2026-05-13​

CLI v1.6.0​

Added​

• New signadot plan command family for managing plans, tags, and executions.
• New signadot plan action commands for inspecting available actions.
• New signadot secret commands for managing Control Plane Secrets.

Fixed​

• signadot local connect in background agents and remote IDE environments where the user's PATH doesn't include /usr/sbin.

Security​

• Dependency and security updates.

Integrations​

Added​

• signadot-plan: Agent skill for authoring reusable Signadot plans end-to-end.
• signadot-validate: Agent skill that validates code changes against real cluster dependencies before declaring a task done.

API / Control Plane​

Added​

• Plans (initial release): New plan runtime for authoring and executing multi-step validation plans built on top of pluggable Actions.
• Initial set of plan actions published at signadot/actions, ready to reference from your plans.
• Control Plane Secrets (initial release): New API for storing user-managed secrets with KMS envelope encryption, available for use from plan executions. Write access is restricted to the admin role.

Fixed​

• Sandbox update Route Group conflict check now validates against current DB state, fixing a race where stale state could allow conflicting updates.

Security​

• Dependency and security updates.

Dashboard​

Changed​

• Sidebar reorganization:
  • "Testing" renamed to Validations, with Jobs / Smart Tests / Test Executions grouped under a CI subsection.
  • Job Runner Groups moved out of Validations into a new Runners subsection under Platform.
  • New Managed Runners page (under Platform → Runners) that surfaces runner status per cluster. See Enabling Plan Runner Groups for the Plan Runners side. Smart Test Runner configuration was moved here out of Settings → General.

Security​

• Dependency and security updates (npm packages).

2026-04-16​

Operator 1.3.1​

Added​

• Support for enabling DevMesh sidecar injection at the namespace level via the sidecar.signadot.com/inject label on a Namespace (docs).
• Support for preserving baseline labels and annotations on GatewayAPI derived routes via the new gatewayAPI.preservedLabels and gatewayAPI.preservedAnnotations Helm values (docs).
• Support for route customization on GatewayAPI HTTPRoute and GRPCRoute via the gateway-api.signadot.com/json-patch annotation (docs).

Fixed​

• RBACs for Signadot Agent now include read access to Forked and Virtual Workloads.
• Security updates.
• Improved error Messages for Sandboxes.
• Improved error handling for clusters without Argo Rollout support.

2026-04-14​

API / Control Plane​

Security​

• Dependency and security updates.

Dashboard​

Added​

• Use searchable Select for cluster picker in Route Group form.

Security​

• Dependency and security updates.

2026-03-12​

Dashboard​

Added​

• New two-panel sidebar navigation layout for improved navigation experience.
• Added Jobs tab in the sandbox details page (#111).
• Improved look and feel for managing environment variables in sandbox configuration.
• Enhanced Recent Activity widget with actor information and richer event data.

Changed​

• Revamped the analytics page with a new design.
• Improved look and feel across pages.

Fixed​

• Fixed an issue where the executions page would fail to display data.
• Fixed the cluster playground banner not displaying correctly when no clusters were connected.

2026-03-10​

API / Control Plane​

Fixed​

• Fixed a bug in status computation that caused a sandbox's last updated timestamp to be incorrectly bumped when its status changed, making sandboxes with an updatedAt-based TTL live longer than intended.

2026-03-02​

CLI v1.5.0​

Added​

• New --disable-elicitation flag for signadot mcp to disable elicitation in MCP interactions. Elicitations can cause problems with some agents such as recent Cursor CLIs.
• New agent skills for AI-assisted workflows.
• signadot auth token prints out a browser based authentication token.

Changed​

• signadot sandbox get-env no longer shows comments by default, making it evaluable in more contexts such as $(signadot sandbox get-env) when there is more than 1 environment variable. Use the -s flag to include the comments.

Fixed​

• signadot sandbox get-{env,files} Argo Rollout support, previously broken by lack of knowledge of the Argo Rollout CRDs in cluster.

Security​

• Patched CVE-2026-25934 by upgrading go-git to v5.16.5.

2026-02-26​

API / Control Plane​

Added​

• Audit Log / Events: Introduced a comprehensive event tracking system with actor attribution, covering sandbox, route group, cluster, and other resource lifecycle events.

Changed​

• Improvements to status computation of in-cluster entities to improve responsiveness.

Dashboard​

Added​

• Audit Log UI: New audit log page displaying real-time events with actor information for tracking changes across sandboxes, route groups, clusters, and other resources.

Changed​

• Improved new user experience with clearer empty states and "create first" prompts.
• Improved cluster token button visibility.

Security​

• Dependency and security updates.

2026-02-13​

Dashboard​

Changed​

• Improved overview page with recent activity and quick actions.

Fixed​

• Fixed description field truncation in sandbox tables.

2026-02-06​

Operator v1.3.0​

Added​

• Gateway API Support (Alpha): Full implementation of Kubernetes Gateway API for request routing as an alternative to Istio VirtualServices. Enables sandbox routing via HTTPRoute resources for clusters using Gateway API-compatible ingress controllers (docs).
• Query Parameter Routing: Route requests to sandboxes using a query parameter (?sd-routing-key=<routing-key>) in addition to header-based routing (docs).
• Istio Route Customization (Alpha): Support for customizing Istio VirtualService routes via the istio.signadot.com/json-patch annotation, allowing operators to add headers, set timeouts, configure retries, and apply other modifications to Signadot-generated routes (docs).

Changed​

• Improved Proxy Resilience: Added dial timeouts and connection retries to proxy connections for better handling of transient network issues.
• Improved Sandbox Readiness: Improved sandbox routing readiness evaluation by considering only ready baseline pods when verifying DevMesh availability.

Removed​

• Tunnel Auditor: The Envoy-based tunnel auditor has been removed from the operator. When Istio or Linkerd is enabled, the tunnel-proxy pod receives the appropriate mesh sidecar injection instead.

Fixed​

• Helm Chart Empty Value Defaults: Fixed an issue where empty Helm values for optional fields (e.g., istio.additionalLabels) caused operator startup failures.
• Fork Pod Restart Behavior: Fork pods no longer copy the restartedAt annotation from baseline pods, preventing unintended pod restarts.
• Job Runner Groups: Fixed a scheduling bug in Job Runner Groups that prevented parallel executions when using multiple runners.

Security​

• Dependency and toolchain updates.

Dashboard​

Changed​

• Added resizable side panel for viewing and editing Route Groups.

Fixed​

• Fixed Signadot pull request labels not showing in sandbox details.

2026-01-29​

Dashboard​

Changed​

• Redesigned Cluster, Job, ResourcePlugin, and RouteGroup details pages with improved layout.

Security​

• Dependency and security updates.

2026-01-21​

Dashboard​

Changed​

• Redesigned sandbox details page with card-based layout and various UI improvements.

2025-12-30​

API / Control Plane​

Added​

• Added support for enforcing the concurrent Devboxes billing constraint.

Changed​

• Handled "not found" cases as non-errors in the MCP get_sandbox and get_routegroup tool calls.
• Improved the cluster removal process by cleaning up all related entities.

Dashboard​

Changed​

• Improved look and feel of jobs list page and several other tables including hosted tests.

Fixed​

• Fixed bug with search in jobs page.

2025-12-17​

CLI v1.4.0​

Added​

• New signadot mcp command to run a local MCP (Model Context Protocol) server that connects to Signadot's hosted MCP service at mcp.signadot.com. This enables AI coding assistants like Claude Code to interact with Signadot resources (docs).
• Support for --insecure-storage flag in signadot auth login for environments where keyring is unavailable (e.g., headless servers, containers).
• New devbox commands for managing developer workstations (signadot devbox list, signadot devbox register) (docs).

Changed​

• Improved status output formatting for signadot local connect:
  • Use bullets instead of check marks for devbox session status
  • Renamed "Connected Sandboxes" to "Mapped Sandboxes"
  • Show devbox ID in session status line
• signadot traffic inspect no longer requires a directory flag, defaulting to $HOME/.signadot/traffic/watch-json.

Fixed​

• Improved handling of restarts during signadot local connect initialization.
• Fixed race conditions in channel close operations for signadot traffic record and locally mapped sandboxes.

API / Control Plane​

Added​

• Support for Model Context Protocol (MCP) server at mcp.signadot.com for AI-assisted sandbox management (docs).
• Support for Devboxes, an entity for tracking and managing signadot local connect sessions (docs).

