVIRONMENT_VARIABLE: ${MY_ENVIRONMENT_VARIABLE}
+```
+
+Alternatively, you can add `stack.env` as an `env_file` definition to add all the environment variables that you have defined individually as well as those included in an uploaded .env file:
+
+```
+env_file:
+ - stack.env
+```
+
+{% hint style="info" %}
+Note the compose file is not changed when environment variables are used - this allows variables to be updated within Portainer without editing the compose file itself which would take it out of sync with the Git repository. You will still see the `${MY_ENVIRONMENT_VARIABLE}` style entry in the compose file.
+{% endhint %}
+
+
+
+### Registry
+
+If your stack requires access to images in private registries, you can specify which registry to use as part of the deployment.
+
+
+
+### Pre-pull images
+
+By default, Docker will start containers within the stack that it already has images for, while at the same time pulling any other images it needs from the upstream registries. In some cases you may want to wait until all of the needed images are pulled to the device before starting the stack. To do this, enable the **Pre-pull images** toggle. This can also help to avoid issues when some images in a stack are unable to be pulled, leading to an incomplete or partial deployment.
+
+
+
+### Retry deployment
+
+If a deployment of an Edge Stack fails (for example if the remote Edge environment is unavailable), by default Portainer will not try and redeploy the stack. If you wish to enable retrying of failed deployments, you can toggle **Retry deployment** to on.
+
+
+
+When Retry deployment is enabled for an Edge Stack and the deployment of the Edge Stack fails, Portainer will:
+
+1. Retry the deployment every 10 seconds for the first hour.
+2. After the first hour, retry once an hour for 7 days.
+3. After 7 days, Portainer will stop retrying and the Edge Stack will be given a "failed" status.
+
+### Update configurations
+
+This section lets you define the method in which your stack updates are deployed across your Edge devices. You can choose to deploy to **All edge devices at once**, or select **Parallel edge device(s)** to specify how many devices to update concurrently.
+
+{% hint style="warning" %}
+These settings do **not** apply to the _initial_ provision of your Edge Stack. These only apply to the process that will occur when your stack is updated _after_ deployment.
+{% endhint %}
+
+
+
+If **Parallel edge device(s)** is selected, you can choose to either deploy in static group sizes or in an exponential rollout strategy. For static group sizes, choose the **Number of device(s)** option and specify your group size.
+
+
+
+For an exponential rollout, choose the **Exponential rollout** option and specify how many devices to start with, then select the multiplier to apply to the initial size. For example, selecting a start size of 5 and a multiplier of 2, stack updates would be rolled out to 5 devices, then 10 (5 x 2), then 20 (10 x 2), and so forth.
+
+
+
+When using parallel rollouts, you can also specify the **Timeout** (in minutes) before Portainer considers the update to have failed, as well as the **Update delay** (in minutes) between each group of updates are applied.
+
+In addition, you can define the **Update failure action** that will be taken if the update fails:
+
+* **Continue** will move on to the next group of devices to update.
+* **Pause** will halt the update process but will keep the update applied to any devices that have already been deployed to.
+* **Rollback** will halt the update process and roll back the update on devices already updated.
+
+
+
+Once the configuration is completed, click **Deploy the stack**.
diff --git a/user/edge/waiting-room.md b/user/edge/waiting-room.md
new file mode 100644
index 0000000..f52966e
--- /dev/null
+++ b/user/edge/waiting-room.md
@@ -0,0 +1,7 @@
+# Waiting Room
+
+The Edge Devices Waiting room lists any Edge Devices that have connected using the pre-deploy script and are pending association with the Portainer instance. The list can be filtered by Edge Group, group, and tag.
+
+
+
+To associate a device with your Portainer instance, tick the box next to the device and click **Associate Device**.
diff --git a/user/home/README.md b/user/home/README.md
new file mode 100644
index 0000000..9f973e1
--- /dev/null
+++ b/user/home/README.md
@@ -0,0 +1,23 @@
+# Home
+
+The **Home** page is the first page you will see after logging into Portainer. This page provides an overview of your environments along with vital statistics about each. You can search and filter your list of environments using the options at the top of the list.
+
+
+
+Your currently selected environment (if any) will be shown by the **Connected** status on the right. To choose an environment, either click on the tile for the environment or the **Live connect** or **Browse snapshot** button (for [Edge Devices in async mode](snapshot.md)). You can click the pencil icon to edit the environment's connection configuration, and the cog button to go to the environment's settings page (if the environment is directly accessible).
+
+
+
+## Build information
+
+You can view the build information for your Portainer installation by clicking on the Portainer version number in the bottom left of the UI. This may be helpful when troubleshooting issues with the Portainer support team.
+
+
+
+In the box that appears you can see the server version, database version, build number and image tag, as well as the versions of the compilation tools used to build Portainer.
+
+## Context-sensitive help
+
+From any page in the Portainer UI, you can click on the question mark icon in the top right next to your username to access the related section of this documentation.
+
+
diff --git a/user/home/openamt.md b/user/home/openamt.md
new file mode 100644
index 0000000..400a19c
--- /dev/null
+++ b/user/home/openamt.md
@@ -0,0 +1,30 @@
+# OpenAMT
+
+OpenAMT allows you to remotely manage your compatible Edge devices from Portainer, letting you start, stop, restart and access the device console directly from within the Portainer UI.
+
+## Preparation
+
+To associate an Edge device with OpenAMT you must first add a compatible device. To do this, first [deploy the Edge Agent](../../admin/environments/add/) to your device based on the appropriate method for your environment type.
+
+Once the Edge Agent has been set up and deployed on the remote device, the device is ready to be associated with OpenAMT.
+
+## Associate your device
+
+To associate an existing Edge Agent deployment with OpenAMT, from the Home page click the **Associate with OpenAMT** button.
+
+
+
+Check the box next to the device(s) you want to associate, then click the **Associate Devices** button. The activation process will now begin.
+
+
+
+Once activation completes you will be returned to the Home page.
+
+## Interact with your device
+
+Once an OpenAMT device has been associated with an Edge Device in Portainer, you are able to interact directly with that device. To do so, go to the Home page and use the options on the right hand side of the tile to interact as required.
+
+* **Power ON**: Will power on the device if it is currently switched off.
+* **Power OFF**: Will power off the device if it is currently switched on.
+* **Restart**: Will initiate a restart of the device.
+* **KVM**: Will open a remote KVM (keyboard, video, mouse) session with the device.
diff --git a/user/home/snapshot.md b/user/home/snapshot.md
new file mode 100644
index 0000000..8c38974
--- /dev/null
+++ b/user/home/snapshot.md
@@ -0,0 +1,21 @@
+# Snapshot browsing
+
+Snapshot browsing allows the ability to run remote commands on your Edge devices that are in Async mode. You can browse your device as well as run commands like start, stop, restart, and delete on your containers, stacks and volumes.
+
+To browse your Edge device, on the [home page](./) locate your Edge device and click the **Browse snapshot** button.
+
+
+
+You will be directed to the dashboard for the Edge device, with a **Browsing snapshot** drop down that details the last updated and next updated date, how often the snapshots are taken and the environment status. You can refer to the [deployment sync options ](../../admin/settings/edge.md#deployment-sync-options)for more details.
+
+{% hint style="warning" %}
+The information displayed in Portainer for your Edge device is up to date as of the time the latest snapshot (as indicated in the dropdown) was taken. Depending on the [age of the snapshot](../../admin/settings/edge.md#deployment-sync-options) and the environment, this may not be an up to date representation of the current state of the device, so bear this in mind when taking actions on the device.
+{% endhint %}
+
+
+
+From here, you can browse the device as you would a regular environment.
+
+
+
+a
diff --git a/user/kubernetes/README.md b/user/kubernetes/README.md
new file mode 100644
index 0000000..2537730
--- /dev/null
+++ b/user/kubernetes/README.md
@@ -0,0 +1,52 @@
+# Kubernetes
+
+The following sections describe how to manage a Kubernetes environment using menu options available in the Portainer Server.
+
+{% content-ref url="dashboard.md" %}
+[dashboard.md](dashboard.md)
+{% endcontent-ref %}
+
+{% content-ref url="kubectl.md" %}
+[kubectl.md](kubectl.md)
+{% endcontent-ref %}
+
+{% content-ref url="kubeconfig.md" %}
+[kubeconfig.md](kubeconfig.md)
+{% endcontent-ref %}
+
+{% content-ref url="templates/" %}
+[templates](templates/)
+{% endcontent-ref %}
+
+{% content-ref url="namespaces/" %}
+[namespaces](namespaces/)
+{% endcontent-ref %}
+
+{% content-ref url="helm/" %}
+[helm](helm/)
+{% endcontent-ref %}
+
+{% content-ref url="applications/" %}
+[applications](applications/)
+{% endcontent-ref %}
+
+{% content-ref url="services.md" %}
+[services.md](services.md)
+{% endcontent-ref %}
+
+{% content-ref url="ingresses/" %}
+[ingresses](ingresses/)
+{% endcontent-ref %}
+
+{% content-ref url="configurations/" %}
+[configurations](configurations/)
+{% endcontent-ref %}
+
+{% content-ref url="volumes/" %}
+[volumes](volumes/)
+{% endcontent-ref %}
+
+{% content-ref url="cluster/" %}
+[cluster](cluster/)
+{% endcontent-ref %}
+
diff --git a/user/kubernetes/applications/README.md b/user/kubernetes/applications/README.md
new file mode 100644
index 0000000..ca22086
--- /dev/null
+++ b/user/kubernetes/applications/README.md
@@ -0,0 +1,35 @@
+# Applications
+
+In Kubernetes, an application is a collection of configuration settings and variables required to run your app. This may consist of a single container or multiple containers with complex interoperability.
+
+
+
+You can filter the list of applications by namespace using the **Namespace** dropdown.
+
+Portainer lets you add applications either using a form or through a manifest:
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="manifest.md" %}
+[manifest.md](manifest.md)
+{% endcontent-ref %}
+
+You can also inspect a running application:
+
+{% content-ref url="inspect.md" %}
+[inspect.md](inspect.md)
+{% endcontent-ref %}
+
+Applications can also be deployed via [Helm](../helm/) charts:
+
+{% content-ref url="../helm/deploy.md" %}
+[deploy.md](../helm/deploy.md)
+{% endcontent-ref %}
+
+If you no longer require an application, it can be removed:
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
diff --git a/user/kubernetes/applications/add.md b/user/kubernetes/applications/add.md
new file mode 100644
index 0000000..baf19d0
--- /dev/null
+++ b/user/kubernetes/applications/add.md
@@ -0,0 +1,104 @@
+# Add a new application using a form
+
+There are two ways to add a new application: manually by using a form or automatically by [using a manifest](manifest.md). This article explains how to add an application manually.
