2025-04-25​

Dashboard​

Fixed​

• Fixed a bug in the UI-based sandbox spec editor that caused certain mutations to be denied incorrectly.

2025-04-23​

API / Control Plane​

Fixed​

• Fixed a bug where multiple error responses were sent in certain 4xx failure cases.
• Improved cluster connection reliability under load through control plane enhancements.

Changed​

• The control plane now limits agents (part of the operator) to a maximum of 3 parallel connections per cluster to prevent abuse. This change is not generally user-facing but may affect setups with improperly configured agents.

2025-04-17​

Dashboard​

Added​

• Enhanced filtering capabilities and improved search across all pages.
• Improved visual styles across all pages for consistency.

Fixed​

• Resolved redirect issues with certain links that were causing loss of navigation history.

2025-04-08​

API / Control Plane​

Added​

• Support for externally sourced Smart Tests that can be stored in source control.
• Support for querying executions using runID, test name, and source.
• Support for distinguishing between published & unpublished executions.

Changed​

• When executing Smart Tests on sandboxes, one reference sandbox is shared by all test executions in the same run (with the same runID). Previously one was created for each test execution.

CLI v0.9.0​

Added​

• Added support for source control configuration to store, manage and run Smart Tests.
• Added signadot smart-test sub-command and it's corresponding alias st.
• Added signadot smart-test execution sub-command for managing smart-test executions.

Dashboard​

Added​

• Enhanced UI with redesigned theme for improved readability and visual consistency.
• Introduced new Executions view with filtering capabilities for managing executions of hosted and externally sourced Smart Tests.
• Improved Smart Test reporting interface within Sandbox details.

Fixed​

• Resolved layout and presentation inconsistencies across Sandboxes, Jobs, and Smart Tests pages.

2025-03-20​

Dashboard​

Fixed​

• Auth: Fixed an issue where new users encountered an error instead of the email verification page during signup.

2025-03-14​

API / Control Plane​

Changed​

• Creation and modification of Job Runner Groups can now performed only by the admin role. See spec for details.

Fixed​

• Fixed issue that caused some smart test diffs to be classified incorrectly as medium / high relevance.
• Fixed rare issue that caused deadlocks in the control plane during cluster connects/disconnects.

2025-03-07​

Dashboard​

Added​

• Improved new user onboarding with a new "Getting Started" section on the Overview page.

Fixed​

• Auth: Fixed email verification flow during user creation to remove the need for a user to login again after verifying their email.
• Auth: Fixed confusing error message when a user with an existing account attempts to sign up.
• Fixed bug that caused Sandboxes list page to crash when there were test failures.

Security​

• Updates to dependencies & general improvements.

2025-03-04​

Operator v0.19.3​

Added​

• Replica Scaling: Allowed running controller-manager with more than one replica - this is expected to help the DevMesh sidecar injection be highly available.
• Resource Customization: Allowed parameterization of injected container resources, including init containers and sidecars.

Security​

• Container Permissions: Reduced the scope of permissions of routing init containers.
• Base Image Update: Switched operator base images to Alpine for improved security and efficiency.
• Dependency Upgrades to address various CVEs and general security improvements.

2025-02-27​

Dashboard​

Added​

• Smart Tests status is now displayed on the Sandboxes page for improved visibility.

Fixed​

• Resolved an issue preventing GitHub-authenticated users from inviting others.
• Improved table layout and visual consistency for Sandboxes, RouteGroups, and Clusters.

2025-02-20​

API / Control Plane​

Fixed​

• More Reliable Notification Production - Fixed bugs in the notification system to ensure GitHub notifications are delivered more reliably.
• Fixed bugs causing missing sandbox status information on jobs and test executions during sandbox list.
• Security Fixes and Dependency Upgrades.

Removed​

• Sandbox updates no longer count towards monthly quota (as reflected in pricing).

Dashboard​

Added​

• Improved UI for organization creation flow.

Fixed​

• Fix Icon Alignment/Size - Corrected inconsistencies in UI icons related to Test / Job runs.
• Fix Web Vulnerabilities - Addressed security issues affecting the web platform

2025-02-12​

CLI v0.8.2​

Added​

• Added flag --wait to signadot job sub-command.
• Passing -o yaml or -o json to signadot sandbox get or signadot sandbox list now shows summary information about any associated Tests or Jobs. See the Sandbox Status docs for details.

Fixed​

• Fixed case where using Signadot CLI with CloudFlare WARP caused local connection to stop working.
• Added health checks to improve self-healing when there are disruptions to the local workstation tunnel.
• Applied security fix for CVE-2024-45337.

2025-02-05​

API / Control Plane​

Added​

• Support for displaying Sandbox status in GitHub PRs using the Signadot GitHub application.

Fixed​

• Improve enforcement of tunnel server request deadlines.

2025-02-04​

Dashboard​

Added​

• New UI to edit and update workloads (images, environment variables) under Sandbox details.

Fixed​

• Fixed signadot/community#54: environment variables couldn’t be updated using the UI when secrets were used.

2025-01-31​

API / Control Plane​

Added​

• Support for running checks as part of Smart Tests. See checks for details.
• Extended sandbox status under the sandbox-list and sandbox-get API endpoints to include jobs and test execution summaries.
• Added DisableSandboxTrafficManager field to sandbox spec.

Fixed​

• Fixed ambiguous relation between Jobs and Routing Keys.

Dashboard​

Added​

• Added UI support for presenting results of checks as part of Smart Tests.
• Revamped and improved presentation of the Smart Test results page.

2025-01-20​

Operator v0.19.2​

Added​

• Resource limits and requests for operator components are now included and configured via helm values.yaml.
• Support for iptables-nft in the operator. This can be turned on via the helm flag routing.iptablesMode.

Changed​

• traceparent is now correctly injected alongside tracestate when using automatic routing key injection for jobs.
• agent now uses recreate deployment strategy by default to reduce the chances of races during operator upgrades / downgrades.