Security​

• Dependency and security updates.

2025-12-16​

Dashboard​

Changed​

• Refreshed sidebar and tables for a cleaner look and more uniform presentation of information.

Fixed​

• Resolved several UI bugs and repaired broken links across the app.

Security​

• Dependency and security updates.

2025-12-03​

Dashboard​

Added​

• Added informational message in sandbox logs indicating that logs for local workloads are not available in the dashboard.

Fixed​

• Fixed analytics events being truncated due to query limit constraints.

2025-11-13​

Dashboard​

Security​

• Applied several security fixes to improve overall platform safety.

2025-11-11​

Chrome Extension v2.1.0​

Fixed​

• Fixed bug causing the extension to inject no headers when using multi-cluster Route Groups.

2025-10-31​

CLI v1.3.0​

Added​

• New traffic commands (traffic record and traffic inspect) for live access to traffic destined to sandbox workloads (docs).
• New local override command for dynamically overriding individual endpoints or gRPC procedures (docs).

Fixed​

• Fixed an issue in local connect on systems with slow forks, where the CLI would report it was not connected and exit when in fact it was connected.

API / Control Plane​

Added​

• Support for sandbox middleware.
• Support for routing forwards.
• Support for virtual workloads.

2025-10-29​

Operator v1.2.0​

Added​

• Middleware Support: Sandboxes now support configurable middlewares through spec.middlewares, enabling request/response transformation and traffic manipulation. Built-in middlewares are provided and do not require custom resources.
• Override Middleware: This capability allows sandboxing specific API calls and overriding them locally while still using the sandbox (or baseline) for other API calls.
• Traffic Recording Middleware: New traffic observation capabilities for monitoring and recording HTTP/gRPC traffic flows within sandboxes.
• Smart Tests Secrets: Secrets can now be mounted onto managed Runner Groups and then used in Smart Tests as needed for using credentials etc in them.
• Cluster Token Rotation: Automatic detection and reloading of cluster token changes by all operator services.
• Cluster Config Reload: Operator services now automatically restart on Helm upgrade when cluster configuration changes.

Changed​

• Istio Integration: Fixed and improved support for TCP services over tunnel-proxy with proper appProtocol configuration.
• Host Header Handling: Original host is now preserved in operator proxies for better application compatibility.

Fixed​

• Resource Failure Handling: Proper reporting of resource failures in sandbox status.
• DevMesh Sidecar: Bug fixes in DevMesh sidecar and HTTP CONNECT handling.

Security​

• Dependency Updates: Upgraded updated all dependent libraries.

2025-10-16​

API / Control Plane​

Fixed​

• Subscription management now correctly handles upgrades after downgrade due to payment failure.
• Improved error message when SSO is enforced by administrator and login is denied.

2025-10-08​

Dashboard​

Fixed​

• Bug causing Sandbox Details > Workloads tab to crash when sandbox contains local workloads (#108)

2025-10-03​

API / Control Plane​

Fixed​

• Issue causing mismatches between sandboxes and their associated route groups.

2025-10-02​

API / Control Plane​

Added​

• Local sandboxes created via UI or API now display a warning that CLI is required for proper local machine association.

Fixed​

• Improved playground cluster creation for higher reliability.

Removed​

• Legacy Upsert Sandboxes API (POST /repos/{repo_owner}/{repo_name}/pulls/{pull_number}/workspaces/) deprecated in 2023.

Security​

• Golang and toolchain dependency upgrades.

2025-09-18​

API / Control Plane​

Added​

• Support for Multi-Cluster Route Groups. Available in CLI v1.2.0+

Fixed​

• Smart Test executions are now faster by up to 30% due to performance optimizations in the execution controller.

Dashboard​

Added​

• Multi-Cluster Route Groups can now be created using the Route Group editor.

Fixed​

• Resolved a visual bug that was incorrectly hiding some endpoints when you first loaded a Route Group.

2025-09-03​

API / Control Plane​

Fixed​

• Fixed an issue that prevented smart tests from running properly within route groups.

CLI v1.2.0​

• Fixed support in the get-env command for Kubernetes dependent variables

2025-08-21​

API / Control Plane​

Fixed​

• Fixed minor bugs in self-service plan handling.
• Fixed a rare race condition in synchronizing JobRunnerGroups into the cluster.

Security​

• Dependency updates.

2025-08-07​

Operator v1.1.0​

Added​

• Sandboxes now support a new sandboxed workload type called a VirtualWorkload used to intercept traffic to a baseline without providing an alternate backing workload.
• A new central traffic-manager replaces the sandbox-traffic-manager sidecars.
• The Helm install now supports providing the cluster token in values (--set agent.clusterToken)
• The Helm install now supports providing the name of the Secret used to hold the cluster token (--set agent.tokenSecret)
• All operator workloads except the routeserver now allow for configuring the number of replicas with Helm values.

Changed​

• When running with Istio enabled, we now skip instrumentation of HTTPRoutes which contain matches for OTel baggage or tracestate headers or custom headers. Such HTTPRoutes are problematic to combine with our request routing.
• Kubernetes Probes no longer pass through the sandbox traffic manager in sandboxes, rather they go directly to the main application.

Removed​

• The sandbox-traffic-manager component has been removed, including the associated sandboxTrafficManager helm values section.
• Istio deprecatedHostRouting is no longer supported and has been removed from Helm values.

Fixed​

• When running with Istio enabled, modified VirtualServices now preserve the exact syntax of pre-existing HTTPRoutes.

Security​

• Upgrade of dependent libraries.

CLI v1.1.0​

Added​

• signadot cluster devmesh analyze command docs here.
• Automatic refresh of login credentials.
• Downward API is now included in the output to signadot sandbox get-env

Fixed​

• Non-overriden environment variables are now pulled correctly with signadot sandbox get-env.
• The case of no file mounts now produces correct output with signadot sandbox get-files.

Security​

• Updated libraries

2025-08-06​

API / Control Plane​

Added​

• Resources that are part of sandboxes can now be updated.

Fixed​

• Handling of Argo Rollouts with workloadRef now returns an error indicating they are unsupported.

Security​

• Dependency and image updates.

Dashboard​

Added​

• Self-service upgrades and downgrades to the Business plan, including the ability to purchase addons.

Backstage Plugin v0.1​

Added​

• Backstage plugin published at version 0.1 (plugin listing, source).

2025-07-15​

Dashboard​

Added​

• API Keys now show last used timestamp for all new API keys.

Fixed​

• Fix analytics page label filtering to allow "/" in label keys / values.
• Fix analytics page default rate range.
• Fix content security policy to show user avatar on Dashboard.

API / Control Plane​

Security​

• Security dependency fixes.

2025-07-02​

CLI v1.0.0​

Added​

• Support for extracting Environment Variables, ConfigMaps, and Secrets from the cluster to configure local processes in the context of local sandboxes. See the documentation for details.

Changed​

• signadot auth login now opens a browser automatically when possible instead of only echoing a URL.

Security​

• Upgrade dependent libraries, fixing some security vulnerabilities.

Dashboard​

Fixed​

• Fixed issue with overview page being unable to play linked videos due to Content Security Policy.
• Fixed operator upgrade notification to correctly apply to the v1.x series.
• Fixed incorrect date range being applied when setting start / end dates under Analytics.
• Fixed issue with adding new clusters not showing the created cluster token and instructions.

2025-06-27​

Operator v1.0.0​

Added​

• Experimental support for Istio Ambient mode (documentation).
• Support for custom labels and annotations for Istio and Linkerd components.
• Support for turning off signadot local access via ControlPlaneProxy using a helm parameter.

Changed​

• The Helm values configuration for the signadot-controller-manager has been moved from .operator. to .controllerManager. namespace for improved clarity. The following values are affected:

  Old Configuration	New Configuration
  operator.image	controllerManager.image
  opeator.imagePullPolicy	controllerManager.imagePullPolicy
  operator.resources	controllerManager.resources
  operator.replicas	controllerManager.replicas

  You can find the new parameters in the Operator v1.0.0 README.

• DevMesh sidecar now preserves the x-request-id header for requests originating from outside the mesh.

• Upgraded istio/client-go to v1.26.1 which adds support for "Direct Response" in VirtualServices.

Removed​

• SignadotRoute CRD has been removed (unused since v0.14.0).

