chore: make api-proto to support go module style (#4402 )

tweak on make api-proto to support go module style Signed-off-by: Rafael Brito <rafa@stormforge.io>
fix(deps): bumping k8s modules to 0.30.14 fixes #4210 Rollout CRD and mitigates #4180 (#4212 )
2025-08-08 11:18:18 -05:00 · 2025-08-07 19:20:37 -05:00 · 2025-08-07 19:19:46 -05:00 · 2025-07-24 10:26:32 -05:00 · 2025-07-24 10:25:42 -05:00 · 2025-07-24 10:25:23 -05:00
501 changed files with 50209 additions and 8212 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@ -8,13 +8,16 @@ coverage:
      default:
        threshold: 0.1
 ignore:
-  - "pkg/apis/rollouts/v1alpha1"
-  - "test"
-  - "**/*.pb.go"
-  - "**/*.pb.gw.go"
-  - "**/*generated.go"
-  - "**/*generated.deepcopy.go"
-  - "**/*_test.go"
-  - "pkg/apis/client/.*"
-  - "pkg/client/.*"
-  - "vendor/.*"
+  - 'pkg/apis/rollouts/v1alpha1'
+  - 'test'
+  - '**/*.pb.go'
+  - '**/*.pb.gw.go'
+  - '**/*generated.go'
+  - '**/*generated.deepcopy.go'
+  - '**/*_test.go'
+  - 'pkg/apis/client/.*'
+  - 'pkg/client/.*'
+  - 'vendor/.*'
+  - '**/mocks/*'
+  - 'hack/gen-crd-spec/main.go'
+  - 'hack/gen-docs/main.go'
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -2,7 +2,7 @@ Checklist:

 * [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-rollouts/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this is a chore.
 * [ ] The title of the PR is (a) [conventional](https://www.conventionalcommits.org/en/v1.0.0/) with a list of types and scopes found [here](https://github.com/argoproj/argo-rollouts/blob/master/.github/workflows/pr-title-check.yml), (b) states what changed, and (c) suffixes the related issues number. E.g. `"fix(controller): Updates such and such. Fixes #1234"`.  
-* [ ] I've signed my commits with [DCO](https://github.com/argoproj/argoproj)
+* [ ] I've signed my commits with [DCO](https://github.com/argoproj/argoproj/blob/main/community/CONTRIBUTING.md#legal)
 * [ ] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
 * [ ] My builds are green. Try syncing with master if they are not. 
-* [ ] My organization is added to [USERS.md](https://github.com/argoproj/argo-rollouts/blob/master/USERS.md).
+* [ ] My organization is added to [USERS.md](https://github.com/argoproj/argo-rollouts/blob/master/USERS.md).
--- a/.github/workflows/changelog.yml
+++ b/.github/workflows/changelog.yml
@ -12,7 +12,7 @@ jobs:
      pull-requests: write  # for peter-evans/create-pull-request to create a PR
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Update Changelog
@ -23,7 +23,7 @@ jobs:
          ./git-chglog --sort semver -o CHANGELOG.md v1.3.1..
          rm git-chglog
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v7
        with:
          commit-message: update changelog
          title: "docs: Update Changelog"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -27,11 +27,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
        # Override language selection by uncommenting this and choosing your languages
        # with:
        #   languages: go, javascript, csharp, python, cpp, java
@ -39,7 +39,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 https://git.io/JvXDl
@ -53,4 +53,4 @@ jobs:
      #   make release

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@ -28,7 +28,7 @@ jobs:
    steps:
      - name: Docker meta (controller)
        id: controller-meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            quay.io/argoproj/argo-rollouts
@ -38,7 +38,7 @@ jobs:

      - name: Docker meta (plugin)
        id: plugin-meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
        with:
          images: |
            quay.io/argoproj/kubectl-argo-rollouts
@ -61,13 +61,13 @@ jobs:
    needs: [set-vars]
    permissions:
      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
+      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
      id-token: write # for creating OIDC tokens for signing.
    uses: ./.github/workflows/image-reuse.yaml
    with:
      quay_image_name: ${{ needs.set-vars.outputs.controller-meta-tags }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.20'
+      go-version: '1.23'
      platforms: ${{ needs.set-vars.outputs.platforms }}
      push: ${{ github.event_name != 'pull_request' }}
    secrets:
@ -78,13 +78,13 @@ jobs:
    needs: [set-vars]
    permissions:
      contents: read
-      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
+      packages: write # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
      id-token: write # for creating OIDC tokens for signing.
    uses: ./.github/workflows/image-reuse.yaml
    with:
      quay_image_name: ${{ needs.set-vars.outputs.plugin-meta-tags }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.20'
+      go-version: '1.23'
      platforms: ${{ needs.set-vars.outputs.platforms }}
      push: ${{ github.event_name != 'pull_request' }}
      target: kubectl-argo-rollouts
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -1,98 +0,0 @@
-name: E2E Tests
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'release-*'
-  pull_request:
-    branches:
-      - 'master'
-      - 'release-*'
-  workflow_dispatch:
-    inputs:
-      debug_enabled:
-        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
-        required: false
-        default: false
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  event_file:
-    name: "Event File"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Upload
-        uses: actions/upload-artifact@v3
-        with:
-          name: Event File
-          path: ${{ github.event_path }}
-  test-e2e:
-    strategy:
-      fail-fast: false
-      matrix:
-        kubernetes-minor-version:
-          - 1.23
-          - 1.24
-          - 1.25
-          - 1.26
-    name: Run end-to-end tests
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set up Go
-        uses: actions/setup-go@v4.1.0
-        with:
-          go-version: '1.20'
-      - uses: actions/checkout@v3.1.0
-      - name: Setup k3s
-        env:
-          INSTALL_K3S_CHANNEL: v${{ matrix.kubernetes-minor-version }}
-        run: |
-          curl -sfL https://get.k3s.io | sh -
-          sudo mkdir ~/.kube
-          sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
-          sudo chmod 755 ~/.kube/config
-          kubectl version
-          kubectl create ns argo-rollouts
-      - uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-      - name: Download cache
-        run: go mod download
-      - name: Install CRDs
-        run: |
-          kubectl apply -k  manifests/crds
-          kubectl apply -f  test/e2e/crds
-      - name: Start controller
-        run: make start-e2e 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-controller.log &
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
-        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true'}}
-      - name: Run e2e tests
-        run: make test-e2e
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true') }}
-      - name: Output Rerun Overview
-        run: |
-          [[ -f rerunreport.txt ]] && cat rerunreport.txt || echo "No rerun report found"
-      - name: Upload E2E Test Results
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: E2E Test Results (k8s ${{ matrix.kubernetes-minor-version }})
-          path: |
-            junit.xml
-      - name: Upload e2e-controller logs
-        uses: actions/upload-artifact@v3
-        with:
-          name: e2e-controller-k8s-${{ matrix.kubernetes-minor-version }}.log
-          path: /tmp/e2e-controller.log
-        if: ${{ failure() }}
--- a/.github/workflows/gh-pages.yaml
+++ b/.github/workflows/gh-pages.yaml
@ -15,25 +15,25 @@ permissions:
 jobs:
  deploy:
    permissions:
-      contents: write  # for peaceiris/actions-gh-pages to push pages branch
+      contents: write # for peaceiris/actions-gh-pages to push pages branch
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3.1.0
+      - uses: actions/checkout@v4
      - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
        with:
          python-version: 3.x
      - name: Set up Go
-        uses: actions/setup-go@v4.1.0
+        uses: actions/setup-go@v5.4.0
        with:
-          go-version: '1.20'
+          go-version: '1.23'
      - name: build
        run: |
          pip install mkdocs mkdocs_material
          make docs
          mkdocs build
      - name: Deploy
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_dir: ./site
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -2,14 +2,14 @@ name: Go
 on:
  push:
    branches:
-      - "master"
-      - "release-*"
+      - 'master'
+      - 'release-*'
  pull_request:
    branches:
-      - "master"
+      - 'master'
 env:
  # Golang version to use across CI steps
-  GOLANG_VERSION: '1.20'
+  GOLANG_VERSION: '1.23'