+
+From the menu select **Applications** then click **Add with form**.
+
+
+
+Complete the required information, using the sections below as a guide.
+
+### Base configuration
+
+| Field/Option | Overview |
+| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Namespace | Select the namespace where the application will reside. |
+| Name | Give the application a descriptive name. |
+| Registry | Select the registry to pull the image from. If you want to pull from a registry that is not configured with Portainer, click **Advanced mode** then enter the URL and image manually. |
+| Image | Enter the name (and optionally the tag) of the image that will be used to deploy the application. |
+| Note | Enter a note to provide additional details about the application. This field is mandatory if the [Require a note on applications](../../../admin/settings/#deployment-options) toggle is enabled in Settings. |
+| Annotations | You can add annotations to your application as required by clicking **Add annotation** and filling in the **Key** and **Value** fields. |
+| Stack | Portainer can automatically bundle multiple applications inside a stack. You can either enter the name of a new stack, select an existing stack from the list, or leave empty to use the application name. |
+
+
+
+### Environment variables
+
+Here you can define any environment variables you wish to be available to your application.
+
+
+
+### ConfigMaps
+
+Select any ConfigMaps you have previously created to make them available to the application. Portainer will automatically expose all the keys of a ConfigMap as environment variables. This behavior can be overridden to filesystem mounts for each key via the **Override** button.
+
+
+
+### Secrets
+
+Select any secrets you have previously created to make them available to the application. Portainer will automatically expose all the keys of a secret as environment variables. This behavior can be overridden to filesystem mounts for each key via the **Override** button.
+
+
+
+### Persisted folders
+
+Define any persistent folders within the application and whether these are new or existing volumes, as well as the size of the volume and storage location.
+
+You can also define the **Data access policy** for your persisted folders:
+
+* **Isolated:** Each instance of the application will use its own data.
+* **Shared**: All application instances will use the same data.
+
+
+
+### Resource reservations
+
+In this section you can define the amount of **memory** and **CPU** available to the application. If the namespace you have selected has resource quotas set, you must define these values.
+
+
+
+### Deployment
+
+This section allows you to choose how you want to deploy the application inside the cluster. Options are:
+
+* **Replicated:** Run one or multiple instances of this container.
+* **Global:** Deploy an instance of this container on each cluster node.
+
+You can also define the number of instances of the application to run by setting the **Instance count**.
+
+
+
+### Auto-scaling
+
+Toggle **Enable auto scaling for this application** to enable auto-scaling for the application you are deploying. This requires that the Kubernetes metrics server is installed and [enabled in the cluster setup](../cluster/setup.md#resources-and-metrics).
+
+| Field/Option | Overview |
+| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Minimum instances | Enter the minimum number of instances that you want running for this application. |
+| Maximum instances | Enter the maximum number of instances that you want running for this application. |
+| Target CPU usage | Enter the target CPU percentage for your application. The autoscaler will ensure that enough instances are running to maintain an average CPU usage of this value across all instances. |
+
+
+
+### Placement preferences and constraints
+
+Here you can define which placement rules must be followed by the nodes where the application is deployed to. Placement rules are based on node labels. To create a new rule, click **add rule**.
+
+You can also define the placement policy for the rules you have set. Options are:
+
+* **Mandatory:** The application will only be scheduled on nodes that follow all rules.
+* **Preferred**: If possible, the application will be scheduled on nodes that follow all rules.
+
+
+
+### Publishing the application
+
+Here you can create the necessary services to expose your application. Select the type of service (ClusterIP, NodePort, or LoadBalancer) from the tabs and click **Create service**. You can then configure each service as required, including adding annotations to the services if required.
+
+{% hint style="info" %}
+You can expand the **Explanation** link for more detail on how each service type works.
+{% endhint %}
+
+
+
+When you have finished, click **Deploy application**.
diff --git a/user/kubernetes/applications/detach-volume.md b/user/kubernetes/applications/detach-volume.md
new file mode 100644
index 0000000..9ebd6be
--- /dev/null
+++ b/user/kubernetes/applications/detach-volume.md
@@ -0,0 +1,9 @@
+# Detach a volume from an application
+
+From the menu select **Applications**, select the application then click **Edit this application**.
+
+
+
+Scroll down to the **Persisting data** section and click the trash can icon to the right of the volume. Scroll down and click **Update application**. When the confirmation message appears, click **Update**.
+
+
diff --git a/user/kubernetes/applications/edit.md b/user/kubernetes/applications/edit.md
new file mode 100644
index 0000000..9b3d6da
--- /dev/null
+++ b/user/kubernetes/applications/edit.md
@@ -0,0 +1,40 @@
+# Edit an application
+
+From the menu select **Applications**, select the application you want to edit, then click **Edit this application**.
+
+
+
+Your editing options will depend on how the application was deployed initially.
+
+{% hint style="info" %}
+Regardless of the deployment method, you can [edit an application's YAML directly](inspect.md#yaml-section) through the YAML tab in Portainer Business Edition.
+{% endhint %}
+
+## Applications deployed from Git
+
+If the application was [deployed from a Git repository](manifest.md#option-1-git-repository) you can redeploy it from the repository if needed. You will see the repository URL that the application was deployed from, the current version deployed, and the file used for the deployment.
+
+
+
+You can reconfigure GitOps updates, the repository reference and authentication here if needed.
+
+
+
+If you want to redeploy, click **Pull and update application**. If you're simply updating the repository settings and don't need to redeploy, click **Save settings**.
+
+## Applications deployed from the Web Editor
+
+If the application was deployed from the Web Editor, you will be given the ability to edit the manifest manually.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+Make the required changes then click **Update the application**.
+
+## Applications deployed from a form
+
+When editing an application deployed from a form, you will be able to update the configuration using the same form. Refer to [adding a new application using a form](add.md) for details.
+
diff --git a/user/kubernetes/applications/inspect.md b/user/kubernetes/applications/inspect.md
new file mode 100644
index 0000000..301b32d
--- /dev/null
+++ b/user/kubernetes/applications/inspect.md
@@ -0,0 +1,84 @@
+# Inspect an application
+
+To view information about applications running in a cluster, from the menu select **Applications** then select the application you want to inspect.
+
+
+
+The **Application details** screen is organized into four sections. The following tables explain all of the information to be found in each.
+
+## Application information section
+
+### General information
+
+| Attribute | Overview |
+| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
+| Name | The name of the application. |
+| Stack | The stack that the application belongs to (if any). |
+| Namespace | The namespace that the application is running in. |
+| Application Type | The type of application (Pod, Deployment, StatefulSet, DaemonSet, etc). |
+| Status | Indicates whether or not the application is running. Where applicable, this also shows the replication state and number of replicas. |
+| Creation | Shows when the application was created and by whom, as well as how the application was deployed. |
+| Note | Add a note about the application or edit an existing note. |
+
+
+
+### Actions
+
+Depending on how the application was deployed, a number of actions can be performed, including:
+
+* [Editing the application](edit.md).
+* Perform a rolling restart of the application (Business Edition only).
+* Redeploying the application (terminating all the services and recreating them).
+* Rolling the application back to a previous configuration.
+* Creating a [template](../templates/) from the application.
+
+{% hint style="info" %}
+When using a Git repository, the rolling restart and redeploy options do not re-pull the manifest from the upstream repository. To do this, use the **Pull and update application** button when [editing an application](edit.md#method-1-redeploy-from-git).
+{% endhint %}
+
+
Some of the potential actions that may appear for your application
+
+### Configuration details
+
+| Configuration | Overview |
+| ------------------------- | -------------------------------------------------------------------------------------------------- |
+| Accessing the application | Shows which ports (if any) are published from the container. |
+| Auto-scaling | Indicates the application's auto-scaling policy. |
+| Configuration | A list of any environment variables and configurations that have been defined for the application. |
+| Data persistence | A list of the persistent folders and their details. |
+
+
+
+### Pod details
+
+See which pods run your application, which image is being used, the status, node, and IP address of the pod, and when each pod was created. You can also access the pod stats, console and logs from here.
+
+
+
+## Placement section
+
+Here you'll find information about any placement constraints or preferences that have been defined for the application and how they're being applied.
+
+
+
+## Events section
+
+Shows information about application-related events.
+
+
+
+## YAML section
+
+This displays the YAML generated from the application deployment, and lets you edit the YAML for an application directly. Updates to your manifest made here are applied using the Kubernetes `patch` mechanism.
+
+{% hint style="info" %}
+Editing your YAML through this section is only available in Portainer Business Edition.
+{% endhint %}
+
+
+
+Make your edits then click **Apply changes** to update the deployment.
+
+{% hint style="warning" %}
+Editing the YAML is not available for resources in namespaces marked as system.
+{% endhint %}
diff --git a/user/kubernetes/applications/manifest.md b/user/kubernetes/applications/manifest.md
new file mode 100644
index 0000000..7f10842
--- /dev/null
+++ b/user/kubernetes/applications/manifest.md
@@ -0,0 +1,102 @@
+# Add a new application using a manifest
+
+There are two ways to add a new application: [manually by using a form](add.md) or automatically by using a manifest. This article explains how to add an application using a manifest.
+
+{% hint style="info" %}
+Manifests aren't just for applications - you can also deploy namespaces, ingresses, ConfigMaps, secrets and volumes using a manifest.
+{% endhint %}
+
+From the menu select **Applications** then click **Create from manifest**.
+
+
+
+Select the namespace for your deployment, define a name for your application, and then choose the build method from the options provided.
+
+{% hint style="info" %}
+If you want to use namespaces defined in your manifest defines the namespace(s) you wish to deploy to, you can leave **Namespace** set to `default` and toggle on the **Use namespace(s) specified from manifest** option.
+{% endhint %}
+
+
+
+## Option 1: Git Repository
+
+Use the provided fields to enter the details of your Git repository containing your Kubernetes manifests.
