From db807ebe17f24664f2024ef6a8b87117f5e6348e Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Mon, 20 May 2024 23:24:33 +0000
Subject: [PATCH 01/33] KOTS upgrader

---
 cmd/kots/cli/admin-console-upgrader.go | 33 +++++++++
 cmd/kots/cli/admin-console.go          |  1 +
 cmd/kots/cli/version.go                | 41 ++++-------
 pkg/kotsutil/kots.go                   | 52 ++++++++++++++
 pkg/upgrader/server.go                 | 64 +++++++++++++++++
 pkg/upgrader/upgrader.go               | 98 ++++++++++++++++++++++++++
 6 files changed, 260 insertions(+), 29 deletions(-)
 create mode 100644 cmd/kots/cli/admin-console-upgrader.go
 create mode 100644 pkg/upgrader/server.go
 create mode 100644 pkg/upgrader/upgrader.go

diff --git a/cmd/kots/cli/admin-console-upgrader.go b/cmd/kots/cli/admin-console-upgrader.go
new file mode 100644
index 0000000000..d6ffaa1e79
--- /dev/null
+++ b/cmd/kots/cli/admin-console-upgrader.go
@@ -0,0 +1,33 @@
+package cli
+
+import (
+	"fmt"
+
+	"github.com/replicatedhq/kots/pkg/upgrader"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func AdminConsoleUpgraderCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "upgrader",
+		Short: "Starts the KOTS Admin Console upgrader service",
+		Long:  `Starts the KOTS Admin Console upgrader service`,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			params := upgrader.ServerParams{
+				Port: fmt.Sprintf("%d", viper.GetInt("port")),
+			}
+			if err := upgrader.Serve(params); err != nil {
+				return err
+			}
+			return nil
+		},
+	}
+
+	cmd.Flags().IntP("port", "p", 30001, "local port to listen on")
+
+	return cmd
+}
diff --git a/cmd/kots/cli/admin-console.go b/cmd/kots/cli/admin-console.go
index 386ea65ac3..53163c9fca 100644
--- a/cmd/kots/cli/admin-console.go
+++ b/cmd/kots/cli/admin-console.go
@@ -107,6 +107,7 @@ func AdminConsoleCmd() *cobra.Command {
 	cmd.AddCommand(AdminCopyPublicImagesCmd())
 	cmd.AddCommand(GarbageCollectImagesCmd())
 	cmd.AddCommand(AdminGenerateManifestsCmd())
+	cmd.AddCommand(AdminConsoleUpgraderCmd())
 
 	return cmd
 }
diff --git a/cmd/kots/cli/version.go b/cmd/kots/cli/version.go
index ff3d682063..dbc64305f4 100644
--- a/cmd/kots/cli/version.go
+++ b/cmd/kots/cli/version.go
@@ -1,11 +1,12 @@
 package cli
 
 import (
-	"encoding/json"
 	"fmt"
+	"log"
+	"net/http"
 
-	"github.com/pkg/errors"
-	"github.com/replicatedhq/kots/pkg/buildversion"
+	"github.com/gorilla/mux"
+	"github.com/replicatedhq/kots/pkg/handlers"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -25,37 +26,19 @@ func VersionCmd() *cobra.Command {
 			viper.BindPFlags(cmd.Flags())
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			v := viper.GetViper()
+			r := mux.NewRouter()
 
-			output := v.GetString("output")
+			spa := handlers.SPAHandler{}
+			r.PathPrefix("/").Handler(spa)
 
-			isLatest, latestVer, err := buildversion.IsLatestRelease()
-			versionOutput := VersionOutput{
-				Version: buildversion.Version(),
-			}
-			if err == nil && !isLatest {
-				versionOutput.LatestVersion = latestVer
-				versionOutput.InstallLatest = "curl https://kots.io/install | bash"
+			srv := &http.Server{
+				Handler: r,
+				Addr:    ":30888",
 			}
 
-			if output != "json" && output != "" {
-				return errors.Errorf("output format %s not supported (allowed formats are: json)", output)
-			} else if output == "json" {
-				// marshal JSON
-				outputJSON, err := json.Marshal(versionOutput)
-				if err != nil {
-					return errors.Wrap(err, "error marshaling JSON")
-				}
-				fmt.Println(string(outputJSON))
-			} else {
-				// print basic version info
-				fmt.Printf("Replicated KOTS %s\n", buildversion.Version())
+			fmt.Printf("Starting KOTS SPA handler on port %d...\n", 30888)
 
-				// check if this is the latest release, and display possible upgrade instructions
-				if versionOutput.LatestVersion != "" {
-					fmt.Printf("\nVersion %s is available for kots. To install updates, run\n  $ %s\n", versionOutput.LatestVersion, versionOutput.InstallLatest)
-				}
-			}
+			log.Fatal(srv.ListenAndServe())
 
 			return nil
 		},
diff --git a/pkg/kotsutil/kots.go b/pkg/kotsutil/kots.go
index c7413f60d1..49784c2c71 100644
--- a/pkg/kotsutil/kots.go
+++ b/pkg/kotsutil/kots.go
@@ -7,6 +7,8 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"io"
+	"net/http"
 	"os"
 	"path"
 	"path/filepath"
@@ -1517,3 +1519,53 @@ func SaveInstallation(installation *kotsv1beta1.Installation, upstreamDir string
 	}
 	return nil
 }
+
+// TODO NOW: download via replicated.app
+func DownloadKOTSBinary(version string) (string, error) {
+	url := fmt.Sprintf("https://github.com/replicatedhq/kots/releases/download/%s/kots_linux_amd64.tar.gz", version)
+	resp, err := http.Get(url)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to get")
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return "", errors.Errorf("unexpected status code %d", resp.StatusCode)
+	}
+
+	tmpFile, err := os.CreateTemp("", "kots")
+	if err != nil {
+		return "", errors.Wrap(err, "failed to create temp file")
+	}
+
+	gzipReader, err := gzip.NewReader(resp.Body)
+	if err != nil {
+		return "", errors.Wrap(err, "failed to get new gzip reader")
+	}
+	defer gzipReader.Close()
+
+	tarReader := tar.NewReader(gzipReader)
+	for {
+		header, err := tarReader.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return "", errors.Wrap(err, "failed to get read archive")
+		}
+
+		if header.Typeflag != tar.TypeReg {
+			continue
+		}
+		if header.Name != "kots" {
+			continue
+		}
+
+		if _, err := io.Copy(tmpFile, tarReader); err != nil {
+			return "", errors.Wrap(err, "failed to copy kots binary")
+		}
+		break
+	}
+
+	return "", errors.New("kots binary not found in archive")
+}
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
new file mode 100644
index 0000000000..11b3979c51
--- /dev/null
+++ b/pkg/upgrader/server.go
@@ -0,0 +1,64 @@
+package upgrader
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/buildversion"
+	"github.com/replicatedhq/kots/pkg/handlers"
+)
+
+type ServerParams struct {
+	Port string
+}
+
+func Serve(params ServerParams) error {
+	log.Printf("KOTS version %s\n", buildversion.Version())
+
+	r := mux.NewRouter()
+
+	r.Use(handlers.CorsMiddleware)
+	r.Methods("OPTIONS").HandlerFunc(handlers.CORS)
+
+	debugRouter := r.NewRoute().Subrouter()
+	debugRouter.Use(handlers.DebugLoggingMiddleware)
+
+	loggingRouter := r.NewRoute().Subrouter()
+	loggingRouter.Use(handlers.LoggingMiddleware)
+
+	handler := &handlers.Handler{}
+
+	// TODO NOW: auth by authSlug token the cli typically uses?
+
+	/**********************************************************************
+	* KOTS token auth routes
+	**********************************************************************/
+
+	handlers.RegisterTokenAuthRoutes(handler, debugRouter, loggingRouter)
+
+	// Prevent API requests that don't match anything in this router from returning UI content
+	r.PathPrefix("/api").Handler(handlers.StatusNotFoundHandler{})
+
+	/**********************************************************************
+	* Static routes
+	**********************************************************************/
+
+	spa := handlers.SPAHandler{}
+	r.PathPrefix("/").Handler(spa)
+
+	srv := &http.Server{
+		Handler: r,
+		Addr:    fmt.Sprintf(":%s", params.Port),
+	}
+
+	fmt.Printf("Starting upgrader on port %s...\n", params.Port)
+
+	if err := srv.ListenAndServe(); err != nil {
+		return errors.Wrap(err, "failed to listen and serve")
+	}
+
+	return nil
+}
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
new file mode 100644
index 0000000000..97fdb79dc5
--- /dev/null
+++ b/pkg/upgrader/upgrader.go
@@ -0,0 +1,98 @@
+package upgrader
+
+import (
+	_ "embed"
+	"fmt"
+	"net/http"
+	"os"
+	"os/exec"
+	"time"
+
+	"github.com/phayes/freeport"
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/logger"
+)
+
+type Upgrader struct {
+	process *os.Process
+	port    string
+}
+
+// Start will spin up an upgrader service in the background on a random port.
+// Caller is responsible for stopping the upgrader.
+// The KOTS binary of the specified version will be downloaded and used to start the upgrader.
+func (u *Upgrader) Start(kotsVersion string) (finalError error) {
+	if u.port != "" {
+		return errors.Errorf("upgrader is already running on port %s", u.port)
+	}
+
+	defer func() {
+		if finalError != nil {
+			u.Stop()
+		}
+	}()
+
+	fp, err := freeport.GetFreePort()
+	if err != nil {
+		return errors.Wrap(err, "failed to get free port")
+	}
+	freePort := fmt.Sprintf("%d", fp)
+
+	kotsBin, err := kotsutil.DownloadKOTSBinary(kotsVersion)
+	if err != nil {
+		return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
+	}
+
+	cmd := exec.Command(kotsBin, "upgrader", "--port", freePort)
+	if err := cmd.Start(); err != nil {
+		return errors.Wrap(err, "failed to start")
+	}
+
+	u.port = freePort
+	u.process = cmd.Process
+
+	if err := u.WaitForReady(time.Second * 30); err != nil {
+		return errors.Wrap(err, "failed to wait for upgrader to become ready")
+	}
+
+	return nil
+}
+
+func (r *Upgrader) Stop() {
+	if r.process != nil {
+		if err := r.process.Signal(os.Interrupt); err != nil {
+			logger.Debugf("Failed to stop upgrader process on port %s", r.port)
+		}
+	}
+	r.port = ""
+	r.process = nil
+}
+
+func (r *Upgrader) WaitForReady(timeout time.Duration) error {
+	start := time.Now()
+
+	for {
+		url := fmt.Sprintf("http://localhost:%s", r.port)
+		newRequest, err := http.NewRequest("GET", url, nil)
+		if err == nil {
+			resp, err := http.DefaultClient.Do(newRequest)
+			if err == nil {
+				if resp.StatusCode == http.StatusOK {
+					return nil
+				}
+			}
+		}
+
+		time.Sleep(time.Second)
+
+		if time.Since(start) > timeout {
+			return errors.Errorf("Timeout waiting for upgrader to become ready on port %s", r.port)
+		}
+	}
+}
+
+// This is only used for integration tests
+func (r *Upgrader) OverridePort(port string) {
+	r.port = port
+}

From d2614a68284c21ac165d7b8fa2b57f1191dd0143 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 21 May 2024 02:39:41 +0000
Subject: [PATCH 02/33] updates

---
 cmd/kots/cli/admin-console-upgrader.go |  2 +-
 pkg/apiserver/server.go                |  5 ++
 pkg/upgrader/server.go                 | 31 ++++++---
 pkg/upgrader/upgrader.go               | 94 ++++++++++++++++++--------
 4 files changed, 94 insertions(+), 38 deletions(-)

diff --git a/cmd/kots/cli/admin-console-upgrader.go b/cmd/kots/cli/admin-console-upgrader.go
index d6ffaa1e79..45e1baadb1 100644
--- a/cmd/kots/cli/admin-console-upgrader.go
+++ b/cmd/kots/cli/admin-console-upgrader.go
@@ -27,7 +27,7 @@ func AdminConsoleUpgraderCmd() *cobra.Command {
 		},
 	}
 
-	cmd.Flags().IntP("port", "p", 30001, "local port to listen on")
+	cmd.Flags().IntP("port", "p", 30000, "local port to listen on")
 
 	return cmd
 }
diff --git a/pkg/apiserver/server.go b/pkg/apiserver/server.go
index 9323aa32c2..cb2ced38e6 100644
--- a/pkg/apiserver/server.go
+++ b/pkg/apiserver/server.go
@@ -29,6 +29,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/supportbundle"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
+	"github.com/replicatedhq/kots/pkg/upgrader"
 	"github.com/replicatedhq/kots/pkg/util"
 	"golang.org/x/crypto/bcrypt"
 )
@@ -162,6 +163,10 @@ func Start(params *APIServerParams) {
 
 	handler := &handlers.Handler{}
 
+	// TODO NOW: auth
+	r.Path("/api/v1/init-upgrader").Methods("POST").HandlerFunc(upgrader.Init)
+	r.Path("/api/v1/upgrader").Methods("GET", "POST").HandlerFunc(upgrader.Proxy)
+
 	/**********************************************************************
 	* Unauthenticated routes
 	**********************************************************************/
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
index 11b3979c51..13f969509c 100644
--- a/pkg/upgrader/server.go
+++ b/pkg/upgrader/server.go
@@ -4,6 +4,9 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
@@ -29,16 +32,10 @@ func Serve(params ServerParams) error {
 	loggingRouter := r.NewRoute().Subrouter()
 	loggingRouter.Use(handlers.LoggingMiddleware)
 
-	handler := &handlers.Handler{}
+	// handler := &handlers.Handler{}
 
 	// TODO NOW: auth by authSlug token the cli typically uses?
 
-	/**********************************************************************
-	* KOTS token auth routes
-	**********************************************************************/
-
-	handlers.RegisterTokenAuthRoutes(handler, debugRouter, loggingRouter)
-
 	// Prevent API requests that don't match anything in this router from returning UI content
 	r.PathPrefix("/api").Handler(handlers.StatusNotFoundHandler{})
 
@@ -46,8 +43,24 @@ func Serve(params ServerParams) error {
 	* Static routes
 	**********************************************************************/
 
-	spa := handlers.SPAHandler{}
-	r.PathPrefix("/").Handler(spa)
+	// to avoid confusion, we don't serve this in the dev env...
+	if os.Getenv("DISABLE_SPA_SERVING") != "1" {
+		spa := handlers.SPAHandler{}
+		r.PathPrefix("/").Handler(spa)
+	} else if os.Getenv("ENABLE_WEB_PROXY") == "1" { // for dev env
+		u, err := url.Parse("http://kotsadm-web:8080")
+		if err != nil {
+			panic(err)
+		}
+		upstream := httputil.NewSingleHostReverseProxy(u)
+		webProxy := func(upstream *httputil.ReverseProxy) func(http.ResponseWriter, *http.Request) {
+			return func(w http.ResponseWriter, r *http.Request) {
+				r.Header.Set("X-Forwarded-Host", r.Header.Get("Host"))
+				upstream.ServeHTTP(w, r)
+			}
+		}(upstream)
+		r.PathPrefix("/").HandlerFunc(webProxy)
+	}
 
 	srv := &http.Server{
 		Handler: r,
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index 97fdb79dc5..7daa4ffc3f 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -4,6 +4,8 @@ import (
 	_ "embed"
 	"fmt"
 	"net/http"
+	"net/http/httputil"
+	"net/url"
 	"os"
 	"os/exec"
 	"time"
@@ -14,22 +16,56 @@ import (
 	"github.com/replicatedhq/kots/pkg/logger"
 )
 
-type Upgrader struct {
-	process *os.Process
-	port    string
+var upgraderProcess *os.Process
+var upgraderPort string
+
+// Init will spin up an upgrader service in the background on a random port.
+// If an upgrader is already running, it will be stopped and a new one will be started.
+// The KOTS binary of the specified version will be used to start the upgrader.
+func Init(w http.ResponseWriter, r *http.Request) {
+	// TODO NOW: get these from the request
+	kotsVersion := "v1.109.3"
+
+	// stop the upgrader if it's already running.
+	// don't bail if not able to stop, and start a new one
+	stop()
+
+	if err := start(kotsVersion); err != nil {
+		logger.Error(errors.Wrap(err, "failed to start upgrader"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
 }
 
-// Start will spin up an upgrader service in the background on a random port.
-// Caller is responsible for stopping the upgrader.
-// The KOTS binary of the specified version will be downloaded and used to start the upgrader.
-func (u *Upgrader) Start(kotsVersion string) (finalError error) {
-	if u.port != "" {
-		return errors.Errorf("upgrader is already running on port %s", u.port)
+// Proxy will proxy the request to the upgrader service.
+func Proxy(w http.ResponseWriter, r *http.Request) {
+	if upgraderPort == "" {
+		logger.Error(errors.New("upgrader port is not set"))
+		w.WriteHeader(http.StatusServiceUnavailable)
+		return
+	}
+
+	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgraderPort))
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to parse upgrader url"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	proxy := httputil.NewSingleHostReverseProxy(remote)
+	proxy.ServeHTTP(w, r)
+}
+
+func start(kotsVersion string) (finalError error) {
+	if upgraderPort != "" {
+		return errors.Errorf("upgrader is already running on port %s", upgraderPort)
 	}
 
 	defer func() {
 		if finalError != nil {
-			u.Stop()
+			stop()
 		}
 	}()
 
@@ -44,36 +80,43 @@ func (u *Upgrader) Start(kotsVersion string) (finalError error) {
 		return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
 	}
 
-	cmd := exec.Command(kotsBin, "upgrader", "--port", freePort)
+	cmd := exec.Command(
+		kotsBin,
+		"admin-console",
+		"upgrader",
+		"--port",
+		freePort,
+	)
+
 	if err := cmd.Start(); err != nil {
 		return errors.Wrap(err, "failed to start")
 	}
 
-	u.port = freePort
-	u.process = cmd.Process
+	upgraderPort = freePort
+	upgraderProcess = cmd.Process
 
-	if err := u.WaitForReady(time.Second * 30); err != nil {
+	if err := waitForReady(time.Second * 30); err != nil {
 		return errors.Wrap(err, "failed to wait for upgrader to become ready")
 	}
 
 	return nil
 }
 
-func (r *Upgrader) Stop() {
-	if r.process != nil {
-		if err := r.process.Signal(os.Interrupt); err != nil {
-			logger.Debugf("Failed to stop upgrader process on port %s", r.port)
+func stop() {
+	if upgraderProcess != nil {
+		if err := upgraderProcess.Signal(os.Interrupt); err != nil {
+			logger.Errorf("Failed to stop upgrader process on port %s", upgraderPort)
 		}
 	}
-	r.port = ""
-	r.process = nil
+	upgraderPort = ""
+	upgraderProcess = nil
 }
 
-func (r *Upgrader) WaitForReady(timeout time.Duration) error {
+func waitForReady(timeout time.Duration) error {
 	start := time.Now()
 
 	for {
-		url := fmt.Sprintf("http://localhost:%s", r.port)
+		url := fmt.Sprintf("http://localhost:%s", upgraderPort)
 		newRequest, err := http.NewRequest("GET", url, nil)
 		if err == nil {
 			resp, err := http.DefaultClient.Do(newRequest)
@@ -87,12 +130,7 @@ func (r *Upgrader) WaitForReady(timeout time.Duration) error {
 		time.Sleep(time.Second)
 
 		if time.Since(start) > timeout {
-			return errors.Errorf("Timeout waiting for upgrader to become ready on port %s", r.port)
+			return errors.Errorf("Timeout waiting for upgrader to become ready on port %s", upgraderPort)
 		}
 	}
 }
-
-// This is only used for integration tests
-func (r *Upgrader) OverridePort(port string) {
-	r.port = port
-}

From 60f11fda65c59ae8d2f7ce7d75d550a4fc2c6624 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 21 May 2024 21:57:34 +0000
Subject: [PATCH 03/33] save

---
 Makefile                               |   4 +-
 cmd/kots/cli/admin-console-upgrader.go |  33 ---
 cmd/kots/cli/admin-console.go          |   1 -
 cmd/kots/cli/root.go                   |   1 +
 cmd/kots/cli/upgrader.go               |  65 ++++++
 pkg/apiserver/server.go                |   9 +-
 pkg/handlers/handlers.go               |  10 +
 pkg/handlers/interface.go              |   3 +
 pkg/handlers/mock/mock.go              |  12 ++
 pkg/handlers/upgrader.go               |  75 +++++++
 pkg/kotsutil/kots.go                   |   7 +-
 pkg/store/store_interface.go           |   7 +
 pkg/upgrader/handlers/config.go        | 274 +++++++++++++++++++++++++
 pkg/upgrader/handlers/handlers.go      |  43 ++++
 pkg/upgrader/handlers/interface.go     |   9 +
 pkg/upgrader/handlers/middleware.go    |  68 ++++++
 pkg/upgrader/handlers/ping.go          |  15 ++
 pkg/upgrader/handlers/spa.go           |  59 ++++++
 pkg/upgrader/handlers/static.go        |  13 ++
 pkg/upgrader/server.go                 |  27 +--
 pkg/upgrader/types/types.go            |  30 +++
 pkg/upgrader/upgrader.go               | 105 +++++-----
 web/src/Root.tsx                       |  69 ++++++-
 23 files changed, 822 insertions(+), 117 deletions(-)
 delete mode 100644 cmd/kots/cli/admin-console-upgrader.go
 create mode 100644 cmd/kots/cli/upgrader.go
 create mode 100644 pkg/handlers/upgrader.go
 create mode 100644 pkg/upgrader/handlers/config.go
 create mode 100644 pkg/upgrader/handlers/handlers.go
 create mode 100644 pkg/upgrader/handlers/interface.go
 create mode 100644 pkg/upgrader/handlers/middleware.go
 create mode 100644 pkg/upgrader/handlers/ping.go
 create mode 100644 pkg/upgrader/handlers/spa.go
 create mode 100644 pkg/upgrader/handlers/static.go
 create mode 100644 pkg/upgrader/types/types.go

diff --git a/Makefile b/Makefile
index 3a88f5b0bf..e53f5bb5b6 100644
--- a/Makefile
+++ b/Makefile
@@ -112,8 +112,10 @@ debug-build:
 debug: debug-build
 	LOG_LEVEL=$(LOG_LEVEL) dlv --listen=:2345 --headless=true --api-version=2 exec ./bin/kotsadm-debug api
 
+# TODO NOW: make web part of kots cli
 .PHONY: build-ttl.sh
-build-ttl.sh: kots build
+# build-ttl.sh: kots build
+build-ttl.sh: build
 	source .image.env && ${MAKE} -C web build-kotsadm
 	docker build -f deploy/Dockerfile -t ttl.sh/${CURRENT_USER}/kotsadm:24h .
 	docker push ttl.sh/${CURRENT_USER}/kotsadm:24h
diff --git a/cmd/kots/cli/admin-console-upgrader.go b/cmd/kots/cli/admin-console-upgrader.go
deleted file mode 100644
index 45e1baadb1..0000000000
--- a/cmd/kots/cli/admin-console-upgrader.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package cli
-
-import (
-	"fmt"
-
-	"github.com/replicatedhq/kots/pkg/upgrader"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func AdminConsoleUpgraderCmd() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "upgrader",
-		Short: "Starts the KOTS Admin Console upgrader service",
-		Long:  `Starts the KOTS Admin Console upgrader service`,
-		PreRun: func(cmd *cobra.Command, args []string) {
-			viper.BindPFlags(cmd.Flags())
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			params := upgrader.ServerParams{
-				Port: fmt.Sprintf("%d", viper.GetInt("port")),
-			}
-			if err := upgrader.Serve(params); err != nil {
-				return err
-			}
-			return nil
-		},
-	}
-
-	cmd.Flags().IntP("port", "p", 30000, "local port to listen on")
-
-	return cmd
-}
diff --git a/cmd/kots/cli/admin-console.go b/cmd/kots/cli/admin-console.go
index 53163c9fca..386ea65ac3 100644
--- a/cmd/kots/cli/admin-console.go
+++ b/cmd/kots/cli/admin-console.go
@@ -107,7 +107,6 @@ func AdminConsoleCmd() *cobra.Command {
 	cmd.AddCommand(AdminCopyPublicImagesCmd())
 	cmd.AddCommand(GarbageCollectImagesCmd())
 	cmd.AddCommand(AdminGenerateManifestsCmd())
-	cmd.AddCommand(AdminConsoleUpgraderCmd())
 
 	return cmd
 }
diff --git a/cmd/kots/cli/root.go b/cmd/kots/cli/root.go
index a7b9c9941f..b0cedd76ac 100644
--- a/cmd/kots/cli/root.go
+++ b/cmd/kots/cli/root.go
@@ -55,6 +55,7 @@ func RootCmd() *cobra.Command {
 	cmd.AddCommand(CompletionCmd())
 	cmd.AddCommand(DockerRegistryCmd())
 	cmd.AddCommand(EnableHACmd())
+	cmd.AddCommand(StartUpgraderCmd())
 
 	viper.BindPFlags(cmd.Flags())
 
diff --git a/cmd/kots/cli/upgrader.go b/cmd/kots/cli/upgrader.go
new file mode 100644
index 0000000000..9b23501884
--- /dev/null
+++ b/cmd/kots/cli/upgrader.go
@@ -0,0 +1,65 @@
+package cli
+
+import (
+	"fmt"
+
+	"github.com/replicatedhq/kots/pkg/upgrader"
+	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func StartUpgraderCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "start-upgrader",
+		Short: "Starts the KOTS upgrader service",
+		Long:  `Starts the KOTS upgrader service`,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := viper.GetViper()
+
+			params := types.ServerParams{
+				Port: fmt.Sprintf("%d", viper.GetInt("port")),
+
+				AppID:       v.GetString("app-id"),
+				AppSlug:     v.GetString("app-slug"),
+				AppSequence: v.GetInt64("app-sequence"),
+				AppIsAirgap: v.GetBool("app-is-airgap"),
+				AppLicense:  v.GetString("app-license"),
+				AppArchive:  v.GetString("app-archive"),
+
+				RegistryEndpoint:   v.GetString("registry-endpoint"),
+				RegistryUsername:   v.GetString("registry-username"),
+				RegistryPassword:   v.GetString("registry-password"),
+				RegistryNamespace:  v.GetString("registry-namespace"),
+				RegistryIsReadOnly: v.GetBool("registry-is-readonly"),
+			}
+			if err := upgrader.Serve(params); err != nil {
+				return err
+			}
+
+			return nil
+		},
+	}
+
+	cmd.Flags().IntP("port", "p", 30000, "local port to listen on")
+
+	// app flags
+	cmd.Flags().String("app-id", "", "the app id")
+	cmd.Flags().String("app-slug", "", "the app slug")
+	cmd.Flags().Int64("app-sequence", -1, "the app sequence")
+	cmd.Flags().Bool("app-is-airgap", false, "whether the app is airgap")
+	cmd.Flags().String("app-license", "", "the app license")
+	cmd.Flags().String("app-archive", "", "path to the app archive")
+
+	// registry flags
+	cmd.Flags().String("registry-endpoint", "", "the registry endpoint")
+	cmd.Flags().String("registry-username", "", "the registry username")
+	cmd.Flags().String("registry-password", "", "the registry password")
+	cmd.Flags().String("registry-namespace", "", "the registry namespace")
+	cmd.Flags().Bool("registry-is-readonly", false, "whether the registry is read-only")
+
+	return cmd
+}
diff --git a/pkg/apiserver/server.go b/pkg/apiserver/server.go
index cb2ced38e6..c669118e19 100644
--- a/pkg/apiserver/server.go
+++ b/pkg/apiserver/server.go
@@ -163,10 +163,6 @@ func Start(params *APIServerParams) {
 
 	handler := &handlers.Handler{}
 
-	// TODO NOW: auth
-	r.Path("/api/v1/init-upgrader").Methods("POST").HandlerFunc(upgrader.Init)
-	r.Path("/api/v1/upgrader").Methods("GET", "POST").HandlerFunc(upgrader.Proxy)
-
 	/**********************************************************************
 	* Unauthenticated routes
 	**********************************************************************/
@@ -199,6 +195,11 @@ func Start(params *APIServerParams) {
 	* Static routes
 	**********************************************************************/
 
+	// serve the upgrader UI from the upgrader service
+	// CAUTION: modifying this route WILL break backwards compatibility
+	r.Path("/upgrader").Methods("GET").HandlerFunc(upgrader.Proxy)
+
+	// TODO NOW: move this to a shared function
 	// to avoid confusion, we don't serve this in the dev env...
 	if os.Getenv("DISABLE_SPA_SERVING") != "1" {
 		spa := handlers.SPAHandler{}
diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index 8e0a75eacc..adc4c60ed4 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -9,6 +9,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/policy"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/upgrader"
 	kotsscheme "github.com/replicatedhq/kotskinds/client/kotsclientset/scheme"
 	troubleshootscheme "github.com/replicatedhq/troubleshoot/pkg/client/troubleshootclientset/scheme"
 	yaml "github.com/replicatedhq/yaml/v3"
@@ -315,6 +316,15 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	// Password change
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
+
+	// Proxy upgrader requests to the upgrader service
+	// CAUTION: modifying this route WILL break backwards compatibility
+	r.Name("UpgraderProxy").Path("/api/v1/upgrader").Methods("GET", "POST", "PUT").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, upgrader.Proxy))
+
+	// Start upgrader
+	r.Name("StartUpgrader").Path("/api/v1/start-upgrader").Methods("POST").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/handlers/interface.go b/pkg/handlers/interface.go
index 6e10c76a5a..917f6e3148 100644
--- a/pkg/handlers/interface.go
+++ b/pkg/handlers/interface.go
@@ -161,4 +161,7 @@ type KOTSHandler interface {
 
 	// Password change
 	ChangePassword(w http.ResponseWriter, r *http.Request)
+
+	// Upgrader
+	StartUpgrader(w http.ResponseWriter, r *http.Request)
 }
diff --git a/pkg/handlers/mock/mock.go b/pkg/handlers/mock/mock.go
index 0eb87eb88c..8fd9f05e0b 100644
--- a/pkg/handlers/mock/mock.go
+++ b/pkg/handlers/mock/mock.go
@@ -1390,6 +1390,18 @@ func (mr *MockKOTSHandlerMockRecorder) StartPreflightChecks(w, r interface{}) *g
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "StartPreflightChecks", reflect.TypeOf((*MockKOTSHandler)(nil).StartPreflightChecks), w, r)
 }
 
+// StartUpgrader mocks base method.
+func (m *MockKOTSHandler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
+	m.ctrl.T.Helper()
+	m.ctrl.Call(m, "StartUpgrader", w, r)
+}
+
+// StartUpgrader indicates an expected call of StartUpgrader.
+func (mr *MockKOTSHandlerMockRecorder) StartUpgrader(w, r interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "StartUpgrader", reflect.TypeOf((*MockKOTSHandler)(nil).StartUpgrader), w, r)
+}
+
 // SyncLicense mocks base method.
 func (m *MockKOTSHandler) SyncLicense(w http.ResponseWriter, r *http.Request) {
 	m.ctrl.T.Helper()
diff --git a/pkg/handlers/upgrader.go b/pkg/handlers/upgrader.go
new file mode 100644
index 0000000000..bc54bd045b
--- /dev/null
+++ b/pkg/handlers/upgrader.go
@@ -0,0 +1,75 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/logger"
+	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/upgrader"
+	upgradertypes "github.com/replicatedhq/kots/pkg/upgrader/types"
+)
+
+type StartUpgraderRequest struct {
+	KOTSVersion string `json:"kotsVersion"`
+}
+
+type StartUpgraderResponse struct {
+	Success bool   `json:"success"`
+	Error   string `json:"error,omitempty"`
+}
+
+func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
+	response := StartUpgraderResponse{
+		Success: false,
+	}
+
+	request := StartUpgraderRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
+		response.Error = "failed to decode request body"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusBadRequest, response)
+		return
+	}
+
+	appSlug := mux.Vars(r)["appSlug"]
+
+	foundApp, err := store.GetStore().GetAppFromSlug(appSlug)
+	if err != nil {
+		response.Error = "failed to get app from app slug"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	registrySettings, err := store.GetStore().GetRegistryDetailsForApp(foundApp.ID)
+	if err != nil {
+		response.Error = "failed to get registry details for app"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	// TODO NOW: get cursor from request
+	// TODO NOW: download archive from replicated.app in online mode
+	// TODO NOW: extract archive in airgap mode
+
+	err = upgrader.Start(upgradertypes.StartOptions{
+		KOTSVersion:      request.KOTSVersion,
+		App:              foundApp,
+		AppArchive:       "",
+		RegistrySettings: registrySettings,
+	})
+	if err != nil {
+		response.Error = "failed to start upgrader"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	response.Success = true
+
+	JSON(w, http.StatusOK, response)
+}
diff --git a/pkg/kotsutil/kots.go b/pkg/kotsutil/kots.go
index 49784c2c71..81a545fee7 100644
--- a/pkg/kotsutil/kots.go
+++ b/pkg/kotsutil/kots.go
@@ -1537,6 +1537,7 @@ func DownloadKOTSBinary(version string) (string, error) {
 	if err != nil {
 		return "", errors.Wrap(err, "failed to create temp file")
 	}
+	defer tmpFile.Close()
 
 	gzipReader, err := gzip.NewReader(resp.Body)
 	if err != nil {
@@ -1564,7 +1565,11 @@ func DownloadKOTSBinary(version string) (string, error) {
 		if _, err := io.Copy(tmpFile, tarReader); err != nil {
 			return "", errors.Wrap(err, "failed to copy kots binary")
 		}
-		break
+		if err := os.Chmod(tmpFile.Name(), 0755); err != nil {
+			return "", errors.Wrap(err, "failed to set file permissions")
+		}
+
+		return tmpFile.Name(), nil
 	}
 
 	return "", errors.New("kots binary not found in archive")
diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index 05f1ee395e..22d45087bb 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -23,6 +23,13 @@ import (
 	usertypes "github.com/replicatedhq/kots/pkg/user/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	troubleshootredact "github.com/replicatedhq/troubleshoot/pkg/redact"
+
+	// this is to prevent the "upgrader" package from importing the store.
+	// any store related information should be passed to the upgrader as:
+	// - start-upgrader cli command flags
+	// - files in the filesystem via the shared pod volumes
+	// - environment variables
+	_ "github.com/replicatedhq/kots/pkg/upgrader"
 )
 
 type Store interface {
diff --git a/pkg/upgrader/handlers/config.go b/pkg/upgrader/handlers/config.go
new file mode 100644
index 0000000000..68aff7d418
--- /dev/null
+++ b/pkg/upgrader/handlers/config.go
@@ -0,0 +1,274 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"path/filepath"
+	"strconv"
+
+	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/config"
+	kotsconfig "github.com/replicatedhq/kots/pkg/config"
+	configtypes "github.com/replicatedhq/kots/pkg/kotsadmconfig/types"
+	configvalidation "github.com/replicatedhq/kots/pkg/kotsadmconfig/validation"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/logger"
+	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/template"
+	"github.com/replicatedhq/kots/pkg/util"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
+	"github.com/replicatedhq/kotskinds/multitype"
+)
+
+type CurrentAppConfigResponse struct {
+	Success          bool                                     `json:"success"`
+	Error            string                                   `json:"error,omitempty"`
+	ConfigGroups     []kotsv1beta1.ConfigGroup                `json:"configGroups"`
+	ValidationErrors []configtypes.ConfigGroupValidationError `json:"validationErrors,omitempty"`
+}
+
+type LiveAppConfigRequest struct {
+	Sequence     int64                     `json:"sequence"`
+	ConfigGroups []kotsv1beta1.ConfigGroup `json:"configGroups"`
+}
+
+type LiveAppConfigResponse struct {
+	Success          bool                                     `json:"success"`
+	Error            string                                   `json:"error,omitempty"`
+	ConfigGroups     []kotsv1beta1.ConfigGroup                `json:"configGroups"`
+	ValidationErrors []configtypes.ConfigGroupValidationError `json:"validationErrors,omitempty"`
+}
+
+func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
+	currentAppConfigResponse := CurrentAppConfigResponse{
+		Success: false,
+	}
+
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		currentAppConfigResponse.Error = "app slug does not match"
+		JSON(w, http.StatusForbidden, currentAppConfigResponse)
+		return
+	}
+
+	sequence, err := strconv.ParseInt(mux.Vars(r)["sequence"], 10, 64)
+	if err != nil {
+		logger.Error(err)
+		currentAppConfigResponse.Error = "failed to parse app sequence"
+		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
+		return
+	}
+
+	if params.AppSequence != sequence {
+		currentAppConfigResponse.Error = "app sequence does not match"
+		JSON(w, http.StatusForbidden, currentAppConfigResponse)
+		return
+	}
+
+	appLicense, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
+	if err != nil {
+		currentAppConfigResponse.Error = "failed to load license from bytes"
+		logger.Error(errors.Wrap(err, currentAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
+		return
+	}
+
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.AppArchive)
+	if err != nil {
+		currentAppConfigResponse.Error = "failed to load kots kinds from path"
+		logger.Error(errors.Wrap(err, currentAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
+		return
+	}
+
+	// get the non-rendered config from the upstream directory because we have to re-render it with the new values
+	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.AppArchive, "upstream"))
+	if err != nil {
+		currentAppConfigResponse.Error = "failed to find non-rendered config"
+		logger.Error(errors.Wrap(err, currentAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
+		return
+	}
+
+	localRegistry := registrytypes.RegistrySettings{
+		Hostname:   params.RegistryEndpoint,
+		Username:   params.RegistryUsername,
+		Password:   params.RegistryPassword,
+		Namespace:  params.RegistryNamespace,
+		IsReadOnly: params.RegistryIsReadOnly,
+	}
+
+	// get values from saved app version
+	configValues := map[string]template.ItemValue{}
+
+	if kotsKinds.ConfigValues != nil {
+		for key, value := range kotsKinds.ConfigValues.Spec.Values {
+			generatedValue := template.ItemValue{
+				Default:        value.Default,
+				Value:          value.Value,
+				Filename:       value.Filename,
+				RepeatableItem: value.RepeatableItem,
+			}
+			configValues[key] = generatedValue
+		}
+	}
+
+	sequence = sequence + 1
+	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec) // sequence +1 because the sequence will be incremented on save (and we want the preview to be accurate)
+	appInfo := template.ApplicationInfo{Slug: params.AppSlug}
+	renderedConfig, err := kotsconfig.TemplateConfigObjects(nonRenderedConfig, configValues, appLicense, &kotsKinds.KotsApplication, localRegistry, &versionInfo, &appInfo, kotsKinds.IdentityConfig, util.PodNamespace, false)
+	if err != nil {
+		logger.Error(err)
+		currentAppConfigResponse.Error = "failed to render templates"
+		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
+		return
+	}
+
+	currentAppConfigResponse.ConfigGroups = []kotsv1beta1.ConfigGroup{}
+	if renderedConfig != nil {
+		currentAppConfigResponse.ConfigGroups = renderedConfig.Spec.Groups
+	}
+
+	currentAppConfigResponse.Success = true
+	JSON(w, http.StatusOK, currentAppConfigResponse)
+}
+
+func (h *Handler) LiveAppConfig(w http.ResponseWriter, r *http.Request) {
+	liveAppConfigResponse := LiveAppConfigResponse{
+		Success: false,
+	}
+
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		liveAppConfigResponse.Error = "app slug does not match"
+		JSON(w, http.StatusForbidden, liveAppConfigResponse)
+		return
+	}
+
+	appLicense, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
+	if err != nil {
+		liveAppConfigResponse.Error = "failed to load license from bytes"
+		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, liveAppConfigResponse)
+		return
+	}
+
+	liveAppConfigRequest := LiveAppConfigRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&liveAppConfigRequest); err != nil {
+		logger.Error(err)
+		liveAppConfigResponse.Error = "failed to decode request body"
+		JSON(w, http.StatusBadRequest, liveAppConfigResponse)
+		return
+	}
+
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.AppArchive)
+	if err != nil {
+		liveAppConfigResponse.Error = "failed to load kots kinds from path"
+		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, liveAppConfigResponse)
+		return
+	}
+
+	// get the non-rendered config from the upstream directory because we have to re-render it with the new values
+	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.AppArchive, "upstream"))
+	if err != nil {
+		liveAppConfigResponse.Error = "failed to find non-rendered config"
+		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, liveAppConfigResponse)
+		return
+	}
+
+	localRegistry := registrytypes.RegistrySettings{
+		Hostname:   params.RegistryEndpoint,
+		Username:   params.RegistryUsername,
+		Password:   params.RegistryPassword,
+		Namespace:  params.RegistryNamespace,
+		IsReadOnly: params.RegistryIsReadOnly,
+	}
+
+	// sequence +1 because the sequence will be incremented on save (and we want the preview to be accurate)
+	sequence := liveAppConfigRequest.Sequence + 1
+	configValues := configValuesFromConfigGroups(liveAppConfigRequest.ConfigGroups)
+	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
+	appInfo := template.ApplicationInfo{Slug: params.AppSlug}
+
+	renderedConfig, err := kotsconfig.TemplateConfigObjects(nonRenderedConfig, configValues, appLicense, &kotsKinds.KotsApplication, localRegistry, &versionInfo, &appInfo, kotsKinds.IdentityConfig, util.PodNamespace, false)
+	if err != nil {
+		liveAppConfigResponse.Error = "failed to render templates"
+		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, liveAppConfigResponse)
+		return
+	}
+
+	liveAppConfigResponse.ConfigGroups = []kotsv1beta1.ConfigGroup{}
+	if renderedConfig != nil {
+		validationErrors, err := configvalidation.ValidateConfigSpec(renderedConfig.Spec)
+		if err != nil {
+			liveAppConfigResponse.Error = "failed to validate config spec"
+			logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
+			JSON(w, http.StatusInternalServerError, liveAppConfigResponse)
+			return
+		}
+
+		liveAppConfigResponse.ConfigGroups = renderedConfig.Spec.Groups
+		if len(validationErrors) > 0 {
+			liveAppConfigResponse.ValidationErrors = validationErrors
+			logger.Warnf("Validation errors found for config spec: %v", validationErrors)
+		}
+	}
+
+	liveAppConfigResponse.Success = true
+	JSON(w, http.StatusOK, liveAppConfigResponse)
+}
+
+func configValuesFromConfigGroups(configGroups []kotsv1beta1.ConfigGroup) map[string]template.ItemValue {
+	configValues := map[string]template.ItemValue{}
+
+	for _, group := range configGroups {
+		for _, item := range group.Items {
+			// collect all repeatable items
+			// Future Note:  This could be refactored to use CountByGroup as the control.  Front end provides the exact CountByGroup it wants, back end takes care of ValuesByGroup entries.
+			// this way the front end doesn't have to add anything to ValuesByGroup, it just sets values there.
+			if item.Repeatable {
+				for valuesByGroupName, groupValues := range item.ValuesByGroup {
+					config.CreateVariadicValues(&item, valuesByGroupName)
+
+					for fieldName, subItem := range groupValues {
+						itemValue := template.ItemValue{
+							Value:          subItem,
+							RepeatableItem: item.Name,
+						}
+						if item.Filename != "" {
+							itemValue.Filename = fieldName
+						}
+						configValues[fieldName] = itemValue
+					}
+				}
+				continue
+			}
+
+			generatedValue := template.ItemValue{}
+			if item.Value.Type == multitype.String {
+				generatedValue.Value = item.Value.StrVal
+			} else {
+				generatedValue.Value = item.Value.BoolVal
+			}
+			if item.Default.Type == multitype.String {
+				generatedValue.Default = item.Default.StrVal
+			} else {
+				generatedValue.Default = item.Default.BoolVal
+			}
+			if item.Type == "file" {
+				generatedValue.Filename = item.Filename
+			}
+			configValues[item.Name] = generatedValue
+		}
+	}
+
+	return configValues
+}
diff --git a/pkg/upgrader/handlers/handlers.go b/pkg/upgrader/handlers/handlers.go
new file mode 100644
index 0000000000..26001a9fb9
--- /dev/null
+++ b/pkg/upgrader/handlers/handlers.go
@@ -0,0 +1,43 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/replicatedhq/kots/pkg/logger"
+	kotsscheme "github.com/replicatedhq/kotskinds/client/kotsclientset/scheme"
+	troubleshootscheme "github.com/replicatedhq/troubleshoot/pkg/client/troubleshootclientset/scheme"
+	veleroscheme "github.com/vmware-tanzu/velero/pkg/generated/clientset/versioned/scheme"
+	"k8s.io/client-go/kubernetes/scheme"
+)
+
+var _ UpgraderHandler = (*Handler)(nil)
+
+type Handler struct {
+}
+
+func init() {
+	kotsscheme.AddToScheme(scheme.Scheme)
+	troubleshootscheme.AddToScheme(scheme.Scheme)
+	veleroscheme.AddToScheme(scheme.Scheme)
+}
+
+func RegisterRoutes(r *mux.Router, handler UpgraderHandler) {
+	r.Use(LoggingMiddleware)
+
+	r.Path("/api/v1/upgrader/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
+}
+
+func JSON(w http.ResponseWriter, code int, payload interface{}) {
+	response, err := json.Marshal(payload)
+	if err != nil {
+		logger.Error(err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	w.Write(response)
+}
diff --git a/pkg/upgrader/handlers/interface.go b/pkg/upgrader/handlers/interface.go
new file mode 100644
index 0000000000..b895d79b1a
--- /dev/null
+++ b/pkg/upgrader/handlers/interface.go
@@ -0,0 +1,9 @@
+package handlers
+
+import "net/http"
+
+type UpgraderHandler interface {
+	Ping(w http.ResponseWriter, r *http.Request)
+
+	LiveAppConfig(w http.ResponseWriter, r *http.Request)
+}
diff --git a/pkg/upgrader/handlers/middleware.go b/pkg/upgrader/handlers/middleware.go
new file mode 100644
index 0000000000..218e4263c0
--- /dev/null
+++ b/pkg/upgrader/handlers/middleware.go
@@ -0,0 +1,68 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/replicatedhq/kots/pkg/logger"
+	"github.com/replicatedhq/kots/pkg/upgrader/types"
+)
+
+type paramsKey struct{}
+
+func SetContextParams(r *http.Request, params types.ServerParams) *http.Request {
+	return r.WithContext(context.WithValue(r.Context(), paramsKey{}, params))
+}
+
+func GetContextParams(r *http.Request) types.ServerParams {
+	val := r.Context().Value(paramsKey{})
+	sess, _ := val.(types.ServerParams)
+	return sess
+}
+
+func ParamsMiddleware(params types.ServerParams) mux.MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			r = SetContextParams(r, params)
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+type loggingResponseWriter struct {
+	http.ResponseWriter
+	StatusCode int
+}
+
+func NewLoggingResponseWriter(w http.ResponseWriter) *loggingResponseWriter {
+	return &loggingResponseWriter{w, http.StatusOK}
+}
+
+func (lrw *loggingResponseWriter) WriteHeader(code int) {
+	lrw.StatusCode = code
+	lrw.ResponseWriter.WriteHeader(code)
+}
+
+func LoggingMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		startTime := time.Now()
+
+		lrw := NewLoggingResponseWriter(w)
+		next.ServeHTTP(lrw, r)
+
+		if os.Getenv("DEBUG") != "true" && lrw.StatusCode < http.StatusBadRequest {
+			return
+		}
+
+		logger.Infof(
+			"method=%s status=%d duration=%s request=%s",
+			r.Method,
+			lrw.StatusCode,
+			time.Since(startTime).String(),
+			r.RequestURI,
+		)
+	})
+}
diff --git a/pkg/upgrader/handlers/ping.go b/pkg/upgrader/handlers/ping.go
new file mode 100644
index 0000000000..f2c193804c
--- /dev/null
+++ b/pkg/upgrader/handlers/ping.go
@@ -0,0 +1,15 @@
+package handlers
+
+import (
+	"net/http"
+)
+
+type PingResponse struct {
+	Ping string `json:"ping"`
+}
+
+func (h *Handler) Ping(w http.ResponseWriter, r *http.Request) {
+	pingResponse := PingResponse{}
+	pingResponse.Ping = "pong"
+	JSON(w, http.StatusOK, pingResponse)
+}
diff --git a/pkg/upgrader/handlers/spa.go b/pkg/upgrader/handlers/spa.go
new file mode 100644
index 0000000000..cfa68de9a7
--- /dev/null
+++ b/pkg/upgrader/handlers/spa.go
@@ -0,0 +1,59 @@
+package handlers
+
+import (
+	"context"
+	"io/fs"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/replicatedhq/kots/web"
+)
+
+// SPAHandler implements the http.Handler interface, so we can use it
+// to respond to HTTP requests. The path to the static directory and
+// path to the index file within that static directory are used to
+// serve the SPA in the given static directory.
+type SPAHandler struct {
+}
+
+// ServeHTTP inspects the URL path to locate a file within the static dir
+// on the SPA handler. If a file is found, it will be served. If not, the
+// file located at the index path on the SPA handler will be served. This
+// is suitable behavior for serving an SPA (single page application).
+func (h SPAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// get the absolute path to prevent directory traversal
+	path, err := filepath.Abs(r.URL.Path)
+	if err != nil {
+		// if we failed to get the absolute path respond with a 400 bad request
+		// and stop
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	// prepend the path with the path to the static directory
+
+	// check whether a file exists at the given path
+	fsys, err := fs.Sub(web.Content, "dist")
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	_, err = fs.Stat(fsys, filepath.Join(".", path)) // because ... fs.Sub seems to require this
+
+	rr := r /// because the docs say to not modify request, and we might need to, so lets clone
+	if os.IsNotExist(err) {
+		rr = r.Clone(context.Background())
+		// file does not exist, serve index.html
+		rr.URL.Path = "/"
+	} else if err != nil {
+		// if we got an error (that wasn't that the file doesn't exist) stating the
+		// file, return a 500 internal server error and stop
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	// otherwise, use http.FileServer to serve the static dir
+	http.FileServer(http.FS(fsys)).ServeHTTP(w, rr)
+}
diff --git a/pkg/upgrader/handlers/static.go b/pkg/upgrader/handlers/static.go
new file mode 100644
index 0000000000..8a908e463a
--- /dev/null
+++ b/pkg/upgrader/handlers/static.go
@@ -0,0 +1,13 @@
+package handlers
+
+import (
+	"net/http"
+)
+
+type StatusNotFoundHandler struct {
+}
+
+func (h StatusNotFoundHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	http.Error(w, "", http.StatusNotFound)
+	return
+}
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
index 13f969509c..dd7ff9d027 100644
--- a/pkg/upgrader/server.go
+++ b/pkg/upgrader/server.go
@@ -11,30 +11,21 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/buildversion"
-	"github.com/replicatedhq/kots/pkg/handlers"
+	"github.com/replicatedhq/kots/pkg/upgrader/handlers"
+	"github.com/replicatedhq/kots/pkg/upgrader/types"
 )
 
-type ServerParams struct {
-	Port string
-}
-
-func Serve(params ServerParams) error {
-	log.Printf("KOTS version %s\n", buildversion.Version())
+func Serve(params types.ServerParams) error {
+	log.Printf("KOTS Upgrader version %s\n", buildversion.Version())
 
 	r := mux.NewRouter()
+	r.Use(handlers.ParamsMiddleware(params))
 
-	r.Use(handlers.CorsMiddleware)
-	r.Methods("OPTIONS").HandlerFunc(handlers.CORS)
-
-	debugRouter := r.NewRoute().Subrouter()
-	debugRouter.Use(handlers.DebugLoggingMiddleware)
-
-	loggingRouter := r.NewRoute().Subrouter()
-	loggingRouter.Use(handlers.LoggingMiddleware)
+	handler := &handlers.Handler{}
 
-	// handler := &handlers.Handler{}
+	r.Path("/api/v1/upgrader/ping").Methods("GET").HandlerFunc(handler.Ping)
 
-	// TODO NOW: auth by authSlug token the cli typically uses?
+	handlers.RegisterRoutes(r, handler)
 
 	// Prevent API requests that don't match anything in this router from returning UI content
 	r.PathPrefix("/api").Handler(handlers.StatusNotFoundHandler{})
@@ -67,7 +58,7 @@ func Serve(params ServerParams) error {
 		Addr:    fmt.Sprintf(":%s", params.Port),
 	}
 
-	fmt.Printf("Starting upgrader on port %s...\n", params.Port)
+	fmt.Printf("Starting KOTS Upgrader on port %s...\n", params.Port)
 
 	if err := srv.ListenAndServe(); err != nil {
 		return errors.Wrap(err, "failed to listen and serve")
diff --git a/pkg/upgrader/types/types.go b/pkg/upgrader/types/types.go
new file mode 100644
index 0000000000..9f83f1d86d
--- /dev/null
+++ b/pkg/upgrader/types/types.go
@@ -0,0 +1,30 @@
+package types
+
+import (
+	apptypes "github.com/replicatedhq/kots/pkg/app/types"
+	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+)
+
+type StartOptions struct {
+	KOTSVersion      string
+	App              *apptypes.App
+	AppArchive       string
+	RegistrySettings registrytypes.RegistrySettings
+}
+
+type ServerParams struct {
+	Port string
+
+	AppID       string
+	AppSlug     string
+	AppSequence int64
+	AppIsAirgap bool
+	AppLicense  string
+	AppArchive  string
+
+	RegistryEndpoint   string
+	RegistryUsername   string
+	RegistryPassword   string
+	RegistryNamespace  string
+	RegistryIsReadOnly bool
+}
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index 7daa4ffc3f..4df41d2095 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -12,82 +12,62 @@ import (
 
 	"github.com/phayes/freeport"
 	"github.com/pkg/errors"
-	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
+	"github.com/replicatedhq/kots/pkg/upgrader/types"
 )
 
 var upgraderProcess *os.Process
 var upgraderPort string
 
-// Init will spin up an upgrader service in the background on a random port.
+// Start will spin up an upgrader service in the background on a random port.
 // If an upgrader is already running, it will be stopped and a new one will be started.
 // The KOTS binary of the specified version will be used to start the upgrader.
-func Init(w http.ResponseWriter, r *http.Request) {
-	// TODO NOW: get these from the request
-	kotsVersion := "v1.109.3"
-
-	// stop the upgrader if it's already running.
-	// don't bail if not able to stop, and start a new one
-	stop()
-
-	if err := start(kotsVersion); err != nil {
-		logger.Error(errors.Wrap(err, "failed to start upgrader"))
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	w.WriteHeader(http.StatusOK)
-}
-
-// Proxy will proxy the request to the upgrader service.
-func Proxy(w http.ResponseWriter, r *http.Request) {
-	if upgraderPort == "" {
-		logger.Error(errors.New("upgrader port is not set"))
-		w.WriteHeader(http.StatusServiceUnavailable)
-		return
-	}
-
-	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgraderPort))
-	if err != nil {
-		logger.Error(errors.Wrap(err, "failed to parse upgrader url"))
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	proxy := httputil.NewSingleHostReverseProxy(remote)
-	proxy.ServeHTTP(w, r)
-}
-
-func start(kotsVersion string) (finalError error) {
-	if upgraderPort != "" {
-		return errors.Errorf("upgrader is already running on port %s", upgraderPort)
-	}
-
+func Start(opts types.StartOptions) (finalError error) {
 	defer func() {
 		if finalError != nil {
 			stop()
 		}
 	}()
 
+	// stop the upgrader if it's already running.
+	// don't bail if not able to stop, and start a new one
+	stop()
+
 	fp, err := freeport.GetFreePort()
 	if err != nil {
 		return errors.Wrap(err, "failed to get free port")
 	}
 	freePort := fmt.Sprintf("%d", fp)
 
-	kotsBin, err := kotsutil.DownloadKOTSBinary(kotsVersion)
-	if err != nil {
-		return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
-	}
+	// TODO NOW: uncomment this
+	// kotsBin, err := kotsutil.DownloadKOTSBinary(request.KOTSVersion)
+	// if err != nil {
+	// 	return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
+	// }
 
 	cmd := exec.Command(
-		kotsBin,
-		"admin-console",
-		"upgrader",
-		"--port",
-		freePort,
+		// kotsBin,
+		"/kots",
+		"start-upgrader",
+		"--port", freePort,
+
+		"--app-id", opts.App.ID,
+		"--app-slug", opts.App.Slug,
+		"--app-sequence", fmt.Sprintf("%d", opts.App.CurrentSequence),
+		"--app-is-airgap", fmt.Sprintf("%t", opts.App.IsAirgap),
+		"--app-license", opts.App.License,
+		"--app-archive", opts.AppArchive,
+
+		"--registry-endpoint", opts.RegistrySettings.Hostname,
+		"--registry-username", opts.RegistrySettings.Username,
+		"--registry-password", opts.RegistrySettings.Password,
+		"--registry-namespace", opts.RegistrySettings.Namespace,
+		"--registry-is-readonly", fmt.Sprintf("%t", opts.RegistrySettings.IsReadOnly),
 	)
 
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
 	if err := cmd.Start(); err != nil {
 		return errors.Wrap(err, "failed to start")
 	}
@@ -102,6 +82,25 @@ func start(kotsVersion string) (finalError error) {
 	return nil
 }
 
+// Proxy will proxy the request to the upgrader service.
+func Proxy(w http.ResponseWriter, r *http.Request) {
+	if upgraderPort == "" {
+		logger.Error(errors.New("upgrader port is not set"))
+		w.WriteHeader(http.StatusServiceUnavailable)
+		return
+	}
+
+	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgraderPort))
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to parse upgrader url"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	proxy := httputil.NewSingleHostReverseProxy(remote)
+	proxy.ServeHTTP(w, r)
+}
+
 func stop() {
 	if upgraderProcess != nil {
 		if err := upgraderProcess.Signal(os.Interrupt); err != nil {
@@ -116,7 +115,7 @@ func waitForReady(timeout time.Duration) error {
 	start := time.Now()
 
 	for {
-		url := fmt.Sprintf("http://localhost:%s", upgraderPort)
+		url := fmt.Sprintf("http://localhost:%s/ping", upgraderPort)
 		newRequest, err := http.NewRequest("GET", url, nil)
 		if err == nil {
 			resp, err := http.DefaultClient.Do(newRequest)
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index 0a7d547c89..cc934d701f 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -103,6 +103,7 @@ type State = {
   snapshotInProgressApps: string[];
   isEmbeddedClusterWaitingForNodes: boolean;
   themeState: ThemeState;
+  shouldShowUpgraderModal: boolean;
 };
 
 let interval: ReturnType<typeof setInterval> | undefined;
@@ -135,6 +136,7 @@ const Root = () => {
         navbarLogo: null,
       },
       app: null,
+      shouldShowUpgraderModal: false,
     }
   );
 
@@ -328,15 +330,39 @@ const Root = () => {
 
   const onRootMounted = () => {
     fetchKotsAppMetadata();
-    if (Utilities.isLoggedIn()) {
-      ping();
-      getAppsList().then((appsList) => {
-        if (appsList?.length > 0 && window.location.pathname === "/apps") {
-          const { slug } = appsList[0];
-          history.replace(`/app/${slug}`);
+  
+    if (window.location.pathname !== "/upgrader") {
+      fetch(`${process.env.API_ENDPOINT}/init-upgrader`, {
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+        },
+        credentials: "include",
+        method: "POST",
+      }).then(async (res) => {
+        if (res.ok) {
+          setState({
+            shouldShowUpgraderModal: true,
+          });
+          return;
         }
+        const text = await res.text();
+        console.log("failed to init upgrader", text);
+      })
+      .catch((err) => {
+        console.log(err);
       });
+      if (Utilities.isLoggedIn()) {
+        ping();
+        getAppsList().then((appsList) => {
+          if (appsList?.length > 0 && window.location.pathname === "/apps") {
+            const { slug } = appsList[0];
+            history.replace(`/app/${slug}`);
+          }
+        });
+      }
     }
+
   };
 
   useEffect(() => {
@@ -461,6 +487,26 @@ const Root = () => {
               />
               <Route path="/crashz" element={<Crashz />} />{" "}
               <Route path="*" element={<NotFound />} />
+              {/* <Route
+                path="/upgrader"
+                element={
+                  <div style={{ height: "100vh", width: "100vw", background: "white" }}>
+                    <h1 style={{ color: "black" }}>
+                      Hello from KOTS Upgrader!
+                    </h1>
+                  </div>
+                }
+              />
+              <Route
+                path="/upgrader/test"
+                element={
+                  <div style={{ height: "100vh", width: "100vw", background: "white" }}>
+                    <h1 style={{ color: "black" }}>
+                      Hello from test in KOTS Upgrader!
+                    </h1>
+                  </div>
+                }
+              /> */}
               <Route
                 path="/secure-console"
                 element={
@@ -864,6 +910,17 @@ const Root = () => {
           />
         )}
       </Modal>
+      <Modal
+        isOpen={state.shouldShowUpgraderModal}
+        contentLabel="KOTS Upgrader Modal"
+        ariaHideApp={false}
+        className="Modal LargeSize"
+      >
+        <iframe
+          src="/upgrader"
+          title="KOTS Upgrader"
+        />
+      </Modal>
     </QueryClientProvider>
   );
 };

From 1130b392fc5cfcf67c8959fdaa8a230819e76b25 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 21 May 2024 23:19:24 +0000
Subject: [PATCH 04/33] save

---
 .../cli/{upgrader.go => start-upgrader.go}    |  1 +
 pkg/handlers/handlers.go                      |  6 +-
 pkg/upgrader/handlers/handlers.go             |  3 +
 pkg/upgrader/server.go                        |  3 -
 web/src/Root.tsx                              | 59 ++++++++++---------
 web/src/index.tsx                             | 16 ++++-
 6 files changed, 52 insertions(+), 36 deletions(-)
 rename cmd/kots/cli/{upgrader.go => start-upgrader.go} (98%)

diff --git a/cmd/kots/cli/upgrader.go b/cmd/kots/cli/start-upgrader.go
similarity index 98%
rename from cmd/kots/cli/upgrader.go
rename to cmd/kots/cli/start-upgrader.go
index 9b23501884..4973df0d65 100644
--- a/cmd/kots/cli/upgrader.go
+++ b/cmd/kots/cli/start-upgrader.go
@@ -9,6 +9,7 @@ import (
 	"github.com/spf13/viper"
 )
 
+// TODO NOW: rename to updater?
 func StartUpgraderCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "start-upgrader",
diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index adc4c60ed4..8541054ec9 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -319,12 +319,12 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 
 	// Proxy upgrader requests to the upgrader service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.Name("UpgraderProxy").Path("/api/v1/upgrader").Methods("GET", "POST", "PUT").
-		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, upgrader.Proxy))
+	r.Name("UpgraderProxy").PathPrefix("/api/v1/upgrader").Methods("GET", "POST", "PUT").
+		HandlerFunc(upgrader.Proxy) // TODO NOW: enforce access
 
 	// Start upgrader
 	r.Name("StartUpgrader").Path("/api/v1/start-upgrader").Methods("POST").
-		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
+		HandlerFunc(handler.StartUpgrader) // TODO NOW: enforce access
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgrader/handlers/handlers.go b/pkg/upgrader/handlers/handlers.go
index 26001a9fb9..fb4d64d71f 100644
--- a/pkg/upgrader/handlers/handlers.go
+++ b/pkg/upgrader/handlers/handlers.go
@@ -26,6 +26,9 @@ func init() {
 func RegisterRoutes(r *mux.Router, handler UpgraderHandler) {
 	r.Use(LoggingMiddleware)
 
+	// TODO NOW: move "/api/v1/upgrader" to a subrouter and add a caution statement
+
+	r.Path("/api/v1/upgrader/ping").Methods("GET").HandlerFunc(handler.Ping)
 	r.Path("/api/v1/upgrader/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 }
 
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
index dd7ff9d027..a9d22c5f82 100644
--- a/pkg/upgrader/server.go
+++ b/pkg/upgrader/server.go
@@ -22,9 +22,6 @@ func Serve(params types.ServerParams) error {
 	r.Use(handlers.ParamsMiddleware(params))
 
 	handler := &handlers.Handler{}
-
-	r.Path("/api/v1/upgrader/ping").Methods("GET").HandlerFunc(handler.Ping)
-
 	handlers.RegisterRoutes(r, handler)
 