Fixed​

• A memory leak was identified and resolved in the sandbox-traffic-manager component.
• HTTP CONNECT is correctly passed through sandbox-traffic-manager when using traffic capture under Smart Tests.
• The job-executor-proxy component used when running Smart Tests now correctly excludes localhost traffic.
• Setting AllowedNamespaces in helm now correctly configures scoped RBAC permissions.
• Upgraded Envoy in tunnel-proxy-auditor component to v1.32 to fix support for HTTP CONNECT traffic.

2025-01-09​

API / Control Plane​

Fixed​

• Added protection against rapidly re-connecting agents, which could cause a resource leak.
• Mitigated a race between API deletion of resources and cluster sync which could leave orphaned in-cluster custom resources.

2024-12-20​

API / Control Plane​

Fixed​

• Resolved issue in SmartTests execution controller to correctly handle deleted sandboxes.
• Ensured the injection of the traceparent header alongside tracestate when using the hosted Preview URLs and Sandbox Details > Explore UI in accordance with the TraceContext specification.

2024-12-19​

Chrome Extension v1.2.0​

Added​

• Support for custom routing headers: See custom headers for more information.
• Visual enhancements:
  • Added an indicator to show when the extension is active.
  • Introduced a details panel to display information about injected headers.

Fixed​

• Resolved an issue that occasionally prompted users to log in even after a successful login.
• Fixed flickering issues that occurred when opening the extension.

Dashboard​

Fixed​

• RouteGroups list view now shows the cluster in which each RouteGroup exists.
• Fixed bug that broke syntax highlighting in the SmartTest Editor.
• Improved behavior of the "unsaved test" indicator in the SmartTest Editor.

2024-12-12​

API / Control Plane​

Fixed​

• Improved behavior related to .values.allowedNamespaces that can be set during installation.
  • Improved validation of entities against the list of namespaces.
  • Improved Kubernetes API calls to honor the above setting.

Dashboard​

Added​

• Added support for editing Job Runner Group specifications.

Fixed​

• Search & filter now correctly reset pagination.
• Fixed cluster configuration section under clusters to correctly show headers that will be used for routing.
• General improvements and bug fixes.

Changed​

• Improved the UX to edit the sandbox specification by allowing edits in-place.

2024-12-03​

Operator v0.19.1​

Removed​

• The operator no longer routes using the following HTTP/gRPC headers by default:
  • uberctx-sd-routing-key
  • uberctx-sd-sandbox
  • ot-baggage-sd-routing-key
  • ot-baggage-sd-sandbox If you are making use of these, please use the new custom headers settings described below. If you are using the standard OpenTelemetry baggage or tracestate headers, no action is necessary.

Added​

• Support for the Linkerd service mesh, install with helm value linkerd.enabled = true.
• Support for custom routing headers. See custom headers for details.
• We have added support for eliding specific headers from traffic captured when running Smart Tests, install with helm values trafficCapture.requestHeadersElide and trafficCapture.responseHeadersElide.

Fixed​

• Fixed the handling of X-Forwarded headers in the devmesh sidecar and the sandbox traffic manager.
  • X-Forwarded-For now appends client IP address at each hop of a series of proxies.
  • X-Forwarded-Host is set when absent or pass-through when present.
  • X-Forwarded-Proto is set when absent or pass-through when present.
• Various behavior and error messages have been fixed when running under restricted namespaces (using the allowedNamespaces helm value).
• JobRunnerGroup controller now preserves user-provided imagePullSecrets for images in JobRunnerGroup pods.

Changed​

• Resolved an issue with the sandboxTrafficManager.enabled helm value, which previously required the string values "true" or "false" instead of boolean values.
• It is now possible to use the sandbox traffic manager component for sandbox forks while independently controlling traffic capture for specific scenarios like Smart Tests using the trafficCapture.enabled helm parameter.
• When running with restricted namespaces, signadot namespace is now always included by default.

API / Control Plane​

Fixed​

• Synchronizing a draining JobRunnerGroup to a cluster now checks if the cluster's JobRunnerGroup exists and is up to date during draining.
• When a cluster is deleted, any Smart Test triggers associated with it are also deleted.

2024-11-15​

API / Control Plane​

Added​

• signadot/community#58: Support for running Smart Tests. See guide for details.

Dashboard​

Added​

• Creating & managing Smart Tests.
• Integration of Smart Tests with Sandboxes: Smart Tests executed for a specific Sandbox are now displayed on the Sandbox details page.

2024-11-06​

Dashboard​

Fixed​

• UI now allows creating Route Groups containing more than one match criterion using the same label key.

2024-10-30​

Operator v0.19.0​

sandboxTrafficManager:
  enabled: false

Added​

• Sandbox Traffic Manager component that enables traffic recording for API SmartDiff tests.
• Job Executor adds support for test traffic recording for API SmartDiff tests.

Fixed​

• Fixed bug that could cause Route Server clients (such as the DevMesh sidecar) to freeze as a result of a deadlock when handling connection errors.
• Upgraded components to use go1.23.

Changed​

• DevMesh sidecar now rejects requests containing routing keys upon error communicating with the route server. The status of such rejected requests is 599.

2024-10-17​

API / Control Plane​

Fixed​

• Fixed case of Job reporting failed status incorrectly followed by a retry operation.

Changed​

• Changes to job reconciliation logic to exclude completed jobs, improving time taken for jobs to queue and complete.
• Relaxed Resource Plugin validations (now the API accepts empty create and delete workflows).
• Downward API environment variables are now applied to all baseline containers.
• Upgraded components to use go1.23.

Dashboard​

Fixed​

• Improved presentation of pagination when there are a large number of pages.

Changed​

• Improved new YAML editor with syntax highlighting.
• Improved Jobs Filtering presentation.
• Reorganized tabs on the sidebar for better separation between administrative, platform & developer-facing entities.

2024-09-06​

API / Control Plane​

Fixed​

• Validation now correctly handles sandboxes referencing non-existent resource plugins.