 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
@ -19,48 +19,39 @@ permissions:
  contents: read

 jobs:
-  event_file:
-    name: "Event File"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Upload
-        uses: actions/upload-artifact@v3
-        with:
-          name: Event File
-          path: ${{ github.event_path }}
  lint-go:
    permissions:
-      contents: read  # for actions/checkout to fetch code
-      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
+      contents: read # for actions/checkout to fetch code
+      pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
    name: Lint Go code
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go
-        uses: actions/setup-go@v4.1.0
+        uses: actions/setup-go@v5.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Checkout code
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4
      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v8
        with:
-          version: v1.53.3
+          version: v2.1.6
          args: --timeout 6m
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Set up Go
-        uses: actions/setup-go@v4.1.0
+        uses: actions/setup-go@v5.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
        id: go

      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4

      - name: Restore go build cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@ -72,28 +63,6 @@ jobs:
      - name: Compile all packages
        run: make controller plugin

-      - name: Test
-        run: make test-unit
-
-      - name: Upload Unit Test Results
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: Unit Test Results
-          path: |
-            junit.xml
-
-      - name: Generate code coverage artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: code-coverage
-          path: coverage.out
-
-      - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@v3.1.4
-        with:
-          file: coverage.out
-
  codegen:
    name: Verify Codegen
    runs-on: ubuntu-latest
@ -101,9 +70,9 @@ jobs:
      GOPATH: /home/runner/go
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4
      - name: Setup Golang
-        uses: actions/setup-go@v4.1.0
+        uses: actions/setup-go@v5.4.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      # k8s codegen generates files into GOPATH location instead of the GitHub git checkout location
@ -112,15 +81,15 @@ jobs:
        run: |
          mkdir -p ~/go/src/github.com/argoproj
          ln -s $(pwd) ~/go/src/github.com/argoproj/argo-rollouts
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        with:
          path: /home/runner/.cache/go-build
          key: GOCACHE-${{ hashFiles('**/go.mod') }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        with:
          path: /home/runner/go/pkg/mod
          key: GOMODCACHE-${{ hashFiles('**/go.mod') }}
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
        with:
          path: /home/runner/go/bin
          key: go-bin-v1-${{ hashFiles('**/go.mod') }}
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@ -58,28 +58,28 @@ jobs:
      image-digest: ${{ steps.image.outputs.digest }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
+        uses: actions/checkout@v4 # v3.3.0
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
        if: ${{ github.ref_type == 'tag'}}

      - name: Checkout code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
+        uses: actions/checkout@v4 # v3.3.0
        if: ${{ github.ref_type != 'tag'}}

      - name: Setup Golang
-        uses: actions/setup-go@v4.1.0 # v3.5.0
+        uses: actions/setup-go@v5.4.0 # v3.5.0
        with:
          go-version: ${{ inputs.go-version }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
        with:
-          cosign-release: 'v2.0.2'
+          cosign-release: 'v2.2.0'

-      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
-      - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Setup tags for container image as a CSV type
        run: |
@ -106,7 +106,7 @@ jobs:
            echo 'EOF' >> $GITHUB_ENV

      - name: Login to Quay.io
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: quay.io
          username: ${{ secrets.quay_username }}
@ -114,7 +114,7 @@ jobs:
        if: ${{ inputs.quay_image_name && inputs.push }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ secrets.ghcr_username }}
@ -122,7 +122,7 @@ jobs:
        if: ${{ inputs.ghcr_image_name && inputs.push }}