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Authentication | Toggle this on if your repository requires authentication. |
+| Git Credentials | If the **Authentication** toggle is enabled and you have [configured Git credentials](../../account-settings.md#git-credentials), you can select them from this dropdown. |
+| Username | Enter your Git username. |
+| Personal Access Token | Enter your personal access token or password. |
+| Save credential | Check this option to save the credentials entered above for future use under the name provided in the **credential name** field. |
+
+
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Repository URL | Enter the repository URL. If you have enabled Authentication above the credentials will be used to access the repository. The below options will be populated by what is found in the repository. |
+| Repository reference | Select the reference to use when deploying the stack (for example, the branch). |
+| Manifest path | Enter the path to your manifest file relative to the root of your repository. |
+| Additional paths | Click **Add file** to define additional manifests or compose files to process as part of the deployment. |
+| GitOps updates | Toggle this on to enable GitOps updates (see below). |
+| Skip TLS Verification | Toggle this on to skip the verification of TLS certificates used by your repository. This is useful if your repo uses a self-signed certificate. |
+
+
+
+### GitOps updates
+
+Enabling GitOps updates gives Portainer the ability to update your application automatically, either by polling the repository at a defined interval for changes or by using a webhook to trigger an update.
+
+{% hint style="info" %}
+For more detail on how GitOps updates function under the hood, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-do-automatic-updates-for-stacks-applications-work).
+{% endhint %}
+
+{% hint style="warning" %}
+If your application is configured for GitOps updates and you make changes locally, these changes will be overridden by the application definition in the Git repository. Bear this in mind when making configuration changes.
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Mechanism | Choose from **Polling** or **Webhook**. |
+| Fetch interval | When using the **Polling** method, choose how often you wish to check the Git repository for updates to your application. |
+| Webhook |
When using the Webhook method, this displays the webhook URL to use. Click Copy link to copy the webhook to your clipboard. For more on webhooks, refer to the webhook documentation.
Enable this setting to force the redeployment of your application (kubectl apply) at the specified interval (or when the webhook is triggered), overwriting any changes that have been made in the local environment, even if there has been no update to the application in Git. This is useful if you want to ensure that your Git repository is the source of truth for your applications and are happy with the local application being replaced.
If this option is left disabled, automatic updates will only trigger if Portainer detects a change in the remote Git repository.
|
+
+
+
+When you're ready, click **Deploy**.
+
+## Option 2: Web editor
+
+Use the Web editor to write or paste in your Kubernetes manifest.
+
+
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+When you're ready, click **Deploy**.
+
+## Option 3: URL
+
+Enter the **URL** to your manifest file in the provided field.
+
+
+
+When you're ready, click **Deploy**.
+
+## Option 4: Custom template
+
+From the **Template** dropdown, select the custom template to use. As an optional step, you can edit the template before deploying the application. If you have no custom templates you will be given a link to the [Custom Templates](../templates/) section.
+
+
+
+When you're ready, click **Deploy**.
diff --git a/user/kubernetes/applications/remove.md b/user/kubernetes/applications/remove.md
new file mode 100644
index 0000000..40bab23
--- /dev/null
+++ b/user/kubernetes/applications/remove.md
@@ -0,0 +1,9 @@
+# Remove an application
+
+From the menu select **Applications**, tick the checkbox next to the application you want to remove then click **Remove**.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
diff --git a/user/kubernetes/applications/webhooks.md b/user/kubernetes/applications/webhooks.md
new file mode 100644
index 0000000..254ba5e
--- /dev/null
+++ b/user/kubernetes/applications/webhooks.md
@@ -0,0 +1,105 @@
+# Webhooks
+
+A webhook is a POST request sent to a URL. Use webhooks to trigger an action in response to an event such as a repository push.
+
+{% hint style="info" %}
+This functionality is only available in [Portainer Business Edition](https://www.portainer.io/business-upsell?from=stack-webhook).
+{% endhint %}
+
+{% hint style="info" %}
+Webhooks are only available on non-Edge environments (environments running Portainer Server or Portainer Agent, not the Portainer Edge Agent). This is because the tunnel to the Portainer Edge Agent is only opened on-demand, and therefore would mean there is no way to expose a webhook permanently.
+{% endhint %}
+
+## Enabling an application webhook
+
+From the menu select **Applications** then select the application that you want to configure the webhook for. Then select the **Edit this application** button.
+
+{% hint style="info" %}
+Webhooks are only available for applications deployed from a Git repository.
+{% endhint %}
+
+
+
+Enable **GitOps updates** if it is not already enabled and select `Webhook` as the **Mechanism**. When the URL appears, click **Copy link**. This is the URL used to trigger the webhook.
+
+
+
+This example shows how to trigger the webhook:
+
+```
+
+```
+
+## Using environment variables with webhooks
+
+When triggering a webhook, environment variables can be passed through the endpoint and referenced within the deployment.
+
+{% hint style="info" %}
+Environment variables can not be updated for Pods, only for Deployments.
+{% endhint %}
+
+To specify an environment variable on a webhook, add it as a variable to the URL. For example, to pass a `SERVICE_TAG` variable with the value `development`:
+
+```
+https://portainer:9443/api/stacks/webhooks/40ac1662-47c3-4a8e-b148-2a34eb52bb42?SERVICE_TAG=development
+```
+
+To reference the `SERVICE_TAG` variable in your manifest with a fallback to the value `stable`:
+
+```
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx-deployment
+spec:
+ selector:
+ matchLabels:
+ app: nginx
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx:1.14.2
+ ports:
+ - containerPort: 80
+ env:
+ - name: SERVICE_TAG
+ value: "stable"
+```
+
+{% hint style="warning" %}
+Environment variables must already be defined in the manifest - new environment variables cannot be added via the webhook.
+{% endhint %}
+
+## Rolling restarts
+
+When using an application's webhook to redeploy your application, you can tell Portainer to perform a rolling restart of the application rather than a "terminate and restart" redeploy.
+
+{% hint style="info" %}
+This functionality is only available in Portainer Business Edition.
+{% endhint %}
+
+To specify this, use the `rollout-restart` parameter in your webhook call:
+
+```
+https://portainer:9443/api/stacks/webhooks/40ac1662-47c3-4a8e-b148-2a34eb52bb42?rollout-restart=all
+```
+
+ Valid options are as below:
+
+| Option | Overview |
+| --------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `rollout-restart=all` | All of the application's deployments will be redeployed as a rolling restart. |
+| `rollout-restart=deployment/deployment1,deployment/deployment2` |
Only the specified deployment(s) will be redeployed as a rolling restart. All other deployments will not be redeployed or restarted. Separate multiple deployments with commas. This option supports Deployments (deployment/deployment1), DaemonSets (daemonset/daemonset1), and StatefulSets (statefulset/statefulset1).
|
+
+If the `rollout-restart` parameter is not defined, the webhook will redeploy the application in traditional "terminate and restart" behavior.
+
+{% hint style="warning" %}
+If your cluster has a [change window](../cluster/setup.md#change-window-settings) enabled, the rolling restart will only be performed within the change window.
+{% endhint %}
diff --git a/user/kubernetes/cluster/README.md b/user/kubernetes/cluster/README.md
new file mode 100644
index 0000000..6cdafec
--- /dev/null
+++ b/user/kubernetes/cluster/README.md
@@ -0,0 +1,74 @@
+# Cluster
+
+A cluster is a collection of nodes that runs containerized workloads. Portainer lets you keep track of your cluster and its individual nodes, including resource usage and configuration.
+
+From the menu select **Cluster**.
+
+
+
+The following information is provided:
+
+| Attribute | Overview |
+| ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Memory reservation | The amount of memory available to the cluster. |
+| Memory used | The amount of memory used by the cluster. This is only visible if you have [enabled using the metrics API](setup.md#enable-features-using-the-metrics-api). |
+| CPU reservation | The amount of CPU that has been reserved in the cluster. |
+| CPU used | The amount of CPU used by the cluster. This is only visible if you have [enabled using the metrics API](setup.md#enable-features-using-the-metrics-api). |
+| Leader status | This section lists components and their leader node in your cluster. |
+
+
+
+## MicroK8s cluster management
+
+{% hint style="info" %}
+This section only appears when the environment was provisioned via the [Create a Kubernetes cluster](../../../admin/environments/add/kube-create/microk8s.md) functionality.
+{% endhint %}
+
+In this section you can see and make changes to the configuration of your MicroK8s cluster provisioned by Portainer.
+
+{% hint style="warning" %}
+This functionality is in beta and only tested with some configurations. Refer to our known issues knowledge base article for caveats when using this feature.
+{% endhint %}
+
+| Field/Option | Overview |
+| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Kubernetes version |
Displays the version of Kubernetes that is running on your cluster. If a newer version of Kubernetes is available, you can click the Upgrade button to upgrade your cluster to the version specified. Note that upgrading may cause your cluster to be unavailable while the upgrade processes.
|
+| Required addons (already installed) | Displays a list of the already installed required addons for your cluster. |
+| Optional addons | Displays the optional addons (if any) that are installed on your cluster, as well as any arguments that were used in their configuration. You can adjust the arguments for the addons here, click the **Add addon** button to add additional addons, or click the trash can icon next to an addon to remove it. |
+
+
+
+Click the **Apply Changes** button to apply any adjustments you have made to addon configurations, or **Cancel** to revert your changes.
+
+## Nodes
+
+This section lists the nodes in your cluster with information about each node. To view [details of a specific node](node.md), click the name of the node in the list.
+
+
+
+To view usage stats for a node, click the stats icon to the right of the node.
+
+{% hint style="info" %}
+Node stats are only available when you have [enabled using the metrics API](setup.md#enable-features-using-the-metrics-api).
+{% endhint %}
+
+
+
+On MicroK8s environments provisioned with the [Create a Kubernetes cluster](../../../admin/environments/add/kube-create/microk8s.md) feature, you will also see buttons to add and remove nodes as well as additional action icons to view the MicroK8s status (for control plane nodes) and to connect to the environment via SSH console.
+
+
+
+If you need to adjust elements of your Kubernetes configuration you can do so by selecting **Setup** in the left menu.
+
+{% content-ref url="setup.md" %}
+[setup.md](setup.md)
+{% endcontent-ref %}
+
+If you would like to define security constraints on the pods in your environment, select **Security constraints**.
+
+{% content-ref url="security.md" %}
+[security.md](security.md)
+{% endcontent-ref %}
+
+
+
diff --git a/user/kubernetes/cluster/node.md b/user/kubernetes/cluster/node.md
new file mode 100644
index 0000000..d1b4bbd
--- /dev/null
+++ b/user/kubernetes/cluster/node.md
@@ -0,0 +1,57 @@
+# Inspect a node
+
+To view details of an individual node in your cluster, from the menu select **Cluster** then scroll down and click on the name of the node you want to inspect.
+
+
+
+Information about the cluster is separated into two screen tabs.