Fixed​

• Fixed a race condition in the Job controller triggered by Kubernetes Pod migration across nodes.
• Fixed a race in the initialization of the webhook for replicas exceeding 1.

Security​

• Upgrade of dependent libraries and compilers.

API / Control Plane​

Fixed​

• Fixed a control plane crash that occurred when the orphaned resources garbage collector encountered certain edge cases.

2025-06-13​

API / Control Plane​

Added​

• Introduced an enhanced billing and usage tracking system. Existing organizations will be transitioned to the new platform.

Dashboard​

Fixed​

• Fixed navigation problems in Sandbox details page for logs associated with forks & resources.

2025-06-05​

API / Control Plane​

Security​

• Dependency upgrades and security fixes.

Dashboard​

Added​

• Billing: New usage & billing view for self-service users and orgs.
• Notifications: Notifications are now shown on the "Overview" page when usage nears quotas / limits.

Fixed​

• Improved reliability of the email-verification flow during signup.

2025-05-29​

CLI v0.9.1​

Added​

• signadot/community#23: Implementation of signadot auth commands for improved authentication management.
• Added label selection and local listing capabilities to signadot st (smart-test) command.

Changed​

• Upgraded Go runtime to version 1.24.
• General dependency updates and improvements.

Fixed​

• Fixed authentication failures when using signadot local connect with remote Kubernetes clusters by improving environment variable handling, particularly for AWS SSO and similar authentication methods.

2025-05-15​

Dashboard​

Fixed​

• Fixed bug that caused new signups to fail with error: unable to fetch organization data

2025-05-13​

Dashboard​

Fixed​

• Hosted Tests: Resolved a bug in the Hosted Test Editor where clicking Save & Run on a brand‑new test failed to start the run. The action now correctly saves the test and launches it immediately.
• Sandbox Logs: Logs are now visible on the Sandbox Details page for Forks whose Workload type is Argo Rollout.

2025-05-12​

API / Control Plane​

Fixed​

• signadot/community#78: When creating a Resource Plugin, if no namespace is specified, it now defaults to "default".

Dashboard​

Added​

• Bulk User Invites: You can now invite multiple users to your organization in one go, streamlining the onboarding process.
• UI Improvements: Polished the user invite interface for clarity and ease of use.

2025-05-02​

Chrome Extension v2.0.0​

Added​

• Added support for specifying traceparent header following the W3C TraceContext specification. This helps ensure routing headers are preserved when using tracestate, as some libraries are known to drop tracestate during context propagation if traceparent is not present.
• signadot/community#77: Added logout option within the extension.

Fixed​

• Improved UI consistency with better loading states and alignment with dashboard styling.
• Fixed race conditions that caused incorrect or unexpected header injections during state transitions.

2025-05-01​

Dashboard​

Fixed​

• Fixed "not saved" message regression in UI when writing Hosted Smart Tests.
• Improved web performance through caching and compression.

Security​

• Security updates to dependencies and infrastructure components.

2025-04-25​

Dashboard​

Fixed​

• Fixed a bug in the UI-based sandbox spec editor that caused certain mutations to be denied incorrectly.

2025-04-23​

API / Control Plane​

Fixed​

• Fixed a bug where multiple error responses were sent in certain 4xx failure cases.
• Improved cluster connection reliability under load through control plane enhancements.

Changed​

• The control plane now limits agents (part of the operator) to a maximum of 3 parallel connections per cluster to prevent abuse. This change is not generally user-facing but may affect setups with improperly configured agents.

2025-04-17​

Dashboard​

Added​

• Enhanced filtering capabilities and improved search across all pages.
• Improved visual styles across all pages for consistency.

Fixed​

• Resolved redirect issues with certain links that were causing loss of navigation history.

2025-04-08​

API / Control Plane​

Added​

• Support for externally sourced Smart Tests that can be stored in source control.
• Support for querying executions using runID, test name, and source.
• Support for distinguishing between published & unpublished executions.

Changed​

• When executing Smart Tests on sandboxes, one reference sandbox is shared by all test executions in the same run (with the same runID). Previously one was created for each test execution.

CLI v0.9.0​

Added​

• Added support for source control configuration to store, manage and run Smart Tests.
• Added signadot smart-test sub-command and it's corresponding alias st.
• Added signadot smart-test execution sub-command for managing smart-test executions.

Dashboard​

Added​

• Enhanced UI with redesigned theme for improved readability and visual consistency.
• Introduced new Executions view with filtering capabilities for managing executions of hosted and externally sourced Smart Tests.
• Improved Smart Test reporting interface within Sandbox details.

Fixed​

• Resolved layout and presentation inconsistencies across Sandboxes, Jobs, and Smart Tests pages.

2025-03-20​

Dashboard​

Fixed​

• Auth: Fixed an issue where new users encountered an error instead of the email verification page during signup.

2025-03-14​

API / Control Plane​

Changed​

• Creation and modification of Job Runner Groups can now performed only by the admin role. See spec for details.

Fixed​

• Fixed issue that caused some smart test diffs to be classified incorrectly as medium / high relevance.
• Fixed rare issue that caused deadlocks in the control plane during cluster connects/disconnects.

2025-03-07​

Dashboard​

Added​

• Improved new user onboarding with a new "Getting Started" section on the Overview page.

Fixed​

• Auth: Fixed email verification flow during user creation to remove the need for a user to login again after verifying their email.
• Auth: Fixed confusing error message when a user with an existing account attempts to sign up.
• Fixed bug that caused Sandboxes list page to crash when there were test failures.

Security​

• Updates to dependencies & general improvements.

2025-03-04​

Operator v0.19.3​

Added​

• Replica Scaling: Allowed running controller-manager with more than one replica - this is expected to help the DevMesh sidecar injection be highly available.
• Resource Customization: Allowed parameterization of injected container resources, including init containers and sidecars.

Security​

• Container Permissions: Reduced the scope of permissions of routing init containers.
• Base Image Update: Switched operator base images to Alpine for improved security and efficiency.
• Dependency Upgrades to address various CVEs and general security improvements.

2025-02-27​

Dashboard​

Added​

• Smart Tests status is now displayed on the Sandboxes page for improved visibility.

Fixed​

• Resolved an issue preventing GitHub-authenticated users from inviting others.
• Improved table layout and visual consistency for Sandboxes, RouteGroups, and Clusters.

2025-02-20​

API / Control Plane​

Fixed​

• More Reliable Notification Production - Fixed bugs in the notification system to ensure GitHub notifications are delivered more reliably.
• Fixed bugs causing missing sandbox status information on jobs and test executions during sandbox list.
• Security Fixes and Dependency Upgrades.

Removed​

• Sandbox updates no longer count towards monthly quota (as reflected in pricing).

Dashboard​

Added​

• Improved UI for organization creation flow.

Fixed​

• Fix Icon Alignment/Size - Corrected inconsistencies in UI icons related to Test / Job runs.
• Fix Web Vulnerabilities - Addressed security issues affecting the web platform

2025-02-12​

CLI v0.8.2​

Added​

• Added flag --wait to signadot job sub-command.
• Passing -o yaml or -o json to signadot sandbox get or signadot sandbox list now shows summary information about any associated Tests or Jobs. See the Sandbox Status docs for details.

Fixed​

• Fixed case where using Signadot CLI with CloudFlare WARP caused local connection to stop working.
• Added health checks to improve self-healing when there are disruptions to the local workstation tunnel.
• Applied security fix for CVE-2024-45337.

2025-02-05​

API / Control Plane​

Added​

• Support for displaying Sandbox status in GitHub PRs using the Signadot GitHub application.

Fixed​

• Improve enforcement of tunnel server request deadlines.

2025-02-04​

Dashboard​

Added​

• New UI to edit and update workloads (images, environment variables) under Sandbox details.

Fixed​

• Fixed signadot/community#54: environment variables couldn't be updated using the UI when secrets were used.

2025-01-31​

API / Control Plane​

Added​

• Support for running checks as part of Smart Tests. See checks for details.
• Extended sandbox status under the sandbox-list and sandbox-get API endpoints to include jobs and test execution summaries.
• Added DisableSandboxTrafficManager field to sandbox spec.

Fixed​

• Fixed ambiguous relation between Jobs and Routing Keys.

Dashboard​

Added​

• Added UI support for presenting results of checks as part of Smart Tests.
• Revamped and improved presentation of the Smart Test results page.