Dashboard​

Fixed​

• Renamed column in Analytics referencing "Sandbox ID" to "Routing Key".

2024-08-22​

API / Control Plane​

Fixed​

• Bug fix: race condition on cluster disconnect, potentially leading to a deadlock.

Changed​

• Improvement in the handling of jobs with references to deleted sandboxes.

2024-08-15​

Operator v0.18.0​

Added​

• Jobs now have the capability to automatically inject routing key headers on all outgoing requests. Refer to the documentation for details.
• DevMesh now supports routing of websocket connections correctly to workloads locally and within the cluster.

Changed​

• Routing in Istio mode matches VirtualServices on the .spec.route[].destination.host, which allows preserving of path rewrites and the HTTPRoute conditions under which routing occurs. Previously, VirtualService .spec.host was used for selecting VirtualServices for modification. Refer to the documentation for details.
• Upgraded components to use go1.22

Deprecated​

• In Istio routing mode, the previous host-based selection of VirtualServices is deprecated and requires setting a helm value of istio.enableDeprecatedHostRouting to use.

API / Control Plane​

Changed​

• Usage limits: APIs now enforce constraints based on revised pricing.

Fixed​

• Fixed an issue causing Job and JobRunnerGroup cluster synchronisation to hang until agent restart.
• Minor fixes and improvements.

CLI v0.8.1​

Added​

• Jobs now have the capability to automatically inject routing key headers on all outgoing requests.
• Upgraded components to use go1.22

Dashboard​

Added​

• Billing page now displays information pertinent to revised pricing.

Fixed​

• Fixed filtering of colored logs in logs panels.
• Usage quota banners are shown when jobs usage is nearing limits.
• Minor fixes and improvements.

2024-08-06​

Dashboard​

Fixed​

• Fixed broken ToS link in the sign up flow.

2024-07-30​

API / Control Plane​

Fixed​

• A validation bug in Job names caused active Jobs to become stuck in queued when the name include uppercase characters. Job names may now contain uppercase characters without getting stuck.
• Made the communication between cluster and control plane more robust for Jobs and JobRunnerGroups.
• Various security updates to third party dependencies.

Changed​

• Signadot APIs no longer accepts requests with invalid empty Content-Length headers.

Dashboard​

Added​

• Analytics can now be used to track Jobs.
• Updates to Analytics to allow exporting data as CSV.
• Banner to surface when sandboxes usage is approaching quota for the organization.

Fixed​

• Overview page cards view updates to work better across more zoom levels.

2024-07-10​

Dashboard​

Added​

• Updated Overview page to a new cards layout with other minor design improvements.

2024-07-03​

Dashboard​

Added​

• Analytics: Sandbox updates can now be tracked in addition to creation.

2024-06-27​

API / Control Plane​

Fixed​

• Removed leading hyphens when generating names of Jobs with an unspecified spec.namePrefix.
• Draining of non-operational JobRunnerGroups with queued, canceled Jobs now completes. Previously, these JobRunnerGroups were stuck in a non-operational state.
• A race condition in which a JobRunnerGroup queue could stop running Jobs until agent reconnection. When this condition occurs, we now continue running Jobs.
• A race condition in which applying many JobRunnerGroups for one cluster simultaneously could result in an Internal Server Error. The race has been removed.

Changed​

• Kubernetes namespaces referenced in JobRunnerGroups must now exist when creating the JobRunnerGroup.
• Job submission is now denied with a status code 503 (Unavailable) if both no Pods are available and no previous Jobs were run. This helps prevent creating Jobs for broken JobRunnerGroups.

Dashboard​

Added​

• Ability to delete Job Runner Groups.

Fixed​

• Inconsistencies in UI elements for add / delete.

2024-06-20​

API / Control Plane​

Added​

• Support for running automated tests in Kubernetes using Jobs and Job Runner Groups. See guide for details.
• Support for artifact storage and retrieval from tests.
• Support for stdout and stderr streaming from running tests.

CLI v0.8.0​

Added​

• New sub-commands relating to the following
  • Job Runner Groups
  • Jobs
  • Artifacts
  • Logs

Dashboard​

Added​

• Creating & managing Job Runner Groups
• Managing Jobs, and viewing / downloading logs & artifacts associated with them.

2024-06-12​

Operator v0.17.0​

Added​

• Added support for Job Runner Groups and Jobs.

2024-04-25​

Dashboard​

Added​

• Support for default TTL per cluster for Sandboxes and RouteGroups (docs).

2024-04-16​

API / Control Plane​

Added​

• Support for default TTL per cluster for Sandboxes and RouteGroups (docs).

2024-04-05​

Operator v0.16.1​

Fixed​

• Problem during the computation of workload status in forked workload controller. This fixes issue #50.
• Enforce stricter limits in the names of the forked Argo Rollout objects to avoid the creation of pods with names exceeding 63 characters.

Dashboard​

Added​

• Improved layout of Route Groups and Resources detail pages.

Fixed​

• Issue causing 401 Unauthorized errors in Explore UI.

2024-03-06​

Operator v0.16.0​

Added​

• Local Sandboxes containing local workloads without associated services are now supported.
• The tunnel-proxy has a new RPC called GetHostnames used by signadot local connect to serve more Service types and operate independently of cluster IP networks.

Fixed​

• When running with Istio enabled, the tunnel-proxy service now has better support for TCP over its socks5 server because the appProtocol field in the associated Service is now correctly configured for Istio.
• Sandboxes with many forks were causing many unnecessary reconciles and reconciliation conflicts that could lead to hotlooping. This problem was fixed by adding stable orderings to some custom resource structures.

CLI v0.7.0​

Added​

• RouteGroups now support TTL.
• A new sub-command signadot local proxy is available, allowing one to proxy in-cluster services in a way similar to Kubernetes port-forwarding.
• A new connection type, ControlPlaneProxy for signadot local connect is available, which allows using local without a kubeconfig - intended primarily for onboarding.
• When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, all Kubernetes service names are now available via DNS on the local machine, instead of only clusterIP typed services. Additionally, in the case of StatefulSets with associated headless services, the StatefulSet pod names are available as a subdomain names of the service name pod-0.name.namespace.svc, pod-1.name.namespace.svc etc.
• When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, local workloads with no associated services are now supported.
• There is a new field in the local section of the config file, called virtualIPNet documented here.