+
+## Node
+
+The **Node** tab summarizes the following information about the selected node:
+
+| Field/Option | Overview |
+| --------------- | -------------------------------------------------------------------------------------- |
+| Hostname | The hostname of the node. |
+| Kubernetes API | The address and port of the Kubernetes API for this node. |
+| Role | The role of the node. |
+| Kubelet version | The version of kubelet on the node. |
+| Creation date | The date when this node was created. |
+| Status | The status of the node. |
+| Availability | Defines the availability of the node. Options are **Active**, **Pause** and **Drain**. |
+
+
+
+### Resource reservation
+
+This section provides details about resource reservations assigned on the node as well as the node's resource usage.
+
+{% hint style="info" %}
+**Memory used** and **CPU used** are only displayed if you have [enabled using the metrics API](setup.md#enable-features-using-metrics-server).
+{% endhint %}
+
+
+
+### Labels
+
+This section lists the labels that apply to the node. You can add additional labels if required, as well as edit non-system labels.
+
+
+
+### Taints
+
+In this section you can add taints to prevent certain pods being deployed on the node.
+
+
+
+## Events
+
+Shows information about node-related events.
+
+
+
+## Applications running on this node
+
+This section provides information about the applications running on the selected node. Clicking the application name will take you to the application details page for that application.
+
+
diff --git a/user/kubernetes/cluster/registries.md b/user/kubernetes/cluster/registries.md
new file mode 100644
index 0000000..133d9db
--- /dev/null
+++ b/user/kubernetes/cluster/registries.md
@@ -0,0 +1,55 @@
+# Registries
+
+**Registries** lets you manage access to each of the registries that are currently available.
+
+{% hint style="warning" %}
+Registry access assigned here only applies to the selected environment. It is not global.
+{% endhint %}
+
+## Adding a new registry
+
+From the menu select **Cluster**, select **Registries** then click **Add registry**. When the global registries page appears, follow [these instructions](../../../admin/registries/add/).
+
+
+
+## Managing access
+
+To configure access to a registry, from the menu select **Cluster** then select **Registries**.
+
+
+
+Find the registry you want to manage then select **Manage access**.
+
+
+
+From the dropdown, select the namespaces that you would like to have access, then click **Create access**.
+
+
+
+You can see a list of the namespaces that have access to the registry or remove a namespace's access to the registry in the **Access** section.
+
+
+
+## Browsing a registry
+
+The registry manager extends your container management experience by giving you the ability to browse defined registries and manipulate their content. By using this feature, container users enjoy the benefit of having a single interface to manage any Docker registry deployment, providing a consistent look and feel across any provider.
+
+{% hint style="info" %}
+Your registry must support Docker Registry API v2 in order to integrate with Portainer.
+{% endhint %}
+
+Select **Browse** next to the registry that you want to browse.
+
+A list of the repositories within a registry, along with the number of tags for each repository appears. Select a repository to view its details.
+
+
+
+The **Repository information** page provides the repository name, tag and image count, as well as a list of all tags. You can retag an image in order to promote it through the deployment lifecycle, or simply add or remove tags to annotate changes or usage.
+
+This page also provides an option to clean up unused legacy images by safely deleting them. You can also remove the entire repository.
+
+{% hint style="info" %}
+The actions you can perform on a registry may be limited by the role of your user.
+{% endhint %}
+
+
diff --git a/user/kubernetes/cluster/security.md b/user/kubernetes/cluster/security.md
new file mode 100644
index 0000000..e9f5180
--- /dev/null
+++ b/user/kubernetes/cluster/security.md
@@ -0,0 +1,21 @@
+# Security constraints
+
+Pod security policies can be used to define under what conditions workloads can run. With Portainer we achieve this by leveraging [Open Policy Agent](https://www.openpolicyagent.org/) via [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper).
+
+Policies are configured on a per-environment basis. To enable and configure security policies, from the menu select a Kubernetes environment, then expand **Cluster** and click **Security constraints**.
+
+{% hint style="danger" %}
+This is advanced functionality and should be applied with caution. If a deployment attempts to create a pod that does not meet defined security constraints it may not be immediately obvious that the constraint is the reason for provision failure.
+{% endhint %}
+
+
+
+Toggle on **Enable pod security constraints** to enable the functionality, then toggle on the features you require and configure them as needed.
+
+{% hint style="info" %}
+Policies are based on the [Kubernetes security policy reference](https://v1-21.docs.kubernetes.io/docs/concepts/policy/pod-security-policy/#policy-reference) - for more detail on each option check the Kubernetes documentation.
+{% endhint %}
+
+
Field/Option
Overview
Restrict running privileged containers
Set whether any container in a pod can enable privileged mode.
Restrict host namespace
Controls whether the pod containers can share the process ID namespace and host IPC namespace.
Restrict host networking ports
Define a range of ports that can be used by pods, on a per-network basis.
Restrict volume types
Define the types of volumes that may be used. Examples of volume types are configMap, downwardAPI, emptyDir, persistentVolumeClaim, secret, projected, hostPath, flexVolume.
Restrict host filesystem paths
Define the host paths that are allowed when using hostPath volumes.
Restrict drivers
Define the FlexVolume drivers that can be used.
Require read-only root filesystem
Specify that containers must run with a read-only root filesystem.
Restrict User and group ids
Controls which user ID or group ID the containers are run with or which group IDs get added. For users, specify MustRunAs to define specific user ID ranges, MustRunAsNonRoot to require non-root users, or RunAsAny to permit running as any user. For groups, specify MustRunAs, MayRunAs or RunAsAny.
Restrict escalation to root privileges
Controls the user privileges and prevents files from enabling extra capabilities.
Restrict Linux capabilities
Define the capabilities available to the pod. Set allowed capabilities to specify those capabilities that a container can use, and set Required drop capabilities to specify which privileges must be dropped from containers.
Restrict SELinux security context
Controls the SELinux context of the container. You can specify the level, role, type and user.
Restrict Proc Mount types
Defines the type of /proc mount to use for containers. Select either Default or Unmasked.
Restrict AppArmor profiles
Controls the AppArmor profile used by containers. Refer to the AppArmor documentation for more details.
Restrict seccomp profiles
Controls the seccomp profile used by containers or pods.
Restrict sysctl profiles
Controls the sysctl profile used by containers. Specify the sysctls to forbid from use by pods.
+
+ Once you have completed your configuration, click **Save settings** to apply your changes.
diff --git a/user/kubernetes/cluster/setup.md b/user/kubernetes/cluster/setup.md
new file mode 100644
index 0000000..5b3e82c
--- /dev/null
+++ b/user/kubernetes/cluster/setup.md
@@ -0,0 +1,94 @@
+# Setup
+
+You can make changes to your environment's Kubernetes configuration by selecting **Cluster** from the menu then selecting **Setup**.
+
+
+
+## Networking
+
+### Allow users to use external load balancer
+
+{% hint style="info" %}
+To use this feature, you need to ensure that your cloud provider allows you to create load balancers. Using this feature may incur costs from your cloud provider.
+{% endhint %}
+
+Enabling the load balancer feature will allow users to expose applications they deploy over an external IP address assigned by their cloud provider.
+
+
+
+### Ingress controllers
+
+Configuring ingress controllers will allow users to expose applications they deploy over a HTTP route.
+
+Portainer auto detects and lists any ingress controllers defined in the cluster and sets them to allowed by default. As an admin you may choose to disable ingress controllers as needed.
+
+
+
+Enabling **Allow Ingress class to be set to "none"** will let users create ingress objects without specifying any Ingress Class. This is useful for Kubernetes implementations where there is no `IngressClass` defined in the cluster.
+
+Enable the **Configure ingress controller availability per namespace** toggle to be able to control Ingress Class availability further at the namespace level.
+
+Enabling **Only allow admins to deploy ingresses** restricts the deployment of ingresses to cluster administrators only, preventing standard users from creating new ingresses.
+
+## Change Window Settings
+
+This setting allows you to specify a window within which [GitOps updates](../applications/manifest.md#gitops-updates) to your applications can be applied.
+
+{% hint style="warning" %}
+If this setting is enabled and an update is made to an application outside of this window, it will not be applied.
+{% endhint %}
+
+
+
+## Deployment Options
+
+This section allows you to override any global deployment options set for Kubernetes environments.
+
+{% hint style="info" %}
+This section only appears if the **Allow per environment override** option is enabled in [Settings](../../../admin/settings/#deployment-options).
+{% endhint %}
+
+| Field/Option | Overview |
+| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Override global deployment options | Enable this option to override the global deployment options for this environment. |
+| Enforce code-based deployment | When override is enabled, enable this option to hide the Add with form button when deploying applications and prevent the adding or editing of Kubernetes resources via forms. |
+| Allow web editor and custom template use | When code-based deployment is enforced, enable this to allow the use of the web editor and custom templates when deploying an application. |
+| Allow specifying of a manifest via a URL | When code-based deployment is enforced, enable this allow the use of the URL option when deploying an application. |
+
+
+
+## Security
+
+### Restrict access to the default namespace
+
+By default, a Kubernetes cluster will instantiate a default namespace when provisioning the cluster to hold the default set of pods, services, and deployments used by the cluster. If this option is enabled, the only users with the power to run applications in the default namespace are Portainer administrators.
+
+
+
+## Resources and Metrics
+
+### Allow resource over-commit
+
+Enabling this feature lets you allocate more resources to namespaces than are physically available in the cluster.
+
+{% hint style="warning" %}
+**Enable** resource over-commit if you need to assign more resources to namespaces than are physically available in the cluster. This may lead to unexpected deployment failures if there are insufficient resources to meet the demand.
+
+**Disable** resource over-commit (highly recommended) if you are only able to assign resources to namespaces that are less (in aggregate) than the cluster total, minus any system-resource reservation.
+{% endhint %}
+
+### Enable features using the metrics API
+
+{% hint style="info" %}
+ Ensure that the Kubernetes [metrics server](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/#metrics-server) or [Prometheus](https://github.com/kubernetes-sigs/prometheus-adapter) is running inside your cluster.
+{% endhint %}
+
+Enabling this feature will allow users to use specific features that leverage the metrics API component, such as the memory and CPU usage graphs at the cluster and node level. If Portainer detects you are using a metrics server and is able to connect, this will default to on.
+
+
+
+## Available storage options
+
+Select which storage options will be available for use when deploying applications. Take a look at your storage driver documentation to figure out which access policy to configure, and whether or not the volume-expansion capability is supported. Any storage classes marked as default will be automatically set to on.
+
+
diff --git a/user/kubernetes/configurations/README.md b/user/kubernetes/configurations/README.md
new file mode 100644
index 0000000..c33c548
--- /dev/null
+++ b/user/kubernetes/configurations/README.md
@@ -0,0 +1,45 @@
+# ConfigMaps & Secrets
+
+In Portainer you can create configurations outside of a service's image or running containers. This allows you to keep your images as generic as possible, without the need to bind-mount configuration files into the containers, or to use environment variables.