 	// Prevent API requests that don't match anything in this router from returning UI content
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index cc934d701f..4941c75661 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -331,36 +331,36 @@ const Root = () => {
   const onRootMounted = () => {
     fetchKotsAppMetadata();
   
-    if (window.location.pathname !== "/upgrader") {
-      fetch(`${process.env.API_ENDPOINT}/init-upgrader`, {
-        headers: {
-          "Content-Type": "application/json",
-          Accept: "application/json",
-        },
-        credentials: "include",
-        method: "POST",
-      }).then(async (res) => {
-        if (res.ok) {
-          setState({
-            shouldShowUpgraderModal: true,
-          });
-          return;
-        }
-        const text = await res.text();
-        console.log("failed to init upgrader", text);
-      })
-      .catch((err) => {
-        console.log(err);
-      });
-      if (Utilities.isLoggedIn()) {
-        ping();
-        getAppsList().then((appsList) => {
-          if (appsList?.length > 0 && window.location.pathname === "/apps") {
-            const { slug } = appsList[0];
-            history.replace(`/app/${slug}`);
-          }
+    // TODO NOW: remove this
+    fetch(`${process.env.API_ENDPOINT}/start-upgrader`, {
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+      },
+      credentials: "include",
+      method: "POST",
+    }).then(async (res) => {
+      if (res.ok) {
+        setState({
+          shouldShowUpgraderModal: true,
         });
+        return;
       }
+      const text = await res.text();
+      console.log("failed to init upgrader", text);
+    })
+    .catch((err) => {
+      console.log(err);
+    });
+
+    if (Utilities.isLoggedIn()) {
+      ping();
+      getAppsList().then((appsList) => {
+        if (appsList?.length > 0 && window.location.pathname === "/apps") {
+          const { slug } = appsList[0];
+          history.replace(`/app/${slug}`);
+        }
+      });
     }
 
   };
@@ -912,6 +912,9 @@ const Root = () => {
       </Modal>
       <Modal
         isOpen={state.shouldShowUpgraderModal}
+        onRequestClose={() => {
+          setState({ shouldShowUpgraderModal: false });
+        }}
         contentLabel="KOTS Upgrader Modal"
         ariaHideApp={false}
         className="Modal LargeSize"
diff --git a/web/src/index.tsx b/web/src/index.tsx
index 6c6c1f230b..0d69b9bb47 100644
--- a/web/src/index.tsx
+++ b/web/src/index.tsx
@@ -1,5 +1,5 @@
 import { createRoot } from "react-dom/client";
-import { BrowserRouter } from "react-router-dom";
+import { BrowserRouter, Route, Routes } from "react-router-dom";
 import ReplicatedErrorBoundary from "./components/shared/ErrorBoundary";
 import { Root } from "./Root";
 
@@ -13,7 +13,19 @@ const root = createRoot(container); // createRoot(container!) if you use TypeScr
 root.render(
   <ReplicatedErrorBoundary>
     <BrowserRouter>
-      <Root />
+      <Routes>
+        <Route
+          path="/upgrader"
+          element={
+            <div style={{ height: "100vh", width: "100vw", background: "white" }}>
+              <h1 style={{ color: "black" }}>
+                Hello from KOTS Upgrader!
+              </h1>
+            </div>
+          }
+        />
+        <Route path="/*" element={<Root />}/>
+      </Routes>
     </BrowserRouter>
   </ReplicatedErrorBoundary>
 );

From a72536ac7b64a0d5b928aef160ea4ef320bc9e5d Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 21 May 2024 23:47:50 +0000
Subject: [PATCH 05/33] save

---
 pkg/handlers/handlers.go | 5 +++--
 web/src/Root.tsx         | 3 +++
 web/src/index.tsx        | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index 8541054ec9..d84a78779d 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -317,14 +317,15 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
+	// TODO NOW: support and upgrader service for each app?
 	// Proxy upgrader requests to the upgrader service
 	// CAUTION: modifying this route WILL break backwards compatibility
 	r.Name("UpgraderProxy").PathPrefix("/api/v1/upgrader").Methods("GET", "POST", "PUT").
 		HandlerFunc(upgrader.Proxy) // TODO NOW: enforce access
 
 	// Start upgrader
-	r.Name("StartUpgrader").Path("/api/v1/start-upgrader").Methods("POST").
-		HandlerFunc(handler.StartUpgrader) // TODO NOW: enforce access
+	r.Name("StartUpgrader").Path("/api/v1/app/{appSlug}/start-upgrader").Methods("POST").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index 4941c75661..9fd75e2c52 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -337,6 +337,9 @@ const Root = () => {
         "Content-Type": "application/json",
         Accept: "application/json",
       },
+      body: JSON.stringify({
+        kotsVersion: "v1.109.3",
+      }),
       credentials: "include",
       method: "POST",
     }).then(async (res) => {
diff --git a/web/src/index.tsx b/web/src/index.tsx
index 0d69b9bb47..0d122e22f9 100644
--- a/web/src/index.tsx
+++ b/web/src/index.tsx
@@ -15,7 +15,7 @@ root.render(
     <BrowserRouter>
       <Routes>
         <Route
-          path="/upgrader"
+          path="/upgrader" // TODO NOW: add app slug to path?
           element={
             <div style={{ height: "100vh", width: "100vw", background: "white" }}>
               <h1 style={{ color: "black" }}>

From 4b8490a441c5be99a3766b71b4a11d917ddb3f64 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Wed, 22 May 2024 19:35:41 +0000
Subject: [PATCH 06/33] save

---
 pkg/apiserver/server.go                       |   4 +-
 pkg/upgrader/handlers/config.go               |  19 +-
 pkg/upgrader/handlers/handlers.go             |   2 +
 pkg/upgrader/handlers/interface.go            |   1 +
 web/dist/README.md                            |   3 -
 web/src/Root.tsx                              |  32 -
 web/src/components/apps/AppVersionHistory.tsx |  42 ++
 .../config_render/ConfigFileInput.jsx         |   1 +
 web/src/components/upgrader/AppConfig.tsx     | 639 ++++++++++++++++++
 web/src/components/upgrader/Upgrader.tsx      |  45 ++
 web/src/index.tsx                             |  35 +-
 11 files changed, 752 insertions(+), 71 deletions(-)
 delete mode 100644 web/dist/README.md
 create mode 100644 web/src/components/upgrader/AppConfig.tsx
 create mode 100644 web/src/components/upgrader/Upgrader.tsx

diff --git a/pkg/apiserver/server.go b/pkg/apiserver/server.go
index c669118e19..1ab80159cb 100644
--- a/pkg/apiserver/server.go
+++ b/pkg/apiserver/server.go
@@ -195,9 +195,9 @@ func Start(params *APIServerParams) {
 	* Static routes
 	**********************************************************************/
 
-	// serve the upgrader UI from the upgrader service
+	// Serve the upgrader UI from the upgrader service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.Path("/upgrader").Methods("GET").HandlerFunc(upgrader.Proxy)
+	r.PathPrefix("/upgrader").Methods("GET").HandlerFunc(upgrader.Proxy)
 
 	// TODO NOW: move this to a shared function
 	// to avoid confusion, we don't serve this in the dev env...
diff --git a/pkg/upgrader/handlers/config.go b/pkg/upgrader/handlers/config.go
index 68aff7d418..e96cfa07e4 100644
--- a/pkg/upgrader/handlers/config.go
+++ b/pkg/upgrader/handlers/config.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"net/http"
 	"path/filepath"
-	"strconv"
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
@@ -54,20 +53,6 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	sequence, err := strconv.ParseInt(mux.Vars(r)["sequence"], 10, 64)
-	if err != nil {
-		logger.Error(err)
-		currentAppConfigResponse.Error = "failed to parse app sequence"
-		JSON(w, http.StatusInternalServerError, currentAppConfigResponse)
-		return
-	}
-
-	if params.AppSequence != sequence {
-		currentAppConfigResponse.Error = "app sequence does not match"
-		JSON(w, http.StatusForbidden, currentAppConfigResponse)
-		return
-	}
-
 	appLicense, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
 	if err != nil {
 		currentAppConfigResponse.Error = "failed to load license from bytes"
@@ -116,8 +101,8 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	sequence = sequence + 1
-	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec) // sequence +1 because the sequence will be incremented on save (and we want the preview to be accurate)
+	sequence := params.AppSequence + 1
+	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
 	appInfo := template.ApplicationInfo{Slug: params.AppSlug}
 	renderedConfig, err := kotsconfig.TemplateConfigObjects(nonRenderedConfig, configValues, appLicense, &kotsKinds.KotsApplication, localRegistry, &versionInfo, &appInfo, kotsKinds.IdentityConfig, util.PodNamespace, false)
 	if err != nil {
diff --git a/pkg/upgrader/handlers/handlers.go b/pkg/upgrader/handlers/handlers.go
index fb4d64d71f..0f7fed1bfc 100644
--- a/pkg/upgrader/handlers/handlers.go
+++ b/pkg/upgrader/handlers/handlers.go
@@ -29,6 +29,8 @@ func RegisterRoutes(r *mux.Router, handler UpgraderHandler) {
 	// TODO NOW: move "/api/v1/upgrader" to a subrouter and add a caution statement
 
 	r.Path("/api/v1/upgrader/ping").Methods("GET").HandlerFunc(handler.Ping)
+
+	r.Path("/api/v1/upgrader/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
 	r.Path("/api/v1/upgrader/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 }
 
diff --git a/pkg/upgrader/handlers/interface.go b/pkg/upgrader/handlers/interface.go
index b895d79b1a..b48a471d8a 100644
--- a/pkg/upgrader/handlers/interface.go
+++ b/pkg/upgrader/handlers/interface.go
@@ -5,5 +5,6 @@ import "net/http"
 type UpgraderHandler interface {
 	Ping(w http.ResponseWriter, r *http.Request)
 
+	CurrentAppConfig(w http.ResponseWriter, r *http.Request)
 	LiveAppConfig(w http.ResponseWriter, r *http.Request)
 }
diff --git a/web/dist/README.md b/web/dist/README.md
deleted file mode 100644
index 7f1a1f8cb0..0000000000
--- a/web/dist/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-The dist directory is used in the go build to embed the compiled web resources into the kotsadm binary.  Because 
-web isn't always built (testing, okteto, etc), this README.md will allow compiling of the go binary without first 
-building web. 
\ No newline at end of file
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index 9fd75e2c52..e64cbc44ce 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -34,11 +34,6 @@ import TroubleshootContainer from "@components/troubleshoot/TroubleshootContaine
 
 import Footer from "./components/shared/Footer";
 import NavBar from "./components/shared/NavBar";
-
-// scss
-import "./scss/index.scss";
-// tailwind
-import "./index.css";
 import connectHistory from "./services/matomo";
 
 // types
@@ -330,32 +325,6 @@ const Root = () => {
 
   const onRootMounted = () => {
     fetchKotsAppMetadata();
-  
-    // TODO NOW: remove this
-    fetch(`${process.env.API_ENDPOINT}/start-upgrader`, {
-      headers: {
-        "Content-Type": "application/json",
-        Accept: "application/json",
-      },
-      body: JSON.stringify({
-        kotsVersion: "v1.109.3",
-      }),
-      credentials: "include",
-      method: "POST",
-    }).then(async (res) => {
-      if (res.ok) {
-        setState({
-          shouldShowUpgraderModal: true,
-        });
-        return;
-      }
-      const text = await res.text();
-      console.log("failed to init upgrader", text);
-    })
-    .catch((err) => {
-      console.log(err);
-    });
-
     if (Utilities.isLoggedIn()) {
       ping();
       getAppsList().then((appsList) => {
@@ -365,7 +334,6 @@ const Root = () => {
         }
       });
     }
-
   };
 
   useEffect(() => {
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index a7418bff5f..4695af3049 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -146,6 +146,7 @@ type State = {
   versionToDeploy: Version | null;
   viewLogsErrMsg: string;
   yamlErrorDetails: string[];
+  shouldShowUpgraderModal: boolean;
 };
 
 class AppVersionHistory extends Component<Props, State> {
@@ -211,6 +212,7 @@ class AppVersionHistory extends Component<Props, State> {
       versionToDeploy: null,
       viewLogsErrMsg: "",
       yamlErrorDetails: [],
+      shouldShowUpgraderModal: false,
     };
   }
 
@@ -252,6 +254,32 @@ class AppVersionHistory extends Component<Props, State> {
       }
     }
 
+    // TODO NOW: remove this
+    const appSlug = this.props.params.slug;
+    fetch(`${process.env.API_ENDPOINT}/app/${appSlug}/start-upgrader`, {
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+      },
+      body: JSON.stringify({
+        kotsVersion: "v1.109.3",
+      }),
+      credentials: "include",
+      method: "POST",
+    }).then(async (res) => {
+      if (res.ok) {
+        this.setState({
+          shouldShowUpgraderModal: true,
+        });
+        return;
+      }
+      const text = await res.text();
+      console.log("failed to init upgrader", text);
+    })
+    .catch((err) => {
+      console.log(err);
+    });
+
     this._mounted = true;
   }
 
@@ -2186,6 +2214,20 @@ class AppVersionHistory extends Component<Props, State> {
             updateCheckerSpec={app?.updateCheckerSpec}
           />
         )}
+        <Modal
+          isOpen={this.state.shouldShowUpgraderModal}
+          onRequestClose={() => {
+            this.setState({ shouldShowUpgraderModal: false });
+          }}
+          contentLabel="KOTS Upgrader Modal"
+          ariaHideApp={false}
+          className="Modal LargeSize"
+        >
+          <iframe
+            src={`/upgrader/app/${app?.slug}`}
+            title="KOTS Upgrader"
+          />
+        </Modal>
       </div>
     );
   }
diff --git a/web/src/components/config_render/ConfigFileInput.jsx b/web/src/components/config_render/ConfigFileInput.jsx
index 63c152f080..b03b07a95b 100644
--- a/web/src/components/config_render/ConfigFileInput.jsx
+++ b/web/src/components/config_render/ConfigFileInput.jsx
@@ -29,6 +29,7 @@ export default class ConfigFileInput extends Component {
   };
 
   handleDownloadFile = async (fileName) => {
+    // TODO NOW: download from upgrader if rendered in upgrader and use a different sequence!
     const url = `${process.env.API_ENDPOINT}/app/${this.props.appSlug}/config/${this.props.configSequence}/${fileName}/download`;
     fetch(url, {
       method: "GET",
diff --git a/web/src/components/upgrader/AppConfig.tsx b/web/src/components/upgrader/AppConfig.tsx
new file mode 100644
index 0000000000..449629822e
--- /dev/null
+++ b/web/src/components/upgrader/AppConfig.tsx
@@ -0,0 +1,639 @@
+import { Component } from "react";
+import { AppConfigRenderer } from "@src/components/AppConfigRenderer";
+import { useLocation, useNavigate } from "react-router-dom";
+import { withRouter } from "@src/utilities/react-router-utilities";
+import classNames from "classnames";
+import debounce from "lodash/debounce";
+import find from "lodash/find";
+import map from "lodash/map";
+import Loader from "@src/components/shared/Loader";
+import ErrorModal from "@src/components/modals/ErrorModal";
+
+import "@src/scss/components/watches/WatchConfig.scss";
+
+import Icon from "@src/components/Icon";
+
+// Types
+import { KotsParams } from "@types";
+
+type Props = {
+  location: ReturnType<typeof useLocation>;
+  params: KotsParams;
+  navigate: ReturnType<typeof useNavigate>;
+};
+
+// This was typed from the implementation of the component so it might be wrong
+type ConfigGroup = {
+  hidden: boolean;
+  hasError: boolean;
+  items: ConfigGroupItem[];
+  name: string;
+  title: string;
+  when: "true" | "false";
+};
+
+interface ConfigGroupItemValidationErrors {
+  item_errors: ConfigGroupItemValidationError[];
+  name: string;
+}
+
+interface ConfigGroupItemValidationError {
+  name: string;
+  validation_errors: {
+    message: string;
+  }[];
+}
+
+type ConfigGroupItem = {
+  default: string;
+  error: string;
+  hidden: boolean;
+  name: string;
+  required: boolean;
+  title: string;
+  type: string;
+  validationError: string;
+  value: string;
+  when: "true" | "false";
+};
+
+type RequiredItems = string[];
+
+type State = {
+  activeGroups: string[];
+  changed: boolean;
+  configErrorMessage: string;
+  configGroups: ConfigGroup[];
+  configLoading: boolean;
+  displayErrorModal: boolean;
+  errorTitle: string;
+  gettingConfigErrMsg: string;
+  initialConfigGroups: ConfigGroup[];
+  showConfigError: boolean;
+  showValidationError: boolean;
+};
+
+const validationErrorMessage =
+  "Error detected. Please use config nav to the left to locate and fix issues.";
+
+class AppConfig extends Component<Props, State> {
+  sidebarWrapper: HTMLElement;
+
+  fetchController: AbortController | null;
+
+  constructor(props: Props) {
+    super(props);
+
+    this.state = {
+      activeGroups: [],
+      changed: false,
+      showConfigError: false,
+      configErrorMessage: "",
+      configGroups: [],
+      configLoading: false,
+      displayErrorModal: false,
+      errorTitle: "",
+      gettingConfigErrMsg: "",
+      showValidationError: false,
+      initialConfigGroups: [],
+    };
+
+    this.handleConfigChange = debounce(this.handleConfigChange, 250);
+    this.determineSidebarHeight = debounce(this.determineSidebarHeight, 250);
+    this.sidebarWrapper = document.createElement("div");
+    this.fetchController = null;
+  }
+
+  componentWillUnmount() {
+    window.removeEventListener("resize", this.determineSidebarHeight);
+  }
+
+  componentDidMount() {
+    // TODO NOW: what to do here?
+    // const { app, navigate } = this.props;
+    // if (app && !app.isConfigurable) {
+    //   // app not configurable - redirect
+    //   navigate(`/app/${app.slug}`, { replace: true });
+    // }
+    window.addEventListener("resize", this.determineSidebarHeight);
+    this.getConfig();
+  }
+
+  componentDidUpdate(lastProps: Props, lastState: State) {
+    const { location } = this.props;
+    // if (app && !app.isConfigurable) {
+      // app not configurable - redirect
+      // TODO NOW: what to do here?
+    // }
+    if (
+      this.state.configGroups &&
+      this.state.configGroups !== lastState.configGroups
+    ) {
+      this.determineSidebarHeight();
+    }
+    // need to dig into this more
+    if (location.hash !== lastProps.location.hash && location.hash) {
+      // navigate to error if there is one
+      if (this.state.showConfigError) {
+        const hash = location.hash.slice(1);
+        const element = document.getElementById(hash);
+        if (element) {
+          element.scrollIntoView();
+        }
+      }
+    }
+  }
+
+  determineSidebarHeight = () => {
+    // TODO: use a ref for this instead of setting HTMLElement.style
+    const windowHeight = window.innerHeight;
+    const sidebarEl = this.sidebarWrapper;
+    if (sidebarEl) {
+      sidebarEl.style.maxHeight = `${windowHeight - 225}px`;
+    }
+  };
+
+  navigateToCurrentHash = () => {
+    const hash = this.props.location.hash.slice(1);
+    // slice `-group` off the end of the hash
+    const slicedHash = hash.slice(0, -6);
+    let activeGroupName = null;
+    this.state.configGroups.map((group) => {
+      const activeItem = find(group.items, ["name", slicedHash]);
+      if (activeItem) {
+        activeGroupName = group.name;
+      }
+    });
+
+    if (activeGroupName) {
+      this.setState({ activeGroups: [activeGroupName], configLoading: false });
+      // TODO: add error handling for when the element with this hash id is not found
+      document.getElementById(hash)?.scrollIntoView();
+    }
+  };
+
+  getConfig = async () => {
+    const { slug } = this.props.params;
+
+    this.setState({
+      configLoading: true,
+      gettingConfigErrMsg: "",
+      showConfigError: false,
+      configErrorMessage: "",
+    });
+
+    fetch(
+      `${process.env.API_ENDPOINT}/upgrader/app/${slug}/config${window.location.search}`,
+      {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json",
+        },
+        credentials: "include",
+      }
+    )
+      .then(async (response) => {
+        if (!response.ok) {
+          const res = await response.json();
+          throw new Error(res.error);
+        }
+        const data = await response.json();
+        if (!data.configGroups?.length) {
+          throw new Error("No config data found");
+        }
+        this.setState({
+          configGroups: data.configGroups,
+          changed: false,
+          configLoading: false,
+        });
+        if (this.props.location.hash.length > 0) {
+          this.navigateToCurrentHash();
+        } else {
+          this.setState({
+            activeGroups: [data.configGroups[0].name],
+            configLoading: false,
+            gettingConfigErrMsg: "",
+          });
+        }
+      })
+      .catch((err) => {
+        this.setState({
+          configLoading: false,
+          errorTitle: `Failed to get config data`,
+          displayErrorModal: true,
+          gettingConfigErrMsg: err
+            ? err.message
+            : "Something went wrong, please try again.",
+        });
+      });
+  };
+
+  updateUrlWithErrorId = (requiredItems: RequiredItems) => {
+    const { slug } = this.props.params;
+    this.props.navigate(
+      `/app/${slug}/config${window.location.search}#${requiredItems[0]}-group`
+    );
+  };
+
+  markRequiredItems = (requiredItems: RequiredItems) => {
+    const configGroups = this.state.configGroups;
+    requiredItems.forEach((requiredItem) => {
+      configGroups.forEach((configGroup) => {
+        const item = configGroup.items.find((i) => i.name === requiredItem);
+        if (item) {
+          item.error = "This item is required";
+        }
+      });
+    });
+    this.setState({ configGroups, showConfigError: true }, () => {
+      this.updateUrlWithErrorId(requiredItems);
+    });
+  };
+
+  handleNext = async () => {
+    // TODO: the most recent config values should already exist in the api
+    // so this should just go to the next page
+  };
+
+  isConfigChanged = (newGroups: ConfigGroup[]) => {
+    const { initialConfigGroups } = this.state;
+    for (let g = 0; g < newGroups.length; g++) {
+      const group = newGroups[g];
+      if (!group.items) {
+        continue;
+      }
+      for (let i = 0; i < group.items.length; i++) {
+        const newItem = group.items[i];
+        const oldItem = this.getItemInConfigGroups(
+          initialConfigGroups,
+          newItem.name
+        );
+        if (!oldItem || oldItem.value !== newItem.value) {
+          return true;
+        }
+      }
+    }
+    return false;
+  };
+
+  getItemInConfigGroups = (
+    configGroups: ConfigGroup[],
+    itemName: string
+  ): ConfigGroupItem | undefined => {
+    let foundItem;
+    map(configGroups, (group) => {
+      map(group.items, (item) => {
+        if (item.name === itemName) {
+          foundItem = item;
+        }
+      });
+    });
+    return foundItem;
+  };
+
+  // this runs on config update and when save is clicked but before the request is submitted
+  // on update it uses the errors from the liveconfig endpoint
+  // on save it's mostly used to find required field errors
+  mergeConfigGroupsAndValidationErrors = (
+    groups: ConfigGroup[],
+    validationErrors: ConfigGroupItemValidationErrors[]
+  ): [ConfigGroup[], boolean] => {
+    let hasValidationError = false;
+
+    const newGroups = groups?.map((group: ConfigGroup) => {
+      const newGroup = { ...group };
+      const configGroupValidationErrors = validationErrors?.find(
+        (validationError) => validationError.name === group.name
+      );
+
+      // required errors are handled separately
+      if (group?.items?.find((item) => item.error)) {
+        newGroup.hasError = true;
+      }
+
+      if (configGroupValidationErrors) {
+        newGroup.items = newGroup?.items?.map((item: ConfigGroupItem) => {
+          const itemValidationError =
+            configGroupValidationErrors?.item_errors?.find(
+              (validationError) => validationError.name === item.name
+            );
+
+          if (itemValidationError) {
+            item.validationError =
+              itemValidationError?.validation_errors?.[0]?.message;
+            newGroup.hasError = true;
+            // if there is an error, then block form submission with state.hasValidationError
+            if (!hasValidationError) {
+              hasValidationError = true;
+            }
+          }
+          return item;
+        });
+      }
+      return newGroup;
+    });
+    return [newGroups, hasValidationError];
+  };
+
+  handleConfigChange = (groups: ConfigGroup[]) => {
+    const { slug } = this.props.params;
+
+    // cancel current request (if any)
+    if (this.fetchController) {
+      this.fetchController.abort();
+    }
+
+    this.setState({
+      showConfigError: false,
+      configErrorMessage: "",
+    });
+
+    this.fetchController = new AbortController();
+    const signal = this.fetchController.signal;
+
+    fetch(
+      `${process.env.API_ENDPOINT}/upgrader/app/${slug}/liveconfig${window.location.search}`,
+      {
+        signal,
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+        },
+        credentials: "include",
+        method: "POST",
+        body: JSON.stringify({ configGroups: groups }),
+      }
+    )
+      .then(async (response) => {
+        if (!response.ok) {
+          const res = await response.json();
+          this.setState({
+            showConfigError: Boolean(res?.error),
+            configErrorMessage: res?.error,
+          });
+          return;
+        }
+
+        const data = await response.json();
+        const oldGroups = this.state.configGroups;
+        const validationErrors: ConfigGroupItemValidationErrors[] =
+          data.validationErrors;
+
+        // track errors at the form level
+        this.setState({ showValidationError: false });
+
+        // merge validation errors and config group
+        const [newGroups, hasValidationError] =
+          this.mergeConfigGroupsAndValidationErrors(
+            data.configGroups,
+            validationErrors
+          );
+
+        this.setState({
+          showValidationError: hasValidationError,
+        });
+
+        map(newGroups, (group) => {
+          if (!group.items) {
+            return;
+          }
+          group.items.forEach((newItem: ConfigGroupItem) => {
+            if (newItem.type === "password") {
+              const oldItem = this.getItemInConfigGroups(
+                oldGroups,
+                newItem.name
+              );
+              if (oldItem) {
+                newItem.value = oldItem.value;
+              }
+            }
+          });
+        });
+        const changed = this.isConfigChanged(newGroups);
+        this.setState({ configGroups: newGroups, changed });
+      })
+      .catch((error) => {
+        if (error?.name !== "AbortError") {
+          console.log(error);
+          this.setState({
+            showConfigError: Boolean(error?.message),
+            configErrorMessage: error?.message,
+          });
+        }
+      });
+  };
+
+  toggleActiveGroups = (name: string) => {
+    let groupsArr = this.state.activeGroups;
+    if (groupsArr.includes(name)) {
+      let updatedGroupsArr = groupsArr.filter((n) => n !== name);
+      this.setState({ activeGroups: updatedGroupsArr });
+    } else {
+      groupsArr.push(name);
+      this.setState({ activeGroups: groupsArr });
+    }
+  };
+
+  toggleErrorModal = () => {
+    this.setState({ displayErrorModal: !this.state.displayErrorModal });
+  };
+
+  render() {
+    const {
+      changed,
+      showConfigError,
+      configErrorMessage,
+      configGroups,
+      configLoading,
+      displayErrorModal,
+      errorTitle,
+      gettingConfigErrMsg,
+      showValidationError,
+    } = this.state;
+
+    const { params } = this.props;
+
+    if (configLoading) {
+      return (
+        <div className="flex-column flex1 alignItems--center justifyContent--center">
+          <Loader size="60" />
+        </div>
+      );
+    }
+
+    const sections = document.querySelectorAll(".observe-elements");
+
+    const callback = (entries: IntersectionObserverEntry[]) => {
+      entries.forEach(({ isIntersecting, target }) => {
+        // find the group nav link that matches the current section in view
+        const groupNav = document.querySelector(
+          `#config-group-nav-${target.id}`
+        );
+        // find the active link in the group nav
+        const activeLink = document.querySelector(".active-item");
+        const hash = this.props.location.hash.slice(1);
+        const activeLinkByHash = document.querySelector(`a[href='#${hash}']`);
+        if (isIntersecting) {
+          groupNav?.classList.add("is-active");
+          // if your group is active, item will be active
+          if (activeLinkByHash && groupNav?.contains(activeLinkByHash)) {
+            activeLinkByHash.classList.add("active-item");
+          }
+        } else {
+          // if the section is not in view, remove the highlight from the active link
+          if (groupNav?.contains(activeLink) && activeLink) {
+            activeLink.classList.remove("active-item");
+          }
+          // remove the highlight from the group nav link
+          groupNav?.classList.remove("is-active");
+        }
+      });
+    };
+
+    const options = {
+      root: document,
+      // rootMargin is the amount of space around the root element that the intersection observer will look for intersections
+      rootMargin: "20% 0% -75% 0%",
+      // threshold: the proportion of the element that must be within the root bounds for it to be considered intersecting
+      threshold: 0.15,
+    };
+
+    const observer = new IntersectionObserver(callback, options);
+
+    sections.forEach((section) => {
+      observer.observe(section);
+    });
+
+    return (
+      <div className="flex flex-column u-paddingLeft--20 u-paddingBottom--20 u-paddingRight--20 alignItems--center">
+        <div className="tw-flex tw-flex-col tw-mx-48">
+          <div className="tw-flex tw-justify-center" style={{ gap: "20px" }}>
+            <div
+              id="configSidebarWrapper"
+              className="config-sidebar-wrapper card-bg clickable"
+            >
+              {configGroups?.map((group, i) => {
+                if (
+                  group.title === "" ||
+                  group.title.length === 0 ||
+                  group.hidden ||
+                  group.when === "false"
+                ) {
+                  return;
+                }
+                return (
+                  <div
+                    key={`${i}-${group.name}-${group.title}`}
+                    className={`side-nav-group ${
+                      this.state.activeGroups.includes(group.name) ||
+                      group.hasError
+                        ? "group-open"
+                        : ""
+                    }`}
+                    id={`config-group-nav-${group.name}`}
+                  >
+                    <div
+                      className="flex alignItems--center"
+                      onClick={() => this.toggleActiveGroups(group.name)}
+                    >
+                      <div className="u-lineHeight--normal group-title u-fontSize--normal">
+                        {group.title}
+                      </div>
+                      {/* adding the arrow-down classes, will rotate the icon when clicked */}
+                      <Icon
+                        icon="down-arrow"
+                        className="darkGray-color clickable flex-auto u-marginLeft--5 arrow-down"
+                        size={12}
+                        style={{}}
+                        color={""}
+                        disableFill={false}
+                        removeInlineStyle={false}
+                      />
+                    </div>
+                    {group.items ? (
+                      <div className="side-nav-items">
+                        {group.items
+                          ?.filter((item) => item.type !== "label")
+                          ?.map((item, j) => {
+                            const hash = this.props.location.hash.slice(1);
+                            if (item.hidden || item.when === "false") {
+                              return;
+                            }
+                            return (
+                              <a
+                                className={`u-fontSize--normal u-lineHeight--normal
+                                ${
+                                  item.validationError || item.error
+                                    ? "has-error"
+                                    : ""
+                                }
+                                ${
+                                  hash === `${item.name}-group`
+                                    ? "active-item"
+                                    : ""
+                                }`}
+                                href={`#${item.name}-group`}
+                                key={`${j}-${item.name}-${item.title}`}
+                              >
+                                {item.title}
+                              </a>
+                            );
+                          })}
+                      </div>
+                    ) : null}
+                  </div>
+                );
+              })}
+            </div>
+            <div className="ConfigArea--wrapper">
+              <div className={classNames("ConfigOuterWrapper card-bg u-padding--15")}>
+                <div className="ConfigInnerWrapper">
+                  <AppConfigRenderer
+                    groups={configGroups}
+                    getData={this.handleConfigChange}
+                    // configSequence={params.sequence}
+                    appSlug={params.slug}
+                  />
+                </div>
+                <div className="flex alignItems--flexStart">
+                  <div className="ConfigError--wrapper flex-column alignItems--flexStart">
+                    {(showConfigError || this.state.showValidationError) && (
+                      <span className="u-textColor--error tw-mb-2 tw-text-xs">
+                        {configErrorMessage || validationErrorMessage}
+                      </span>
+                    )}
+                    <button
+                      className="btn primary blue"
+                      disabled={
+                        showValidationError || !changed
+                      }
+                      onClick={this.handleNext}
+                    >
+                      Next
+                    </button>
+                  </div>
+                </div>
+              </div>
+            </div>{" "}
+          </div>
+        </div>
+        {gettingConfigErrMsg && (
+          <ErrorModal
+            errorModal={displayErrorModal}
+            toggleErrorModal={this.toggleErrorModal}
+            err={errorTitle}
+            errMsg={gettingConfigErrMsg}
+            tryAgain={this.getConfig}
+          />
+        )}
+      </div>
+    );
+  }
+}
+
+/* eslint-disable */
+// @ts-ignore
+const AppConfigWithRouter: any = withRouter(AppConfig);
+
+export default AppConfigWithRouter;
+/* eslint-enable */
diff --git a/web/src/components/upgrader/Upgrader.tsx b/web/src/components/upgrader/Upgrader.tsx
new file mode 100644
index 0000000000..222f21c2d1
--- /dev/null
+++ b/web/src/components/upgrader/Upgrader.tsx
@@ -0,0 +1,45 @@
+import { Route, Routes, Navigate } from "react-router-dom";
+import { Helmet } from "react-helmet";
+import NotFound from "@components/static/NotFound";
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+
+import AppConfig from "@components/upgrader/AppConfig";
+
+// types
+import { ToastProvider } from "@src/context/ToastContext";
+
+// react-query client
+const queryClient = new QueryClient();
+
+const Upgrader = () => {
+  const Crashz = () => {
+    throw new Error("Crashz!");
+  };
+
+  return (
+    <QueryClientProvider client={queryClient}>
+      <Helmet>
+        <meta
+          httpEquiv="Cache-Control"
+          content="no-cache, no-store, must-revalidate"
+        />
+        <meta httpEquiv="Pragma" content="no-cache" />
+        <meta httpEquiv="Expires" content="0" />
+      </Helmet>
+      <ToastProvider>
+        <div className="flex1 flex-column u-overflow--auto tw-relative">
+          <Routes>
+            <Route path="/crashz" element={<Crashz />} />{" "}
+            <Route path="/app/:slug/*">
+              <Route index element={<Navigate to="config" />} />
+              <Route path="config" element={<AppConfig />} />
+            </Route>
+            <Route path="*" element={<NotFound />} />
+          </Routes>
+        </div>
+      </ToastProvider>
+    </QueryClientProvider>
+  );
+};
+
+export { Upgrader };
diff --git a/web/src/index.tsx b/web/src/index.tsx
index 0d122e22f9..b277ed45cb 100644
--- a/web/src/index.tsx
+++ b/web/src/index.tsx
@@ -1,8 +1,14 @@
 import { createRoot } from "react-dom/client";
 import { BrowserRouter, Route, Routes } from "react-router-dom";
 import ReplicatedErrorBoundary from "./components/shared/ErrorBoundary";
+import { Upgrader } from "@components/upgrader/Upgrader";
 import { Root } from "./Root";
 
+// scss
+import "./scss/index.scss";
+// tailwind
+import "./index.css";
+
 const container = document.getElementById("app");
 if (!container) {
   throw new Error("No container found");
@@ -11,21 +17,16 @@ if (!container) {
 const root = createRoot(container); // createRoot(container!) if you use TypeScript
 
 root.render(
-  <ReplicatedErrorBoundary>
-    <BrowserRouter>
-      <Routes>
-        <Route
-          path="/upgrader" // TODO NOW: add app slug to path?
-          element={
-            <div style={{ height: "100vh", width: "100vw", background: "white" }}>
-              <h1 style={{ color: "black" }}>
-                Hello from KOTS Upgrader!
-              </h1>
-            </div>
-          }
-        />
-        <Route path="/*" element={<Root />}/>
-      </Routes>
-    </BrowserRouter>
-  </ReplicatedErrorBoundary>
+  <BrowserRouter>
+    <Routes>
+      <Route path="/upgrader/*" element={<Upgrader />} />
+      <Route path="/*"
+        element={
+          <ReplicatedErrorBoundary>
+            <Root />
+          </ReplicatedErrorBoundary>
+        }
+      />
+    </Routes>
+  </BrowserRouter>
 );

From d51befdaff37ef174eb28e50526eb33f548c65b6 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Wed, 22 May 2024 20:57:57 +0000
Subject: [PATCH 07/33] save

---
 .github/actions/copy-assets/Dockerfile |  2 +-
 kurl_proxy/skaffold.Dockerfile         |  2 +-
 pkg/upgrader/upgrader.go               |  4 ++--
 pkg/upstream/peek.go                   |  2 +-
 pkg/upstream/replicated.go             | 11 +++--------
 5 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/actions/copy-assets/Dockerfile b/.github/actions/copy-assets/Dockerfile
index 77904db08b..5ae63d6592 100644
--- a/.github/actions/copy-assets/Dockerfile
+++ b/.github/actions/copy-assets/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 WORKDIR /action
 COPY . /action
 
diff --git a/kurl_proxy/skaffold.Dockerfile b/kurl_proxy/skaffold.Dockerfile
index b66bda2104..c8d3ec5229 100644
--- a/kurl_proxy/skaffold.Dockerfile
+++ b/kurl_proxy/skaffold.Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-bookworm
+FROM golang:1.22-bookworm
 
 ENV PROJECTPATH=/go/src/github.com/replicatedhq/kots/kurl_proxy
 WORKDIR $PROJECTPATH
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index 4df41d2095..6fa0f337ee 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -85,7 +85,7 @@ func Start(opts types.StartOptions) (finalError error) {
 // Proxy will proxy the request to the upgrader service.
 func Proxy(w http.ResponseWriter, r *http.Request) {
 	if upgraderPort == "" {
-		logger.Error(errors.New("upgrader port is not set"))
+		logger.Error(errors.New("upgrader is not running"))
 		w.WriteHeader(http.StatusServiceUnavailable)
 		return
 	}
@@ -115,7 +115,7 @@ func waitForReady(timeout time.Duration) error {
 	start := time.Now()
 
 	for {
-		url := fmt.Sprintf("http://localhost:%s/ping", upgraderPort)
+		url := fmt.Sprintf("http://localhost:%s/api/v1/upgrader/ping", upgraderPort)
 		newRequest, err := http.NewRequest("GET", url, nil)
 		if err == nil {
 			resp, err := http.DefaultClient.Do(newRequest)
diff --git a/pkg/upstream/peek.go b/pkg/upstream/peek.go
index 708be962e5..908194e59e 100644
--- a/pkg/upstream/peek.go
+++ b/pkg/upstream/peek.go
@@ -18,7 +18,7 @@ func GetUpdatesUpstream(upstreamURI string, fetchOptions *types.FetchOptions) (*
 		return nil, errors.Wrap(err, "parse request uri failed")
 	}
 	if u.Scheme == "replicated" {
-		return getUpdatesReplicated(u, fetchOptions)
+		return getUpdatesReplicated(fetchOptions)
 	}
 
 	return nil, errors.Errorf("unknown protocol scheme %q", u.Scheme)
diff --git a/pkg/upstream/replicated.go b/pkg/upstream/replicated.go
index f083699374..4d3fbf50cb 100644
--- a/pkg/upstream/replicated.go
+++ b/pkg/upstream/replicated.go
@@ -69,7 +69,7 @@ type ChannelRelease struct {
 	ReleaseNotes    string `json:"releaseNotes"`
 }
 
-func getUpdatesReplicated(u *url.URL, fetchOptions *types.FetchOptions) (*types.UpdateCheckResult, error) {
+func getUpdatesReplicated(fetchOptions *types.FetchOptions) (*types.UpdateCheckResult, error) {
 	currentCursor := replicatedapp.ReplicatedCursor{
 		ChannelID:   fetchOptions.CurrentChannelID,
 		ChannelName: fetchOptions.CurrentChannelName,
@@ -81,12 +81,7 @@ func getUpdatesReplicated(u *url.URL, fetchOptions *types.FetchOptions) (*types.
 		return nil, errors.New("No license was provided")
 	}
 
-	replicatedUpstream, err := replicatedapp.ParseReplicatedURL(u)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to parse replicated upstream")
-	}
-
-	pendingReleases, updateCheckTime, err := listPendingChannelReleases(replicatedUpstream, fetchOptions.License, fetchOptions.LastUpdateCheckAt, currentCursor, fetchOptions.ChannelChanged, fetchOptions.ReportingInfo)
+	pendingReleases, updateCheckTime, err := listPendingChannelReleases(fetchOptions.License, fetchOptions.LastUpdateCheckAt, currentCursor, fetchOptions.ChannelChanged, fetchOptions.ReportingInfo)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to list replicated app releases")
 	}
@@ -446,7 +441,7 @@ func downloadReplicatedApp(replicatedUpstream *replicatedapp.ReplicatedUpstream,
 	return &release, nil
 }
 
-func listPendingChannelReleases(replicatedUpstream *replicatedapp.ReplicatedUpstream, license *kotsv1beta1.License, lastUpdateCheckAt *time.Time, currentCursor replicatedapp.ReplicatedCursor, channelChanged bool, reportingInfo *reportingtypes.ReportingInfo) ([]ChannelRelease, *time.Time, error) {
+func listPendingChannelReleases(license *kotsv1beta1.License, lastUpdateCheckAt *time.Time, currentCursor replicatedapp.ReplicatedCursor, channelChanged bool, reportingInfo *reportingtypes.ReportingInfo) ([]ChannelRelease, *time.Time, error) {
 	u, err := url.Parse(license.Spec.Endpoint)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "failed to parse endpoint from license")

From 295e8811516a2855bb2ca4edc60c652c02170a8f Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Wed, 22 May 2024 22:46:47 +0000
Subject: [PATCH 08/33] save

---
 Makefile                          |   2 +-
 cmd/kots/cli/start-upgrader.go    |  20 ++++--
 pkg/handlers/upgrader.go          |  33 ++++++++-
 pkg/replicatedapp/upstream.go     |   1 -
 pkg/store/kotsstore/task_store.go |   1 +
 pkg/upgrader/bootstrap.go         | 108 ++++++++++++++++++++++++++++++
 pkg/upgrader/handlers/config.go   |   7 +-
 pkg/upgrader/types/types.go       |  14 +++-
 pkg/upgrader/upgrader.go          |  13 ++--
 pkg/upstream/replicated.go        |   2 +-
 10 files changed, 181 insertions(+), 20 deletions(-)
 create mode 100644 pkg/upgrader/bootstrap.go

diff --git a/Makefile b/Makefile
index e53f5bb5b6..ad4dc4f1ee 100644
--- a/Makefile
+++ b/Makefile
@@ -112,7 +112,7 @@ debug-build:
 debug: debug-build
 	LOG_LEVEL=$(LOG_LEVEL) dlv --listen=:2345 --headless=true --api-version=2 exec ./bin/kotsadm-debug api
 
-# TODO NOW: make web part of kots cli
+# TODO NOW: make web part of kots cli in dev?
 .PHONY: build-ttl.sh
 # build-ttl.sh: kots build
 build-ttl.sh: build
diff --git a/cmd/kots/cli/start-upgrader.go b/cmd/kots/cli/start-upgrader.go
index 4973df0d65..f82e5d73a7 100644
--- a/cmd/kots/cli/start-upgrader.go
+++ b/cmd/kots/cli/start-upgrader.go
@@ -26,10 +26,15 @@ func StartUpgraderCmd() *cobra.Command {
 
 				AppID:       v.GetString("app-id"),
 				AppSlug:     v.GetString("app-slug"),
-				AppSequence: v.GetInt64("app-sequence"),
 				AppIsAirgap: v.GetBool("app-is-airgap"),
+				AppIsGitOps: v.GetBool("app-is-gitops"),
 				AppLicense:  v.GetString("app-license"),
-				AppArchive:  v.GetString("app-archive"),
+
+				BaseArchive:  v.GetString("base-archive"),
+				BaseSequence: v.GetInt64("base-sequence"),
+				NextSequence: v.GetInt64("next-sequence"),
+
+				UpdateCursor: v.GetString("update-cursor"),
 
 				RegistryEndpoint:   v.GetString("registry-endpoint"),
 				RegistryUsername:   v.GetString("registry-username"),
@@ -50,10 +55,17 @@ func StartUpgraderCmd() *cobra.Command {
 	// app flags
 	cmd.Flags().String("app-id", "", "the app id")
 	cmd.Flags().String("app-slug", "", "the app slug")
-	cmd.Flags().Int64("app-sequence", -1, "the app sequence")
 	cmd.Flags().Bool("app-is-airgap", false, "whether the app is airgap")
+	cmd.Flags().Bool("app-is-gitops", false, "whether the app is gitops")
 	cmd.Flags().String("app-license", "", "the app license")
-	cmd.Flags().String("app-archive", "", "path to the app archive")
+
+	// app version flags
+	cmd.Flags().String("base-archive", "", "path to the base app version archive")
+	cmd.Flags().String("base-sequence", "", "the local base app version sequence")
+	cmd.Flags().String("next-sequence", "", "the local next app version sequence")
+
+	// release flags
+	cmd.Flags().String("update-cursor", "", "the channel sequence of the target release")
 
 	// registry flags
 	cmd.Flags().String("registry-endpoint", "", "the registry endpoint")
diff --git a/pkg/handlers/upgrader.go b/pkg/handlers/upgrader.go
index bc54bd045b..7fed946fab 100644
--- a/pkg/handlers/upgrader.go
+++ b/pkg/handlers/upgrader.go
@@ -52,6 +52,33 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// TODO NOW: get version label from request
+	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(foundApp.ID, airgap.Spec.VersionLabel)
+	if err != nil {
+		response.Error = "failed to get app version base archive"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	nextSequence, err := store.GetStore().GetNextAppSequence(foundApp.ID)
+	if err != nil {
+		response.Error = "failed to get next app sequence"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	// TODO NOW: get latest license? if done here, remove the one in upgrader bootstrap
+
+	updateCursor, err := store.GetStore().GetCurrentUpdateCursor(foundApp.ID, latestLicense.Spec.ChannelID)
+	if err != nil {
+		response.Error = "failed to get current update cursor"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
 	// TODO NOW: get cursor from request
 	// TODO NOW: download archive from replicated.app in online mode
 	// TODO NOW: extract archive in airgap mode
@@ -59,8 +86,12 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 	err = upgrader.Start(upgradertypes.StartOptions{
 		KOTSVersion:      request.KOTSVersion,
 		App:              foundApp,
-		AppArchive:       "",
+		BaseArchive:      baseArchive,
+		BaseSequence:     baseSequence,
+		NextSequence:     nextSequence,
+		UpdateCursor:     updateCursor,
 		RegistrySettings: registrySettings,
+		// TODO NOW: reporting info
 	})
 	if err != nil {
 		response.Error = "failed to start upgrader"
diff --git a/pkg/replicatedapp/upstream.go b/pkg/replicatedapp/upstream.go
index d4baf20612..c96aa418b1 100644
--- a/pkg/replicatedapp/upstream.go
+++ b/pkg/replicatedapp/upstream.go
@@ -17,7 +17,6 @@ type ReplicatedUpstream struct {
 	Channel      *string
 	AppSlug      string
 	VersionLabel *string
-	Sequence     *int
 }
 
 func ParseReplicatedURL(u *url.URL) (*ReplicatedUpstream, error) {
diff --git a/pkg/store/kotsstore/task_store.go b/pkg/store/kotsstore/task_store.go
index 7a2db0babe..c864c8e6d4 100644
--- a/pkg/store/kotsstore/task_store.go
+++ b/pkg/store/kotsstore/task_store.go
@@ -83,6 +83,7 @@ func (s *KOTSStore) migrateTasksFromRqlite() error {
 	return nil
 }
 
+// TODO NOW: move this outside the store
 func (s *KOTSStore) SetTaskStatus(id string, message string, status string) error {
 	taskStatusLock.Lock()
 	defer taskStatusLock.Unlock()
diff --git a/pkg/upgrader/bootstrap.go b/pkg/upgrader/bootstrap.go
new file mode 100644
index 0000000000..bdc15b096b
--- /dev/null
+++ b/pkg/upgrader/bootstrap.go
@@ -0,0 +1,108 @@
+package upgrader
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/pkg/errors"
+	identity "github.com/replicatedhq/kots/pkg/kotsadmidentity"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/pull"
+	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/util"
+)
+
+func bootstrap(params types.ServerParams) error {
+	if err := pullArchiveFromOnline(params); err != nil {
+		return errors.Wrap(err, "failed to bootstrap cluster token")
+	}
+
+	return nil
+}
+
+func pullArchiveFromOnline(params types.ServerParams) (finalError error) {
+	license, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
+	if err != nil {
+		return errors.Wrap(err, "failed to load license from bytes")
+	}
+
+	// TODO NOW: get latest license from replicated.app
+
+	beforeKotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive)
+	if err != nil {
+		return errors.Wrap(err, "failed to load current kotskinds")
+	}
+
+	if err := pull.CleanBaseArchive(params.BaseArchive); err != nil {
+		return errors.Wrap(err, "failed to clean base archive")
+	}
+
+	registrySettings := registrytypes.RegistrySettings{
+		Hostname:   params.RegistryEndpoint,
+		Username:   params.RegistryUsername,
+		Password:   params.RegistryPassword,
+		Namespace:  params.RegistryNamespace,
+		IsReadOnly: params.RegistryIsReadOnly,
+	}
+
+	identityConfigFile := filepath.Join(params.BaseArchive, "upstream", "userdata", "identityconfig.yaml")
+	if _, err := os.Stat(identityConfigFile); os.IsNotExist(err) {
+		file, err := identity.InitAppIdentityConfig(params.AppSlug)
+		if err != nil {
+			return errors.Wrap(err, "failed to init identity config")
+		}
+		identityConfigFile = file
+		defer os.Remove(identityConfigFile)
+	} else if err != nil {
+		return errors.Wrap(err, "failed to get stat identity config file")
+	}
+
+	pipeReader, pipeWriter := io.Pipe()
+	defer func() {
+		pipeWriter.CloseWithError(finalError)
+	}()
+	go func() {
+		scanner := bufio.NewScanner(pipeReader)
+		for scanner.Scan() {
+			// TODO NOW: update task status when it's moved outside the store
+			// if err := store.GetStore().SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
+			// 	logger.Error(err)
+			// }
+		}
+		pipeReader.CloseWithError(scanner.Err())
+	}()
+
+	pullOptions := pull.PullOptions{
+		LicenseObj:          license,
+		Namespace:           util.AppNamespace(),
+		ConfigFile:          filepath.Join(params.BaseArchive, "upstream", "userdata", "config.yaml"),
+		IdentityConfigFile:  identityConfigFile,
+		InstallationFile:    filepath.Join(params.BaseArchive, "upstream", "userdata", "installation.yaml"),
+		UpdateCursor:        params.UpdateCursor,
+		RootDir:             params.BaseArchive,
+		Downstreams:         []string{"this-cluster"},
+		ExcludeKotsKinds:    true,
+		ExcludeAdminConsole: true,
+		CreateAppDir:        false,
+		ReportWriter:        pipeWriter,
+		AppID:               params.AppID,
+		AppSlug:             params.AppSlug,
+		AppSequence:         params.NextSequence,
+		IsGitOps:            params.AppIsGitOps,
+		ReportingInfo:       nil, // TODO NOW
+		RewriteImages:       registrySettings.IsValid(),
+		RewriteImageOptions: registrySettings,
+		KotsKinds:           beforeKotsKinds,
+	}
+
+	_, err = pull.Pull(fmt.Sprintf("replicated://%s", license.Spec.AppSlug), pullOptions)
+	if err != nil {
+		return errors.Wrap(err, "failed to pull")
+	}
+
+	return nil
+}
diff --git a/pkg/upgrader/handlers/config.go b/pkg/upgrader/handlers/config.go
index e96cfa07e4..bef0c8eae1 100644
--- a/pkg/upgrader/handlers/config.go
+++ b/pkg/upgrader/handlers/config.go
@@ -28,7 +28,6 @@ type CurrentAppConfigResponse struct {
 }
 
 type LiveAppConfigRequest struct {
-	Sequence     int64                     `json:"sequence"`
 	ConfigGroups []kotsv1beta1.ConfigGroup `json:"configGroups"`
 }
 
@@ -101,8 +100,7 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	sequence := params.AppSequence + 1
-	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
+	versionInfo := template.VersionInfoFromInstallationSpec(params.NextSequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
 	appInfo := template.ApplicationInfo{Slug: params.AppSlug}
 	renderedConfig, err := kotsconfig.TemplateConfigObjects(nonRenderedConfig, configValues, appLicense, &kotsKinds.KotsApplication, localRegistry, &versionInfo, &appInfo, kotsKinds.IdentityConfig, util.PodNamespace, false)
 	if err != nil {
@@ -177,9 +175,8 @@ func (h *Handler) LiveAppConfig(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// sequence +1 because the sequence will be incremented on save (and we want the preview to be accurate)
-	sequence := liveAppConfigRequest.Sequence + 1
 	configValues := configValuesFromConfigGroups(liveAppConfigRequest.ConfigGroups)
-	versionInfo := template.VersionInfoFromInstallationSpec(sequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
+	versionInfo := template.VersionInfoFromInstallationSpec(params.NextSequence, params.AppIsAirgap, kotsKinds.Installation.Spec)
 	appInfo := template.ApplicationInfo{Slug: params.AppSlug}
 
 	renderedConfig, err := kotsconfig.TemplateConfigObjects(nonRenderedConfig, configValues, appLicense, &kotsKinds.KotsApplication, localRegistry, &versionInfo, &appInfo, kotsKinds.IdentityConfig, util.PodNamespace, false)
diff --git a/pkg/upgrader/types/types.go b/pkg/upgrader/types/types.go
index 9f83f1d86d..ef4c5b7b1b 100644
--- a/pkg/upgrader/types/types.go
+++ b/pkg/upgrader/types/types.go
@@ -8,7 +8,10 @@ import (
 type StartOptions struct {
 	KOTSVersion      string
 	App              *apptypes.App
-	AppArchive       string
+	BaseArchive      string
+	BaseSequence     int64
+	NextSequence     int64
+	UpdateCursor     string
 	RegistrySettings registrytypes.RegistrySettings
 }
 
@@ -17,10 +20,15 @@ type ServerParams struct {
 
 	AppID       string
 	AppSlug     string
-	AppSequence int64
 	AppIsAirgap bool
+	AppIsGitOps bool
 	AppLicense  string
-	AppArchive  string
+
+	BaseArchive  string
+	BaseSequence int64
+	NextSequence int64
+
+	UpdateCursor string
 
 	RegistryEndpoint   string
 	RegistryUsername   string
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index 6fa0f337ee..5eb9e0dae1 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -46,17 +46,22 @@ func Start(opts types.StartOptions) (finalError error) {
 	// }
 
 	cmd := exec.Command(
-		// kotsBin,
+		// kotsBin, // TODO NOW: use target binary
 		"/kots",
 		"start-upgrader",
 		"--port", freePort,
 
 		"--app-id", opts.App.ID,
 		"--app-slug", opts.App.Slug,
-		"--app-sequence", fmt.Sprintf("%d", opts.App.CurrentSequence),
 		"--app-is-airgap", fmt.Sprintf("%t", opts.App.IsAirgap),
-		"--app-license", opts.App.License,
-		"--app-archive", opts.AppArchive,
+		"--app-is-gitops", fmt.Sprintf("%t", opts.App.IsGitOps),
+		"--app-license", opts.App.License, // TODO NOW: change to base64
+
+		"--base-archive", opts.BaseArchive,
+		"--base-sequence", fmt.Sprintf("%d", opts.BaseSequence),
+		"--next-sequence", fmt.Sprintf("%d", opts.NextSequence),
+
+		"--update-cursor", opts.UpdateCursor,
 
 		"--registry-endpoint", opts.RegistrySettings.Hostname,
 		"--registry-username", opts.RegistrySettings.Username,
diff --git a/pkg/upstream/replicated.go b/pkg/upstream/replicated.go
index 4d3fbf50cb..cd955de0a5 100644
--- a/pkg/upstream/replicated.go
+++ b/pkg/upstream/replicated.go
@@ -359,7 +359,7 @@ func downloadReplicatedApp(replicatedUpstream *replicatedapp.ReplicatedUpstream,
 	defer getResp.Body.Close()
 
 	if getResp.StatusCode >= 300 {
-		body, _ := ioutil.ReadAll(getResp.Body)
+		body, _ := io.ReadAll(getResp.Body)
 		if len(body) > 0 {
 			return nil, util.ActionableError{Message: string(body)}
 		}

From 11d93ff8ae915839c25c099694ea39cdeb07b0ed Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Thu, 23 May 2024 00:47:00 +0000
Subject: [PATCH 09/33] save

---
 pkg/automation/automation.go                  |  2 +-
 pkg/handlers/license.go                       | 10 ++---
 pkg/handlers/upgrader.go                      | 27 +++++--------
 pkg/kotsadmlicense/license.go                 | 39 +++++++++++++++++-
 pkg/license/license.go                        | 40 -------------------
 pkg/store/store_interface.go                  |  4 +-
 pkg/upgrader/bootstrap.go                     |  2 +
 pkg/upgrader/handlers/config.go               |  8 ++--
 pkg/upgrader/server.go                        | 11 ++---
 pkg/upgrader/upgrader.go                      |  2 +-
 web/src/Root.tsx                              | 20 ----------
 web/src/components/apps/AppVersionHistory.tsx |  7 +++-
 web/src/components/upgrader/AppConfig.tsx     |  3 +-
 web/src/scss/utilities/modals.scss            |  5 +++
 14 files changed, 80 insertions(+), 100 deletions(-)

diff --git a/pkg/automation/automation.go b/pkg/automation/automation.go
index 997a2481a0..894596ea3b 100644
--- a/pkg/automation/automation.go
+++ b/pkg/automation/automation.go
@@ -226,7 +226,7 @@ func installLicenseSecret(clientset *kubernetes.Clientset, licenseSecret corev1.
 		return errors.Wrapf(err, "failed to check if license already exists for app %s", appSlug)
 	}
 	if existingLicense != nil {
-		resolved, err := kotslicense.ResolveExistingLicense(verifiedLicense)
+		resolved, err := kotsadmlicense.ResolveExistingLicense(verifiedLicense)
 		if err != nil {
 			logger.Error(errors.Wrap(err, "failed to resolve existing license conflict"))
 		}
diff --git a/pkg/handlers/license.go b/pkg/handlers/license.go
index cc28386f00..8e2a4289db 100644
--- a/pkg/handlers/license.go
+++ b/pkg/handlers/license.go
@@ -15,7 +15,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/kotsadm"
 	kotsadmtypes "github.com/replicatedhq/kots/pkg/kotsadm/types"
-	license "github.com/replicatedhq/kots/pkg/kotsadmlicense"
+	kotsadmlicense "github.com/replicatedhq/kots/pkg/kotsadmlicense"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	kotslicense "github.com/replicatedhq/kots/pkg/license"
 	"github.com/replicatedhq/kots/pkg/logger"
@@ -134,7 +134,7 @@ func (h *Handler) SyncLicense(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	latestLicense, isSynced, err := license.Sync(foundApp, syncLicenseRequest.LicenseData, true)
+	latestLicense, isSynced, err := kotsadmlicense.Sync(foundApp, syncLicenseRequest.LicenseData, true)
 	if err != nil {
 		syncLicenseResponse.Error = "failed to sync license"
 		logger.Error(errors.Wrap(err, syncLicenseResponse.Error))
@@ -299,7 +299,7 @@ func (h *Handler) UploadNewLicense(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// check if license already exists
-	existingLicense, err := license.CheckIfLicenseExists([]byte(licenseString))
+	existingLicense, err := kotsadmlicense.CheckIfLicenseExists([]byte(licenseString))
 	if err != nil {
 		logger.Error(errors.Wrap(err, "failed to check if license already exists"))
 		uploadLicenseResponse.Error = err.Error()
@@ -308,7 +308,7 @@ func (h *Handler) UploadNewLicense(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if existingLicense != nil {
-		resolved, err := kotslicense.ResolveExistingLicense(verifiedLicense)
+		resolved, err := kotsadmlicense.ResolveExistingLicense(verifiedLicense)
 		if err != nil {
 			logger.Error(errors.Wrap(err, "failed to resolve existing license conflict"))
 		}
@@ -619,7 +619,7 @@ func (h *Handler) ChangeLicense(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	newLicense, err := license.Change(foundApp, changeLicenseRequest.LicenseData)
+	newLicense, err := kotsadmlicense.Change(foundApp, changeLicenseRequest.LicenseData)
 	if err != nil {
 		logger.Error(errors.Wrap(err, "failed to change license"))
 		changeLicenseResponse.Error = errors.Cause(err).Error()
diff --git a/pkg/handlers/upgrader.go b/pkg/handlers/upgrader.go
index 7fed946fab..0ec78b476d 100644
--- a/pkg/handlers/upgrader.go
+++ b/pkg/handlers/upgrader.go
@@ -13,7 +13,9 @@ import (
 )
 
 type StartUpgraderRequest struct {
-	KOTSVersion string `json:"kotsVersion"`
+	KOTSVersion  string `json:"kotsVersion"`
+	VersionLabel string `json:"versionLabel"`
+	UpdateCursor string `json:"updateCursor"`
 }
 
 type StartUpgraderResponse struct {
@@ -26,6 +28,8 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 		Success: false,
 	}
 
+	// TODO NOW: required releases
+
 	request := StartUpgraderRequest{}
 	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
 		response.Error = "failed to decode request body"
@@ -52,8 +56,8 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO NOW: get version label from request
-	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(foundApp.ID, airgap.Spec.VersionLabel)
+	// TODO NOW: send version label in request
+	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(foundApp.ID, request.VersionLabel)
 	if err != nil {
 		response.Error = "failed to get app version base archive"
 		logger.Error(errors.Wrap(err, response.Error))
@@ -69,27 +73,14 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO NOW: get latest license? if done here, remove the one in upgrader bootstrap
-
-	updateCursor, err := store.GetStore().GetCurrentUpdateCursor(foundApp.ID, latestLicense.Spec.ChannelID)
-	if err != nil {
-		response.Error = "failed to get current update cursor"
-		logger.Error(errors.Wrap(err, response.Error))
-		JSON(w, http.StatusInternalServerError, response)
-		return
-	}
-
-	// TODO NOW: get cursor from request
-	// TODO NOW: download archive from replicated.app in online mode
-	// TODO NOW: extract archive in airgap mode
-
+	// TODO NOW: send cursor in request
 	err = upgrader.Start(upgradertypes.StartOptions{
 		KOTSVersion:      request.KOTSVersion,
 		App:              foundApp,
 		BaseArchive:      baseArchive,
 		BaseSequence:     baseSequence,
 		NextSequence:     nextSequence,
-		UpdateCursor:     updateCursor,
+		UpdateCursor:     request.UpdateCursor,
 		RegistrySettings: registrySettings,
 		// TODO NOW: reporting info
 	})
diff --git a/pkg/kotsadmlicense/license.go b/pkg/kotsadmlicense/license.go
index f8312706f3..79a41f3314 100644
--- a/pkg/kotsadmlicense/license.go
+++ b/pkg/kotsadmlicense/license.go
@@ -161,7 +161,7 @@ func Change(a *apptypes.App, newLicenseString string) (*kotsv1beta1.License, err
 		return nil, errors.Wrap(err, "failed to check if license exists")
 	}
 	if existingLicense != nil {
-		resolved, err := kotslicense.ResolveExistingLicense(newLicense)
+		resolved, err := ResolveExistingLicense(newLicense)
 		if err != nil {
 			logger.Error(errors.Wrap(err, "failed to resolve existing license conflict"))
 		}
@@ -223,3 +223,40 @@ func CheckIfLicenseExists(license []byte) (*kotsv1beta1.License, error) {
 
 	return nil, nil
 }
+
+func ResolveExistingLicense(newLicense *kotsv1beta1.License) (bool, error) {
+	notInstalledApps, err := store.GetStore().ListFailedApps()
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to list failed apps"))
+		return false, err
+	}
+
+	for _, app := range notInstalledApps {
+		decode := scheme.Codecs.UniversalDeserializer().Decode
+		obj, _, err := decode([]byte(app.License), nil, nil)
+		if err != nil {
+			continue
+		}
+		license := obj.(*kotsv1beta1.License)
+		if license.Spec.LicenseID != newLicense.Spec.LicenseID {
+			continue
+		}
+
+		if err := store.GetStore().RemoveApp(app.ID); err != nil {
+			return false, errors.Wrap(err, "failed to remove existing app record")
+		}
+	}
+
+	// check if license still exists
+	allLicenses, err := store.GetStore().GetAllAppLicenses()
+	if err != nil {
+		return false, errors.Wrap(err, "failed to get all app licenses")
+	}
+	for _, l := range allLicenses {
+		if l.Spec.LicenseID == newLicense.Spec.LicenseID {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
diff --git a/pkg/license/license.go b/pkg/license/license.go
index 8cb8afa740..3eb4e7d669 100644
--- a/pkg/license/license.go
+++ b/pkg/license/license.go
@@ -4,49 +4,9 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/store"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
-	"github.com/replicatedhq/kotskinds/client/kotsclientset/scheme"
 )
 
-func ResolveExistingLicense(newLicense *kotsv1beta1.License) (bool, error) {
-	notInstalledApps, err := store.GetStore().ListFailedApps()
-	if err != nil {
-		logger.Error(errors.Wrap(err, "failed to list failed apps"))
-		return false, err
-	}
-
-	for _, app := range notInstalledApps {
-		decode := scheme.Codecs.UniversalDeserializer().Decode
-		obj, _, err := decode([]byte(app.License), nil, nil)
-		if err != nil {
-			continue
-		}
-		license := obj.(*kotsv1beta1.License)
-		if license.Spec.LicenseID != newLicense.Spec.LicenseID {
-			continue
-		}
-
-		if err := store.GetStore().RemoveApp(app.ID); err != nil {
-			return false, errors.Wrap(err, "failed to remove existing app record")
-		}
-	}
-
-	// check if license still exists
-	allLicenses, err := store.GetStore().GetAllAppLicenses()
-	if err != nil {
-		return false, errors.Wrap(err, "failed to get all app licenses")
-	}
-	for _, l := range allLicenses {
-		if l.Spec.LicenseID == newLicense.Spec.LicenseID {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
-
 func LicenseIsExpired(license *kotsv1beta1.License) (bool, error) {
 	val, found := license.Spec.Entitlements["expires_at"]
 	if !found {
diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index 22d45087bb..cfb80b1232 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -23,13 +23,13 @@ import (
 	usertypes "github.com/replicatedhq/kots/pkg/user/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	troubleshootredact "github.com/replicatedhq/troubleshoot/pkg/redact"
-
 	// this is to prevent the "upgrader" package from importing the store.
 	// any store related information should be passed to the upgrader as:
 	// - start-upgrader cli command flags
 	// - files in the filesystem via the shared pod volumes
 	// - environment variables
-	_ "github.com/replicatedhq/kots/pkg/upgrader"
+	// TODO NOW: resolve cycle dependencies and uncomment this
+	// _ "github.com/replicatedhq/kots/pkg/upgrader"
 )
 
 type Store interface {
diff --git a/pkg/upgrader/bootstrap.go b/pkg/upgrader/bootstrap.go
index bdc15b096b..a256bc43a7 100644
--- a/pkg/upgrader/bootstrap.go
+++ b/pkg/upgrader/bootstrap.go
@@ -17,6 +17,8 @@ import (
 )
 
 func bootstrap(params types.ServerParams) error {
+	// TODO NOW: airgap mode
+
 	if err := pullArchiveFromOnline(params); err != nil {
 		return errors.Wrap(err, "failed to bootstrap cluster token")
 	}
diff --git a/pkg/upgrader/handlers/config.go b/pkg/upgrader/handlers/config.go
index bef0c8eae1..0f2f6b3ad4 100644
--- a/pkg/upgrader/handlers/config.go
+++ b/pkg/upgrader/handlers/config.go
@@ -60,7 +60,7 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	kotsKinds, err := kotsutil.LoadKotsKinds(params.AppArchive)
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive) // TODO NOW: rename BaseArchive
 	if err != nil {
 		currentAppConfigResponse.Error = "failed to load kots kinds from path"
 		logger.Error(errors.Wrap(err, currentAppConfigResponse.Error))
@@ -69,7 +69,7 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// get the non-rendered config from the upstream directory because we have to re-render it with the new values
-	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.AppArchive, "upstream"))
+	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.BaseArchive, "upstream"))
 	if err != nil {
 		currentAppConfigResponse.Error = "failed to find non-rendered config"
 		logger.Error(errors.Wrap(err, currentAppConfigResponse.Error))
@@ -149,7 +149,7 @@ func (h *Handler) LiveAppConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	kotsKinds, err := kotsutil.LoadKotsKinds(params.AppArchive)
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive)
 	if err != nil {
 		liveAppConfigResponse.Error = "failed to load kots kinds from path"
 		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
@@ -158,7 +158,7 @@ func (h *Handler) LiveAppConfig(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// get the non-rendered config from the upstream directory because we have to re-render it with the new values
-	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.AppArchive, "upstream"))
+	nonRenderedConfig, err := kotsutil.FindConfigInPath(filepath.Join(params.BaseArchive, "upstream"))
 	if err != nil {
 		liveAppConfigResponse.Error = "failed to find non-rendered config"
 		logger.Error(errors.Wrap(err, liveAppConfigResponse.Error))
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
index a9d22c5f82..38b356579b 100644
--- a/pkg/upgrader/server.go
+++ b/pkg/upgrader/server.go
@@ -2,7 +2,6 @@ package upgrader
 
 import (
 	"fmt"
-	"log"
 	"net/http"
 	"net/http/httputil"
 	"net/url"
@@ -16,7 +15,11 @@ import (
 )
 
 func Serve(params types.ServerParams) error {
-	log.Printf("KOTS Upgrader version %s\n", buildversion.Version())
+	fmt.Printf("Starting KOTS Upgrader version %s on port %s\n", buildversion.Version(), params.Port)
+
+	if err := bootstrap(params); err != nil {
+		return errors.Wrap(err, "failed to bootstrap")
+	}
 
 	r := mux.NewRouter()
 	r.Use(handlers.ParamsMiddleware(params))
@@ -38,7 +41,7 @@ func Serve(params types.ServerParams) error {
 	} else if os.Getenv("ENABLE_WEB_PROXY") == "1" { // for dev env
 		u, err := url.Parse("http://kotsadm-web:8080")
 		if err != nil {
-			panic(err)
+			return errors.Wrap(err, "failed to parse kotsadm-web url")
 		}
 		upstream := httputil.NewSingleHostReverseProxy(u)
 		webProxy := func(upstream *httputil.ReverseProxy) func(http.ResponseWriter, *http.Request) {
@@ -55,8 +58,6 @@ func Serve(params types.ServerParams) error {
 		Addr:    fmt.Sprintf(":%s", params.Port),
 	}
 
-	fmt.Printf("Starting KOTS Upgrader on port %s...\n", params.Port)
-
 	if err := srv.ListenAndServe(); err != nil {
 		return errors.Wrap(err, "failed to listen and serve")
 	}
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index 5eb9e0dae1..c19f4d3d6a 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -55,7 +55,7 @@ func Start(opts types.StartOptions) (finalError error) {
 		"--app-slug", opts.App.Slug,
 		"--app-is-airgap", fmt.Sprintf("%t", opts.App.IsAirgap),
 		"--app-is-gitops", fmt.Sprintf("%t", opts.App.IsGitOps),
-		"--app-license", opts.App.License, // TODO NOW: change to base64
+		"--app-license", opts.App.License, // TODO NOW: change to base64 or a file?
 
