2025-04-25
Dashboard
Fixed
- Fixed a bug in the UI-based sandbox spec editor that caused certain mutations to be denied incorrectly.
2025-04-23
API / Control Plane
Fixed
- Fixed a bug where multiple error responses were sent in certain 4xx failure cases.
- Improved cluster connection reliability under load through control plane enhancements.
Changed
- The control plane now limits agents (part of the operator) to a maximum of 3 parallel connections per cluster to prevent abuse. This change is not generally user-facing but may affect setups with improperly configured agents.
2025-04-17
Dashboard
Added
- Enhanced filtering capabilities and improved search across all pages.
- Improved visual styles across all pages for consistency.
Fixed
- Resolved redirect issues with certain links that were causing loss of navigation history.
2025-04-08
API / Control Plane
Added
- Support for externally sourced Smart Tests that can be stored in source control.
- Support for querying executions using
runID
, test name, and source. - Support for distinguishing between published & unpublished executions.
Changed
- When executing Smart Tests on sandboxes, one reference sandbox is shared by all test executions in the same run (with the same runID). Previously one was created for each test execution.
CLI v0.9.0
Added
- Added support for source control configuration to store, manage and run Smart Tests.
- Added
signadot smart-test
sub-command and it's corresponding aliasst
. - Added
signadot smart-test execution
sub-command for managing smart-test executions.
Dashboard
Added
- Enhanced UI with redesigned theme for improved readability and visual consistency.
- Introduced new Executions view with filtering capabilities for managing executions of hosted and externally sourced Smart Tests.
- Improved Smart Test reporting interface within Sandbox details.
Fixed
- Resolved layout and presentation inconsistencies across Sandboxes, Jobs, and Smart Tests pages.
2025-03-20
Dashboard
Fixed
- Auth: Fixed an issue where new users encountered an error instead of the email verification page during signup.
2025-03-14
API / Control Plane
Changed
- Creation and modification of Job Runner Groups can now performed only by the admin role. See spec for details.
Fixed
- Fixed issue that caused some smart test diffs to be classified incorrectly as medium / high relevance.
- Fixed rare issue that caused deadlocks in the control plane during cluster connects/disconnects.
2025-03-07
Dashboard
Added
- Improved new user onboarding with a new "Getting Started" section on the Overview page.
Fixed
- Auth: Fixed email verification flow during user creation to remove the need for a user to login again after verifying their email.
- Auth: Fixed confusing error message when a user with an existing account attempts to sign up.
- Fixed bug that caused Sandboxes list page to crash when there were test failures.
Security
- Updates to dependencies & general improvements.
2025-03-04
Operator v0.19.3
Added
- Replica Scaling: Allowed running controller-manager with more than one replica - this is expected to help the DevMesh sidecar injection be highly available.
- Resource Customization: Allowed parameterization of injected container resources, including init containers and sidecars.
Security
- Container Permissions: Reduced the scope of permissions of routing init containers.
- Base Image Update: Switched operator base images to Alpine for improved security and efficiency.
- Dependency Upgrades to address various CVEs and general security improvements.
2025-02-27
Dashboard
Added
- Smart Tests status is now displayed on the Sandboxes page for improved visibility.
Fixed
- Resolved an issue preventing GitHub-authenticated users from inviting others.
- Improved table layout and visual consistency for Sandboxes, RouteGroups, and Clusters.
2025-02-20
API / Control Plane
Fixed
- More Reliable Notification Production - Fixed bugs in the notification system to ensure GitHub notifications are delivered more reliably.
- Fixed bugs causing missing sandbox status information on jobs and test executions during sandbox list.
- Security Fixes and Dependency Upgrades.
Removed
- Sandbox updates no longer count towards monthly quota (as reflected in pricing).
Dashboard
Added
- Improved UI for organization creation flow.
Fixed
- Fix Icon Alignment/Size - Corrected inconsistencies in UI icons related to Test / Job runs.