+
+{% hint style="info" %}
+This section was previously known as **Configurations**.
+{% endhint %}
+
+This page is split into two tabs - [ConfigMaps](./#configmaps) and [Secrets](./#secrets).
+
+## ConfigMaps
+
+This tab displays the ConfigMaps that exist within your Kubernetes cluster. By default, system resources are hidden. To view them, click the three dot menu on the right hand side and check **Show system resources**.
+
+
+
+You can filter the display of ConfigMaps by namespace by clicking **Filter** and checking the namespaces you want to see.
+
+A ConfigMap with the **external** flag was created outside of Portainer, which means Portainer has limited knowledge on it compared to one created within Portainer. A label of **unused** means that Portainer cannot see any applications that are using this ConfigMap. This label may also appear on **external** resources because of the limited information available.
+
+To add a new ConfigMap via a form, click the **Add with form** button. To add via a manifest, click **Create from manifest**.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+To remove a ConfigMap, check the box next to the ConfigMap you want to remove and click the **Remove** button.
+
+## Secrets
+
+This tab displays the secrets that exist within your Kubernetes cluster. By default, system resources are hidden. To view them, click the three dot menu on the right hand side and check **Show system resources**.
+
+
+
+You can filter the display of secrets by namespace by clicking **Filter** and checking the namespaces you want to see.
+
+A secret with the **external** flag was created outside of Portainer, which means Portainer has limited knowledge on it compared to one created within Portainer. A label of **unused** means that Portainer cannot see any applications that are using this secret. This label may also appear on **external** resources because of the limited information available.
+
+To add a new secret via a form, click the **Add with form** button. To add via a manifest, click **Create from manifest**.
+
+{% content-ref url="add-1.md" %}
+[add-1.md](add-1.md)
+{% endcontent-ref %}
+
+To remove a secret, check the box next to the secret you want to remove and click the **Remove** button.
diff --git a/user/kubernetes/configurations/add-1.md b/user/kubernetes/configurations/add-1.md
new file mode 100644
index 0000000..bbd5a19
--- /dev/null
+++ b/user/kubernetes/configurations/add-1.md
@@ -0,0 +1,28 @@
+# Add a Secret
+
+From the menu select **ConfigMaps & Secrets**, ensure the **Secrets** tab is selected, then click **Add with form**.
+
+{% hint style="info" %}
+Secrets can also be added [using a manifest](../applications/manifest.md) by clicking **Create from manifest**.
+{% endhint %}
+
+
+
+Define the secret, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Namespace | Select the namespace where the secret will be saved. |
+| Name | Give the secret a descriptive name. |
+| Annotations | You can add annotations to your secret as required by clicking **Add annotation** and filling in the **Key** and **Value** fields. |
+| Secret Type | Select from the list of available secret types or select **Custom** to define your own type. |
+
+
+
+Data fields change to reflect the type of Data to be entered based on the secret type selection above. In the **Data** section you can enter the details of your secret, in either **Simple mode** or **Advanced mode**. Under simple mode you can add entries in a key and value format, and in advanced mode you can paste in multiple values in YAML format.
+
+
Adding data in Simple mode
+
+
Adding data in Advanced mode
+
+When you have finished defining the secret, click **Create Secret.**
diff --git a/user/kubernetes/configurations/add.md b/user/kubernetes/configurations/add.md
new file mode 100644
index 0000000..15ba073
--- /dev/null
+++ b/user/kubernetes/configurations/add.md
@@ -0,0 +1,27 @@
+# Add a ConfigMap
+
+From the menu select **ConfigMaps & Secrets**, ensure the **ConfigMaps** tab is selected, then click **Add with form**.
+
+{% hint style="info" %}
+ConfigMaps can also be added [using a manifest](../applications/manifest.md) by clicking **Create from manifest**.
+{% endhint %}
+
+
+
+Define the ConfigMap, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | -------------------------------------------------------------------------------------------------------------------------------------- |
+| Namespace | Select the namespace where the ConfigMap will be saved. |
+| Name | Give the ConfigMap a descriptive name. |
+| Annotations | You can add annotations to your ConfigMap as required by clicking **Add annotation** and filling in the **Key** and **Value** fields. |
+
+
+
+In the **Data** section you can enter the details of your ConfgMap, in either **Simple mode** or **Advanced mode**. Under Simple mode you can add entries in a key and value format, and in Advanced mode you can paste in multiple values in YAML format.
+
+
Adding data in Simple mode
+
+
Adding data in Advanced mode
+
+When you have finished defining the ConfigMap, click **Create ConfigMap.**
diff --git a/user/kubernetes/dashboard.md b/user/kubernetes/dashboard.md
new file mode 100644
index 0000000..65a9e42
--- /dev/null
+++ b/user/kubernetes/dashboard.md
@@ -0,0 +1,15 @@
+# Dashboard
+
+The Kubernetes dashboard summarizes your Kubernetes environment and shows the components that make up the environment.
+
+## Environment info
+
+This section shows the environment name, its URL and port, along with any [tags](../../admin/environments/tags.md#tagging-an-environment).
+
+
+
+## Summary tiles
+
+The remaining dashboard is made up of tiles showing the number of [namespaces](namespaces/), [applications](applications/), [services](services.md), [ingresses](ingresses/), ConfigMaps, secrets, and [volumes](volumes/) that make up the environment.
+
+
diff --git a/user/kubernetes/helm/README.md b/user/kubernetes/helm/README.md
new file mode 100644
index 0000000..1743d4a
--- /dev/null
+++ b/user/kubernetes/helm/README.md
@@ -0,0 +1,33 @@
+# Helm
+
+Portainer BE 2.10 introduced support for [Helm](https://helm.sh/), the most popular packaging system for Kubernetes applications. With Helm you can deploy applications based on pre-prepared charts, either self-made or supplied by third-party repositories.
+
+{% hint style="info" %}
+Helm support in Portainer is still in its early stages, and more functionality will be added soon. If there is specific functionality you'd like to see in a future release, [let us know](../../../contribute/contribute.md).
+{% endhint %}
+
+## Adding additional repositories
+
+By default, Portainer ships with the [Bitnami Helm chart repository](https://bitnami.com/stacks/helm) already pre-configured. If you would like to add an additional third-party repo, enter the repository URL then click **Add repository**.
+
+{% hint style="info" %}
+The additional repository added here is only available to the user that added it. You can configure a Helm repository that will be available to all users in [Settings](../../../admin/settings/#helm-repository).
+{% endhint %}
+
+
+
+## Changing the pre-configured repository
+
+You can [change the pre-configured Helm repository](../../../admin/settings/#helm-repository) if required. If you do not have a global Helm repository configured, a warning will be displayed on this page.
+
+
+
+## Deploying applications from Helm charts
+
+From the **Charts** section you can deploy an application from the Helm charts provided by the repositories you have configured. The list of charts can be filtered by category and is searchable.
+
+
+
+{% content-ref url="deploy.md" %}
+[deploy.md](deploy.md)
+{% endcontent-ref %}
diff --git a/user/kubernetes/helm/deploy.md b/user/kubernetes/helm/deploy.md
new file mode 100644
index 0000000..03d5242
--- /dev/null
+++ b/user/kubernetes/helm/deploy.md
@@ -0,0 +1,21 @@
+# Deploy a new application from a Helm chart
+
+From the menu, select **Helm** then select the chart you want to deploy.
+
+
+
+Complete the required information, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Namespace | Select the namespace you want to deploy your application into. |
+| Name | Give your application a descriptive name. |
+| Show custom values | Click to expand the **Web editor** so you can configure any parameters required by your application. This is pulled from the `values.yaml` file provided by the chart and will differ from chart to chart. |
+
+
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+When you have finished, click **Install** to deploy the application.
diff --git a/user/kubernetes/ingresses/README.md b/user/kubernetes/ingresses/README.md
new file mode 100644
index 0000000..b023f02
--- /dev/null
+++ b/user/kubernetes/ingresses/README.md
@@ -0,0 +1,27 @@
+# Ingresses
+
+An **Ingress** in Kubernetes is an API object that provides routing rules to manage external users' access to the services in a Kubernetes cluster, typically via HTTPS/HTTP. With Ingress, you can easily set up rules for routing traffic without creating a bunch of Load Balancers or exposing each service on the node.
+
+To view, edit or create ingresses in your environment, select **Ingresses** from the left hand menu.
+
+
+
+All the Ingresses that a user has access to are listed on this page.
+
+
+
+New Ingress objects can be created either manually or through a manifest:
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="manifest.md" %}
+[manifest.md](manifest.md)
+{% endcontent-ref %}
+
+If you no longer require an Ingress, it can be removed:
+
+{% content-ref url="remove-an-ingress.md" %}
+[remove-an-ingress.md](remove-an-ingress.md)
+{% endcontent-ref %}
diff --git a/user/kubernetes/ingresses/add.md b/user/kubernetes/ingresses/add.md
new file mode 100644
index 0000000..bf2e800
--- /dev/null
+++ b/user/kubernetes/ingresses/add.md
@@ -0,0 +1,41 @@
+# Add an Ingress manually
+
+From the menu select **Ingresses** then click **Add with form**.
+
+
+
+Select the **namespace** that the Ingress needs to be created in from the list.
+
+Complete the required information, using the sections below as a guide.
+
+### Base Configuration
+
+
Field/Option
Overview
Name
Enter a descriptive name for the ingress.
Ingress class
Select an Ingress Class object from the list, or select none when no IngressClass info is needed in the Ingress specification.
Annotations
You can add annotations to your ingress as required by clicking Add annotation and filling in the Key and Value fields. Depending on your selected ingress class you may also be able to add rewrite annotations and/or regular expression annotations.
+
+
+
+{% hint style="info" %}
+**Note for Google Cloud users**
+
+Google Cloud ingress controller (gce or GKE Ingress) continues to use the deprecated `kubernetes.io/ingress.class` annotation on ingresses, whereas most other ingress controllers use the `IngressClass` resource that was introduced in Kubernetes 1.18.
+
+Portainer targets the `IngressClass` resource means of specifying ingress classes, but you can still use the Google Cloud ingress controllers by turning on the **Allow ingress class to be set to "none"** toggle in [Cluster setup](../cluster/setup.md#ingress-controllers) and setting them up as custom with `none` selected as their **Ingress class**. Then when adding an ingress based on this, set an annotation with the **key** `kubernetes.io/ingress.class` and **value** `gce.`
+{% endhint %}
+
+### Ingress Rule
+
+Here you can define the specifics for the Ingress rule:
+
+
Field/Option
Overview
Hostname
Enter the FQDN that the application should be accessed with eg: myapp.mydomain.com.