2025-01-20​

Operator v0.19.2​

Added​

• Resource limits and requests for operator components are now included and configured via helm values.yaml.
• Support for iptables-nft in the operator. This can be turned on via the helm flag routing.iptablesMode.

Changed​

• traceparent is now correctly injected alongside tracestate when using automatic routing key injection for jobs.
• agent now uses recreate deployment strategy by default to reduce the chances of races during operator upgrades / downgrades.

Fixed​

• A memory leak was identified and resolved in the sandbox-traffic-manager component.
• HTTP CONNECT is correctly passed through sandbox-traffic-manager when using traffic capture under Smart Tests.
• The job-executor-proxy component used when running Smart Tests now correctly excludes localhost traffic.
• Setting AllowedNamespaces in helm now correctly configures scoped RBAC permissions.
• Upgraded Envoy in tunnel-proxy-auditor component to v1.32 to fix support for HTTP CONNECT traffic.

2025-01-09​

API / Control Plane​

Fixed​

• Added protection against rapidly re-connecting agents, which could cause a resource leak.
• Mitigated a race between API deletion of resources and cluster sync which could leave orphaned in-cluster custom resources.

2024-12-20​

API / Control Plane​

Fixed​

• Resolved issue in SmartTests execution controller to correctly handle deleted sandboxes.
• Ensured the injection of the traceparent header alongside tracestate when using the hosted Preview URLs and Sandbox Details > Explore UI in accordance with the TraceContext specification.

2024-12-19​

Chrome Extension v1.2.0​

Added​

• Support for custom routing headers: See custom headers for more information.
• Visual enhancements:
  • Added an indicator to show when the extension is active.
  • Introduced a details panel to display information about injected headers.

Fixed​

• Resolved an issue that occasionally prompted users to log in even after a successful login.
• Fixed flickering issues that occurred when opening the extension.

Dashboard​

Fixed​

• RouteGroups list view now shows the cluster in which each RouteGroup exists.
• Fixed bug that broke syntax highlighting in the SmartTest Editor.
• Improved behavior of the "unsaved test" indicator in the SmartTest Editor.

2024-12-12​

API / Control Plane​

Fixed​

• Improved behavior related to .values.allowedNamespaces that can be set during installation.
  • Improved validation of entities against the list of namespaces.
  • Improved Kubernetes API calls to honor the above setting.

Dashboard​

Added​

• Added support for editing Job Runner Group specifications.

Fixed​

• Search & filter now correctly reset pagination.
• Fixed cluster configuration section under clusters to correctly show headers that will be used for routing.
• General improvements and bug fixes.

Changed​

• Improved the UX to edit the sandbox specification by allowing edits in-place.

2024-12-03​

Operator v0.19.1​

Removed​

• The operator no longer routes using the following HTTP/gRPC headers by default:
  • uberctx-sd-routing-key
  • uberctx-sd-sandbox
  • ot-baggage-sd-routing-key
  • ot-baggage-sd-sandbox If you are making use of these, please use the new custom headers settings described below. If you are using the standard OpenTelemetry baggage or tracestate headers, no action is necessary.

Added​

• Support for the Linkerd service mesh, install with helm value linkerd.enabled = true.
• Support for custom routing headers. See custom headers for details.
• We have added support for eliding specific headers from traffic captured when running Smart Tests, install with helm values trafficCapture.requestHeadersElide and trafficCapture.responseHeadersElide.

Fixed​

• Fixed the handling of X-Forwarded headers in the devmesh sidecar and the sandbox traffic manager.
  • X-Forwarded-For now appends client IP address at each hop of a series of proxies.
  • X-Forwarded-Host is set when absent or pass-through when present.
  • X-Forwarded-Proto is set when absent or pass-through when present.
• Various behavior and error messages have been fixed when running under restricted namespaces (using the allowedNamespaces helm value).
• JobRunnerGroup controller now preserves user-provided imagePullSecrets for images in JobRunnerGroup pods.

Changed​

• Resolved an issue with the sandboxTrafficManager.enabled helm value, which previously required the string values "true" or "false" instead of boolean values.
• It is now possible to use the sandbox traffic manager component for sandbox forks while independently controlling traffic capture for specific scenarios like Smart Tests using the trafficCapture.enabled helm parameter.
• When running with restricted namespaces, signadot namespace is now always included by default.

API / Control Plane​

Fixed​

• Synchronizing a draining JobRunnerGroup to a cluster now checks if the cluster's JobRunnerGroup exists and is up to date during draining.
• When a cluster is deleted, any Smart Test triggers associated with it are also deleted.

2024-11-15​

API / Control Plane​

Added​

• signadot/community#58: Support for running Smart Tests. See guide for details.

Dashboard​

Added​

• Creating & managing Smart Tests.
• Integration of Smart Tests with Sandboxes: Smart Tests executed for a specific Sandbox are now displayed on the Sandbox details page.

2024-11-06​

Dashboard​

Fixed​

• UI now allows creating Route Groups containing more than one match criterion using the same label key.

2024-10-30​

Operator v0.19.0​

sandboxTrafficManager:
  enabled: false

Added​

• Sandbox Traffic Manager component that enables traffic recording for API SmartDiff tests.
• Job Executor adds support for test traffic recording for API SmartDiff tests.

Fixed​

• Fixed bug that could cause Route Server clients (such as the DevMesh sidecar) to freeze as a result of a deadlock when handling connection errors.
• Upgraded components to use go1.23.

Changed​

• DevMesh sidecar now rejects requests containing routing keys upon error communicating with the route server. The status of such rejected requests is 599.

2024-10-17​

API / Control Plane​

Fixed​

• Fixed case of Job reporting failed status incorrectly followed by a retry operation.

Changed​

• Changes to job reconciliation logic to exclude completed jobs, improving time taken for jobs to queue and complete.
• Relaxed Resource Plugin validations (now the API accepts empty create and delete workflows).
• Downward API environment variables are now applied to all baseline containers.
• Upgraded components to use go1.23.

Dashboard​

Fixed​

• Improved presentation of pagination when there are a large number of pages.

Changed​

• Improved new YAML editor with syntax highlighting.
• Improved Jobs Filtering presentation.
• Reorganized tabs on the sidebar for better separation between administrative, platform & developer-facing entities.

2024-09-06​

API / Control Plane​

Fixed​

• Validation now correctly handles sandboxes referencing non-existent resource plugins.

Dashboard​

Fixed​

• Renamed column in Analytics referencing "Sandbox ID" to "Routing Key".

2024-08-22​

API / Control Plane​

Fixed​

• Bug fix: race condition on cluster disconnect, potentially leading to a deadlock.

Changed​

• Improvement in the handling of jobs with references to deleted sandboxes.

2024-08-15​

Operator v0.18.0​

Added​

• Jobs now have the capability to automatically inject routing key headers on all outgoing requests. Refer to the documentation for details.
• DevMesh now supports routing of websocket connections correctly to workloads locally and within the cluster.

Changed​

• Routing in Istio mode matches VirtualServices on the .spec.route[].destination.host, which allows preserving of path rewrites and the HTTPRoute conditions under which routing occurs. Previously, VirtualService .spec.host was used for selecting VirtualServices for modification. Refer to the documentation for details.
• Upgraded components to use go1.22

Deprecated​

• In Istio routing mode, the previous host-based selection of VirtualServices is deprecated and requires setting a helm value of istio.enableDeprecatedHostRouting to use.

API / Control Plane​

Changed​

• Usage limits: APIs now enforce constraints based on revised pricing.

Fixed​

• Fixed an issue causing Job and JobRunnerGroup cluster synchronisation to hang until agent restart.
• Minor fixes and improvements.

CLI v0.8.1​

Added​

• Jobs now have the capability to automatically inject routing key headers on all outgoing requests.
• Upgraded components to use go1.22

Dashboard​

Added​

• Billing page now displays information pertinent to revised pricing.

Fixed​

• Fixed filtering of colored logs in logs panels.
• Usage quota banners are shown when jobs usage is nearing limits.
• Minor fixes and improvements.

2024-08-06​

Dashboard​

Fixed​

• Fixed broken ToS link in the sign up flow.

2024-07-30​

API / Control Plane​

Fixed​

• A validation bug in Job names caused active Jobs to become stuck in queued when the name include uppercase characters. Job names may now contain uppercase characters without getting stuck.
• Made the communication between cluster and control plane more robust for Jobs and JobRunnerGroups.
• Various security updates to third party dependencies.