- Fix Web Vulnerabilities - Addressed security issues affecting the web platform
2025-02-12
CLI v0.8.2
Added
- Added flag
--wait
tosignadot job
sub-command. - Passing
-o yaml
or-o json
tosignadot sandbox get
orsignadot sandbox list
now shows summary information about any associated Tests or Jobs. See the Sandbox Status docs for details.
Fixed
- Fixed case where using Signadot CLI with CloudFlare WARP caused local connection to stop working.
- Added health checks to improve self-healing when there are disruptions to the local workstation tunnel.
- Applied security fix for CVE-2024-45337.
2025-02-05
API / Control Plane
Added
- Support for displaying Sandbox status in GitHub PRs using the Signadot GitHub application.
Fixed
- Improve enforcement of tunnel server request deadlines.
2025-02-04
Dashboard
Added
- New UI to edit and update workloads (images, environment variables) under Sandbox details.
Fixed
- Fixed signadot/community#54: environment variables couldn’t be updated using the UI when secrets were used.
2025-01-31
API / Control Plane
Added
- Support for running checks as part of Smart Tests. See checks for details.
- Extended sandbox status under the sandbox-list and sandbox-get API endpoints to include jobs and test execution summaries.
- Added
DisableSandboxTrafficManager
field to sandbox spec.
Fixed
- Fixed ambiguous relation between Jobs and Routing Keys.
Dashboard
Added
- Added UI support for presenting results of checks as part of Smart Tests.
- Revamped and improved presentation of the Smart Test results page.
2025-01-20
Operator v0.19.2
Added
- Resource limits and requests for operator components are now included and configured via helm values.yaml.
- Support for iptables-nft in the operator. This can be turned on via the helm flag
routing.iptablesMode
.
Changed
traceparent
is now correctly injected alongsidetracestate
when using automatic routing key injection for jobs.agent
now uses recreate deployment strategy by default to reduce the chances of races during operator upgrades / downgrades.
Fixed
- A memory leak was identified and resolved in the sandbox-traffic-manager component.
- HTTP CONNECT is correctly passed through sandbox-traffic-manager when using traffic capture under Smart Tests.
- The job-executor-proxy component used when running Smart Tests now correctly excludes localhost traffic.
- Setting
AllowedNamespaces
in helm now correctly configures scoped RBAC permissions. - Upgraded Envoy in tunnel-proxy-auditor component to v1.32 to fix support for HTTP CONNECT traffic.
2025-01-09
API / Control Plane
Fixed
- Added protection against rapidly re-connecting agents, which could cause a resource leak.
- Mitigated a race between API deletion of resources and cluster sync which could leave orphaned in-cluster custom resources.
2024-12-20
API / Control Plane
Fixed
- Resolved issue in SmartTests execution controller to correctly handle deleted sandboxes.
- Ensured the injection of the
traceparent
header alongsidetracestate
when using the hosted Preview URLs and Sandbox Details > Explore UI in accordance with the TraceContext specification.
2024-12-19
Chrome Extension v1.2.0
Added
- Support for custom routing headers: See custom headers for more information.
- Visual enhancements:
- Added an indicator to show when the extension is active.
- Introduced a details panel to display information about injected headers.
Fixed
- Resolved an issue that occasionally prompted users to log in even after a successful login.
- Fixed flickering issues that occurred when opening the extension.
Dashboard
Fixed
- RouteGroups list view now shows the cluster in which each RouteGroup exists.
- Fixed bug that broke syntax highlighting in the SmartTest Editor.
- Improved behavior of the "unsaved test" indicator in the SmartTest Editor.
2024-12-12
API / Control Plane
Fixed
- Improved behavior related to
.values.allowedNamespaces
that can be set during installation.- Improved validation of entities against the list of namespaces.
- Improved Kubernetes API calls to honor the above setting.
Dashboard
Added
- Added support for editing Job Runner Group specifications.
Fixed
- Search & filter now correctly reset pagination.
- Fixed cluster configuration section under clusters to correctly show headers that will be used for routing.