      - name: Login to dockerhub Container Registry
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.docker_username }}
          password: ${{ secrets.docker_password }}
@ -130,7 +130,7 @@ jobs:

      - name: Build and push container image
        id: image
-        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 #v4.1.1
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
        with:
          context: .
          platforms: ${{ inputs.platforms }}
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -7,7 +7,7 @@ on:
 permissions: {}

 env:
-  GOLANG_VERSION: '1.20' # Note: go-version must also be set in job controller-image.with.go-version & plugin-image.with.go-version.
+  GOLANG_VERSION: '1.23' # Note: go-version must also be set in job controller-image.with.go-version & plugin-image.with.go-version.

 jobs:
  controller-image:
@ -19,7 +19,7 @@ jobs:
    with:
      quay_image_name: quay.io/argoproj/argo-rollouts:${{ github.ref_name }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.20'
+      go-version: '1.23'
      platforms: linux/amd64,linux/arm64
      push: true
    secrets:
@ -35,7 +35,7 @@ jobs:
    with:
      quay_image_name: quay.io/argoproj/kubectl-argo-rollouts:${{ github.ref_name }}
      # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
-      go-version: '1.20'
+      go-version: '1.23'
      platforms: linux/amd64,linux/arm64
      push: true
      target: kubectl-argo-rollouts
@ -44,62 +44,61 @@ jobs:
      quay_password: ${{ secrets.QUAY_ROBOT_TOKEN }}

  controller-image-provenance:
-      needs:
-        - controller-image
-      permissions:
-        actions: read # for detecting the Github Actions environment.
-        id-token: write # for creating OIDC tokens for signing.
-        packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-      # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
-      with:
-        image: quay.io/argoproj/argo-rollouts
-        digest: ${{ needs.controller-image.outputs.image-digest }}
-      secrets:
-        registry-username: ${{ secrets.QUAY_USERNAME }}
-        registry-password: ${{ secrets.QUAY_ROBOT_TOKEN }}
+    needs:
+      - controller-image
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
+    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
+    with:
+      image: quay.io/argoproj/argo-rollouts
+      digest: ${{ needs.controller-image.outputs.image-digest }}
+    secrets:
+      registry-username: ${{ secrets.QUAY_USERNAME }}
+      registry-password: ${{ secrets.QUAY_ROBOT_TOKEN }}

  plugin-image-provenance:
-      needs:
-        - plugin-image
-      permissions:
-        actions: read # for detecting the Github Actions environment.
-        id-token: write # for creating OIDC tokens for signing.
-        packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
-      # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.8.0
-      with:
-        image: quay.io/argoproj/kubectl-argo-rollouts
-        digest: ${{ needs.plugin-image.outputs.image-digest }}
-      secrets:
-        registry-username: ${{ secrets.QUAY_USERNAME }}
-        registry-password: ${{ secrets.QUAY_ROBOT_TOKEN }}
-
+    needs:
+      - plugin-image
+    permissions:
+      actions: read # for detecting the Github Actions environment.
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
+    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
+    with:
+      image: quay.io/argoproj/kubectl-argo-rollouts
+      digest: ${{ needs.plugin-image.outputs.image-digest }}
+    secrets:
+      registry-username: ${{ secrets.QUAY_USERNAME }}
+      registry-password: ${{ secrets.QUAY_ROBOT_TOKEN }}

  release-artifacts:
    permissions:
-      contents: write  # for softprops/action-gh-release to create GitHub release
+      contents: write # for softprops/action-gh-release to create GitHub release
    runs-on: ubuntu-latest
    outputs:
      hashes: ${{ steps.hash.outputs.hashes }}

    steps:
      - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@v4 # v3.5.2
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Golang
-        uses: actions/setup-go@v4.1.0 # v4.0.1
+        uses: actions/setup-go@v5.4.0 # v4.0.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Generate release artifacts
        run: |
@ -108,7 +107,7 @@ jobs:
          make manifests IMAGE_TAG=${{ github.ref_name }}