Changed​

• Signadot APIs no longer accepts requests with invalid empty Content-Length headers.

Dashboard​

Added​

• Analytics can now be used to track Jobs.
• Updates to Analytics to allow exporting data as CSV.
• Banner to surface when sandboxes usage is approaching quota for the organization.

Fixed​

• Overview page cards view updates to work better across more zoom levels.

2024-07-10​

Dashboard​

Added​

• Updated Overview page to a new cards layout with other minor design improvements.

2024-07-03​

Dashboard​

Added​

• Analytics: Sandbox updates can now be tracked in addition to creation.

2024-06-27​

API / Control Plane​

Fixed​

• Removed leading hyphens when generating names of Jobs with an unspecified spec.namePrefix.
• Draining of non-operational JobRunnerGroups with queued, canceled Jobs now completes. Previously, these JobRunnerGroups were stuck in a non-operational state.
• A race condition in which a JobRunnerGroup queue could stop running Jobs until agent reconnection. When this condition occurs, we now continue running Jobs.
• A race condition in which applying many JobRunnerGroups for one cluster simultaneously could result in an Internal Server Error. The race has been removed.

Changed​

• Kubernetes namespaces referenced in JobRunnerGroups must now exist when creating the JobRunnerGroup.
• Job submission is now denied with a status code 503 (Unavailable) if both no Pods are available and no previous Jobs were run. This helps prevent creating Jobs for broken JobRunnerGroups.

Dashboard​

Added​

• Ability to delete Job Runner Groups.

Fixed​

• Inconsistencies in UI elements for add / delete.

2024-06-20​

API / Control Plane​

Added​

• Support for running automated tests in Kubernetes using Jobs and Job Runner Groups. See guide for details.
• Support for artifact storage and retrieval from tests.
• Support for stdout and stderr streaming from running tests.

CLI v0.8.0​

Added​

• New sub-commands relating to the following
  • Job Runner Groups
  • Jobs
  • Artifacts
  • Logs

Dashboard​

Added​

• Creating & managing Job Runner Groups
• Managing Jobs, and viewing / downloading logs & artifacts associated with them.

2024-06-12​

Operator v0.17.0​

Added​

• Added support for Job Runner Groups and Jobs.

2024-04-25​

Dashboard​

Added​

• Support for default TTL per cluster for Sandboxes and RouteGroups (docs).

2024-04-16​

API / Control Plane​

Added​

• Support for default TTL per cluster for Sandboxes and RouteGroups (docs).

2024-04-05​

Operator v0.16.1​

Fixed​

• Problem during the computation of workload status in forked workload controller. This fixes issue #50.
• Enforce stricter limits in the names of the forked Argo Rollout objects to avoid the creation of pods with names exceeding 63 characters.

Dashboard​

Added​

• Improved layout of Route Groups and Resources detail pages.

Fixed​

• Issue causing 401 Unauthorized errors in Explore UI.

2024-03-06​

Operator v0.16.0​

Added​

• Local Sandboxes containing local workloads without associated services are now supported.
• The tunnel-proxy has a new RPC called GetHostnames used by signadot local connect to serve more Service types and operate independently of cluster IP networks.

Fixed​

• When running with Istio enabled, the tunnel-proxy service now has better support for TCP over its socks5 server because the appProtocol field in the associated Service is now correctly configured for Istio.
• Sandboxes with many forks were causing many unnecessary reconciles and reconciliation conflicts that could lead to hotlooping. This problem was fixed by adding stable orderings to some custom resource structures.

CLI v0.7.0​

Added​

• RouteGroups now support TTL.
• A new sub-command signadot local proxy is available, allowing one to proxy in-cluster services in a way similar to Kubernetes port-forwarding.
• A new connection type, ControlPlaneProxy for signadot local connect is available, which allows using local without a kubeconfig - intended primarily for onboarding.
• When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, all Kubernetes service names are now available via DNS on the local machine, instead of only clusterIP typed services. Additionally, in the case of StatefulSets with associated headless services, the StatefulSet pod names are available as a subdomain names of the service name pod-0.name.namespace.svc, pod-1.name.namespace.svc etc.
• When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, local workloads with no associated services are now supported.
• There is a new field in the local section of the config file, called virtualIPNet documented here.

Changed​

• signadot local connect --wait now accepts an optional string argument indicating none, connect or sandboxes, defaulting to connect. These arguments cause the command to wait for nothing, outbound connection success, or outbound connection success and sandbox re-connection success respectively. By default, signadot local connect now behaves as signadot local connect --wait connect.
• When connected to an operator version ≥ v0.16.0, traffic routing uses virtual IPs, which is safer and allows use in more contexts.

Deprecated​

• The outbound field of a local connection is only pertinent when connecting to Signadot Operator < v0.16.0.

2024-03-01​

API / Control Plane​

Added​

• Support for RouteGroup Time to Live (TTL).
• Support for a new proxy endpoint allowing proxy connections in the upcoming version of the CLI.

Fixed​

• Fixed Bug when accessing forbidden resources (previously returned unauthorized instead of forbidden).

Chrome Extension v1.1.0​

Fixed​

• Fixed bug causing the extension to occasionally lose state and inject empty routing-key headers.

Dashboard​

Added​

• Support for RouteGroup Time to Live (TTL).

2024-02-15​

API / Control Plane​

Added​

• Support for Role-Based Access Control (RBAC) with an admin and member roles. See docs for reference.

Fixed​

• Fetching resources associated with a disconnected cluster now returns 502 HTTP status code instead of 500.

Dashboard​

Added​

• Support for Role-Based Access Control (RBAC).
  • Inviting users via the "Users" page now allows specifying role as admin or member.
  • The "Users" list allows admin users to change the role of any other users to member.
  • Check docs for reference.

2024-02-08​

Dashboard​

Fixed​

Resolved bug that prevented users from accessing kubectl configuration for playground clusters.

2024-02-01​

Dashboard​

Changed​

Minimum viewport width supported is now 800px instead of 1024px.

Fixed​

Resolved bug that was allowing users to self-delete from the Dashboard.

Security​

Critical upgrades to dependencies.

CLI v0.6.1​

Added​

Shortname aliases for sandbox (sb), routegroup (rg), cluster (cl), and resourceplugins (rp)

Fixed​

While connected using signadot local connect, the CLI now will not add entries to /etc/hosts which contain an IP address outside of the ranges configured to route to the cluster. Instead, it will log a warning.

2024-01-24​

API / Control Plane​

Fixed​

• Resolved issue that caused new users to be unable to register using email / password based authentication.
• Resolved issue that caused an HTTP 500 error when new users attempt to login when "Auto-Provision users" setting in SSO is disabled. This now returns an HTTP 403 instead.
• Resolved issue where preview URLs in an invalid format would return an empty response. They now return HTTP 400.

2024-01-18​

API / Control Plane​

Fixed​

• Fixed bug where listing resources associated with a sandbox when it is being deleted returned 500.

Dashboard​

Added​

• New Logs UI panel in the Sandbox Details page.
• Added support for SSO in the Enterprise Plan.

Operator v0.15.0​

Added​

• New Routes API gRPC & REST service for workload routing rules intended for supporting message queues in sandboxes, and custom routing use-cases. Available at https://github.com/signadot/routesapi, with associated documentation and supporting examples.
• The routeserver component now publishes metrics in Prometheus format.

Changed​

• DevMesh sidecars use the new Routes API, offering a significant speedup in in-cluster routing propagation.
• DevMesh annotation (sidecar.signadot.com/inject) has changed:
  • The value http and grpc now behave the same as true and inject the envoy-based sidecar introduced in v0.14.
  • "false" (as a yaml string) will disable injection.
  • Parse errors of annotation values now also default to the above sidecar, logging an error.
• Local connect improvements
  • Improved the method used to find the cluster IP network range in the Kubernetes cluster used to set up local networking. If it fails it will fall back to estimation as done previously.
  • The tunnel-api no longer returns DNS entries to the CLI that are outside the specified CIDR range. As a result, /etc/hosts managed in the CLI will omit entries outside the range.

Deprecated​

• The environment variable $SIGNADOT_SANDBOX_ID in scripts in Resource Plugin steps is now deprecated, and the newly added $SIGNADOT_SANDBOX_ROUTING_KEY should be used in its place.