TLS Secret
Select the TLS secret that holds the SSL certificate information for the hostname entered above. Optionally, create a new TLS Secret by clicking on the Create secret link (opens in a new tab). Once secret is created click on the reload button next to the TLS secret dropdown and select the new secret.
Service
Select a service that you want to expose from the list.
Service port
Select the port that needs to be exposed from the list.
Path type
Select the relevant path type. The default is Prefix.
Path
Enter the path to expose the application on. To expose on the root of the domain use /.
+
+You can expose other services using a different path by clicking on **Add path**.
+
+
+
+Add more rules by clicking on **Add new host** or a fallback rule by **Add fallback rule**.
+
+{% hint style="info" %}
+A fallback rule has no host specified. This rule only applies when an inbound request has a hostname that does not match with any of your other rules.
+{% endhint %}
+
+When you're ready, click **Create**.
diff --git a/user/kubernetes/ingresses/manifest.md b/user/kubernetes/ingresses/manifest.md
new file mode 100644
index 0000000..75ad148
--- /dev/null
+++ b/user/kubernetes/ingresses/manifest.md
@@ -0,0 +1,115 @@
+# Add an Ingress using a manifest
+
+There are two ways to add a new ingress: [manually by using a form](add.md) or automatically by using a manifest. This article explains how to add an ingress using a manifest.
+
+{% hint style="info" %}
+Manifests aren't just for Ingresses - you can also deploy namespaces, ConfigMaps, secrets and volumes using a manifest.
+{% endhint %}
+
+From the menu select **Ingresses** then click **Create from manifest**.
+
+
+
+Select the namespace for your deployment, define a name for your Ingress, and then choose the build method from the options provided.
+
+{% hint style="info" %}
+If you want to use namespaces specified in your manifest to define the namespace(s) you wish to deploy to, you can leave **Namespace** set to `default` and toggle on the **Use namespace(s) specified from manifest** option.
+{% endhint %}
+
+
+
+## Option 1: Git Repository
+
+Use the provided fields to enter the details of your Git repository containing your Kubernetes manifests.
+
+| Field/Option | Overview |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Authentication | Toggle this on if your repository requires authentication. |
+| Git Credentials | If the **Authentication** toggle is enabled and you have [configured Git credentials](../../account-settings.md#git-credentials), you can select them from this dropdown. |
+| Username | Enter your Git username. |
+| Personal Access Token | Enter your personal access token or password. |
+| Save credential | Check this option to save the credentials entered above for future use under the name provided in the **credential name** field. |
+
+
+
+| Field/Option | Overview |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Repository URL | Enter the repository URL. If you have enabled Authentication above the credentials will be used to access the repository. The below options will be populated by what is found in the repository. |
+| Repository reference | Select the reference to use when deploying the stack (for example, the branch). |
+| Manifest path | When using the Kubernetes deployment type, enter the path to your manifest file relative to the root of your repository. |
+| Compose path | When using the Compose deployment type, enter the path to your compose file relative to the root of your repository. |
+| Additional paths | Click **Add file** to define additional manifests or compose files to process as part of the deployment. |
+
+
+
+### GitOps updates
+
+Enabling GitOps updates gives Portainer the ability to update your application automatically, either by polling the repository at a defined interval for changes or by using a webhook to trigger an update.
+
+{% hint style="info" %}
+For more detail on how GitOps updates function under the hood, have a look at [this knowledge base article](https://portal.portainer.io/knowledge/how-do-automatic-updates-for-stacks-applications-work).
+{% endhint %}
+
+{% hint style="warning" %}
+If your application is configured for GitOps updates and you make changes locally, these changes will be overridden by the application definition in the Git repository. Bear this in mind when making configuration changes.
+{% endhint %}
+
+| Field/Option | Overview |
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| Mechanism | Choose from **Polling** or **Webhook**. |
+| Fetch interval | When using the **Polling** method, choose how often you wish to check the Git repository for updates to your application. |
+| Webhook | When using the **Webhook** method, this displays the webhook URL to use. Click **Copy link** to copy the webhook to your clipboard. |
+
+
Enable this setting to force the redeployment (a kubectl apply) of your application at the specified interval (or when the webhook is triggered), overwriting any changes that have been made in the local environment, even if there has been no update to the application in Git. This is useful if you want to ensure that your Git repository is the source of truth for your applications and are happy with the local application being replaced.
If this option is left disabled, GitOps updates will only trigger if Portainer detects a change in the remote Git repository.
|
+
+
+
+### Skip TLS Verification
+
+Enable the **Skip TLS Verification** toggle to skip checking the validity of the TLS certificate used by your remote repository. This is useful if your repo uses a self-signed certificate.
+
+
+
+When you're ready, click **Deploy**.
+
+## Option 2: Web editor
+
+From **Deployment type** select either **Kubernetes** or **Compose** (depending on the format of the manifest) then write or paste in your Kubernetes manifest.
+
+{% hint style="warning" %}
+Portainer uses Kompose to convert a Compose manifest to a Kubernetes-compliant manifest. This functionality is planned for deprecation in an upcoming release.
+{% endhint %}
+
+
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+When you're ready, click **Deploy**.
+
+## Option 3: URL
+
+From **Deployment type** select either **Kubernetes** or **Compose** (depending on the format of the manifest) then enter the **URL** to your manifest file.
+
+{% hint style="warning" %}
+Portainer uses Kompose to convert a Compose manifest to a Kubernetes-compliant manifest. This functionality is planned for deprecation in an upcoming release.
+{% endhint %}
+
+
+
+When you're ready, click **Deploy**.
+
+## Option 4: Custom template
+
+From the **Template** dropdown, select the custom template to use. As an optional step, you can edit the template before deploying the application. If you have no custom templates you will be given a link to the [Custom Templates](../templates/) section.
+
+
+
+When you're ready, click **Deploy**.
diff --git a/user/kubernetes/ingresses/remove-an-ingress.md b/user/kubernetes/ingresses/remove-an-ingress.md
new file mode 100644
index 0000000..9e2569c
--- /dev/null
+++ b/user/kubernetes/ingresses/remove-an-ingress.md
@@ -0,0 +1,5 @@
+# Remove an Ingress
+
+From the menu select **Ingress**, tick the checkbox next to the Ingress you want to remove then click **Remove**. Click **Remove** again to confirm.
+
+
diff --git a/user/kubernetes/kubeconfig.md b/user/kubernetes/kubeconfig.md
new file mode 100644
index 0000000..77d3cc9
--- /dev/null
+++ b/user/kubernetes/kubeconfig.md
@@ -0,0 +1,53 @@
+# Kubeconfig
+
+Portainer can act as a proxy for other Kubernetes management tools, providing access to the Kubernetes cluster while still retaining the security and governance that Portainer provides. A user can download their own `kubeconfig` file and use it with their favorite tool to access the Kubernetes cluster with only the permissions afforded to that user.\
+\
+To generate and download your `kubeconfig` file, from the Home page click the **kubeconfig** button.
+
+{% hint style="info" %}
+You must be accessing Portainer via HTTPS for the kubeconfig button to appear. If you are logged in with HTTP, you will not see the option.
+{% endhint %}
+
+
+
+You will be asked to select the Kubernetes environments that you would like in your `kubeconfig` file. If you have configured a [kubeconfig expiry](../../admin/settings/#kubeconfig-expiry) value, this will also be shown.
+
+
+
+Tick the boxes for the environments you need and click **Download File**.
+
+A downloaded `kubeconfig` file will look something like the example below.
+
+{% hint style="info" %}
+Note that the server URL is set to the Portainer Server instance, not the Kubernetes cluster.
+{% endhint %}
+
+```yaml
+apiVersion: v1
+clusters:
+- cluster:
+ insecure-skip-tls-verify: true
+ server: https://my-portainer-server:9443/api/endpoints/1/kubernetes
+ name: portainer-cluster-kubernetes
+contexts:
+- context:
+ cluster: portainer-cluster-kubernetes
+ user: portainer-sa-clusteradmin
+ name: portainer-ctx-kubernetes
+current-context: portainer-ctx-kubernetes
+kind: Config
+preferences: {}
+users:
+- name: portainer-sa-clusteradmin
+ user:
+ token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+```
+
+Each environment in the `kubeconfig` will be accessible via contexts. Access is set based on the specific user that created the `kubeconfig` file.
+
+Unless set to never expire, tokens will expire after the defined period, at which point a new `kubeconfig` file will need to be generated. An administrator can [adjust the token expiry behavior](../../admin/settings/#kubeconfig-expiry) on the **Settings** page.
+
+{% hint style="info" %}
+Adjusting the token expiry will not affect previously generated `kubeconfig` files.
+{% endhint %}
+
diff --git a/user/kubernetes/kubectl.md b/user/kubernetes/kubectl.md
new file mode 100644
index 0000000..d45f0c0
--- /dev/null
+++ b/user/kubernetes/kubectl.md
@@ -0,0 +1,7 @@
+# kubectl shell
+
+Although the Portainer UI provides access to a lot of Kubernetes functionality, sometimes you need to drop into the console. We have provided a shell within the UI that includes `kubectl` and `helm` binaries. The shell is preloaded with a `kubeconfig` for the user's context, restricting access to the permissions defined in Portainer for that user.
+
+To access the shell, select **kubectl shell** from the menu. Once the shell loads, you can run `kubectl` and `helm` commands as needed.
+
+
diff --git a/user/kubernetes/namespaces/README.md b/user/kubernetes/namespaces/README.md
new file mode 100644
index 0000000..a42cc30
--- /dev/null
+++ b/user/kubernetes/namespaces/README.md
@@ -0,0 +1,27 @@
+# Namespaces
+
+{% hint style="info" %}
+Namespaces used to be called 'resource pools' prior to Portainer CE 2.6.0.
+{% endhint %}
+
+In Kubernetes, a single physical cluster can support multiple virtual clusters. These are known as namespaces.
+
+
+
+You can add, remove or manage namespaces in Portainer.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+{% content-ref url="manage.md" %}
+[manage.md](manage.md)
+{% endcontent-ref %}
+
+{% content-ref url="access.md" %}
+[access.md](access.md)
+{% endcontent-ref %}
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
diff --git a/user/kubernetes/namespaces/access.md b/user/kubernetes/namespaces/access.md
new file mode 100644
index 0000000..3325c25
--- /dev/null
+++ b/user/kubernetes/namespaces/access.md
@@ -0,0 +1,17 @@
+# Manage access to a namespace
+
+{% hint style="info" %}
+Kubernetes role-based access control (RBAC) must be enabled and working before access control will work in Portainer.