      - name: Draft release
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v0.1.15
        with:
          tag_name: ${{ github.event.inputs.tag }}
          draft: true
@ -132,7 +131,6 @@ jobs:
        run: |
          echo "hashes=$(sha256sum ./dist/kubectl-argo-rollouts-* ./manifests/*.yaml | base64 -w0)" >> "$GITHUB_OUTPUT"

-
  release-artifacts-provenance:
    needs:
      - release-artifacts
@ -141,10 +139,10 @@ jobs:
      id-token: write # Needed for provenance signing and ID
      contents: write #  Needed for release uploads
    # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.8.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
    with:
-      base64-subjects: "${{ needs.release-artifacts.outputs.hashes }}"
-      provenance-name: "argo-rollouts.intoto.jsonl"
+      base64-subjects: '${{ needs.release-artifacts.outputs.hashes }}'
+      provenance-name: 'argo-rollouts.intoto.jsonl'
      upload-assets: true
      draft-release: true

@ -159,20 +157,20 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
+        uses: actions/checkout@v4 # v3.3.0
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Setup Golang
-        uses: actions/setup-go@v4.1.0 # v4.0.0
+        uses: actions/setup-go@v5.4.0 # v4.0.0
        with:
          go-version: ${{ env.GOLANG_VERSION }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 # v3.0.3
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
        with:
-          cosign-release: 'v2.0.2'
+          cosign-release: 'v2.2.0'

      - name: Generate SBOM (spdx)
        id: spdx-builder
@ -183,7 +181,7 @@ jobs:
          SIGS_BOM_VERSION: v0.2.1
          # comma delimited list of project relative folders to inspect for package
          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: ".,./ui"
+          PROJECT_FOLDERS: '.,./ui'
          # full qualified name of the container image to be inspected
          CONTAINER_IMAGE: quay.io/argoproj/argo-rollouts:${{ github.event.inputs.tag }}

@ -214,7 +212,7 @@ jobs:
            /tmp/sbom.tar.gz

      - name: Upload SBOM and signature assets
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@da05d552573ad5aba039eaac05058a918a7bf631 # v0.1.15
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@ -232,7 +230,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.3.0
+        uses: actions/checkout@v4 # v3.3.0
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/stale-issues-pr.yml
+++ b/.github/workflows/stale-issues-pr.yml
@ -13,7 +13,7 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
        with:
          operations-per-run: 250
          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'
--- a/.github/workflows/e2e-test-results.yml
+++ b/.github/workflows/e2e-test-results.yml
@ -1,9 +1,9 @@
 # use separate workflow to support fork repositories and dependabot branches when publishing test results: see https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories-and-dependabot-branches
-name: Test Results
+name: Testing Results

 on:
  workflow_run:
-    workflows: ["E2E Tests", "Go"]
+    workflows: ["Testing"]
    types:
      - completed
 permissions: {}
@ -19,27 +19,31 @@ jobs:
      actions: read
    steps:
      - name: Download and Extract Artifacts
-        # TODO repace with native actions/download-artifact once it supports downloading from another workflow: https://github.com/actions/download-artifact/issues/3
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: |
-          mkdir -p artifacts && cd artifacts
-          artifacts_url=${{ github.event.workflow_run.artifacts_url }}
-          gh api "$artifacts_url" -q '.artifacts[] | [.name, .archive_download_url] | @tsv' | while read artifact
-          do
-            IFS=$'\t' read name url <<< "$artifact"
-            gh api $url > "$name.zip"
-            unzip -d "$name" "$name.zip"
-          done
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          run-id: ${{ github.event.workflow_run.id }}
+          path: artifacts
+          github-token: ${{ secrets.GITHUB_TOKEN }}