Changed​

• signadot local connect --wait now accepts an optional string argument indicating none, connect or sandboxes, defaulting to connect. These arguments cause the command to wait for nothing, outbound connection success, or outbound connection success and sandbox re-connection success respectively. By default, signadot local connect now behaves as signadot local connect --wait connect.
• When connected to an operator version ≥ v0.16.0, traffic routing uses virtual IPs, which is safer and allows use in more contexts.

Deprecated​

• The outbound field of a local connection is only pertinent when connecting to Signadot Operator < v0.16.0.

2024-03-01​

API / Control Plane​

Added​

• Support for RouteGroup Time to Live (TTL).
• Support for a new proxy endpoint allowing proxy connections in the upcoming version of the CLI.

Fixed​

• Fixed Bug when accessing forbidden resources (previously returned unauthorized instead of forbidden).

Chrome Extension v1.1.0​

Fixed​

• Fixed bug causing the extension to occasionally lose state and inject empty routing-key headers.

Dashboard​

Added​

• Support for RouteGroup Time to Live (TTL).

2024-02-15​

API / Control Plane​

Added​

• Support for Role-Based Access Control (RBAC) with an admin and member roles. See docs for reference.

Fixed​

• Fetching resources associated with a disconnected cluster now returns 502 HTTP status code instead of 500.

Dashboard​

Added​

• Support for Role-Based Access Control (RBAC).
  • Inviting users via the "Users" page now allows specifying role as admin or member.
  • The "Users" list allows admin users to change the role of any other users to member.
  • Check docs for reference.

2024-02-08​

Dashboard​

Fixed​

Resolved bug that prevented users from accessing kubectl configuration for playground clusters.

2024-02-01​

Dashboard​

Changed​

Minimum viewport width supported is now 800px instead of 1024px.

Fixed​

Resolved bug that was allowing users to self-delete from the Dashboard.

Security​

Critical upgrades to dependencies.

CLI v0.6.1​

Added​

Shortname aliases for sandbox (sb), routegroup (rg), cluster (cl), and resourceplugins (rp)

Fixed​

While connected using signadot local connect, the CLI now will not add entries to /etc/hosts which contain an IP address outside of the ranges configured to route to the cluster. Instead, it will log a warning.

2024-01-24​

API / Control Plane​

Fixed​

• Resolved issue that caused new users to be unable to register using email / password based authentication.
• Resolved issue that caused an HTTP 500 error when new users attempt to login when "Auto-Provision users" setting in SSO is disabled. This now returns an HTTP 403 instead.
• Resolved issue where preview URLs in an invalid format would return an empty response. They now return HTTP 400.

2024-01-18​

API / Control Plane​

Fixed​

• Fixed bug where listing resources associated with a sandbox when it is being deleted returned 500.

Dashboard​

Added​

• New Logs UI panel in the Sandbox Details page.
• Added support for SSO in the Enterprise Plan.

Operator v0.15.0​

Added​

• New Routes API gRPC & REST service for workload routing rules intended for supporting message queues in sandboxes, and custom routing use-cases. Available at https://github.com/signadot/routesapi, with associated documentation and supporting examples.
• The routeserver component now publishes metrics in Prometheus format.

Changed​

• DevMesh sidecars use the new Routes API, offering a significant speedup in in-cluster routing propagation.
• DevMesh annotation (sidecar.signadot.com/inject) has changed:
  • The value http and grpc now behave the same as true and inject the envoy-based sidecar introduced in v0.14.
  • "false" (as a yaml string) will disable injection.
  • Parse errors of annotation values now also default to the above sidecar, logging an error.
• Local connect improvements
  • Improved the method used to find the cluster IP network range in the Kubernetes cluster used to set up local networking. If it fails it will fall back to estimation as done previously.
  • The tunnel-api no longer returns DNS entries to the CLI that are outside the specified CIDR range. As a result, /etc/hosts managed in the CLI will omit entries outside the range.

Deprecated​

• The environment variable $SIGNADOT_SANDBOX_ID in scripts in Resource Plugin steps is now deprecated, and the newly added $SIGNADOT_SANDBOX_ROUTING_KEY should be used in its place.

Removed​

• Images (execpod-sidecar) and CustomResourceDefinitions (signadotresources and signadotresourceplugins) which were associated with V1 Resources have been removed. These have been superseded by V2 ResourcePlugins.

Fixed​

• Fixed bug in DevMesh routing mode where workloads in sandboxes with no associated services were marked not ready when forked.
• Fixed bug causing traffic to be dropped temporarily when workstations running local sandboxes reconnect due to stale DNS entries.
• Fixed bug that caused forked and local workloads to flap between not-ready and ready during updates.

2024-01-10​

API / Control Plane​

Removed​

• Legacy (v1) resource plugin support. This has been superseded by the v2 Resource Plugins API.

Dashboard​

Fixed​

• Error handling in the case of 404 errors.
• Incomplete fetching of information when deep-linking to view a particular cluster's information.
• Issue where some links appear without styling.

Removed​

• Ability to view Legacy (v1) Resource Plugins has been removed.

2023-12-20​

• API: Fixed issue with updates to sandboxes reporting ready incorrectly before the update is reflected in the cluster.
• API: Hidden field spec.LocalMachineID is no longer returned as part of the Sandbox Specification.
• Previews: Connection pooling is now turned off for Preview URL requests to prevent unnecessary caching of in-cluster endpoint addresses.