- General improvements and bug fixes.
Changed
- Improved the UX to edit the sandbox specification by allowing edits in-place.
2024-12-03
Operator v0.19.1
-
Operator v0.19.1 default installation contains a memory leak in the new
sandbox-traffic-manager
component which can cause issues for long running sandboxes which contain forks. Additionally,sandbox-traffic-manger
does not support HTTP CONNECT. To avoid these problems, we recommend installing with helm valuessandboxTrafficManager:
enabled: falseThese issues will be fixed in an upcoming release.
-
Check the "Removed" section for details. If you are using non-standard headers for routing aside from
baggage
ortracestate
for routing, you may need to add them as custom headers when you upgrade.
Removed
- The operator no longer routes using the following HTTP/gRPC headers by default:
- uberctx-sd-routing-key
- uberctx-sd-sandbox
- ot-baggage-sd-routing-key
- ot-baggage-sd-sandbox
If you are making use of these, please use the new custom headers settings
described below. If you are using the standard OpenTelemetry
baggage
ortracestate
headers, no action is necessary.
Added
- Support for the Linkerd service mesh, install with helm
value
linkerd.enabled = true
. - Support for custom routing headers. See custom headers for details.
- We have added support for eliding specific headers from traffic captured when
running Smart Tests, install with helm values
trafficCapture.requestHeadersElide
andtrafficCapture.responseHeadersElide
.
Fixed
- Fixed the handling of X-Forwarded headers in the devmesh sidecar and the
sandbox traffic manager.
- X-Forwarded-For now appends client IP address at each hop of a series of proxies.
- X-Forwarded-Host is set when absent or pass-through when present.
- X-Forwarded-Proto is set when absent or pass-through when present.
- Various behavior and error messages have been fixed when running under restricted namespaces (using the
allowedNamespaces
helm value). - JobRunnerGroup controller now preserves user-provided
imagePullSecrets
for images in JobRunnerGroup pods.
Changed
- Resolved an issue with the
sandboxTrafficManager.enabled
helm value, which previously required the string values "true" or "false" instead of boolean values. - It is now possible to use the sandbox traffic manager component for sandbox
forks while independently controlling traffic capture for specific scenarios
like Smart Tests using the
trafficCapture.enabled
helm parameter. - When running with restricted namespaces,
signadot
namespace is now always included by default.
API / Control Plane
Fixed
- Synchronizing a draining JobRunnerGroup to a cluster now checks if the cluster's JobRunnerGroup exists and is up to date during draining.
- When a cluster is deleted, any Smart Test triggers associated with it are also deleted.
2024-11-15
API / Control Plane
Added
- signadot/community#58: Support for running Smart Tests. See guide for details.
Dashboard
Added
- Creating & managing Smart Tests.
- Integration of Smart Tests with Sandboxes: Smart Tests executed for a specific Sandbox are now displayed on the Sandbox details page.
2024-11-06
Dashboard
Fixed
- UI now allows creating Route Groups containing more than one match criterion using the same label key.
2024-10-30
Operator v0.19.0
Operator v0.19.0 default installation contains a memory leak in the new
sandbox-traffic-manager
component which can cause issues for long running
sandboxes which contain forks. Additionally, sandbox-traffic-manger
does not
support HTTP CONNECT. To avoid these problems, we recommend upgrading to v0.19.1 and
installing with helm values
sandboxTrafficManager:
enabled: false
These problems will be fixed by default in an upcoming release.
Added
- Sandbox Traffic Manager component that enables traffic recording for API SmartDiff tests.
- Job Executor adds support for test traffic recording for API SmartDiff tests.
Fixed
- Fixed bug that could cause Route Server clients (such as the DevMesh sidecar) to freeze as a result of a deadlock when handling connection errors.
- Upgraded components to use go1.23.
Changed
- DevMesh sidecar now rejects requests containing routing keys upon error communicating with the route server. The status of such rejected requests is 599.
2024-10-17
API / Control Plane
Fixed
- Fixed case of Job reporting failed status incorrectly followed by a retry operation.