 		"--base-archive", opts.BaseArchive,
 		"--base-sequence", fmt.Sprintf("%d", opts.BaseSequence),
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index e64cbc44ce..78425da0f2 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -458,26 +458,6 @@ const Root = () => {
               />
               <Route path="/crashz" element={<Crashz />} />{" "}
               <Route path="*" element={<NotFound />} />
-              {/* <Route
-                path="/upgrader"
-                element={
-                  <div style={{ height: "100vh", width: "100vw", background: "white" }}>
-                    <h1 style={{ color: "black" }}>
-                      Hello from KOTS Upgrader!
-                    </h1>
-                  </div>
-                }
-              />
-              <Route
-                path="/upgrader/test"
-                element={
-                  <div style={{ height: "100vh", width: "100vw", background: "white" }}>
-                    <h1 style={{ color: "black" }}>
-                      Hello from test in KOTS Upgrader!
-                    </h1>
-                  </div>
-                }
-              /> */}
               <Route
                 path="/secure-console"
                 element={
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index 4695af3049..4fca573a86 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -263,6 +263,8 @@ class AppVersionHistory extends Component<Props, State> {
       },
       body: JSON.stringify({
         kotsVersion: "v1.109.3",
+        versionLabel: "0.0.268",
+        updateCursor: "895",
       }),
       credentials: "include",
       method: "POST",
@@ -2221,11 +2223,14 @@ class AppVersionHistory extends Component<Props, State> {
           }}
           contentLabel="KOTS Upgrader Modal"
           ariaHideApp={false}
-          className="Modal LargeSize"
+          className="Modal UpgraderModal"
         >
           <iframe
             src={`/upgrader/app/${app?.slug}`}
             title="KOTS Upgrader"
+            width="100%" 
+            height="100%"
+            allowFullScreen={true}
           />
         </Modal>
       </div>
diff --git a/web/src/components/upgrader/AppConfig.tsx b/web/src/components/upgrader/AppConfig.tsx
index 449629822e..e34129763a 100644
--- a/web/src/components/upgrader/AppConfig.tsx
+++ b/web/src/components/upgrader/AppConfig.tsx
@@ -251,8 +251,7 @@ class AppConfig extends Component<Props, State> {
   };
 
   handleNext = async () => {
-    // TODO: the most recent config values should already exist in the api
-    // so this should just go to the next page
+    // TODO NOW: validating config from api before moving on
   };
 
   isConfigChanged = (newGroups: ConfigGroup[]) => {
diff --git a/web/src/scss/utilities/modals.scss b/web/src/scss/utilities/modals.scss
index a207bc881e..4517dca0b9 100644
--- a/web/src/scss/utilities/modals.scss
+++ b/web/src/scss/utilities/modals.scss
@@ -74,6 +74,11 @@
       }
     }
 
+    &.UpgraderModal {
+      width: 90%;
+      height: 90%;
+    }
+
     &.ConfigureUpdatesModal {
       overflow: visible;
     }

From 9089dbe0a0d0bd62995a1f89ab600b212b529251 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Thu, 23 May 2024 01:29:06 +0000
Subject: [PATCH 10/33] save

---
 pkg/handlers/handlers.go                  | 10 +++++-----
 pkg/upgrader/bootstrap.go                 |  2 --
 web/src/components/upgrader/AppConfig.tsx |  2 +-
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index d84a78779d..87cd80a1e9 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -317,15 +317,15 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
-	// TODO NOW: support and upgrader service for each app?
+	// Start upgrader
+	r.Name("StartUpgrader").Path("/api/v1/app/{appSlug}/start-upgrader").Methods("POST").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
+
+	// TODO NOW: support an upgrader service for each app? yes because of automated updates? or block updates if an upgrader is running?
 	// Proxy upgrader requests to the upgrader service
 	// CAUTION: modifying this route WILL break backwards compatibility
 	r.Name("UpgraderProxy").PathPrefix("/api/v1/upgrader").Methods("GET", "POST", "PUT").
 		HandlerFunc(upgrader.Proxy) // TODO NOW: enforce access
-
-	// Start upgrader
-	r.Name("StartUpgrader").Path("/api/v1/app/{appSlug}/start-upgrader").Methods("POST").
-		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgrader/bootstrap.go b/pkg/upgrader/bootstrap.go
index a256bc43a7..6c9b7244bd 100644
--- a/pkg/upgrader/bootstrap.go
+++ b/pkg/upgrader/bootstrap.go
@@ -32,8 +32,6 @@ func pullArchiveFromOnline(params types.ServerParams) (finalError error) {
 		return errors.Wrap(err, "failed to load license from bytes")
 	}
 
-	// TODO NOW: get latest license from replicated.app
-
 	beforeKotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive)
 	if err != nil {
 		return errors.Wrap(err, "failed to load current kotskinds")
diff --git a/web/src/components/upgrader/AppConfig.tsx b/web/src/components/upgrader/AppConfig.tsx
index e34129763a..11ed3e4872 100644
--- a/web/src/components/upgrader/AppConfig.tsx
+++ b/web/src/components/upgrader/AppConfig.tsx
@@ -251,7 +251,7 @@ class AppConfig extends Component<Props, State> {
   };
 
   handleNext = async () => {
-    // TODO NOW: validating config from api before moving on
+    // TODO NOW: validate config from api before moving on
   };
 
   isConfigChanged = (newGroups: ConfigGroup[]) => {

From 0b96bf693081fcb35e383829d34df44a1098b74e Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Thu, 23 May 2024 01:43:14 +0000
Subject: [PATCH 11/33] save

---
 pkg/store/store_interface.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index cfb80b1232..18fdfab779 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -28,6 +28,7 @@ import (
 	// - start-upgrader cli command flags
 	// - files in the filesystem via the shared pod volumes
 	// - environment variables
+	// TODO NOW: use a tool to enforce this?
 	// TODO NOW: resolve cycle dependencies and uncomment this
 	// _ "github.com/replicatedhq/kots/pkg/upgrader"
 )

From 7edd3d84d16648372c9c9d6ce07e64114a914194 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Thu, 23 May 2024 15:16:47 +0000
Subject: [PATCH 12/33] save

---
 cmd/kots/cli/start-upgrader.go | 7 ++++---
 pkg/handlers/handlers.go       | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/cmd/kots/cli/start-upgrader.go b/cmd/kots/cli/start-upgrader.go
index f82e5d73a7..af6a1c3732 100644
--- a/cmd/kots/cli/start-upgrader.go
+++ b/cmd/kots/cli/start-upgrader.go
@@ -12,9 +12,10 @@ import (
 // TODO NOW: rename to updater?
 func StartUpgraderCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "start-upgrader",
-		Short: "Starts the KOTS upgrader service",
-		Long:  `Starts the KOTS upgrader service`,
+		Use:    "start-upgrader",
+		Short:  "Starts the KOTS upgrader service",
+		Long:   `Starts the KOTS upgrader service`,
+		Hidden: true,
 		PreRun: func(cmd *cobra.Command, args []string) {
 			viper.BindPFlags(cmd.Flags())
 		},
diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index 87cd80a1e9..8131f21809 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -317,6 +317,7 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
+	// TODO NOW: calling this again will cancel in progress updates. add endpoint to cancel updates?
 	// Start upgrader
 	r.Name("StartUpgrader").Path("/api/v1/app/{appSlug}/start-upgrader").Methods("POST").
 		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))

From 7b776298f480eb9c050695033e3b4bec137ade3d Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 11 Jun 2024 13:33:33 +0000
Subject: [PATCH 13/33] rename to upgrade service

---
 cmd/kots/cli/root.go                          |  2 +-
 cmd/kots/cli/start-upgrader.go                | 14 +++---
 pkg/apiserver/server.go                       |  6 +--
 pkg/handlers/handlers.go                      | 16 +++---
 pkg/handlers/interface.go                     |  4 +-
 pkg/handlers/mock/mock.go                     | 12 ++---
 pkg/handlers/upgrader.go                      | 18 +++----
 pkg/store/store_interface.go                  |  8 +--
 pkg/upgrader/bootstrap.go                     |  4 +-
 pkg/upgrader/handlers/handlers.go             | 12 ++---
 pkg/upgrader/handlers/interface.go            |  2 +-
 pkg/upgrader/handlers/middleware.go           |  2 +-
 pkg/upgrader/server.go                        |  8 +--
 pkg/upgrader/upgrader.go                      | 49 ++++++++++---------
 web/src/Root.tsx                              | 14 +++---
 web/src/components/apps/AppVersionHistory.tsx | 22 ++++-----
 .../config_render/ConfigFileInput.jsx         |  2 +-
 .../AppConfig.tsx                             |  0
 .../UpgradeService.tsx}                       |  2 +-
 web/src/index.tsx                             |  4 +-
 web/src/scss/utilities/modals.scss            |  2 +-
 21 files changed, 102 insertions(+), 101 deletions(-)
 rename web/src/components/{upgrader => upgrade_service}/AppConfig.tsx (100%)
 rename web/src/components/{upgrader/Upgrader.tsx => upgrade_service/UpgradeService.tsx} (95%)

diff --git a/cmd/kots/cli/root.go b/cmd/kots/cli/root.go
index b0cedd76ac..991ca0cae1 100644
--- a/cmd/kots/cli/root.go
+++ b/cmd/kots/cli/root.go
@@ -55,7 +55,7 @@ func RootCmd() *cobra.Command {
 	cmd.AddCommand(CompletionCmd())
 	cmd.AddCommand(DockerRegistryCmd())
 	cmd.AddCommand(EnableHACmd())
-	cmd.AddCommand(StartUpgraderCmd())
+	cmd.AddCommand(StartUpgradeServiceCmd())
 
 	viper.BindPFlags(cmd.Flags())
 
diff --git a/cmd/kots/cli/start-upgrader.go b/cmd/kots/cli/start-upgrader.go
index af6a1c3732..09512c7934 100644
--- a/cmd/kots/cli/start-upgrader.go
+++ b/cmd/kots/cli/start-upgrader.go
@@ -3,18 +3,18 @@ package cli
 import (
 	"fmt"
 
-	"github.com/replicatedhq/kots/pkg/upgrader"
-	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 // TODO NOW: rename to updater?
-func StartUpgraderCmd() *cobra.Command {
+func StartUpgradeServiceCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:    "start-upgrader",
-		Short:  "Starts the KOTS upgrader service",
-		Long:   `Starts the KOTS upgrader service`,
+		Use:    "start-upgrade-service",
+		Short:  "Starts the KOTS upgrade service",
+		Long:   `Starts the KOTS upgrade service`,
 		Hidden: true,
 		PreRun: func(cmd *cobra.Command, args []string) {
 			viper.BindPFlags(cmd.Flags())
@@ -43,7 +43,7 @@ func StartUpgraderCmd() *cobra.Command {
 				RegistryNamespace:  v.GetString("registry-namespace"),
 				RegistryIsReadOnly: v.GetBool("registry-is-readonly"),
 			}
-			if err := upgrader.Serve(params); err != nil {
+			if err := upgradeservice.Serve(params); err != nil {
 				return err
 			}
 
diff --git a/pkg/apiserver/server.go b/pkg/apiserver/server.go
index 1ab80159cb..191c907a0d 100644
--- a/pkg/apiserver/server.go
+++ b/pkg/apiserver/server.go
@@ -29,7 +29,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/supportbundle"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
-	"github.com/replicatedhq/kots/pkg/upgrader"
+	"github.com/replicatedhq/kots/pkg/upgradeservice"
 	"github.com/replicatedhq/kots/pkg/util"
 	"golang.org/x/crypto/bcrypt"
 )
@@ -195,9 +195,9 @@ func Start(params *APIServerParams) {
 	* Static routes
 	**********************************************************************/
 
-	// Serve the upgrader UI from the upgrader service
+	// Serve the upgrade UI from the upgrade service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.PathPrefix("/upgrader").Methods("GET").HandlerFunc(upgrader.Proxy)
+	r.PathPrefix("/upgrade-service").Methods("GET").HandlerFunc(upgradeservice.Proxy)
 
 	// TODO NOW: move this to a shared function
 	// to avoid confusion, we don't serve this in the dev env...
diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index 8131f21809..e118313a54 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -9,7 +9,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/policy"
 	"github.com/replicatedhq/kots/pkg/store"
-	"github.com/replicatedhq/kots/pkg/upgrader"
+	"github.com/replicatedhq/kots/pkg/upgradeservice"
 	kotsscheme "github.com/replicatedhq/kotskinds/client/kotsclientset/scheme"
 	troubleshootscheme "github.com/replicatedhq/troubleshoot/pkg/client/troubleshootclientset/scheme"
 	yaml "github.com/replicatedhq/yaml/v3"
@@ -318,15 +318,15 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
 	// TODO NOW: calling this again will cancel in progress updates. add endpoint to cancel updates?
-	// Start upgrader
-	r.Name("StartUpgrader").Path("/api/v1/app/{appSlug}/start-upgrader").Methods("POST").
-		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgrader))
+	// Start upgrade service
+	r.Name("StartUpgradeService").Path("/api/v1/app/{appSlug}/start-upgrade-service").Methods("POST").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgradeService))
 
-	// TODO NOW: support an upgrader service for each app? yes because of automated updates? or block updates if an upgrader is running?
-	// Proxy upgrader requests to the upgrader service
+	// TODO NOW: support an upgrade service for each app? yes because of automated updates? or block updates if an upgrade service is running?
+	// Proxy upgrade service requests to the upgrade service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.Name("UpgraderProxy").PathPrefix("/api/v1/upgrader").Methods("GET", "POST", "PUT").
-		HandlerFunc(upgrader.Proxy) // TODO NOW: enforce access
+	r.Name("UpgradeServiceProxy").PathPrefix("/api/v1/upgrade-service").Methods("GET", "POST", "PUT").
+		HandlerFunc(upgradeservice.Proxy) // TODO NOW: enforce access
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/handlers/interface.go b/pkg/handlers/interface.go
index 917f6e3148..e5bc386808 100644
--- a/pkg/handlers/interface.go
+++ b/pkg/handlers/interface.go
@@ -162,6 +162,6 @@ type KOTSHandler interface {
 	// Password change
 	ChangePassword(w http.ResponseWriter, r *http.Request)
 
-	// Upgrader
-	StartUpgrader(w http.ResponseWriter, r *http.Request)
+	// Upgrade service
+	StartUpgradeService(w http.ResponseWriter, r *http.Request)
 }
diff --git a/pkg/handlers/mock/mock.go b/pkg/handlers/mock/mock.go
index 8fd9f05e0b..e230ada681 100644
--- a/pkg/handlers/mock/mock.go
+++ b/pkg/handlers/mock/mock.go
@@ -1390,16 +1390,16 @@ func (mr *MockKOTSHandlerMockRecorder) StartPreflightChecks(w, r interface{}) *g
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "StartPreflightChecks", reflect.TypeOf((*MockKOTSHandler)(nil).StartPreflightChecks), w, r)
 }
 
-// StartUpgrader mocks base method.
-func (m *MockKOTSHandler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
+// StartUpgradeService mocks base method.
+func (m *MockKOTSHandler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 	m.ctrl.T.Helper()
-	m.ctrl.Call(m, "StartUpgrader", w, r)
+	m.ctrl.Call(m, "StartUpgradeService", w, r)
 }
 
-// StartUpgrader indicates an expected call of StartUpgrader.
-func (mr *MockKOTSHandlerMockRecorder) StartUpgrader(w, r interface{}) *gomock.Call {
+// StartUpgradeService indicates an expected call of StartUpgradeService.
+func (mr *MockKOTSHandlerMockRecorder) StartUpgradeService(w, r interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "StartUpgrader", reflect.TypeOf((*MockKOTSHandler)(nil).StartUpgrader), w, r)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "StartUpgradeService", reflect.TypeOf((*MockKOTSHandler)(nil).StartUpgradeService), w, r)
 }
 
 // SyncLicense mocks base method.
diff --git a/pkg/handlers/upgrader.go b/pkg/handlers/upgrader.go
index 0ec78b476d..0ecf3fccf6 100644
--- a/pkg/handlers/upgrader.go
+++ b/pkg/handlers/upgrader.go
@@ -8,29 +8,29 @@ import (
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/store"
-	"github.com/replicatedhq/kots/pkg/upgrader"
-	upgradertypes "github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice"
+	upgradeservicetypes "github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
 
-type StartUpgraderRequest struct {
+type StartUpgradeServiceRequest struct {
 	KOTSVersion  string `json:"kotsVersion"`
 	VersionLabel string `json:"versionLabel"`
 	UpdateCursor string `json:"updateCursor"`
 }
 
-type StartUpgraderResponse struct {
+type StartUpgradeServiceResponse struct {
 	Success bool   `json:"success"`
 	Error   string `json:"error,omitempty"`
 }
 
-func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
-	response := StartUpgraderResponse{
+func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
+	response := StartUpgradeServiceResponse{
 		Success: false,
 	}
 
 	// TODO NOW: required releases
 
-	request := StartUpgraderRequest{}
+	request := StartUpgradeServiceRequest{}
 	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
 		response.Error = "failed to decode request body"
 		logger.Error(errors.Wrap(err, response.Error))
@@ -74,7 +74,7 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// TODO NOW: send cursor in request
-	err = upgrader.Start(upgradertypes.StartOptions{
+	err = upgradeservice.Start(upgradeservicetypes.StartOptions{
 		KOTSVersion:      request.KOTSVersion,
 		App:              foundApp,
 		BaseArchive:      baseArchive,
@@ -85,7 +85,7 @@ func (h *Handler) StartUpgrader(w http.ResponseWriter, r *http.Request) {
 		// TODO NOW: reporting info
 	})
 	if err != nil {
-		response.Error = "failed to start upgrader"
+		response.Error = "failed to start upgrade service"
 		logger.Error(errors.Wrap(err, response.Error))
 		JSON(w, http.StatusInternalServerError, response)
 		return
diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index 18fdfab779..41724541f6 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -23,14 +23,14 @@ import (
 	usertypes "github.com/replicatedhq/kots/pkg/user/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	troubleshootredact "github.com/replicatedhq/troubleshoot/pkg/redact"
-	// this is to prevent the "upgrader" package from importing the store.
-	// any store related information should be passed to the upgrader as:
-	// - start-upgrader cli command flags
+	// this is to prevent the "upgradeservice" package from importing the store.
+	// any store related information should be passed to the upgradeservice as:
+	// - start-upgrade-service cli command flags
 	// - files in the filesystem via the shared pod volumes
 	// - environment variables
 	// TODO NOW: use a tool to enforce this?
 	// TODO NOW: resolve cycle dependencies and uncomment this
-	// _ "github.com/replicatedhq/kots/pkg/upgrader"
+	// _ "github.com/replicatedhq/kots/pkg/upgradeservice"
 )
 
 type Store interface {
diff --git a/pkg/upgrader/bootstrap.go b/pkg/upgrader/bootstrap.go
index 6c9b7244bd..85223a1322 100644
--- a/pkg/upgrader/bootstrap.go
+++ b/pkg/upgrader/bootstrap.go
@@ -1,4 +1,4 @@
-package upgrader
+package upgradeservice
 
 import (
 	"bufio"
@@ -12,7 +12,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/pull"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
-	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 	"github.com/replicatedhq/kots/pkg/util"
 )
 
diff --git a/pkg/upgrader/handlers/handlers.go b/pkg/upgrader/handlers/handlers.go
index 0f7fed1bfc..715957b616 100644
--- a/pkg/upgrader/handlers/handlers.go
+++ b/pkg/upgrader/handlers/handlers.go
@@ -12,7 +12,7 @@ import (
 	"k8s.io/client-go/kubernetes/scheme"
 )
 
-var _ UpgraderHandler = (*Handler)(nil)
+var _ UpgradeServiceHandler = (*Handler)(nil)
 
 type Handler struct {
 }
@@ -23,15 +23,15 @@ func init() {
 	veleroscheme.AddToScheme(scheme.Scheme)
 }
 
-func RegisterRoutes(r *mux.Router, handler UpgraderHandler) {
+func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 	r.Use(LoggingMiddleware)
 
-	// TODO NOW: move "/api/v1/upgrader" to a subrouter and add a caution statement
+	// TODO NOW: move "/api/v1/upgrade-service" to a subrouter and add a caution statement
 
-	r.Path("/api/v1/upgrader/ping").Methods("GET").HandlerFunc(handler.Ping)
+	r.Path("/api/v1/upgrade-service/ping").Methods("GET").HandlerFunc(handler.Ping)
 
-	r.Path("/api/v1/upgrader/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
-	r.Path("/api/v1/upgrader/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
+	r.Path("/api/v1/upgrade-service/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
+	r.Path("/api/v1/upgrade-service/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgrader/handlers/interface.go b/pkg/upgrader/handlers/interface.go
index b48a471d8a..7825aa6dff 100644
--- a/pkg/upgrader/handlers/interface.go
+++ b/pkg/upgrader/handlers/interface.go
@@ -2,7 +2,7 @@ package handlers
 
 import "net/http"
 
-type UpgraderHandler interface {
+type UpgradeServiceHandler interface {
 	Ping(w http.ResponseWriter, r *http.Request)
 
 	CurrentAppConfig(w http.ResponseWriter, r *http.Request)
diff --git a/pkg/upgrader/handlers/middleware.go b/pkg/upgrader/handlers/middleware.go
index 218e4263c0..4d90bcda87 100644
--- a/pkg/upgrader/handlers/middleware.go
+++ b/pkg/upgrader/handlers/middleware.go
@@ -8,7 +8,7 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
 
 type paramsKey struct{}
diff --git a/pkg/upgrader/server.go b/pkg/upgrader/server.go
index 38b356579b..9677f000c1 100644
--- a/pkg/upgrader/server.go
+++ b/pkg/upgrader/server.go
@@ -1,4 +1,4 @@
-package upgrader
+package upgradeservice
 
 import (
 	"fmt"
@@ -10,12 +10,12 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/buildversion"
-	"github.com/replicatedhq/kots/pkg/upgrader/handlers"
-	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/handlers"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
 
 func Serve(params types.ServerParams) error {
-	fmt.Printf("Starting KOTS Upgrader version %s on port %s\n", buildversion.Version(), params.Port)
+	fmt.Printf("Starting KOTS Upgrade Service version %s on port %s\n", buildversion.Version(), params.Port)
 
 	if err := bootstrap(params); err != nil {
 		return errors.Wrap(err, "failed to bootstrap")
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgrader/upgrader.go
index c19f4d3d6a..06c06f7163 100644
--- a/pkg/upgrader/upgrader.go
+++ b/pkg/upgrader/upgrader.go
@@ -1,4 +1,4 @@
-package upgrader
+package upgradeservice
 
 import (
 	_ "embed"
@@ -13,15 +13,15 @@ import (
 	"github.com/phayes/freeport"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/upgrader/types"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
 
-var upgraderProcess *os.Process
-var upgraderPort string
+var upgradeServiceProcess *os.Process
+var upgradeServicePort string
 
-// Start will spin up an upgrader service in the background on a random port.
-// If an upgrader is already running, it will be stopped and a new one will be started.
-// The KOTS binary of the specified version will be used to start the upgrader.
+// Start will spin up an upgrade service in the background on a random port.
+// If an upgrade service is already running, it will be stopped and a new one will be started.
+// The KOTS binary of the specified version will be used to start the upgrade service.
 func Start(opts types.StartOptions) (finalError error) {
 	defer func() {
 		if finalError != nil {
@@ -29,7 +29,7 @@ func Start(opts types.StartOptions) (finalError error) {
 		}
 	}()
 
-	// stop the upgrader if it's already running.
+	// stop the upgrade service if it's already running.
 	// don't bail if not able to stop, and start a new one
 	stop()
 
@@ -48,7 +48,7 @@ func Start(opts types.StartOptions) (finalError error) {
 	cmd := exec.Command(
 		// kotsBin, // TODO NOW: use target binary
 		"/kots",
-		"start-upgrader",
+		"start-upgrade-service",
 		"--port", freePort,
 
 		"--app-id", opts.App.ID,
@@ -77,27 +77,27 @@ func Start(opts types.StartOptions) (finalError error) {
 		return errors.Wrap(err, "failed to start")
 	}
 
-	upgraderPort = freePort
-	upgraderProcess = cmd.Process
+	upgradeServicePort = freePort
+	upgradeServiceProcess = cmd.Process
 
 	if err := waitForReady(time.Second * 30); err != nil {
-		return errors.Wrap(err, "failed to wait for upgrader to become ready")
+		return errors.Wrap(err, "failed to wait for upgrade service to become ready")
 	}
 
 	return nil
 }
 
-// Proxy will proxy the request to the upgrader service.
+// Proxy will proxy the request to the upgrade service.
 func Proxy(w http.ResponseWriter, r *http.Request) {
-	if upgraderPort == "" {
-		logger.Error(errors.New("upgrader is not running"))
+	if upgradeServicePort == "" {
+		logger.Error(errors.New("upgrade service is not running"))
 		w.WriteHeader(http.StatusServiceUnavailable)
 		return
 	}
 
-	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgraderPort))
+	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgradeServicePort))
 	if err != nil {
-		logger.Error(errors.Wrap(err, "failed to parse upgrader url"))
+		logger.Error(errors.Wrap(err, "failed to parse upgrade service url"))
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
@@ -107,20 +107,21 @@ func Proxy(w http.ResponseWriter, r *http.Request) {
 }
 
 func stop() {
-	if upgraderProcess != nil {
-		if err := upgraderProcess.Signal(os.Interrupt); err != nil {
-			logger.Errorf("Failed to stop upgrader process on port %s", upgraderPort)
+	if upgradeServiceProcess != nil {
+		if err := upgradeServiceProcess.Signal(os.Interrupt); err != nil {
+			logger.Errorf("Failed to stop upgrade service process on port %s", upgradeServicePort)
 		}
 	}
-	upgraderPort = ""
-	upgraderProcess = nil
+	upgradeServicePort = ""
+	upgradeServiceProcess = nil
 }
 
 func waitForReady(timeout time.Duration) error {
 	start := time.Now()
 
+	// TODO NOW: return last error
 	for {
-		url := fmt.Sprintf("http://localhost:%s/api/v1/upgrader/ping", upgraderPort)
+		url := fmt.Sprintf("http://localhost:%s/api/v1/upgrade-service/ping", upgradeServicePort)
 		newRequest, err := http.NewRequest("GET", url, nil)
 		if err == nil {
 			resp, err := http.DefaultClient.Do(newRequest)
@@ -134,7 +135,7 @@ func waitForReady(timeout time.Duration) error {
 		time.Sleep(time.Second)
 
 		if time.Since(start) > timeout {
-			return errors.Errorf("Timeout waiting for upgrader to become ready on port %s", upgraderPort)
+			return errors.Errorf("Timeout waiting for upgrade-service to become ready on port %s", upgradeServicePort)
 		}
 	}
 }
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index 78425da0f2..ae83691f76 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -98,7 +98,7 @@ type State = {
   snapshotInProgressApps: string[];
   isEmbeddedClusterWaitingForNodes: boolean;
   themeState: ThemeState;
-  shouldShowUpgraderModal: boolean;
+  shouldShowUpgradeServiceModal: boolean;
 };
 
 let interval: ReturnType<typeof setInterval> | undefined;
@@ -131,7 +131,7 @@ const Root = () => {
         navbarLogo: null,
       },
       app: null,
-      shouldShowUpgraderModal: false,
+      shouldShowUpgradeServiceModal: false,
     }
   );
 
@@ -862,17 +862,17 @@ const Root = () => {
         )}
       </Modal>
       <Modal
-        isOpen={state.shouldShowUpgraderModal}
+        isOpen={state.shouldShowUpgradeServiceModal}
         onRequestClose={() => {
-          setState({ shouldShowUpgraderModal: false });
+          setState({ shouldShowUpgradeServiceModal: false });
         }}
-        contentLabel="KOTS Upgrader Modal"
+        contentLabel="KOTS Upgrade Service Modal"
         ariaHideApp={false}
         className="Modal LargeSize"
       >
         <iframe
-          src="/upgrader"
-          title="KOTS Upgrader"
+          src="/upgrade-service"
+          title="KOTS Upgrade Service"
         />
       </Modal>
     </QueryClientProvider>
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index 4fca573a86..2a9ec245fd 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -146,7 +146,7 @@ type State = {
   versionToDeploy: Version | null;
   viewLogsErrMsg: string;
   yamlErrorDetails: string[];
-  shouldShowUpgraderModal: boolean;
+  shouldShowUpgradeServiceModal: boolean;
 };
 
 class AppVersionHistory extends Component<Props, State> {
@@ -212,7 +212,7 @@ class AppVersionHistory extends Component<Props, State> {
       versionToDeploy: null,
       viewLogsErrMsg: "",
       yamlErrorDetails: [],
-      shouldShowUpgraderModal: false,
+      shouldShowUpgradeServiceModal: false,
     };
   }
 
@@ -256,7 +256,7 @@ class AppVersionHistory extends Component<Props, State> {
 
     // TODO NOW: remove this
     const appSlug = this.props.params.slug;
-    fetch(`${process.env.API_ENDPOINT}/app/${appSlug}/start-upgrader`, {
+    fetch(`${process.env.API_ENDPOINT}/app/${appSlug}/start-upgrade-service`, {
       headers: {
         "Content-Type": "application/json",
         Accept: "application/json",
@@ -271,12 +271,12 @@ class AppVersionHistory extends Component<Props, State> {
     }).then(async (res) => {
       if (res.ok) {
         this.setState({
-          shouldShowUpgraderModal: true,
+          shouldShowUpgradeServiceModal: true,
         });
         return;
       }
       const text = await res.text();
-      console.log("failed to init upgrader", text);
+      console.log("failed to init upgrade service", text);
     })
     .catch((err) => {
       console.log(err);
@@ -2217,17 +2217,17 @@ class AppVersionHistory extends Component<Props, State> {
           />
         )}
         <Modal
-          isOpen={this.state.shouldShowUpgraderModal}
+          isOpen={this.state.shouldShowUpgradeServiceModal}
           onRequestClose={() => {
-            this.setState({ shouldShowUpgraderModal: false });
+            this.setState({ shouldShowUpgradeServiceModal: false });
           }}
-          contentLabel="KOTS Upgrader Modal"
+          contentLabel="KOTS Upgrade Service Modal"
           ariaHideApp={false}
-          className="Modal UpgraderModal"
+          className="Modal UpgradeServiceModal"
         >
           <iframe
-            src={`/upgrader/app/${app?.slug}`}
-            title="KOTS Upgrader"
+            src={`/upgrade-service/app/${app?.slug}`}
+            title="KOTS Upgrade Service"
             width="100%" 
             height="100%"
             allowFullScreen={true}
diff --git a/web/src/components/config_render/ConfigFileInput.jsx b/web/src/components/config_render/ConfigFileInput.jsx
index b03b07a95b..4482764629 100644
--- a/web/src/components/config_render/ConfigFileInput.jsx
+++ b/web/src/components/config_render/ConfigFileInput.jsx
@@ -29,7 +29,7 @@ export default class ConfigFileInput extends Component {
   };
 
   handleDownloadFile = async (fileName) => {
-    // TODO NOW: download from upgrader if rendered in upgrader and use a different sequence!
+    // TODO NOW: download from upgrade service if rendered in upgrade service and use a different sequence!
     const url = `${process.env.API_ENDPOINT}/app/${this.props.appSlug}/config/${this.props.configSequence}/${fileName}/download`;
     fetch(url, {
       method: "GET",
diff --git a/web/src/components/upgrader/AppConfig.tsx b/web/src/components/upgrade_service/AppConfig.tsx
similarity index 100%
rename from web/src/components/upgrader/AppConfig.tsx
rename to web/src/components/upgrade_service/AppConfig.tsx
diff --git a/web/src/components/upgrader/Upgrader.tsx b/web/src/components/upgrade_service/UpgradeService.tsx
similarity index 95%
rename from web/src/components/upgrader/Upgrader.tsx
rename to web/src/components/upgrade_service/UpgradeService.tsx
index 222f21c2d1..eddfdb7d2d 100644
--- a/web/src/components/upgrader/Upgrader.tsx
+++ b/web/src/components/upgrade_service/UpgradeService.tsx
@@ -3,7 +3,7 @@ import { Helmet } from "react-helmet";
 import NotFound from "@components/static/NotFound";
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 
-import AppConfig from "@components/upgrader/AppConfig";
+import AppConfig from "@components/upgrade_service/AppConfig";
 
 // types
 import { ToastProvider } from "@src/context/ToastContext";
diff --git a/web/src/index.tsx b/web/src/index.tsx
index b277ed45cb..c1ef1d0a31 100644
--- a/web/src/index.tsx
+++ b/web/src/index.tsx
@@ -1,7 +1,7 @@
 import { createRoot } from "react-dom/client";
 import { BrowserRouter, Route, Routes } from "react-router-dom";
 import ReplicatedErrorBoundary from "./components/shared/ErrorBoundary";
-import { Upgrader } from "@components/upgrader/Upgrader";
+import { UpgradeService } from "@components/upgrade_service/UpgradeService";
 import { Root } from "./Root";
 
 // scss
@@ -19,7 +19,7 @@ const root = createRoot(container); // createRoot(container!) if you use TypeScr
 root.render(
   <BrowserRouter>
     <Routes>
-      <Route path="/upgrader/*" element={<Upgrader />} />
+      <Route path="/upgrade-service/*" element={<UpgradeService />} />
       <Route path="/*"
         element={
           <ReplicatedErrorBoundary>
diff --git a/web/src/scss/utilities/modals.scss b/web/src/scss/utilities/modals.scss
index 4517dca0b9..4f70ac1d01 100644
--- a/web/src/scss/utilities/modals.scss
+++ b/web/src/scss/utilities/modals.scss
@@ -74,7 +74,7 @@
       }
     }
 
-    &.UpgraderModal {
+    &.UpgradeServiceModal {
       width: 90%;
       height: 90%;
     }

From 15ef89da551ac0153ece5c6b563cdcb237fc9e97 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 11 Jun 2024 14:08:33 +0000
Subject: [PATCH 14/33] update pkg name

---
 pkg/handlers/{upgrader.go => upgrade_service.go}        | 0
 pkg/{upgrader => upgradeservice}/bootstrap.go           | 0
 pkg/{upgrader => upgradeservice}/handlers/config.go     | 0
 pkg/{upgrader => upgradeservice}/handlers/handlers.go   | 0
 pkg/{upgrader => upgradeservice}/handlers/interface.go  | 0
 pkg/{upgrader => upgradeservice}/handlers/middleware.go | 0
 pkg/{upgrader => upgradeservice}/handlers/ping.go       | 0
 pkg/{upgrader => upgradeservice}/handlers/spa.go        | 0
 pkg/{upgrader => upgradeservice}/handlers/static.go     | 0
 pkg/{upgrader => upgradeservice}/server.go              | 0
 pkg/{upgrader => upgradeservice}/types/types.go         | 0
 pkg/{upgrader => upgradeservice}/upgrader.go            | 0
 web/src/components/upgrade_service/AppConfig.tsx        | 4 ++--
 web/src/components/upgrade_service/UpgradeService.tsx   | 4 ++--
 14 files changed, 4 insertions(+), 4 deletions(-)
 rename pkg/handlers/{upgrader.go => upgrade_service.go} (100%)
 rename pkg/{upgrader => upgradeservice}/bootstrap.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/config.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/handlers.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/interface.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/middleware.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/ping.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/spa.go (100%)
 rename pkg/{upgrader => upgradeservice}/handlers/static.go (100%)
 rename pkg/{upgrader => upgradeservice}/server.go (100%)
 rename pkg/{upgrader => upgradeservice}/types/types.go (100%)
 rename pkg/{upgrader => upgradeservice}/upgrader.go (100%)

diff --git a/pkg/handlers/upgrader.go b/pkg/handlers/upgrade_service.go
similarity index 100%
rename from pkg/handlers/upgrader.go
rename to pkg/handlers/upgrade_service.go
diff --git a/pkg/upgrader/bootstrap.go b/pkg/upgradeservice/bootstrap.go
similarity index 100%
rename from pkg/upgrader/bootstrap.go
rename to pkg/upgradeservice/bootstrap.go
diff --git a/pkg/upgrader/handlers/config.go b/pkg/upgradeservice/handlers/config.go
similarity index 100%
rename from pkg/upgrader/handlers/config.go
rename to pkg/upgradeservice/handlers/config.go
diff --git a/pkg/upgrader/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
similarity index 100%
rename from pkg/upgrader/handlers/handlers.go
rename to pkg/upgradeservice/handlers/handlers.go
diff --git a/pkg/upgrader/handlers/interface.go b/pkg/upgradeservice/handlers/interface.go
similarity index 100%
rename from pkg/upgrader/handlers/interface.go
rename to pkg/upgradeservice/handlers/interface.go
diff --git a/pkg/upgrader/handlers/middleware.go b/pkg/upgradeservice/handlers/middleware.go
similarity index 100%
rename from pkg/upgrader/handlers/middleware.go
rename to pkg/upgradeservice/handlers/middleware.go
diff --git a/pkg/upgrader/handlers/ping.go b/pkg/upgradeservice/handlers/ping.go
similarity index 100%
rename from pkg/upgrader/handlers/ping.go
rename to pkg/upgradeservice/handlers/ping.go
diff --git a/pkg/upgrader/handlers/spa.go b/pkg/upgradeservice/handlers/spa.go
similarity index 100%
rename from pkg/upgrader/handlers/spa.go
rename to pkg/upgradeservice/handlers/spa.go
diff --git a/pkg/upgrader/handlers/static.go b/pkg/upgradeservice/handlers/static.go
similarity index 100%
rename from pkg/upgrader/handlers/static.go
rename to pkg/upgradeservice/handlers/static.go
diff --git a/pkg/upgrader/server.go b/pkg/upgradeservice/server.go
similarity index 100%
rename from pkg/upgrader/server.go
rename to pkg/upgradeservice/server.go
diff --git a/pkg/upgrader/types/types.go b/pkg/upgradeservice/types/types.go
similarity index 100%
rename from pkg/upgrader/types/types.go
rename to pkg/upgradeservice/types/types.go
diff --git a/pkg/upgrader/upgrader.go b/pkg/upgradeservice/upgrader.go
similarity index 100%
rename from pkg/upgrader/upgrader.go
rename to pkg/upgradeservice/upgrader.go
diff --git a/web/src/components/upgrade_service/AppConfig.tsx b/web/src/components/upgrade_service/AppConfig.tsx
index 11ed3e4872..b2d757330b 100644
--- a/web/src/components/upgrade_service/AppConfig.tsx
+++ b/web/src/components/upgrade_service/AppConfig.tsx
@@ -183,7 +183,7 @@ class AppConfig extends Component<Props, State> {
     });
 
     fetch(
-      `${process.env.API_ENDPOINT}/upgrader/app/${slug}/config${window.location.search}`,
+      `${process.env.API_ENDPOINT}/upgrade-service/app/${slug}/config${window.location.search}`,
       {
         method: "GET",
         headers: {
@@ -351,7 +351,7 @@ class AppConfig extends Component<Props, State> {
     const signal = this.fetchController.signal;
 
     fetch(
-      `${process.env.API_ENDPOINT}/upgrader/app/${slug}/liveconfig${window.location.search}`,
+      `${process.env.API_ENDPOINT}/upgrade-service/app/${slug}/liveconfig${window.location.search}`,
       {
         signal,
         headers: {
diff --git a/web/src/components/upgrade_service/UpgradeService.tsx b/web/src/components/upgrade_service/UpgradeService.tsx
index eddfdb7d2d..ba1417dff7 100644
--- a/web/src/components/upgrade_service/UpgradeService.tsx
+++ b/web/src/components/upgrade_service/UpgradeService.tsx
@@ -11,7 +11,7 @@ import { ToastProvider } from "@src/context/ToastContext";
 // react-query client
 const queryClient = new QueryClient();
 
-const Upgrader = () => {
+const UpgradeService = () => {
   const Crashz = () => {
     throw new Error("Crashz!");
   };
@@ -42,4 +42,4 @@ const Upgrader = () => {
   );
 };
 
-export { Upgrader };
+export { UpgradeService };

From df99ab42165bccc6d78228e39d9130777747f13c Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Tue, 11 Jun 2024 15:24:57 -0400
Subject: [PATCH 15/33] add available updates api endpoint (#4677)

* add available updates api endpoint

* rename pending to available
---
 pkg/handlers/handlers.go                |   2 +
 pkg/handlers/interface.go               |   1 +
 pkg/handlers/mock/mock.go               |  12 ++
 pkg/handlers/update.go                  |  51 +++++++
 pkg/updatechecker/updatechecker.go      |  40 ++++++
 pkg/updatechecker/updatechecker_test.go | 172 ++++++++++++++++++++++++
 pkg/upstream/replicated.go              |   8 +-
 pkg/upstream/types/types.go             |   1 +
 8 files changed, 285 insertions(+), 2 deletions(-)

diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index e118313a54..7d7e7db458 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -110,6 +110,8 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 		HandlerFunc(middleware.EnforceAccess(policy.AppRead, handler.GetLatestDeployableVersion))
 	r.Name("GetUpdateDownloadStatus").Path("/api/v1/app/{appSlug}/task/updatedownload").Methods("GET").
 		HandlerFunc(middleware.EnforceAccess(policy.AppRead, handler.GetUpdateDownloadStatus)) // NOTE: appSlug is unused
+	r.Name("GetAvailableUpdates").Path("/api/v1/app/{appSlug}/updates").Methods("GET").
+		HandlerFunc(middleware.EnforceAccess(policy.AppDownstreamRead, handler.GetAvailableUpdates))
 
 	// Airgap
 	r.Name("AirgapBundleProgress").Path("/api/v1/app/{appSlug}/airgap/bundleprogress/{identifier}/{totalChunks}").Methods("GET").
diff --git a/pkg/handlers/interface.go b/pkg/handlers/interface.go
index e5bc386808..d3130c526d 100644
--- a/pkg/handlers/interface.go
+++ b/pkg/handlers/interface.go
@@ -49,6 +49,7 @@ type KOTSHandler interface {
 	GetLatestDeployableVersion(w http.ResponseWriter, r *http.Request)
 	GetUpdateDownloadStatus(w http.ResponseWriter, r *http.Request) // NOTE: appSlug is unused
 	GetPendingApp(w http.ResponseWriter, r *http.Request)
+	GetAvailableUpdates(w http.ResponseWriter, r *http.Request)
 
 	// Airgap
 	AirgapBundleProgress(w http.ResponseWriter, r *http.Request)
diff --git a/pkg/handlers/mock/mock.go b/pkg/handlers/mock/mock.go
index e230ada681..972f92b95d 100644
--- a/pkg/handlers/mock/mock.go
+++ b/pkg/handlers/mock/mock.go
@@ -670,6 +670,18 @@ func (mr *MockKOTSHandlerMockRecorder) GetAutomaticUpdatesConfig(w, r interface{
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAutomaticUpdatesConfig", reflect.TypeOf((*MockKOTSHandler)(nil).GetAutomaticUpdatesConfig), w, r)
 }
 
+// GetAvailableUpdates mocks base method.
+func (m *MockKOTSHandler) GetAvailableUpdates(w http.ResponseWriter, r *http.Request) {
+	m.ctrl.T.Helper()
+	m.ctrl.Call(m, "GetAvailableUpdates", w, r)
+}
+
+// GetAvailableUpdates indicates an expected call of GetAvailableUpdates.
+func (mr *MockKOTSHandlerMockRecorder) GetAvailableUpdates(w, r interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetAvailableUpdates", reflect.TypeOf((*MockKOTSHandler)(nil).GetAvailableUpdates), w, r)
+}
+
 // GetBackup mocks base method.
 func (m *MockKOTSHandler) GetBackup(w http.ResponseWriter, r *http.Request) {
 	m.ctrl.T.Helper()
diff --git a/pkg/handlers/update.go b/pkg/handlers/update.go
index 24aa6a48e8..414e5a7759 100644
--- a/pkg/handlers/update.go
+++ b/pkg/handlers/update.go
@@ -15,8 +15,10 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/airgap"
+	downstreamtypes "github.com/replicatedhq/kots/pkg/api/downstream/types"
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/kotsadm"
+	license "github.com/replicatedhq/kots/pkg/kotsadmlicense"
 	"github.com/replicatedhq/kots/pkg/kurl"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/reporting"
@@ -207,6 +209,55 @@ func (h *Handler) AppUpdateCheck(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusBadRequest)
 }
 
+type AvailableUpdatesResponse struct {
+	Success bool                                 `json:"success"`
+	Updates []*downstreamtypes.DownstreamVersion `json:"updates,omitempty"`
+}
+
+func (h *Handler) GetAvailableUpdates(w http.ResponseWriter, r *http.Request) {
+	if kotsadm.IsAirgap() {
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+
+	availableUpdatesResponse := AvailableUpdatesResponse{
+		Success: false,
+	}
+
+	appSlug, ok := mux.Vars(r)["appSlug"]
+	if !ok {
+		logger.Error(errors.New("appSlug is required"))
+		JSON(w, http.StatusBadRequest, availableUpdatesResponse)
+		return
+	}
+
+	store := store.GetStore()
+	app, err := store.GetAppFromSlug(appSlug)
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to get app from slug"))
+		JSON(w, http.StatusInternalServerError, availableUpdatesResponse)
+		return
+	}
+
+	latestLicense, _, err := license.Sync(app, "", false)
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to sync license"))
+		JSON(w, http.StatusInternalServerError, availableUpdatesResponse)
+		return
+	}
+
+	updates, err := updatechecker.GetAvailableUpdates(store, app, latestLicense)
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to get available app updates"))
+		JSON(w, http.StatusInternalServerError, availableUpdatesResponse)
+		return
+	}
+
+	availableUpdatesResponse.Success = true
+	availableUpdatesResponse.Updates = updates
+	JSON(w, http.StatusOK, availableUpdatesResponse)
+}
+
 type UpdateAdminConsoleResponse struct {
 	Success      bool   `json:"success"`
 	UpdateStatus string `json:"updateStatus"`
diff --git a/pkg/updatechecker/updatechecker.go b/pkg/updatechecker/updatechecker.go
index 287eca9ebb..f5d751edc7 100644
--- a/pkg/updatechecker/updatechecker.go
+++ b/pkg/updatechecker/updatechecker.go
@@ -22,9 +22,11 @@ import (
 	storepkg "github.com/replicatedhq/kots/pkg/store"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/tasks"
+	upstreampkg "github.com/replicatedhq/kots/pkg/upstream"
 	upstreamtypes "github.com/replicatedhq/kots/pkg/upstream/types"
 	"github.com/replicatedhq/kots/pkg/util"
 	"github.com/replicatedhq/kots/pkg/version"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	cron "github.com/robfig/cron/v3"
 	"go.uber.org/zap"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -728,3 +730,41 @@ func removeOldUpdates(updates []upstreamtypes.Update, appVersions *downstreamtyp
 
 	return fileteredUpdates
 }
+
+func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *kotsv1beta1.License) ([]*downstreamtypes.DownstreamVersion, error) {
+	updateCursor, err := kotsStore.GetCurrentUpdateCursor(app.ID, license.Spec.ChannelID)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get current update cursor")
+	}
+
+	upstreamURI := fmt.Sprintf("replicated://%s", license.Spec.AppSlug)
+	fetchOptions := &upstreamtypes.FetchOptions{
+		License:            license,
+		LastUpdateCheckAt:  app.LastUpdateCheckAt,
+		CurrentCursor:      updateCursor,
+		CurrentChannelID:   license.Spec.ChannelID,
+		CurrentChannelName: license.Spec.ChannelName,
+		ChannelChanged:     app.ChannelChanged,
+		SortOrder:          "desc", // get the latest updates first
+		ReportingInfo:      reporting.GetReportingInfo(app.ID),
+	}
+	updates, err := upstreampkg.GetUpdatesUpstream(upstreamURI, fetchOptions)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get updates")
+	}
+
+	availableVersions := []*downstreamtypes.DownstreamVersion{}
+	for _, u := range updates.Updates {
+		availableVersions = append(availableVersions, &downstreamtypes.DownstreamVersion{
+			VersionLabel:       u.VersionLabel,
+			UpdateCursor:       u.Cursor,
+			ChannelID:          u.ChannelID,
+			IsRequired:         u.IsRequired,
+			Status:             storetypes.VersionPendingDownload,
+			UpstreamReleasedAt: u.ReleasedAt,
+			ReleaseNotes:       u.ReleaseNotes,
+		})
+	}
+
+	return availableVersions, nil
+}
diff --git a/pkg/updatechecker/updatechecker_test.go b/pkg/updatechecker/updatechecker_test.go
index 773424f519..bfaa32a4c2 100644
--- a/pkg/updatechecker/updatechecker_test.go
+++ b/pkg/updatechecker/updatechecker_test.go
@@ -1,8 +1,12 @@
 package updatechecker
 
 import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/blang/semver"
 	"github.com/golang/mock/gomock"
@@ -11,9 +15,12 @@ import (
 	apptypes "github.com/replicatedhq/kots/pkg/app/types"
 	"github.com/replicatedhq/kots/pkg/cursor"
 	preflighttypes "github.com/replicatedhq/kots/pkg/preflight/types"
+	storepkg "github.com/replicatedhq/kots/pkg/store"
 	mock_store "github.com/replicatedhq/kots/pkg/store/mock"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/upstream"
 	upstreamtypes "github.com/replicatedhq/kots/pkg/upstream/types"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/stretchr/testify/require"
 )
 
@@ -918,3 +925,168 @@ func Test_removeOldUpdates(t *testing.T) {
 		req.Equal(test.want, got)
 	}
 }
+
+func TestGetAvailableUpdates(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	mockStore := mock_store.NewMockStore(ctrl)
+
+	testTime := time.Date(2024, 1, 1, 0, 0, 0, 0, time.UTC)
+
+	type args struct {
+		kotsStore storepkg.Store
+		app       *apptypes.App
+		license   *kotsv1beta1.License
+	}
+	tests := []struct {
+		name            string
+		args            args
+		channelReleases []upstream.ChannelRelease
+		setup           func(t *testing.T, args args, mockServerEndpoint string)
+		want            []*downstreamtypes.DownstreamVersion
+		wantErr         bool
+	}{
+		{
+			name: "no updates",
+			args: args{
+				kotsStore: mockStore,
+				app: &apptypes.App{
+					ID: "app-id",
+				},
+				license: &kotsv1beta1.License{
+					Spec: kotsv1beta1.LicenseSpec{
+						ChannelID:   "channel-id",
+						ChannelName: "channel-name",
+						AppSlug:     "app-slug",
+						LicenseID:   "license-id",
+					},
+				},
+			},
+			channelReleases: []upstream.ChannelRelease{},
+			setup: func(t *testing.T, args args, licenseEndpoint string) {
+				t.Setenv("USE_MOCK_REPORTING", "1")
+				args.license.Spec.Endpoint = licenseEndpoint
+				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
+			},
+			want:    []*downstreamtypes.DownstreamVersion{},
+			wantErr: false,
+		},
+		{
+			name: "has updates",
+			args: args{
+				kotsStore: mockStore,
+				app: &apptypes.App{
+					ID: "app-id",
+				},
+				license: &kotsv1beta1.License{
+					Spec: kotsv1beta1.LicenseSpec{
+						ChannelID:   "channel-id",
+						ChannelName: "channel-name",
+						AppSlug:     "app-slug",
+						LicenseID:   "license-id",
+					},
+				},
+			},
+			channelReleases: []upstream.ChannelRelease{
+				{
+					ChannelSequence: 2,
+					ReleaseSequence: 2,
+					VersionLabel:    "0.0.2",
+					IsRequired:      false,
+					CreatedAt:       testTime.Format(time.RFC3339),
+					ReleaseNotes:    "release notes",
+				},
+				{
+					ChannelSequence: 1,
+					ReleaseSequence: 1,
+					VersionLabel:    "0.0.1",
+					IsRequired:      false,
+					CreatedAt:       testTime.Format(time.RFC3339),
+					ReleaseNotes:    "release notes",
+				},
+			},
+			setup: func(t *testing.T, args args, licenseEndpoint string) {
+				t.Setenv("USE_MOCK_REPORTING", "1")
+				args.license.Spec.Endpoint = licenseEndpoint
+				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
+			},
+			want: []*downstreamtypes.DownstreamVersion{
+				{
+					VersionLabel:       "0.0.2",
+					UpdateCursor:       "2",
+					ChannelID:          "channel-id",
+					IsRequired:         false,
+					Status:             storetypes.VersionPendingDownload,
+					UpstreamReleasedAt: &testTime,
+					ReleaseNotes:       "release notes",
+				},
+				{
+					VersionLabel:       "0.0.1",
+					UpdateCursor:       "1",
+					ChannelID:          "channel-id",
+					IsRequired:         false,
+					Status:             storetypes.VersionPendingDownload,
+					UpstreamReleasedAt: &testTime,
+					ReleaseNotes:       "release notes",
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "fails to fetch updates",
+			args: args{
+				kotsStore: mockStore,
+				app: &apptypes.App{
+					ID: "app-id",
+				},
+				license: &kotsv1beta1.License{
+					Spec: kotsv1beta1.LicenseSpec{
+						ChannelID:   "channel-id",
+						ChannelName: "channel-name",
+						AppSlug:     "app-slug",
+						LicenseID:   "license-id",
+					},
+				},
+			},
+			channelReleases: []upstream.ChannelRelease{},
+			setup: func(t *testing.T, args args, licenseEndpoint string) {
+				t.Setenv("USE_MOCK_REPORTING", "1")
+				args.license.Spec.Endpoint = licenseEndpoint
+				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
+			},
+			want:    []*downstreamtypes.DownstreamVersion{},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := require.New(t)
+			mockServer := newMockServerWithReleases(tt.channelReleases, tt.wantErr)
+			defer mockServer.Close()
+			tt.setup(t, tt.args, mockServer.URL)
+			got, err := GetAvailableUpdates(tt.args.kotsStore, tt.args.app, tt.args.license)
+			if tt.wantErr {
+				req.Error(err)
+				return
+			}
+			req.NoError(err)
+			req.Equal(tt.want, got)
+		})
+	}
+}
+
+func newMockServerWithReleases(channelReleases []upstream.ChannelRelease, wantErr bool) *httptest.Server {
+	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if wantErr {
+			http.Error(w, "error", http.StatusInternalServerError)
+			return
+		}
+		var response struct {
+			ChannelReleases []upstream.ChannelRelease `json:"channelReleases"`
+		}
+		response.ChannelReleases = channelReleases
+		w.Header().Set("X-Replicated-UpdateCheckAt", time.Now().Format(time.RFC3339))
+		if err := json.NewEncoder(w).Encode(response); err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+	}))
+}
diff --git a/pkg/upstream/replicated.go b/pkg/upstream/replicated.go
index cd955de0a5..8569db4841 100644
--- a/pkg/upstream/replicated.go
+++ b/pkg/upstream/replicated.go
@@ -81,7 +81,7 @@ func getUpdatesReplicated(fetchOptions *types.FetchOptions) (*types.UpdateCheckR
 		return nil, errors.New("No license was provided")
 	}
 
-	pendingReleases, updateCheckTime, err := listPendingChannelReleases(fetchOptions.License, fetchOptions.LastUpdateCheckAt, currentCursor, fetchOptions.ChannelChanged, fetchOptions.ReportingInfo)
+	pendingReleases, updateCheckTime, err := listPendingChannelReleases(fetchOptions.License, fetchOptions.LastUpdateCheckAt, currentCursor, fetchOptions.ChannelChanged, fetchOptions.SortOrder, fetchOptions.ReportingInfo)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to list replicated app releases")
 	}
@@ -441,7 +441,7 @@ func downloadReplicatedApp(replicatedUpstream *replicatedapp.ReplicatedUpstream,
 	return &release, nil
 }
 
-func listPendingChannelReleases(license *kotsv1beta1.License, lastUpdateCheckAt *time.Time, currentCursor replicatedapp.ReplicatedCursor, channelChanged bool, reportingInfo *reportingtypes.ReportingInfo) ([]ChannelRelease, *time.Time, error) {
+func listPendingChannelReleases(license *kotsv1beta1.License, lastUpdateCheckAt *time.Time, currentCursor replicatedapp.ReplicatedCursor, channelChanged bool, sortOrder string, reportingInfo *reportingtypes.ReportingInfo) ([]ChannelRelease, *time.Time, error) {
 	u, err := url.Parse(license.Spec.Endpoint)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "failed to parse endpoint from license")
@@ -466,6 +466,10 @@ func listPendingChannelReleases(license *kotsv1beta1.License, lastUpdateCheckAt
 		urlValues.Add("lastUpdateCheckAt", lastUpdateCheckAt.UTC().Format(time.RFC3339))
 	}
 