Removed​

• Images (execpod-sidecar) and CustomResourceDefinitions (signadotresources and signadotresourceplugins) which were associated with V1 Resources have been removed. These have been superseded by V2 ResourcePlugins.

Fixed​

• Fixed bug in DevMesh routing mode where workloads in sandboxes with no associated services were marked not ready when forked.
• Fixed bug causing traffic to be dropped temporarily when workstations running local sandboxes reconnect due to stale DNS entries.
• Fixed bug that caused forked and local workloads to flap between not-ready and ready during updates.

2024-01-10​

API / Control Plane​

Removed​

• Legacy (v1) resource plugin support. This has been superseded by the v2 Resource Plugins API.

Dashboard​

Fixed​

• Error handling in the case of 404 errors.
• Incomplete fetching of information when deep-linking to view a particular cluster's information.
• Issue where some links appear without styling.

Removed​

• Ability to view Legacy (v1) Resource Plugins has been removed.

2023-12-20​

• API: Fixed issue with updates to sandboxes reporting ready incorrectly before the update is reflected in the cluster.
• API: Hidden field spec.LocalMachineID is no longer returned as part of the Sandbox Specification.
• Previews: Connection pooling is now turned off for Preview URL requests to prevent unnecessary caching of in-cluster endpoint addresses.

2023-11-30​

• Operator:
  • Metrics
    • Breaking change: the metrics endpoints & names have changed in v0.14.1. Refer to monitoring docs for details.
    • Added new metrics that track individual entities (sandboxes, routegroups, resources), as well as component specific metrics. Refer to docs for details.
  • Routing / DevMesh
    • Fixed low timeouts on HTTP and gRPC connections proxied via the DevMesh sidecar.
    • Proxying of HTTP1.0 connections is now supported.
  • Routing / Istio
    • Fixed routing between local workloads and forked workloads in Istio mode. Note that this in turn disables the audit logging sidecar, thereby allowing the istio-sidecar to come up on the tunnel-proxy.
  • Local
    • Fixed bug that caused signadot local connections to not self-heal in certain cases when the connection is interrupted.
  • Misc
    • Improved naming of workloads created by sandboxes to accommodate more information about the baseline workload. Previously, both sandboxID and sandboxName were included in the workload name, of which sandboxID has been dropped in v0.14.1.
    • General improvements, and updates to Kubernetes dependencies (controller-runtime).
• API:
  • Sandbox Updates: forks & local workloads can now be added / removed as part of sandbox updates with operator v0.14+
  • signadot/community#40: Support for hybrid sandboxes: You can now create sandboxes that have both forks and locals alongside each other with operator v0.14+.
• CLI:
  • CLI v0.6.0 is now available.
  • In combination with v0.14.1 for the operator, sandboxes with local workloads now have machine affinity. When signadot local connect is run, any sandboxes that were previously associated with a machine and not deleted will re-associate with the machine. Refer to local workloads documentation for details.
  • --clean-local-sandboxes flag added to signadot local disconnect to delete the locally associated sandboxes during disconnect.
• Other:
  • Chrome Extension for Signadot to set routing headers for Sandboxes and RouteGroups is now in beta.

2023-11-15​

• Integrations: Fixed bug where sandbox update fails validation but updates Pull Request commit status.
• CLI: v0.5.4 is now available:
  • Fix to update /etc/hosts correctly when signadot local is running in docker.

2023-11-06​

• Web: Sandbox Details page is now updated with improved information architecture.
• Web: Sandbox Details > Explore has been introduced for exploratory testing of HTTP APIs.

2023-11-02​

• API: Multiple ports can now be mapped for local workloads with Operator v0.14+.
• Control Plane: Robustness improvements to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.

2023-10-26​

• Integrations: GitHub Pull Request Integration now adds a status check to the Pull Request with information about the sandbox.
• Control Plane: Robustness improvements & bug fixes to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.

2023-10-12​

• Operator: New routing implementation addresses signadot/community#26.
  • Sandbox routing now supports pods serving on multiple ports.
  • Sandbox routing makes use of Kubernetes Services for routing and removes dependency on pod's ContainerPort specification.
    • Every sandboxed workload will now create Kubernetes Services that are counterparts of each baseline service and use them for routing.
  • Istio specific improvements:
    • Status reporting of VirtualServices being patched and partially managed by Signadot.
    • Error reporting if spec.gateways is specified in a VirtualService without a mesh entry. See docs for more details.
    • Various error reporting and debuggability improvements.
  • DevMesh (previously Signadot Sidecar Routing) specific improvements:
    • Updated sidecar webhook to avoid system namespaces (kube-system, kube-node-lease) to prevent warnings in GKE.
    • Reporting of an error if DevMesh routing is enabled but the baseline workload does not have the DevMesh sidecar injected.
  • Workload Management:
    • Sandbox deletions are faster because deletions of dependent resources are now performed in the background.
  • See architecture documentation for details on new Custom Resources and Controllers.
• API: Improved validation when specifying Preview Endpoint targets.
• UI: Logs Viewer now allows choosing which container to get logs from.
• UI: Fix for list of Preview Endpoint targets showing too many entries at once when creating / editing a RouteGroup.
• CLI: v0.5.3 is now available:
  • Fixed issue in signadot local connect that caused it to fail when using Azure AD legacy authentication in kubeconfig.

2023-09-27​

• API: Improved validation for custom patch in Sandbox fork customizations.
• UI: Fixed bugs causing page crashes in the case of API errors.
• CLI v0.5.2 is now available:
  • Fixed signadot/community#33: fixed display of sandbox TTL when updatedAt is used.

2023-09-16​

• UI: Dashboard redesign with several improvements to presentation and navigation.
• API: Fixed bug where specifying an empty value for a fork environment variable returned an unexpected validation error.

2023-09-08​

• Operator: New implementation for Signadot Sidecar based on Envoy is now available. You can opt into this now if you use sidecar.signadot.com/inject: "true" in baseline manifests. This will be the default in v0.14+. If you are using Signadot Sidecar for routing, take a look at the Upgrade Considerations note below.
• Operator: Fixed bug in Resource Controller that caused a resource to be marked as failed despite succeeding when pulling images took too long.
• Operator: Fixed issue with iptables dependency that caused Tunnel Proxy to not initialize correctly. This bug affected running local workloads as part of sandboxes when deployed on recent Kubernetes Node OS versions.

2023-08-24​

• CLI v0.5.1 released, adding support for --wait and --wait-timeout to signadot local connect.
• Sandbox apply operations with no change in spec (update scenario) are deemed no-op and are not processed.
• Sandboxes now support new TTL with respect to updatedAt.
• UI: Displays spec for Sandboxes, Resource Plugins and RouteGroups on the respective detail pages.

2023-08-02​

• Operator v0.13.2
  • Upgrades build toolchain to use go 1.20.
  • Improvements to helm templating for compatibility with versions of Helm before v3.10.
• Playground clusters now support Sandboxes with local workloads.
• UI: Minor presentation improvements.

2023-07-19​

• CLI v0.5.0 is now available, with support for local workloads in sandboxes (beta).
• Operator
  • Local workloads: fix for slow closing of SSH-based inbound tunnels during graceful teardown.
  • Local workloads: fix for tunnel connection state not being preserved between compatible sandbox spec updates.
  • Local workloads: fixed bug in gRPC route-to-local when using Istio.
• UI: Local workload in sandbox details UI now shows the connected username@hostname.

2023-07-13​

• Operator adds beta support for running sandboxed workloads locally on developer workstations.
  • Running local workloads in a sandbox requires CLI v0.5.0+ and supports MacOS & Linux.
  • New ExternalWorkload CRD and controller to enable core functionality.
  • Added tunnel-api, tunnel-proxy and auditor components (helm chart) to handle communication between workstations and the cluster.
• UI: Improved grouping and aesthetic elements of sandbox details page for improved usability
• UI: Fixed bug in status reporting for clusters where they would show an error state before any connection.

2023-06-21​

• Fixed RouteGroup Sandbox matching for Sandboxes using PR Integration. These sandboxes were previously not matched by RouteGroups.
• General improvements and bug fixes.

2023-05-26​

• The UI now supports creating & updating sandboxes using a YAML specification
• Improvements to onboarding flow using playground "Kubernetes clusters"
• Security updates & bug fixes

2023-04-19​

• Support for provisioning a "playground" Kubernetes cluster on-demand for new users via the Dashboard.
  • The playground cluster will contain the Signadot Operator pre-installed.
  • The playgrund cluster will also contain a demo application http://github.com/signadot/hotrod.
  • Read-only kubectl access is also provided to this cluster via the UI.