+{% endhint %}
+
+From the menu select **Namespaces** then select **Manage access** on the same row as the namespace you want to manage.
+
+
+
+Select the users/teams who will have access then click **Create access**.
+
+{% hint style="info" %}
+Users or groups with cluster-wide roles (such as the Operator role) cannot be assigned to individual namespaces, as their cluster-wide nature applies to all namespaces in the environment.
+{% endhint %}
+
+
diff --git a/user/kubernetes/namespaces/add.md b/user/kubernetes/namespaces/add.md
new file mode 100644
index 0000000..0b30247
--- /dev/null
+++ b/user/kubernetes/namespaces/add.md
@@ -0,0 +1,51 @@
+# Add a new namespace
+
+From the menu select **Namespaces** then click **Add with form**.
+
+{% hint style="info" %}
+Namespaces can also be added [using a manifest](../applications/manifest.md) by clicking **Create from manifest**.
+{% endhint %}
+
+
+
+Give the namespace a descriptive **name**. As an optional step you can add annotations to your namespace as required by clicking **Add annotation** and filling in the **Key** and **Value** fields.
+
+
+
+### Resource quota
+
+You can assign a quota by toggling **Resource assignment** on, then setting resource limits like how much memory and CPU will be assigned.
+
+
+
+### Load balancers
+
+To set a maximum number of external load balancers that can be created inside the namespace, toggle on **Load Balancer quota** and set the **Max Load Balancers** number. If Load Balancer quota is enabled and the Max Load Balancers value is set to `0`, the use of external load balancers is effectively disabled in the namespace.
+
+
+
+### Networking
+
+This section lets you define which ingress controllers are allowed to be used to publish applications within this namespace. Check the boxes next to the ingresses you want to allow and click **Allow selected**, or click **Disallow selected** to disallow their use in this namespace.
+
+
+
+### Registries
+
+You can define the registries that are available within this namespace in this section. Select the registries from the **Select registries** dropdown to allow access.
+
+
+
+### Storage
+
+Use this section to enable quotas on your storage options for this namespace. To enable the use of quotas on a storage option, toggle **Enable quota** to on and set the **Maximum usage**. A Maximum usage value of `0` effectively prevents the usage of that storage option within the namespace.
+
+
+
+### Summary
+
+This section displays a summary of the actions that will be taken when clicking the Add namespace button.
+
+
+
+When you're finished, click **Create namespace**.
diff --git a/user/kubernetes/namespaces/manage.md b/user/kubernetes/namespaces/manage.md
new file mode 100644
index 0000000..e91fec9
--- /dev/null
+++ b/user/kubernetes/namespaces/manage.md
@@ -0,0 +1,47 @@
+# Manage a namespace
+
+From the menu select Namespaces then select the namespace you want to manage.
+
+
+
+Here you can view details about the namespace and configure options specific to the namespace.
+
+## Quota
+
+Toggle on **Resource assignment** to enable quotas for this namespace, then define the memory and CPU limits.
+
+
+
+## Load balancers
+
+With this setting you can configure the amount of external load balancers that can be created in this namespace.
+
+{% hint style="info" %}
+This option only appears when **Allow users to use external load balancer** is enabled in the [cluster setup](../cluster/setup.md#allow-users-to-use-external-load-balancer).
+{% endhint %}
+
+
+
+## Storage
+
+For each storage option available in the cluster, you can configure quotas for this namespace to limit usage.
+
+
+
+## Ingresses
+
+This section lists the available ingresses and whether they can be used by this namespace. For each namespace you can toggle on **Allow users to use this ingress**, then configure the ingress hostname, route redirection and advanced settings as needed.
+
+
+
+## Summary
+
+If you have made changes to the configuration, this section will list those changes.
+
+
+
+## Actions
+
+Once you have made the necessary changes, click **Update namespace**. Here you can also flag the namespace as a system namespace by clicking **Mark as system**.
+
+
diff --git a/user/kubernetes/namespaces/remove.md b/user/kubernetes/namespaces/remove.md
new file mode 100644
index 0000000..33d656f
--- /dev/null
+++ b/user/kubernetes/namespaces/remove.md
@@ -0,0 +1,11 @@
+# Remove a namespace
+
+From the menu select **Namespaces**, tick the checkbox next to the namespace then click **Remove**.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
+
+If a namespace is stuck in a terminating state, Portainer will ask if you want to force deletion of that namespace.
diff --git a/user/kubernetes/services.md b/user/kubernetes/services.md
new file mode 100644
index 0000000..60b9d11
--- /dev/null
+++ b/user/kubernetes/services.md
@@ -0,0 +1,17 @@
+# Services
+
+In Kubernetes, a **Service** is an object that is used to expose an application (running in pods) to a network.
+
+The Services page lists the services within your cluster, and provides detail on each service. To view the list of services, select **Services** from the left hand menu.
+
+
+
+All the services the user has access to are listed on this page.
+
+
+
+For each service, the list displays the **name** of the service, the **application** and **namespace** the service belongs to, the **type** of service, the exposed **ports** and **target ports**, the **cluster IP** and **external IP** (if any) and the **creation date** and **user** (if available). Services provisioned externally to Portainer are marked with the **external** label, and system services are marked with the **system** label.
+
+{% hint style="info" %}
+The display of system services can be toggled under the table settings (click the three dots at the top right of the table and tick **Show system resources**.
+{% endhint %}
diff --git a/user/kubernetes/templates/README.md b/user/kubernetes/templates/README.md
new file mode 100644
index 0000000..5b23776
--- /dev/null
+++ b/user/kubernetes/templates/README.md
@@ -0,0 +1,25 @@
+# Custom Templates
+
+Portainer BE 2.10 added custom template support for Kubernetes environments, allowing you to create templates based on Kubernetes manifests for future deployment.
+
+From the menu select **Custom Templates** to view a list of custom templates you've already created.
+
+
+
+You can create a new template.
+
+{% content-ref url="add.md" %}
+[add.md](add.md)
+{% endcontent-ref %}
+
+You can also edit an existing template.
+
+{% content-ref url="edit.md" %}
+[edit.md](edit.md)
+{% endcontent-ref %}
+
+And, if you no longer need a custom template, you can simply remove it.
+
+{% content-ref url="remove.md" %}
+[remove.md](remove.md)
+{% endcontent-ref %}
diff --git a/user/kubernetes/templates/add.md b/user/kubernetes/templates/add.md
new file mode 100644
index 0000000..c1f027e
--- /dev/null
+++ b/user/kubernetes/templates/add.md
@@ -0,0 +1,83 @@
+# Add a new custom template
+
+## Creating the template
+
+From the menu select **Custom Templates** then click **Add Custom Template**.
+
+
+
+Complete the form, using the table below as a guide.
+
+| Field/Option | Overview |
+| ------------ | ------------------------------------------------------------------------------------------------ |
+| Title | Enter a title for your custom template. This is how the template will appear when it's deployed. |
+| Description | Enter a description of the template. |
+| Note | As an optional step, record some extra information about the template. |
+| Icon URL | Optionally, enter the URL to an image to use as an icon for the template. |
+
+
+
+Next, select the **Build method**.
+
+## Selecting the build method
+
+### Method 1: Web editor
+
+Define or paste the contents of your manifest file into the web editor. When deploying an application using a custom template you will be given an opportunity to edit the manifest before deployment.
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+
+
+
+
+When you're ready, click **Create custom template**.
+
+### Method 2: Upload
+
+If you have a manifest file locally, you can upload it directly to Portainer. Click **Select file** to browse to the file.
+
+
+
+
+
+When you're ready, click **Create custom template**.
+
+### Method 3: Repository
+
+If you have a template in a Git repository, you can add it to your custom templates. Enter the required details for access to your Git repository.
+
+| Field/Option | Overview |
+| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
+| Authentication | Toggle this option on if your repository requires authentication. |
+| Git credentials | If you have credentials configured you can select the set to use from this dropdown. |
+| Username | Enter your Git username. |
+| Personal access token | Enter your personal access token or password. |
+| Repository URL | Enter the URL to your Git repository. |
+| Repository reference | Select the reference to use from your repository. This will be auto populated with available references from your repository. |
+| Manifest path | Enter the path and filename of the manifest within your repository. |
+| Skip TLS Verification | Toggle this option on to skip TLS verification for the repository. This is useful if you are using self-signed certificates on your repo. |
+
+
+
+When you're ready, click **Create custom template**.
+
+## Variables in templates
+
+Custom templates support the use of variables to provide further customization of the deployed stack. A stack can define a variable that can then be adjusted by the user at deployment.
+
+{% hint style="info" %}
+This feature is only available in Portainer Business Edition.
+{% endhint %}
+
+Variables are identified in stacks with `{{ }}`. For example, the following stack provides a `REPLICA_COUNT` variable:
+
+
+
+When a variable is defined, options appear to customize how the variable appears when deploying the stack. You can set the **label**, **description** and **default value**.
+
+When a template is deployed, any variables that have been configured are editable:
+
+
diff --git a/user/kubernetes/templates/edit.md b/user/kubernetes/templates/edit.md
new file mode 100644
index 0000000..a191462
--- /dev/null
+++ b/user/kubernetes/templates/edit.md
@@ -0,0 +1,15 @@
+# Edit a custom template
+
+From the menu select **Custom Templates** then click **Edit** next to the template you want to edit.
+
+
+
+{% hint style="info" %}
+You can search within the web editor at any time by pressing `Ctrl-F` (or `Cmd-F` on Mac).
+{% endhint %}
+
+If your template is deployed from a Git repository, you will have the option to edit the Git settings if required. You can also click **Reload custom template** to update the template from the remote repository.
+
+
+
+Make the required changes to the template then click **Update the template**.
diff --git a/user/kubernetes/templates/remove.md b/user/kubernetes/templates/remove.md
new file mode 100644
index 0000000..20b082c
--- /dev/null
+++ b/user/kubernetes/templates/remove.md
@@ -0,0 +1,14 @@
+# Remove a custom template
+
+{% hint style="info" %}
+Removing a custom template will not remove any deployments created using the template.
+{% endhint %}
+
+From the menu select **Custom Templates** then click **Delete** next to the template you want to remove.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
+
diff --git a/user/kubernetes/volumes/README.md b/user/kubernetes/volumes/README.md
new file mode 100644
index 0000000..4c1b5e0
--- /dev/null
+++ b/user/kubernetes/volumes/README.md
@@ -0,0 +1,34 @@
+# Volumes
+
+In Kubernetes, a volume is an abstraction of a file system that is available to applications. In Portainer you can manage the volumes that have been deployed by your applications within your cluster.