+	if sortOrder != "" {
+		urlValues.Add("sortOrder", sortOrder)
+	}
+
 	url := fmt.Sprintf("%s://%s/release/%s/pending?%s", u.Scheme, hostname, license.Spec.AppSlug, urlValues.Encode())
 
 	req, err := util.NewRequest("GET", url, nil)
diff --git a/pkg/upstream/types/types.go b/pkg/upstream/types/types.go
index e7548cb19f..6ce7cc80e2 100644
--- a/pkg/upstream/types/types.go
+++ b/pkg/upstream/types/types.go
@@ -107,6 +107,7 @@ type FetchOptions struct {
 	CurrentReplicatedChartNames     []string
 	CurrentEmbeddedClusterArtifacts *kotsv1beta1.EmbeddedClusterArtifacts
 	ChannelChanged                  bool
+	SortOrder                       string
 	AppSlug                         string
 	AppSequence                     int64
 	AppVersionLabel                 string

From be60914e3536151cea501ed13a8f1d481a153e41 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Tue, 11 Jun 2024 19:58:21 +0000
Subject: [PATCH 16/33] move tasks outside the store

---
 cmd/kots/cli/install.go                       |   6 +-
 ...t-upgrader.go => start-upgrade-service.go} |   1 -
 pkg/airgap/airgap.go                          |  15 +-
 pkg/airgap/update.go                          |  10 +-
 pkg/automation/automation.go                  |   9 +-
 pkg/handlers/airgap.go                        |   3 +-
 pkg/handlers/app.go                           |   6 +-
 pkg/handlers/gitops.go                        |   9 +-
 pkg/handlers/image_rewrite_status.go          |   4 +-
 pkg/handlers/registry.go                      |   7 +-
 pkg/handlers/status.go                        |   6 +-
 pkg/kotsadmupstream/upstream.go               |  17 +-
 pkg/online/online.go                          |  11 +-
 pkg/registry/images.go                        |  11 +-
 pkg/registry/registry.go                      |  11 +-
 pkg/store/kotsstore/airgap_store.go           |   3 +-
 pkg/store/kotsstore/downstream_store.go       |   3 +-
 pkg/store/kotsstore/installation_store.go     |   3 +-
 pkg/store/kotsstore/kots_store.go             |  11 +-
 pkg/store/kotsstore/migrations.go             |   3 +-
 pkg/store/kotsstore/task_store.go             | 255 -------------
 pkg/store/mock/mock.go                        | 139 --------
 pkg/store/store_interface.go                  |   8 -
 pkg/tasks/tasks.go                            | 335 +++++++++++++++++-
 pkg/updatechecker/updatechecker.go            |   6 +-
 pkg/upgradeservice/bootstrap.go               |  11 +-
 pkg/upgradeservice/handlers/handlers.go       |  12 +-
 .../{upgrader.go => process.go}               |   0
 web/src/Root.tsx                              |   5 +-
 web/src/components/apps/AppVersionHistory.tsx |  27 +-
 .../components/upgrade_service/AppConfig.tsx  |  14 +-
 web/src/index.tsx                             |   3 +-
 32 files changed, 447 insertions(+), 517 deletions(-)
 rename cmd/kots/cli/{start-upgrader.go => start-upgrade-service.go} (98%)
 delete mode 100644 pkg/store/kotsstore/task_store.go
 rename pkg/upgradeservice/{upgrader.go => process.go} (100%)

diff --git a/cmd/kots/cli/install.go b/cmd/kots/cli/install.go
index d2c268641f..e98110dfc8 100644
--- a/cmd/kots/cli/install.go
+++ b/cmd/kots/cli/install.go
@@ -37,8 +37,8 @@ import (
 	"github.com/replicatedhq/kots/pkg/print"
 	"github.com/replicatedhq/kots/pkg/pull"
 	"github.com/replicatedhq/kots/pkg/replicatedapp"
-	"github.com/replicatedhq/kots/pkg/store/kotsstore"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/replicatedhq/troubleshoot/pkg/preflight"
 	"github.com/spf13/cobra"
@@ -887,7 +887,7 @@ func ValidateAutomatedInstall(deployOptions kotsadmtypes.DeployOptions, authSlug
 	return "", errors.New("timeout waiting for automated install. Use the --wait-duration flag to increase timeout.")
 }
 
-func getAutomatedInstallStatus(url string, authSlug string) (*kotsstore.TaskStatus, error) {
+func getAutomatedInstallStatus(url string, authSlug string) (*tasks.TaskStatus, error) {
 	newReq, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to create request")
@@ -910,7 +910,7 @@ func getAutomatedInstallStatus(url string, authSlug string) (*kotsstore.TaskStat
 		return nil, errors.Wrap(err, "failed to read response body")
 	}
 
-	taskStatus := kotsstore.TaskStatus{}
+	taskStatus := tasks.TaskStatus{}
 	if err := json.Unmarshal(b, &taskStatus); err != nil {
 		return nil, errors.Wrap(err, "failed to unmarshal task status")
 	}
diff --git a/cmd/kots/cli/start-upgrader.go b/cmd/kots/cli/start-upgrade-service.go
similarity index 98%
rename from cmd/kots/cli/start-upgrader.go
rename to cmd/kots/cli/start-upgrade-service.go
index 09512c7934..7eb77a889f 100644
--- a/cmd/kots/cli/start-upgrader.go
+++ b/cmd/kots/cli/start-upgrade-service.go
@@ -9,7 +9,6 @@ import (
 	"github.com/spf13/viper"
 )
 
-// TODO NOW: rename to updater?
 func StartUpgradeServiceCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:    "start-upgrade-service",
diff --git a/pkg/airgap/airgap.go b/pkg/airgap/airgap.go
index cb61e3eda7..c388d7fe1a 100644
--- a/pkg/airgap/airgap.go
+++ b/pkg/airgap/airgap.go
@@ -28,6 +28,7 @@ import (
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/supportbundle"
 	supportbundletypes "github.com/replicatedhq/kots/pkg/supportbundle/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/util"
 	"github.com/replicatedhq/kots/pkg/version"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
@@ -54,7 +55,7 @@ type CreateAirgapAppOpts struct {
 // will also have a version
 func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 	taskID := fmt.Sprintf("airgap-install-slug-%s", opts.PendingApp.Slug)
-	if err := store.GetStore().SetTaskStatus(taskID, "Processing package...", "running"); err != nil {
+	if err := tasks.SetTaskStatus(taskID, "Processing package...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -64,7 +65,7 @@ func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp(taskID); err != nil {
+				if err := tasks.UpdateTaskStatusTimestamp(taskID); err != nil {
 					logger.Error(errors.Wrapf(err, "failed to update task %s", taskID))
 				}
 			case <-finishedCh:
@@ -75,14 +76,14 @@ func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 
 	defer func() {
 		if finalError == nil {
-			if err := store.GetStore().ClearTaskStatus(taskID); err != nil {
+			if err := tasks.ClearTaskStatus(taskID); err != nil {
 				logger.Error(errors.Wrap(err, "failed to clear install task status"))
 			}
 			if err := store.GetStore().SetAppInstallState(opts.PendingApp.ID, "installed"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set app status to installed"))
 			}
 		} else {
-			if err := store.GetStore().SetTaskStatus(taskID, finalError.Error(), "failed"); err != nil {
+			if err := tasks.SetTaskStatus(taskID, finalError.Error(), "failed"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set error on install task status"))
 			}
 			if err := store.GetStore().SetAppInstallState(opts.PendingApp.ID, "airgap_upload_error"); err != nil {
@@ -96,7 +97,7 @@ func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 	}
 
 	// Extract it
-	if err := store.GetStore().SetTaskStatus(taskID, "Extracting files...", "running"); err != nil {
+	if err := tasks.SetTaskStatus(taskID, "Extracting files...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -130,7 +131,7 @@ func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 	}
 	defer os.RemoveAll(tmpRoot)
 
-	if err := store.GetStore().SetTaskStatus(taskID, "Reading license data...", "running"); err != nil {
+	if err := tasks.SetTaskStatus(taskID, "Reading license data...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -154,7 +155,7 @@ func CreateAppFromAirgap(opts CreateAirgapAppOpts) (finalError error) {
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			if err := store.GetStore().SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
+			if err := tasks.SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
 				logger.Error(errors.Wrapf(err, "failed to set status for task %s", taskID))
 			}
 		}
diff --git a/pkg/airgap/update.go b/pkg/airgap/update.go
index b34cc56977..2bc3634b69 100644
--- a/pkg/airgap/update.go
+++ b/pkg/airgap/update.go
@@ -36,7 +36,7 @@ func UpdateAppFromAirgap(a *apptypes.App, airgapBundlePath string, deploy bool,
 		finishedChan <- finalError
 	}()
 
-	if err := store.GetStore().SetTaskStatus("update-download", "Extracting files...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Extracting files...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -55,7 +55,7 @@ func UpdateAppFromAirgap(a *apptypes.App, airgapBundlePath string, deploy bool,
 }
 
 func UpdateAppFromPath(a *apptypes.App, airgapRoot string, airgapBundlePath string, deploy bool, skipPreflights bool, skipCompatibilityCheck bool) error {
-	if err := store.GetStore().SetTaskStatus("update-download", "Processing package...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Processing package...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set tasks status")
 	}
 
@@ -97,7 +97,7 @@ func UpdateAppFromPath(a *apptypes.App, airgapRoot string, airgapBundlePath stri
 		return err
 	}
 
-	if err := store.GetStore().SetTaskStatus("update-download", "Processing app package...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Processing app package...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -113,7 +113,7 @@ func UpdateAppFromPath(a *apptypes.App, airgapRoot string, airgapBundlePath stri
 		downstreamNames = append(downstreamNames, d.Name)
 	}
 
-	if err := store.GetStore().SetTaskStatus("update-download", "Creating app version...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Creating app version...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -126,7 +126,7 @@ func UpdateAppFromPath(a *apptypes.App, airgapRoot string, airgapBundlePath stri
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			if err := store.GetStore().SetTaskStatus("update-download", scanner.Text(), "running"); err != nil {
+			if err := tasks.SetTaskStatus("update-download", scanner.Text(), "running"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to update download status"))
 			}
 		}
diff --git a/pkg/automation/automation.go b/pkg/automation/automation.go
index 894596ea3b..d39044ed34 100644
--- a/pkg/automation/automation.go
+++ b/pkg/automation/automation.go
@@ -27,6 +27,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/replicatedapp"
 	"github.com/replicatedhq/kots/pkg/store"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"go.uber.org/zap"
@@ -147,7 +148,7 @@ func installLicenseSecret(clientset *kubernetes.Clientset, licenseSecret corev1.
 		return errors.Wrap(err, "failed to marshal task message")
 	}
 	taskID := fmt.Sprintf("automated-install-slug-%s", appSlug)
-	if err := store.GetStore().SetTaskStatus(taskID, string(taskMessage), AutomatedInstallRunning); err != nil {
+	if err := tasks.SetTaskStatus(taskID, string(taskMessage), AutomatedInstallRunning); err != nil {
 		logger.Error(errors.Wrap(err, "failed to set task status"))
 	}
 
@@ -157,7 +158,7 @@ func installLicenseSecret(clientset *kubernetes.Clientset, licenseSecret corev1.
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp(taskID); err != nil {
+				if err := tasks.UpdateTaskStatusTimestamp(taskID); err != nil {
 					logger.Error(errors.Wrapf(err, "failed to update task %s", taskID))
 				}
 			case <-finishedCh:
@@ -183,7 +184,7 @@ func installLicenseSecret(clientset *kubernetes.Clientset, licenseSecret corev1.
 			if err != nil {
 				logger.Error(errors.Wrap(err, "failed to marshal task message"))
 			}
-			if err := store.GetStore().SetTaskStatus(taskID, string(taskMessage), AutomatedInstallSuccess); err != nil {
+			if err := tasks.SetTaskStatus(taskID, string(taskMessage), AutomatedInstallSuccess); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set error on install task status"))
 			}
 		} else {
@@ -191,7 +192,7 @@ func installLicenseSecret(clientset *kubernetes.Clientset, licenseSecret corev1.
 			if err != nil {
 				logger.Error(errors.Wrap(err, "failed to marshal task message"))
 			}
-			if err := store.GetStore().SetTaskStatus(taskID, string(taskMessage), AutomatedInstallFailed); err != nil {
+			if err := tasks.SetTaskStatus(taskID, string(taskMessage), AutomatedInstallFailed); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set error on install task status"))
 			}
 		}
diff --git a/pkg/handlers/airgap.go b/pkg/handlers/airgap.go
index a5be3abcbd..5300985d1a 100644
--- a/pkg/handlers/airgap.go
+++ b/pkg/handlers/airgap.go
@@ -19,6 +19,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/util"
 )
 
@@ -322,7 +323,7 @@ func (h *Handler) UpdateAppFromAirgap(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// this is to avoid a race condition where the UI polls the task status before it is set by the goroutine
-	if err := store.GetStore().SetTaskStatus("update-download", "Processing...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Processing...", "running"); err != nil {
 		logger.Error(errors.Wrap(err, "failed to set task status"))
 		w.WriteHeader(http.StatusInternalServerError)
 		return
diff --git a/pkg/handlers/app.go b/pkg/handlers/app.go
index 522bd33766..37a9f98afb 100644
--- a/pkg/handlers/app.go
+++ b/pkg/handlers/app.go
@@ -25,8 +25,8 @@ import (
 	"github.com/replicatedhq/kots/pkg/render"
 	"github.com/replicatedhq/kots/pkg/session"
 	"github.com/replicatedhq/kots/pkg/store"
-	"github.com/replicatedhq/kots/pkg/store/kotsstore"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/util"
 	"github.com/replicatedhq/kots/pkg/version"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
@@ -656,13 +656,13 @@ func (h *Handler) GetLatestDeployableVersion(w http.ResponseWriter, r *http.Requ
 }
 
 func (h *Handler) GetAutomatedInstallStatus(w http.ResponseWriter, r *http.Request) {
-	status, msg, err := store.GetStore().GetTaskStatus(fmt.Sprintf("automated-install-slug-%s", mux.Vars(r)["appSlug"]))
+	status, msg, err := tasks.GetTaskStatus(fmt.Sprintf("automated-install-slug-%s", mux.Vars(r)["appSlug"]))
 	if err != nil {
 		logger.Error(errors.Wrapf(err, "failed to get install status for app %s", mux.Vars(r)["appSlug"]))
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-	response := kotsstore.TaskStatus{
+	response := tasks.TaskStatus{
 		Status:  status,
 		Message: msg,
 	}
diff --git a/pkg/handlers/gitops.go b/pkg/handlers/gitops.go
index b254789f9b..0d946a7c99 100644
--- a/pkg/handlers/gitops.go
+++ b/pkg/handlers/gitops.go
@@ -13,6 +13,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 )
 
 type UpdateAppGitOpsRequest struct {
@@ -103,7 +104,7 @@ func (h *Handler) DisableAppGitOps(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) InitGitOpsConnection(w http.ResponseWriter, r *http.Request) {
-	currentStatus, _, err := store.GetStore().GetTaskStatus("gitops-init")
+	currentStatus, _, err := tasks.GetTaskStatus("gitops-init")
 	if err != nil {
 		logger.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -187,7 +188,7 @@ func (h *Handler) InitGitOpsConnection(w http.ResponseWriter, r *http.Request) {
 	}
 
 	go func() {
-		if err := store.GetStore().SetTaskStatus("gitops-init", "Creating commits ...", "running"); err != nil {
+		if err := tasks.SetTaskStatus("gitops-init", "Creating commits ...", "running"); err != nil {
 			logger.Error(errors.Wrap(err, "failed to set task status running"))
 			return
 		}
@@ -195,11 +196,11 @@ func (h *Handler) InitGitOpsConnection(w http.ResponseWriter, r *http.Request) {
 		var finalError error
 		defer func() {
 			if finalError == nil {
-				if err := store.GetStore().ClearTaskStatus("gitops-init"); err != nil {
+				if err := tasks.ClearTaskStatus("gitops-init"); err != nil {
 					logger.Error(errors.Wrap(err, "failed to clear task status"))
 				}
 			} else {
-				if err := store.GetStore().SetTaskStatus("gitops-init", finalError.Error(), "failed"); err != nil {
+				if err := tasks.SetTaskStatus("gitops-init", finalError.Error(), "failed"); err != nil {
 					logger.Error(errors.Wrap(err, "failed to set task status error"))
 				}
 			}
diff --git a/pkg/handlers/image_rewrite_status.go b/pkg/handlers/image_rewrite_status.go
index fe8cba3e6a..611eb178a4 100644
--- a/pkg/handlers/image_rewrite_status.go
+++ b/pkg/handlers/image_rewrite_status.go
@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 )
 
 type GetImageRewriteStatusResponse struct {
@@ -13,7 +13,7 @@ type GetImageRewriteStatusResponse struct {
 }
 
 func (h *Handler) GetImageRewriteStatus(w http.ResponseWriter, r *http.Request) {
-	status, message, err := store.GetStore().GetTaskStatus("image-rewrite")
+	status, message, err := tasks.GetTaskStatus("image-rewrite")
 	if err != nil {
 		logger.Error(err)
 		w.WriteHeader(500)
diff --git a/pkg/handlers/registry.go b/pkg/handlers/registry.go
index 42c4594d6c..9a068897d8 100644
--- a/pkg/handlers/registry.go
+++ b/pkg/handlers/registry.go
@@ -22,6 +22,7 @@ import (
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
 	"github.com/replicatedhq/kots/pkg/render"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/version"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -132,7 +133,7 @@ func (h *Handler) UpdateAppRegistry(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	currentStatus, _, err := store.GetStore().GetTaskStatus("image-rewrite")
+	currentStatus, _, err := tasks.GetTaskStatus("image-rewrite")
 	if err != nil {
 		logger.Error(errors.Wrap(err, "failed to get image-rewrite taks status"))
 		updateAppRegistryResponse.Error = err.Error()
@@ -148,7 +149,7 @@ func (h *Handler) UpdateAppRegistry(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := store.GetStore().ClearTaskStatus("image-rewrite"); err != nil {
+	if err := tasks.ClearTaskStatus("image-rewrite"); err != nil {
 		logger.Error(errors.Wrap(err, "failed to clear image-rewrite taks status"))
 		updateAppRegistryResponse.Error = err.Error()
 		JSON(w, http.StatusInternalServerError, updateAppRegistryResponse)
@@ -225,7 +226,7 @@ func (h *Handler) UpdateAppRegistry(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// set task status before starting the goroutine so that the UI can show the status
-	if err := store.GetStore().SetTaskStatus("image-rewrite", "Updating registry settings", "running"); err != nil {
+	if err := tasks.SetTaskStatus("image-rewrite", "Updating registry settings", "running"); err != nil {
 		logger.Error(errors.Wrap(err, "failed to set task status"))
 		updateAppRegistryResponse.Error = err.Error()
 		JSON(w, http.StatusInternalServerError, updateAppRegistryResponse)
diff --git a/pkg/handlers/status.go b/pkg/handlers/status.go
index 94210dd1ac..8d073a45ef 100644
--- a/pkg/handlers/status.go
+++ b/pkg/handlers/status.go
@@ -8,7 +8,7 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 )
 
 type GetUpdateDownloadStatusResponse struct {
@@ -17,7 +17,7 @@ type GetUpdateDownloadStatusResponse struct {
 }
 
 func (h *Handler) GetUpdateDownloadStatus(w http.ResponseWriter, r *http.Request) {
-	status, message, err := store.GetStore().GetTaskStatus("update-download")
+	status, message, err := tasks.GetTaskStatus("update-download")
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		logger.Error(err)
@@ -49,7 +49,7 @@ func (h *Handler) GetAppVersionDownloadStatus(w http.ResponseWriter, r *http.Req
 	}
 
 	taskID := fmt.Sprintf("update-download.%d", sequence)
-	status, message, err := store.GetStore().GetTaskStatus(taskID)
+	status, message, err := tasks.GetTaskStatus(taskID)
 	if err != nil {
 		errMsg := fmt.Sprintf("failed to get %s task status", taskID)
 		logger.Error(errors.Wrap(err, errMsg))
diff --git a/pkg/kotsadmupstream/upstream.go b/pkg/kotsadmupstream/upstream.go
index 3db3095c3c..4a932ec926 100644
--- a/pkg/kotsadmupstream/upstream.go
+++ b/pkg/kotsadmupstream/upstream.go
@@ -17,6 +17,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/render"
 	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/upstream"
 	"github.com/replicatedhq/kots/pkg/upstream/types"
 	"github.com/replicatedhq/kots/pkg/util"
@@ -37,7 +38,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 			for {
 				select {
 				case <-time.After(time.Second):
-					if err := store.GetStore().UpdateTaskStatusTimestamp(taskID); err != nil {
+					if err := tasks.UpdateTaskStatusTimestamp(taskID); err != nil {
 						logger.Error(errors.Wrapf(err, "failed to update %s task status timestamp", taskID))
 					}
 				case <-finishedCh:
@@ -47,7 +48,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 		}()
 	}
 
-	if err := store.GetStore().SetTaskStatus(taskID, "Fetching update...", "running"); err != nil {
+	if err := tasks.SetTaskStatus(taskID, "Fetching update...", "running"); err != nil {
 		finalError = errors.Wrap(err, "failed to set task status")
 		return
 	}
@@ -66,7 +67,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 					logger.Error(errors.Wrapf(err, "failed to update next app version diff summary for base sequence %d", *update.AppSequence))
 				}
 			}
-			err := store.GetStore().ClearTaskStatus(taskID)
+			err := tasks.ClearTaskStatus(taskID)
 			if err != nil {
 				logger.Error(errors.Wrapf(err, "failed to clear %s task status", taskID))
 			}
@@ -92,7 +93,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 
 		if update.AppSequence != nil || finalSequence != nil {
 			// a version already exists or has been created
-			err := store.GetStore().SetTaskStatus(taskID, errMsg, "failed")
+			err := tasks.SetTaskStatus(taskID, errMsg, "failed")
 			if err != nil {
 				logger.Error(errors.Wrapf(err, "failed to set %s task status", taskID))
 			}
@@ -103,7 +104,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 		newSequence, err := store.GetStore().CreatePendingDownloadAppVersion(appID, update, kotsApplication, license)
 		if err != nil {
 			logger.Error(errors.Wrapf(err, "failed to create pending download app version for update %s", update.VersionLabel))
-			if err := store.GetStore().SetTaskStatus(taskID, errMsg, "failed"); err != nil {
+			if err := tasks.SetTaskStatus(taskID, errMsg, "failed"); err != nil {
 				logger.Error(errors.Wrapf(err, "failed to set %s task status", taskID))
 			}
 			return
@@ -113,10 +114,10 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 		// a pending download version has been created, bind the download error to it
 		// clear the global task status at the end to avoid a race condition with the UI
 		sequenceTaskID := fmt.Sprintf("update-download.%d", *finalSequence)
-		if err := store.GetStore().SetTaskStatus(sequenceTaskID, errMsg, "failed"); err != nil {
+		if err := tasks.SetTaskStatus(sequenceTaskID, errMsg, "failed"); err != nil {
 			logger.Error(errors.Wrapf(err, "failed to set %s task status", sequenceTaskID))
 		}
-		if err := store.GetStore().ClearTaskStatus(taskID); err != nil {
+		if err := tasks.ClearTaskStatus(taskID); err != nil {
 			logger.Error(errors.Wrapf(err, "failed to clear %s task status", taskID))
 		}
 	}()
@@ -143,7 +144,7 @@ func DownloadUpdate(appID string, update types.Update, skipPreflights bool, skip
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			if err := store.GetStore().SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
+			if err := tasks.SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
 				logger.Error(err)
 			}
 		}
diff --git a/pkg/online/online.go b/pkg/online/online.go
index f22152d721..ba37592242 100644
--- a/pkg/online/online.go
+++ b/pkg/online/online.go
@@ -22,6 +22,7 @@ import (
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/supportbundle"
 	supportbundletypes "github.com/replicatedhq/kots/pkg/supportbundle/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
 	"github.com/replicatedhq/kots/pkg/util"
 	"github.com/replicatedhq/kots/pkg/version"
@@ -40,7 +41,7 @@ func CreateAppFromOnline(opts CreateOnlineAppOpts) (_ *kotsutil.KotsKinds, final
 	logger.Debug("creating app from online",
 		zap.String("upstreamURI", opts.UpstreamURI))
 
-	if err := store.GetStore().SetTaskStatus("online-install", "Uploading license...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("online-install", "Uploading license...", "running"); err != nil {
 		return nil, errors.Wrap(err, "failed to set task status")
 	}
 
@@ -50,7 +51,7 @@ func CreateAppFromOnline(opts CreateOnlineAppOpts) (_ *kotsutil.KotsKinds, final
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp("online-install"); err != nil {
+				if err := tasks.UpdateTaskStatusTimestamp("online-install"); err != nil {
 					logger.Error(err)
 				}
 			case <-finishedCh:
@@ -62,7 +63,7 @@ func CreateAppFromOnline(opts CreateOnlineAppOpts) (_ *kotsutil.KotsKinds, final
 	var app *apptypes.App
 	defer func() {
 		if finalError == nil {
-			if err := store.GetStore().ClearTaskStatus("online-install"); err != nil {
+			if err := tasks.ClearTaskStatus("online-install"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to clear install task status"))
 			}
 			if err := store.GetStore().SetAppInstallState(opts.PendingApp.ID, "installed"); err != nil {
@@ -72,7 +73,7 @@ func CreateAppFromOnline(opts CreateOnlineAppOpts) (_ *kotsutil.KotsKinds, final
 				logger.Error(errors.Wrap(err, "failed to configure update checker"))
 			}
 		} else {
-			if err := store.GetStore().SetTaskStatus("online-install", finalError.Error(), "failed"); err != nil {
+			if err := tasks.SetTaskStatus("online-install", finalError.Error(), "failed"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set error on install task status"))
 			}
 			if err := store.GetStore().SetAppInstallState(opts.PendingApp.ID, "install_error"); err != nil {
@@ -85,7 +86,7 @@ func CreateAppFromOnline(opts CreateOnlineAppOpts) (_ *kotsutil.KotsKinds, final
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			if err := store.GetStore().SetTaskStatus("online-install", scanner.Text(), "running"); err != nil {
+			if err := tasks.SetTaskStatus("online-install", scanner.Text(), "running"); err != nil {
 				logger.Error(err)
 			}
 		}
diff --git a/pkg/registry/images.go b/pkg/registry/images.go
index 3dac1a5f08..c4ba47c845 100644
--- a/pkg/registry/images.go
+++ b/pkg/registry/images.go
@@ -28,6 +28,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/registry/types"
 	kotss3 "github.com/replicatedhq/kots/pkg/s3"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -198,7 +199,7 @@ func deleteUnusedImages(ctx context.Context, registry types.RegistrySettings, us
 		return nil
 	}
 
-	currentStatus, _, err := store.GetStore().GetTaskStatus(deleteImagesTaskID)
+	currentStatus, _, err := tasks.GetTaskStatus(deleteImagesTaskID)
 	if err != nil {
 		return errors.Wrap(err, "failed to get task status")
 	}
@@ -208,7 +209,7 @@ func deleteUnusedImages(ctx context.Context, registry types.RegistrySettings, us
 		return nil
 	}
 
-	if err := store.GetStore().SetTaskStatus(deleteImagesTaskID, "Searching registry...", "running"); err != nil {
+	if err := tasks.SetTaskStatus(deleteImagesTaskID, "Searching registry...", "running"); err != nil {
 		return errors.Wrap(err, "failed to set task status")
 	}
 
@@ -344,11 +345,11 @@ func startDeleteImagesTaskMonitor(finishedChan <-chan error) {
 		var finalError error
 		defer func() {
 			if finalError == nil {
-				if err := store.GetStore().ClearTaskStatus(deleteImagesTaskID); err != nil {
+				if err := tasks.ClearTaskStatus(deleteImagesTaskID); err != nil {
 					logger.Error(errors.Wrapf(err, "failed to clear %q task status", deleteImagesTaskID))
 				}
 			} else {
-				if err := store.GetStore().SetTaskStatus(deleteImagesTaskID, finalError.Error(), "failed"); err != nil {
+				if err := tasks.SetTaskStatus(deleteImagesTaskID, finalError.Error(), "failed"); err != nil {
 					logger.Error(errors.Wrapf(err, "failed to set error on %q task status", deleteImagesTaskID))
 				}
 			}
@@ -357,7 +358,7 @@ func startDeleteImagesTaskMonitor(finishedChan <-chan error) {
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp(deleteImagesTaskID); err != nil {
+				if err := tasks.UpdateTaskStatusTimestamp(deleteImagesTaskID); err != nil {
 					logger.Error(err)
 				}
 			case err := <-finishedChan:
diff --git a/pkg/registry/registry.go b/pkg/registry/registry.go
index 7c72b3cc11..3c7a35d6f8 100644
--- a/pkg/registry/registry.go
+++ b/pkg/registry/registry.go
@@ -19,6 +19,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/rewrite"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/util"
 )
 
@@ -26,7 +27,7 @@ import (
 // and create a new version of the application
 // the caller is responsible for deleting the appDir returned
 func RewriteImages(appID string, sequence int64, hostname string, username string, password string, namespace string, isReadOnly bool) (appDir string, finalError error) {
-	if err := store.GetStore().SetTaskStatus("image-rewrite", "Updating registry settings", "running"); err != nil {
+	if err := tasks.SetTaskStatus("image-rewrite", "Updating registry settings", "running"); err != nil {
 		return "", errors.Wrap(err, "failed to set task status")
 	}
 
@@ -36,7 +37,7 @@ func RewriteImages(appID string, sequence int64, hostname string, username strin
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp("image-rewrite"); err != nil {
+				if err := tasks.UpdateTaskStatusTimestamp("image-rewrite"); err != nil {
 					logger.Error(err)
 				}
 			case <-finishedCh:
@@ -47,13 +48,13 @@ func RewriteImages(appID string, sequence int64, hostname string, username strin
 
 	defer func() {
 		if finalError == nil {
-			if err := store.GetStore().ClearTaskStatus("image-rewrite"); err != nil {
+			if err := tasks.ClearTaskStatus("image-rewrite"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to clear image rewrite task status"))
 			}
 		} else {
 			// do not show the stack trace to the user
 			causeErr := errors.Cause(finalError)
-			if err := store.GetStore().SetTaskStatus("image-rewrite", causeErr.Error(), "failed"); err != nil {
+			if err := tasks.SetTaskStatus("image-rewrite", causeErr.Error(), "failed"); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set image rewrite task status as failed"))
 			}
 		}
@@ -97,7 +98,7 @@ func RewriteImages(appID string, sequence int64, hostname string, username strin
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			if err := store.GetStore().SetTaskStatus("image-rewrite", scanner.Text(), "running"); err != nil {
+			if err := tasks.SetTaskStatus("image-rewrite", scanner.Text(), "running"); err != nil {
 				logger.Error(err)
 			}
 		}
diff --git a/pkg/store/kotsstore/airgap_store.go b/pkg/store/kotsstore/airgap_store.go
index baca30276d..3e6a013c16 100644
--- a/pkg/store/kotsstore/airgap_store.go
+++ b/pkg/store/kotsstore/airgap_store.go
@@ -7,6 +7,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/airgap/types"
 	airgaptypes "github.com/replicatedhq/kots/pkg/airgap/types"
 	"github.com/replicatedhq/kots/pkg/persistence"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/rqlite/gorqlite"
 )
 
@@ -71,7 +72,7 @@ func (s *KOTSStore) GetAirgapInstallStatus(appID string) (*airgaptypes.InstallSt
 		return nil, errors.Wrap(err, "failed to scan")
 	}
 
-	_, message, err := s.GetTaskStatus(fmt.Sprintf("airgap-install-slug-%s", slug))
+	_, message, err := tasks.GetTaskStatus(fmt.Sprintf("airgap-install-slug-%s", slug))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get task status")
 	}
diff --git a/pkg/store/kotsstore/downstream_store.go b/pkg/store/kotsstore/downstream_store.go
index 345fad66d8..1a87320104 100644
--- a/pkg/store/kotsstore/downstream_store.go
+++ b/pkg/store/kotsstore/downstream_store.go
@@ -14,6 +14,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/persistence"
 	"github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/rqlite/gorqlite"
 )
@@ -613,7 +614,7 @@ func (s *KOTSStore) AddDownstreamVersionsDetails(appID string, clusterID string,
 
 		if version.Status == types.VersionPendingDownload {
 			downloadTaskID := fmt.Sprintf("update-download.%d", version.Sequence)
-			downloadStatus, downloadStatusMessage, err := s.GetTaskStatus(downloadTaskID)
+			downloadStatus, downloadStatusMessage, err := tasks.GetTaskStatus(downloadTaskID)
 			if err != nil {
 				// don't fail on this
 				logger.Error(errors.Wrap(err, fmt.Sprintf("failed to get %s task status", downloadTaskID)))
diff --git a/pkg/store/kotsstore/installation_store.go b/pkg/store/kotsstore/installation_store.go
index f53e68b5be..7899aae48a 100644
--- a/pkg/store/kotsstore/installation_store.go
+++ b/pkg/store/kotsstore/installation_store.go
@@ -6,6 +6,7 @@ import (
 	"github.com/pkg/errors"
 	installationtypes "github.com/replicatedhq/kots/pkg/online/types"
 	"github.com/replicatedhq/kots/pkg/persistence"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/rqlite/gorqlite"
 )
 
@@ -29,7 +30,7 @@ func (s *KOTSStore) GetPendingInstallationStatus() (*installationtypes.InstallSt
 		return nil, errors.Wrap(err, "failed to scan")
 	}
 
-	_, message, err := s.GetTaskStatus("online-install")
+	_, message, err := tasks.GetTaskStatus("online-install")
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get task status")
 	}
diff --git a/pkg/store/kotsstore/kots_store.go b/pkg/store/kotsstore/kots_store.go
index 9492fc2d0f..acec529aad 100644
--- a/pkg/store/kotsstore/kots_store.go
+++ b/pkg/store/kotsstore/kots_store.go
@@ -28,16 +28,9 @@ var (
 	ErrNotFound = errors.New("not found")
 )
 
-type cachedTaskStatus struct {
-	expirationTime time.Time
-	taskStatus     TaskStatus
-}
-
 type KOTSStore struct {
 	sessionSecret     *corev1.Secret
 	sessionExpiration time.Time
-
-	cachedTaskStatus map[string]*cachedTaskStatus
 }
 
 func init() {
@@ -164,9 +157,7 @@ func canIgnoreEtcdError(err error) bool {
 }
 
 func StoreFromEnv() *KOTSStore {
-	return &KOTSStore{
-		cachedTaskStatus: make(map[string]*cachedTaskStatus),
-	}
+	return &KOTSStore{}
 }
 
 func (s *KOTSStore) getConfigmap(name string) (*corev1.ConfigMap, error) {
diff --git a/pkg/store/kotsstore/migrations.go b/pkg/store/kotsstore/migrations.go
index 1b414e3953..a48f2cb94e 100644
--- a/pkg/store/kotsstore/migrations.go
+++ b/pkg/store/kotsstore/migrations.go
@@ -9,6 +9,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/persistence"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/rqlite/gorqlite"
 )
 
@@ -48,7 +49,7 @@ func (s *KOTSStore) RunMigrations() {
 	if err := s.migrateSupportBundlesFromRqlite(); err != nil {
 		logger.Error(errors.Wrap(err, "failed to migrate support bundles"))
 	}
-	if err := s.migrateTasksFromRqlite(); err != nil {
+	if err := tasks.MigrateTasksFromRqlite(); err != nil {
 		logger.Error(errors.Wrap(err, "failed to migrate tasks"))
 	}
 }
diff --git a/pkg/store/kotsstore/task_store.go b/pkg/store/kotsstore/task_store.go
deleted file mode 100644
index c864c8e6d4..0000000000
--- a/pkg/store/kotsstore/task_store.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package kotsstore
-
-import (
-	"encoding/json"
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/pkg/errors"
-	"github.com/replicatedhq/kots/pkg/persistence"
-	"github.com/rqlite/gorqlite"
-)
-
-const (
-	TaskStatusConfigMapName = `kotsadm-tasks`
-	ConfgConfigMapName      = `kotsadm-confg`
-
-	taskCacheTTL = 1 * time.Minute
-)
-
-var (
-	taskStatusLock = sync.Mutex{}
-)
-
-type TaskStatus struct {
-	Message   string    `json:"message"`
-	Status    string    `json:"status"`
-	UpdatedAt time.Time `json:"updatedAt"`
-}
-
-func (s *KOTSStore) migrateTasksFromRqlite() error {
-	db := persistence.MustGetDBSession()
-
-	query := `select updated_at, current_message, status from api_task_status`
-	rows, err := db.QueryOne(query)
-	if err != nil {
-		return fmt.Errorf("failed to select tasks for migration: %v: %v", err, rows.Err)
-	}
-
-	taskCm, err := s.getConfigmap(TaskStatusConfigMapName)
-	if err != nil {
-		return errors.Wrap(err, "failed to get task status configmap")
-	}
-
-	if taskCm.Data == nil {
-		taskCm.Data = map[string]string{}
-	}
-
-	for rows.Next() {
-		var id string
-		var status gorqlite.NullString
-		var message gorqlite.NullString
-
-		ts := TaskStatus{}
-		if err := rows.Scan(&id, &ts.UpdatedAt, &message, &status); err != nil {
-			return errors.Wrap(err, "failed to scan task status")
-		}
-
-		if status.Valid {
-			ts.Status = status.String
-		}
-		if message.Valid {
-			ts.Message = message.String
-		}
-
-		b, err := json.Marshal(ts)
-		if err != nil {
-			return errors.Wrap(err, "failed to marshal task status")
-		}
-
-		taskCm.Data[id] = string(b)
-	}
-
-	if err := s.updateConfigmap(taskCm); err != nil {
-		return errors.Wrap(err, "failed to update task status configmap")
-	}
-
-	query = `delete from api_task_status`
-	if wr, err := db.WriteOne(query); err != nil {
-		return fmt.Errorf("failed to delete tasks from db: %v: %v", err, wr.Err)
-	}
-
-	return nil
-}
-
-// TODO NOW: move this outside the store
-func (s *KOTSStore) SetTaskStatus(id string, message string, status string) error {
-	taskStatusLock.Lock()
-	defer taskStatusLock.Unlock()
-
-	cached := s.cachedTaskStatus[id]
-	if cached == nil {
-		cached = &cachedTaskStatus{}
-		s.cachedTaskStatus[id] = cached
-	}
-	cached.taskStatus.Message = message
-	cached.taskStatus.Status = status
-	cached.taskStatus.UpdatedAt = time.Now()
-	cached.expirationTime = time.Now().Add(taskCacheTTL)
-
-	configmap, err := s.getConfigmap(TaskStatusConfigMapName)
-	if err != nil {
-		if canIgnoreEtcdError(err) {
-			return nil
-		}
-		return errors.Wrap(err, "failed to get task status configmap")
-	}
-
-	if configmap.Data == nil {
-		configmap.Data = map[string]string{}
-	}
-
-	b, err := json.Marshal(cached.taskStatus)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal task status")
-	}
-
-	configmap.Data[id] = string(b)
-
-	if err := s.updateConfigmap(configmap); err != nil {
-		if canIgnoreEtcdError(err) {
-			return nil
-		}
-		return errors.Wrap(err, "failed to update task status configmap")
-	}
-
-	return nil
-}
-
-func (s *KOTSStore) UpdateTaskStatusTimestamp(id string) error {
-	taskStatusLock.Lock()
-	defer taskStatusLock.Unlock()
-
-	cached := s.cachedTaskStatus[id]
-	if cached != nil {
-		cached.taskStatus.UpdatedAt = time.Now()
-		cached.expirationTime = time.Now().Add(taskCacheTTL)
-	}
-
-	configmap, err := s.getConfigmap(TaskStatusConfigMapName)
-	if err != nil {
-		if canIgnoreEtcdError(err) && cached != nil {
-			return nil
-		}
-		return errors.Wrap(err, "failed to get task status configmap")
-	}
-
-	if configmap.Data == nil {
-		configmap.Data = map[string]string{}
-	}
-
-	data, ok := configmap.Data[id]
-	if !ok {
-		return nil // copied from s3pgstore
-	}
-
-	ts := TaskStatus{}
-	if err := json.Unmarshal([]byte(data), &ts); err != nil {
-		return errors.Wrap(err, "failed to unmarshal task status")
-	}
-
-	ts.UpdatedAt = time.Now()
-
-	b, err := json.Marshal(ts)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal task status")
-	}
-
-	configmap.Data[id] = string(b)
-
-	if err := s.updateConfigmap(configmap); err != nil {
-		if canIgnoreEtcdError(err) && cached != nil {
-			return nil
-		}
-		return errors.Wrap(err, "failed to update task status configmap")
-	}
-
-	return nil
-}
-
-func (s *KOTSStore) ClearTaskStatus(id string) error {
-	taskStatusLock.Lock()
-	defer taskStatusLock.Unlock()
-
-	defer delete(s.cachedTaskStatus, id)
-
-	configmap, err := s.getConfigmap(TaskStatusConfigMapName)
-	if err != nil {
-		return errors.Wrap(err, "failed to get task status configmap")
-	}
-
-	if configmap.Data == nil {
-		configmap.Data = map[string]string{}
-	}
-
-	_, ok := configmap.Data[id]
-	if !ok {
-		return nil // copied from s3pgstore
-	}
-
-	delete(configmap.Data, id)
-
-	if err := s.updateConfigmap(configmap); err != nil {
-		return errors.Wrap(err, "failed to update task status configmap")
-	}
-
-	return nil
-}
-
-func (s *KOTSStore) GetTaskStatus(id string) (string, string, error) {
-	taskStatusLock.Lock()
-	defer taskStatusLock.Unlock()
-
-	cached := s.cachedTaskStatus[id]
-	if cached != nil && time.Now().Before(cached.expirationTime) {
-		return cached.taskStatus.Status, cached.taskStatus.Message, nil
-	}
-
-	if cached == nil {
-		cached = &cachedTaskStatus{
-			expirationTime: time.Now().Add(taskCacheTTL),
-		}
-		s.cachedTaskStatus[id] = cached
-	}
-
-	configmap, err := s.getConfigmap(TaskStatusConfigMapName)
-	if err != nil {
-		if canIgnoreEtcdError(err) && cached != nil {
-			return cached.taskStatus.Status, cached.taskStatus.Message, nil
-		}
-		return "", "", errors.Wrap(err, "failed to get task status configmap")
-	}
-
-	if configmap.Data == nil {
-		return "", "", nil
-	}
-
-	marshalled, ok := configmap.Data[id]
-	if !ok {
-		return "", "", nil
-	}
-
-	ts := TaskStatus{}
-	if err := json.Unmarshal([]byte(marshalled), &ts); err != nil {
-		return "", "", errors.Wrap(err, "error unmarshalling task status")
-	}
-
-	if ts.UpdatedAt.Before(time.Now().Add(-10 * time.Second)) {
-		return "", "", nil
-	}
-
-	cached.taskStatus = ts
-
-	return ts.Status, ts.Message, nil
-}
diff --git a/pkg/store/mock/mock.go b/pkg/store/mock/mock.go
index 9deaf4936c..7f8feb9470 100644
--- a/pkg/store/mock/mock.go
+++ b/pkg/store/mock/mock.go
@@ -96,20 +96,6 @@ func (mr *MockStoreMockRecorder) AddDownstreamVersionsDetails(appID, clusterID,
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddDownstreamVersionsDetails", reflect.TypeOf((*MockStore)(nil).AddDownstreamVersionsDetails), appID, clusterID, versions, checkIfDeployable)
 }
 
-// ClearTaskStatus mocks base method.
-func (m *MockStore) ClearTaskStatus(taskID string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ClearTaskStatus", taskID)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// ClearTaskStatus indicates an expected call of ClearTaskStatus.
-func (mr *MockStoreMockRecorder) ClearTaskStatus(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClearTaskStatus", reflect.TypeOf((*MockStore)(nil).ClearTaskStatus), taskID)
-}
-
 // CreateApp mocks base method.
 func (m *MockStore) CreateApp(name, upstreamURI, licenseData string, isAirgapEnabled, skipImagePush, registryIsReadOnly bool) (*types2.App, error) {
 	m.ctrl.T.Helper()
@@ -1195,22 +1181,6 @@ func (mr *MockStoreMockRecorder) GetTargetKotsVersionForVersion(appID, sequence
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTargetKotsVersionForVersion", reflect.TypeOf((*MockStore)(nil).GetTargetKotsVersionForVersion), appID, sequence)
 }
 
-// GetTaskStatus mocks base method.
-func (m *MockStore) GetTaskStatus(taskID string) (string, string, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetTaskStatus", taskID)
-	ret0, _ := ret[0].(string)
-	ret1, _ := ret[1].(string)
-	ret2, _ := ret[2].(error)
-	return ret0, ret1, ret2
-}
-
-// GetTaskStatus indicates an expected call of GetTaskStatus.
-func (mr *MockStoreMockRecorder) GetTaskStatus(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTaskStatus", reflect.TypeOf((*MockStore)(nil).GetTaskStatus), taskID)
-}
-
 // HasStrictPreflights mocks base method.
 func (m *MockStore) HasStrictPreflights(appID string, sequence int64) (bool, error) {
 	m.ctrl.T.Helper()
@@ -1844,20 +1814,6 @@ func (mr *MockStoreMockRecorder) SetSupportBundleAnalysis(bundleID, insights int
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetSupportBundleAnalysis", reflect.TypeOf((*MockStore)(nil).SetSupportBundleAnalysis), bundleID, insights)
 }
 
-// SetTaskStatus mocks base method.
-func (m *MockStore) SetTaskStatus(taskID, message, status string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SetTaskStatus", taskID, message, status)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// SetTaskStatus indicates an expected call of SetTaskStatus.
-func (mr *MockStoreMockRecorder) SetTaskStatus(taskID, message, status interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetTaskStatus", reflect.TypeOf((*MockStore)(nil).SetTaskStatus), taskID, message, status)
-}
-
 // SetUpdateCheckerSpec mocks base method.
 func (m *MockStore) SetUpdateCheckerSpec(appID, updateCheckerSpec string) error {
 	m.ctrl.T.Helper()
@@ -2027,20 +1983,6 @@ func (mr *MockStoreMockRecorder) UpdateSupportBundle(bundle interface{}) *gomock
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateSupportBundle", reflect.TypeOf((*MockStore)(nil).UpdateSupportBundle), bundle)
 }
 
-// UpdateTaskStatusTimestamp mocks base method.
-func (m *MockStore) UpdateTaskStatusTimestamp(taskID string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateTaskStatusTimestamp", taskID)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateTaskStatusTimestamp indicates an expected call of UpdateTaskStatusTimestamp.
-func (mr *MockStoreMockRecorder) UpdateTaskStatusTimestamp(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateTaskStatusTimestamp", reflect.TypeOf((*MockStore)(nil).UpdateTaskStatusTimestamp), taskID)
-}
-
 // UploadSupportBundle mocks base method.
 func (m *MockStore) UploadSupportBundle(bundleID, archivePath string, marshalledTree []byte) error {
 	m.ctrl.T.Helper()
@@ -2610,87 +2552,6 @@ func (mr *MockAirgapStoreMockRecorder) SetAppIsAirgap(appID, isAirgap interface{
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetAppIsAirgap", reflect.TypeOf((*MockAirgapStore)(nil).SetAppIsAirgap), appID, isAirgap)
 }
 
-// MockTaskStore is a mock of TaskStore interface.
-type MockTaskStore struct {
-	ctrl     *gomock.Controller
-	recorder *MockTaskStoreMockRecorder
-}
-
-// MockTaskStoreMockRecorder is the mock recorder for MockTaskStore.
-type MockTaskStoreMockRecorder struct {
-	mock *MockTaskStore
-}
-
-// NewMockTaskStore creates a new mock instance.
-func NewMockTaskStore(ctrl *gomock.Controller) *MockTaskStore {
-	mock := &MockTaskStore{ctrl: ctrl}
-	mock.recorder = &MockTaskStoreMockRecorder{mock}
-	return mock
-}
-
-// EXPECT returns an object that allows the caller to indicate expected use.
-func (m *MockTaskStore) EXPECT() *MockTaskStoreMockRecorder {
-	return m.recorder
-}
-
-// ClearTaskStatus mocks base method.
-func (m *MockTaskStore) ClearTaskStatus(taskID string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ClearTaskStatus", taskID)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// ClearTaskStatus indicates an expected call of ClearTaskStatus.
-func (mr *MockTaskStoreMockRecorder) ClearTaskStatus(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClearTaskStatus", reflect.TypeOf((*MockTaskStore)(nil).ClearTaskStatus), taskID)
-}
-
-// GetTaskStatus mocks base method.
-func (m *MockTaskStore) GetTaskStatus(taskID string) (string, string, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "GetTaskStatus", taskID)
-	ret0, _ := ret[0].(string)
-	ret1, _ := ret[1].(string)
-	ret2, _ := ret[2].(error)
-	return ret0, ret1, ret2
-}
-
-// GetTaskStatus indicates an expected call of GetTaskStatus.
-func (mr *MockTaskStoreMockRecorder) GetTaskStatus(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetTaskStatus", reflect.TypeOf((*MockTaskStore)(nil).GetTaskStatus), taskID)
-}
-
-// SetTaskStatus mocks base method.
-func (m *MockTaskStore) SetTaskStatus(taskID, message, status string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SetTaskStatus", taskID, message, status)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// SetTaskStatus indicates an expected call of SetTaskStatus.
-func (mr *MockTaskStoreMockRecorder) SetTaskStatus(taskID, message, status interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetTaskStatus", reflect.TypeOf((*MockTaskStore)(nil).SetTaskStatus), taskID, message, status)
-}
-
-// UpdateTaskStatusTimestamp mocks base method.
-func (m *MockTaskStore) UpdateTaskStatusTimestamp(taskID string) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateTaskStatusTimestamp", taskID)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateTaskStatusTimestamp indicates an expected call of UpdateTaskStatusTimestamp.
-func (mr *MockTaskStoreMockRecorder) UpdateTaskStatusTimestamp(taskID interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateTaskStatusTimestamp", reflect.TypeOf((*MockTaskStore)(nil).UpdateTaskStatusTimestamp), taskID)
-}
-
 // MockSessionStore is a mock of SessionStore interface.
 type MockSessionStore struct {
 	ctrl     *gomock.Controller
diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index 41724541f6..e08c7441d3 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -40,7 +40,6 @@ type Store interface {
 	PreflightStore
 	PrometheusStore
 	AirgapStore
-	TaskStore
 	SessionStore
 	AppStatusStore
 	AppStore
@@ -107,13 +106,6 @@ type AirgapStore interface {
 	SetAppIsAirgap(appID string, isAirgap bool) error
 }
 
-type TaskStore interface {
-	SetTaskStatus(taskID string, message string, status string) error
-	UpdateTaskStatusTimestamp(taskID string) error
-	ClearTaskStatus(taskID string) error
-	GetTaskStatus(taskID string) (status string, message string, err error)
-}
-
 type SessionStore interface {
 	CreateSession(user *usertypes.User, issuedAt time.Time, expiresAt time.Time, roles []string) (*sessiontypes.Session, error)
 	DeleteSession(sessionID string) error
diff --git a/pkg/tasks/tasks.go b/pkg/tasks/tasks.go
index c342f6716e..a8a342efa9 100644
--- a/pkg/tasks/tasks.go
+++ b/pkg/tasks/tasks.go
@@ -1,20 +1,54 @@
 package tasks
 
 import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"sync"
 	"time"
 
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/k8sutil"
+	kotsadmtypes "github.com/replicatedhq/kots/pkg/kotsadm/types"
 	"github.com/replicatedhq/kots/pkg/logger"
-	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/persistence"
 	"github.com/replicatedhq/kots/pkg/util"
+	"github.com/rqlite/gorqlite"
+	corev1 "k8s.io/api/core/v1"
+	kuberneteserrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	TaskStatusConfigMapName = `kotsadm-tasks`
+	ConfgConfigMapName      = `kotsadm-confg`
+
+	taskCacheTTL = 1 * time.Minute
+)
+
+var (
+	taskStatusLock   = sync.Mutex{}
+	cachedTaskStatus = map[string]*CachedTaskStatus{}
+)
+
+type TaskStatus struct {
+	Message   string    `json:"message"`
+	Status    string    `json:"status"`
+	UpdatedAt time.Time `json:"updatedAt"`
+}
+
+type CachedTaskStatus struct {
+	expirationTime time.Time
+	taskStatus     TaskStatus
+}
+
 func StartUpdateTaskMonitor(taskID string, finishedChan <-chan error) {
 	go func() {
 		var finalError error
 		defer func() {
 			if finalError == nil {
-				if err := store.GetStore().ClearTaskStatus(taskID); err != nil {
+				if err := ClearTaskStatus(taskID); err != nil {
 					logger.Error(errors.Wrap(err, "failed to clear update-download task status"))
 				}
 			} else {
@@ -22,7 +56,7 @@ func StartUpdateTaskMonitor(taskID string, finishedChan <-chan error) {
 				if cause, ok := errors.Cause(finalError).(util.ActionableError); ok {
 					errMsg = cause.Error()
 				}
-				if err := store.GetStore().SetTaskStatus(taskID, errMsg, "failed"); err != nil {
+				if err := SetTaskStatus(taskID, errMsg, "failed"); err != nil {
 					logger.Error(errors.Wrap(err, "failed to set error on update-download task status"))
 				}
 			}
@@ -31,7 +65,7 @@ func StartUpdateTaskMonitor(taskID string, finishedChan <-chan error) {
 		for {
 			select {
 			case <-time.After(time.Second):
-				if err := store.GetStore().UpdateTaskStatusTimestamp(taskID); err != nil {
+				if err := UpdateTaskStatusTimestamp(taskID); err != nil {
 					logger.Error(err)
 				}
 			case err := <-finishedChan:
@@ -41,3 +75,296 @@ func StartUpdateTaskMonitor(taskID string, finishedChan <-chan error) {
 		}
 	}()
 }
+
+func SetTaskStatus(id string, message string, status string) error {
+	taskStatusLock.Lock()
+	defer taskStatusLock.Unlock()
+
+	cached := cachedTaskStatus[id]
+	if cached == nil {
+		cached = &CachedTaskStatus{}
+		cachedTaskStatus[id] = cached
+	}
+	cached.taskStatus.Message = message
+	cached.taskStatus.Status = status
+	cached.taskStatus.UpdatedAt = time.Now()
+	cached.expirationTime = time.Now().Add(taskCacheTTL)
+
+	configmap, err := getConfigmap()
+	if err != nil {
+		if canIgnoreEtcdError(err) {
+			return nil
+		}
+		return errors.Wrap(err, "failed to get task status configmap")
+	}
+
+	if configmap.Data == nil {
+		configmap.Data = map[string]string{}
+	}
+
+	b, err := json.Marshal(cached.taskStatus)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal task status")
+	}
+
+	configmap.Data[id] = string(b)
+
+	if err := updateConfigmap(configmap); err != nil {
+		if canIgnoreEtcdError(err) {
+			return nil
+		}
+		return errors.Wrap(err, "failed to update task status configmap")
+	}
+
+	return nil
+}
+
+func UpdateTaskStatusTimestamp(id string) error {
+	taskStatusLock.Lock()
+	defer taskStatusLock.Unlock()
+
+	cached := cachedTaskStatus[id]
+	if cached != nil {
+		cached.taskStatus.UpdatedAt = time.Now()
+		cached.expirationTime = time.Now().Add(taskCacheTTL)
+	}
+
+	configmap, err := getConfigmap()
+	if err != nil {
+		if canIgnoreEtcdError(err) && cached != nil {
+			return nil
+		}
+		return errors.Wrap(err, "failed to get task status configmap")
+	}
+
+	if configmap.Data == nil {
+		configmap.Data = map[string]string{}
+	}
+
+	data, ok := configmap.Data[id]
+	if !ok {
+		return nil // copied from s3pgstore
+	}
+
+	ts := TaskStatus{}
+	if err := json.Unmarshal([]byte(data), &ts); err != nil {
+		return errors.Wrap(err, "failed to unmarshal task status")
+	}
+
+	ts.UpdatedAt = time.Now()
+
+	b, err := json.Marshal(ts)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal task status")
+	}
+
+	configmap.Data[id] = string(b)
+
+	if err := updateConfigmap(configmap); err != nil {
+		if canIgnoreEtcdError(err) && cached != nil {
+			return nil
+		}
+		return errors.Wrap(err, "failed to update task status configmap")
+	}
+
+	return nil
+}
+
+func ClearTaskStatus(id string) error {
+	taskStatusLock.Lock()
+	defer taskStatusLock.Unlock()
+
+	defer delete(cachedTaskStatus, id)
+
+	configmap, err := getConfigmap()
+	if err != nil {
+		return errors.Wrap(err, "failed to get task status configmap")
+	}
+
+	if configmap.Data == nil {
+		configmap.Data = map[string]string{}
+	}
+
+	_, ok := configmap.Data[id]
+	if !ok {
+		return nil // copied from s3pgstore
+	}
+
+	delete(configmap.Data, id)
+
+	if err := updateConfigmap(configmap); err != nil {
+		return errors.Wrap(err, "failed to update task status configmap")
+	}
+
+	return nil
+}
+
+func GetTaskStatus(id string) (string, string, error) {
+	taskStatusLock.Lock()
+	defer taskStatusLock.Unlock()
+
+	cached := cachedTaskStatus[id]
+	if cached != nil && time.Now().Before(cached.expirationTime) {
+		return cached.taskStatus.Status, cached.taskStatus.Message, nil
+	}
+
+	if cached == nil {
+		cached = &CachedTaskStatus{
+			expirationTime: time.Now().Add(taskCacheTTL),
+		}
+		cachedTaskStatus[id] = cached
+	}
+
+	configmap, err := getConfigmap()
+	if err != nil {
+		if canIgnoreEtcdError(err) && cached != nil {
+			return cached.taskStatus.Status, cached.taskStatus.Message, nil
+		}
+		return "", "", errors.Wrap(err, "failed to get task status configmap")
+	}
+
+	if configmap.Data == nil {
+		return "", "", nil
+	}
+
+	marshalled, ok := configmap.Data[id]
+	if !ok {
+		return "", "", nil
+	}
+
+	ts := TaskStatus{}
+	if err := json.Unmarshal([]byte(marshalled), &ts); err != nil {
+		return "", "", errors.Wrap(err, "error unmarshalling task status")
+	}
+
+	if ts.UpdatedAt.Before(time.Now().Add(-10 * time.Second)) {
+		return "", "", nil
+	}
+
+	cached.taskStatus = ts
+
+	return ts.Status, ts.Message, nil
+}
+
+func getConfigmap() (*corev1.ConfigMap, error) {
+	clientset, err := k8sutil.GetClientset()
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get clientset")
+	}
+
+	existingConfigmap, err := clientset.CoreV1().ConfigMaps(util.PodNamespace).Get(context.TODO(), TaskStatusConfigMapName, metav1.GetOptions{})
+	if err != nil && !kuberneteserrors.IsNotFound(err) {
+		return nil, errors.Wrap(err, "failed to get configmap")
+	} else if kuberneteserrors.IsNotFound(err) {
+		configmap := corev1.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      TaskStatusConfigMapName,
+				Namespace: util.PodNamespace,
+				Labels:    kotsadmtypes.GetKotsadmLabels(),
+			},
+			Data: map[string]string{},
+		}
+
+		createdConfigmap, err := clientset.CoreV1().ConfigMaps(util.PodNamespace).Create(context.TODO(), &configmap, metav1.CreateOptions{})
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to create configmap")
+		}
+
+		return createdConfigmap, nil
+	}
+
+	return existingConfigmap, nil
+}
+
+func updateConfigmap(configmap *corev1.ConfigMap) error {
+	clientset, err := k8sutil.GetClientset()
+	if err != nil {
+		return errors.Wrap(err, "failed to get clientset")
+	}
+
+	_, err = clientset.CoreV1().ConfigMaps(util.PodNamespace).Update(context.Background(), configmap, metav1.UpdateOptions{})
+	if err != nil {
+		return errors.Wrap(err, "failed to update config map")
+	}
+
+	return nil
+}
+
+func canIgnoreEtcdError(err error) bool {
+	if err == nil {
+		return true
+	}
+
+	if strings.Contains(err.Error(), "connection refused") {
+		return true
+	}
+
+	if strings.Contains(err.Error(), "request timed out") {
+		return true
+	}
+
+	if strings.Contains(err.Error(), "EOF") {
+		return true
+	}
+
+	return false
+}
+
+func MigrateTasksFromRqlite() error {
+	db := persistence.MustGetDBSession()
+
+	query := `select updated_at, current_message, status from api_task_status`
+	rows, err := db.QueryOne(query)
+	if err != nil {
+		return fmt.Errorf("failed to select tasks for migration: %v: %v", err, rows.Err)
+	}
+
+	taskCm, err := getConfigmap()
+	if err != nil {
+		return errors.Wrap(err, "failed to get task status configmap")
+	}
+
+	if taskCm.Data == nil {
+		taskCm.Data = map[string]string{}
+	}
+
+	for rows.Next() {
+		var id string
+		var status gorqlite.NullString
+		var message gorqlite.NullString
+
+		ts := TaskStatus{}
+		if err := rows.Scan(&id, &ts.UpdatedAt, &message, &status); err != nil {
+			return errors.Wrap(err, "failed to scan task status")
+		}
+
+		if status.Valid {
+			ts.Status = status.String
+		}
+		if message.Valid {
+			ts.Message = message.String
+		}
+
+		b, err := json.Marshal(ts)
+		if err != nil {
+			return errors.Wrap(err, "failed to marshal task status")
+		}
+
+		taskCm.Data[id] = string(b)
+	}
+
+	if err := updateConfigmap(taskCm); err != nil {
+		return errors.Wrap(err, "failed to update task status configmap")
+	}
+
+	query = `delete from api_task_status`
+	if wr, err := db.WriteOne(query); err != nil {
+		return fmt.Errorf("failed to delete tasks from db: %v: %v", err, wr.Err)
+	}
+
+	return nil
+}
diff --git a/pkg/updatechecker/updatechecker.go b/pkg/updatechecker/updatechecker.go
index f5d751edc7..1897d8c3be 100644
--- a/pkg/updatechecker/updatechecker.go
+++ b/pkg/updatechecker/updatechecker.go
@@ -185,7 +185,7 @@ type UpdateCheckRelease struct {
 // otherwise, if "IsAutomatic" is set to true (which means it's an automatic update check), then the version that matches the auto deploy configuration (if enabled) will be deployed.
 // returns the number of available updates.
 func CheckForUpdates(opts CheckForUpdatesOpts) (ucr *UpdateCheckResponse, finalError error) {
-	currentStatus, _, err := store.GetTaskStatus("update-download")
+	currentStatus, _, err := tasks.GetTaskStatus("update-download")
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get task status")
 	}
@@ -194,7 +194,7 @@ func CheckForUpdates(opts CheckForUpdatesOpts) (ucr *UpdateCheckResponse, finalE
 		return nil, nil
 	}
 
-	if err := store.SetTaskStatus("update-download", "Checking for updates...", "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", "Checking for updates...", "running"); err != nil {
 		return nil, errors.Wrap(err, "failed to set task status")
 	}
 
@@ -313,7 +313,7 @@ func checkForKotsAppUpdates(opts CheckForUpdatesOpts, finishedChan chan<- error)
 