2023-04-05​

• UI: Fixed bug where deprovision logs associated with a resource plugin were shown incorrectly.
• UI: Improvements to presentation of details associated with resource plugins.

2023-03-30​

• New Resource Plugin framework is now available for creating and managing stateful resources with Sandboxes.
  • CLI has been updated to v0.4.0 and now supports resourceplugin subcommand.
  • Dashboard UI support for new resource plugins, resources and displaying logs associated with them.
  • Resource Plugins API is now available.
  • Resource Plugin Examples and Documentation

2023-03-22​

• Operator-level support for a new resource management framework has been added. This framework will make it easier to write, deploy and manage resources in sandboxes.

2023-02-03​

• GitHub Pull Request Integration is now Generally Available.
• Dashboard changes to auto-suggest targets in a Route Group.

2023-01-25​

• RouteGroups which match a given Sandbox are now visible on the UI under the Sandbox Details page.
• Removal: old cluster agents at version Signadot Operator v0.7.0 and lower will no longer be able to connect.
• General improvements and bug fixes.

2023-01-18​

• Improved sandbox deletion cluster synchronisation performance.
• Periodic cluster synchronisation of Sandboxes now respects force deletion.
• General improvements and bug fixes.

2023-01-10​

• Fixed regression in routing behavior introduced by using multi-value headers in baggage and tracestate when setting context on preview requests.

2023-01-04​

• Fixed bug with status reporting for Route Groups when one or more sandboxes are not found.
• Fixed bug in enforcement of lower-case names for Route Groups in the API.
• Fixed bug in inference of containerPort on fork when not specified on baseline workload.
• Fixed a bug in enforcement of fork conflicts in routing contexts upon creation of a Route Group.

2022-12-23​

• Route Groups are now generally available via the API and UI
• CLI v0.3.7 is now available with support for Route Groups

2022-12-07​

• The operator now supports a new CRD of kind SignadotRouteGroup, used for routing requests through a set of sandboxes.
• The operator has addressed the security issue USN-5710-1.

2022-11-17​

• Sandbox tags have been renamed to labels and made mutable.
• Fixed bug with additional preview endpoints on the Dashboard.
• General improvements and bug fixes.

2022-11-09​

• Sandboxes now support the downward api.
• General improvements and bug fixes.

2022-11-02​

• Self-service upgrades to the team tier are supported via the Dashboard.
• Sandbox TTL if set is visible on the Dashboard.
• General improvements & bug fixes in the operator.

2022-10-19​

• Fixed misleading error message when creating a sandbox on a cluster before it is connected successfully.
• Resource Plugin for Amazon S3 is now available.

2022-10-11​

• Fixed bug causing changes to preserved labels to not be propagated until a sandbox is updated.
• Fixed bug in the dashboard that caused a 4xx error in analytics pages in some cases.
• General improvements.

2022-10-03​

• Sandboxes now support TTL. You can now set a deadline (ttl duration) on a sandbox for it to be automatically cleaned up after the specified duration elapses.
• Various bug fixes and improvements.

2022-09-15​

• Updates to forks and endpoints in sandboxes are now supported when this version of the operator or higher is installed.
• CLI default timeout for waiting for readiness changed from 5 minutes to 3 minutes.
• General improvements.

2022-08-08​

• API server now correctly lists host endpoints associated with a sandbox.
• Dashboard analytics page no longer shows an error in case no clusters are connected.
• General improvements.

2022-07-25​

• API server now refers to the routeType of a sandbox static endpoint as "host" instead of "static".
• API server now enforces HTTP rate limiting when communicating with a cluster's Kubernetes API.

2022-07-19​

• A new API version (/api/v2) is now available, and new SDK versions will soon be released that use the new V2 API. Old code that uses the V1 API (/api/v1) will continue to work, but some code changes may be required when upgrading to build against the latest SDK versions.
• Fixed a bug where the operator might make unnecessary cosmetic changes (e.g. "20ms" -> "0.02s") in Istio VirtualService routes that it didn't add.

2022-07-11​

• Analytics is now available for sandbox creation events via the Signadot Dashboard.

2022-06-22​

• Fixed bug with the handling of X-Forwarded-Host header when passed to Sandbox URLs. This header if set is now passed through correctly to the workload.
• Fixed bug causing incorrect last updated time for sandboxes on the Dashboard.

2022-06-14​

• Creating Sandboxes is no longer supported via the UI. Please use the CLI or SDKs moving forward.
• Fixed an issue with istio header routing to support partial matches on the baggage header value.
• Improvements to Dashboard UI for configuring and setting up CLI.

2022-06-06​

• Resource provision/deprovision status is now shown in the Dashboard UI.
• Resource plugins now support Image Spec Version 1.0.
• Fixed bug in Operator that caused sandbox creation to fail when duplicate ContainerPorts are specified in the baseline deployment.

2022-06-01​

• Fixed bug where malformed image replacement rules caused a crash in the operator.

2022-05-31​

• Fixed an operator bug that could result in stale sandbox status information.
• API and UI now support force-delete of sandboxes.
• Various UI improvements related to Resources and Resource Plugins.

2022-05-16​

• Fixed CRD validation error when using Signadot Resources on a Kubernetes v1.19 or older cluster.

2022-05-04​

• Signadot Operator's controller-manager component now defaults to 512M of memory as opposed to 128M before.

• Signadot Operator now allows customising memory and cpu resources via helm values.yaml, for example:

  operator:
    cpu: 100m
    memory: 512Mi
  

• General improvements and bug fixes.

2022-04-26​

• Fix a crash in the UI which could occur while viewing Resource Details.
• Signadot Operator now ignores image replacements on baseline deployments with a malformed container image specification

2022-04-25​

• Forks can now have dynamic environment variables that resolve to a reference to a different fork within the same sandbox.
• Signadot Operator now allows overriding all images using helm value parameters.

2022-04-12​

• Sandboxes can now have associated Resources like databases whose lifecycles are tied to the Sandbox. Resources are provisioned and deprovisioned by Resource Plugins, which run inside the same cluster as the Sandbox.
• Signadot Operator can now be granted permissions to specific namespaces instead of cluster-wide.

2022-04-05​

• Email / Password based authentication is now supported.
• Inviting a new member to your organization now notifies them via email.

Bug Fixes:

• Fixes to Dashboard UI.
• Fixed Sandbox URLs not supporting the HTTP PATCH method.

2022-03-28​

• New "Authorized Domains" feature added that allows specific domains to be set up to automatically create users for people who log in with an email address that uses one of those chosen domains. This is a convenience feature for organizations with many users, so they do not have to manually create invitations for every person.

2022-03-21​

• Users can now authenticate using Google Sign In.
• New user management capabilities, including invites.
• Operator supports mode without mutating webhook.
• Cluster Status now shows unhealthy for clusters awaiting their first connection.

2022-02-23​

The major change in this release is that the "Workspace" concept has been renamed to "Sandbox" to better convey what it represents.

As part of the rename, we have introduced a new Helm chart (signadot/operator) and new container image repositories. The old Helm chart (signadot/workspaces) is still available, but is deprecated. Please see the Action Required note below if you need to migrate a cluster that was already running the old chart.

Note that the new Helm chart does not include the signadot Namespace object, so you will need to create the signadot namespace before installing the chart.

# Save the cluster-agent Secret.
kubectl -n signadot get secret cluster-agent -o yaml > /tmp/cluster-agent.yaml

# Remove the old chart.
helm uninstall signadot-workspaces

# Wait for the old 'signadot' namespace to finish finalizing.
# Let this run until you see the message: namespaces "signadot" not found
while kubectl get ns signadot; do sleep 5; done

# Create the 'signadot' namespace again.
kubectl create ns signadot

# Repopulate the cluster-agent Secret.
kubectl -n signadot create -f /tmp/cluster-agent.yaml
rm /tmp/cluster-agent.yaml

# Install the new chart (note the different chart name).
helm repo update
helm install signadot-operator signadot/operator

2022-02-14​

• Dashboard: new overview page provides high level usage and statistics.
• API/Operator: added support for forking Argo Rollouts into Signadot Workspaces.
• Minor bug fixes and general improvements.