+
+{% hint style="info" %}
+Volumes can also be added [using a manifest](../applications/manifest.md) by clicking **Create from manifest**.
+{% endhint %}
+
+{% content-ref url="inspect.md" %}
+[inspect.md](inspect.md)
+{% endcontent-ref %}
+
+{% content-ref url="../../docker/volumes/remove.md" %}
+[remove.md](../../docker/volumes/remove.md)
+{% endcontent-ref %}
+
+## Volumes tab
+
+Lets you view information about the volumes that exist within the cluster, including:
+
+* The namespace that each volume is a part of.
+* Which applications use each volume.
+* The storage class each volume belongs to.
+* The size of each volume.
+* When the volumes were created and by whom.
+* A volume with the **external** flag was created outside of Portainer, which means Portainer has limited knowledge on it compared to one created within Portainer. A label of **unused** means that Portainer cannot see any applications that are using this volume. This label may also appear on **external** resources because of the limited information available.
+
+
+
+## Storage tab
+
+The storage tab lists the storage classes available within your infrastructure along with the disk space used by each volume. Each storage class can be expanded to list the volumes contained within.
+
+
diff --git a/user/kubernetes/volumes/inspect.md b/user/kubernetes/volumes/inspect.md
new file mode 100644
index 0000000..b7963a9
--- /dev/null
+++ b/user/kubernetes/volumes/inspect.md
@@ -0,0 +1,35 @@
+# Inspect a volume
+
+From the menu select **Volumes** then select the volume you want to inspect.
+
+
+
+When you select a volume, the screen will divide into three sections, each described below.
+
+## Volume section
+
+Summarizes key information about the volume.
+
+| Attribute | Overview |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Name | The name of the volume. |
+| Namespace | The namespace that the volume belongs to. |
+| Storage | The storage object that the volume uses. |
+| Shared Access Policy | The access policy configured for the volume. |
+| Provisioner | The storage provisioner that provisions the volume. |
+| Creation date | When the volume was created. |
+| Size | The size of the volume. You can grow a volume by clicking the **Increase size** button and adjusting the value. Shrinking a volume is not supported. |
+
+
+
+## Events section
+
+Shows information about volume-related events.
+
+
+
+## YAML section
+
+This displays the YAML generated from the volume deployment. Use it to create backups of the configuration.
+
+
diff --git a/user/kubernetes/volumes/remove.md b/user/kubernetes/volumes/remove.md
new file mode 100644
index 0000000..7ccdd97
--- /dev/null
+++ b/user/kubernetes/volumes/remove.md
@@ -0,0 +1,13 @@
+# Remove a volume
+
+{% hint style="warning" %}
+You can only remove a volume that is free and has been [detached from any applications that use it](../applications/detach-volume.md).
+{% endhint %}
+
+From the menu select **Volumes**, tick the checkbox next to the volume you want to remove then click **Remove**.
+
+
+
+When the confirmation message appears, click **Remove**.
+
+
diff --git a/user/nomad/README.md b/user/nomad/README.md
new file mode 100644
index 0000000..1fa2123
--- /dev/null
+++ b/user/nomad/README.md
@@ -0,0 +1,11 @@
+# Nomad
+
+The following sections describe how to manage a Nomad environment using menu options available in the Portainer Server.
+
+{% content-ref url="dashboard.md" %}
+[dashboard.md](dashboard.md)
+{% endcontent-ref %}
+
+{% content-ref url="jobs.md" %}
+[jobs.md](jobs.md)
+{% endcontent-ref %}
diff --git a/user/nomad/dashboard.md b/user/nomad/dashboard.md
new file mode 100644
index 0000000..552c1b4
--- /dev/null
+++ b/user/nomad/dashboard.md
@@ -0,0 +1,15 @@
+# Dashboard
+
+The Nomad dashboard summarizes your Nomad environment and shows the components that make up the environment.
+
+## Cluster information
+
+This section shows the number of nodes in the cluster.
+
+
+
+## Summary tiles
+
+The remaining dashboard is made up of tiles showing the number of [jobs](jobs.md), groups and tasks (including the number of running and stopped tasks) on the Nomad environment.
+
+
diff --git a/user/nomad/jobs.md b/user/nomad/jobs.md
new file mode 100644
index 0000000..aa77f59
--- /dev/null
+++ b/user/nomad/jobs.md
@@ -0,0 +1,20 @@
+# Nomad Jobs
+
+In Nomad, a Job is a specification that defines a workload for Nomad. Within a job you will find one or more task groups, which consist of one or more tasks. Portainer lets you view the jobs and subsequent tasks that are deployed to your Nomad environment.
+
+{% hint style="info" %}
+To deploy a new job to a Nomad environment, use the [Edge Stacks](../edge/stacks/) feature under [Edge Compute](../edge/). This requires you to [enable Edge Compute features](../../admin/settings/edge.md) and create an [Edge Group](../edge/groups.md) containing your Nomad environments.
+{% endhint %}
+
+From the left hand menu select **Nomad Jobs**.
+
+
+
+Here you will see a list of jobs on the environment along with their status, namespace, and creation date. You can expand individual jobs by clicking the arrow to the left of the name.
+
+
+
+In the expanded view, you can see a list of tasks that make up the job, with each task displaying the task status, name, group, allocation ID and start date. You can also view events and logs for each task under Task Actions.
+
+
+
diff --git a/whats-new.md b/whats-new.md
new file mode 100644
index 0000000..6ddd83c
--- /dev/null
+++ b/whats-new.md
@@ -0,0 +1,81 @@
+# What's new in version 2.19
+
+Portainer version 2.19 includes a number of new features, fixes and updates. For a full list of changes, please refer to our [release notes](release-notes.md).
+
+## New Features
+
+### Improved page load performance  
+
+We've made more improvements to page load performance in this release, in particular around the Kubernetes applications page. We've also split the [ConfigMaps & Secrets](user/kubernetes/configurations/) page into two tabs that load separately, which should reduce load time when you have a large amount of either. There's still more work to be done here, so you can expect more improvements in the future.
+
+### Update Portainer within Portainer 
+
+Having to drop out to the command line to update Portainer when a new version comes out has always been a bit of an annoyance, and in 2.19 we've got rid of that for BE users by letting you [update to the latest version](start/upgrade/#from-within-portainer) right from within the Portainer UI. Admin users will see a notice and a link they can click on to upgrade Portainer to the latest version, without needing to do it manually.
+
+
+
+### Stack versioning and rollback 
+
+When using stacks in Portainer, you may sometimes make a change that doesn't quite work as you expect. With 2.19, we've added stack versioning to Portainer, which lets you keep a record of your previous stack configuration when deploying an update.
+
+
+
+If you run into issues, you can roll back to the previous stack configuration that Portainer kept for you. This is available for both Docker Standalone and Docker Swarm stacks.
+
+### GitOps for Edge Stacks 
+
+Way back in version 2.10 of Portainer we added GitOps support for stacks, letting you deploy from a Git repo directly onto your environment. In 2.19, we've brought that support to Edge Stacks as well, meaning you can [use Git as the source of truth](user/edge/stacks/add.md#gitops-updates) for your Edge Stack deployments. This includes support for webhooks to trigger updates on your Edge Stacks, relative path support, and support for environment variables.
+
+
+
+As part of this we've also introduced an [Edge Configurations](user/edge/configurations.md) section. This feature lets you pre-deploy configuration files to your Edge devices, either by group or by specific device identifier, to a location that your stacks will be able to refer to. This means you can keep your Edge stack repos thin and performant, while still letting you provide the necessary config files to get your app up and running.
+
+
+
+### Staggered deployment for Edge Stacks 
+
+If you've got a large number of Edge Devices you're deploying to, you might not always want to push an update to every one of them at once, in case something goes wrong. With 2.19 you can now [stagger your Edge Stack deployments](user/edge/stacks/add.md#update-configurations) to suit your needs.
+
+
+
+You can either choose a static number of devices to update concurrently, or update your deployment exponentially in growing groups. You can set the timeout and delay for your deployments, and choose how to act if the update fails, including whether to roll back to the previous version.
+
+### Edge Stack status improvements 
+
+Alongside the staggered deployment functionality, we've also put some work into improving the way we display the [status of your Edge Stacks](user/edge/stacks/).
+
+
+
+We've moved to using progress bars to display the amount of deployments at each status, letting you clearly see the state of your Edge Stack across your devices. We've also added a record of when each device reached each status through the Environments tab on the Edge Stack's details page, as well as the target and deployed versions of the Edge Stack as part of the new stack versioning feature.
+
+### Improved MicroK8s cluster management 
+
+In version 2.18 we added provisioning of MicroK8s directly on to fresh machines from within Portainer. In 2.19 we've extended the functionality around [managing MicroK8s environments](user/kubernetes/cluster/#microk8s-cluster-management) deployed this way, adding support for upgrading, scaling and deleting nodes in the cluster, the enabling and disabling of addons after provisioning, as well as being able to customize arguments for your addons.
+
+
+
+You can also now specify which nodes should be control planes when provisioning, and we've refreshed the provisioning workflow to take advantage of the new functionality.
+
+### Annotation support for services
+
+Portainer now supports [configuring annotations for Kubernetes services](user/kubernetes/applications/add.md#publishing-the-application) from the UI, alongside the other areas that already supported annotations in previous versions.
+
+
+
+Annotations are particularly useful when configuring service meshes and other tools.
+
+### Auto deploy a manifest to new environments 
+
+When you're deploying a new Kubernetes environment, you may want to run an "initial setup" manifest on the environment to get it configured the way you want it. With 2.19 you can now specify a manifest to automatically deploy when you [provision](admin/environments/add/kaas/) or [create](admin/environments/add/kube-create/) a new Kubernetes environment or [add the Portainer Agent](admin/environments/add/kubernetes/agent.md) to an existing Kubernetes cluster.
+
+
+
+This lets you pre-configure things like namespaces, secrets and anything else you need automatically.
+
+### Support requiring notes on applications 
+
+In larger organizations (and even smaller ones), if you have a lot of deployments it might be hard to keep track of what each one is for. In 2.19 we've added a configuration option to [enforce the setting of notes](admin/settings/#deployment-options) on new deployments.
+
+
+
+Using this you can require that your team adds a description to every deployment they push out, making it easier to find detail on the deployment down the line.
.png)
+
+
.png)
.png)
.gif)
.gif)
.png)
.png)
.png)