 	// this is to avoid a race condition where the UI polls the task status before it is set by the goroutine
 	status := fmt.Sprintf("%d Updates available...", ucr.AvailableUpdates)
-	if err := store.SetTaskStatus("update-download", status, "running"); err != nil {
+	if err := tasks.SetTaskStatus("update-download", status, "running"); err != nil {
 		return nil, errors.Wrap(err, "failed to set task status")
 	}
 
diff --git a/pkg/upgradeservice/bootstrap.go b/pkg/upgradeservice/bootstrap.go
index 85223a1322..1f87d7c84c 100644
--- a/pkg/upgradeservice/bootstrap.go
+++ b/pkg/upgradeservice/bootstrap.go
@@ -10,8 +10,10 @@ import (
 	"github.com/pkg/errors"
 	identity "github.com/replicatedhq/kots/pkg/kotsadmidentity"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/pull"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 	"github.com/replicatedhq/kots/pkg/util"
 )
@@ -20,7 +22,7 @@ func bootstrap(params types.ServerParams) error {
 	// TODO NOW: airgap mode
 
 	if err := pullArchiveFromOnline(params); err != nil {
-		return errors.Wrap(err, "failed to bootstrap cluster token")
+		return errors.Wrap(err, "failed to pull archive from online")
 	}
 
 	return nil
@@ -68,10 +70,9 @@ func pullArchiveFromOnline(params types.ServerParams) (finalError error) {
 	go func() {
 		scanner := bufio.NewScanner(pipeReader)
 		for scanner.Scan() {
-			// TODO NOW: update task status when it's moved outside the store
-			// if err := store.GetStore().SetTaskStatus(taskID, scanner.Text(), "running"); err != nil {
-			// 	logger.Error(err)
-			// }
+			if err := tasks.SetTaskStatus("update-download", scanner.Text(), "running"); err != nil {
+				logger.Error(err)
+			}
 		}
 		pipeReader.CloseWithError(scanner.Err())
 	}()
diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index 715957b616..e7919a1b9d 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -24,14 +24,14 @@ func init() {
 }
 
 func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
-	r.Use(LoggingMiddleware)
+	// CAUTION: modifying this prefix WILL break backwards compatibility
+	subRouter := r.PathPrefix("/api/v1/upgrade-service").Subrouter()
+	subRouter.Use(LoggingMiddleware)
 
-	// TODO NOW: move "/api/v1/upgrade-service" to a subrouter and add a caution statement
+	subRouter.Path("/ping").Methods("GET").HandlerFunc(handler.Ping)
 
-	r.Path("/api/v1/upgrade-service/ping").Methods("GET").HandlerFunc(handler.Ping)
-
-	r.Path("/api/v1/upgrade-service/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
-	r.Path("/api/v1/upgrade-service/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
+	subRouter.Path("/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
+	subRouter.Path("/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgradeservice/upgrader.go b/pkg/upgradeservice/process.go
similarity index 100%
rename from pkg/upgradeservice/upgrader.go
rename to pkg/upgradeservice/process.go
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index ae83691f76..e12d861cf3 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -870,10 +870,7 @@ const Root = () => {
         ariaHideApp={false}
         className="Modal LargeSize"
       >
-        <iframe
-          src="/upgrade-service"
-          title="KOTS Upgrade Service"
-        />
+        <iframe src="/upgrade-service" title="KOTS Upgrade Service" />
       </Modal>
     </QueryClientProvider>
   );
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index 2a9ec245fd..5cdd32f086 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -268,19 +268,20 @@ class AppVersionHistory extends Component<Props, State> {
       }),
       credentials: "include",
       method: "POST",
-    }).then(async (res) => {
-      if (res.ok) {
-        this.setState({
-          shouldShowUpgradeServiceModal: true,
-        });
-        return;
-      }
-      const text = await res.text();
-      console.log("failed to init upgrade service", text);
     })
-    .catch((err) => {
-      console.log(err);
-    });
+      .then(async (res) => {
+        if (res.ok) {
+          this.setState({
+            shouldShowUpgradeServiceModal: true,
+          });
+          return;
+        }
+        const text = await res.text();
+        console.log("failed to init upgrade service", text);
+      })
+      .catch((err) => {
+        console.log(err);
+      });
 
     this._mounted = true;
   }
@@ -2228,7 +2229,7 @@ class AppVersionHistory extends Component<Props, State> {
           <iframe
             src={`/upgrade-service/app/${app?.slug}`}
             title="KOTS Upgrade Service"
-            width="100%" 
+            width="100%"
             height="100%"
             allowFullScreen={true}
           />
diff --git a/web/src/components/upgrade_service/AppConfig.tsx b/web/src/components/upgrade_service/AppConfig.tsx
index b2d757330b..5ba296bbb6 100644
--- a/web/src/components/upgrade_service/AppConfig.tsx
+++ b/web/src/components/upgrade_service/AppConfig.tsx
@@ -122,8 +122,8 @@ class AppConfig extends Component<Props, State> {
   componentDidUpdate(lastProps: Props, lastState: State) {
     const { location } = this.props;
     // if (app && !app.isConfigurable) {
-      // app not configurable - redirect
-      // TODO NOW: what to do here?
+    // app not configurable - redirect
+    // TODO NOW: what to do here?
     // }
     if (
       this.state.configGroups &&
@@ -585,7 +585,11 @@ class AppConfig extends Component<Props, State> {
               })}
             </div>
             <div className="ConfigArea--wrapper">
-              <div className={classNames("ConfigOuterWrapper card-bg u-padding--15")}>
+              <div
+                className={classNames(
+                  "ConfigOuterWrapper card-bg u-padding--15"
+                )}
+              >
                 <div className="ConfigInnerWrapper">
                   <AppConfigRenderer
                     groups={configGroups}
@@ -603,9 +607,7 @@ class AppConfig extends Component<Props, State> {
                     )}
                     <button
                       className="btn primary blue"
-                      disabled={
-                        showValidationError || !changed
-                      }
+                      disabled={showValidationError || !changed}
                       onClick={this.handleNext}
                     >
                       Next
diff --git a/web/src/index.tsx b/web/src/index.tsx
index c1ef1d0a31..874d49eb8e 100644
--- a/web/src/index.tsx
+++ b/web/src/index.tsx
@@ -20,7 +20,8 @@ root.render(
   <BrowserRouter>
     <Routes>
       <Route path="/upgrade-service/*" element={<UpgradeService />} />
-      <Route path="/*"
+      <Route
+        path="/*"
         element={
           <ReplicatedErrorBoundary>
             <Root />

From b38a8f157f11671dbe275cddc516d21697b0a72b Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Wed, 12 Jun 2024 22:41:42 +0000
Subject: [PATCH 17/33] Use params file

---
 Makefile                                  |  13 +-
 cmd/kots/cli/root.go                      |   2 +-
 cmd/kots/cli/start-upgrade-service.go     |  78 ----------
 cmd/kots/cli/upgrade-service.go           |  61 ++++++++
 hack/dev/skaffold.Dockerfile              |   1 -
 hack/dev/skaffoldcache.Dockerfile         |   1 -
 migrations/tables/instance-report.yaml    |  66 --------
 migrations/tables/preflight-report.yaml   |  35 -----
 pkg/api/reporting/types/types.go          |  76 ++++-----
 pkg/apiserver/server.go                   |   6 +-
 pkg/handlers/handlers.go                  |   7 +-
 pkg/handlers/upgrade_service.go           |  32 ++--
 pkg/upgradeservice/bootstrap.go           |   6 +-
 pkg/upgradeservice/handlers/handlers.go   |   6 +-
 pkg/upgradeservice/handlers/middleware.go |  10 +-
 pkg/upgradeservice/process.go             | 179 ++++++++++++++--------
 pkg/upgradeservice/server.go              |   5 +-
 pkg/upgradeservice/types/types.go         |  45 +++---
 web/.gitignore                            |   1 -
 19 files changed, 276 insertions(+), 354 deletions(-)
 delete mode 100644 cmd/kots/cli/start-upgrade-service.go
 create mode 100644 cmd/kots/cli/upgrade-service.go
 delete mode 100644 migrations/tables/instance-report.yaml
 delete mode 100644 migrations/tables/preflight-report.yaml

diff --git a/Makefile b/Makefile
index ad4dc4f1ee..0efb26ab65 100644
--- a/Makefile
+++ b/Makefile
@@ -51,6 +51,8 @@ kots: capture-start-time kots-real report-metric
 
 .PHONY: kots-real
 kots-real:
+	mkdir -p web/dist
+	touch web/dist/README.md
 	go build ${LDFLAGS} -o bin/kots $(BUILDFLAGS) github.com/replicatedhq/kots/cmd/kots
 
 .PHONY: fmt
@@ -80,7 +82,7 @@ build: capture-start-time build-real report-metric
 .PHONY: build-real
 build-real:
 	mkdir -p web/dist
-	touch web/dist/THIS_IS_OKTETO  # we need this for go:embed, but it's not actually used in dev
+	touch web/dist/README.md
 	go build ${LDFLAGS} ${GCFLAGS} -v -o bin/kotsadm $(BUILDFLAGS) ./cmd/kotsadm
 
 .PHONY: tidy
@@ -112,11 +114,12 @@ debug-build:
 debug: debug-build
 	LOG_LEVEL=$(LOG_LEVEL) dlv --listen=:2345 --headless=true --api-version=2 exec ./bin/kotsadm-debug api
 
-# TODO NOW: make web part of kots cli in dev?
-.PHONY: build-ttl.sh
-# build-ttl.sh: kots build
-build-ttl.sh: build
+.PHONY: web
+web:
 	source .image.env && ${MAKE} -C web build-kotsadm
+
+.PHONY: build-ttl.sh
+build-ttl.sh: web kots build
 	docker build -f deploy/Dockerfile -t ttl.sh/${CURRENT_USER}/kotsadm:24h .
 	docker push ttl.sh/${CURRENT_USER}/kotsadm:24h
 
diff --git a/cmd/kots/cli/root.go b/cmd/kots/cli/root.go
index 991ca0cae1..d1c0de67fe 100644
--- a/cmd/kots/cli/root.go
+++ b/cmd/kots/cli/root.go
@@ -55,7 +55,7 @@ func RootCmd() *cobra.Command {
 	cmd.AddCommand(CompletionCmd())
 	cmd.AddCommand(DockerRegistryCmd())
 	cmd.AddCommand(EnableHACmd())
-	cmd.AddCommand(StartUpgradeServiceCmd())
+	cmd.AddCommand(UpgradeServiceCmd())
 
 	viper.BindPFlags(cmd.Flags())
 
diff --git a/cmd/kots/cli/start-upgrade-service.go b/cmd/kots/cli/start-upgrade-service.go
deleted file mode 100644
index 7eb77a889f..0000000000
--- a/cmd/kots/cli/start-upgrade-service.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package cli
-
-import (
-	"fmt"
-
-	"github.com/replicatedhq/kots/pkg/upgradeservice"
-	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func StartUpgradeServiceCmd() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:    "start-upgrade-service",
-		Short:  "Starts the KOTS upgrade service",
-		Long:   `Starts the KOTS upgrade service`,
-		Hidden: true,
-		PreRun: func(cmd *cobra.Command, args []string) {
-			viper.BindPFlags(cmd.Flags())
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			v := viper.GetViper()
-
-			params := types.ServerParams{
-				Port: fmt.Sprintf("%d", viper.GetInt("port")),
-
-				AppID:       v.GetString("app-id"),
-				AppSlug:     v.GetString("app-slug"),
-				AppIsAirgap: v.GetBool("app-is-airgap"),
-				AppIsGitOps: v.GetBool("app-is-gitops"),
-				AppLicense:  v.GetString("app-license"),
-
-				BaseArchive:  v.GetString("base-archive"),
-				BaseSequence: v.GetInt64("base-sequence"),
-				NextSequence: v.GetInt64("next-sequence"),
-
-				UpdateCursor: v.GetString("update-cursor"),
-
-				RegistryEndpoint:   v.GetString("registry-endpoint"),
-				RegistryUsername:   v.GetString("registry-username"),
-				RegistryPassword:   v.GetString("registry-password"),
-				RegistryNamespace:  v.GetString("registry-namespace"),
-				RegistryIsReadOnly: v.GetBool("registry-is-readonly"),
-			}
-			if err := upgradeservice.Serve(params); err != nil {
-				return err
-			}
-
-			return nil
-		},
-	}
-
-	cmd.Flags().IntP("port", "p", 30000, "local port to listen on")
-
-	// app flags
-	cmd.Flags().String("app-id", "", "the app id")
-	cmd.Flags().String("app-slug", "", "the app slug")
-	cmd.Flags().Bool("app-is-airgap", false, "whether the app is airgap")
-	cmd.Flags().Bool("app-is-gitops", false, "whether the app is gitops")
-	cmd.Flags().String("app-license", "", "the app license")
-
-	// app version flags
-	cmd.Flags().String("base-archive", "", "path to the base app version archive")
-	cmd.Flags().String("base-sequence", "", "the local base app version sequence")
-	cmd.Flags().String("next-sequence", "", "the local next app version sequence")
-
-	// release flags
-	cmd.Flags().String("update-cursor", "", "the channel sequence of the target release")
-
-	// registry flags
-	cmd.Flags().String("registry-endpoint", "", "the registry endpoint")
-	cmd.Flags().String("registry-username", "", "the registry username")
-	cmd.Flags().String("registry-password", "", "the registry password")
-	cmd.Flags().String("registry-namespace", "", "the registry namespace")
-	cmd.Flags().Bool("registry-is-readonly", false, "whether the registry is read-only")
-
-	return cmd
-}
diff --git a/cmd/kots/cli/upgrade-service.go b/cmd/kots/cli/upgrade-service.go
new file mode 100644
index 0000000000..9369b2a871
--- /dev/null
+++ b/cmd/kots/cli/upgrade-service.go
@@ -0,0 +1,61 @@
+package cli
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/replicatedhq/kots/pkg/upgradeservice"
+	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"gopkg.in/yaml.v3"
+)
+
+func UpgradeServiceCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:    "upgrade-service",
+		Short:  "KOTS Upgrade Service",
+		Hidden: true,
+	}
+
+	cmd.AddCommand(UpgradeServiceStartCmd())
+
+	return cmd
+}
+
+func UpgradeServiceStartCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:           "start [params-file]",
+		Short:         "Starts a KOTS upgrade service using the provided params file",
+		Long:          ``,
+		SilenceUsage:  true,
+		SilenceErrors: false,
+		PreRun: func(cmd *cobra.Command, args []string) {
+			viper.BindPFlags(cmd.Flags())
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				cmd.Help()
+				os.Exit(1)
+			}
+
+			paramsYAML, err := os.ReadFile(args[0])
+			if err != nil {
+				return fmt.Errorf("failed to read config file: %v", err)
+			}
+
+			var params types.UpgradeServiceParams
+			if err := yaml.Unmarshal(paramsYAML, &params); err != nil {
+				return fmt.Errorf("failed to unmarshal config file: %v", err)
+			}
+
+			if err := upgradeservice.Serve(params); err != nil {
+				return err
+			}
+
+			return nil
+		},
+	}
+
+	return cmd
+}
diff --git a/hack/dev/skaffold.Dockerfile b/hack/dev/skaffold.Dockerfile
index 32ffe776e3..4f69c3e6f6 100644
--- a/hack/dev/skaffold.Dockerfile
+++ b/hack/dev/skaffold.Dockerfile
@@ -2,7 +2,6 @@ FROM kotsadm:cache AS builder
 
 ENV PROJECTPATH=/go/src/github.com/replicatedhq/kots
 WORKDIR $PROJECTPATH
-RUN mkdir -p web/dist && touch web/dist/README.md
 COPY Makefile ./
 COPY Makefile.build.mk ./
 COPY go.mod go.sum ./
diff --git a/hack/dev/skaffoldcache.Dockerfile b/hack/dev/skaffoldcache.Dockerfile
index 70f7d7efc7..f500b80bbd 100644
--- a/hack/dev/skaffoldcache.Dockerfile
+++ b/hack/dev/skaffoldcache.Dockerfile
@@ -4,7 +4,6 @@ RUN go install github.com/go-delve/delve/cmd/dlv@v1.7.2
 
 ENV PROJECTPATH=/go/src/github.com/replicatedhq/kots
 WORKDIR $PROJECTPATH
-RUN mkdir -p web/dist && touch web/dist/README.md
 COPY Makefile ./
 COPY Makefile.build.mk ./
 COPY go.mod go.sum ./
diff --git a/migrations/tables/instance-report.yaml b/migrations/tables/instance-report.yaml
deleted file mode 100644
index dae94afd31..0000000000
--- a/migrations/tables/instance-report.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-apiVersion: schemas.schemahero.io/v1alpha4
-kind: Table
-metadata:
-  name: instance-report
-spec:
-  name: instance_report
-  requires: []
-  schema:
-    rqlite:
-      strict: true
-      primaryKey:
-        - created_at
-      columns:
-      - name: created_at
-        type: integer
-      - name: license_id
-        type: text
-      - name: instance_id
-        type: text
-      - name: cluster_id
-        type: text
-      - name: app_status
-        type: text
-      - name: is_kurl
-        type: integer
-      - name: kurl_node_count_total
-        type: integer
-      - name: kurl_node_count_ready
-        type: integer
-      - name: k8s_version
-        type: text
-      - name: kots_version
-        type: text
-      - name: kots_install_id
-        type: text
-      - name: kurl_install_id
-        type: text
-      - name: embedded_cluster_id
-        type: text
-      - name: embedded_cluster_version
-        type: text
-      - name: is_gitops_enabled
-        type: integer
-      - name: gitops_provider
-        type: text
-# downstream stuff
-      - name: downstream_channel_id
-        type: text
-      - name: downstream_channel_sequence
-        type: integer
-      - name: downstream_channel_name
-        type: text
-      - name: downstream_sequence
-        type: integer
-      - name: downstream_source
-        type: text
-      - name: install_status
-        type: text
-      - name: preflight_state
-        type: text
-      - name: skip_preflights
-        type: integer
-      - name: repl_helm_installs
-        type: integer
-      - name: native_helm_installs
-        type: integer
\ No newline at end of file
diff --git a/migrations/tables/preflight-report.yaml b/migrations/tables/preflight-report.yaml
deleted file mode 100644
index 775772d716..0000000000
--- a/migrations/tables/preflight-report.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-apiVersion: schemas.schemahero.io/v1alpha4
-kind: Table
-metadata:
-  name: preflight-report
-spec:
-  name: preflight_report
-  requires: []
-  schema:
-    rqlite:
-      strict: true
-      primaryKey:
-        - created_at
-      columns:
-      - name: created_at
-        type: integer
-      - name: license_id
-        type: text
-      - name: instance_id
-        type: text
-      - name: cluster_id
-        type: text
-      - name: sequence
-        type: integer
-      - name: skip_preflights
-        type: integer
-      - name: install_status
-        type: text
-      - name: is_cli
-        type: integer
-      - name: preflight_status
-        type: text
-      - name: app_status
-        type: text
-      - name: kots_version
-        type: text
diff --git a/pkg/api/reporting/types/types.go b/pkg/api/reporting/types/types.go
index 4143e7fb87..b92e16c74e 100644
--- a/pkg/api/reporting/types/types.go
+++ b/pkg/api/reporting/types/types.go
@@ -1,52 +1,38 @@
 package types
 
-// This type is mimicked in the instance_report table.
 type ReportingInfo struct {
-	InstanceID              string         `json:"instance_id"`
-	ClusterID               string         `json:"cluster_id"`
-	Downstream              DownstreamInfo `json:"downstream"`
-	AppStatus               string         `json:"app_status"`
-	IsKurl                  bool           `json:"is_kurl"`
-	KurlNodeCountTotal      int            `json:"kurl_node_count_total"`
-	KurlNodeCountReady      int            `json:"kurl_node_count_ready"`
-	K8sVersion              string         `json:"k8s_version"`
-	K8sDistribution         string         `json:"k8s_distribution"`
-	UserAgent               string         `json:"user_agent"`
-	KOTSInstallID           string         `json:"kots_install_id"`
-	KURLInstallID           string         `json:"kurl_install_id"`
-	EmbeddedClusterID       string         `json:"embedded_cluster_id"`
-	EmbeddedClusterVersion  string         `json:"embedded_cluster_version"`
-	IsGitOpsEnabled         bool           `json:"is_gitops_enabled"`
-	GitOpsProvider          string         `json:"gitops_provider"`
-	SnapshotProvider        string         `json:"snapshot_provider"`
-	SnapshotFullSchedule    string         `json:"snapshot_full_schedule"`
-	SnapshotFullTTL         string         `json:"snapshot_full_ttl"`
-	SnapshotPartialSchedule string         `json:"snapshot_partial_schedule"`
-	SnapshotPartialTTL      string         `json:"snapshot_partial_ttl"`
+	InstanceID              string         `json:"instance_id" yaml:"instance_id"`
+	ClusterID               string         `json:"cluster_id" yaml:"cluster_id"`
+	Downstream              DownstreamInfo `json:"downstream" yaml:"downstream"`
+	AppStatus               string         `json:"app_status" yaml:"app_status"`
+	IsKurl                  bool           `json:"is_kurl" yaml:"is_kurl"`
+	KurlNodeCountTotal      int            `json:"kurl_node_count_total" yaml:"kurl_node_count_total"`
+	KurlNodeCountReady      int            `json:"kurl_node_count_ready" yaml:"kurl_node_count_ready"`
+	K8sVersion              string         `json:"k8s_version" yaml:"k8s_version"`
+	K8sDistribution         string         `json:"k8s_distribution" yaml:"k8s_distribution"`
+	UserAgent               string         `json:"user_agent" yaml:"user_agent"`
+	KOTSInstallID           string         `json:"kots_install_id" yaml:"kots_install_id"`
+	KURLInstallID           string         `json:"kurl_install_id" yaml:"kurl_install_id"`
+	EmbeddedClusterID       string         `json:"embedded_cluster_id" yaml:"embedded_cluster_id"`
+	EmbeddedClusterVersion  string         `json:"embedded_cluster_version" yaml:"embedded_cluster_version"`
+	IsGitOpsEnabled         bool           `json:"is_gitops_enabled" yaml:"is_gitops_enabled"`
+	GitOpsProvider          string         `json:"gitops_provider" yaml:"gitops_provider"`
+	SnapshotProvider        string         `json:"snapshot_provider" yaml:"snapshot_provider"`
+	SnapshotFullSchedule    string         `json:"snapshot_full_schedule" yaml:"snapshot_full_schedule"`
+	SnapshotFullTTL         string         `json:"snapshot_full_ttl" yaml:"snapshot_full_ttl"`
+	SnapshotPartialSchedule string         `json:"snapshot_partial_schedule" yaml:"snapshot_partial_schedule"`
+	SnapshotPartialTTL      string         `json:"snapshot_partial_ttl" yaml:"snapshot_partial_ttl"`
 }
 
 type DownstreamInfo struct {
-	Cursor             string `json:"cursor"`
-	ChannelID          string `json:"channel_id"`
-	ChannelName        string `json:"channel_name"`
-	Sequence           *int64 `json:"sequence"`
-	Source             string `json:"source"`
-	Status             string `json:"status"`
-	PreflightState     string `json:"preflight_state"`
-	SkipPreflights     bool   `json:"skip_preflights"`
-	ReplHelmInstalls   int    `json:"repl_helm_installs"`
-	NativeHelmInstalls int    `json:"native_helm_installs"`
-}
-
-// This type is mimicked in the preflight_report table.
-type PreflightStatus struct {
-	InstanceID      string `json:"instance_id"`
-	ClusterID       string `json:"cluster_id"`
-	Sequence        int64  `json:"sequence"`
-	SkipPreflights  bool   `json:"skip_preflights"`
-	InstallStatus   string `json:"install_status"`
-	IsCLI           bool   `json:"is_cli"`
-	PreflightStatus string `json:"preflight_status"`
-	AppStatus       string `json:"app_status"`
-	KOTSVersion     string `json:"kots_version"`
+	Cursor             string `json:"cursor" yaml:"cursor"`
+	ChannelID          string `json:"channel_id" yaml:"channel_id"`
+	ChannelName        string `json:"channel_name" yaml:"channel_name"`
+	Sequence           *int64 `json:"sequence" yaml:"sequence"`
+	Source             string `json:"source" yaml:"source"`
+	Status             string `json:"status" yaml:"status"`
+	PreflightState     string `json:"preflight_state" yaml:"preflight_state"`
+	SkipPreflights     bool   `json:"skip_preflights" yaml:"skip_preflights"`
+	ReplHelmInstalls   int    `json:"repl_helm_installs" yaml:"repl_helm_installs"`
+	NativeHelmInstalls int    `json:"native_helm_installs" yaml:"native_helm_installs"`
 }
diff --git a/pkg/apiserver/server.go b/pkg/apiserver/server.go
index 191c907a0d..c85da776d8 100644
--- a/pkg/apiserver/server.go
+++ b/pkg/apiserver/server.go
@@ -197,11 +197,9 @@ func Start(params *APIServerParams) {
 
 	// Serve the upgrade UI from the upgrade service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.PathPrefix("/upgrade-service").Methods("GET").HandlerFunc(upgradeservice.Proxy)
+	r.PathPrefix("/upgrade-service/app/{appSlug}").Methods("GET").HandlerFunc(upgradeservice.Proxy)
 
-	// TODO NOW: move this to a shared function
-	// to avoid confusion, we don't serve this in the dev env...
-	if os.Getenv("DISABLE_SPA_SERVING") != "1" {
+	if os.Getenv("DISABLE_SPA_SERVING") != "1" { // we don't serve this in the dev env
 		spa := handlers.SPAHandler{}
 		r.PathPrefix("/").Handler(spa)
 	} else if os.Getenv("ENABLE_WEB_PROXY") == "1" { // for dev env
diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index 7d7e7db458..a28de6def7 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -319,16 +319,15 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
-	// TODO NOW: calling this again will cancel in progress updates. add endpoint to cancel updates?
+	// TODO NOW: when to stop this upgrade service?
 	// Start upgrade service
 	r.Name("StartUpgradeService").Path("/api/v1/app/{appSlug}/start-upgrade-service").Methods("POST").
 		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgradeService))
 
-	// TODO NOW: support an upgrade service for each app? yes because of automated updates? or block updates if an upgrade service is running?
 	// Proxy upgrade service requests to the upgrade service
 	// CAUTION: modifying this route WILL break backwards compatibility
-	r.Name("UpgradeServiceProxy").PathPrefix("/api/v1/upgrade-service").Methods("GET", "POST", "PUT").
-		HandlerFunc(upgradeservice.Proxy) // TODO NOW: enforce access
+	r.Name("UpgradeServiceProxy").PathPrefix("/api/v1/upgrade-service/app/{appSlug}").Methods("GET", "POST", "PUT").
+		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, upgradeservice.Proxy))
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/handlers/upgrade_service.go b/pkg/handlers/upgrade_service.go
index 0ecf3fccf6..d82fdb0415 100644
--- a/pkg/handlers/upgrade_service.go
+++ b/pkg/handlers/upgrade_service.go
@@ -7,6 +7,7 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/logger"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/upgradeservice"
 	upgradeservicetypes "github.com/replicatedhq/kots/pkg/upgradeservice/types"
@@ -56,7 +57,6 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO NOW: send version label in request
 	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(foundApp.ID, request.VersionLabel)
 	if err != nil {
 		response.Error = "failed to get app version base archive"
@@ -73,16 +73,26 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// TODO NOW: send cursor in request
-	err = upgradeservice.Start(upgradeservicetypes.StartOptions{
-		KOTSVersion:      request.KOTSVersion,
-		App:              foundApp,
-		BaseArchive:      baseArchive,
-		BaseSequence:     baseSequence,
-		NextSequence:     nextSequence,
-		UpdateCursor:     request.UpdateCursor,
-		RegistrySettings: registrySettings,
-		// TODO NOW: reporting info
+	err = upgradeservice.Start(upgradeservicetypes.UpgradeServiceParams{
+		AppID:       foundApp.ID,
+		AppSlug:     foundApp.Slug,
+		AppIsAirgap: foundApp.IsAirgap,
+		AppIsGitOps: foundApp.IsGitOps,
+		AppLicense:  foundApp.License,
+
+		BaseArchive:  baseArchive,
+		BaseSequence: baseSequence,
+		NextSequence: nextSequence,
+
+		UpdateCursor: request.UpdateCursor,
+
+		RegistryEndpoint:   registrySettings.Hostname,
+		RegistryUsername:   registrySettings.Username,
+		RegistryPassword:   registrySettings.Password,
+		RegistryNamespace:  registrySettings.Namespace,
+		RegistryIsReadOnly: registrySettings.IsReadOnly,
+
+		ReportingInfo: reporting.GetReportingInfo(foundApp.ID),
 	})
 	if err != nil {
 		response.Error = "failed to start upgrade service"
diff --git a/pkg/upgradeservice/bootstrap.go b/pkg/upgradeservice/bootstrap.go
index 1f87d7c84c..7d57e1402b 100644
--- a/pkg/upgradeservice/bootstrap.go
+++ b/pkg/upgradeservice/bootstrap.go
@@ -18,7 +18,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/util"
 )
 
-func bootstrap(params types.ServerParams) error {
+func bootstrap(params types.UpgradeServiceParams) error {
 	// TODO NOW: airgap mode
 
 	if err := pullArchiveFromOnline(params); err != nil {
@@ -28,7 +28,7 @@ func bootstrap(params types.ServerParams) error {
 	return nil
 }
 
-func pullArchiveFromOnline(params types.ServerParams) (finalError error) {
+func pullArchiveFromOnline(params types.UpgradeServiceParams) (finalError error) {
 	license, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
 	if err != nil {
 		return errors.Wrap(err, "failed to load license from bytes")
@@ -94,7 +94,7 @@ func pullArchiveFromOnline(params types.ServerParams) (finalError error) {
 		AppSlug:             params.AppSlug,
 		AppSequence:         params.NextSequence,
 		IsGitOps:            params.AppIsGitOps,
-		ReportingInfo:       nil, // TODO NOW
+		ReportingInfo:       params.ReportingInfo,
 		RewriteImages:       registrySettings.IsValid(),
 		RewriteImageOptions: registrySettings,
 		KotsKinds:           beforeKotsKinds,
diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index e7919a1b9d..65437c0897 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -25,13 +25,13 @@ func init() {
 
 func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 	// CAUTION: modifying this prefix WILL break backwards compatibility
-	subRouter := r.PathPrefix("/api/v1/upgrade-service").Subrouter()
+	subRouter := r.PathPrefix("/api/v1/upgrade-service/app/{appSlug}").Subrouter()
 	subRouter.Use(LoggingMiddleware)
 
 	subRouter.Path("/ping").Methods("GET").HandlerFunc(handler.Ping)
 
-	subRouter.Path("/app/{appSlug}/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
-	subRouter.Path("/app/{appSlug}/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
+	subRouter.Path("/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
+	subRouter.Path("/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgradeservice/handlers/middleware.go b/pkg/upgradeservice/handlers/middleware.go
index 4d90bcda87..b0e80969ea 100644
--- a/pkg/upgradeservice/handlers/middleware.go
+++ b/pkg/upgradeservice/handlers/middleware.go
@@ -13,17 +13,17 @@ import (
 
 type paramsKey struct{}
 
-func SetContextParams(r *http.Request, params types.ServerParams) *http.Request {
+func SetContextParams(r *http.Request, params types.UpgradeServiceParams) *http.Request {
 	return r.WithContext(context.WithValue(r.Context(), paramsKey{}, params))
 }
 
-func GetContextParams(r *http.Request) types.ServerParams {
+func GetContextParams(r *http.Request) types.UpgradeServiceParams {
 	val := r.Context().Value(paramsKey{})
-	sess, _ := val.(types.ServerParams)
-	return sess
+	params, _ := val.(types.UpgradeServiceParams)
+	return params
 }
 
-func ParamsMiddleware(params types.ServerParams) mux.MiddlewareFunc {
+func ParamsMiddleware(params types.UpgradeServiceParams) mux.MiddlewareFunc {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			r = SetContextParams(r, params)
diff --git a/pkg/upgradeservice/process.go b/pkg/upgradeservice/process.go
index 06c06f7163..17a1dfb4d9 100644
--- a/pkg/upgradeservice/process.go
+++ b/pkg/upgradeservice/process.go
@@ -8,36 +8,64 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"sync"
 	"time"
 
+	"github.com/gorilla/mux"
 	"github.com/phayes/freeport"
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
+	"gopkg.in/yaml.v3"
 )
 
-var upgradeServiceProcess *os.Process
-var upgradeServicePort string
+type UpgradeService struct {
+	process      *os.Process
+	processState *os.ProcessState
+	port         string
+}
+
+// map of app slug to upgrade service
+var upgradeServiceMap = map[string]UpgradeService{}
+var upgradeServiceMtx = &sync.Mutex{}
 
-// Start will spin up an upgrade service in the background on a random port.
-// If an upgrade service is already running, it will be stopped and a new one will be started.
-// The KOTS binary of the specified version will be used to start the upgrade service.
-func Start(opts types.StartOptions) (finalError error) {
+// Start spins up an upgrade service for an app in the background on a random port.
+// If an upgrade service is already running for the app, it will be stopped and a new one will be started.
+func Start(params types.UpgradeServiceParams) (finalError error) {
 	defer func() {
 		if finalError != nil {
-			stop()
+			stop(params.AppSlug)
 		}
 	}()
 
 	// stop the upgrade service if it's already running.
 	// don't bail if not able to stop, and start a new one
-	stop()
+	stop(params.AppSlug)
 
 	fp, err := freeport.GetFreePort()
 	if err != nil {
 		return errors.Wrap(err, "failed to get free port")
 	}
-	freePort := fmt.Sprintf("%d", fp)
+	params.Port = fmt.Sprintf("%d", fp)
+
+	paramsYAML, err := yaml.Marshal(params)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal params")
+	}
+	paramsFile, err := os.CreateTemp("", "upgrade-service-params-*.yaml")
+	if err != nil {
+		return errors.Wrap(err, "failed to create temp file")
+	}
+	defer os.Remove(paramsFile.Name())
+
+	if _, err := paramsFile.Write(paramsYAML); err != nil {
+		return errors.Wrap(err, "failed to write params to file")
+	}
+
+	// TODO NOW: use local /kots bin if:
+	// - version is the same as the one running
+	// - OR it's a dev env
 
 	// TODO NOW: uncomment this
 	// kotsBin, err := kotsutil.DownloadKOTSBinary(request.KOTSVersion)
@@ -45,29 +73,14 @@ func Start(opts types.StartOptions) (finalError error) {
 	// 	return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
 	// }
 
+	kotsBin := kotsutil.GetKOTSBinPath()
+
 	cmd := exec.Command(
-		// kotsBin, // TODO NOW: use target binary
-		"/kots",
-		"start-upgrade-service",
-		"--port", freePort,
-
-		"--app-id", opts.App.ID,
-		"--app-slug", opts.App.Slug,
-		"--app-is-airgap", fmt.Sprintf("%t", opts.App.IsAirgap),
-		"--app-is-gitops", fmt.Sprintf("%t", opts.App.IsGitOps),
-		"--app-license", opts.App.License, // TODO NOW: change to base64 or a file?
-
-		"--base-archive", opts.BaseArchive,
-		"--base-sequence", fmt.Sprintf("%d", opts.BaseSequence),
-		"--next-sequence", fmt.Sprintf("%d", opts.NextSequence),
-
-		"--update-cursor", opts.UpdateCursor,
-
-		"--registry-endpoint", opts.RegistrySettings.Hostname,
-		"--registry-username", opts.RegistrySettings.Username,
-		"--registry-password", opts.RegistrySettings.Password,
-		"--registry-namespace", opts.RegistrySettings.Namespace,
-		"--registry-is-readonly", fmt.Sprintf("%t", opts.RegistrySettings.IsReadOnly),
+		// TODO NOW: use target binary
+		kotsBin,
+		"upgrade-service",
+		"start",
+		paramsFile.Name(),
 	)
 
 	cmd.Stdout = os.Stdout
@@ -77,25 +90,38 @@ func Start(opts types.StartOptions) (finalError error) {
 		return errors.Wrap(err, "failed to start")
 	}
 
-	upgradeServicePort = freePort
-	upgradeServiceProcess = cmd.Process
+	addUpgradeService(params.AppSlug, UpgradeService{
+		process:      cmd.Process,
+		processState: cmd.ProcessState,
+		port:         params.Port,
+	})
 
-	if err := waitForReady(time.Second * 30); err != nil {
+	// TODO NOW: what's a good timeout here, specially for airgap?
+	// bootsrapping can take a while to pull and render the archive
+	if err := waitForReady(params.AppSlug, time.Minute*2); err != nil {
 		return errors.Wrap(err, "failed to wait for upgrade service to become ready")
 	}
 
 	return nil
 }
 
-// Proxy will proxy the request to the upgrade service.
+// Proxy proxies the request to the app's upgrade service.
 func Proxy(w http.ResponseWriter, r *http.Request) {
-	if upgradeServicePort == "" {
-		logger.Error(errors.New("upgrade service is not running"))
+	appSlug := mux.Vars(r)["appSlug"]
+	if appSlug == "" {
+		logger.Error(errors.New("upgrade service requires app slug in path"))
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	upgradeService, ok := getUpgradeService(appSlug)
+	if !ok {
+		logger.Error(errors.Errorf("upgrade service is not running for app %s", appSlug))
 		w.WriteHeader(http.StatusServiceUnavailable)
 		return
 	}
 
-	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgradeServicePort))
+	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgradeService.port))
 	if err != nil {
 		logger.Error(errors.Wrap(err, "failed to parse upgrade service url"))
 		w.WriteHeader(http.StatusInternalServerError)
@@ -106,36 +132,67 @@ func Proxy(w http.ResponseWriter, r *http.Request) {
 	proxy.ServeHTTP(w, r)
 }
 
-func stop() {
-	if upgradeServiceProcess != nil {
-		if err := upgradeServiceProcess.Signal(os.Interrupt); err != nil {
-			logger.Errorf("Failed to stop upgrade service process on port %s", upgradeServicePort)
+// stop stops the upgrade service for the given app.
+func stop(appSlug string) {
+	upgradeService, ok := getUpgradeService(appSlug)
+	if !ok {
+		return
+	}
+	if upgradeService.process != nil {
+		if err := upgradeService.process.Signal(os.Interrupt); err != nil {
+			logger.Errorf("failed to stop upgrade service process for %s on port %s", appSlug, upgradeService.port)
 		}
 	}
-	upgradeServicePort = ""
-	upgradeServiceProcess = nil
+	removeUpgradeService(appSlug)
 }
 
-func waitForReady(timeout time.Duration) error {
+func waitForReady(appSlug string, timeout time.Duration) error {
 	start := time.Now()
-
-	// TODO NOW: return last error
+	var lasterr error
 	for {
-		url := fmt.Sprintf("http://localhost:%s/api/v1/upgrade-service/ping", upgradeServicePort)
-		newRequest, err := http.NewRequest("GET", url, nil)
-		if err == nil {
-			resp, err := http.DefaultClient.Do(newRequest)
-			if err == nil {
-				if resp.StatusCode == http.StatusOK {
-					return nil
-				}
-			}
+		upgradeService, ok := getUpgradeService(appSlug)
+		if !ok {
+			return errors.Errorf("upgrade service was stopped. last error: %v", lasterr)
 		}
-
-		time.Sleep(time.Second)
-
-		if time.Since(start) > timeout {
-			return errors.Errorf("Timeout waiting for upgrade-service to become ready on port %s", upgradeServicePort)
+		if upgradeService.processState != nil && upgradeService.processState.Exited() {
+			return errors.Errorf("upgrade service process exited. last error: %v", lasterr)
+		}
+		if time.Sleep(time.Second); time.Since(start) > timeout {
+			return errors.Errorf("Timeout waiting for upgrade service to become ready on port %s. last error: %v", upgradeService.port, lasterr)
+		}
+		request, err := http.NewRequest("GET", fmt.Sprintf("http://localhost:%s/api/v1/upgrade-service/app/%s/ping", upgradeService.port, appSlug), nil)
+		if err != nil {
+			lasterr = errors.Wrap(err, "failed to create request")
+			continue
+		}
+		response, err := http.DefaultClient.Do(request)
+		if err != nil {
+			lasterr = errors.Wrap(err, "failed to do request")
+			continue
 		}
+		if response.StatusCode != http.StatusOK {
+			lasterr = errors.Errorf("unexpected status code %d", response.StatusCode)
+			continue
+		}
+		return nil
 	}
 }
+
+func addUpgradeService(appSlug string, upgradeService UpgradeService) {
+	upgradeServiceMtx.Lock()
+	upgradeServiceMap[appSlug] = upgradeService
+	upgradeServiceMtx.Unlock()
+}
+
+func removeUpgradeService(appSlug string) {
+	upgradeServiceMtx.Lock()
+	delete(upgradeServiceMap, appSlug)
+	upgradeServiceMtx.Unlock()
+}
+
+func getUpgradeService(appSlug string) (UpgradeService, bool) {
+	upgradeServiceMtx.Lock()
+	upgradeService, ok := upgradeServiceMap[appSlug]
+	upgradeServiceMtx.Unlock()
+	return upgradeService, ok
+}
diff --git a/pkg/upgradeservice/server.go b/pkg/upgradeservice/server.go
index 9677f000c1..a662c664a4 100644
--- a/pkg/upgradeservice/server.go
+++ b/pkg/upgradeservice/server.go
@@ -14,7 +14,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
 
-func Serve(params types.ServerParams) error {
+func Serve(params types.UpgradeServiceParams) error {
 	fmt.Printf("Starting KOTS Upgrade Service version %s on port %s\n", buildversion.Version(), params.Port)
 
 	if err := bootstrap(params); err != nil {
@@ -34,8 +34,7 @@ func Serve(params types.ServerParams) error {
 	* Static routes
 	**********************************************************************/
 
-	// to avoid confusion, we don't serve this in the dev env...
-	if os.Getenv("DISABLE_SPA_SERVING") != "1" {
+	if os.Getenv("DISABLE_SPA_SERVING") != "1" { // we don't serve this in the dev env
 		spa := handlers.SPAHandler{}
 		r.PathPrefix("/").Handler(spa)
 	} else if os.Getenv("ENABLE_WEB_PROXY") == "1" { // for dev env
diff --git a/pkg/upgradeservice/types/types.go b/pkg/upgradeservice/types/types.go
index ef4c5b7b1b..96786d2506 100644
--- a/pkg/upgradeservice/types/types.go
+++ b/pkg/upgradeservice/types/types.go
@@ -1,38 +1,29 @@
 package types
 
 import (
-	apptypes "github.com/replicatedhq/kots/pkg/app/types"
-	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	reportingtypes "github.com/replicatedhq/kots/pkg/api/reporting/types"
 )
 
-type StartOptions struct {
-	KOTSVersion      string
-	App              *apptypes.App
-	BaseArchive      string
-	BaseSequence     int64
-	NextSequence     int64
-	UpdateCursor     string
-	RegistrySettings registrytypes.RegistrySettings
-}
+type UpgradeServiceParams struct {
+	Port string `yaml:"port"`
 
-type ServerParams struct {
-	Port string
+	AppID       string `yaml:"appID"`
+	AppSlug     string `yaml:"appSlug"`
+	AppIsAirgap bool   `yaml:"appIsAirgap"`
+	AppIsGitOps bool   `yaml:"appIsGitOps"`
+	AppLicense  string `yaml:"appLicense"`
 
-	AppID       string
-	AppSlug     string
-	AppIsAirgap bool
-	AppIsGitOps bool
-	AppLicense  string
+	BaseArchive  string `yaml:"baseArchive"`
+	BaseSequence int64  `yaml:"baseSequence"`
+	NextSequence int64  `yaml:"nextSequence"`
 
-	BaseArchive  string
-	BaseSequence int64
-	NextSequence int64
+	UpdateCursor string `yaml:"updateCursor"`
 
-	UpdateCursor string
+	RegistryEndpoint   string `yaml:"registryEndpoint"`
+	RegistryUsername   string `yaml:"registryUsername"`
+	RegistryPassword   string `yaml:"registryPassword"`
+	RegistryNamespace  string `yaml:"registryNamespace"`
+	RegistryIsReadOnly bool   `yaml:"registryIsReadOnly"`
 
-	RegistryEndpoint   string
-	RegistryUsername   string
-	RegistryPassword   string
-	RegistryNamespace  string
-	RegistryIsReadOnly bool
+	ReportingInfo *reportingtypes.ReportingInfo `yaml:"reportingInfo"`
 }
diff --git a/web/.gitignore b/web/.gitignore
index 7f912b4d0b..812dac8b48 100644
--- a/web/.gitignore
+++ b/web/.gitignore
@@ -25,7 +25,6 @@ yarn-error.log*
 package-lock.json
 
 dist/*
-!dist/README.md
 /history
 
 #editors

From 91e6a9cad15cbcc67bb2b61b0eee8dc102f1421a Mon Sep 17 00:00:00 2001
From: Mia Wong <miawongdev@gmail.com>
Date: Thu, 13 Jun 2024 13:45:26 -0400
Subject: [PATCH 18/33] Embedded Cluster: Show available updates in the UI
 (#4680)

---
 web/src/components/apps/AppVersionHistory.tsx | 298 +++++++++++-------
 1 file changed, 183 insertions(+), 115 deletions(-)

diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index 5cdd32f086..e9730ab89d 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -62,6 +62,7 @@ type Props = {
     app: App;
     displayErrorModal: boolean;
     isBundleUploading: boolean;
+    isEmbeddedCluster: boolean;
     makeCurrentVersion: (
       slug: string,
       version: Version | null,
@@ -84,6 +85,7 @@ type Props = {
 type State = {
   airgapUploader: AirgapUploader | null;
   airgapUploadError: string;
+  availableUpdates: Version[] | null;
   appUpdateChecker: Repeater;
   checkedReleasesToDiff: Version[];
   checkingForUpdateError: boolean;
@@ -155,6 +157,7 @@ class AppVersionHistory extends Component<Props, State> {
     this.state = {
       airgapUploader: null,
       airgapUploadError: "",
+      availableUpdates: null,
       appUpdateChecker: new Repeater(),
       checkedReleasesToDiff: [],
       checkingForUpdateError: false,
@@ -254,36 +257,7 @@ class AppVersionHistory extends Component<Props, State> {
       }
     }
 
-    // TODO NOW: remove this
-    const appSlug = this.props.params.slug;
-    fetch(`${process.env.API_ENDPOINT}/app/${appSlug}/start-upgrade-service`, {
-      headers: {
-        "Content-Type": "application/json",
-        Accept: "application/json",
-      },
-      body: JSON.stringify({
-        kotsVersion: "v1.109.3",
-        versionLabel: "0.0.268",
-        updateCursor: "895",
-      }),
-      credentials: "include",
-      method: "POST",
-    })
-      .then(async (res) => {
-        if (res.ok) {
-          this.setState({
-            shouldShowUpgradeServiceModal: true,
-          });
-          return;
-        }
-        const text = await res.text();
-        console.log("failed to init upgrade service", text);
-      })
-      .catch((err) => {
-        console.log(err);
-      });
-
-    this._mounted = true;
+    this.fetchAvailableUpdates();
   }
 
   componentDidUpdate = async (lastProps: Props) => {
@@ -316,6 +290,27 @@ class AppVersionHistory extends Component<Props, State> {
     this._mounted = false;
   }
 
+  fetchAvailableUpdates = async () => {
+    const appSlug = this.props.params.slug;
+    const res = await fetch(
+      `${process.env.API_ENDPOINT}/app/${appSlug}/updates`,
+      {
+        headers: {
+          "Content-Type": "application/json",
+        },
+        credentials: "include",
+        method: "GET",
+      }
+    );
+    if (!res.ok) {
+      return;
+    }
+    const response = await res.json();
+
+    this.setState({ availableUpdates: response.updates });
+    return response;
+  };
+
   fetchKotsDownstreamHistory = async () => {
     const appSlug = this.props.params.slug;
 
@@ -1399,6 +1394,68 @@ class AppVersionHistory extends Component<Props, State> {
     }
   };
 
+  startUpgraderService = (version: Version) => {
+    const appSlug = this.props.params.slug;
+    fetch(`${process.env.API_ENDPOINT}/app/${appSlug}/start-upgrade-service`, {
+      headers: {
+        "Content-Type": "application/json",
+        Accept: "application/json",
+      },
+      body: JSON.stringify({
+        // not used// doesn't matter right now
+        kotsVersion: "v1.109.3",
+        versionLabel: version.versionLabel,
+        // channel sequence
+        updateCursor: version.updateCursor,
+      }),
+      credentials: "include",
+      method: "POST",
+    })
+      .then(async (res) => {
+        if (res.ok) {
+          this.setState({
+            shouldShowUpgradeServiceModal: true,
+          });
+          return;
+        }
+        const text = await res.text();
+        console.log("failed to init upgrade service", text);
+      })
+      .catch((err) => {
+        console.log(err);
+      });
+
+    this._mounted = true;
+  };
+
+  renderAvailableECUpdatesRow = (versions: Version[]) => {
+    return (
+      <div className="tw-max-h-[275px] tw-overflow-auto">
+        <p className="u-fontSize--normal u-fontWeight--medium tw-color-gray-800 tw-mb-2">
+          Available Updates
+        </p>
+        <div className="tw-flex tw-flex-col tw-gap-2">
+          {versions.map((version, index) => (
+            <div
+              key={index}
+              className="tw-h-10 tw-bg-white tw-p-4 tw-flex tw-justify-between tw-items-center tw-rounded"
+            >
+              <p className="u-fontSize--header2 u-fontWeight--bold u-lineHeight--medium card-item-title ">
+                {version.versionLabel}
+              </p>
+              <button
+                className={"btn tw-ml-2 primary blue"}
+                onClick={() => this.startUpgraderService(version)}
+              >
+                Deploy
+              </button>
+            </div>
+          ))}
+        </div>
+      </div>
+    );
+  };
+
   renderAppVersionHistoryRow = (version: Version, index?: number) => {
     if (
       !version ||
@@ -1783,7 +1840,7 @@ class AppVersionHistory extends Component<Props, State> {
                   {(versionHistory.length === 0 && gitopsIsConnected) ||
                   versionHistory?.length > 0 ? (
                     <>
-                      {gitopsIsConnected ? (
+                      {gitopsIsConnected && (
                         <div
                           style={{ maxWidth: "1030px" }}
                           className="u-width--full u-marginBottom--30"
@@ -1807,96 +1864,107 @@ class AppVersionHistory extends Component<Props, State> {
                             }
                           />
                         </div>
-                      ) : (
+                      )}
+                      {!gitopsIsConnected && (
                         <div className="TableDiff--Wrapper card-bg u-marginBottom--30">
-                          <div className="flex justifyContent--spaceBetween alignItems--center u-marginBottom--15">
-                            <p className="u-fontSize--normal u-fontWeight--medium u-textColor--info">
-                              {this.state.updatesAvailable
-                                ? "New version available"
-                                : ""}
-                            </p>
-                            <div className="flex alignItems--center">
+                          {!this.props.outletContext.isEmbeddedCluster && (
+                            <div className="flex justifyContent--spaceBetween alignItems--center u-marginBottom--15">
+                              <p className="u-fontSize--normal u-fontWeight--medium u-textColor--info">
+                                {this.state.updatesAvailable
+                                  ? "New version available"
+                                  : ""}
+                              </p>
                               <div className="flex alignItems--center">
-                                {app?.isAirgap && airgapUploader ? (
-                                  <MountAware
-                                    onMount={(el: Element) =>
-                                      airgapUploader?.assignElement(el)
-                                    }
-                                  >
-                                    <div className="flex alignItems--center">
-                                      <span className="icon clickable dashboard-card-upload-version-icon u-marginRight--5" />
-                                      <span className="link u-fontSize--small u-lineHeight--default">
-                                        Upload new version
-                                      </span>
-                                    </div>
-                                  </MountAware>
-                                ) : (
-                                  <div className="flex alignItems--center">
-                                    {checkingForUpdates &&
-                                    !this.props.outletContext
-                                      .isBundleUploading ? (
-                                      <div className="flex alignItems--center u-marginRight--20">
-                                        <Loader
-                                          className="u-marginRight--5"
-                                          size="15"
-                                        />
-                                        <span className="u-textColor--bodyCopy u-fontWeight--medium u-fontSize--small u-lineHeight--default">
-                                          {checkingUpdateMessage === ""
-                                            ? "Checking for updates"
-                                            : checkingUpdateTextShort}
+                                <div className="flex alignItems--center">
+                                  {app?.isAirgap && airgapUploader ? (
+                                    <MountAware
+                                      onMount={(el: Element) =>
+                                        airgapUploader?.assignElement(el)
+                                      }
+                                    >
+                                      <div className="flex alignItems--center">
+                                        <span className="icon clickable dashboard-card-upload-version-icon u-marginRight--5" />
+                                        <span className="link u-fontSize--small u-lineHeight--default">
+                                          Upload new version
                                         </span>
                                       </div>
-                                    ) : (
-                                      <div className="flex alignItems--center u-marginRight--20">
-                                        <span
-                                          className="flex-auto flex alignItems--center link u-fontSize--small"
-                                          onClick={this.onCheckForUpdates}
-                                        >
-                                          <Icon
-                                            icon="check-update"
-                                            size={16}
-                                            className="clickable u-marginRight--5"
-                                            color={""}
-                                            style={{}}
-                                            disableFill={false}
-                                            removeInlineStyle={false}
+                                    </MountAware>
+                                  ) : (
+                                    <div className="flex alignItems--center">
+                                      {checkingForUpdates &&
+                                      !this.props.outletContext
+                                        .isBundleUploading ? (
+                                        <div className="flex alignItems--center u-marginRight--20">
+                                          <Loader
+                                            className="u-marginRight--5"
+                                            size="15"
                                           />
-                                          Check for update
-                                        </span>
-                                      </div>
-                                    )}
-                                    <span
-                                      className="flex-auto flex alignItems--center link u-fontSize--small"
-                                      onClick={this.toggleAutomaticUpdatesModal}
-                                    >
-                                      <Icon
-                                        icon="schedule-sync"
-                                        size={16}
-                                        className="clickable u-marginRight--5"
-                                        color={""}
-                                        style={{}}
-                                        disableFill={false}
-                                        removeInlineStyle={false}
-                                      />
-                                      Configure automatic updates
-                                    </span>
-                                  </div>
-                                )}
+                                          <span className="u-textColor--bodyCopy u-fontWeight--medium u-fontSize--small u-lineHeight--default">
+                                            {checkingUpdateMessage === ""
+                                              ? "Checking for updates"
+                                              : checkingUpdateTextShort}
+                                          </span>
+                                        </div>
+                                      ) : (
+                                        <div className="flex alignItems--center u-marginRight--20">
+                                          <span
+                                            className="flex-auto flex alignItems--center link u-fontSize--small"
+                                            onClick={this.onCheckForUpdates}
+                                          >
+                                            <Icon
+                                              icon="check-update"
+                                              size={16}
+                                              className="clickable u-marginRight--5"
+                                              color={""}
+                                              style={{}}
+                                              disableFill={false}
+                                              removeInlineStyle={false}
+                                            />
+                                            Check for update
+                                          </span>
+                                        </div>
+                                      )}
+                                      <span
+                                        className="flex-auto flex alignItems--center link u-fontSize--small"
+                                        onClick={
+                                          this.toggleAutomaticUpdatesModal
+                                        }
+                                      >
+                                        <Icon
+                                          icon="schedule-sync"
+                                          size={16}
+                                          className="clickable u-marginRight--5"
+                                          color={""}
+                                          style={{}}
+                                          disableFill={false}
+                                          removeInlineStyle={false}
+                                        />
+                                        Configure automatic updates
+                                      </span>
+                                    </div>
+                                  )}
+                                </div>
+                                {versionHistory.length > 1 && !gitopsIsConnected
+                                  ? this.renderDiffBtn()
+                                  : null}
                               </div>
-                              {versionHistory.length > 1 && !gitopsIsConnected
-                                ? this.renderDiffBtn()
-                                : null}
-                            </div>
-                          </div>
-                          {pendingVersion ? (
-                            this.renderAppVersionHistoryRow(pendingVersion)
-                          ) : (
-                            <div className="card-item flex-column flex1 u-marginTop--20 u-marginBottom--10 alignItems--center justifyContent--center">
-                              <p className="u-fontSize--normal u-fontWeight--medium u-textColor--bodyCopy u-padding--10">
-                                Application up to date.
-                              </p>
                             </div>
                           )}
+                          {this.state.availableUpdates &&
+                            this.props.outletContext.isEmbeddedCluster &&
+                            this.renderAvailableECUpdatesRow(
+                              this.state.availableUpdates
+                            )}
+                          {!this.props.outletContext.isEmbeddedCluster &&
+                            (pendingVersion ? (
+                              this.renderAppVersionHistoryRow(pendingVersion)
+                            ) : (
+                              <div className="card-item flex-column flex1 u-marginTop--20 u-marginBottom--10 alignItems--center justifyContent--center">
+                                <p className="u-fontSize--normal u-fontWeight--medium u-textColor--bodyCopy u-padding--10">
+                                  Application up to date.
+                                </p>
+                              </div>
+                            ))}
                           {(this.state.numOfSkippedVersions > 0 ||
                             this.state.numOfRemainingVersions > 0) && (
                             <p className="u-fontSize--small u-fontWeight--medium u-lineHeight--more u-textColor--info u-marginTop--10">
@@ -1916,12 +1984,12 @@ class AppVersionHistory extends Component<Props, State> {
                           )}
                         </div>
                       )}
-                      {versionHistory?.length > 0 ? (
+                      {versionHistory?.length > 0 && (
                         <>
                           {this.renderUpdateProgress()}
                           {this.renderAllVersions()}
                         </>
-                      ) : null}
+                      )}
                     </>
                   ) : (
                     <div className="flex-column flex1 alignItems--center justifyContent--center">

From bb1c47c2ed33c8725778cc15f38f21537fbfb2d2 Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Thu, 13 Jun 2024 14:14:15 -0400
Subject: [PATCH 19/33] allow same origin iframing in kurl proxy (#4682)

---
 kurl_proxy/cmd/main.go      |  4 ++--
 kurl_proxy/cmd/main_test.go | 22 +++++++++++-----------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/kurl_proxy/cmd/main.go b/kurl_proxy/cmd/main.go
index 5efdc6629c..21f41391f2 100644
--- a/kurl_proxy/cmd/main.go
+++ b/kurl_proxy/cmd/main.go
@@ -472,8 +472,8 @@ func getHttpsServer(upstream, dexUpstream *url.URL, tlsSecretName string, secret
 
 // CSPMiddleware adds Content-Security-Policy and X-Frame-Options headers to the response.
 func CSPMiddleware(c *gin.Context) {
-	c.Writer.Header().Set("Content-Security-Policy", "frame-ancestors 'none';")
-	c.Writer.Header().Set("X-Frame-Options", "DENY")
+	c.Writer.Header().Set("Content-Security-Policy", "frame-ancestors 'self';")
+	c.Writer.Header().Set("X-Frame-Options", "SAMEORIGIN")
 	c.Next()
 }
 
diff --git a/kurl_proxy/cmd/main_test.go b/kurl_proxy/cmd/main_test.go
index 1ce0406526..83dd9a91a7 100644
--- a/kurl_proxy/cmd/main_test.go
+++ b/kurl_proxy/cmd/main_test.go
@@ -181,8 +181,8 @@ func Test_httpServerCSPHeaders(t *testing.T) {
 			httpServer: getHttpServer("some-fingerprint", true, tmpDir),
 			path:       "/assets/index.html",
 			wantHeaders: map[string]string{
-				"Content-Security-Policy": "frame-ancestors 'none';",
-				"X-Frame-Options":         "DENY",
+				"Content-Security-Policy": "frame-ancestors 'self';",
+				"X-Frame-Options":         "SAMEORIGIN",
 			},
 		},
 		{
@@ -191,8 +191,8 @@ func Test_httpServerCSPHeaders(t *testing.T) {
 			isHttps:    true,
 			path:       "/tls/assets/index.html",
 			wantHeaders: map[string]string{
-				"Content-Security-Policy": "frame-ancestors 'none';",
-				"X-Frame-Options":         "DENY",
+				"Content-Security-Policy": "frame-ancestors 'self';",
+				"X-Frame-Options":         "SAMEORIGIN",
 			},
 		},
 	}
@@ -275,15 +275,15 @@ func Test_generateDefaultCertSecret(t *testing.T) {
 
 func Test_generateCertHostnames(t *testing.T) {
 	tests := []struct {
-		name  string
+		name      string
 		namespace string
 		hostname  string
-		altNames []string
+		altNames  []string
 	}{
 		{
-			name:  "with no namespace",
-			hostname:  "kotsadm.default.svc.cluster.local",
-			altNames : []string{
+			name:     "with no namespace",
+			hostname: "kotsadm.default.svc.cluster.local",
+			altNames: []string{
 				"kotsadm",
 				"kotsadm.default",
 				"kotsadm.default.svc",
@@ -292,10 +292,10 @@ func Test_generateCertHostnames(t *testing.T) {
 			},
 		},
 		{
-			name:  "with some other namespace",
+			name:      "with some other namespace",
 			namespace: "somecluster",
 			hostname:  "kotsadm.default.svc.cluster.local",
-			altNames : []string{
+			altNames: []string{
 				"kotsadm",
 				"kotsadm.default",
 				"kotsadm.default.svc",

From 7c017bc44ecf50db8f3a990b300b35f24d001665 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Thu, 13 Jun 2024 23:19:07 +0000
Subject: [PATCH 20/33] upgrade service lifecycle

---
 cmd/kots/cli/upgrade-service.go      |  18 ++-
 pkg/docker/registry/temp_registry.go |  53 ++++----
 pkg/upgradeservice/process.go        | 194 ++++++++++++---------------
 3 files changed, 131 insertions(+), 134 deletions(-)

diff --git a/cmd/kots/cli/upgrade-service.go b/cmd/kots/cli/upgrade-service.go
index 9369b2a871..fa0a2f4ae8 100644
--- a/cmd/kots/cli/upgrade-service.go
+++ b/cmd/kots/cli/upgrade-service.go
@@ -2,6 +2,7 @@ package cli
 
 import (
 	"fmt"
+	"io"
 	"os"
 
 	"github.com/replicatedhq/kots/pkg/upgradeservice"
@@ -39,7 +40,7 @@ func UpgradeServiceStartCmd() *cobra.Command {
 				os.Exit(1)
 			}
 
-			paramsYAML, err := os.ReadFile(args[0])
+			paramsYAML, err := readUpgradeServiceParams(args[0])
 			if err != nil {
 				return fmt.Errorf("failed to read config file: %v", err)
 			}
@@ -59,3 +60,18 @@ func UpgradeServiceStartCmd() *cobra.Command {
 
 	return cmd
 }
+
+func readUpgradeServiceParams(path string) ([]byte, error) {
+	if path == "-" {
+		b, err := io.ReadAll(os.Stdin)
+		if err != nil {
+			return nil, fmt.Errorf("read stdin: %w", err)
+		}
+		return b, nil
+	}
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return nil, fmt.Errorf("read file: %w", err)
+	}
+	return b, nil
+}
diff --git a/pkg/docker/registry/temp_registry.go b/pkg/docker/registry/temp_registry.go
index 7917397994..6665a890ba 100644
--- a/pkg/docker/registry/temp_registry.go
+++ b/pkg/docker/registry/temp_registry.go
@@ -25,8 +25,8 @@ import (
 var tempRegistryConfigYML string
 
 type TempRegistry struct {
-	process *os.Process
-	port    string
+	cmd  *exec.Cmd
+	port string
 }
 
 // Start will spin up a docker registry service in the background on a random port.
@@ -52,11 +52,11 @@ func (r *TempRegistry) Start(rootDir string) (finalError error) {
 	configYMLCopy := strings.Replace(tempRegistryConfigYML, "__ROOT_DIR__", rootDir, 1)
 	configYMLCopy = strings.Replace(configYMLCopy, "__PORT__", freePort, 1)
 
-	configFile, err := ioutil.TempFile("", "registryconfig")
+	configFile, err := os.CreateTemp("", "registryconfig")
 	if err != nil {
 		return errors.Wrap(err, "failed to create temp file for config")
 	}
-	if err := ioutil.WriteFile(configFile.Name(), []byte(configYMLCopy), 0644); err != nil {
+	if err := os.WriteFile(configFile.Name(), []byte(configYMLCopy), 0644); err != nil {
 		return errors.Wrap(err, "failed to write config to temp file")
 	}
 	defer os.RemoveAll(configFile.Name())
@@ -70,8 +70,11 @@ func (r *TempRegistry) Start(rootDir string) (finalError error) {
 		return errors.Wrap(err, "failed to start")
 	}
 