2022-02-07​

• Dashboard: Support for creating workspaces with deployments from multiple namespaces.
• Minor bug fixes and general improvements

2022-01-31​

• Minor bug fixes and general improvements

2022-01-18​

• Dashboard: You can now see if a Cluster is connected and the Signadot components are running.
• Minor bug fixes and general improvements

2022-01-10​

• Minor bug fixes and general improvements

2021-12-27​

Major Updates​

• Operator: All operator components will be deployed into a single signadot namespace moving forward and the old signadot-operator namespace will be removed automatically. No additional action is required during an upgrade.

Bug Fixes​

• API: Fixed a spurious warning related to preview endpoints even when specified correctly.

2021-12-13​

Major Updates​

• API: Added a new {workspaceID}/ready subresource that can be polled to wait for a workspace to become ready.

Minor Updates​

• API: Preview endpoints are returned as part of each Workspace result.

Bug Fixes​

• Dashboard: Fixed various UI bugs.

2021-12-06​

Major Updates​

• Dashboard: Preview URLs are now generated for the baseline deployments shown on the UI so you can compare the forked Deployment's behavior to it.
• Dashboard: Deployment details now shows additional tab for Pods that can be used to debug unhealthy workspaces.

Minor Updates​

• API: Custom preview endpoints can now have arbitrary top-level domain and point to ingress gateways and external endpoints, instead of being limited to internal Kubernetes services.
• API: Workspaces are no longer created for API calls corresponding to GitHub Pull Requests that have already been closed.
• Dashboard: Added examples for interacting with Workspaces via their preview endpoints.

Bug Fixes​

• Dashboard: Fixed crash when accessing workspace details for certain older workspaces with no name set.
• API: Improved error codes and messages returned by workspace APIs.

2021-11-22​

Minor Updates​

• Operator: Updated RBAC to add permission to read / write Kubernetes events for error reporting.
• Dashboard: Workspace details page will report health of forked deployments.

Bug Fixes​

• Dashboard: Fixed an issue where custom environment variables disappear from the UI.
• Dashboard: Fixed crash when visiting a deep link to the deployment details page.

2021-11-15​

Major Updates​

• Operator: Workspace readiness is now reported by the operator via the SignadotWorkspace object.

Minor Updates​

• Dashboard: Each forked deployment will now report readiness status on the UI.
• Dashboard: You will now get notified on the Clusters tab when there is a new operator version available.
• Previews: Improved error messages when preview endpoint is configured incorrectly.

Bug Fixes​

• Operator: Fixed bug causing gRPC connection leaks in the sidecar proxy.

2021-11-08​

Major Updates​

• Operator: Operator supports setting custom annotations on all components via helm values.

Minor Updates​

• Dashboard: Improved new user UX around connecting clusters and creating the first workspace.
• Operator: Operator will gracefully reconnect when connection fails rather than crashing the agent pod.

Bug Fixes​

• API: Fixed bug where preview URLs associated with old workspaces were returned as null from the API.
• Dashboard: Fixed bug where the name and tag of the custom image associated with a workspace created by a pull request was hidden.

2021-11-01​

Major Updates​

• API: defaultService and defaultServicePort fields are now deprecated in the Create a new workspace and Create or Update workspace from Pull Request APIs and are superseded by endpoints.
• Dashboard: New and simplified UI for creating workspaces on-demand.
• Dashboard: UI to inspect and filter logs for forked deployments.

Minor Updates​

• Operator: RBAC permission for getting namespaces in connected clusters

Bug Fixes​

• Dashboard: Fixed crash in the environment variable editor

2021-10-21​

Major Updates​

• Dashboard: New UI for modifying environment variables associated with any forked deployment at runtime.

Minor Updates​

• Dashboard: Performance and minor UX improvements.

Bug Fixes​

• API: Create or Update workspace from Pull Request API now returns a warning if an invalid pull request number is specified.

2021-10-14​

Major Updates​

• Dashboard: You can now see all forked deployments and images associated with them under workspace details.

Minor Updates​

• Dashboard: Improvements to Workspace Details and Create Workspace.

Bug Fixes​

• Operator: Fixed noisy logs.

2021-10-08​

Bug Fixes​

• Operator: Fix Workspace creation error when one or more Kubernetes Services has an empty selector.

2021-10-07​

Major Updates​

• Dashboard: You can now delete cluster entries that are no longer needed. This will also remove workspace entries tied to those clusters.

Minor Updates​

• Operator: The workspace copy of a Deployment will now always have only 1 replica.
• Operator: The outgoing connection to the tunnel server is now made on the standard HTTPS port (443).

2021-09-30​

kubectl delete crd signadotworkspaces.signadot.com

kubectl -n signadot-operator delete pods --all --wait=false

Major Updates​

• Operator: The SignadotWorkspace CRD is now a cluster-wide resource instead of being scoped to each namespace.
• Operator: Workspace changes made through the API or Dashboard will now be re-synchronized into clusters periodically, allowing cluster state to self-heal after temporary synchronization errors.
• Operator: Kubernetes resources like Services, Deployments, and Pods that the operator creates now have more descriptive object names.
• Dashboard: The status of each Workspace is now shown in the table view, and any synchronization errors are shown on each Workspace's details page.
• Dashboard: Table views for Workspaces, Clusters, and API Keys are now paginated and searchable.
• Dashboard: You can now specify labels to copy from the baseline version of a Pod to the new Pod created for a workspace. This is in the global Settings page and applies to all workspaces in all clusters.

Minor Updates​

• Dashboard: The full value of an API key or Cluster Token is now only shown at creation time. If you don't have the value of an old token saved, you can delete it and create a new one.
• Operator: You can now specify additional labels to be added to all the Signadot Operator components when installing the Helm chart. These labels will not apply to the copies created from baseline services.
• API: Published "Create a new workspace" API for creating workspaces outside a PR workflow

Bug Fixes​

• Previews to gRPC services now work with more gRPC clients thanks to ALPN support.

2021-09-10​

Major Updates​

• You can now use workspace preview URLs with services in Kubernetes that are serving HTTPS & gRPC traffic

2021-09-03​

Major Updates​

• You can now preview Kubernetes manifest changes as well as code changes.
• You can now connect multiple Kubernetes clusters to one Signadot account.

Minor Updates​

• Signadot now posts commit statuses on PRs to expose the workspace dashboard and preview URLs, instead of relying on your own CI automation to do it.

Bug Fixes​

• API: Fixed error when creating a workspace for a PR when there is already a workspace for another PR in the same repo.
• Operator: Fix SchemaError ("array should have exactly one sub-item") when running on Kubernetes versions older than v1.18.

2021-08-25​

Bug Fixes​

• Preview URLs: Fixed HTTP 405 error when using HTTP methods other than GET.
• API: Fixed error when using different capitalization for GitHub org names, which should be case-insensitive.
• Operator: Report an error in SignadotWorkspace status if a container image replacement was specified, but the intended image was not found in any baseline services.
• Agent: Attempt to improve stability of tunnel connection and add logging for further debugging.

2021-08-20​

Major Updates​

• Support for including Kubernetes manifest changes in workspaces created through the CI workflow.

Minor Updates​

• Use a custom header (signadot-api-key) for Signadot API Key authentication to avoid overlapping with headers used by the service being proxied through a preview URL.
• Set the de facto standard X-Forwarded-Host and X-Forwarded-Proto headers on requests coming through a preview URL so the underlying service can discover its own preview URL for use in third-party callbacks.

Bug Fixes​

• Fix duplicate port name error when the baseline Deployment's Pod template has multiple container ports with the same name.

2021-08-10​

Major Updates​

• Support previewing Kubernetes manifest changes (e.g. Deployment spec) from a PR branch, alone or alongside code changes.
• Support setting ephemeral environment variable overrides (without touching Kubernetes manifests) from the workspace dashboard UI.
• Create a workspace by hand through the web UI instead of only through a CI pipeline.

Bug Fixes​

• The Signadot GitHub App can now be installed on a personal (non-org) account.
• The in-cluster Signadot Agent now uses keep-alive pings to prevent the tunnel connection from getting killed.

2021-07-22​

Major Updates​

• Support Signadot API key auth for preview links in addition to GitHub OAuth sign-in, making it easier to access preview links programmatically or from the command line.
• Signadot Operator no longer depends on cert-manager as a prerequisite.

2021-07-13​

Major Updates​

• First Signadot release with support for Workspaces.