2023-11-30​

• Operator:
  • Metrics
    • Breaking change: the metrics endpoints & names have changed in v0.14.1. Refer to monitoring docs for details.
    • Added new metrics that track individual entities (sandboxes, routegroups, resources), as well as component specific metrics. Refer to docs for details.
  • Routing / DevMesh
    • Fixed low timeouts on HTTP and gRPC connections proxied via the DevMesh sidecar.
    • Proxying of HTTP1.0 connections is now supported.
  • Routing / Istio
    • Fixed routing between local workloads and forked workloads in Istio mode. Note that this in turn disables the audit logging sidecar, thereby allowing the istio-sidecar to come up on the tunnel-proxy.
  • Local
    • Fixed bug that caused signadot local connections to not self-heal in certain cases when the connection is interrupted.
  • Misc
    • Improved naming of workloads created by sandboxes to accommodate more information about the baseline workload. Previously, both sandboxID and sandboxName were included in the workload name, of which sandboxID has been dropped in v0.14.1.
    • General improvements, and updates to Kubernetes dependencies (controller-runtime).
• API:
  • Sandbox Updates: forks & local workloads can now be added / removed as part of sandbox updates with operator v0.14+
  • signadot/community#40: Support for hybrid sandboxes: You can now create sandboxes that have both forks and locals alongside each other with operator v0.14+.
• CLI:
  • CLI v0.6.0 is now available.
  • In combination with v0.14.1 for the operator, sandboxes with local workloads now have machine affinity. When signadot local connect is run, any sandboxes that were previously associated with a machine and not deleted will re-associate with the machine. Refer to local workloads documentation for details.
  • --clean-local-sandboxes flag added to signadot local disconnect to delete the locally associated sandboxes during disconnect.
• Other:
  • Chrome Extension for Signadot to set routing headers for Sandboxes and RouteGroups is now in beta.

2023-11-15​

• Integrations: Fixed bug where sandbox update fails validation but updates Pull Request commit status.
• CLI: v0.5.4 is now available:
  • Fix to update /etc/hosts correctly when signadot local is running in docker.

2023-11-06​

• Web: Sandbox Details page is now updated with improved information architecture.
• Web: Sandbox Details > Explore has been introduced for exploratory testing of HTTP APIs.

2023-11-02​

• API: Multiple ports can now be mapped for local workloads with Operator v0.14+.
• Control Plane: Robustness improvements to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.

2023-10-26​

• Integrations: GitHub Pull Request Integration now adds a status check to the Pull Request with information about the sandbox.
• Control Plane: Robustness improvements & bug fixes to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.

2023-10-12​

• Operator: New routing implementation addresses signadot/community#26.
  • Sandbox routing now supports pods serving on multiple ports.
  • Sandbox routing makes use of Kubernetes Services for routing and removes dependency on pod's ContainerPort specification.
    • Every sandboxed workload will now create Kubernetes Services that are counterparts of each baseline service and use them for routing.
  • Istio specific improvements:
    • Status reporting of VirtualServices being patched and partially managed by Signadot.
    • Error reporting if spec.gateways is specified in a VirtualService without a mesh entry. See docs for more details.
    • Various error reporting and debuggability improvements.
  • DevMesh (previously Signadot Sidecar Routing) specific improvements:
    • Updated sidecar webhook to avoid system namespaces (kube-system, kube-node-lease) to prevent warnings in GKE.
    • Reporting of an error if DevMesh routing is enabled but the baseline workload does not have the DevMesh sidecar injected.
  • Workload Management:
    • Sandbox deletions are faster because deletions of dependent resources are now performed in the background.
  • See architecture documentation for details on new Custom Resources and Controllers.
• API: Improved validation when specifying Preview Endpoint targets.
• UI: Logs Viewer now allows choosing which container to get logs from.
• UI: Fix for list of Preview Endpoint targets showing too many entries at once when creating / editing a RouteGroup.
• CLI: v0.5.3 is now available:
  • Fixed issue in signadot local connect that caused it to fail when using Azure AD legacy authentication in kubeconfig.

2023-09-27​

• API: Improved validation for custom patch in Sandbox fork customizations.
• UI: Fixed bugs causing page crashes in the case of API errors.
• CLI v0.5.2 is now available:
  • Fixed signadot/community#33: fixed display of sandbox TTL when updatedAt is used.

2023-09-16​

• UI: Dashboard redesign with several improvements to presentation and navigation.
• API: Fixed bug where specifying an empty value for a fork environment variable returned an unexpected validation error.

2023-09-08​

• Operator: New implementation for Signadot Sidecar based on Envoy is now available. You can opt into this now if you use sidecar.signadot.com/inject: "true" in baseline manifests. This will be the default in v0.14+. If you are using Signadot Sidecar for routing, take a look at the Upgrade Considerations note below.
• Operator: Fixed bug in Resource Controller that caused a resource to be marked as failed despite succeeding when pulling images took too long.
• Operator: Fixed issue with iptables dependency that caused Tunnel Proxy to not initialize correctly. This bug affected running local workloads as part of sandboxes when deployed on recent Kubernetes Node OS versions.

2023-08-24​

• CLI v0.5.1 released, adding support for --wait and --wait-timeout to signadot local connect.
• Sandbox apply operations with no change in spec (update scenario) are deemed no-op and are not processed.
• Sandboxes now support new TTL with respect to updatedAt.
• UI: Displays spec for Sandboxes, Resource Plugins and RouteGroups on the respective detail pages.

2023-08-02​

• Operator v0.13.2
  • Upgrades build toolchain to use go 1.20.
  • Improvements to helm templating for compatibility with versions of Helm before v3.10.
• Playground clusters now support Sandboxes with local workloads.
• UI: Minor presentation improvements.

2023-07-19​

• CLI v0.5.0 is now available, with support for local workloads in sandboxes (beta).
• Operator
  • Local workloads: fix for slow closing of SSH-based inbound tunnels during graceful teardown.
  • Local workloads: fix for tunnel connection state not being preserved between compatible sandbox spec updates.
  • Local workloads: fixed bug in gRPC route-to-local when using Istio.
• UI: Local workload in sandbox details UI now shows the connected username@hostname.