Changed
- Changes to job reconciliation logic to exclude completed jobs, improving time taken for jobs to queue and complete.
- Relaxed Resource Plugin validations (now the API accepts empty
create
anddelete
workflows). - Downward API environment variables are now applied to all baseline containers.
- Upgraded components to use go1.23.
Dashboard
Fixed
- Improved presentation of pagination when there are a large number of pages.
Changed
- Improved new YAML editor with syntax highlighting.
- Improved Jobs Filtering presentation.
- Reorganized tabs on the sidebar for better separation between administrative, platform & developer-facing entities.
2024-09-06
API / Control Plane
Fixed
- Validation now correctly handles sandboxes referencing non-existent resource plugins.
Dashboard
Fixed
- Renamed column in Analytics referencing "Sandbox ID" to "Routing Key".
2024-08-22
API / Control Plane
Fixed
- Bug fix: race condition on cluster disconnect, potentially leading to a deadlock.
Changed
- Improvement in the handling of jobs with references to deleted sandboxes.
2024-08-15
Operator v0.18.0
Added
- Jobs now have the capability to automatically inject routing key headers on all outgoing requests. Refer to the documentation for details.
- DevMesh now supports routing of websocket connections correctly to workloads locally and within the cluster.
Changed
- Routing in Istio mode matches VirtualServices on the
.spec.route[].destination.host
, which allows preserving of path rewrites and the HTTPRoute conditions under which routing occurs. Previously, VirtualService.spec.host
was used for selecting VirtualServices for modification. Refer to the documentation for details. - Upgraded components to use go1.22
Deprecated
- In Istio routing mode, the previous host-based selection of VirtualServices is
deprecated and requires setting a helm value of
istio.enableDeprecatedHostRouting
to use.
API / Control Plane
Changed
- Usage limits: APIs now enforce constraints based on revised pricing.
Fixed
- Fixed an issue causing Job and JobRunnerGroup cluster synchronisation to hang until agent restart.
- Minor fixes and improvements.
CLI v0.8.1
Added
- Jobs now have the capability to automatically inject routing key headers on all outgoing requests.
- Upgraded components to use go1.22
Dashboard
Added
- Billing page now displays information pertinent to revised pricing.
Fixed
- Fixed filtering of colored logs in logs panels.
- Usage quota banners are shown when jobs usage is nearing limits.
- Minor fixes and improvements.
2024-08-06
Dashboard
Fixed
- Fixed broken ToS link in the sign up flow.
2024-07-30
API / Control Plane
Fixed
- A validation bug in Job names caused active Jobs to become stuck in queued when the name include uppercase characters. Job names may now contain uppercase characters without getting stuck.
- Made the communication between cluster and control plane more robust for Jobs and JobRunnerGroups.
- Various security updates to third party dependencies.
Changed
- Signadot APIs no longer accepts requests with invalid empty Content-Length headers.
Dashboard
Added
- Analytics can now be used to track Jobs.
- Updates to Analytics to allow exporting data as CSV.
- Banner to surface when sandboxes usage is approaching quota for the organization.
Fixed
- Overview page cards view updates to work better across more zoom levels.
2024-07-10
Dashboard
Added
- Updated Overview page to a new cards layout with other minor design improvements.
2024-07-03
Dashboard
Added
- Analytics: Sandbox updates can now be tracked in addition to creation.
2024-06-27
API / Control Plane
Fixed
- Removed leading hyphens when generating names of Jobs with an unspecified
spec.namePrefix
. - Draining of non-operational JobRunnerGroups with queued, canceled Jobs now completes. Previously, these JobRunnerGroups were stuck in a non-operational state.
- A race condition in which a JobRunnerGroup queue could stop running Jobs until agent reconnection. When this condition occurs, we now continue running Jobs.
- A race condition in which applying many JobRunnerGroups for one cluster simultaneously could result in an Internal Server Error. The race has been removed.