+	// calling wait helps reap the zombie process
+	go cmd.Wait()
+
+	r.cmd = cmd
 	r.port = freePort
-	r.process = cmd.Process
 
 	if err := r.WaitForReady(time.Second * 30); err != nil {
 		return errors.Wrap(err, "failed to wait for registry to become ready")
@@ -81,35 +84,37 @@ func (r *TempRegistry) Start(rootDir string) (finalError error) {
 }
 
 func (r *TempRegistry) Stop() {
-	if r.process != nil {
-		if err := r.process.Signal(os.Interrupt); err != nil {
-			logger.Debugf("Failed to stop registry process on port %s", r.port)
+	if r.cmd != nil && r.cmd.ProcessState == nil {
+		if err := r.cmd.Process.Signal(os.Interrupt); err != nil {
+			logger.Errorf("Failed to stop registry process on port %s", r.port)
 		}
 	}
+	r.cmd = nil
 	r.port = ""
-	r.process = nil
 }
 
 func (r *TempRegistry) WaitForReady(timeout time.Duration) error {
 	start := time.Now()
-
+	var lasterr error
 	for {
-		url := fmt.Sprintf("http://localhost:%s", r.port)
-		newRequest, err := http.NewRequest("GET", url, nil)
-		if err == nil {
-			resp, err := http.DefaultClient.Do(newRequest)
-			if err == nil {
-				if resp.StatusCode == http.StatusOK {
-					return nil
-				}
-			}
+		if time.Sleep(time.Second); time.Since(start) > timeout {
+			return errors.Errorf("Timeout waiting for registry to become ready on port %s. last error: %v", r.port, lasterr)
 		}
-
-		time.Sleep(time.Second)
-
-		if time.Since(start) > timeout {
-			return errors.Errorf("Timeout waiting for registry to become ready on port %s", r.port)
+		request, err := http.NewRequest("GET", fmt.Sprintf("http://localhost:%s", r.port), nil)
+		if err != nil {
+			lasterr = errors.Wrap(err, "failed to create request")
+			continue
+		}
+		response, err := http.DefaultClient.Do(request)
+		if err != nil {
+			lasterr = errors.Wrap(err, "failed to do request")
+			continue
+		}
+		if response.StatusCode != http.StatusOK {
+			lasterr = errors.Errorf("unexpected status code %d", response.StatusCode)
+			continue
 		}
+		return nil
 	}
 }
 
diff --git a/pkg/upgradeservice/process.go b/pkg/upgradeservice/process.go
index 17a1dfb4d9..85bed37a7f 100644
--- a/pkg/upgradeservice/process.go
+++ b/pkg/upgradeservice/process.go
@@ -8,6 +8,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"strings"
 	"sync"
 	"time"
 
@@ -21,46 +22,79 @@ import (
 )
 
 type UpgradeService struct {
-	process      *os.Process
-	processState *os.ProcessState
-	port         string
+	cmd  *exec.Cmd
+	port string
 }
 
 // map of app slug to upgrade service
-var upgradeServiceMap = map[string]UpgradeService{}
+var upgradeServiceMap = map[string]*UpgradeService{}
 var upgradeServiceMtx = &sync.Mutex{}
 
-// Start spins up an upgrade service for an app in the background on a random port.
+// Start spins up an upgrade service for an app in the background on a random port and waits for it to be ready.
 // If an upgrade service is already running for the app, it will be stopped and a new one will be started.
 func Start(params types.UpgradeServiceParams) (finalError error) {
-	defer func() {
-		if finalError != nil {
-			stop(params.AppSlug)
-		}
-	}()
+	svc, err := start(params)
+	if err != nil {
+		return errors.Wrap(err, "failed to create new upgrade service")
+	}
+	if err := svc.waitForReady(params.AppSlug); err != nil {
+		return errors.Wrap(err, "failed to wait for upgrade service to become ready")
+	}
+	return nil
+}
 
-	// stop the upgrade service if it's already running.
-	// don't bail if not able to stop, and start a new one
-	stop(params.AppSlug)
+// Proxy proxies the request to the app's upgrade service.
+func Proxy(w http.ResponseWriter, r *http.Request) {
+	appSlug := mux.Vars(r)["appSlug"]
+	if appSlug == "" {
+		logger.Error(errors.New("upgrade service requires app slug in path"))
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
 
-	fp, err := freeport.GetFreePort()
-	if err != nil {
-		return errors.Wrap(err, "failed to get free port")
+	svc, ok := upgradeServiceMap[appSlug]
+	if !ok {
+		logger.Error(errors.Errorf("upgrade service not found for app %s", appSlug))
+		w.WriteHeader(http.StatusServiceUnavailable)
+		return
 	}
-	params.Port = fmt.Sprintf("%d", fp)
 
-	paramsYAML, err := yaml.Marshal(params)
+	if !svc.isRunning() {
+		logger.Error(errors.Errorf("upgrade service is not running for app %s", appSlug))
+		w.WriteHeader(http.StatusServiceUnavailable)
+		return
+	}
+
+	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", svc.port))
 	if err != nil {
-		return errors.Wrap(err, "failed to marshal params")
+		logger.Error(errors.Wrap(err, "failed to parse upgrade service url"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	proxy := httputil.NewSingleHostReverseProxy(remote)
+	proxy.ServeHTTP(w, r)
+}
+
+func start(params types.UpgradeServiceParams) (*UpgradeService, error) {
+	upgradeServiceMtx.Lock()
+	defer upgradeServiceMtx.Unlock()
+
+	// stop the current service
+	currSvc, _ := upgradeServiceMap[params.AppSlug]
+	if currSvc != nil {
+		currSvc.stop()
 	}
-	paramsFile, err := os.CreateTemp("", "upgrade-service-params-*.yaml")
+
+	fp, err := freeport.GetFreePort()
 	if err != nil {
-		return errors.Wrap(err, "failed to create temp file")
+		return nil, errors.Wrap(err, "failed to get free port")
 	}
-	defer os.Remove(paramsFile.Name())
+	params.Port = fmt.Sprintf("%d", fp)
 
-	if _, err := paramsFile.Write(paramsYAML); err != nil {
-		return errors.Wrap(err, "failed to write params to file")
+	paramsYAML, err := yaml.Marshal(params)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to marshal params")
 	}
 
 	// TODO NOW: use local /kots bin if:
@@ -70,97 +104,58 @@ func Start(params types.UpgradeServiceParams) (finalError error) {
 	// TODO NOW: uncomment this
 	// kotsBin, err := kotsutil.DownloadKOTSBinary(request.KOTSVersion)
 	// if err != nil {
-	// 	return errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
+	// 	return nil, errors.Wrapf(err, "failed to download kots binary version %s", kotsVersion)
 	// }
 
+	// TODO NOW: use target binary
 	kotsBin := kotsutil.GetKOTSBinPath()
 
-	cmd := exec.Command(
-		// TODO NOW: use target binary
-		kotsBin,
-		"upgrade-service",
-		"start",
-		paramsFile.Name(),
-	)
-
+	cmd := exec.Command(kotsBin, "upgrade-service", "start", "-")
+	cmd.Stdin = strings.NewReader(string(paramsYAML))
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-
 	if err := cmd.Start(); err != nil {
-		return errors.Wrap(err, "failed to start")
+		return nil, errors.Wrap(err, "failed to start")
 	}
 
-	addUpgradeService(params.AppSlug, UpgradeService{
-		process:      cmd.Process,
-		processState: cmd.ProcessState,
-		port:         params.Port,
-	})
+	// calling wait helps populate the process state and reap the zombie process
+	go cmd.Wait()
 
-	// TODO NOW: what's a good timeout here, specially for airgap?
-	// bootsrapping can take a while to pull and render the archive
-	if err := waitForReady(params.AppSlug, time.Minute*2); err != nil {
-		return errors.Wrap(err, "failed to wait for upgrade service to become ready")
+	// create a new service
+	newSvc := &UpgradeService{
+		cmd:  cmd,
+		port: params.Port,
 	}
+	upgradeServiceMap[params.AppSlug] = newSvc
 
-	return nil
+	return newSvc, nil
 }
 
-// Proxy proxies the request to the app's upgrade service.
-func Proxy(w http.ResponseWriter, r *http.Request) {
-	appSlug := mux.Vars(r)["appSlug"]
-	if appSlug == "" {
-		logger.Error(errors.New("upgrade service requires app slug in path"))
-		w.WriteHeader(http.StatusBadRequest)
+func (s *UpgradeService) stop() {
+	if !s.isRunning() {
 		return
 	}
-
-	upgradeService, ok := getUpgradeService(appSlug)
-	if !ok {
-		logger.Error(errors.Errorf("upgrade service is not running for app %s", appSlug))
-		w.WriteHeader(http.StatusServiceUnavailable)
-		return
+	logger.Infof("Stopping upgrade service on port %s", s.port)
+	if err := s.cmd.Process.Signal(os.Interrupt); err != nil {
+		logger.Errorf("Failed to stop upgrade service on port %s: %v", s.port, err)
 	}
-
-	remote, err := url.Parse(fmt.Sprintf("http://localhost:%s", upgradeService.port))
-	if err != nil {
-		logger.Error(errors.Wrap(err, "failed to parse upgrade service url"))
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	proxy := httputil.NewSingleHostReverseProxy(remote)
-	proxy.ServeHTTP(w, r)
 }
 
-// stop stops the upgrade service for the given app.
-func stop(appSlug string) {
-	upgradeService, ok := getUpgradeService(appSlug)
-	if !ok {
-		return
-	}
-	if upgradeService.process != nil {
-		if err := upgradeService.process.Signal(os.Interrupt); err != nil {
-			logger.Errorf("failed to stop upgrade service process for %s on port %s", appSlug, upgradeService.port)
-		}
-	}
-	removeUpgradeService(appSlug)
+func (s *UpgradeService) isRunning() bool {
+	return s != nil && s.cmd != nil && s.cmd.ProcessState == nil
 }
 
-func waitForReady(appSlug string, timeout time.Duration) error {
-	start := time.Now()
+func (s *UpgradeService) waitForReady(appSlug string) error {
 	var lasterr error
 	for {
-		upgradeService, ok := getUpgradeService(appSlug)
-		if !ok {
-			return errors.Errorf("upgrade service was stopped. last error: %v", lasterr)
+		time.Sleep(time.Second)
+		if s == nil || s.cmd == nil {
+			return errors.New("upgrade service not found")
 		}
-		if upgradeService.processState != nil && upgradeService.processState.Exited() {
-			return errors.Errorf("upgrade service process exited. last error: %v", lasterr)
+		if s.cmd.ProcessState != nil {
+			return errors.Errorf("upgrade service terminated. last error: %v", lasterr)
 		}
-		if time.Sleep(time.Second); time.Since(start) > timeout {
-			return errors.Errorf("Timeout waiting for upgrade service to become ready on port %s. last error: %v", upgradeService.port, lasterr)
-		}
-		request, err := http.NewRequest("GET", fmt.Sprintf("http://localhost:%s/api/v1/upgrade-service/app/%s/ping", upgradeService.port, appSlug), nil)
+		request, err := http.NewRequest("GET", fmt.Sprintf("http://localhost:%s/api/v1/upgrade-service/app/%s/ping", s.port, appSlug), nil)
 		if err != nil {
 			lasterr = errors.Wrap(err, "failed to create request")
 			continue
@@ -177,22 +172,3 @@ func waitForReady(appSlug string, timeout time.Duration) error {
 		return nil
 	}
 }
-
-func addUpgradeService(appSlug string, upgradeService UpgradeService) {
-	upgradeServiceMtx.Lock()
-	upgradeServiceMap[appSlug] = upgradeService
-	upgradeServiceMtx.Unlock()
-}
-
-func removeUpgradeService(appSlug string) {
-	upgradeServiceMtx.Lock()
-	delete(upgradeServiceMap, appSlug)
-	upgradeServiceMtx.Unlock()
-}
-
-func getUpgradeService(appSlug string) (UpgradeService, bool) {
-	upgradeServiceMtx.Lock()
-	upgradeService, ok := upgradeServiceMap[appSlug]
-	upgradeServiceMtx.Unlock()
-	return upgradeService, ok
-}

From 5b969227c70ac76f4d11d4614597ecf44ff72bf2 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 18:13:19 +0000
Subject: [PATCH 21/33] required releases

---
 cmd/kots/cli/upgrade-service.go               |   1 +
 pkg/handlers/config.go                        |  39 ++++++
 pkg/handlers/license.go                       |   5 +-
 pkg/handlers/update.go                        |   6 +-
 pkg/store/store.go                            |   6 +-
 pkg/updatechecker/types/types.go              |  37 +++++
 pkg/updatechecker/updatechecker.go            |  99 ++++++-------
 pkg/updatechecker/updatechecker_test.go       | 130 ++++++++++++++----
 web/src/Root.tsx                              |   6 +
 web/src/components/apps/AppVersionHistory.tsx |   3 +
 .../AppConfig/components/AppConfig.tsx        |  21 ++-
 .../AppVersionHistoryRow.tsx                  |  17 ++-
 12 files changed, 289 insertions(+), 81 deletions(-)
 create mode 100644 pkg/updatechecker/types/types.go

diff --git a/cmd/kots/cli/upgrade-service.go b/cmd/kots/cli/upgrade-service.go
index fa0a2f4ae8..f0ea172f65 100644
--- a/cmd/kots/cli/upgrade-service.go
+++ b/cmd/kots/cli/upgrade-service.go
@@ -33,6 +33,7 @@ func UpgradeServiceStartCmd() *cobra.Command {
 		SilenceErrors: false,
 		PreRun: func(cmd *cobra.Command, args []string) {
 			viper.BindPFlags(cmd.Flags())
+			os.Setenv("IS_UPGRADE_SERVICE", "true")
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if len(args) != 1 {
diff --git a/pkg/handlers/config.go b/pkg/handlers/config.go
index 32bfa7c857..b064b18d04 100644
--- a/pkg/handlers/config.go
+++ b/pkg/handlers/config.go
@@ -156,6 +156,21 @@ func (h *Handler) UpdateAppConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	isEditable, err := isVersionConfigEditable(foundApp, updateAppConfigRequest.Sequence)
+	if err != nil {
+		updateAppConfigResponse.Error = "failed to check if version is editable"
+		logger.Error(errors.Wrap(err, updateAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, updateAppConfigResponse)
+		return
+	}
+
+	if !isEditable {
+		updateAppConfigResponse.Error = "this version cannot be edited"
+		logger.Error(errors.Wrap(err, updateAppConfigResponse.Error))
+		JSON(w, http.StatusForbidden, updateAppConfigResponse)
+		return
+	}
+
 	validationErrors, err := configvalidation.ValidateConfigSpec(kotsv1beta1.ConfigSpec{Groups: updateAppConfigRequest.ConfigGroups})
 	if err != nil {
 		updateAppConfigResponse.Error = "failed to validate config spec."
@@ -532,6 +547,30 @@ func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 	JSON(w, http.StatusOK, currentAppConfigResponse)
 }
 
+func isVersionConfigEditable(app *apptypes.App, sequence int64) (bool, error) {
+	if !util.IsEmbeddedCluster() {
+		return true, nil
+	}
+	// in embedded cluster, past versions cannot be edited
+	downstreams, err := store.GetStore().ListDownstreamsForApp(app.ID)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to list downstreams for app")
+	}
+	if len(downstreams) == 0 {
+		return false, errors.New("no downstreams found for app")
+	}
+	versions, err := store.GetStore().GetDownstreamVersions(app.ID, downstreams[0].ClusterID, true)
+	if err != nil {
+		return false, errors.Wrap(err, "failed to get downstream versions")
+	}
+	for _, v := range versions.PastVersions {
+		if v.Sequence == sequence {
+			return false, nil
+		}
+	}
+	return true, nil
+}
+
 func shouldCreateNewAppVersion(archiveDir string, appID string, sequence int64) (bool, error) {
 	// Updates are allowed for any version that does not have base rendered.
 	if _, err := os.Stat(filepath.Join(archiveDir, "base")); err != nil {
diff --git a/pkg/handlers/license.go b/pkg/handlers/license.go
index 8e2a4289db..af3ef995f6 100644
--- a/pkg/handlers/license.go
+++ b/pkg/handlers/license.go
@@ -24,6 +24,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/replicatedapp"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
+	updatecheckertypes "github.com/replicatedhq/kots/pkg/updatechecker/types"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	serializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
@@ -145,7 +146,7 @@ func (h *Handler) SyncLicense(w http.ResponseWriter, r *http.Request) {
 	if !foundApp.IsAirgap && currentLicense.Spec.ChannelID != latestLicense.Spec.ChannelID {
 		// channel changed and this is an online installation, fetch the latest release for the new channel
 		go func(appID string) {
-			opts := updatechecker.CheckForUpdatesOpts{
+			opts := updatecheckertypes.CheckForUpdatesOpts{
 				AppID: appID,
 			}
 			_, err := updatechecker.CheckForUpdates(opts)
@@ -630,7 +631,7 @@ func (h *Handler) ChangeLicense(w http.ResponseWriter, r *http.Request) {
 	if !foundApp.IsAirgap && currentLicense.Spec.ChannelID != newLicense.Spec.ChannelID {
 		// channel changed and this is an online installation, fetch the latest release for the new channel
 		go func(appID string) {
-			opts := updatechecker.CheckForUpdatesOpts{
+			opts := updatecheckertypes.CheckForUpdatesOpts{
 				AppID: appID,
 			}
 			_, err := updatechecker.CheckForUpdates(opts)
diff --git a/pkg/handlers/update.go b/pkg/handlers/update.go
index 414e5a7759..85aa963c51 100644
--- a/pkg/handlers/update.go
+++ b/pkg/handlers/update.go
@@ -15,7 +15,6 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/kots/pkg/airgap"
-	downstreamtypes "github.com/replicatedhq/kots/pkg/api/downstream/types"
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/kotsadm"
 	license "github.com/replicatedhq/kots/pkg/kotsadmlicense"
@@ -25,6 +24,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/tasks"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
+	updatecheckertypes "github.com/replicatedhq/kots/pkg/updatechecker/types"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 )
@@ -65,7 +65,7 @@ func (h *Handler) AppUpdateCheck(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if contentType == "application/json" {
-		opts := updatechecker.CheckForUpdatesOpts{
+		opts := updatecheckertypes.CheckForUpdatesOpts{
 			AppID:                  app.GetID(),
 			DeployLatest:           deploy,
 			DeployVersionLabel:     deployVersionLabel,
@@ -211,7 +211,7 @@ func (h *Handler) AppUpdateCheck(w http.ResponseWriter, r *http.Request) {
 
 type AvailableUpdatesResponse struct {
 	Success bool                                 `json:"success"`
-	Updates []*downstreamtypes.DownstreamVersion `json:"updates,omitempty"`
+	Updates []updatecheckertypes.AvailableUpdate `json:"updates,omitempty"`
 }
 
 func (h *Handler) GetAvailableUpdates(w http.ResponseWriter, r *http.Request) {
diff --git a/pkg/store/store.go b/pkg/store/store.go
index 409eb32e97..a0c1f9f425 100644
--- a/pkg/store/store.go
+++ b/pkg/store/store.go
@@ -1,6 +1,8 @@
 package store
 
 import (
+	"os"
+
 	"github.com/replicatedhq/kots/pkg/store/kotsstore"
 )
 
@@ -12,11 +14,13 @@ var (
 var _ Store = (*kotsstore.KOTSStore)(nil)
 
 func GetStore() Store {
+	if os.Getenv("IS_UPGRADE_SERVICE") == "true" {
+		panic("store should not be used in the upgrade service")
+	}
 	if !hasStore {
 		globalStore = storeFromEnv()
 		hasStore = true
 	}
-
 	return globalStore
 }
 
diff --git a/pkg/updatechecker/types/types.go b/pkg/updatechecker/types/types.go
new file mode 100644
index 0000000000..b1f9563e97
--- /dev/null
+++ b/pkg/updatechecker/types/types.go
@@ -0,0 +1,37 @@
+package types
+
+import "time"
+
+type CheckForUpdatesOpts struct {
+	AppID                  string
+	DeployLatest           bool
+	DeployVersionLabel     string
+	IsAutomatic            bool
+	SkipPreflights         bool
+	SkipCompatibilityCheck bool
+	IsCLI                  bool
+	Wait                   bool
+}
+
+type UpdateCheckResponse struct {
+	AvailableUpdates  int64
+	CurrentRelease    *UpdateCheckRelease
+	AvailableReleases []UpdateCheckRelease
+	DeployingRelease  *UpdateCheckRelease
+}
+
+type UpdateCheckRelease struct {
+	Sequence int64
+	Version  string
+}
+
+type AvailableUpdate struct {
+	VersionLabel       string     `json:"versionLabel"`
+	UpdateCursor       string     `json:"updateCursor"`
+	ChannelID          string     `json:"channelId,omitempty"`
+	IsRequired         bool       `json:"isRequired"`
+	UpstreamReleasedAt *time.Time `json:"upstreamReleasedAt,omitempty"`
+	ReleaseNotes       string     `json:"releaseNotes,omitempty"`
+	IsDeployable       bool       `json:"isDeployable,omitempty"`
+	NonDeployableCause string     `json:"nonDeployableCause,omitempty"`
+}
diff --git a/pkg/updatechecker/updatechecker.go b/pkg/updatechecker/updatechecker.go
index 1897d8c3be..c958facb7f 100644
--- a/pkg/updatechecker/updatechecker.go
+++ b/pkg/updatechecker/updatechecker.go
@@ -3,6 +3,7 @@ package updatechecker
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"sync"
 	"time"
 
@@ -15,13 +16,14 @@ import (
 	upstream "github.com/replicatedhq/kots/pkg/kotsadmupstream"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/preflight"
-	"github.com/replicatedhq/kots/pkg/preflight/types"
+	preflighttypes "github.com/replicatedhq/kots/pkg/preflight/types"
 	kotspull "github.com/replicatedhq/kots/pkg/pull"
 	"github.com/replicatedhq/kots/pkg/reporting"
 	kotssemver "github.com/replicatedhq/kots/pkg/semver"
 	storepkg "github.com/replicatedhq/kots/pkg/store"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/tasks"
+	"github.com/replicatedhq/kots/pkg/updatechecker/types"
 	upstreampkg "github.com/replicatedhq/kots/pkg/upstream"
 	upstreamtypes "github.com/replicatedhq/kots/pkg/upstream/types"
 	"github.com/replicatedhq/kots/pkg/util"
@@ -114,7 +116,7 @@ func Configure(a *apptypes.App, updateCheckerSpec string) error {
 	_, err := job.AddFunc(cronSpec, func() {
 		logger.Debug("checking updates for app", zap.String("slug", jobAppSlug))
 
-		opts := CheckForUpdatesOpts{
+		opts := types.CheckForUpdatesOpts{
 			AppID:       jobAppID,
 			IsAutomatic: true,
 		}
@@ -156,35 +158,12 @@ func Stop(appID string) {
 	}
 }
 
-type CheckForUpdatesOpts struct {
-	AppID                  string
-	DeployLatest           bool
-	DeployVersionLabel     string
-	IsAutomatic            bool
-	SkipPreflights         bool
-	SkipCompatibilityCheck bool
-	IsCLI                  bool
-	Wait                   bool
-}
-
-type UpdateCheckResponse struct {
-	AvailableUpdates  int64
-	CurrentRelease    *UpdateCheckRelease
-	AvailableReleases []UpdateCheckRelease
-	DeployingRelease  *UpdateCheckRelease
-}
-
-type UpdateCheckRelease struct {
-	Sequence int64
-	Version  string
-}
-
 // CheckForUpdates checks, downloads, and makes sure the desired version for a specific app is deployed.
 // if "DeployLatest" is set to true, the latest version will be deployed.
 // otherwise, if "DeployVersionLabel" is set to true, then the version with the corresponding version label will be deployed (if found).
 // otherwise, if "IsAutomatic" is set to true (which means it's an automatic update check), then the version that matches the auto deploy configuration (if enabled) will be deployed.
 // returns the number of available updates.
-func CheckForUpdates(opts CheckForUpdatesOpts) (ucr *UpdateCheckResponse, finalError error) {
+func CheckForUpdates(opts types.CheckForUpdatesOpts) (ucr *types.UpdateCheckResponse, finalError error) {
 	currentStatus, _, err := tasks.GetTaskStatus("update-download")
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get task status")
@@ -218,7 +197,7 @@ func CheckForUpdates(opts CheckForUpdatesOpts) (ucr *UpdateCheckResponse, finalE
 	return
 }
 
-func checkForKotsAppUpdates(opts CheckForUpdatesOpts, finishedChan chan<- error) (*UpdateCheckResponse, error) {
+func checkForKotsAppUpdates(opts types.CheckForUpdatesOpts, finishedChan chan<- error) (*types.UpdateCheckResponse, error) {
 	a, err := store.GetApp(opts.AppID)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get app")
@@ -278,24 +257,24 @@ func checkForKotsAppUpdates(opts CheckForUpdatesOpts, finishedChan chan<- error)
 
 	filteredUpdates := removeOldUpdates(updates.Updates, appVersions, latestLicense.Spec.IsSemverRequired)
 
-	var availableReleases []UpdateCheckRelease
+	var availableReleases []types.UpdateCheckRelease
 	availableSequence := appVersions.AllVersions[0].Sequence + 1
 	for _, u := range filteredUpdates {
-		availableReleases = append(availableReleases, UpdateCheckRelease{
+		availableReleases = append(availableReleases, types.UpdateCheckRelease{
 			Sequence: availableSequence,
 			Version:  u.VersionLabel,
 		})
 		availableSequence++
 	}
 
-	ucr := UpdateCheckResponse{
+	ucr := types.UpdateCheckResponse{
 		AvailableUpdates:  int64(len(filteredUpdates)),
 		AvailableReleases: availableReleases,
 		DeployingRelease:  getVersionToDeploy(opts, d.ClusterID, availableReleases),
 	}
 
 	if appVersions.CurrentVersion != nil {
-		ucr.CurrentRelease = &UpdateCheckRelease{
+		ucr.CurrentRelease = &types.UpdateCheckRelease{
 			Sequence: appVersions.CurrentVersion.Sequence,
 			Version:  appVersions.CurrentVersion.VersionLabel,
 		}
@@ -335,7 +314,7 @@ func checkForKotsAppUpdates(opts CheckForUpdatesOpts, finishedChan chan<- error)
 	return &ucr, nil
 }
 
-func downloadAppUpdates(opts CheckForUpdatesOpts, appID string, clusterID string, updates []upstreamtypes.Update, updateCheckTime time.Time) error {
+func downloadAppUpdates(opts types.CheckForUpdatesOpts, appID string, clusterID string, updates []upstreamtypes.Update, updateCheckTime time.Time) error {
 	for index, update := range updates {
 		appSequence, err := upstream.DownloadUpdate(appID, update, opts.SkipPreflights, opts.SkipCompatibilityCheck)
 		if appSequence != nil {
@@ -363,7 +342,7 @@ func downloadAppUpdates(opts CheckForUpdatesOpts, appID string, clusterID string
 	return nil
 }
 
-func ensureDesiredVersionIsDeployed(opts CheckForUpdatesOpts, clusterID string) error {
+func ensureDesiredVersionIsDeployed(opts types.CheckForUpdatesOpts, clusterID string) error {
 	if opts.DeployLatest {
 		if err := deployLatestVersion(opts, clusterID); err != nil {
 			return errors.Wrap(err, "failed to deploy latest version")
@@ -392,7 +371,7 @@ func ensureDesiredVersionIsDeployed(opts CheckForUpdatesOpts, clusterID string)
 	return nil
 }
 
-func getVersionToDeploy(opts CheckForUpdatesOpts, clusterID string, availableReleases []UpdateCheckRelease) *UpdateCheckRelease {
+func getVersionToDeploy(opts types.CheckForUpdatesOpts, clusterID string, availableReleases []types.UpdateCheckRelease) *types.UpdateCheckRelease {
 	appVersions, err := store.GetDownstreamVersions(opts.AppID, clusterID, true)
 	if err != nil {
 		return nil
@@ -407,7 +386,7 @@ func getVersionToDeploy(opts CheckForUpdatesOpts, clusterID string, availableRel
 	}
 
 	if opts.DeployLatest && appVersions.AllVersions[0].Sequence != appVersions.CurrentVersion.Sequence {
-		return &UpdateCheckRelease{
+		return &types.UpdateCheckRelease{
 			Sequence: appVersions.AllVersions[0].Sequence,
 			Version:  appVersions.AllVersions[0].VersionLabel,
 		}
@@ -423,7 +402,7 @@ func getVersionToDeploy(opts CheckForUpdatesOpts, clusterID string, availableRel
 		}
 
 		if versionToDeploy != nil && versionToDeploy.Sequence != appVersions.CurrentVersion.Sequence {
-			return &UpdateCheckRelease{
+			return &types.UpdateCheckRelease{
 				Sequence: versionToDeploy.Sequence,
 				Version:  versionToDeploy.VersionLabel,
 			}
@@ -435,7 +414,7 @@ func getVersionToDeploy(opts CheckForUpdatesOpts, clusterID string, availableRel
 	return nil
 }
 
-func deployLatestVersion(opts CheckForUpdatesOpts, clusterID string) error {
+func deployLatestVersion(opts types.CheckForUpdatesOpts, clusterID string) error {
 	appVersions, err := store.GetDownstreamVersions(opts.AppID, clusterID, true)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get app versions for app %s", opts.AppID)
@@ -452,7 +431,7 @@ func deployLatestVersion(opts CheckForUpdatesOpts, clusterID string) error {
 	return nil
 }
 
-func deployVersionLabel(opts CheckForUpdatesOpts, clusterID string, versionLabel string) error {
+func deployVersionLabel(opts types.CheckForUpdatesOpts, clusterID string, versionLabel string) error {
 	appVersions, err := store.GetDownstreamVersions(opts.AppID, clusterID, true)
 	if err != nil {
 		return errors.Wrapf(err, "failed to get app versions for app %s", opts.AppID)
@@ -481,7 +460,7 @@ func deployVersionLabel(opts CheckForUpdatesOpts, clusterID string, versionLabel
 	return nil
 }
 
-func autoDeploy(opts CheckForUpdatesOpts, clusterID string, autoDeploy apptypes.AutoDeploy) error {
+func autoDeploy(opts types.CheckForUpdatesOpts, clusterID string, autoDeploy apptypes.AutoDeploy) error {
 	if autoDeploy == "" || autoDeploy == apptypes.AutoDeployDisabled {
 		return nil
 	}
@@ -591,7 +570,7 @@ func waitForPreflightsToFinish(appID string, sequence int64) error {
 		return errors.New("failed to find a preflight spec")
 	}
 
-	var preflightResults *types.PreflightResults
+	var preflightResults *preflighttypes.PreflightResults
 	if err = json.Unmarshal([]byte(preflightResult.Result), &preflightResults); err != nil {
 		return errors.Wrap(err, "failed to parse preflight results")
 	}
@@ -604,7 +583,7 @@ func waitForPreflightsToFinish(appID string, sequence int64) error {
 	return nil
 }
 
-func deployVersion(opts CheckForUpdatesOpts, clusterID string, appVersions *downstreamtypes.DownstreamVersions, versionToDeploy *downstreamtypes.DownstreamVersion) error {
+func deployVersion(opts types.CheckForUpdatesOpts, clusterID string, appVersions *downstreamtypes.DownstreamVersions, versionToDeploy *downstreamtypes.DownstreamVersion) error {
 	if appVersions.CurrentVersion != nil {
 		isPastVersion := false
 		for _, p := range appVersions.PastVersions {
@@ -731,7 +710,7 @@ func removeOldUpdates(updates []upstreamtypes.Update, appVersions *downstreamtyp
 	return fileteredUpdates
 }
 
-func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *kotsv1beta1.License) ([]*downstreamtypes.DownstreamVersion, error) {
+func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *kotsv1beta1.License) ([]types.AvailableUpdate, error) {
 	updateCursor, err := kotsStore.GetCurrentUpdateCursor(app.ID, license.Spec.ChannelID)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get current update cursor")
@@ -753,18 +732,46 @@ func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *k
 		return nil, errors.Wrap(err, "failed to get updates")
 	}
 
-	availableVersions := []*downstreamtypes.DownstreamVersion{}
+	availableUpdates := []types.AvailableUpdate{}
 	for _, u := range updates.Updates {
-		availableVersions = append(availableVersions, &downstreamtypes.DownstreamVersion{
+		deployable, cause := isUpdateDeployable(updates.Updates, u)
+		availableUpdates = append(availableUpdates, types.AvailableUpdate{
 			VersionLabel:       u.VersionLabel,
 			UpdateCursor:       u.Cursor,
 			ChannelID:          u.ChannelID,
 			IsRequired:         u.IsRequired,
-			Status:             storetypes.VersionPendingDownload,
 			UpstreamReleasedAt: u.ReleasedAt,
 			ReleaseNotes:       u.ReleaseNotes,
+			IsDeployable:       deployable,
+			NonDeployableCause: cause,
 		})
 	}
 
-	return availableVersions, nil
+	return availableUpdates, nil
+}
+
+// TODO NOW: only allow editing current config for EC
+func isUpdateDeployable(updates []upstreamtypes.Update, u upstreamtypes.Update) (bool, string) {
+	// iterate over updates in reverse since they are sorted in descending order
+	requiredUpdates := []upstreamtypes.Update{}
+	for i := len(updates) - 1; i >= 0; i-- {
+		if updates[i].Cursor == u.Cursor {
+			break
+		}
+		if updates[i].IsRequired {
+			requiredUpdates = append(requiredUpdates, updates[i])
+		}
+	}
+	if len(requiredUpdates) > 0 {
+		versionLabels := []string{}
+		for _, v := range requiredUpdates {
+			versionLabels = append([]string{v.VersionLabel}, versionLabels...)
+		}
+		versionLabelsStr := strings.Join(versionLabels, ", ")
+		if len(requiredUpdates) == 1 {
+			return false, fmt.Sprintf("This version cannot be deployed because version %s is required and must be deployed first.", versionLabelsStr)
+		}
+		return false, fmt.Sprintf("This version cannot be deployed because versions %s are required and must be deployed first.", versionLabelsStr)
+	}
+	return true, ""
 }
diff --git a/pkg/updatechecker/updatechecker_test.go b/pkg/updatechecker/updatechecker_test.go
index bfaa32a4c2..c5faaab24e 100644
--- a/pkg/updatechecker/updatechecker_test.go
+++ b/pkg/updatechecker/updatechecker_test.go
@@ -18,15 +18,17 @@ import (
 	storepkg "github.com/replicatedhq/kots/pkg/store"
 	mock_store "github.com/replicatedhq/kots/pkg/store/mock"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
+	"github.com/replicatedhq/kots/pkg/updatechecker/types"
 	"github.com/replicatedhq/kots/pkg/upstream"
 	upstreamtypes "github.com/replicatedhq/kots/pkg/upstream/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestAutoDeployDoesNotExecuteIfDisabled(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeployDisabled
-	var opts = CheckForUpdatesOpts{}
+	var opts = types.CheckForUpdatesOpts{}
 
 	err := autoDeploy(opts, "cluster-id", autoDeployType)
 	if err != nil {
@@ -35,7 +37,7 @@ func TestAutoDeployDoesNotExecuteIfDisabled(t *testing.T) {
 }
 
 func TestAutoDeployDoesNotExecuteIfNotSet(t *testing.T) {
-	var opts = CheckForUpdatesOpts{}
+	var opts = types.CheckForUpdatesOpts{}
 	var clusterID = "some-cluster-id"
 
 	err := autoDeploy(opts, clusterID, "")
@@ -48,7 +50,7 @@ func TestAutoDeployFailedToGetAppVersionsErrors(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{}
 
 	ctrl := gomock.NewController(t)
@@ -71,7 +73,7 @@ func TestAutoDeployAppVersionsIsEmptyErrors(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		AllVersions: []*downstreamtypes.DownstreamVersion{},
 	}
@@ -93,7 +95,7 @@ func TestAutoDeployCurrentVersionIsNilDoesNothing(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: nil,
 		AllVersions: []*downstreamtypes.DownstreamVersion{
@@ -118,7 +120,7 @@ func TestAutoDeployCurrentVersionSemverIsNilDoesNothing(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: nil,
@@ -147,7 +149,7 @@ func TestAutoDeploySequenceQuitsIfCurrentVersionSequenceIsGreaterThanOrEqualToMo
 	var clusterID = "some-cluster-id"
 	var currentSequence = int64(1)
 	var upgradeSequence = int64(1)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver:   &semver.Version{},
@@ -177,7 +179,7 @@ func TestAutoDeploySequenceDeploysSequenceUpgradeIfCurrentVersionLessThanMostRec
 	var autoDeployType = apptypes.AutoDeploySequence
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var currentCursor = cursor.MustParse("1")
 	var upgradeCursor = cursor.MustParse("2")
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
@@ -211,7 +213,7 @@ func TestAutoDeploySequenceDoesNotDeployIfCurrentVersionIsSameUpstream(t *testin
 	var autoDeployType = apptypes.AutoDeploySequence
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var currentCursor = cursor.MustParse("2")
 	var upgradeCursor = cursor.MustParse("2")
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
@@ -244,7 +246,7 @@ func TestAutoDeploySemverRequiredAllVersionsIndexIsNil(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{},
@@ -270,7 +272,7 @@ func TestAutoDeploySemverRequiredAllVersionsHasNilSemver(t *testing.T) {
 	var autoDeployType = apptypes.AutoDeploySemverPatch
 	var appID = "some-app"
 	var clusterID = "some-cluster-id"
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{},
@@ -303,7 +305,7 @@ func TestAutoDeploySemverRequiredNoNewVersionToDeploy(t *testing.T) {
 	var major = uint64(1)
 	var minor = uint64(2)
 	var patch = uint64(1)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -343,7 +345,7 @@ func TestAutoDeploySemverRequiredPatchUpdateMajorsDontMatch(t *testing.T) {
 	var clusterID = "some-cluster-id"
 	var currentMajor = uint64(1)
 	var updateMajor = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -380,7 +382,7 @@ func TestAutoDeploySemverRequiredPatchUpdateMajorsMatchMinorsDontMatch(t *testin
 	var major = uint64(1)
 	var currentMinor = uint64(2)
 	var updateMinor = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -421,7 +423,7 @@ func TestAutoDeploySemverRequiredPatchUpdateMajorsMatchMinorsMatchWillUpgrade(t
 	var minor = uint64(2)
 	var currentPatch = uint64(1)
 	var upgradePatch = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -463,7 +465,7 @@ func TestAutoDeploySemverRequiredMinorUpdateMajorsDontMatch(t *testing.T) {
 	var sequence = int64(0)
 	var currentMajor = uint64(1)
 	var upgradeMajor = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -502,7 +504,7 @@ func TestAutoDeploySemverRequiredMinorUpdateMajorsMatchWillUpgrade(t *testing.T)
 	var major = uint64(1)
 	var currentMinor = uint64(1)
 	var upgradeMinor = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -542,7 +544,7 @@ func TestAutoDeploySemverRequiredMajorUpdateWillUpgrade(t *testing.T) {
 	var sequence = int64(0)
 	var currentMajor = uint64(1)
 	var upgradeMajor = uint64(2)
-	var opts = CheckForUpdatesOpts{AppID: appID}
+	var opts = types.CheckForUpdatesOpts{AppID: appID}
 	var downstreamVersions = &downstreamtypes.DownstreamVersions{
 		CurrentVersion: &downstreamtypes.DownstreamVersion{
 			Semver: &semver.Version{
@@ -942,7 +944,7 @@ func TestGetAvailableUpdates(t *testing.T) {
 		args            args
 		channelReleases []upstream.ChannelRelease
 		setup           func(t *testing.T, args args, mockServerEndpoint string)
-		want            []*downstreamtypes.DownstreamVersion
+		want            []types.AvailableUpdate
 		wantErr         bool
 	}{
 		{
@@ -967,7 +969,7 @@ func TestGetAvailableUpdates(t *testing.T) {
 				args.license.Spec.Endpoint = licenseEndpoint
 				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
 			},
-			want:    []*downstreamtypes.DownstreamVersion{},
+			want:    []types.AvailableUpdate{},
 			wantErr: false,
 		},
 		{
@@ -999,7 +1001,7 @@ func TestGetAvailableUpdates(t *testing.T) {
 					ChannelSequence: 1,
 					ReleaseSequence: 1,
 					VersionLabel:    "0.0.1",
-					IsRequired:      false,
+					IsRequired:      true,
 					CreatedAt:       testTime.Format(time.RFC3339),
 					ReleaseNotes:    "release notes",
 				},
@@ -1009,24 +1011,25 @@ func TestGetAvailableUpdates(t *testing.T) {
 				args.license.Spec.Endpoint = licenseEndpoint
 				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
 			},
-			want: []*downstreamtypes.DownstreamVersion{
+			want: []types.AvailableUpdate{
 				{
 					VersionLabel:       "0.0.2",
 					UpdateCursor:       "2",
 					ChannelID:          "channel-id",
 					IsRequired:         false,
-					Status:             storetypes.VersionPendingDownload,
 					UpstreamReleasedAt: &testTime,
 					ReleaseNotes:       "release notes",
+					IsDeployable:       false,
+					NonDeployableCause: "This version cannot be deployed because version 0.0.1 is required and must be deployed first.",
 				},
 				{
 					VersionLabel:       "0.0.1",
 					UpdateCursor:       "1",
 					ChannelID:          "channel-id",
-					IsRequired:         false,
-					Status:             storetypes.VersionPendingDownload,
+					IsRequired:         true,
 					UpstreamReleasedAt: &testTime,
 					ReleaseNotes:       "release notes",
+					IsDeployable:       true,
 				},
 			},
 			wantErr: false,
@@ -1053,7 +1056,7 @@ func TestGetAvailableUpdates(t *testing.T) {
 				args.license.Spec.Endpoint = licenseEndpoint
 				mockStore.EXPECT().GetCurrentUpdateCursor(args.app.ID, args.license.Spec.ChannelID).Return("1", nil)
 			},
-			want:    []*downstreamtypes.DownstreamVersion{},
+			want:    []types.AvailableUpdate{},
 			wantErr: true,
 		},
 	}
@@ -1090,3 +1093,78 @@ func newMockServerWithReleases(channelReleases []upstream.ChannelRelease, wantEr
 		}
 	}))
 }
+func TestIsUpdateDeployable(t *testing.T) {
+	tests := []struct {
+		name      string
+		updates   []upstreamtypes.Update
+		u         upstreamtypes.Update
+		want      bool
+		wantCause string
+	}{
+		{
+			name: "one update",
+			updates: []upstreamtypes.Update{
+				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			},
+			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			want:      true,
+			wantCause: "",
+		},
+		{
+			name: "no required updates",
+			updates: []upstreamtypes.Update{
+				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
+				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: false},
+				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
+			},
+			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			want:      true,
+			wantCause: "",
+		},
+		{
+			name: "no required releases before it",
+			updates: []upstreamtypes.Update{
+				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: true},
+				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: false},
+				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
+			},
+			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			want:      true,
+			wantCause: "",
+		},
+		{
+			name: "one required release before it",
+			updates: []upstreamtypes.Update{
+				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
+				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: true},
+				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
+			},
+			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			want:      false,
+			wantCause: "This version cannot be deployed because version 1.0.2 is required and must be deployed first.",
+		},
+		{
+			name: "two required releases before it",
+			updates: []upstreamtypes.Update{
+				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
+				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: true},
+				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: true},
+			},
+			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
+			want:      false,
+			wantCause: "This version cannot be deployed because versions 1.0.2, 1.0.1 are required and must be deployed first.",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, msg := isUpdateDeployable(tt.updates, tt.u)
+			assert.Equal(t, tt.want, result)
+			assert.Equal(t, tt.wantCause, msg)
+		})
+	}
+}
diff --git a/web/src/Root.tsx b/web/src/Root.tsx
index e12d861cf3..bff5cd495e 100644
--- a/web/src/Root.tsx
+++ b/web/src/Root.tsx
@@ -490,6 +490,9 @@ const Root = () => {
                   <AppConfig
                     fromLicenseFlow={true}
                     refetchAppsList={getAppsList}
+                    isEmbeddedCluster={
+                      state.adminConsoleMetadata?.isEmbeddedCluster
+                    }
                   />
                 }
               />
@@ -755,6 +758,9 @@ const Root = () => {
                     <AppConfig
                       fromLicenseFlow={false}
                       refetchAppsList={getAppsList}
+                      isEmbeddedCluster={
+                        state.adminConsoleMetadata?.isEmbeddedCluster
+                      }
                     />
                   }
                 />
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index e9730ab89d..e9f8884fac 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -1483,6 +1483,9 @@ class AppVersionHistory extends Component<Props, State> {
         <AppVersionHistoryRow
           navigate={this.props.navigate}
           adminConsoleMetadata={this.props.outletContext.adminConsoleMetadata}
+          isEmbeddedCluster={
+            this.props.outletContext.isEmbeddedCluster
+          }
           deployVersion={this.deployVersion}
           downloadVersion={this.downloadVersion}
           gitopsEnabled={gitopsIsConnected}
diff --git a/web/src/features/AppConfig/components/AppConfig.tsx b/web/src/features/AppConfig/components/AppConfig.tsx
index 3e21b0ef67..6e9b5cff3a 100644
--- a/web/src/features/AppConfig/components/AppConfig.tsx
+++ b/web/src/features/AppConfig/components/AppConfig.tsx
@@ -25,6 +25,7 @@ type Props = {
   params: KotsParams;
   app: App;
   fromLicenseFlow: boolean;
+  isEmbeddedCluster: boolean;
   refreshAppData: () => void;
   refetchApps: () => void;
   navigate: ReturnType<typeof useNavigate>;
@@ -604,6 +605,21 @@ class AppConfig extends Component<Props, State> {
     this.setState({ showNextStepModal: false });
   };
 
+  isConfigReadOnly = (app: App) => {
+    const { params, isEmbeddedCluster } = this.props;
+    if (!params.sequence) {
+      return false;
+    }
+    if (!isEmbeddedCluster) {
+      return false;
+    }
+    // in embedded cluster, past versions cannot be edited
+    const isPastVersion = find(app.downstream?.pastVersions, {
+      sequence: parseInt(params.sequence),
+    });
+    return !!isPastVersion;
+  };
+
   toggleActiveGroups = (name: string) => {
     let groupsArr = this.state.activeGroups;
     if (groupsArr.includes(name)) {
@@ -812,6 +828,7 @@ class AppConfig extends Component<Props, State> {
                   <AppConfigRenderer
                     groups={configGroups}
                     getData={this.handleConfigChange}
+                    readonly={this.isConfigReadOnly(app)}
                     configSequence={params.sequence}
                     appSlug={app.slug}
                   />
@@ -832,7 +849,9 @@ class AppConfig extends Component<Props, State> {
                       <button
                         className="btn primary blue"
                         disabled={
-                          showValidationError || (!changed && !fromLicenseFlow)
+                          showValidationError ||
+                          (!changed && !fromLicenseFlow) ||
+                          this.isConfigReadOnly(app)
                         }
                         onClick={this.handleSave}
                       >
diff --git a/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx b/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
index 5676676545..f40827f26c 100644
--- a/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
+++ b/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
@@ -18,6 +18,7 @@ import PreflightIcon from "@features/App/PreflightIcon";
 
 interface Props {
   adminConsoleMetadata: Metadata;
+  isEmbeddedCluster: boolean;
   deployVersion: (version: Version) => void;
   downloadVersion: (version: Version) => void;
   gitopsEnabled: boolean;
@@ -234,6 +235,15 @@ function AppVersionHistoryRow(props: Props) {
       (isPastVersion || isCurrentVersion || isPendingDeployedVersion) &&
       version?.status !== "pending";
 
+    // in embedded cluster, past versions cannot be edited
+    const editableConfig = !props.isEmbeddedCluster || !isPastVersion;
+    let configTooltip;
+    if (editableConfig) {
+      configTooltip = "Edit config";
+    } else {
+      configTooltip = "View config";
+    }
+
     const preflightState = getPreflightState(version);
 
     const configScreenURL = `/app/${selectedApp?.slug}/config/${version.sequence}`;
@@ -351,8 +361,11 @@ function AppVersionHistoryRow(props: Props) {
         </div>
         {version.hasConfig && (
           <div className="flex alignItems--center">
-            <Link to={configScreenURL} data-tip="Edit config">
-              <Icon icon="edit-config" size={22} />
+            <Link to={configScreenURL} data-tip={configTooltip}>
+              <Icon
+                icon={editableConfig ? "edit-config" : "view-config"}
+                size={22}
+              />
             </Link>
             <ReactTooltip effect="solid" className="replicated-tooltip" />
           </div>

From a42e73af5763b65b66374260f681b68e15750020 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 18:17:14 +0000
Subject: [PATCH 22/33] remove comment

---
 pkg/updatechecker/updatechecker.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/updatechecker/updatechecker.go b/pkg/updatechecker/updatechecker.go
index c958facb7f..454060e716 100644
--- a/pkg/updatechecker/updatechecker.go
+++ b/pkg/updatechecker/updatechecker.go
@@ -750,7 +750,6 @@ func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *k
 	return availableUpdates, nil
 }
 
-// TODO NOW: only allow editing current config for EC
 func isUpdateDeployable(updates []upstreamtypes.Update, u upstreamtypes.Update) (bool, string) {
 	// iterate over updates in reverse since they are sorted in descending order
 	requiredUpdates := []upstreamtypes.Update{}

From b3a8bac8f7056d8b56f3534e1c558c4d1330d55d Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 18:23:36 +0000
Subject: [PATCH 23/33] make it more readable

---
 .../AppVersionHistory/AppVersionHistoryRow.tsx         | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx b/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
index f40827f26c..4a7d69e245 100644
--- a/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
+++ b/web/src/features/AppVersionHistory/AppVersionHistoryRow.tsx
@@ -236,12 +236,12 @@ function AppVersionHistoryRow(props: Props) {
       version?.status !== "pending";
 
     // in embedded cluster, past versions cannot be edited
-    const editableConfig = !props.isEmbeddedCluster || !isPastVersion;
+    const isConfigReadOnly = props.isEmbeddedCluster && isPastVersion;
     let configTooltip;
-    if (editableConfig) {
-      configTooltip = "Edit config";
-    } else {
+    if (isConfigReadOnly) {
       configTooltip = "View config";
+    } else {
+      configTooltip = "Edit config";
     }
 
     const preflightState = getPreflightState(version);
@@ -363,7 +363,7 @@ function AppVersionHistoryRow(props: Props) {
           <div className="flex alignItems--center">
             <Link to={configScreenURL} data-tip={configTooltip}>
               <Icon
-                icon={editableConfig ? "edit-config" : "view-config"}
+                icon={isConfigReadOnly ? "view-config" : "edit-config"}
                 size={22}
               />
             </Link>

From 811cef94a4aae314e61734d2d5ac069b2a64ba40 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 18:37:07 +0000
Subject: [PATCH 24/33] remove comment

---
 pkg/store/store_interface.go | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index e08c7441d3..146571ba90 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -23,14 +23,6 @@ import (
 	usertypes "github.com/replicatedhq/kots/pkg/user/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	troubleshootredact "github.com/replicatedhq/troubleshoot/pkg/redact"
-	// this is to prevent the "upgradeservice" package from importing the store.
-	// any store related information should be passed to the upgradeservice as:
-	// - start-upgrade-service cli command flags
-	// - files in the filesystem via the shared pod volumes
-	// - environment variables
-	// TODO NOW: use a tool to enforce this?
-	// TODO NOW: resolve cycle dependencies and uncomment this
-	// _ "github.com/replicatedhq/kots/pkg/upgradeservice"
 )
 
 type Store interface {

From 604ccc39d068aaeb7c2a5a7194a17e9b5420adbd Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 19:35:34 +0000
Subject: [PATCH 25/33] remove comments

---
 web/src/components/upgrade_service/AppConfig.tsx | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/web/src/components/upgrade_service/AppConfig.tsx b/web/src/components/upgrade_service/AppConfig.tsx
index 5ba296bbb6..d58d3fb9e2 100644
--- a/web/src/components/upgrade_service/AppConfig.tsx
+++ b/web/src/components/upgrade_service/AppConfig.tsx
@@ -109,22 +109,12 @@ class AppConfig extends Component<Props, State> {
   }
 
   componentDidMount() {
-    // TODO NOW: what to do here?
-    // const { app, navigate } = this.props;
-    // if (app && !app.isConfigurable) {
-    //   // app not configurable - redirect
-    //   navigate(`/app/${app.slug}`, { replace: true });
-    // }
     window.addEventListener("resize", this.determineSidebarHeight);
     this.getConfig();
   }
 
   componentDidUpdate(lastProps: Props, lastState: State) {
     const { location } = this.props;
-    // if (app && !app.isConfigurable) {
-    // app not configurable - redirect
-    // TODO NOW: what to do here?
-    // }
     if (
       this.state.configGroups &&
       this.state.configGroups !== lastState.configGroups

From 28b553e5b651398e7d365d7ceb8a40ce1bbc68c1 Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Fri, 14 Jun 2024 20:29:00 +0000
Subject: [PATCH 26/33] enforce required releases in api

---
 pkg/handlers/handlers.go                |  1 -
 pkg/handlers/upgrade_service.go         | 33 +++++++++++++++++++++++--
 pkg/updatechecker/updatechecker.go      |  6 ++---
 pkg/updatechecker/updatechecker_test.go | 32 ++++++++++++------------
 4 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/pkg/handlers/handlers.go b/pkg/handlers/handlers.go
index a28de6def7..ade31dc8af 100644
--- a/pkg/handlers/handlers.go
+++ b/pkg/handlers/handlers.go
@@ -319,7 +319,6 @@ func RegisterSessionAuthRoutes(r *mux.Router, kotsStore store.Store, handler KOT
 	r.Name("ChangePassword").Path("/api/v1/password/change").Methods("PUT").
 		HandlerFunc(middleware.EnforceAccess(policy.PasswordChange, handler.ChangePassword))
 
-	// TODO NOW: when to stop this upgrade service?
 	// Start upgrade service
 	r.Name("StartUpgradeService").Path("/api/v1/app/{appSlug}/start-upgrade-service").Methods("POST").
 		HandlerFunc(middleware.EnforceAccess(policy.AppUpdate, handler.StartUpgradeService))
diff --git a/pkg/handlers/upgrade_service.go b/pkg/handlers/upgrade_service.go
index d82fdb0415..0c7c02abba 100644
--- a/pkg/handlers/upgrade_service.go
+++ b/pkg/handlers/upgrade_service.go
@@ -6,9 +6,11 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
+	"github.com/replicatedhq/kots/pkg/updatechecker"
 	"github.com/replicatedhq/kots/pkg/upgradeservice"
 	upgradeservicetypes "github.com/replicatedhq/kots/pkg/upgradeservice/types"
 )
@@ -29,8 +31,6 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		Success: false,
 	}
 
-	// TODO NOW: required releases
-
 	request := StartUpgradeServiceRequest{}
 	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
 		response.Error = "failed to decode request body"
@@ -49,6 +49,35 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	license, err := kotsutil.LoadLicenseFromBytes([]byte(foundApp.License))
+	if err != nil {
+		response.Error = "failed to parse app license"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	updates, err := updatechecker.GetAvailableUpdates(store.GetStore(), foundApp, license)
+	if err != nil {
+		response.Error = "failed to get available updates"
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	isDeployable, nonDeployableCause := false, "update not found"
+	for _, u := range updates {
+		if u.UpdateCursor == request.UpdateCursor {
+			isDeployable, nonDeployableCause = u.IsDeployable, u.NonDeployableCause
+			break
+		}
+	}
+	if !isDeployable {
+		response.Error = nonDeployableCause
+		JSON(w, http.StatusBadRequest, response)
+		return
+	}
+
 	registrySettings, err := store.GetStore().GetRegistryDetailsForApp(foundApp.ID)
 	if err != nil {
 		response.Error = "failed to get registry details for app"
diff --git a/pkg/updatechecker/updatechecker.go b/pkg/updatechecker/updatechecker.go
index 454060e716..aa916b697c 100644
--- a/pkg/updatechecker/updatechecker.go
+++ b/pkg/updatechecker/updatechecker.go
@@ -734,7 +734,7 @@ func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *k
 
 	availableUpdates := []types.AvailableUpdate{}
 	for _, u := range updates.Updates {
-		deployable, cause := isUpdateDeployable(updates.Updates, u)
+		deployable, cause := isUpdateDeployable(u.Cursor, updates.Updates)
 		availableUpdates = append(availableUpdates, types.AvailableUpdate{
 			VersionLabel:       u.VersionLabel,
 			UpdateCursor:       u.Cursor,
@@ -750,11 +750,11 @@ func GetAvailableUpdates(kotsStore storepkg.Store, app *apptypes.App, license *k
 	return availableUpdates, nil
 }
 
-func isUpdateDeployable(updates []upstreamtypes.Update, u upstreamtypes.Update) (bool, string) {
+func isUpdateDeployable(updateCursor string, updates []upstreamtypes.Update) (bool, string) {
 	// iterate over updates in reverse since they are sorted in descending order
 	requiredUpdates := []upstreamtypes.Update{}
 	for i := len(updates) - 1; i >= 0; i-- {
-		if updates[i].Cursor == u.Cursor {
+		if updates[i].Cursor == updateCursor {
 			break
 		}
 		if updates[i].IsRequired {
diff --git a/pkg/updatechecker/updatechecker_test.go b/pkg/updatechecker/updatechecker_test.go
index c5faaab24e..9950abbd6b 100644
--- a/pkg/updatechecker/updatechecker_test.go
+++ b/pkg/updatechecker/updatechecker_test.go
@@ -1095,66 +1095,66 @@ func newMockServerWithReleases(channelReleases []upstream.ChannelRelease, wantEr
 }
 func TestIsUpdateDeployable(t *testing.T) {
 	tests := []struct {
-		name      string
-		updates   []upstreamtypes.Update
-		u         upstreamtypes.Update
-		want      bool
-		wantCause string
+		name         string
+		updateCursor string
+		updates      []upstreamtypes.Update
+		want         bool
+		wantCause    string
 	}{
 		{
-			name: "one update",
+			name:         "one update",
+			updateCursor: "3",
 			updates: []upstreamtypes.Update{
 				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			},
-			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			want:      true,
 			wantCause: "",
 		},
 		{
-			name: "no required updates",
+			name:         "no required updates",
+			updateCursor: "3",
 			updates: []upstreamtypes.Update{
 				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
 				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: false},
 				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
 			},
-			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			want:      true,
 			wantCause: "",
 		},
 		{
-			name: "no required releases before it",
+			name:         "no required releases before it",
+			updateCursor: "3",
 			updates: []upstreamtypes.Update{
 				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: true},
 				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: false},
 				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
 			},
-			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			want:      true,
 			wantCause: "",
 		},
 		{
-			name: "one required release before it",
+			name:         "one required release before it",
+			updateCursor: "3",
 			updates: []upstreamtypes.Update{
 				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
 				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: true},
 				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: false},
 			},
-			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			want:      false,
 			wantCause: "This version cannot be deployed because version 1.0.2 is required and must be deployed first.",
 		},
 		{
-			name: "two required releases before it",
+			name:         "two required releases before it",
+			updateCursor: "3",
 			updates: []upstreamtypes.Update{
 				{VersionLabel: "1.0.4", Cursor: "4", IsRequired: false},
 				{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 				{VersionLabel: "1.0.2", Cursor: "2", IsRequired: true},
 				{VersionLabel: "1.0.1", Cursor: "1", IsRequired: true},
 			},
-			u:         upstreamtypes.Update{VersionLabel: "1.0.3", Cursor: "3", IsRequired: false},
 			want:      false,
 			wantCause: "This version cannot be deployed because versions 1.0.2, 1.0.1 are required and must be deployed first.",
 		},
@@ -1162,7 +1162,7 @@ func TestIsUpdateDeployable(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result, msg := isUpdateDeployable(tt.updates, tt.u)
+			result, msg := isUpdateDeployable(tt.updateCursor, tt.updates)
 			assert.Equal(t, tt.want, result)
 			assert.Equal(t, tt.wantCause, msg)
 		})

From b4deb576da3743df23027b5e9297b7915bef55bd Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Fri, 14 Jun 2024 17:08:27 -0400
Subject: [PATCH 27/33] save config api for upgrade service (#4681)

* save config api for upgrade service

* update setProgress and setResults

* remove TODO

* Update pkg/upgradeservice/preflight/preflight.go

Co-authored-by: Salah Al Saleh <sg.alsaleh@gmail.com>

* clean up result and progress funcs

* remove run error from setResult func

---------

Co-authored-by: Salah Al Saleh <sg.alsaleh@gmail.com>
---
 pkg/handlers/config.go                    |  28 +--
 pkg/handlers/identity.go                  |   2 +
 pkg/handlers/upload.go                    |   2 +
 pkg/kotsadmconfig/config.go               |  75 ++++++
 pkg/kotsadmlicense/license.go             |   7 +-
 pkg/preflight/execute.go                  |  65 ++---
 pkg/preflight/preflight.go                |  55 ++++-
 pkg/render/render.go                      |   3 +-
 pkg/render/types/interface.go             |   2 +
 pkg/reporting/app_online.go               |  14 +-
 pkg/rewrite/rewrite.go                    |   5 -
 pkg/store/kotsstore/license_store.go      |   8 +-
 pkg/store/kotsstore/version_store.go      |  20 --
 pkg/store/mock/mock.go                    | 277 ++++++++++------------
 pkg/store/store_interface.go              |   4 +-
 pkg/tests/renderdir/renderdir_test.go     |   8 -
 pkg/upgradeservice/handlers/config.go     | 166 +++++++++++++
 pkg/upgradeservice/handlers/handlers.go   |   1 +
 pkg/upgradeservice/handlers/interface.go  |   1 +
 pkg/upgradeservice/preflight/preflight.go | 197 +++++++++++++++
 20 files changed, 669 insertions(+), 271 deletions(-)
 create mode 100644 pkg/upgradeservice/preflight/preflight.go

diff --git a/pkg/handlers/config.go b/pkg/handlers/config.go
index b064b18d04..2938247c98 100644
--- a/pkg/handlers/config.go
+++ b/pkg/handlers/config.go
@@ -28,6 +28,7 @@ import (
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
 	"github.com/replicatedhq/kots/pkg/render"
 	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/template"
@@ -650,7 +651,7 @@ func updateAppConfig(updateApp *apptypes.App, sequence int64, configGroups []kot
 		return updateAppConfigResponse, err
 	}
 
-	requiredItems, requiredItemsTitles := getMissingRequiredConfig(configGroups)
+	requiredItems, requiredItemsTitles := kotsadmconfig.GetMissingRequiredConfig(configGroups)
 
 	// not having all the required items is only a failure for the version that the user intended to edit
 	if len(requiredItems) > 0 && isPrimaryVersion {
@@ -663,7 +664,7 @@ func updateAppConfig(updateApp *apptypes.App, sequence int64, configGroups []kot
 	// so we don't need the complex logic in kots, we can just write
 	if kotsKinds.ConfigValues != nil {
 		values := kotsKinds.ConfigValues.Spec.Values
-		kotsKinds.ConfigValues.Spec.Values = updateAppConfigValues(values, configGroups)
+		kotsKinds.ConfigValues.Spec.Values = kotsadmconfig.UpdateAppConfigValues(values, configGroups)
 
 		configValuesSpec, err := kotsKinds.Marshal("kots.io", "v1beta1", "ConfigValues")
 		if err != nil {
@@ -736,6 +737,7 @@ func updateAppConfig(updateApp *apptypes.App, sequence int64, configGroups []kot
 		Downstreams:      downstreams,
 		RegistrySettings: registrySettings,
 		Sequence:         renderSequence,
+		ReportingInfo:    reporting.GetReportingInfo(app.ID),
 	})
 	if err != nil {
 		cause := errors.Cause(err)
@@ -800,28 +802,6 @@ func updateAppConfig(updateApp *apptypes.App, sequence int64, configGroups []kot
 	return updateAppConfigResponse, nil
 }
 