2023-07-13​

• Operator adds beta support for running sandboxed workloads locally on developer workstations.
  • Running local workloads in a sandbox requires CLI v0.5.0+ and supports MacOS & Linux.
  • New ExternalWorkload CRD and controller to enable core functionality.
  • Added tunnel-api, tunnel-proxy and auditor components (helm chart) to handle communication between workstations and the cluster.
• UI: Improved grouping and aesthetic elements of sandbox details page for improved usability
• UI: Fixed bug in status reporting for clusters where they would show an error state before any connection.

2023-06-21​

• Fixed RouteGroup Sandbox matching for Sandboxes using PR Integration. These sandboxes were previously not matched by RouteGroups.
• General improvements and bug fixes.

2023-05-26​

• The UI now supports creating & updating sandboxes using a YAML specification
• Improvements to onboarding flow using playground "Kubernetes clusters"
• Security updates & bug fixes

2023-04-19​

• Support for provisioning a "playground" Kubernetes cluster on-demand for new users via the Dashboard.
  • The playground cluster will contain the Signadot Operator pre-installed.
  • The playgrund cluster will also contain a demo application http://github.com/signadot/hotrod.
  • Read-only kubectl access is also provided to this cluster via the UI.

2023-04-05​

• UI: Fixed bug where deprovision logs associated with a resource plugin were shown incorrectly.
• UI: Improvements to presentation of details associated with resource plugins.

2023-03-30​

• New Resource Plugin framework is now available for creating and managing stateful resources with Sandboxes.
  • CLI has been updated to v0.4.0 and now supports resourceplugin subcommand.
  • Dashboard UI support for new resource plugins, resources and displaying logs associated with them.
  • Resource Plugins API is now available.
  • Resource Plugin Examples and Documentation

2023-03-22​

• Operator-level support for a new resource management framework has been added. This framework will make it easier to write, deploy and manage resources in sandboxes.

2023-02-03​

• GitHub Pull Request Integration is now Generally Available.
• Dashboard changes to auto-suggest targets in a Route Group.

2023-01-25​

• RouteGroups which match a given Sandbox are now visible on the UI under the Sandbox Details page.
• Removal: old cluster agents at version Signadot Operator v0.7.0 and lower will no longer be able to connect.
• General improvements and bug fixes.

2023-01-18​

• Improved sandbox deletion cluster synchronisation performance.
• Periodic cluster synchronisation of Sandboxes now respects force deletion.
• General improvements and bug fixes.

2023-01-10​

• Fixed regression in routing behavior introduced by using multi-value headers in baggage and tracestate when setting context on preview requests.

2023-01-04​

• Fixed bug with status reporting for Route Groups when one or more sandboxes are not found.
• Fixed bug in enforcement of lower-case names for Route Groups in the API.
• Fixed bug in inference of containerPort on fork when not specified on baseline workload.
• Fixed a bug in enforcement of fork conflicts in routing contexts upon creation of a Route Group.

2022-12-23​

• Route Groups are now generally available via the API and UI
• CLI v0.3.7 is now available with support for Route Groups

2022-12-07​

• The operator now supports a new CRD of kind SignadotRouteGroup, used for routing requests through a set of sandboxes.
• The operator has addressed the security issue USN-5710-1.

2022-11-17​

• Sandbox tags have been renamed to labels and made mutable.
• Fixed bug with additional preview endpoints on the Dashboard.
• General improvements and bug fixes.

2022-11-09​

• Sandboxes now support the downward api.
• General improvements and bug fixes.

2022-11-02​

• Self-service upgrades to the team tier are supported via the Dashboard.
• Sandbox TTL if set is visible on the Dashboard.
• General improvements & bug fixes in the operator.

2022-10-19​

• Fixed misleading error message when creating a sandbox on a cluster before it is connected successfully.
• Resource Plugin for Amazon S3 is now available.

2022-10-11​

• Fixed bug causing changes to preserved labels to not be propagated until a sandbox is updated.
• Fixed bug in the dashboard that caused a 4xx error in analytics pages in some cases.
• General improvements.

2022-10-03​

• Sandboxes now support TTL. You can now set a deadline (ttl duration) on a sandbox for it to be automatically cleaned up after the specified duration elapses.
• Various bug fixes and improvements.

2022-09-15​

• Updates to forks and endpoints in sandboxes are now supported when this version of the operator or higher is installed.
• CLI default timeout for waiting for readiness changed from 5 minutes to 3 minutes.
• General improvements.

2022-08-08​

• API server now correctly lists host endpoints associated with a sandbox.
• Dashboard analytics page no longer shows an error in case no clusters are connected.
• General improvements.

2022-07-25​

• API server now refers to the routeType of a sandbox static endpoint as "host" instead of "static".
• API server now enforces HTTP rate limiting when communicating with a cluster's Kubernetes API.

2022-07-19​

• A new API version (/api/v2) is now available, and new SDK versions will soon be released that use the new V2 API. Old code that uses the V1 API (/api/v1) will continue to work, but some code changes may be required when upgrading to build against the latest SDK versions.
• Fixed a bug where the operator might make unnecessary cosmetic changes (e.g. "20ms" -> "0.02s") in Istio VirtualService routes that it didn't add.

2022-07-11​

• Analytics is now available for sandbox creation events via the Signadot Dashboard.

2022-06-22​

• Fixed bug with the handling of X-Forwarded-Host header when passed to Sandbox URLs. This header if set is now passed through correctly to the workload.
• Fixed bug causing incorrect last updated time for sandboxes on the Dashboard.

2022-06-14​

• Creating Sandboxes is no longer supported via the UI. Please use the CLI or SDKs moving forward.
• Fixed an issue with istio header routing to support partial matches on the baggage header value.
• Improvements to Dashboard UI for configuring and setting up CLI.

2022-06-06​

• Resource provision/deprovision status is now shown in the Dashboard UI.
• Resource plugins now support Image Spec Version 1.0.
• Fixed bug in Operator that caused sandbox creation to fail when duplicate ContainerPorts are specified in the baseline deployment.