Changed
- Kubernetes namespaces referenced in JobRunnerGroups must now exist when creating the JobRunnerGroup.
- Job submission is now denied with a status code 503 (Unavailable) if both no Pods are available and no previous Jobs were run. This helps prevent creating Jobs for broken JobRunnerGroups.
Dashboard
Added
- Ability to delete Job Runner Groups.
Fixed
- Inconsistencies in UI elements for add / delete.
2024-06-20
API / Control Plane
Added
- Support for running automated tests in Kubernetes using Jobs and Job Runner Groups. See guide for details.
- Support for artifact storage and retrieval from tests.
- Support for stdout and stderr streaming from running tests.
CLI v0.8.0
Added
- New sub-commands relating to the following
Dashboard
Added
- Creating & managing Job Runner Groups
- Managing Jobs, and viewing / downloading logs & artifacts associated with them.
2024-06-12
Operator v0.17.0
Added
- Added support for Job Runner Groups and Jobs.
2024-04-25
Dashboard
Added
- Support for default TTL per cluster for Sandboxes and RouteGroups (docs).
2024-04-16
API / Control Plane
Added
- Support for default TTL per cluster for Sandboxes and RouteGroups (docs).
2024-04-05
Operator v0.16.1
Fixed
- Problem during the computation of workload status in forked workload controller. This fixes issue #50.
- Enforce stricter limits in the names of the forked Argo Rollout objects to avoid the creation of pods with names exceeding 63 characters.
Dashboard
Added
- Improved layout of Route Groups and Resources detail pages.
Fixed
- Issue causing 401 Unauthorized errors in Explore UI.
2024-03-06
Operator v0.16.0
Added
- Local Sandboxes containing local workloads without associated services are now supported.
- The tunnel-proxy has a new RPC called GetHostnames used by signadot local connect to serve more Service types and operate independently of cluster IP networks.
Fixed
- When running with Istio enabled, the tunnel-proxy service now has better support for TCP over its socks5 server because the
appProtocol
field in the associated Service is now correctly configured for Istio. - Sandboxes with many forks were causing many unnecessary reconciles and reconciliation conflicts that could lead to hotlooping. This problem was fixed by adding stable orderings to some custom resource structures.
CLI v0.7.0
Added
- RouteGroups now support TTL.
- A new sub-command
signadot local proxy
is available, allowing one to proxy in-cluster services in a way similar to Kubernetes port-forwarding. - A new connection type,
ControlPlaneProxy
for signadot local connect is available, which allows usinglocal
without a kubeconfig - intended primarily for onboarding. - When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, all Kubernetes service names are now available via DNS on the local machine, instead of only clusterIP typed services. Additionally, in the case of StatefulSets with associated headless services, the StatefulSet pod names are available as a subdomain names of the service name
pod-0.name.namespace.svc
,pod-1.name.namespace.svc
etc. - When running signadot local connect against a cluster with Signadot Operator ≥ v0.16.0, local workloads with no associated services are now supported.
- There is a new field in the local section of the config file, called virtualIPNet documented here.
Changed
signadot local connect --wait
now accepts an optional string argument indicatingnone
,connect
orsandboxes
, defaulting toconnect
. These arguments cause the command to wait for nothing, outbound connection success, or outbound connection success and sandbox re-connection success respectively. By default,signadot local connect
now behaves assignadot local connect --wait connect
.- When connected to an operator version ≥ v0.16.0, traffic routing uses virtual IPs, which is safer and allows use in more contexts.
Deprecated
- The
outbound
field of a local connection is only pertinent when connecting to Signadot Operator < v0.16.0.
2024-03-01
API / Control Plane
Added
- Support for RouteGroup Time to Live (TTL).
- Support for a new proxy endpoint allowing proxy connections in the upcoming version of the CLI.
Fixed
- Fixed Bug when accessing forbidden resources (previously returned unauthorized instead of forbidden).
Chrome Extension v1.1.0
Fixed
- Fixed bug causing the extension to occasionally lose state and inject empty routing-key headers.