-func getMissingRequiredConfig(configGroups []kotsv1beta1.ConfigGroup) ([]string, []string) {
-	requiredItems := make([]string, 0, 0)
-	requiredItemsTitles := make([]string, 0, 0)
-	for _, group := range configGroups {
-		if group.When == "false" {
-			continue
-		}
-		for _, item := range group.Items {
-			if kotsadmconfig.IsRequiredItem(item) && kotsadmconfig.IsUnsetItem(item) {
-				requiredItems = append(requiredItems, item.Name)
-				if item.Title != "" {
-					requiredItemsTitles = append(requiredItemsTitles, item.Title)
-				} else {
-					requiredItemsTitles = append(requiredItemsTitles, item.Name)
-				}
-			}
-		}
-	}
-
-	return requiredItems, requiredItemsTitles
-}
-
 func updateAppConfigValues(values map[string]kotsv1beta1.ConfigValue, configGroups []kotsv1beta1.ConfigGroup) map[string]kotsv1beta1.ConfigValue {
 	for _, group := range configGroups {
 		for _, item := range group.Items {
diff --git a/pkg/handlers/identity.go b/pkg/handlers/identity.go
index a309ba3aa8..a1eec9f571 100644
--- a/pkg/handlers/identity.go
+++ b/pkg/handlers/identity.go
@@ -25,6 +25,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/rbac"
 	"github.com/replicatedhq/kots/pkg/render"
 	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/util"
 	"github.com/replicatedhq/kots/pkg/version"
@@ -461,6 +462,7 @@ func (h *Handler) ConfigureAppIdentityService(w http.ResponseWriter, r *http.Req
 		Downstreams:      downstreams,
 		RegistrySettings: registrySettings,
 		Sequence:         nextAppSequence,
+		ReportingInfo:    reporting.GetReportingInfo(a.ID),
 	})
 	if err != nil {
 		err = errors.Wrap(err, "failed to render archive directory")
diff --git a/pkg/handlers/upload.go b/pkg/handlers/upload.go
index fcd2a14ba9..2f0dd5ba21 100644
--- a/pkg/handlers/upload.go
+++ b/pkg/handlers/upload.go
@@ -16,6 +16,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/preflight"
 	"github.com/replicatedhq/kots/pkg/render"
 	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	storetypes "github.com/replicatedhq/kots/pkg/store/types"
 	"github.com/replicatedhq/kots/pkg/util"
@@ -165,6 +166,7 @@ func (h *Handler) UploadExistingApp(w http.ResponseWriter, r *http.Request) {
 		Downstreams:      downstreams,
 		RegistrySettings: registrySettings,
 		Sequence:         nextAppSequence,
+		ReportingInfo:    reporting.GetReportingInfo(a.ID),
 	})
 	if err != nil {
 		cause := errors.Cause(err)
diff --git a/pkg/kotsadmconfig/config.go b/pkg/kotsadmconfig/config.go
index e887f5cb19..3b335ffa38 100644
--- a/pkg/kotsadmconfig/config.go
+++ b/pkg/kotsadmconfig/config.go
@@ -2,10 +2,14 @@ package kotsadmconfig
 
 import (
 	"context"
+	"encoding/base64"
+	"fmt"
 	"os"
+	"strconv"
 
 	"github.com/pkg/errors"
 	kotsconfig "github.com/replicatedhq/kots/pkg/config"
+	"github.com/replicatedhq/kots/pkg/crypto"
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
@@ -13,6 +17,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/template"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
+	"github.com/replicatedhq/kotskinds/multitype"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -91,6 +96,76 @@ func NeedsConfiguration(appSlug string, sequence int64, isAirgap bool, kotsKinds
 	return false, nil
 }
 
+func GetMissingRequiredConfig(configGroups []kotsv1beta1.ConfigGroup) ([]string, []string) {
+	requiredItems := make([]string, 0, 0)
+	requiredItemsTitles := make([]string, 0, 0)
+	for _, group := range configGroups {
+		if group.When == "false" {
+			continue
+		}
+		for _, item := range group.Items {
+			if IsRequiredItem(item) && IsUnsetItem(item) {
+				requiredItems = append(requiredItems, item.Name)
+				if item.Title != "" {
+					requiredItemsTitles = append(requiredItemsTitles, item.Title)
+				} else {
+					requiredItemsTitles = append(requiredItemsTitles, item.Name)
+				}
+			}
+		}
+	}
+
+	return requiredItems, requiredItemsTitles
+}
+
+func UpdateAppConfigValues(values map[string]kotsv1beta1.ConfigValue, configGroups []kotsv1beta1.ConfigGroup) map[string]kotsv1beta1.ConfigValue {
+	for _, group := range configGroups {
+		for _, item := range group.Items {
+			if item.Type == "file" {
+				v := values[item.Name]
+				v.Filename = item.Filename
+				values[item.Name] = v
+			}
+			if item.Value.Type == multitype.Bool {
+				updatedValue := item.Value.BoolVal
+				v := values[item.Name]
+				v.Value = strconv.FormatBool(updatedValue)
+				values[item.Name] = v
+			} else if item.Value.Type == multitype.String {
+				updatedValue := item.Value.String()
+				if item.Type == "password" {
+					// encrypt using the key
+					// if the decryption succeeds, don't encrypt again
+					_, err := util.DecryptConfigValue(updatedValue)
+					if err != nil {
+						updatedValue = base64.StdEncoding.EncodeToString(crypto.Encrypt([]byte(updatedValue)))
+					}
+				}
+
+				v := values[item.Name]
+				v.Value = updatedValue
+				values[item.Name] = v
+			}
+			for _, repeatableValues := range item.ValuesByGroup {
+				// clear out all variadic values for this group first
+				for name, value := range values {
+					if value.RepeatableItem == item.Name {
+						delete(values, name)
+					}
+				}
+				// add variadic groups back in declaratively
+				for itemName, valueItem := range repeatableValues {
+					v := values[itemName]
+					v.Value = fmt.Sprintf("%v", valueItem)
+					v.RepeatableItem = item.Name
+					values[itemName] = v
+				}
+			}
+		}
+	}
+	return values
+}
+
 func ReadConfigValuesFromInClusterSecret() (string, error) {
 	log := logger.NewCLILogger(os.Stdout)
 
diff --git a/pkg/kotsadmlicense/license.go b/pkg/kotsadmlicense/license.go
index 79a41f3314..c5cf7581bb 100644
--- a/pkg/kotsadmlicense/license.go
+++ b/pkg/kotsadmlicense/license.go
@@ -12,6 +12,7 @@ import (
 	"github.com/replicatedhq/kots/pkg/preflight"
 	"github.com/replicatedhq/kots/pkg/render"
 	"github.com/replicatedhq/kots/pkg/replicatedapp"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/version"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
@@ -84,7 +85,8 @@ func Sync(a *apptypes.App, licenseString string, failOnVersionCreate bool) (*kot
 		if updatedLicense.Spec.ChannelID != currentLicense.Spec.ChannelID {
 			channelChanged = true
 		}
-		newSequence, err := store.GetStore().UpdateAppLicense(a.ID, latestSequence, archiveDir, updatedLicense, licenseString, channelChanged, failOnVersionCreate, &version.DownstreamGitOps{}, &render.Renderer{})
+		reportingInfo := reporting.GetReportingInfo(a.ID)
+		newSequence, err := store.GetStore().UpdateAppLicense(a.ID, latestSequence, archiveDir, updatedLicense, licenseString, channelChanged, failOnVersionCreate, &version.DownstreamGitOps{}, &render.Renderer{}, reportingInfo)
 		if err != nil {
 			return nil, false, errors.Wrap(err, "failed to update license")
 		}
@@ -190,7 +192,8 @@ func Change(a *apptypes.App, newLicenseString string) (*kotsv1beta1.License, err
 	if newLicense.Spec.ChannelID != currentLicense.Spec.ChannelID {
 		channelChanged = true
 	}
-	newSequence, err := store.GetStore().UpdateAppLicense(a.ID, latestSequence, archiveDir, newLicense, newLicenseString, channelChanged, true, &version.DownstreamGitOps{}, &render.Renderer{})
+	reportingInfo := reporting.GetReportingInfo(a.ID)
+	newSequence, err := store.GetStore().UpdateAppLicense(a.ID, latestSequence, archiveDir, newLicense, newLicenseString, channelChanged, true, &version.DownstreamGitOps{}, &render.Renderer{}, reportingInfo)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to update license")
 	}
diff --git a/pkg/preflight/execute.go b/pkg/preflight/execute.go
index 4b73d70648..e54132945d 100644
--- a/pkg/preflight/execute.go
+++ b/pkg/preflight/execute.go
@@ -1,7 +1,6 @@
 package preflight
 
 import (
-	"encoding/json"
 	"strings"
 	"sync"
 	"time"
@@ -10,45 +9,16 @@ import (
 	"github.com/replicatedhq/kots/pkg/k8sutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/preflight/types"
-	"github.com/replicatedhq/kots/pkg/store"
 	troubleshootanalyze "github.com/replicatedhq/troubleshoot/pkg/analyze"
 	troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
 	troubleshootcollect "github.com/replicatedhq/troubleshoot/pkg/collect"
 	"github.com/replicatedhq/troubleshoot/pkg/preflight"
 	troubleshootpreflight "github.com/replicatedhq/troubleshoot/pkg/preflight"
-	"go.uber.org/zap"
 )
 
-func setPreflightResult(appID string, sequence int64, preflightResults *types.PreflightResults, preflightRunError error) error {
-	if preflightRunError != nil {
-		if preflightResults.Errors == nil {
-			preflightResults.Errors = []*types.PreflightError{}
-		}
-		preflightResults.Errors = append(preflightResults.Errors, &types.PreflightError{
-			Error:  preflightRunError.Error(),
-			IsRBAC: false,
-		})
-	}
-
-	b, err := json.Marshal(preflightResults)
-	if err != nil {
-		return errors.Wrap(err, "failed to marshal preflight results")
-	}
-
-	if err := store.GetStore().SetPreflightResults(appID, sequence, b); err != nil {
-		return errors.Wrap(err, "failed to set preflight results")
-	}
-
-	return nil
-}
-
-// execute will execute the preflights using spec in preflightSpec.
+// Execute will Execute the preflights using spec in preflightSpec.
 // This spec should be rendered, no template functions remaining
-func execute(appID string, sequence int64, preflightSpec *troubleshootv1beta2.Preflight, ignorePermissionErrors bool) (*types.PreflightResults, error) {
-	logger.Info("executing preflight checks",
-		zap.String("appID", appID),
-		zap.Int64("sequence", sequence))
-
+func Execute(preflightSpec *troubleshootv1beta2.Preflight, ignorePermissionErrors bool, setProgress func(progress map[string]interface{}) error, setResults func(results *types.PreflightResults) error) (*types.PreflightResults, error) {
 	progressChan := make(chan interface{}, 0) // non-zero buffer will result in missed messages
 	defer close(progressChan)
 
@@ -73,26 +43,25 @@ func execute(appID string, sequence int64, preflightSpec *troubleshootv1beta2.Pr
 				}
 			}
 
-			progress, ok := msg.(preflight.CollectProgress)
+			collectProgress, ok := msg.(preflight.CollectProgress)
 			if !ok {
 				continue
 			}
 
 			// TODO: We need a nice title to display
-			progressBytes, err := json.Marshal(map[string]interface{}{
-				"completedCount": progress.CompletedCount,
-				"totalCount":     progress.TotalCount,
-				"currentName":    progress.CurrentName,
-				"currentStatus":  progress.CurrentStatus,
+			progress := map[string]interface{}{
+				"completedCount": collectProgress.CompletedCount,
+				"totalCount":     collectProgress.TotalCount,
+				"currentName":    collectProgress.CurrentName,
+				"currentStatus":  collectProgress.CurrentStatus,
 				"updatedAt":      time.Now().Format(time.RFC3339),
-			})
-			if err != nil {
-				continue
 			}
 
 			completeMx.Lock()
 			if !isComplete {
-				_ = store.GetStore().SetPreflightProgress(appID, sequence, string(progressBytes))
+				if err := setProgress(progress); err != nil {
+					logger.Error(errors.Wrap(err, "failed to set preflight progress"))
+				}
 			}
 			completeMx.Unlock()
 		}
@@ -104,7 +73,17 @@ func execute(appID string, sequence int64, preflightSpec *troubleshootv1beta2.Pr
 		defer completeMx.Unlock()
 
 		isComplete = true
-		if err := setPreflightResult(appID, sequence, uploadPreflightResults, preflightRunError); err != nil {
+
+		if preflightRunError != nil {
+			if uploadPreflightResults.Errors == nil {
+				uploadPreflightResults.Errors = []*types.PreflightError{}
+			}
+			uploadPreflightResults.Errors = append(uploadPreflightResults.Errors, &types.PreflightError{
+				Error:  preflightRunError.Error(),
+				IsRBAC: false,
+			})
+		}
+		if err := setResults(uploadPreflightResults); err != nil {
 			logger.Error(errors.Wrap(err, "failed to set preflight results"))
 			return
 		}
diff --git a/pkg/preflight/preflight.go b/pkg/preflight/preflight.go
index d32e69a03c..54650628c1 100644
--- a/pkg/preflight/preflight.go
+++ b/pkg/preflight/preflight.go
@@ -3,6 +3,7 @@ package preflight
 import (
 	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -90,7 +91,7 @@ func Run(appID string, appSlug string, sequence int64, isAirgap bool, archiveDir
 			preflight = troubleshootpreflight.ConcatPreflightSpec(preflight, &v)
 		}
 
-		injectDefaultPreflights(preflight, kotsKinds, registrySettings)
+		InjectDefaultPreflights(preflight, kotsKinds, registrySettings)
 
 		numAnalyzers := 0
 		for _, analyzer := range preflight.Spec.Analyzers {
@@ -125,7 +126,7 @@ func Run(appID string, appSlug string, sequence int64, isAirgap bool, archiveDir
 			return errors.Wrap(err, "failed to load rendered preflight")
 		}
 
-		injectDefaultPreflights(preflight, kotsKinds, registrySettings)
+		InjectDefaultPreflights(preflight, kotsKinds, registrySettings)
 
 		numAnalyzers := 0
 		for _, analyzer := range preflight.Spec.Analyzers {
@@ -141,8 +142,15 @@ func Run(appID string, appSlug string, sequence int64, isAirgap bool, archiveDir
 		var preflightErr error
 		defer func() {
 			if preflightErr != nil {
-				err := setPreflightResult(appID, sequence, &types.PreflightResults{}, preflightErr)
-				if err != nil {
+				preflightResults := &types.PreflightResults{
+					Errors: []*types.PreflightError{
+						&types.PreflightError{
+							Error:  preflightErr.Error(),
+							IsRBAC: false,
+						},
+					},
+				}
+				if err := setPreflightResults(appID, sequence, preflightResults); err != nil {
 					logger.Error(errors.Wrap(err, "failed to set preflight results"))
 					return
 				}
@@ -170,8 +178,17 @@ func Run(appID string, appSlug string, sequence int64, isAirgap bool, archiveDir
 		preflight.Spec.Collectors = collectors
 
 		go func() {
-			logger.Info("preflight checks beginning")
-			uploadPreflightResults, err := execute(appID, sequence, preflight, ignoreRBAC)
+			logger.Info("preflight checks beginning",
+				zap.String("appID", appID),
+				zap.Int64("sequence", sequence))
+
+			setProgress := func(progress map[string]interface{}) error {
+				return setPreflightProgress(appID, sequence, progress)
+			}
+			setResults := func(results *types.PreflightResults) error {
+				return setPreflightResults(appID, sequence, results)
+			}
+			uploadPreflightResults, err := Execute(preflight, ignoreRBAC, setProgress, setResults)
 			if err != nil {
 				logger.Error(errors.Wrap(err, "failed to run preflight checks"))
 				return
@@ -239,6 +256,28 @@ func Run(appID string, appSlug string, sequence int64, isAirgap bool, archiveDir
 	return nil
 }
 
+func setPreflightProgress(appID string, sequence int64, progress map[string]interface{}) error {
+	b, err := json.Marshal(progress)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal preflight progress")
+	}
+	if err := store.GetStore().SetPreflightProgress(appID, sequence, string(b)); err != nil {
+		return errors.Wrap(err, "failed to set preflight progress")
+	}
+	return nil
+}
+
+func setPreflightResults(appID string, sequence int64, preflightResults *types.PreflightResults) error {
+	b, err := json.Marshal(preflightResults)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal preflight results")
+	}
+	if err := store.GetStore().SetPreflightResults(appID, sequence, b); err != nil {
+		return errors.Wrap(err, "failed to set preflight results")
+	}
+	return nil
+}
+
 // GetPreflightCheckState returns the state of a single preflight check result
 func GetPreflightCheckState(p *troubleshootpreflight.UploadPreflightResult) string {
 	if p == nil {
@@ -371,7 +410,7 @@ func CreateRenderedSpec(app *apptypes.App, sequence int64, origin string, inClus
 		return errors.Wrap(err, "failed to get registry settings for app")
 	}
 
-	injectDefaultPreflights(builtPreflight, kotsKinds, registrySettings)
+	InjectDefaultPreflights(builtPreflight, kotsKinds, registrySettings)
 
 	collectors, err := registry.UpdateCollectorSpecsWithRegistryData(builtPreflight.Spec.Collectors, registrySettings, kotsKinds.Installation, kotsKinds.License, &kotsKinds.KotsApplication)
 	if err != nil {
@@ -448,7 +487,7 @@ func CreateRenderedSpec(app *apptypes.App, sequence int64, origin string, inClus
 	return nil
 }
 
-func injectDefaultPreflights(preflight *troubleshootv1beta2.Preflight, kotskinds *kotsutil.KotsKinds, registrySettings registrytypes.RegistrySettings) {
+func InjectDefaultPreflights(preflight *troubleshootv1beta2.Preflight, kotskinds *kotsutil.KotsKinds, registrySettings registrytypes.RegistrySettings) {
 	if registrySettings.IsValid() && registrySettings.IsReadOnly {
 		// Get images from Installation.KnownImages, see UpdateCollectorSpecsWithRegistryData
 		images := []string{}
diff --git a/pkg/render/render.go b/pkg/render/render.go
index d63e10ae14..a5bb8cc3d4 100644
--- a/pkg/render/render.go
+++ b/pkg/render/render.go
@@ -10,7 +10,6 @@ import (
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
 	types "github.com/replicatedhq/kots/pkg/render/types"
-	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/rewrite"
 	"github.com/replicatedhq/kots/pkg/template"
 	"github.com/replicatedhq/kots/pkg/util"
@@ -145,7 +144,7 @@ func RenderDir(opts types.RenderDirOptions) error {
 		AppSlug:          opts.App.Slug,
 		IsGitOps:         opts.App.IsGitOps,
 		AppSequence:      opts.Sequence,
-		ReportingInfo:    reporting.GetReportingInfo(opts.App.ID),
+		ReportingInfo:    opts.ReportingInfo,
 		RegistrySettings: opts.RegistrySettings,
 
 		// TODO: pass in as arguments if this is ever called from CLI
diff --git a/pkg/render/types/interface.go b/pkg/render/types/interface.go
index 8bc5d85808..a56ce9fb99 100644
--- a/pkg/render/types/interface.go
+++ b/pkg/render/types/interface.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	downstreamtypes "github.com/replicatedhq/kots/pkg/api/downstream/types"
+	reportingtypes "github.com/replicatedhq/kots/pkg/api/reporting/types"
 	apptypes "github.com/replicatedhq/kots/pkg/app/types"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
@@ -23,6 +24,7 @@ type RenderDirOptions struct {
 	Downstreams      []downstreamtypes.Downstream
 	RegistrySettings registrytypes.RegistrySettings
 	Sequence         int64
+	ReportingInfo    *reportingtypes.ReportingInfo
 }
 
 type Renderer interface {
diff --git a/pkg/reporting/app_online.go b/pkg/reporting/app_online.go
index 32b40bfb66..0686edac25 100644
--- a/pkg/reporting/app_online.go
+++ b/pkg/reporting/app_online.go
@@ -8,8 +8,10 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/api/reporting/types"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/util"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 )
 
 var onlineAppInfoMtx sync.Mutex
@@ -35,11 +37,20 @@ func (r *OnlineReporter) SubmitAppInfo(appID string) error {
 		return errors.Wrap(err, "failed to get license for app")
 	}
 
+	reportingInfo := GetReportingInfo(a.ID)
+
+	if err := SendOnlineAppInfo(license, reportingInfo); err != nil {
+		return errors.Wrap(err, "failed to send online app info")
+	}
+
+	return nil
+}
+
+func SendOnlineAppInfo(license *kotsv1beta1.License, reportingInfo *types.ReportingInfo) error {
 	endpoint := license.Spec.Endpoint
 	if !canReport(endpoint) {
 		return nil
 	}
-
 	url := fmt.Sprintf("%s/kots_metrics/license_instance/info", endpoint)
 
 	postReq, err := util.NewRequest("POST", url, nil)
@@ -49,7 +60,6 @@ func (r *OnlineReporter) SubmitAppInfo(appID string) error {
 	postReq.Header.Set("Authorization", fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", license.Spec.LicenseID, license.Spec.LicenseID)))))
 	postReq.Header.Set("Content-Type", "application/json")
 
-	reportingInfo := GetReportingInfo(a.ID)
 	InjectReportingInfoHeaders(postReq, reportingInfo)
 
 	resp, err := http.DefaultClient.Do(postReq)
diff --git a/pkg/rewrite/rewrite.go b/pkg/rewrite/rewrite.go
index 95dde7e9cd..edfaceeb27 100644
--- a/pkg/rewrite/rewrite.go
+++ b/pkg/rewrite/rewrite.go
@@ -21,7 +21,6 @@ import (
 	"github.com/replicatedhq/kots/pkg/midstream"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
 	"github.com/replicatedhq/kots/pkg/rendered"
-	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/upstream"
 	upstreamtypes "github.com/replicatedhq/kots/pkg/upstream/types"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
@@ -311,10 +310,6 @@ func Rewrite(rewriteOptions RewriteOptions) error {
 		return errors.Wrap(err, "failed to write downstreams")
 	}
 
-	if err := store.GetStore().UpdateAppVersionInstallationSpec(rewriteOptions.AppID, rewriteOptions.AppSequence, renderedKotsKinds.Installation); err != nil {
-		return errors.Wrap(err, "failed to update installation spec")
-	}
-
 	if err := rendered.WriteRenderedApp(&rendered.WriteOptions{
 		BaseDir:             u.GetBaseDir(writeUpstreamOptions),
 		OverlaysDir:         u.GetOverlaysDir(writeUpstreamOptions),
diff --git a/pkg/store/kotsstore/license_store.go b/pkg/store/kotsstore/license_store.go
index bcf32fb9fc..56429d16cd 100644
--- a/pkg/store/kotsstore/license_store.go
+++ b/pkg/store/kotsstore/license_store.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
+	reportingtypes "github.com/replicatedhq/kots/pkg/api/reporting/types"
 	gitopstypes "github.com/replicatedhq/kots/pkg/gitops/types"
 	"github.com/replicatedhq/kots/pkg/logger"
 	"github.com/replicatedhq/kots/pkg/persistence"
@@ -106,7 +107,7 @@ func (s *KOTSStore) GetAllAppLicenses() ([]*kotsv1beta1.License, error) {
 	return licenses, nil
 }
 
-func (s *KOTSStore) UpdateAppLicense(appID string, baseSequence int64, archiveDir string, newLicense *kotsv1beta1.License, originalLicenseData string, channelChanged bool, failOnVersionCreate bool, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer) (int64, error) {
+func (s *KOTSStore) UpdateAppLicense(appID string, baseSequence int64, archiveDir string, newLicense *kotsv1beta1.License, originalLicenseData string, channelChanged bool, failOnVersionCreate bool, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer, reportingInfo *reportingtypes.ReportingInfo) (int64, error) {
 	db := persistence.MustGetDBSession()
 
 	statements := []gorqlite.ParameterizedStatement{}
@@ -127,7 +128,7 @@ func (s *KOTSStore) UpdateAppLicense(appID string, baseSequence int64, archiveDi
 		Arguments: []interface{}{originalLicenseData, time.Now().Unix(), channelChanged, appID},
 	})
 
-	appVersionStatements, newSeq, err := s.createNewVersionForLicenseChangeStatements(appID, baseSequence, archiveDir, gitops, renderer)
+	appVersionStatements, newSeq, err := s.createNewVersionForLicenseChangeStatements(appID, baseSequence, archiveDir, gitops, renderer, reportingInfo)
 	if err != nil {
 		// ignore error here to prevent a failure to render the current version
 		// preventing the end-user from updating the application
@@ -164,7 +165,7 @@ func (s *KOTSStore) UpdateAppLicenseSyncNow(appID string) error {
 	return nil
 }
 
-func (s *KOTSStore) createNewVersionForLicenseChangeStatements(appID string, baseSequence int64, archiveDir string, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer) ([]gorqlite.ParameterizedStatement, int64, error) {
+func (s *KOTSStore) createNewVersionForLicenseChangeStatements(appID string, baseSequence int64, archiveDir string, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer, reportingInfo *reportingtypes.ReportingInfo) ([]gorqlite.ParameterizedStatement, int64, error) {
 	registrySettings, err := s.GetRegistryDetailsForApp(appID)
 	if err != nil {
 		return nil, int64(0), errors.Wrap(err, "failed to get registry settings for app")
@@ -191,6 +192,7 @@ func (s *KOTSStore) createNewVersionForLicenseChangeStatements(appID string, bas
 		Downstreams:      downstreams,
 		RegistrySettings: registrySettings,
 		Sequence:         nextAppSequence,
+		ReportingInfo:    reportingInfo,
 	}); err != nil {
 		return nil, int64(0), errors.Wrap(err, "failed to render new version")
 	}
diff --git a/pkg/store/kotsstore/version_store.go b/pkg/store/kotsstore/version_store.go
index 081f38dac5..adfc0b5339 100644
--- a/pkg/store/kotsstore/version_store.go
+++ b/pkg/store/kotsstore/version_store.go
@@ -1,7 +1,6 @@
 package kotsstore
 
 import (
-	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -38,7 +37,6 @@ import (
 	"github.com/rqlite/gorqlite"
 	velerov1 "github.com/vmware-tanzu/velero/pkg/apis/velero/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	serializer "k8s.io/apimachinery/pkg/runtime/serializer/json"
 	"k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/application/api/v1beta1"
 )
@@ -977,24 +975,6 @@ func (s *KOTSStore) UpdateNextAppVersionDiffSummary(appID string, baseSequence i
 	return nil
 }
 
-func (s *KOTSStore) UpdateAppVersionInstallationSpec(appID string, sequence int64, installation kotsv1beta1.Installation) error {
-	ser := serializer.NewYAMLSerializer(serializer.DefaultMetaFactory, scheme.Scheme, scheme.Scheme)
-	var b bytes.Buffer
-	if err := ser.Encode(&installation, &b); err != nil {
-		return errors.Wrap(err, "failed to encode installation")
-	}
-
-	db := persistence.MustGetDBSession()
-	wr, err := db.WriteOneParameterized(gorqlite.ParameterizedStatement{
-		Query:     `UPDATE app_version SET kots_installation_spec = ? WHERE app_id = ? AND sequence = ?`,
-		Arguments: []interface{}{b.String(), appID, sequence},
-	})
-	if err != nil {
-		return fmt.Errorf("failed to write: %v: %v", err, wr.Err)
-	}
-	return nil
-}
-
 func (s *KOTSStore) GetNextAppSequence(appID string) (int64, error) {
 	db := persistence.MustGetDBSession()
 
diff --git a/pkg/store/mock/mock.go b/pkg/store/mock/mock.go
index 7f8feb9470..bbad145a29 100644
--- a/pkg/store/mock/mock.go
+++ b/pkg/store/mock/mock.go
@@ -13,20 +13,21 @@ import (
 	v1beta1 "github.com/replicatedhq/embedded-cluster-kinds/apis/v1beta1"
 	types "github.com/replicatedhq/kots/pkg/airgap/types"
 	types0 "github.com/replicatedhq/kots/pkg/api/downstream/types"
-	types1 "github.com/replicatedhq/kots/pkg/api/version/types"
-	types2 "github.com/replicatedhq/kots/pkg/app/types"
-	types3 "github.com/replicatedhq/kots/pkg/appstate/types"
-	types4 "github.com/replicatedhq/kots/pkg/gitops/types"
-	types5 "github.com/replicatedhq/kots/pkg/kotsadmsnapshot/types"
-	types6 "github.com/replicatedhq/kots/pkg/online/types"
-	types7 "github.com/replicatedhq/kots/pkg/preflight/types"
-	types8 "github.com/replicatedhq/kots/pkg/registry/types"
-	types9 "github.com/replicatedhq/kots/pkg/render/types"
-	types10 "github.com/replicatedhq/kots/pkg/session/types"
-	types11 "github.com/replicatedhq/kots/pkg/store/types"
-	types12 "github.com/replicatedhq/kots/pkg/supportbundle/types"
-	types13 "github.com/replicatedhq/kots/pkg/upstream/types"
-	types14 "github.com/replicatedhq/kots/pkg/user/types"
+	types1 "github.com/replicatedhq/kots/pkg/api/reporting/types"
+	types2 "github.com/replicatedhq/kots/pkg/api/version/types"
+	types3 "github.com/replicatedhq/kots/pkg/app/types"
+	types4 "github.com/replicatedhq/kots/pkg/appstate/types"
+	types5 "github.com/replicatedhq/kots/pkg/gitops/types"
+	types6 "github.com/replicatedhq/kots/pkg/kotsadmsnapshot/types"
+	types7 "github.com/replicatedhq/kots/pkg/online/types"
+	types8 "github.com/replicatedhq/kots/pkg/preflight/types"
+	types9 "github.com/replicatedhq/kots/pkg/registry/types"
+	types10 "github.com/replicatedhq/kots/pkg/render/types"
+	types11 "github.com/replicatedhq/kots/pkg/session/types"
+	types12 "github.com/replicatedhq/kots/pkg/store/types"
+	types13 "github.com/replicatedhq/kots/pkg/supportbundle/types"
+	types14 "github.com/replicatedhq/kots/pkg/upstream/types"
+	types15 "github.com/replicatedhq/kots/pkg/user/types"
 	v1beta10 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	redact "github.com/replicatedhq/troubleshoot/pkg/redact"
 )
@@ -97,10 +98,10 @@ func (mr *MockStoreMockRecorder) AddDownstreamVersionsDetails(appID, clusterID,
 }
 
 // CreateApp mocks base method.
-func (m *MockStore) CreateApp(name, upstreamURI, licenseData string, isAirgapEnabled, skipImagePush, registryIsReadOnly bool) (*types2.App, error) {
+func (m *MockStore) CreateApp(name, upstreamURI, licenseData string, isAirgapEnabled, skipImagePush, registryIsReadOnly bool) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateApp", name, upstreamURI, licenseData, isAirgapEnabled, skipImagePush, registryIsReadOnly)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -112,7 +113,7 @@ func (mr *MockStoreMockRecorder) CreateApp(name, upstreamURI, licenseData, isAir
 }
 
 // CreateAppVersion mocks base method.
-func (m *MockStore) CreateAppVersion(appID string, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) (int64, error) {
+func (m *MockStore) CreateAppVersion(appID string, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types5.DownstreamGitOps, renderer types10.Renderer) (int64, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateAppVersion", appID, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 	ret0, _ := ret[0].(int64)
@@ -141,7 +142,7 @@ func (mr *MockStoreMockRecorder) CreateAppVersionArchive(appID, sequence, archiv
 }
 
 // CreateInProgressSupportBundle mocks base method.
-func (m *MockStore) CreateInProgressSupportBundle(supportBundle *types12.SupportBundle) error {
+func (m *MockStore) CreateInProgressSupportBundle(supportBundle *types13.SupportBundle) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateInProgressSupportBundle", supportBundle)
 	ret0, _ := ret[0].(error)
@@ -185,7 +186,7 @@ func (mr *MockStoreMockRecorder) CreateNewCluster(userID, isAllUsers, title, tok
 }
 
 // CreatePendingDownloadAppVersion mocks base method.
-func (m *MockStore) CreatePendingDownloadAppVersion(appID string, update types13.Update, kotsApplication *v1beta10.Application, license *v1beta10.License) (int64, error) {
+func (m *MockStore) CreatePendingDownloadAppVersion(appID string, update types14.Update, kotsApplication *v1beta10.Application, license *v1beta10.License) (int64, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreatePendingDownloadAppVersion", appID, update, kotsApplication, license)
 	ret0, _ := ret[0].(int64)
@@ -228,10 +229,10 @@ func (mr *MockStoreMockRecorder) CreateScheduledSnapshot(snapshotID, appID, time
 }
 
 // CreateSession mocks base method.
-func (m *MockStore) CreateSession(user *types14.User, issuedAt, expiresAt time.Time, roles []string) (*types10.Session, error) {
+func (m *MockStore) CreateSession(user *types15.User, issuedAt, expiresAt time.Time, roles []string) (*types11.Session, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateSession", user, issuedAt, expiresAt, roles)
-	ret0, _ := ret[0].(*types10.Session)
+	ret0, _ := ret[0].(*types11.Session)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -243,10 +244,10 @@ func (mr *MockStoreMockRecorder) CreateSession(user, issuedAt, expiresAt, roles
 }
 
 // CreateSupportBundle mocks base method.
-func (m *MockStore) CreateSupportBundle(bundleID, appID, archivePath string, marshalledTree []byte) (*types12.SupportBundle, error) {
+func (m *MockStore) CreateSupportBundle(bundleID, appID, archivePath string, marshalledTree []byte) (*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateSupportBundle", bundleID, appID, archivePath, marshalledTree)
-	ret0, _ := ret[0].(*types12.SupportBundle)
+	ret0, _ := ret[0].(*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -415,10 +416,10 @@ func (mr *MockStoreMockRecorder) GetAllAppLicenses() *gomock.Call {
 }
 
 // GetApp mocks base method.
-func (m *MockStore) GetApp(appID string) (*types2.App, error) {
+func (m *MockStore) GetApp(appID string) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetApp", appID)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -430,10 +431,10 @@ func (mr *MockStoreMockRecorder) GetApp(appID interface{}) *gomock.Call {
 }
 
 // GetAppFromSlug mocks base method.
-func (m *MockStore) GetAppFromSlug(slug string) (*types2.App, error) {
+func (m *MockStore) GetAppFromSlug(slug string) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppFromSlug", slug)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -475,10 +476,10 @@ func (mr *MockStoreMockRecorder) GetAppIDsFromRegistry(hostname interface{}) *go
 }
 
 // GetAppStatus mocks base method.
-func (m *MockStore) GetAppStatus(appID string) (*types3.AppStatus, error) {
+func (m *MockStore) GetAppStatus(appID string) (*types4.AppStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppStatus", appID)
-	ret0, _ := ret[0].(*types3.AppStatus)
+	ret0, _ := ret[0].(*types4.AppStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -490,10 +491,10 @@ func (mr *MockStoreMockRecorder) GetAppStatus(appID interface{}) *gomock.Call {
 }
 
 // GetAppVersion mocks base method.
-func (m *MockStore) GetAppVersion(appID string, sequence int64) (*types1.AppVersion, error) {
+func (m *MockStore) GetAppVersion(appID string, sequence int64) (*types2.AppVersion, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppVersion", appID, sequence)
-	ret0, _ := ret[0].(*types1.AppVersion)
+	ret0, _ := ret[0].(*types2.AppVersion)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -700,10 +701,10 @@ func (mr *MockStoreMockRecorder) GetDownstreamVersionSource(appID, sequence inte
 }
 
 // GetDownstreamVersionStatus mocks base method.
-func (m *MockStore) GetDownstreamVersionStatus(appID string, sequence int64) (types11.DownstreamVersionStatus, error) {
+func (m *MockStore) GetDownstreamVersionStatus(appID string, sequence int64) (types12.DownstreamVersionStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetDownstreamVersionStatus", appID, sequence)
-	ret0, _ := ret[0].(types11.DownstreamVersionStatus)
+	ret0, _ := ret[0].(types12.DownstreamVersionStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -972,10 +973,10 @@ func (mr *MockStoreMockRecorder) GetPendingAirgapUploadApp() *gomock.Call {
 }
 
 // GetPendingInstallationStatus mocks base method.
-func (m *MockStore) GetPendingInstallationStatus() (*types6.InstallStatus, error) {
+func (m *MockStore) GetPendingInstallationStatus() (*types7.InstallStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetPendingInstallationStatus")
-	ret0, _ := ret[0].(*types6.InstallStatus)
+	ret0, _ := ret[0].(*types7.InstallStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1002,10 +1003,10 @@ func (mr *MockStoreMockRecorder) GetPreflightProgress(appID, sequence interface{
 }
 
 // GetPreflightResults mocks base method.
-func (m *MockStore) GetPreflightResults(appID string, sequence int64) (*types7.PreflightResult, error) {
+func (m *MockStore) GetPreflightResults(appID string, sequence int64) (*types8.PreflightResult, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetPreflightResults", appID, sequence)
-	ret0, _ := ret[0].(*types7.PreflightResult)
+	ret0, _ := ret[0].(*types8.PreflightResult)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1062,10 +1063,10 @@ func (mr *MockStoreMockRecorder) GetRedactions(bundleID interface{}) *gomock.Cal
 }
 
 // GetRegistryDetailsForApp mocks base method.
-func (m *MockStore) GetRegistryDetailsForApp(appID string) (types8.RegistrySettings, error) {
+func (m *MockStore) GetRegistryDetailsForApp(appID string) (types9.RegistrySettings, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetRegistryDetailsForApp", appID)
-	ret0, _ := ret[0].(types8.RegistrySettings)
+	ret0, _ := ret[0].(types9.RegistrySettings)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1077,10 +1078,10 @@ func (mr *MockStoreMockRecorder) GetRegistryDetailsForApp(appID interface{}) *go
 }
 
 // GetSession mocks base method.
-func (m *MockStore) GetSession(sessionID string) (*types10.Session, error) {
+func (m *MockStore) GetSession(sessionID string) (*types11.Session, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSession", sessionID)
-	ret0, _ := ret[0].(*types10.Session)
+	ret0, _ := ret[0].(*types11.Session)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1107,10 +1108,10 @@ func (mr *MockStoreMockRecorder) GetSharedPasswordBcrypt() *gomock.Call {
 }
 
 // GetStatusForVersion mocks base method.
-func (m *MockStore) GetStatusForVersion(appID, clusterID string, sequence int64) (types11.DownstreamVersionStatus, error) {
+func (m *MockStore) GetStatusForVersion(appID, clusterID string, sequence int64) (types12.DownstreamVersionStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetStatusForVersion", appID, clusterID, sequence)
-	ret0, _ := ret[0].(types11.DownstreamVersionStatus)
+	ret0, _ := ret[0].(types12.DownstreamVersionStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1122,10 +1123,10 @@ func (mr *MockStoreMockRecorder) GetStatusForVersion(appID, clusterID, sequence
 }
 
 // GetSupportBundle mocks base method.
-func (m *MockStore) GetSupportBundle(bundleID string) (*types12.SupportBundle, error) {
+func (m *MockStore) GetSupportBundle(bundleID string) (*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSupportBundle", bundleID)
-	ret0, _ := ret[0].(*types12.SupportBundle)
+	ret0, _ := ret[0].(*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1137,10 +1138,10 @@ func (mr *MockStoreMockRecorder) GetSupportBundle(bundleID interface{}) *gomock.
 }
 
 // GetSupportBundleAnalysis mocks base method.
-func (m *MockStore) GetSupportBundleAnalysis(bundleID string) (*types12.SupportBundleAnalysis, error) {
+func (m *MockStore) GetSupportBundleAnalysis(bundleID string) (*types13.SupportBundleAnalysis, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSupportBundleAnalysis", bundleID)
-	ret0, _ := ret[0].(*types12.SupportBundleAnalysis)
+	ret0, _ := ret[0].(*types13.SupportBundleAnalysis)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1316,7 +1317,7 @@ func (mr *MockStoreMockRecorder) IsRollbackSupportedForVersion(appID, sequence i
 }
 
 // IsSnapshotsSupportedForVersion mocks base method.
-func (m *MockStore) IsSnapshotsSupportedForVersion(a *types2.App, sequence int64, renderer types9.Renderer) (bool, error) {
+func (m *MockStore) IsSnapshotsSupportedForVersion(a *types3.App, sequence int64, renderer types10.Renderer) (bool, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "IsSnapshotsSupportedForVersion", a, sequence, renderer)
 	ret0, _ := ret[0].(bool)
@@ -1331,10 +1332,10 @@ func (mr *MockStoreMockRecorder) IsSnapshotsSupportedForVersion(a, sequence, ren
 }
 
 // ListAppsForDownstream mocks base method.
-func (m *MockStore) ListAppsForDownstream(clusterID string) ([]*types2.App, error) {
+func (m *MockStore) ListAppsForDownstream(clusterID string) ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListAppsForDownstream", clusterID)
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1376,10 +1377,10 @@ func (mr *MockStoreMockRecorder) ListDownstreamsForApp(appID interface{}) *gomoc
 }
 
 // ListFailedApps mocks base method.
-func (m *MockStore) ListFailedApps() ([]*types2.App, error) {
+func (m *MockStore) ListFailedApps() ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListFailedApps")
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1406,10 +1407,10 @@ func (mr *MockStoreMockRecorder) ListInstalledAppSlugs() *gomock.Call {
 }
 
 // ListInstalledApps mocks base method.
-func (m *MockStore) ListInstalledApps() ([]*types2.App, error) {
+func (m *MockStore) ListInstalledApps() ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListInstalledApps")
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1421,10 +1422,10 @@ func (mr *MockStoreMockRecorder) ListInstalledApps() *gomock.Call {
 }
 
 // ListPendingScheduledInstanceSnapshots mocks base method.
-func (m *MockStore) ListPendingScheduledInstanceSnapshots(clusterID string) ([]types5.ScheduledInstanceSnapshot, error) {
+func (m *MockStore) ListPendingScheduledInstanceSnapshots(clusterID string) ([]types6.ScheduledInstanceSnapshot, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListPendingScheduledInstanceSnapshots", clusterID)
-	ret0, _ := ret[0].([]types5.ScheduledInstanceSnapshot)
+	ret0, _ := ret[0].([]types6.ScheduledInstanceSnapshot)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1436,10 +1437,10 @@ func (mr *MockStoreMockRecorder) ListPendingScheduledInstanceSnapshots(clusterID
 }
 
 // ListPendingScheduledSnapshots mocks base method.
-func (m *MockStore) ListPendingScheduledSnapshots(appID string) ([]types5.ScheduledSnapshot, error) {
+func (m *MockStore) ListPendingScheduledSnapshots(appID string) ([]types6.ScheduledSnapshot, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListPendingScheduledSnapshots", appID)
-	ret0, _ := ret[0].([]types5.ScheduledSnapshot)
+	ret0, _ := ret[0].([]types6.ScheduledSnapshot)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1451,10 +1452,10 @@ func (mr *MockStoreMockRecorder) ListPendingScheduledSnapshots(appID interface{}
 }
 
 // ListSupportBundles mocks base method.
-func (m *MockStore) ListSupportBundles(appID string) ([]*types12.SupportBundle, error) {
+func (m *MockStore) ListSupportBundles(appID string) ([]*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListSupportBundles", appID)
-	ret0, _ := ret[0].([]*types12.SupportBundle)
+	ret0, _ := ret[0].([]*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1576,7 +1577,7 @@ func (mr *MockStoreMockRecorder) SetAppIsAirgap(appID, isAirgap interface{}) *go
 }
 
 // SetAppStatus mocks base method.
-func (m *MockStore) SetAppStatus(appID string, resourceStates types3.ResourceStates, updatedAt time.Time, sequence int64) error {
+func (m *MockStore) SetAppStatus(appID string, resourceStates types4.ResourceStates, updatedAt time.Time, sequence int64) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetAppStatus", appID, resourceStates, updatedAt, sequence)
 	ret0, _ := ret[0].(error)
@@ -1590,7 +1591,7 @@ func (mr *MockStoreMockRecorder) SetAppStatus(appID, resourceStates, updatedAt,
 }
 
 // SetAutoDeploy mocks base method.
-func (m *MockStore) SetAutoDeploy(appID string, autoDeploy types2.AutoDeploy) error {
+func (m *MockStore) SetAutoDeploy(appID string, autoDeploy types3.AutoDeploy) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetAutoDeploy", appID, autoDeploy)
 	ret0, _ := ret[0].(error)
@@ -1604,7 +1605,7 @@ func (mr *MockStoreMockRecorder) SetAutoDeploy(appID, autoDeploy interface{}) *g
 }
 
 // SetDownstreamVersionStatus mocks base method.
-func (m *MockStore) SetDownstreamVersionStatus(appID string, sequence int64, status types11.DownstreamVersionStatus, statusInfo string) error {
+func (m *MockStore) SetDownstreamVersionStatus(appID string, sequence int64, status types12.DownstreamVersionStatus, statusInfo string) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetDownstreamVersionStatus", appID, sequence, status, statusInfo)
 	ret0, _ := ret[0].(error)
@@ -1829,18 +1830,18 @@ func (mr *MockStoreMockRecorder) SetUpdateCheckerSpec(appID, updateCheckerSpec i
 }
 
 // UpdateAppLicense mocks base method.
-func (m *MockStore) UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *v1beta10.License, originalLicenseData string, channelChanged, failOnVersionCreate bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) (int64, error) {
+func (m *MockStore) UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *v1beta10.License, originalLicenseData string, channelChanged, failOnVersionCreate bool, gitops types5.DownstreamGitOps, renderer types10.Renderer, reportingInfo *types1.ReportingInfo) (int64, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateAppLicense", appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer)
+	ret := m.ctrl.Call(m, "UpdateAppLicense", appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo)
 	ret0, _ := ret[0].(int64)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // UpdateAppLicense indicates an expected call of UpdateAppLicense.
-func (mr *MockStoreMockRecorder) UpdateAppLicense(appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer interface{}) *gomock.Call {
+func (mr *MockStoreMockRecorder) UpdateAppLicense(appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppLicense", reflect.TypeOf((*MockStore)(nil).UpdateAppLicense), appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppLicense", reflect.TypeOf((*MockStore)(nil).UpdateAppLicense), appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo)
 }
 
 // UpdateAppLicenseSyncNow mocks base method.
@@ -1858,7 +1859,7 @@ func (mr *MockStoreMockRecorder) UpdateAppLicenseSyncNow(appID interface{}) *gom
 }
 
 // UpdateAppVersion mocks base method.
-func (m *MockStore) UpdateAppVersion(appID string, sequence int64, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) error {
+func (m *MockStore) UpdateAppVersion(appID string, sequence int64, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types5.DownstreamGitOps, renderer types10.Renderer) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdateAppVersion", appID, sequence, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 	ret0, _ := ret[0].(error)
@@ -1871,20 +1872,6 @@ func (mr *MockStoreMockRecorder) UpdateAppVersion(appID, sequence, baseSequence,
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppVersion", reflect.TypeOf((*MockStore)(nil).UpdateAppVersion), appID, sequence, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 }
 
-// UpdateAppVersionInstallationSpec mocks base method.
-func (m *MockStore) UpdateAppVersionInstallationSpec(appID string, sequence int64, spec v1beta10.Installation) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateAppVersionInstallationSpec", appID, sequence, spec)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateAppVersionInstallationSpec indicates an expected call of UpdateAppVersionInstallationSpec.
-func (mr *MockStoreMockRecorder) UpdateAppVersionInstallationSpec(appID, sequence, spec interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppVersionInstallationSpec", reflect.TypeOf((*MockStore)(nil).UpdateAppVersionInstallationSpec), appID, sequence, spec)
-}
-
 // UpdateDownstreamDeployStatus mocks base method.
 func (m *MockStore) UpdateDownstreamDeployStatus(appID, clusterID string, sequence int64, isError bool, output types0.DownstreamOutput) error {
 	m.ctrl.T.Helper()
@@ -1970,7 +1957,7 @@ func (mr *MockStoreMockRecorder) UpdateSessionExpiresAt(sessionID, expiresAt int
 }
 
 // UpdateSupportBundle mocks base method.
-func (m *MockStore) UpdateSupportBundle(bundle *types12.SupportBundle) error {
+func (m *MockStore) UpdateSupportBundle(bundle *types13.SupportBundle) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdateSupportBundle", bundle)
 	ret0, _ := ret[0].(error)
@@ -2085,10 +2072,10 @@ func (mr *MockRegistryStoreMockRecorder) GetAppIDsFromRegistry(hostname interfac
 }
 
 // GetRegistryDetailsForApp mocks base method.
-func (m *MockRegistryStore) GetRegistryDetailsForApp(appID string) (types8.RegistrySettings, error) {
+func (m *MockRegistryStore) GetRegistryDetailsForApp(appID string) (types9.RegistrySettings, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetRegistryDetailsForApp", appID)
-	ret0, _ := ret[0].(types8.RegistrySettings)
+	ret0, _ := ret[0].(types9.RegistrySettings)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2137,7 +2124,7 @@ func (m *MockSupportBundleStore) EXPECT() *MockSupportBundleStoreMockRecorder {
 }
 
 // CreateInProgressSupportBundle mocks base method.
-func (m *MockSupportBundleStore) CreateInProgressSupportBundle(supportBundle *types12.SupportBundle) error {
+func (m *MockSupportBundleStore) CreateInProgressSupportBundle(supportBundle *types13.SupportBundle) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateInProgressSupportBundle", supportBundle)
 	ret0, _ := ret[0].(error)
@@ -2151,10 +2138,10 @@ func (mr *MockSupportBundleStoreMockRecorder) CreateInProgressSupportBundle(supp
 }
 
 // CreateSupportBundle mocks base method.
-func (m *MockSupportBundleStore) CreateSupportBundle(bundleID, appID, archivePath string, marshalledTree []byte) (*types12.SupportBundle, error) {
+func (m *MockSupportBundleStore) CreateSupportBundle(bundleID, appID, archivePath string, marshalledTree []byte) (*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateSupportBundle", bundleID, appID, archivePath, marshalledTree)
-	ret0, _ := ret[0].(*types12.SupportBundle)
+	ret0, _ := ret[0].(*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2195,10 +2182,10 @@ func (mr *MockSupportBundleStoreMockRecorder) GetRedactions(bundleID interface{}
 }
 
 // GetSupportBundle mocks base method.
-func (m *MockSupportBundleStore) GetSupportBundle(bundleID string) (*types12.SupportBundle, error) {
+func (m *MockSupportBundleStore) GetSupportBundle(bundleID string) (*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSupportBundle", bundleID)
-	ret0, _ := ret[0].(*types12.SupportBundle)
+	ret0, _ := ret[0].(*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2210,10 +2197,10 @@ func (mr *MockSupportBundleStoreMockRecorder) GetSupportBundle(bundleID interfac
 }
 
 // GetSupportBundleAnalysis mocks base method.
-func (m *MockSupportBundleStore) GetSupportBundleAnalysis(bundleID string) (*types12.SupportBundleAnalysis, error) {
+func (m *MockSupportBundleStore) GetSupportBundleAnalysis(bundleID string) (*types13.SupportBundleAnalysis, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSupportBundleAnalysis", bundleID)
-	ret0, _ := ret[0].(*types12.SupportBundleAnalysis)
+	ret0, _ := ret[0].(*types13.SupportBundleAnalysis)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2240,10 +2227,10 @@ func (mr *MockSupportBundleStoreMockRecorder) GetSupportBundleArchive(bundleID i
 }
 
 // ListSupportBundles mocks base method.
-func (m *MockSupportBundleStore) ListSupportBundles(appID string) ([]*types12.SupportBundle, error) {
+func (m *MockSupportBundleStore) ListSupportBundles(appID string) ([]*types13.SupportBundle, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListSupportBundles", appID)
-	ret0, _ := ret[0].([]*types12.SupportBundle)
+	ret0, _ := ret[0].([]*types13.SupportBundle)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2283,7 +2270,7 @@ func (mr *MockSupportBundleStoreMockRecorder) SetSupportBundleAnalysis(bundleID,
 }
 
 // UpdateSupportBundle mocks base method.
-func (m *MockSupportBundleStore) UpdateSupportBundle(bundle *types12.SupportBundle) error {
+func (m *MockSupportBundleStore) UpdateSupportBundle(bundle *types13.SupportBundle) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdateSupportBundle", bundle)
 	ret0, _ := ret[0].(error)
@@ -2349,10 +2336,10 @@ func (mr *MockPreflightStoreMockRecorder) GetPreflightProgress(appID, sequence i
 }
 
 // GetPreflightResults mocks base method.
-func (m *MockPreflightStore) GetPreflightResults(appID string, sequence int64) (*types7.PreflightResult, error) {
+func (m *MockPreflightStore) GetPreflightResults(appID string, sequence int64) (*types8.PreflightResult, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetPreflightResults", appID, sequence)
-	ret0, _ := ret[0].(*types7.PreflightResult)
+	ret0, _ := ret[0].(*types8.PreflightResult)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2576,10 +2563,10 @@ func (m *MockSessionStore) EXPECT() *MockSessionStoreMockRecorder {
 }
 
 // CreateSession mocks base method.
-func (m *MockSessionStore) CreateSession(user *types14.User, issuedAt, expiresAt time.Time, roles []string) (*types10.Session, error) {
+func (m *MockSessionStore) CreateSession(user *types15.User, issuedAt, expiresAt time.Time, roles []string) (*types11.Session, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateSession", user, issuedAt, expiresAt, roles)
-	ret0, _ := ret[0].(*types10.Session)
+	ret0, _ := ret[0].(*types11.Session)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2619,10 +2606,10 @@ func (mr *MockSessionStoreMockRecorder) DeleteSession(sessionID interface{}) *go
 }
 
 // GetSession mocks base method.
-func (m *MockSessionStore) GetSession(sessionID string) (*types10.Session, error) {
+func (m *MockSessionStore) GetSession(sessionID string) (*types11.Session, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetSession", sessionID)
-	ret0, _ := ret[0].(*types10.Session)
+	ret0, _ := ret[0].(*types11.Session)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2671,10 +2658,10 @@ func (m *MockAppStatusStore) EXPECT() *MockAppStatusStoreMockRecorder {
 }
 
 // GetAppStatus mocks base method.
-func (m *MockAppStatusStore) GetAppStatus(appID string) (*types3.AppStatus, error) {
+func (m *MockAppStatusStore) GetAppStatus(appID string) (*types4.AppStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppStatus", appID)
-	ret0, _ := ret[0].(*types3.AppStatus)
+	ret0, _ := ret[0].(*types4.AppStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2686,7 +2673,7 @@ func (mr *MockAppStatusStoreMockRecorder) GetAppStatus(appID interface{}) *gomoc
 }
 
 // SetAppStatus mocks base method.
-func (m *MockAppStatusStore) SetAppStatus(appID string, resourceStates types3.ResourceStates, updatedAt time.Time, sequence int64) error {
+func (m *MockAppStatusStore) SetAppStatus(appID string, resourceStates types4.ResourceStates, updatedAt time.Time, sequence int64) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetAppStatus", appID, resourceStates, updatedAt, sequence)
 	ret0, _ := ret[0].(error)
@@ -2737,10 +2724,10 @@ func (mr *MockAppStoreMockRecorder) AddAppToAllDownstreams(appID interface{}) *g
 }
 
 // CreateApp mocks base method.
-func (m *MockAppStore) CreateApp(name, upstreamURI, licenseData string, isAirgapEnabled, skipImagePush, registryIsReadOnly bool) (*types2.App, error) {
+func (m *MockAppStore) CreateApp(name, upstreamURI, licenseData string, isAirgapEnabled, skipImagePush, registryIsReadOnly bool) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateApp", name, upstreamURI, licenseData, isAirgapEnabled, skipImagePush, registryIsReadOnly)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2752,10 +2739,10 @@ func (mr *MockAppStoreMockRecorder) CreateApp(name, upstreamURI, licenseData, is
 }
 
 // GetApp mocks base method.
-func (m *MockAppStore) GetApp(appID string) (*types2.App, error) {
+func (m *MockAppStore) GetApp(appID string) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetApp", appID)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2767,10 +2754,10 @@ func (mr *MockAppStoreMockRecorder) GetApp(appID interface{}) *gomock.Call {
 }
 
 // GetAppFromSlug mocks base method.
-func (m *MockAppStore) GetAppFromSlug(slug string) (*types2.App, error) {
+func (m *MockAppStore) GetAppFromSlug(slug string) (*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppFromSlug", slug)
-	ret0, _ := ret[0].(*types2.App)
+	ret0, _ := ret[0].(*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2827,10 +2814,10 @@ func (mr *MockAppStoreMockRecorder) IsGitOpsEnabledForApp(appID interface{}) *go
 }
 
 // ListAppsForDownstream mocks base method.
-func (m *MockAppStore) ListAppsForDownstream(clusterID string) ([]*types2.App, error) {
+func (m *MockAppStore) ListAppsForDownstream(clusterID string) ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListAppsForDownstream", clusterID)
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2857,10 +2844,10 @@ func (mr *MockAppStoreMockRecorder) ListDownstreamsForApp(appID interface{}) *go
 }
 
 // ListFailedApps mocks base method.
-func (m *MockAppStore) ListFailedApps() ([]*types2.App, error) {
+func (m *MockAppStore) ListFailedApps() ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListFailedApps")
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2887,10 +2874,10 @@ func (mr *MockAppStoreMockRecorder) ListInstalledAppSlugs() *gomock.Call {
 }
 
 // ListInstalledApps mocks base method.
-func (m *MockAppStore) ListInstalledApps() ([]*types2.App, error) {
+func (m *MockAppStore) ListInstalledApps() ([]*types3.App, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListInstalledApps")
-	ret0, _ := ret[0].([]*types2.App)
+	ret0, _ := ret[0].([]*types3.App)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2944,7 +2931,7 @@ func (mr *MockAppStoreMockRecorder) SetAppInstallState(appID, state interface{})
 }
 
 // SetAutoDeploy mocks base method.
-func (m *MockAppStore) SetAutoDeploy(appID string, autoDeploy types2.AutoDeploy) error {
+func (m *MockAppStore) SetAutoDeploy(appID string, autoDeploy types3.AutoDeploy) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetAutoDeploy", appID, autoDeploy)
 	ret0, _ := ret[0].(error)
@@ -3170,10 +3157,10 @@ func (mr *MockDownstreamStoreMockRecorder) GetDownstreamVersionSource(appID, seq
 }
 
 // GetDownstreamVersionStatus mocks base method.
-func (m *MockDownstreamStore) GetDownstreamVersionStatus(appID string, sequence int64) (types11.DownstreamVersionStatus, error) {
+func (m *MockDownstreamStore) GetDownstreamVersionStatus(appID string, sequence int64) (types12.DownstreamVersionStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetDownstreamVersionStatus", appID, sequence)
-	ret0, _ := ret[0].(types11.DownstreamVersionStatus)
+	ret0, _ := ret[0].(types12.DownstreamVersionStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -3262,10 +3249,10 @@ func (mr *MockDownstreamStoreMockRecorder) GetPreviouslyDeployedSequence(appID,
 }
 
 // GetStatusForVersion mocks base method.
-func (m *MockDownstreamStore) GetStatusForVersion(appID, clusterID string, sequence int64) (types11.DownstreamVersionStatus, error) {
+func (m *MockDownstreamStore) GetStatusForVersion(appID, clusterID string, sequence int64) (types12.DownstreamVersionStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetStatusForVersion", appID, clusterID, sequence)
-	ret0, _ := ret[0].(types11.DownstreamVersionStatus)
+	ret0, _ := ret[0].(types12.DownstreamVersionStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -3322,7 +3309,7 @@ func (mr *MockDownstreamStoreMockRecorder) MarkAsCurrentDownstreamVersion(appID,
 }
 
 // SetDownstreamVersionStatus mocks base method.
-func (m *MockDownstreamStore) SetDownstreamVersionStatus(appID string, sequence int64, status types11.DownstreamVersionStatus, statusInfo string) error {
+func (m *MockDownstreamStore) SetDownstreamVersionStatus(appID string, sequence int64, status types12.DownstreamVersionStatus, statusInfo string) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetDownstreamVersionStatus", appID, sequence, status, statusInfo)
 	ret0, _ := ret[0].(error)
@@ -3429,10 +3416,10 @@ func (mr *MockSnapshotStoreMockRecorder) DeletePendingScheduledSnapshots(appID i
 }
 
 // ListPendingScheduledInstanceSnapshots mocks base method.
-func (m *MockSnapshotStore) ListPendingScheduledInstanceSnapshots(clusterID string) ([]types5.ScheduledInstanceSnapshot, error) {
+func (m *MockSnapshotStore) ListPendingScheduledInstanceSnapshots(clusterID string) ([]types6.ScheduledInstanceSnapshot, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListPendingScheduledInstanceSnapshots", clusterID)
-	ret0, _ := ret[0].([]types5.ScheduledInstanceSnapshot)
+	ret0, _ := ret[0].([]types6.ScheduledInstanceSnapshot)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -3444,10 +3431,10 @@ func (mr *MockSnapshotStoreMockRecorder) ListPendingScheduledInstanceSnapshots(c
 }
 
 // ListPendingScheduledSnapshots mocks base method.
-func (m *MockSnapshotStore) ListPendingScheduledSnapshots(appID string) ([]types5.ScheduledSnapshot, error) {
+func (m *MockSnapshotStore) ListPendingScheduledSnapshots(appID string) ([]types6.ScheduledSnapshot, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListPendingScheduledSnapshots", appID)
-	ret0, _ := ret[0].([]types5.ScheduledSnapshot)
+	ret0, _ := ret[0].([]types6.ScheduledSnapshot)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -3510,7 +3497,7 @@ func (m *MockVersionStore) EXPECT() *MockVersionStoreMockRecorder {
 }
 
 // CreateAppVersion mocks base method.
-func (m *MockVersionStore) CreateAppVersion(appID string, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) (int64, error) {
+func (m *MockVersionStore) CreateAppVersion(appID string, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types5.DownstreamGitOps, renderer types10.Renderer) (int64, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateAppVersion", appID, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 	ret0, _ := ret[0].(int64)
@@ -3539,7 +3526,7 @@ func (mr *MockVersionStoreMockRecorder) CreateAppVersionArchive(appID, sequence,
 }
 
 // CreatePendingDownloadAppVersion mocks base method.
-func (m *MockVersionStore) CreatePendingDownloadAppVersion(appID string, update types13.Update, kotsApplication *v1beta10.Application, license *v1beta10.License) (int64, error) {
+func (m *MockVersionStore) CreatePendingDownloadAppVersion(appID string, update types14.Update, kotsApplication *v1beta10.Application, license *v1beta10.License) (int64, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreatePendingDownloadAppVersion", appID, update, kotsApplication, license)
 	ret0, _ := ret[0].(int64)
@@ -3554,10 +3541,10 @@ func (mr *MockVersionStoreMockRecorder) CreatePendingDownloadAppVersion(appID, u
 }
 
 // GetAppVersion mocks base method.
-func (m *MockVersionStore) GetAppVersion(appID string, sequence int64) (*types1.AppVersion, error) {
+func (m *MockVersionStore) GetAppVersion(appID string, sequence int64) (*types2.AppVersion, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAppVersion", appID, sequence)
-	ret0, _ := ret[0].(*types1.AppVersion)
+	ret0, _ := ret[0].(*types2.AppVersion)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -3734,7 +3721,7 @@ func (mr *MockVersionStoreMockRecorder) IsRollbackSupportedForVersion(appID, seq
 }
 
 // IsSnapshotsSupportedForVersion mocks base method.
-func (m *MockVersionStore) IsSnapshotsSupportedForVersion(a *types2.App, sequence int64, renderer types9.Renderer) (bool, error) {
+func (m *MockVersionStore) IsSnapshotsSupportedForVersion(a *types3.App, sequence int64, renderer types10.Renderer) (bool, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "IsSnapshotsSupportedForVersion", a, sequence, renderer)
 	ret0, _ := ret[0].(bool)
@@ -3749,7 +3736,7 @@ func (mr *MockVersionStoreMockRecorder) IsSnapshotsSupportedForVersion(a, sequen
 }
 
 // UpdateAppVersion mocks base method.
-func (m *MockVersionStore) UpdateAppVersion(appID string, sequence int64, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) error {
+func (m *MockVersionStore) UpdateAppVersion(appID string, sequence int64, baseSequence *int64, filesInDir, source string, skipPreflights bool, gitops types5.DownstreamGitOps, renderer types10.Renderer) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdateAppVersion", appID, sequence, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 	ret0, _ := ret[0].(error)
@@ -3762,20 +3749,6 @@ func (mr *MockVersionStoreMockRecorder) UpdateAppVersion(appID, sequence, baseSe
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppVersion", reflect.TypeOf((*MockVersionStore)(nil).UpdateAppVersion), appID, sequence, baseSequence, filesInDir, source, skipPreflights, gitops, renderer)
 }
 