2022-06-01​

• Fixed bug where malformed image replacement rules caused a crash in the operator.

2022-05-31​

• Fixed an operator bug that could result in stale sandbox status information.
• API and UI now support force-delete of sandboxes.
• Various UI improvements related to Resources and Resource Plugins.

2022-05-16​

• Fixed CRD validation error when using Signadot Resources on a Kubernetes v1.19 or older cluster.

2022-05-04​

• Signadot Operator's controller-manager component now defaults to 512M of memory as opposed to 128M before.

• Signadot Operator now allows customising memory and cpu resources via helm values.yaml, for example:

  operator:
    cpu: 100m
    memory: 512Mi
  

• General improvements and bug fixes.

2022-04-26​

• Fix a crash in the UI which could occur while viewing Resource Details.
• Signadot Operator now ignores image replacements on baseline deployments with a malformed container image specification

2022-04-25​

• Forks can now have dynamic environment variables that resolve to a reference to a different fork within the same sandbox.
• Signadot Operator now allows overriding all images using helm value parameters.

2022-04-12​

• Sandboxes can now have associated Resources like databases whose lifecycles are tied to the Sandbox. Resources are provisioned and deprovisioned by Resource Plugins, which run inside the same cluster as the Sandbox.
• Signadot Operator can now be granted permissions to specific namespaces instead of cluster-wide.

2022-04-05​

• Email / Password based authentication is now supported.
• Inviting a new member to your organization now notifies them via email.

Bug Fixes:

• Fixes to Dashboard UI.
• Fixed Sandbox URLs not supporting the HTTP PATCH method.

2022-03-28​

• New "Authorized Domains" feature added that allows specific domains to be set up to automatically create users for people who log in with an email address that uses one of those chosen domains. This is a convenience feature for organizations with many users, so they do not have to manually create invitations for every person.

2022-03-21​

• Users can now authenticate using Google Sign In.
• New user management capabilities, including invites.
• Operator supports mode without mutating webhook.
• Cluster Status now shows unhealthy for clusters awaiting their first connection.

2022-02-23​

The major change in this release is that the "Workspace" concept has been renamed to "Sandbox" to better convey what it represents.

As part of the rename, we have introduced a new Helm chart (signadot/operator) and new container image repositories. The old Helm chart (signadot/workspaces) is still available, but is deprecated. Please see the Action Required note below if you need to migrate a cluster that was already running the old chart.

Note that the new Helm chart does not include the signadot Namespace object, so you will need to create the signadot namespace before installing the chart.

# Save the cluster-agent Secret.
kubectl -n signadot get secret cluster-agent -o yaml > /tmp/cluster-agent.yaml

# Remove the old chart.
helm uninstall signadot-workspaces

# Wait for the old 'signadot' namespace to finish finalizing.
# Let this run until you see the message: namespaces "signadot" not found
while kubectl get ns signadot; do sleep 5; done

# Create the 'signadot' namespace again.
kubectl create ns signadot

# Repopulate the cluster-agent Secret.
kubectl -n signadot create -f /tmp/cluster-agent.yaml
rm /tmp/cluster-agent.yaml

# Install the new chart (note the different chart name).
helm repo update
helm install signadot-operator signadot/operator

2022-02-14​

• Dashboard: new overview page provides high level usage and statistics.
• API/Operator: added support for forking Argo Rollouts into Signadot Workspaces.
• Minor bug fixes and general improvements.

2022-02-07​

• Dashboard: Support for creating workspaces with deployments from multiple namespaces.
• Minor bug fixes and general improvements

2022-01-31​

• Minor bug fixes and general improvements

2022-01-18​

• Dashboard: You can now see if a Cluster is connected and the Signadot components are running.
• Minor bug fixes and general improvements

2022-01-10​

• Minor bug fixes and general improvements

2021-12-27​

Major Updates​

• Operator: All operator components will be deployed into a single signadot namespace moving forward and the old signadot-operator namespace will be removed automatically. No additional action is required during an upgrade.

Bug Fixes​

• API: Fixed a spurious warning related to preview endpoints even when specified correctly.

2021-12-13​

Major Updates​

• API: Added a new {workspaceID}/ready subresource that can be polled to wait for a workspace to become ready.

Minor Updates​

• API: Preview endpoints are returned as part of each Workspace result.

Bug Fixes​

• Dashboard: Fixed various UI bugs.

2021-12-06​

Major Updates​

• Dashboard: Preview URLs are now generated for the baseline deployments shown on the UI so you can compare the forked Deployment's behavior to it.
• Dashboard: Deployment details now shows additional tab for Pods that can be used to debug unhealthy workspaces.

Minor Updates​

• API: Custom preview endpoints can now have arbitrary top-level domain and point to ingress gateways and external endpoints, instead of being limited to internal Kubernetes services.
• API: Workspaces are no longer created for API calls corresponding to GitHub Pull Requests that have already been closed.
• Dashboard: Added examples for interacting with Workspaces via their preview endpoints.

Bug Fixes​

• Dashboard: Fixed crash when accessing workspace details for certain older workspaces with no name set.
• API: Improved error codes and messages returned by workspace APIs.

2021-11-22​

Minor Updates​

• Operator: Updated RBAC to add permission to read / write Kubernetes events for error reporting.
• Dashboard: Workspace details page will report health of forked deployments.

Bug Fixes​

• Dashboard: Fixed an issue where custom environment variables disappear from the UI.
• Dashboard: Fixed crash when visiting a deep link to the deployment details page.

2021-11-15​

Major Updates​

• Operator: Workspace readiness is now reported by the operator via the SignadotWorkspace object.

Minor Updates​

• Dashboard: Each forked deployment will now report readiness status on the UI.
• Dashboard: You will now get notified on the Clusters tab when there is a new operator version available.
• Previews: Improved error messages when preview endpoint is configured incorrectly.

Bug Fixes​

• Operator: Fixed bug causing gRPC connection leaks in the sidecar proxy.