Dashboard
Added
- Support for RouteGroup Time to Live (TTL).
2024-02-15
API / Control Plane
Added
- Support for Role-Based Access Control (RBAC) with an
admin
andmember
roles. See docs for reference.
Fixed
- Fetching resources associated with a disconnected cluster now returns 502 HTTP status code instead of 500.
Dashboard
Added
- Support for Role-Based Access Control (RBAC).
- Inviting users via the "Users" page now allows specifying role as
admin
ormember
. - The "Users" list allows
admin
users to change the role of any other users tomember
. - Check docs for reference.
- Inviting users via the "Users" page now allows specifying role as
2024-02-08
Dashboard
Fixed
Resolved bug that prevented users from accessing kubectl
configuration for playground clusters.
2024-02-01
Dashboard
Changed
Minimum viewport width supported is now 800px instead of 1024px.
Fixed
Resolved bug that was allowing users to self-delete from the Dashboard.
Security
Critical upgrades to dependencies.
CLI v0.6.1
Added
Shortname aliases for sandbox (sb
), routegroup (rg
), cluster (cl
), and resourceplugins (rp
)
Fixed
While connected using signadot local connect
, the CLI now will not add
entries to /etc/hosts which contain an IP address outside of the ranges
configured to route to the cluster. Instead, it will log a warning.
2024-01-24
API / Control Plane
Fixed
- Resolved issue that caused new users to be unable to register using email / password based authentication.
- Resolved issue that caused an HTTP 500 error when new users attempt to login when "Auto-Provision users" setting in SSO is disabled. This now returns an HTTP 403 instead.
- Resolved issue where preview URLs in an invalid format would return an empty response. They now return HTTP 400.
2024-01-18
API / Control Plane
Fixed
- Fixed bug where listing resources associated with a sandbox when it is being deleted returned 500.
Dashboard
Added
- New Logs UI panel in the Sandbox Details page.
- Added support for SSO in the Enterprise Plan.
Operator v0.15.0
Added
- New Routes API gRPC & REST service for workload routing rules intended for supporting message queues in sandboxes, and custom routing use-cases. Available at https://github.com/signadot/routesapi, with associated documentation and supporting examples.
- The
routeserver
component now publishes metrics in Prometheus format.
Changed
- DevMesh sidecars use the new Routes API, offering a significant speedup in in-cluster routing propagation.
- DevMesh annotation (
sidecar.signadot.com/inject
) has changed:- The value
http
andgrpc
now behave the same astrue
and inject the envoy-based sidecar introduced in v0.14. "false"
(as a yaml string) will disable injection.- Parse errors of annotation values now also default to the above sidecar, logging an error.
- The value
- Local connect improvements
- Improved the method used to find the cluster IP network range in the Kubernetes cluster used to set up local networking. If it fails it will fall back to estimation as done previously.
- The
tunnel-api
no longer returns DNS entries to the CLI that are outside the specified CIDR range. As a result,/etc/hosts
managed in the CLI will omit entries outside the range.
Deprecated
- The environment variable
$SIGNADOT_SANDBOX_ID
in scripts in Resource Plugin steps is now deprecated, and the newly added$SIGNADOT_SANDBOX_ROUTING_KEY
should be used in its place.
Removed
- Images (
execpod-sidecar
) and CustomResourceDefinitions (signadotresources
andsignadotresourceplugins
) which were associated with V1 Resources have been removed. These have been superseded by V2 ResourcePlugins.
Fixed
- Fixed bug in DevMesh routing mode where workloads in sandboxes with no associated services were marked not ready when forked.
- Fixed bug causing traffic to be dropped temporarily when workstations running local sandboxes reconnect due to stale DNS entries.
- Fixed bug that caused forked and local workloads to flap between not-ready and ready during updates.
2024-01-10
API / Control Plane
Removed
- Legacy (v1) resource plugin support. This has been superseded by the v2 Resource Plugins API.
Dashboard
Fixed
- Error handling in the case of 404 errors.