-// UpdateAppVersionInstallationSpec mocks base method.
-func (m *MockVersionStore) UpdateAppVersionInstallationSpec(appID string, sequence int64, spec v1beta10.Installation) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateAppVersionInstallationSpec", appID, sequence, spec)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateAppVersionInstallationSpec indicates an expected call of UpdateAppVersionInstallationSpec.
-func (mr *MockVersionStoreMockRecorder) UpdateAppVersionInstallationSpec(appID, sequence, spec interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppVersionInstallationSpec", reflect.TypeOf((*MockVersionStore)(nil).UpdateAppVersionInstallationSpec), appID, sequence, spec)
-}
-
 // UpdateNextAppVersionDiffSummary mocks base method.
 func (m *MockVersionStore) UpdateNextAppVersionDiffSummary(appID string, baseSequence int64) error {
 	m.ctrl.T.Helper()
@@ -3859,18 +3832,18 @@ func (mr *MockLicenseStoreMockRecorder) GetLicenseForAppVersion(appID, sequence
 }
 
 // UpdateAppLicense mocks base method.
-func (m *MockLicenseStore) UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *v1beta10.License, originalLicenseData string, channelChanged, failOnVersionCreate bool, gitops types4.DownstreamGitOps, renderer types9.Renderer) (int64, error) {
+func (m *MockLicenseStore) UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *v1beta10.License, originalLicenseData string, channelChanged, failOnVersionCreate bool, gitops types5.DownstreamGitOps, renderer types10.Renderer, reportingInfo *types1.ReportingInfo) (int64, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "UpdateAppLicense", appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer)
+	ret := m.ctrl.Call(m, "UpdateAppLicense", appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo)
 	ret0, _ := ret[0].(int64)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
 
 // UpdateAppLicense indicates an expected call of UpdateAppLicense.
-func (mr *MockLicenseStoreMockRecorder) UpdateAppLicense(appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer interface{}) *gomock.Call {
+func (mr *MockLicenseStoreMockRecorder) UpdateAppLicense(appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppLicense", reflect.TypeOf((*MockLicenseStore)(nil).UpdateAppLicense), appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateAppLicense", reflect.TypeOf((*MockLicenseStore)(nil).UpdateAppLicense), appID, sequence, archiveDir, newLicense, originalLicenseData, channelChanged, failOnVersionCreate, gitops, renderer, reportingInfo)
 }
 
 // UpdateAppLicenseSyncNow mocks base method.
@@ -4103,10 +4076,10 @@ func (m *MockInstallationStore) EXPECT() *MockInstallationStoreMockRecorder {
 }
 
 // GetPendingInstallationStatus mocks base method.
-func (m *MockInstallationStore) GetPendingInstallationStatus() (*types6.InstallStatus, error) {
+func (m *MockInstallationStore) GetPendingInstallationStatus() (*types7.InstallStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetPendingInstallationStatus")
-	ret0, _ := ret[0].(*types6.InstallStatus)
+	ret0, _ := ret[0].(*types7.InstallStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
diff --git a/pkg/store/store_interface.go b/pkg/store/store_interface.go
index 146571ba90..6e503719e6 100644
--- a/pkg/store/store_interface.go
+++ b/pkg/store/store_interface.go
@@ -7,6 +7,7 @@ import (
 	embeddedclusterv1beta1 "github.com/replicatedhq/embedded-cluster-kinds/apis/v1beta1"
 	airgaptypes "github.com/replicatedhq/kots/pkg/airgap/types"
 	downstreamtypes "github.com/replicatedhq/kots/pkg/api/downstream/types"
+	reportingtypes "github.com/replicatedhq/kots/pkg/api/reporting/types"
 	versiontypes "github.com/replicatedhq/kots/pkg/api/version/types"
 	apptypes "github.com/replicatedhq/kots/pkg/app/types"
 	appstatetypes "github.com/replicatedhq/kots/pkg/appstate/types"
@@ -188,7 +189,6 @@ type VersionStore interface {
 	GetAppVersion(appID string, sequence int64) (*versiontypes.AppVersion, error)
 	GetLatestAppSequence(appID string, downloadedOnly bool) (int64, error)
 	UpdateNextAppVersionDiffSummary(appID string, baseSequence int64) error
-	UpdateAppVersionInstallationSpec(appID string, sequence int64, spec kotsv1beta1.Installation) error
 	GetNextAppSequence(appID string) (int64, error)
 	GetCurrentUpdateCursor(appID string, channelID string) (string, error)
 	HasStrictPreflights(appID string, sequence int64) (bool, error)
@@ -201,7 +201,7 @@ type LicenseStore interface {
 	GetAllAppLicenses() ([]*kotsv1beta1.License, error)
 
 	// originalLicenseData is the data received from the replicated API that was never marshalled locally so all fields are intact
-	UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *kotsv1beta1.License, originalLicenseData string, channelChanged bool, failOnVersionCreate bool, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer) (int64, error)
+	UpdateAppLicense(appID string, sequence int64, archiveDir string, newLicense *kotsv1beta1.License, originalLicenseData string, channelChanged bool, failOnVersionCreate bool, gitops gitopstypes.DownstreamGitOps, renderer rendertypes.Renderer, reportingInfo *reportingtypes.ReportingInfo) (int64, error)
 	UpdateAppLicenseSyncNow(appID string) error
 }
 
diff --git a/pkg/tests/renderdir/renderdir_test.go b/pkg/tests/renderdir/renderdir_test.go
index 9e95b4a37f..3eb9d5ccb1 100644
--- a/pkg/tests/renderdir/renderdir_test.go
+++ b/pkg/tests/renderdir/renderdir_test.go
@@ -13,8 +13,6 @@ import (
 	cp "github.com/otiai10/copy"
 	"github.com/replicatedhq/kots/pkg/render"
 	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
-	"github.com/replicatedhq/kots/pkg/store"
-	mock_store "github.com/replicatedhq/kots/pkg/store/mock"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/stretchr/testify/assert"
@@ -36,12 +34,6 @@ func TestKotsRenderDir(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
 
-	mockStore := mock_store.NewMockStore(ctrl)
-	store.SetStore(mockStore)
-	defer store.SetStore(nil)
-
-	mockStore.EXPECT().UpdateAppVersionInstallationSpec(gomock.Any(), gomock.Any(), gomock.Any()).AnyTimes()
-
 	t.Setenv("USE_MOCK_REPORTING", "1")
 	defer os.Unsetenv("USE_MOCK_REPORTING")
 
diff --git a/pkg/upgradeservice/handlers/config.go b/pkg/upgradeservice/handlers/config.go
index 0f2f6b3ad4..c6922a119a 100644
--- a/pkg/upgradeservice/handlers/config.go
+++ b/pkg/upgradeservice/handlers/config.go
@@ -2,19 +2,29 @@ package handlers
 
 import (
 	"encoding/json"
+	"fmt"
 	"net/http"
+	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
+	downstreamtypes "github.com/replicatedhq/kots/pkg/api/downstream/types"
+	apptypes "github.com/replicatedhq/kots/pkg/app/types"
 	"github.com/replicatedhq/kots/pkg/config"
 	kotsconfig "github.com/replicatedhq/kots/pkg/config"
+	"github.com/replicatedhq/kots/pkg/kotsadmconfig"
 	configtypes "github.com/replicatedhq/kots/pkg/kotsadmconfig/types"
 	configvalidation "github.com/replicatedhq/kots/pkg/kotsadmconfig/validation"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/render"
+	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/template"
+	upgradepreflight "github.com/replicatedhq/kots/pkg/upgradeservice/preflight"
 	"github.com/replicatedhq/kots/pkg/util"
 	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/replicatedhq/kotskinds/multitype"
@@ -38,6 +48,17 @@ type LiveAppConfigResponse struct {
 	ValidationErrors []configtypes.ConfigGroupValidationError `json:"validationErrors,omitempty"`
 }
 
+type SaveAppConfigRequest struct {
+	ConfigGroups []kotsv1beta1.ConfigGroup `json:"configGroups"`
+}
+
+type SaveAppConfigResponse struct {
+	Success          bool                                     `json:"success"`
+	Error            string                                   `json:"error,omitempty"`
+	RequiredItems    []string                                 `json:"requiredItems,omitempty"`
+	ValidationErrors []configtypes.ConfigGroupValidationError `json:"validationErrors,omitempty"`
+}
+
 func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 	currentAppConfigResponse := CurrentAppConfigResponse{
 		Success: false,
@@ -254,3 +275,148 @@ func configValuesFromConfigGroups(configGroups []kotsv1beta1.ConfigGroup) map[st
 
 	return configValues
 }
+
+func (h *Handler) SaveAppConfig(w http.ResponseWriter, r *http.Request) {
+	saveAppConfigResponse := SaveAppConfigResponse{
+		Success: false,
+	}
+
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		saveAppConfigResponse.Error = "app slug does not match"
+		JSON(w, http.StatusForbidden, saveAppConfigResponse)
+		return
+	}
+
+	appLicense, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
+	if err != nil {
+		saveAppConfigResponse.Error = "failed to load license from bytes"
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	saveAppConfigRequest := SaveAppConfigRequest{}
+	if err := json.NewDecoder(r.Body).Decode(&saveAppConfigRequest); err != nil {
+		logger.Error(err)
+		saveAppConfigResponse.Error = "failed to decode request body"
+		JSON(w, http.StatusBadRequest, saveAppConfigResponse)
+		return
+	}
+
+	validationErrors, err := configvalidation.ValidateConfigSpec(kotsv1beta1.ConfigSpec{Groups: saveAppConfigRequest.ConfigGroups})
+	if err != nil {
+		saveAppConfigResponse.Error = "failed to validate config spec."
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	if len(validationErrors) > 0 {
+		saveAppConfigResponse.Error = "invalid config values"
+		saveAppConfigResponse.ValidationErrors = validationErrors
+		logger.Errorf("%v, validation errors: %+v", saveAppConfigResponse.Error, validationErrors)
+		JSON(w, http.StatusBadRequest, saveAppConfigResponse)
+		return
+	}
+
+	requiredItems, requiredItemsTitles := kotsadmconfig.GetMissingRequiredConfig(saveAppConfigRequest.ConfigGroups)
+	if len(requiredItems) > 0 {
+		saveAppConfigResponse.RequiredItems = requiredItems
+		saveAppConfigResponse.Error = fmt.Sprintf("The following fields are required: %s", strings.Join(requiredItemsTitles, ", "))
+		logger.Errorf("%v, required items: %+v", saveAppConfigResponse.Error, requiredItems)
+		JSON(w, http.StatusBadRequest, saveAppConfigResponse)
+		return
+	}
+
+	localRegistry := registrytypes.RegistrySettings{
+		Hostname:   params.RegistryEndpoint,
+		Username:   params.RegistryUsername,
+		Password:   params.RegistryPassword,
+		Namespace:  params.RegistryNamespace,
+		IsReadOnly: params.RegistryIsReadOnly,
+	}
+
+	app := &apptypes.App{
+		ID:       params.AppID,
+		Slug:     params.AppSlug,
+		IsAirgap: params.AppIsAirgap,
+		IsGitOps: params.AppIsGitOps,
+	}
+
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive)
+	if err != nil {
+		saveAppConfigResponse.Error = "failed to load kots kinds from path"
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	if kotsKinds.ConfigValues == nil {
+		err = errors.New("config values not found")
+		saveAppConfigResponse.Error = err.Error()
+		logger.Error(err)
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	values := kotsKinds.ConfigValues.Spec.Values
+	kotsKinds.ConfigValues.Spec.Values = kotsadmconfig.UpdateAppConfigValues(values, saveAppConfigRequest.ConfigGroups)
+
+	configValuesSpec, err := kotsKinds.Marshal("kots.io", "v1beta1", "ConfigValues")
+	if err != nil {
+		saveAppConfigResponse.Error = "failed to marshal config values"
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	if err := os.WriteFile(filepath.Join(params.BaseArchive, "upstream", "userdata", "config.yaml"), []byte(configValuesSpec), 0644); err != nil {
+		saveAppConfigResponse.Error = "failed to write config values"
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	err = render.RenderDir(rendertypes.RenderDirOptions{
+		ArchiveDir:       params.BaseArchive,
+		App:              app,
+		Downstreams:      []downstreamtypes.Downstream{{Name: "this-cluster"}},
+		RegistrySettings: localRegistry,
+		Sequence:         params.NextSequence,
+		ReportingInfo:    params.ReportingInfo,
+	})
+	if err != nil {
+		cause := errors.Cause(err)
+		if _, ok := cause.(util.ActionableError); ok {
+			saveAppConfigResponse.Error = err.Error()
+			JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+			return
+		} else {
+			saveAppConfigResponse.Error = "failed to render templates"
+			logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+			JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+			return
+		}
+	}
+
+	reportingFn := func() error {
+		if params.AppIsAirgap {
+			// TODO NOW: airgap reporting
+			return nil
+		}
+		return reporting.SendOnlineAppInfo(appLicense, params.ReportingInfo)
+	}
+
+	if err := upgradepreflight.Run(app, params.BaseArchive, int64(params.NextSequence), localRegistry, false, reportingFn); err != nil {
+		saveAppConfigResponse.Error = "failed to run preflights"
+		logger.Error(errors.Wrap(err, saveAppConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, saveAppConfigResponse)
+		return
+	}
+
+	saveAppConfigResponse.Success = true
+	JSON(w, http.StatusOK, saveAppConfigResponse)
+}
diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index 65437c0897..f8c71f81ef 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -32,6 +32,7 @@ func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 
 	subRouter.Path("/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
 	subRouter.Path("/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
+	subRouter.Path("/config").Methods("PUT").HandlerFunc(handler.SaveAppConfig)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgradeservice/handlers/interface.go b/pkg/upgradeservice/handlers/interface.go
index 7825aa6dff..8361cd9cd9 100644
--- a/pkg/upgradeservice/handlers/interface.go
+++ b/pkg/upgradeservice/handlers/interface.go
@@ -7,4 +7,5 @@ type UpgradeServiceHandler interface {
 
 	CurrentAppConfig(w http.ResponseWriter, r *http.Request)
 	LiveAppConfig(w http.ResponseWriter, r *http.Request)
+	SaveAppConfig(w http.ResponseWriter, r *http.Request)
 }
diff --git a/pkg/upgradeservice/preflight/preflight.go b/pkg/upgradeservice/preflight/preflight.go
new file mode 100644
index 0000000000..7428964192
--- /dev/null
+++ b/pkg/upgradeservice/preflight/preflight.go
@@ -0,0 +1,197 @@
+package preflight
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/pkg/errors"
+	apptypes "github.com/replicatedhq/kots/pkg/app/types"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
+	"github.com/replicatedhq/kots/pkg/logger"
+	preflightpkg "github.com/replicatedhq/kots/pkg/preflight"
+	"github.com/replicatedhq/kots/pkg/preflight/types"
+	"github.com/replicatedhq/kots/pkg/registry"
+	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/render"
+	rendertypes "github.com/replicatedhq/kots/pkg/render/types"
+	"github.com/replicatedhq/kots/pkg/util"
+	troubleshootanalyze "github.com/replicatedhq/troubleshoot/pkg/analyze"
+	troubleshootv1beta2 "github.com/replicatedhq/troubleshoot/pkg/apis/troubleshoot/v1beta2"
+	troubleshootpreflight "github.com/replicatedhq/troubleshoot/pkg/preflight"
+	"go.uber.org/zap"
+)
+
+type PreflightData struct {
+	Progress map[string]interface{}  `json:"progress"`
+	Results  *types.PreflightResults `json:"results"`
+}
+
+var PreflightDataFilepath string
+
+func init() {
+	tmpDir, err := os.MkdirTemp("", "preflights")
+	if err != nil {
+		panic(errors.Wrap(err, "failed to create preflights data dir"))
+	}
+	PreflightDataFilepath = filepath.Join(tmpDir, "preflights.json")
+}
+
+func Run(app *apptypes.App, archiveDir string, sequence int64, registrySettings registrytypes.RegistrySettings, ignoreRBAC bool, reportingFn func() error) error {
+	kotsKinds, err := kotsutil.LoadKotsKinds(archiveDir)
+	if err != nil {
+		return errors.Wrap(err, "failed to load rendered kots kinds")
+	}
+
+	tsKinds, err := kotsutil.LoadTSKindsFromPath(filepath.Join(archiveDir, "rendered"))
+	if err != nil {
+		return errors.Wrap(err, fmt.Sprintf("failed to load troubleshoot kinds from path: %s", filepath.Join(archiveDir, "rendered")))
+	}
+
+	var preflight *troubleshootv1beta2.Preflight
+	if tsKinds.PreflightsV1Beta2 != nil {
+		for _, v := range tsKinds.PreflightsV1Beta2 {
+			preflight = troubleshootpreflight.ConcatPreflightSpec(preflight, &v)
+		}
+	} else if kotsKinds.Preflight != nil {
+		renderedMarshalledPreflights, err := kotsKinds.Marshal("troubleshoot.replicated.com", "v1beta1", "Preflight")
+		if err != nil {
+			return errors.Wrap(err, "failed to marshal rendered preflight")
+		}
+		renderedPreflight, err := render.RenderFile(rendertypes.RenderFileOptions{
+			KotsKinds:        kotsKinds,
+			RegistrySettings: registrySettings,
+			AppSlug:          app.Slug,
+			Sequence:         sequence,
+			IsAirgap:         app.IsAirgap,
+			Namespace:        util.PodNamespace,
+			InputContent:     []byte(renderedMarshalledPreflights),
+		})
+		if err != nil {
+			return errors.Wrap(err, "failed to render preflights")
+		}
+		preflight, err = kotsutil.LoadPreflightFromContents(renderedPreflight)
+		if err != nil {
+			return errors.Wrap(err, "failed to load rendered preflight")
+		}
+	}
+
+	if preflight == nil {
+		logger.Info("no preflight spec found, not running preflights")
+		return nil
+	}
+
+	preflightpkg.InjectDefaultPreflights(preflight, kotsKinds, registrySettings)
+
+	numAnalyzers := 0
+	for _, analyzer := range preflight.Spec.Analyzers {
+		exclude := troubleshootanalyze.GetExcludeFlag(analyzer).BoolOrDefaultFalse()
+		if !exclude {
+			numAnalyzers += 1
+		}
+	}
+	if numAnalyzers == 0 {
+		logger.Info("no analyzers found, not running preflights")
+		return nil
+	}
+
+	var preflightErr error
+	defer func() {
+		if preflightErr != nil {
+			preflightResults := &types.PreflightResults{
+				Errors: []*types.PreflightError{
+					&types.PreflightError{
+						Error:  preflightErr.Error(),
+						IsRBAC: false,
+					},
+				},
+			}
+			if err := setPreflightResults(preflightResults); err != nil {
+				logger.Error(errors.Wrap(err, "failed to set preflight results"))
+				return
+			}
+		}
+	}()
+
+	collectors, err := registry.UpdateCollectorSpecsWithRegistryData(preflight.Spec.Collectors, registrySettings, kotsKinds.Installation, kotsKinds.License, &kotsKinds.KotsApplication)
+	if err != nil {
+		preflightErr = errors.Wrap(err, "failed to rewrite images in preflight")
+		return preflightErr
+	}
+	preflight.Spec.Collectors = collectors
+
+	go func() {
+		logger.Info("preflight checks beginning",
+			zap.String("appID", app.ID),
+			zap.Int64("sequence", sequence))
+
+		_, err := preflightpkg.Execute(preflight, ignoreRBAC, setPreflightProgress, setPreflightResults)
+		if err != nil {
+			logger.Error(errors.Wrap(err, "failed to run preflight checks"))
+			return
+		}
+
+		go func() {
+			if err := reportingFn(); err != nil {
+				logger.Debugf("failed to report app info: %v", err)
+			}
+		}()
+	}()
+
+	return nil
+}
+
+func setPreflightResults(results *types.PreflightResults) error {
+	preflightData, err := getPreflightData()
+	if err != nil {
+		return errors.Wrap(err, "failed to get preflight data")
+	}
+	preflightData.Results = results
+	if err := setPreflightData(preflightData); err != nil {
+		return errors.Wrap(err, "failed to set preflight results")
+	}
+	return nil
+}
+
+func setPreflightProgress(progress map[string]interface{}) error {
+	preflightData, err := getPreflightData()
+	if err != nil {
+		return errors.Wrap(err, "failed to get preflight data")
+	}
+	preflightData.Progress = progress
+	if err := setPreflightData(preflightData); err != nil {
+		return errors.Wrap(err, "failed to set preflight progress")
+	}
+	return nil
+}
+
+func getPreflightData() (*PreflightData, error) {
+	var preflightData *PreflightData
+	if _, err := os.Stat(PreflightDataFilepath); err != nil {
+		if !os.IsNotExist(err) {
+			return nil, errors.Wrap(err, "failed to stat existing preflight data")
+		}
+		preflightData = &PreflightData{}
+	} else {
+		existingBytes, err := os.ReadFile(PreflightDataFilepath)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to read existing preflight data")
+		}
+		if err := json.Unmarshal(existingBytes, &preflightData); err != nil {
+			return nil, errors.Wrap(err, "failed to unmarshal existing preflight data")
+		}
+	}
+	return preflightData, nil
+}
+
+func setPreflightData(preflightData *PreflightData) error {
+	b, err := json.Marshal(preflightData)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal preflight data")
+	}
+	if err := os.WriteFile(PreflightDataFilepath, b, 0644); err != nil {
+		return errors.Wrap(err, "failed to write preflight data")
+	}
+	return nil
+}

From 120426c01b26db9de316d17c78ee042d52616bbd Mon Sep 17 00:00:00 2001
From: Salah Al Saleh <sg.alsaleh@gmail.com>
Date: Sat, 15 Jun 2024 00:10:29 +0000
Subject: [PATCH 28/33] check if license id changed

---
 pkg/handlers/upgrade_service.go               | 110 +++++++++++-------
 pkg/updatechecker/types/types.go              |   2 +-
 pkg/upgradeservice/types/types.go             |   7 +-
 web/src/components/apps/AppVersionHistory.tsx |   4 +-
 4 files changed, 74 insertions(+), 49 deletions(-)

diff --git a/pkg/handlers/upgrade_service.go b/pkg/handlers/upgrade_service.go
index 0c7c02abba..5227f04168 100644
--- a/pkg/handlers/upgrade_service.go
+++ b/pkg/handlers/upgrade_service.go
@@ -6,8 +6,10 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
+	apptypes "github.com/replicatedhq/kots/pkg/app/types"
 	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
+	"github.com/replicatedhq/kots/pkg/replicatedapp"
 	"github.com/replicatedhq/kots/pkg/reporting"
 	"github.com/replicatedhq/kots/pkg/store"
 	"github.com/replicatedhq/kots/pkg/updatechecker"
@@ -16,9 +18,9 @@ import (
 )
 
 type StartUpgradeServiceRequest struct {
-	KOTSVersion  string `json:"kotsVersion"`
 	VersionLabel string `json:"versionLabel"`
 	UpdateCursor string `json:"updateCursor"`
+	ChannelID    string `json:"channelId"`
 }
 
 type StartUpgradeServiceResponse struct {
@@ -49,71 +51,103 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	license, err := kotsutil.LoadLicenseFromBytes([]byte(foundApp.License))
+	canStart, reason, err := canStartUpgradeService(foundApp, request)
 	if err != nil {
-		response.Error = "failed to parse app license"
+		response.Error = "failed to check if upgrade service can start"
 		logger.Error(errors.Wrap(err, response.Error))
 		JSON(w, http.StatusInternalServerError, response)
 		return
 	}
+	if !canStart {
+		response.Error = reason
+		logger.Error(errors.New(response.Error))
+		JSON(w, http.StatusBadRequest, response)
+		return
+	}
 
-	updates, err := updatechecker.GetAvailableUpdates(store.GetStore(), foundApp, license)
+	params, err := getUpgradeServiceParams(foundApp, request)
 	if err != nil {
-		response.Error = "failed to get available updates"
+		response.Error = err.Error()
+		logger.Error(errors.Wrap(err, response.Error))
+		JSON(w, http.StatusInternalServerError, response)
+		return
+	}
+
+	if err := upgradeservice.Start(*params); err != nil {
+		response.Error = "failed to start upgrade service"
 		logger.Error(errors.Wrap(err, response.Error))
 		JSON(w, http.StatusInternalServerError, response)
 		return
 	}
 
+	response.Success = true
+
+	JSON(w, http.StatusOK, response)
+}
+
+func canStartUpgradeService(a *apptypes.App, r StartUpgradeServiceRequest) (bool, string, error) {
+	currLicense, err := kotsutil.LoadLicenseFromBytes([]byte(a.License))
+	if err != nil {
+		return false, "", errors.Wrap(err, "failed to parse app license")
+	}
+	ll, err := replicatedapp.GetLatestLicense(currLicense)
+	if err != nil {
+		return false, "", errors.Wrap(err, "failed to get latest license")
+	}
+	if currLicense.Spec.ChannelID != ll.License.Spec.ChannelID || r.ChannelID != ll.License.Spec.ChannelID {
+		return false, "license channel has changed, please sync the license", nil
+	}
+
+	updates, err := updatechecker.GetAvailableUpdates(store.GetStore(), a, currLicense)
+	if err != nil {
+		return false, "", errors.Wrap(err, "failed to get available updates")
+	}
+
 	isDeployable, nonDeployableCause := false, "update not found"
 	for _, u := range updates {
-		if u.UpdateCursor == request.UpdateCursor {
+		if u.UpdateCursor == r.UpdateCursor {
 			isDeployable, nonDeployableCause = u.IsDeployable, u.NonDeployableCause
 			break
 		}
 	}
 	if !isDeployable {
-		response.Error = nonDeployableCause
-		JSON(w, http.StatusBadRequest, response)
-		return
+		return false, nonDeployableCause, nil
 	}
 
-	registrySettings, err := store.GetStore().GetRegistryDetailsForApp(foundApp.ID)
+	return true, "", nil
+}
+
+func getUpgradeServiceParams(a *apptypes.App, r StartUpgradeServiceRequest) (*upgradeservicetypes.UpgradeServiceParams, error) {
+	registrySettings, err := store.GetStore().GetRegistryDetailsForApp(a.ID)
 	if err != nil {
-		response.Error = "failed to get registry details for app"
-		logger.Error(errors.Wrap(err, response.Error))
-		JSON(w, http.StatusInternalServerError, response)
-		return
+		return nil, errors.Wrap(err, "failed to get registry details for app")
 	}
 
-	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(foundApp.ID, request.VersionLabel)
+	baseArchive, baseSequence, err := store.GetStore().GetAppVersionBaseArchive(a.ID, r.VersionLabel)
 	if err != nil {
-		response.Error = "failed to get app version base archive"
-		logger.Error(errors.Wrap(err, response.Error))
-		JSON(w, http.StatusInternalServerError, response)
-		return
+		return nil, errors.Wrap(err, "failed to get app version base archive")
 	}
 
-	nextSequence, err := store.GetStore().GetNextAppSequence(foundApp.ID)
+	nextSequence, err := store.GetStore().GetNextAppSequence(a.ID)
 	if err != nil {
-		response.Error = "failed to get next app sequence"
-		logger.Error(errors.Wrap(err, response.Error))
-		JSON(w, http.StatusInternalServerError, response)
-		return
+		return nil, errors.Wrap(err, "failed to get next app sequence")
 	}
 
-	err = upgradeservice.Start(upgradeservicetypes.UpgradeServiceParams{
-		AppID:       foundApp.ID,
-		AppSlug:     foundApp.Slug,
-		AppIsAirgap: foundApp.IsAirgap,
-		AppIsGitOps: foundApp.IsGitOps,
-		AppLicense:  foundApp.License,
+	return &upgradeservicetypes.UpgradeServiceParams{
+		AppID:       a.ID,
+		AppSlug:     a.Slug,
+		AppName:     a.Name,
+		AppIsAirgap: a.IsAirgap,
+		AppIsGitOps: a.IsGitOps,
+		AppLicense:  a.License,
 
 		BaseArchive:  baseArchive,
 		BaseSequence: baseSequence,
 		NextSequence: nextSequence,
 
-		UpdateCursor: request.UpdateCursor,
+		UpdateVersionLabel: r.VersionLabel,
+		UpdateCursor:       r.UpdateCursor,
+		UpdateChannelID:    r.ChannelID,
 
 		RegistryEndpoint:   registrySettings.Hostname,
 		RegistryUsername:   registrySettings.Username,
@@ -121,16 +155,6 @@ func (h *Handler) StartUpgradeService(w http.ResponseWriter, r *http.Request) {
 		RegistryNamespace:  registrySettings.Namespace,
 		RegistryIsReadOnly: registrySettings.IsReadOnly,
 
-		ReportingInfo: reporting.GetReportingInfo(foundApp.ID),
-	})
-	if err != nil {
-		response.Error = "failed to start upgrade service"
-		logger.Error(errors.Wrap(err, response.Error))
-		JSON(w, http.StatusInternalServerError, response)
-		return
-	}
-
-	response.Success = true
-
-	JSON(w, http.StatusOK, response)
+		ReportingInfo: reporting.GetReportingInfo(a.ID),
+	}, nil
 }
diff --git a/pkg/updatechecker/types/types.go b/pkg/updatechecker/types/types.go
index b1f9563e97..c260b07d00 100644
--- a/pkg/updatechecker/types/types.go
+++ b/pkg/updatechecker/types/types.go
@@ -28,7 +28,7 @@ type UpdateCheckRelease struct {
 type AvailableUpdate struct {
 	VersionLabel       string     `json:"versionLabel"`
 	UpdateCursor       string     `json:"updateCursor"`
-	ChannelID          string     `json:"channelId,omitempty"`
+	ChannelID          string     `json:"channelId"`
 	IsRequired         bool       `json:"isRequired"`
 	UpstreamReleasedAt *time.Time `json:"upstreamReleasedAt,omitempty"`
 	ReleaseNotes       string     `json:"releaseNotes,omitempty"`
diff --git a/pkg/upgradeservice/types/types.go b/pkg/upgradeservice/types/types.go
index 96786d2506..fe8f5e6d0d 100644
--- a/pkg/upgradeservice/types/types.go
+++ b/pkg/upgradeservice/types/types.go
@@ -7,8 +7,9 @@ import (
 type UpgradeServiceParams struct {
 	Port string `yaml:"port"`
 
-	AppID       string `yaml:"appID"`
+	AppID       string `yaml:"appId"`
 	AppSlug     string `yaml:"appSlug"`
+	AppName     string `yaml:"appName"`
 	AppIsAirgap bool   `yaml:"appIsAirgap"`
 	AppIsGitOps bool   `yaml:"appIsGitOps"`
 	AppLicense  string `yaml:"appLicense"`
@@ -17,7 +18,9 @@ type UpgradeServiceParams struct {
 	BaseSequence int64  `yaml:"baseSequence"`
 	NextSequence int64  `yaml:"nextSequence"`
 
-	UpdateCursor string `yaml:"updateCursor"`
+	UpdateVersionLabel string `yaml:"updateVersionLabel"`
+	UpdateCursor       string `yaml:"updateCursor"`
+	UpdateChannelID    string `yaml:"updateChannelID"`
 
 	RegistryEndpoint   string `yaml:"registryEndpoint"`
 	RegistryUsername   string `yaml:"registryUsername"`
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index e9f8884fac..b708e9c5cb 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -1402,11 +1402,9 @@ class AppVersionHistory extends Component<Props, State> {
         Accept: "application/json",
       },
       body: JSON.stringify({
-        // not used// doesn't matter right now
-        kotsVersion: "v1.109.3",
         versionLabel: version.versionLabel,
-        // channel sequence
         updateCursor: version.updateCursor,
+        channelId: version.channelId,
       }),
       credentials: "include",
       method: "POST",

From 289b309345616ccec434e5c2398f3d77ee13ba17 Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Mon, 17 Jun 2024 10:30:00 -0400
Subject: [PATCH 29/33] download config file (#4691)

---
 pkg/upgradeservice/handlers/config.go         | 64 +++++++++++++++++++
 pkg/upgradeservice/handlers/handlers.go       |  1 +
 pkg/upgradeservice/handlers/interface.go      |  1 +
 web/src/components/AppConfigRenderer.jsx      |  7 ++
 web/src/components/apps/AppVersionHistory.tsx |  4 +-
 .../config_render/ConfigFileInput.jsx         | 32 +---------
 .../components/config_render/ConfigGroup.jsx  |  7 ++
 .../components/config_render/ConfigGroups.jsx |  9 +++
 .../components/config_render/ConfigRender.jsx |  7 ++
 .../components/upgrade_service/AppConfig.tsx  | 32 +++++++++-
 .../AppConfig/components/AppConfig.tsx        | 32 ++++++++++
 11 files changed, 161 insertions(+), 35 deletions(-)

diff --git a/pkg/upgradeservice/handlers/config.go b/pkg/upgradeservice/handlers/config.go
index c6922a119a..da901e4c79 100644
--- a/pkg/upgradeservice/handlers/config.go
+++ b/pkg/upgradeservice/handlers/config.go
@@ -1,11 +1,13 @@
 package handlers
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/gorilla/mux"
@@ -59,6 +61,11 @@ type SaveAppConfigResponse struct {
 	ValidationErrors []configtypes.ConfigGroupValidationError `json:"validationErrors,omitempty"`
 }
 
+type DownloadFileFromConfigResponse struct {
+	Success bool   `json:"success"`
+	Error   string `json:"error,omitempty"`
+}
+
 func (h *Handler) CurrentAppConfig(w http.ResponseWriter, r *http.Request) {
 	currentAppConfigResponse := CurrentAppConfigResponse{
 		Success: false,
@@ -420,3 +427,60 @@ func (h *Handler) SaveAppConfig(w http.ResponseWriter, r *http.Request) {
 	saveAppConfigResponse.Success = true
 	JSON(w, http.StatusOK, saveAppConfigResponse)
 }
+
+func (h *Handler) DownloadFileFromConfig(w http.ResponseWriter, r *http.Request) {
+	downloadFileFromConfigResponse := DownloadFileFromConfigResponse{
+		Success: false,
+	}
+
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		downloadFileFromConfigResponse.Error = "app slug does not match"
+		JSON(w, http.StatusForbidden, downloadFileFromConfigResponse)
+		return
+	}
+
+	filename := mux.Vars(r)["filename"]
+	if filename == "" {
+		logger.Error(errors.New("filename parameter is empty"))
+		downloadFileFromConfigResponse.Error = "failed to parse filename, parameter was empty"
+		JSON(w, http.StatusInternalServerError, downloadFileFromConfigResponse)
+		return
+	}
+
+	kotsKinds, err := kotsutil.LoadKotsKinds(params.BaseArchive)
+	if err != nil {
+		downloadFileFromConfigResponse.Error = "failed to load kots kinds from path"
+		logger.Error(errors.Wrap(err, downloadFileFromConfigResponse.Error))
+		JSON(w, http.StatusInternalServerError, downloadFileFromConfigResponse)
+		return
+	}
+
+	var configValue *string
+	for _, v := range kotsKinds.ConfigValues.Spec.Values {
+		if v.Filename == filename {
+			configValue = &v.Value
+			break
+		}
+	}
+	if configValue == nil {
+		logger.Error(errors.New("could not find requested file"))
+		downloadFileFromConfigResponse.Error = "could not find requested file"
+		JSON(w, http.StatusInternalServerError, downloadFileFromConfigResponse)
+		return
+	}
+
+	decoded, err := base64.StdEncoding.DecodeString(*configValue)
+	if err != nil {
+		logger.Error(err)
+		downloadFileFromConfigResponse.Error = "failed to decode config value"
+		JSON(w, http.StatusInternalServerError, downloadFileFromConfigResponse)
+	}
+	w.Header().Set("Content-Type", "application/octet-stream")
+	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s", filename))
+	w.Header().Set("Content-Length", strconv.Itoa(len(decoded)))
+	w.WriteHeader(http.StatusOK)
+	w.Write(decoded)
+}
diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index f8c71f81ef..4a98a28d62 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -33,6 +33,7 @@ func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 	subRouter.Path("/config").Methods("GET").HandlerFunc(handler.CurrentAppConfig)
 	subRouter.Path("/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 	subRouter.Path("/config").Methods("PUT").HandlerFunc(handler.SaveAppConfig)
+	subRouter.Path("/config/{filename}/download").Methods("GET").HandlerFunc(handler.DownloadFileFromConfig)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgradeservice/handlers/interface.go b/pkg/upgradeservice/handlers/interface.go
index 8361cd9cd9..6bcb314e17 100644
--- a/pkg/upgradeservice/handlers/interface.go
+++ b/pkg/upgradeservice/handlers/interface.go
@@ -8,4 +8,5 @@ type UpgradeServiceHandler interface {
 	CurrentAppConfig(w http.ResponseWriter, r *http.Request)
 	LiveAppConfig(w http.ResponseWriter, r *http.Request)
 	SaveAppConfig(w http.ResponseWriter, r *http.Request)
+	DownloadFileFromConfig(w http.ResponseWriter, r *http.Request)
 }
diff --git a/web/src/components/AppConfigRenderer.jsx b/web/src/components/AppConfigRenderer.jsx
index 73073e968a..7d695accb8 100644
--- a/web/src/components/AppConfigRenderer.jsx
+++ b/web/src/components/AppConfigRenderer.jsx
@@ -10,6 +10,7 @@ export class AppConfigRenderer extends Component {
     groups: PropTypes.array.isRequired, // Config groups items to render
     handleChange: PropTypes.func,
     getData: PropTypes.func,
+    handleDownloadFile: PropTypes.func,
   };
 
   static defaultProps = {
@@ -44,6 +45,12 @@ export class AppConfigRenderer extends Component {
               return;
             })
           }
+          handleDownloadFile={
+            this.props.handleDownloadFile ||
+            (() => {
+              return;
+            })
+          }
           readonly={readonly}
           configSequence={this.props.configSequence}
           appSlug={this.props.appSlug}
diff --git a/web/src/components/apps/AppVersionHistory.tsx b/web/src/components/apps/AppVersionHistory.tsx
index b708e9c5cb..ccf3fdd07a 100644
--- a/web/src/components/apps/AppVersionHistory.tsx
+++ b/web/src/components/apps/AppVersionHistory.tsx
@@ -1481,9 +1481,7 @@ class AppVersionHistory extends Component<Props, State> {
         <AppVersionHistoryRow
           navigate={this.props.navigate}
           adminConsoleMetadata={this.props.outletContext.adminConsoleMetadata}
-          isEmbeddedCluster={
-            this.props.outletContext.isEmbeddedCluster
-          }
+          isEmbeddedCluster={this.props.outletContext.isEmbeddedCluster}
           deployVersion={this.deployVersion}
           downloadVersion={this.downloadVersion}
           gitopsEnabled={gitopsIsConnected}
diff --git a/web/src/components/config_render/ConfigFileInput.jsx b/web/src/components/config_render/ConfigFileInput.jsx
index 4482764629..dffa86219f 100644
--- a/web/src/components/config_render/ConfigFileInput.jsx
+++ b/web/src/components/config_render/ConfigFileInput.jsx
@@ -28,36 +28,6 @@ export default class ConfigFileInput extends Component {
     }
   };
 
-  handleDownloadFile = async (fileName) => {
-    // TODO NOW: download from upgrade service if rendered in upgrade service and use a different sequence!
-    const url = `${process.env.API_ENDPOINT}/app/${this.props.appSlug}/config/${this.props.configSequence}/${fileName}/download`;
-    fetch(url, {
-      method: "GET",
-      headers: {
-        "Content-Type": "application/octet-stream",
-      },
-      credentials: "include",
-    })
-      .then((response) => {
-        if (!response.ok) {
-          throw Error(response.statusText); // TODO: handle error
-        }
-        return response.blob();
-      })
-      .then((blob) => {
-        const downloadURL = window.URL.createObjectURL(new Blob([blob]));
-        const link = document.createElement("a");
-        link.href = downloadURL;
-        link.setAttribute("download", fileName);
-        document.body.appendChild(link);
-        link.click();
-        link.parentNode.removeChild(link);
-      })
-      .catch(function (error) {
-        console.log(error); // TODO handle error
-      });
-  };
-
   getFilenamesText = () => {
     if (this.props.repeatable) {
       if (
@@ -128,7 +98,7 @@ export default class ConfigFileInput extends Component {
                   this.props.handleRemoveItem(itemName, itemToRemove)
                 }
                 handleDownloadFile={(fileName) =>
-                  this.handleDownloadFile(fileName)
+                  this.props.handleDownloadFile(fileName)
                 }
               />
             </span>
diff --git a/web/src/components/config_render/ConfigGroup.jsx b/web/src/components/config_render/ConfigGroup.jsx
index 352a05e9e9..534d97cae4 100644
--- a/web/src/components/config_render/ConfigGroup.jsx
+++ b/web/src/components/config_render/ConfigGroup.jsx
@@ -35,6 +35,12 @@ const ConfigGroup = (props) => {
     }
   };
 
+  const handleDownloadFile = (itemName) => {
+    if (props.handleDownloadFile) {
+      props.handleDownloadFile(itemName);
+    }
+  };
+
   const renderConfigItems = (items, readonly) => {
     if (!items) {
       return null;
@@ -132,6 +138,7 @@ const ConfigGroup = (props) => {
                 required={item.required}
                 handleChange={handleItemChange}
                 handleRemoveItem={handleRemoveItem}
+                handleDownloadFile={handleDownloadFile}
                 hidden={item.hidden}
                 when={item.when}
                 configSequence={props.configSequence}
diff --git a/web/src/components/config_render/ConfigGroups.jsx b/web/src/components/config_render/ConfigGroups.jsx
index d0c8c7059e..dc63403d3c 100644
--- a/web/src/components/config_render/ConfigGroups.jsx
+++ b/web/src/components/config_render/ConfigGroups.jsx
@@ -20,6 +20,12 @@ export default class ConfigGroups extends Component {
     }
   };
 
+  handleDownloadFile = (filename) => {
+    if (this.props.handleDownloadFile) {
+      this.props.handleDownloadFile(filename);
+    }
+  };
+
   render() {
     const { fieldsList, fields, readonly } = this.props;
     return (
@@ -39,6 +45,9 @@ export default class ConfigGroups extends Component {
               handleChange={(itemName, value, data) =>
                 this.handleGroupChange(fieldName, itemName, value, data)
               }
+              handleDownloadFile={(filename) =>
+                this.handleDownloadFile(filename)
+              }
               readonly={readonly}
               configSequence={this.props.configSequence}
               appSlug={this.props.appSlug}
diff --git a/web/src/components/config_render/ConfigRender.jsx b/web/src/components/config_render/ConfigRender.jsx
index 65bed6fb60..7e54ca4167 100644
--- a/web/src/components/config_render/ConfigRender.jsx
+++ b/web/src/components/config_render/ConfigRender.jsx
@@ -125,6 +125,12 @@ export default class ConfigRender extends Component {
     this.triggerChange(groups);
   };
 
+  handleDownloadFile = (filename) => {
+    if (this.props.handleDownloadFile) {
+      this.props.handleDownloadFile(filename);
+    }
+  };
+
   componentDidUpdate(lastProps) {
     if (this.props.fields !== lastProps.fields) {
       this.setState({
@@ -147,6 +153,7 @@ export default class ConfigRender extends Component {
           handleChange={this.handleGroupsChange}
           handleAddItem={this.handleAddItem}
           handleRemoveItem={this.handleRemoveItem}
+          handleDownloadFile={this.handleDownloadFile}
           readonly={readonly}
           configSequence={this.props.configSequence}
           appSlug={this.props.appSlug}
diff --git a/web/src/components/upgrade_service/AppConfig.tsx b/web/src/components/upgrade_service/AppConfig.tsx
index d58d3fb9e2..ceb6eac62a 100644
--- a/web/src/components/upgrade_service/AppConfig.tsx
+++ b/web/src/components/upgrade_service/AppConfig.tsx
@@ -412,6 +412,36 @@ class AppConfig extends Component<Props, State> {
       });
   };
 
+  handleDownloadFile = async (fileName: string) => {
+    const { slug } = this.props.params;
+    const url = `${process.env.API_ENDPOINT}/upgrade-service/app/${slug}/config/${fileName}/download${window.location.search}`;
+    fetch(url, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/octet-stream",
+      },
+      credentials: "include",
+    })
+      .then((response) => {
+        if (!response.ok) {
+          throw Error(response.statusText); // TODO: handle error
+        }
+        return response.blob();
+      })
+      .then((blob) => {
+        const downloadURL = window.URL.createObjectURL(new Blob([blob]));
+        const link = document.createElement("a");
+        link.href = downloadURL;
+        link.setAttribute("download", fileName);
+        document.body.appendChild(link);
+        link.click();
+        link.parentNode?.removeChild(link);
+      })
+      .catch(function (error) {
+        console.log(error); // TODO handle error
+      });
+  };
+
   toggleActiveGroups = (name: string) => {
     let groupsArr = this.state.activeGroups;
     if (groupsArr.includes(name)) {
@@ -584,7 +614,7 @@ class AppConfig extends Component<Props, State> {
                   <AppConfigRenderer
                     groups={configGroups}
                     getData={this.handleConfigChange}
-                    // configSequence={params.sequence}
+                    handleDownloadFile={this.handleDownloadFile}
                     appSlug={params.slug}
                   />
                 </div>
diff --git a/web/src/features/AppConfig/components/AppConfig.tsx b/web/src/features/AppConfig/components/AppConfig.tsx
index 6e9b5cff3a..838eba4396 100644
--- a/web/src/features/AppConfig/components/AppConfig.tsx
+++ b/web/src/features/AppConfig/components/AppConfig.tsx
@@ -601,6 +601,37 @@ class AppConfig extends Component<Props, State> {
       });
   };
 
+  handleDownloadFile = async (fileName: string) => {
+    const sequence = this.getSequence();
+    const { slug } = this.props.params;
+    const url = `${process.env.API_ENDPOINT}/app/${slug}/config/${sequence}/${fileName}/download`;
+    fetch(url, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/octet-stream",
+      },
+      credentials: "include",
+    })
+      .then((response) => {
+        if (!response.ok) {
+          throw Error(response.statusText); // TODO: handle error
+        }
+        return response.blob();
+      })
+      .then((blob) => {
+        const downloadURL = window.URL.createObjectURL(new Blob([blob]));
+        const link = document.createElement("a");
+        link.href = downloadURL;
+        link.setAttribute("download", fileName);
+        document.body.appendChild(link);
+        link.click();
+        link.parentNode?.removeChild(link);
+      })
+      .catch(function (error) {
+        console.log(error); // TODO handle error
+      });
+  };
+
   hideNextStepModal = () => {
     this.setState({ showNextStepModal: false });
   };
@@ -828,6 +859,7 @@ class AppConfig extends Component<Props, State> {
                   <AppConfigRenderer
                     groups={configGroups}
                     getData={this.handleConfigChange}
+                    handleDownloadFile={this.handleDownloadFile}
                     readonly={this.isConfigReadOnly(app)}
                     configSequence={params.sequence}
                     appSlug={app.slug}

From ae26b691f2ccdcfb496de7ad23bf98fa63cfb7ab Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Mon, 17 Jun 2024 18:59:21 +0000
Subject: [PATCH 30/33] get preflight result endpoint

---
 pkg/upgradeservice/handlers/handlers.go   |  3 ++
 pkg/upgradeservice/handlers/interface.go  |  2 +
 pkg/upgradeservice/handlers/preflight.go  | 40 +++++++++++++++++
 pkg/upgradeservice/preflight/preflight.go | 53 ++++++++++++++++++-----
 4 files changed, 88 insertions(+), 10 deletions(-)
 create mode 100644 pkg/upgradeservice/handlers/preflight.go

diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index 4a98a28d62..24297a9e48 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -34,6 +34,9 @@ func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 	subRouter.Path("/liveconfig").Methods("POST").HandlerFunc(handler.LiveAppConfig)
 	subRouter.Path("/config").Methods("PUT").HandlerFunc(handler.SaveAppConfig)
 	subRouter.Path("/config/{filename}/download").Methods("GET").HandlerFunc(handler.DownloadFileFromConfig)
+
+	// TODO: subRouter.Path("/preflight/run").Methods("POST").HandlerFunc(handler.StartPreflightChecks)
+	subRouter.Path("/preflight/result").Methods("GET").HandlerFunc(handler.GetPreflightResult)
 }
 
 func JSON(w http.ResponseWriter, code int, payload interface{}) {
diff --git a/pkg/upgradeservice/handlers/interface.go b/pkg/upgradeservice/handlers/interface.go
index 6bcb314e17..9963ca92b3 100644
--- a/pkg/upgradeservice/handlers/interface.go
+++ b/pkg/upgradeservice/handlers/interface.go
@@ -9,4 +9,6 @@ type UpgradeServiceHandler interface {
 	LiveAppConfig(w http.ResponseWriter, r *http.Request)
 	SaveAppConfig(w http.ResponseWriter, r *http.Request)
 	DownloadFileFromConfig(w http.ResponseWriter, r *http.Request)
+
+	GetPreflightResult(w http.ResponseWriter, r *http.Request)
 }
diff --git a/pkg/upgradeservice/handlers/preflight.go b/pkg/upgradeservice/handlers/preflight.go
new file mode 100644
index 0000000000..d85c121efe
--- /dev/null
+++ b/pkg/upgradeservice/handlers/preflight.go
@@ -0,0 +1,40 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
+	"github.com/replicatedhq/kots/pkg/logger"
+	preflighttypes "github.com/replicatedhq/kots/pkg/preflight/types"
+	upgradepreflight "github.com/replicatedhq/kots/pkg/upgradeservice/preflight"
+)
+
+type GetPreflightResultResponse struct {
+	PreflightProgress string                         `json:"preflightProgress,omitempty"`
+	PreflightResult   preflighttypes.PreflightResult `json:"preflightResult"`
+}
+
+func (h *Handler) GetPreflightResult(w http.ResponseWriter, r *http.Request) {
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		logger.Error(errors.Errorf("app slug in path %s does not match app slug in context %s", appSlug, params.AppSlug))
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+
+	preflightData, err := upgradepreflight.GetPreflightData()
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to get preflight data"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	response := GetPreflightResultResponse{
+		PreflightResult:   *preflightData.Result,
+		PreflightProgress: preflightData.Progress,
+	}
+	JSON(w, 200, response)
+}
diff --git a/pkg/upgradeservice/preflight/preflight.go b/pkg/upgradeservice/preflight/preflight.go
index 7428964192..502217b0da 100644
--- a/pkg/upgradeservice/preflight/preflight.go
+++ b/pkg/upgradeservice/preflight/preflight.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"time"
 
 	"github.com/pkg/errors"
 	apptypes "github.com/replicatedhq/kots/pkg/app/types"
@@ -24,8 +25,8 @@ import (
 )
 
 type PreflightData struct {
-	Progress map[string]interface{}  `json:"progress"`
-	Results  *types.PreflightResults `json:"results"`
+	Progress string                 `json:"progress,omitempty"`
+	Result   *types.PreflightResult `json:"result"`
 }
 
 var PreflightDataFilepath string
@@ -107,7 +108,7 @@ func Run(app *apptypes.App, archiveDir string, sequence int64, registrySettings
 					},
 				},
 			}
-			if err := setPreflightResults(preflightResults); err != nil {
+			if err := setPreflightResults(app.Slug, preflightResults); err != nil {
 				logger.Error(errors.Wrap(err, "failed to set preflight results"))
 				return
 			}
@@ -126,7 +127,11 @@ func Run(app *apptypes.App, archiveDir string, sequence int64, registrySettings
 			zap.String("appID", app.ID),
 			zap.Int64("sequence", sequence))
 
-		_, err := preflightpkg.Execute(preflight, ignoreRBAC, setPreflightProgress, setPreflightResults)
+		setResults := func(results *types.PreflightResults) error {
+			return setPreflightResults(app.Slug, results)
+		}
+
+		_, err := preflightpkg.Execute(preflight, ignoreRBAC, setPreflightProgress, setResults)
 		if err != nil {
 			logger.Error(errors.Wrap(err, "failed to run preflight checks"))
 			return
@@ -142,31 +147,59 @@ func Run(app *apptypes.App, archiveDir string, sequence int64, registrySettings
 	return nil
 }
 
-func setPreflightResults(results *types.PreflightResults) error {
-	preflightData, err := getPreflightData()
+func setPreflightResults(appSlug string, results *types.PreflightResults) error {
+	preflightData, err := GetPreflightData()
 	if err != nil {
 		return errors.Wrap(err, "failed to get preflight data")
 	}
-	preflightData.Results = results
+	resultsBytes, err := json.Marshal(results)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal preflight results")
+	}
+	createdAt := time.Now()
+	preflightData.Result = &types.PreflightResult{
+		Result:                     string(resultsBytes),
+		CreatedAt:                  &createdAt,
+		AppSlug:                    appSlug,
+		ClusterSlug:                "this-cluster",
+		Skipped:                    false,
+		HasFailingStrictPreflights: hasFailingStrictPreflights(results),
+	}
 	if err := setPreflightData(preflightData); err != nil {
 		return errors.Wrap(err, "failed to set preflight results")
 	}
 	return nil
 }
 
+func hasFailingStrictPreflights(results *types.PreflightResults) bool {
+	// convert to troubleshoot type so we can use the existing function
+	uploadResults := &troubleshootpreflight.UploadPreflightResults{}
+	uploadResults.Results = results.Results
+	for _, e := range results.Errors {
+		uploadResults.Errors = append(uploadResults.Errors, &troubleshootpreflight.UploadPreflightError{
+			Error: e.Error,
+		})
+	}
+	return troubleshootpreflight.HasStrictAnalyzersFailed(uploadResults)
+}
+
 func setPreflightProgress(progress map[string]interface{}) error {
-	preflightData, err := getPreflightData()
+	preflightData, err := GetPreflightData()
 	if err != nil {
 		return errors.Wrap(err, "failed to get preflight data")
 	}
-	preflightData.Progress = progress
+	progressBytes, err := json.Marshal(progress)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal preflight progress")
+	}
+	preflightData.Progress = string(progressBytes)
 	if err := setPreflightData(preflightData); err != nil {
 		return errors.Wrap(err, "failed to set preflight progress")
 	}
 	return nil
 }
 
-func getPreflightData() (*PreflightData, error) {
+func GetPreflightData() (*PreflightData, error) {
 	var preflightData *PreflightData
 	if _, err := os.Stat(PreflightDataFilepath); err != nil {
 		if !os.IsNotExist(err) {

From 6b419b9d5cbbee719ccab31aeaa2e00534553f44 Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Mon, 17 Jun 2024 20:04:20 +0000
Subject: [PATCH 31/33] start preflights endpoint

---
 pkg/upgradeservice/handlers/handlers.go   |  2 +-
 pkg/upgradeservice/handlers/interface.go  |  1 +
 pkg/upgradeservice/handlers/preflight.go  | 67 ++++++++++++++++++++++-
 pkg/upgradeservice/preflight/preflight.go |  9 +++
 4 files changed, 77 insertions(+), 2 deletions(-)

diff --git a/pkg/upgradeservice/handlers/handlers.go b/pkg/upgradeservice/handlers/handlers.go
index 24297a9e48..210eac18b8 100644
--- a/pkg/upgradeservice/handlers/handlers.go
+++ b/pkg/upgradeservice/handlers/handlers.go
@@ -35,7 +35,7 @@ func RegisterRoutes(r *mux.Router, handler UpgradeServiceHandler) {
 	subRouter.Path("/config").Methods("PUT").HandlerFunc(handler.SaveAppConfig)
 	subRouter.Path("/config/{filename}/download").Methods("GET").HandlerFunc(handler.DownloadFileFromConfig)
 
-	// TODO: subRouter.Path("/preflight/run").Methods("POST").HandlerFunc(handler.StartPreflightChecks)
+	subRouter.Path("/preflight/run").Methods("POST").HandlerFunc(handler.StartPreflightChecks)
 	subRouter.Path("/preflight/result").Methods("GET").HandlerFunc(handler.GetPreflightResult)
 }
 
diff --git a/pkg/upgradeservice/handlers/interface.go b/pkg/upgradeservice/handlers/interface.go
index 9963ca92b3..eec2059730 100644
--- a/pkg/upgradeservice/handlers/interface.go
+++ b/pkg/upgradeservice/handlers/interface.go
@@ -10,5 +10,6 @@ type UpgradeServiceHandler interface {
 	SaveAppConfig(w http.ResponseWriter, r *http.Request)
 	DownloadFileFromConfig(w http.ResponseWriter, r *http.Request)
 
+	StartPreflightChecks(w http.ResponseWriter, r *http.Request)
 	GetPreflightResult(w http.ResponseWriter, r *http.Request)
 }
diff --git a/pkg/upgradeservice/handlers/preflight.go b/pkg/upgradeservice/handlers/preflight.go
index d85c121efe..ca008c275a 100644
--- a/pkg/upgradeservice/handlers/preflight.go
+++ b/pkg/upgradeservice/handlers/preflight.go
@@ -5,8 +5,12 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
+	apptypes "github.com/replicatedhq/kots/pkg/app/types"
+	"github.com/replicatedhq/kots/pkg/kotsutil"
 	"github.com/replicatedhq/kots/pkg/logger"
 	preflighttypes "github.com/replicatedhq/kots/pkg/preflight/types"
+	registrytypes "github.com/replicatedhq/kots/pkg/registry/types"
+	"github.com/replicatedhq/kots/pkg/reporting"
 	upgradepreflight "github.com/replicatedhq/kots/pkg/upgradeservice/preflight"
 )
 
@@ -15,6 +19,62 @@ type GetPreflightResultResponse struct {
 	PreflightResult   preflighttypes.PreflightResult `json:"preflightResult"`
 }
 
+func (h *Handler) StartPreflightChecks(w http.ResponseWriter, r *http.Request) {
+	params := GetContextParams(r)
+	appSlug := mux.Vars(r)["appSlug"]
+
+	if params.AppSlug != appSlug {
+		logger.Error(errors.Errorf("app slug in path %s does not match app slug in context %s", appSlug, params.AppSlug))
+		w.WriteHeader(http.StatusForbidden)
+		return
+	}
+
+	appLicense, err := kotsutil.LoadLicenseFromBytes([]byte(params.AppLicense))
+	if err != nil {
+		logger.Error(errors.Wrap(err, "failed to load license from bytes"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	app := &apptypes.App{
+		ID:       params.AppID,
+		Slug:     params.AppSlug,
+		IsAirgap: params.AppIsAirgap,
+		IsGitOps: params.AppIsGitOps,
+	}
+
+	localRegistry := registrytypes.RegistrySettings{
+		Hostname:   params.RegistryEndpoint,
+		Username:   params.RegistryUsername,
+		Password:   params.RegistryPassword,
+		Namespace:  params.RegistryNamespace,
+		IsReadOnly: params.RegistryIsReadOnly,
+	}
+
+	if err := upgradepreflight.ResetPreflightData(); err != nil {
+		logger.Error(errors.Wrap(err, "failed to reset preflight data"))
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	reportingFn := func() error {
+		if params.AppIsAirgap {
+			// TODO NOW: airgap reporting
+			return nil
+		}
+		return reporting.SendOnlineAppInfo(appLicense, params.ReportingInfo)
+	}
+
+	go func() {
+		if err := upgradepreflight.Run(app, params.BaseArchive, params.NextSequence, localRegistry, false, reportingFn); err != nil {
+			logger.Error(errors.Wrap(err, "failed to run preflights"))
+			return
+		}
+	}()
+
+	JSON(w, http.StatusOK, struct{}{})
+}
+
 func (h *Handler) GetPreflightResult(w http.ResponseWriter, r *http.Request) {
 	params := GetContextParams(r)
 	appSlug := mux.Vars(r)["appSlug"]
@@ -32,8 +92,13 @@ func (h *Handler) GetPreflightResult(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var preflightResult preflighttypes.PreflightResult
+	if preflightData.Result != nil {
+		preflightResult = *preflightData.Result
+	}
+
 	response := GetPreflightResultResponse{
-		PreflightResult:   *preflightData.Result,
+		PreflightResult:   preflightResult,
 		PreflightProgress: preflightData.Progress,
 	}
 	JSON(w, 200, response)
diff --git a/pkg/upgradeservice/preflight/preflight.go b/pkg/upgradeservice/preflight/preflight.go
index 502217b0da..e03ec79a2c 100644
--- a/pkg/upgradeservice/preflight/preflight.go
+++ b/pkg/upgradeservice/preflight/preflight.go
@@ -165,6 +165,8 @@ func setPreflightResults(appSlug string, results *types.PreflightResults) error
 		Skipped:                    false,
 		HasFailingStrictPreflights: hasFailingStrictPreflights(results),
 	}
+	// clear the progress once the results are set
+	preflightData.Progress = ""
 	if err := setPreflightData(preflightData); err != nil {
 		return errors.Wrap(err, "failed to set preflight results")
 	}
@@ -228,3 +230,10 @@ func setPreflightData(preflightData *PreflightData) error {
 	}
 	return nil
 }
+
+func ResetPreflightData() error {
+	if err := os.Remove(PreflightDataFilepath); err != nil {
+		return errors.Wrap(err, "failed to remove preflight data")
+	}
+	return nil
+}

From dbd8cd02a9acf4a9e7dd2828d9dd38030895647a Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Mon, 17 Jun 2024 20:38:51 +0000
Subject: [PATCH 32/33] use os.RemoveAll

---
 pkg/upgradeservice/preflight/preflight.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/upgradeservice/preflight/preflight.go b/pkg/upgradeservice/preflight/preflight.go
index e03ec79a2c..cd8296baf2 100644
--- a/pkg/upgradeservice/preflight/preflight.go
+++ b/pkg/upgradeservice/preflight/preflight.go
@@ -232,7 +232,7 @@ func setPreflightData(preflightData *PreflightData) error {
 }
 
 func ResetPreflightData() error {
-	if err := os.Remove(PreflightDataFilepath); err != nil {
+	if err := os.RemoveAll(PreflightDataFilepath); err != nil {
 		return errors.Wrap(err, "failed to remove preflight data")
 	}
 	return nil

From 7a4d7bb34a02a9b1e766f9607cd4febd0fbfeb9e Mon Sep 17 00:00:00 2001
From: Craig O'Donnell <craig@replicated.com>
Date: Mon, 17 Jun 2024 21:33:20 +0000
Subject: [PATCH 33/33] address PR feedback

---
 pkg/upgradeservice/preflight/preflight.go | 25 ++++++++++-------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/pkg/upgradeservice/preflight/preflight.go b/pkg/upgradeservice/preflight/preflight.go
index cd8296baf2..8bce434f22 100644
--- a/pkg/upgradeservice/preflight/preflight.go
+++ b/pkg/upgradeservice/preflight/preflight.go
@@ -148,25 +148,22 @@ func Run(app *apptypes.App, archiveDir string, sequence int64, registrySettings
 }
 
 func setPreflightResults(appSlug string, results *types.PreflightResults) error {
-	preflightData, err := GetPreflightData()
-	if err != nil {
-		return errors.Wrap(err, "failed to get preflight data")
-	}
 	resultsBytes, err := json.Marshal(results)
 	if err != nil {
 		return errors.Wrap(err, "failed to marshal preflight results")
 	}
 	createdAt := time.Now()
-	preflightData.Result = &types.PreflightResult{
-		Result:                     string(resultsBytes),
-		CreatedAt:                  &createdAt,
-		AppSlug:                    appSlug,
-		ClusterSlug:                "this-cluster",
-		Skipped:                    false,
-		HasFailingStrictPreflights: hasFailingStrictPreflights(results),
-	}
-	// clear the progress once the results are set
-	preflightData.Progress = ""
+	preflightData := &PreflightData{
+		Result: &types.PreflightResult{
+			Result:                     string(resultsBytes),
+			CreatedAt:                  &createdAt,
+			AppSlug:                    appSlug,
+			ClusterSlug:                "this-cluster",
+			Skipped:                    false,
+			HasFailingStrictPreflights: hasFailingStrictPreflights(results),
+		},
+		Progress: "", // clear the progress once the results are set
+	}
 	if err := setPreflightData(preflightData); err != nil {
 		return errors.Wrap(err, "failed to set preflight results")
 	}