2021-11-08​

Major Updates​

• Operator: Operator supports setting custom annotations on all components via helm values.

Minor Updates​

• Dashboard: Improved new user UX around connecting clusters and creating the first workspace.
• Operator: Operator will gracefully reconnect when connection fails rather than crashing the agent pod.

Bug Fixes​

• API: Fixed bug where preview URLs associated with old workspaces were returned as null from the API.
• Dashboard: Fixed bug where the name and tag of the custom image associated with a workspace created by a pull request was hidden.

2021-11-01​

Major Updates​

• API: defaultService and defaultServicePort fields are now deprecated in the Create a new workspace and Create or Update workspace from Pull Request APIs and are superseded by endpoints.
• Dashboard: New and simplified UI for creating workspaces on-demand.
• Dashboard: UI to inspect and filter logs for forked deployments.

Minor Updates​

• Operator: RBAC permission for getting namespaces in connected clusters

Bug Fixes​

• Dashboard: Fixed crash in the environment variable editor

2021-10-21​

Major Updates​

• Dashboard: New UI for modifying environment variables associated with any forked deployment at runtime.

Minor Updates​

• Dashboard: Performance and minor UX improvements.

Bug Fixes​

• API: Create or Update workspace from Pull Request API now returns a warning if an invalid pull request number is specified.

2021-10-14​

Major Updates​

• Dashboard: You can now see all forked deployments and images associated with them under workspace details.

Minor Updates​

• Dashboard: Improvements to Workspace Details and Create Workspace.

Bug Fixes​

• Operator: Fixed noisy logs.

2021-10-08​

Bug Fixes​

• Operator: Fix Workspace creation error when one or more Kubernetes Services has an empty selector.

2021-10-07​

Major Updates​

• Dashboard: You can now delete cluster entries that are no longer needed. This will also remove workspace entries tied to those clusters.

Minor Updates​

• Operator: The workspace copy of a Deployment will now always have only 1 replica.
• Operator: The outgoing connection to the tunnel server is now made on the standard HTTPS port (443).

2021-09-30​

kubectl delete crd signadotworkspaces.signadot.com

kubectl -n signadot-operator delete pods --all --wait=false

Major Updates​

• Operator: The SignadotWorkspace CRD is now a cluster-wide resource instead of being scoped to each namespace.
• Operator: Workspace changes made through the API or Dashboard will now be re-synchronized into clusters periodically, allowing cluster state to self-heal after temporary synchronization errors.
• Operator: Kubernetes resources like Services, Deployments, and Pods that the operator creates now have more descriptive object names.
• Dashboard: The status of each Workspace is now shown in the table view, and any synchronization errors are shown on each Workspace's details page.
• Dashboard: Table views for Workspaces, Clusters, and API Keys are now paginated and searchable.
• Dashboard: You can now specify labels to copy from the baseline version of a Pod to the new Pod created for a workspace. This is in the global Settings page and applies to all workspaces in all clusters.

Minor Updates​

• Dashboard: The full value of an API key or Cluster Token is now only shown at creation time. If you don't have the value of an old token saved, you can delete it and create a new one.
• Operator: You can now specify additional labels to be added to all the Signadot Operator components when installing the Helm chart. These labels will not apply to the copies created from baseline services.
• API: Published "Create a new workspace" API for creating workspaces outside a PR workflow

Bug Fixes​

• Previews to gRPC services now work with more gRPC clients thanks to ALPN support.

2021-09-10​

Major Updates​

• You can now use workspace preview URLs with services in Kubernetes that are serving HTTPS & gRPC traffic

2021-09-03​

Major Updates​

• You can now preview Kubernetes manifest changes as well as code changes.
• You can now connect multiple Kubernetes clusters to one Signadot account.

Minor Updates​

• Signadot now posts commit statuses on PRs to expose the workspace dashboard and preview URLs, instead of relying on your own CI automation to do it.

Bug Fixes​

• API: Fixed error when creating a workspace for a PR when there is already a workspace for another PR in the same repo.
• Operator: Fix SchemaError ("array should have exactly one sub-item") when running on Kubernetes versions older than v1.18.

2021-08-25​

Bug Fixes​

• Preview URLs: Fixed HTTP 405 error when using HTTP methods other than GET.
• API: Fixed error when using different capitalization for GitHub org names, which should be case-insensitive.
• Operator: Report an error in SignadotWorkspace status if a container image replacement was specified, but the intended image was not found in any baseline services.
• Agent: Attempt to improve stability of tunnel connection and add logging for further debugging.

2021-08-20​

Major Updates​

• Support for including Kubernetes manifest changes in workspaces created through the CI workflow.

Minor Updates​

• Use a custom header (signadot-api-key) for Signadot API Key authentication to avoid overlapping with headers used by the service being proxied through a preview URL.
• Set the de facto standard X-Forwarded-Host and X-Forwarded-Proto headers on requests coming through a preview URL so the underlying service can discover its own preview URL for use in third-party callbacks.

Bug Fixes​

• Fix duplicate port name error when the baseline Deployment's Pod template has multiple container ports with the same name.

2021-08-10​

Major Updates​

• Support previewing Kubernetes manifest changes (e.g. Deployment spec) from a PR branch, alone or alongside code changes.
• Support setting ephemeral environment variable overrides (without touching Kubernetes manifests) from the workspace dashboard UI.
• Create a workspace by hand through the web UI instead of only through a CI pipeline.

Bug Fixes​

• The Signadot GitHub App can now be installed on a personal (non-org) account.
• The in-cluster Signadot Agent now uses keep-alive pings to prevent the tunnel connection from getting killed.

2021-07-22​

Major Updates​

• Support Signadot API key auth for preview links in addition to GitHub OAuth sign-in, making it easier to access preview links programmatically or from the command line.
• Signadot Operator no longer depends on cert-manager as a prerequisite.

2021-07-13​

Major Updates​

• First Signadot release with support for Workspaces.