- Incomplete fetching of information when deep-linking to view a particular cluster's information.
- Issue where some links appear without styling.
Removed
- Ability to view Legacy (v1) Resource Plugins has been removed.
2023-12-20
- API: Fixed issue with updates to sandboxes reporting ready incorrectly before the update is reflected in the cluster.
- API: Hidden field
spec.LocalMachineID
is no longer returned as part of the Sandbox Specification. - Previews: Connection pooling is now turned off for Preview URL requests to prevent unnecessary caching of in-cluster endpoint addresses.
2023-11-30
Operator v0.14.1 is now available
CLI v0.6.0 is now available
Chrome Extension v1.0.0 is now available (beta)
If you are consuming metrics for the operator within your infrastructure, v0.14.1 has a breaking change in the endpoints and the metric names. See docs for more details.
- Operator:
- Metrics
- Breaking change: the metrics endpoints & names have changed in v0.14.1. Refer to monitoring docs for details.
- Added new metrics that track individual entities (sandboxes, routegroups, resources), as well as component specific metrics. Refer to docs for details.
- Routing / DevMesh
- Fixed low timeouts on HTTP and gRPC connections proxied via the DevMesh sidecar.
- Proxying of HTTP1.0 connections is now supported.
- Routing / Istio
- Fixed routing between local workloads and forked workloads in Istio mode. Note that this in turn
disables the audit logging sidecar, thereby allowing the istio-sidecar to come up on the
tunnel-proxy
.
- Fixed routing between local workloads and forked workloads in Istio mode. Note that this in turn
disables the audit logging sidecar, thereby allowing the istio-sidecar to come up on the
- Local
- Fixed bug that caused
signadot local
connections to not self-heal in certain cases when the connection is interrupted.
- Fixed bug that caused
- Misc
- Improved naming of workloads created by sandboxes to accommodate more information about the baseline workload. Previously, both sandboxID and sandboxName were included in the workload name, of which sandboxID has been dropped in v0.14.1.
- General improvements, and updates to Kubernetes dependencies (controller-runtime).
- Metrics
- API:
- Sandbox Updates:
forks
&local
workloads can now be added / removed as part of sandbox updates with operator v0.14+ - signadot/community#40: Support for hybrid sandboxes: You can now create sandboxes that have both
forks
andlocals
alongside each other with operator v0.14+.
- Sandbox Updates:
- CLI:
- CLI v0.6.0 is now available.
- In combination with v0.14.1 for the operator, sandboxes with local workloads now have machine
affinity. When
signadot local connect
is run, any sandboxes that were previously associated with a machine and not deleted will re-associate with the machine. Refer to local workloads documentation for details. --clean-local-sandboxes
flag added tosignadot local disconnect
to delete the locally associated sandboxes during disconnect.
- Other:
- Chrome Extension for Signadot to set routing headers for Sandboxes and RouteGroups is now in beta.
2023-11-15
- Integrations: Fixed bug where sandbox update fails validation but updates Pull Request commit status.
- CLI: v0.5.4 is now available:
- Fix to update /etc/hosts correctly when
signadot local
is running in docker.
- Fix to update /etc/hosts correctly when
2023-11-06
- Web: Sandbox Details page is now updated with improved information architecture.
- Web: Sandbox Details > Explore has been introduced for exploratory testing of HTTP APIs.
2023-11-02
- API: Multiple ports can now be mapped for local workloads with Operator v0.14+.
- Control Plane: Robustness improvements to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.
2023-10-26
- Integrations: GitHub Pull Request Integration now adds a status check to the Pull Request with information about the sandbox.
- Control Plane: Robustness improvements & bug fixes to the controller responsible for managing Sandboxes and RouteGroups within connected clusters.
2023-10-12
Operator v0.14.0 is now available
Istio Routing
If you are not using Istio-based routing with Sandboxes, you can ignore this
note. If you are using Istio for routing, the release v0.14 and above of the
operator will require setting the istio.enabled
parameter in helm
values.
Note that this was automatically and implicit set in previous versions of the
operator, and you will need to explicitly set this value to true
during the
upgrade to avoid disruption.
Removal of support for v1.createWorkspace API
The v1.createWorkspace API is no longer supported with operator v0.14 and above. Please use the stable v2 APIs instead.
- Operator: New routing implementation addresses
signadot/community#26.
- Sandbox routing now supports pods serving on multiple ports.
- Sandbox routing makes use of Kubernetes Services for routing and removes dependency
on pod's ContainerPort specification.
- Every sandboxed workload will now create Kubernetes Services that are counterparts of each baseline service and use them for routing.
- Istio specific improvements:
- Status reporting of VirtualServices being patched and partially managed by Signadot.
- Error reporting if
spec.gateways
is specified in a VirtualService without amesh
entry. See docs for more details. - Various error reporting and debuggability improvements.
- DevMesh (previously Signadot Sidecar Routing) specific improvements:
- Updated sidecar webhook to avoid system namespaces (kube-system, kube-node-lease) to prevent warnings in GKE.
- Reporting of an error if DevMesh routing is enabled but the baseline workload does not have the DevMesh sidecar injected.
- Workload Management:
- Sandbox deletions are faster because deletions of dependent resources are now performed in the background.
- See architecture documentation for details on new Custom Resources and Controllers.
- API: Improved validation when specifying Preview Endpoint targets.
- UI: Logs Viewer now allows choosing which container to get logs from.
- UI: Fix for list of Preview Endpoint targets showing too many entries at once when creating / editing a RouteGroup.
- CLI: v0.5.3 is now available:
- Fixed issue in
signadot local connect
that caused it to fail when using Azure AD legacy authentication in kubeconfig.
- Fixed issue in
2023-09-27
- API: Improved validation for custom patch in Sandbox fork customizations.
- UI: Fixed bugs causing page crashes in the case of API errors.
- CLI v0.5.2 is now available:
- Fixed signadot/community#33: fixed display of sandbox TTL when updatedAt is used.
2023-09-16
- UI: Dashboard redesign with several improvements to presentation and navigation.
- API: Fixed bug where specifying an empty value for a fork environment variable returned an unexpected validation error.
2023-09-08
Operator v0.13.3 is now available
- Operator: New implementation for Signadot
Sidecar based on Envoy
is now available. You can opt into this now if you use
sidecar.signadot.com/inject: "true"
in baseline manifests. This will be the default in v0.14+. If you are using Signadot Sidecar for routing, take a look at the Upgrade Considerations note below. - Operator: Fixed bug in Resource Controller that caused a resource to be marked as failed despite succeeding when pulling images took too long.
- Operator: Fixed issue with iptables dependency that caused Tunnel Proxy to not initialize correctly. This bug affected running local workloads as part of sandboxes when deployed on recent Kubernetes Node OS versions.
This note only applies if you are using Signadot Sidecar-based routing, and using docker image mirroring. The image customization parameters have the following changes:
routeInit.image
is now renamed torouteInit.legacy.image
routeSidecar.image
is now renamed torouteSidecar.legacy.image
This has been done to make way for a new opt-in envoy-based sidecar implementation that will become the new default starting in v0.14+. When upgrading, if you are using either of the above helm parameters, please rename them to the new parameter names to avoid disruption.
2023-08-24
- CLI v0.5.1 released, adding support for
--wait
and--wait-timeout
tosignadot local connect
. - Sandbox
apply
operations with no change in spec (update scenario) are deemed no-op and are not processed. - Sandboxes now support new TTL with respect to
updatedAt
. - UI: Displays spec for Sandboxes, Resource Plugins and RouteGroups on the respective detail pages.
2023-08-02
Operator v0.13.2 is now available
- Operator v0.13.2
- Upgrades build toolchain to use go 1.20.
- Improvements to helm templating for compatibility with versions of Helm before v3.10.
- Playground clusters now support Sandboxes with local workloads.
- UI: Minor presentation improvements.