-      - name: Publish Test Results
+      - name: Publish E2E Test Results
        uses: EnricoMi/publish-unit-test-result-action@v2
        with:
-          check_name: "${{ github.event.workflow.name }} Published Test Results"
-          commit: ${{ github.event.workflow_run.head_sha }}
-          event_file: artifacts/Event File/event.json
-          event_name: ${{ github.event.workflow_run.event }}
-          junit_files: "artifacts/**/junit.xml"
+          check_name: "Published E2E Test Results"
          compare_to_earlier_commit: false
          test_changes_limit: 0
          fail_on: "errors"
+          commit: ${{ github.event.workflow_run.head_sha }}
+          event_file: artifacts/Event File/event.json
+          event_name: ${{ github.event.workflow_run.event }}
+          files: "artifacts/**/junit-e2e-test.xml"
+      - name: Publish Unit Test Results
+        uses: EnricoMi/publish-unit-test-result-action@v2
+        with:
+          check_name: "Published Unit Test Results"
+          compare_to_earlier_commit: false
+          test_changes_limit: 0
+          fail_on: "errors"
+          commit: ${{ github.event.workflow_run.head_sha }}
+          event_file: artifacts/Event File/event.json
+          event_name: ${{ github.event.workflow_run.event }}
+          files: "artifacts/**/junit-unit-test.xml"
--- a/.github/workflows/testing.yaml
+++ b/.github/workflows/testing.yaml
@ -0,0 +1,195 @@
+name: Testing
+
+on:
+  push:
+    branches:
+      - 'master'
+      - 'release-*'
+  pull_request:
+    branches:
+      - 'master'
+      - 'release-*'
+  workflow_dispatch:
+    inputs:
+      debug_enabled:
+        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
+        required: false
+        default: false
+env:
+  # Golang version to use across CI steps
+  GOLANG_VERSION: '1.23'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  event_file:
+    name: 'Event File'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Upload
+        uses: actions/upload-artifact@v4
+        with:
+          name: Event File
+          path: ${{ github.event_path }}
+  test-unit:
+    name: Run unit tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5.4.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+
+      - name: Restore go build cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/go-build
+          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
+
+      - name: Download all Go modules
+        run: |
+          go mod download
+      - name: Test
+        run: make test-unit
+
+      - name: Upload Unit Test Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: Unit Test Results
+          path: |
+            junit-unit-test.xml
+      - name: Generate code coverage artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-output-unit
+          path: coverage-output-unit
+
+  test-e2e:
+    strategy:
+      fail-fast: false
+      matrix:
+        kubernetes:
+          - version: '1.28'
+            latest: false
+          - version: '1.29'
+            latest: false
+          - version: '1.30'
+            latest: false
+          - version: '1.31'
+            latest: true
+    name: Run end-to-end tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5.4.0
+        with:
+          go-version: '1.23'
+      - uses: actions/checkout@v4
+      - name: Setup k3s
+        env:
+          INSTALL_K3S_CHANNEL: v${{ matrix.kubernetes.version }}
+        run: |
+          curl -sfL https://get.k3s.io | sh -
+          sudo mkdir ~/.kube
+          sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
+          sudo chmod 755 ~/.kube/config
+          kubectl version
+          kubectl create ns argo-rollouts
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+      - name: Download cache
+        run: go mod download
+      - name: Install CRDs
+        run: |
+          kubectl apply -k  manifests/crds
+          kubectl apply -f  test/e2e/crds
+      - name: Start controller
+        run: make start-e2e 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-controller.log &
+      - name: Setup tmate session
+        uses: mxschmitt/action-tmate@v3
+        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true'}}
+      - name: Run e2e tests
+        run: |
+          make test-e2e
+        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true') }}
+      - name: Stop e2e tests controller
+        run: |
+          pgrep -f go-build -a
+          pkill -f go-build
+          sleep 5
+          echo "done stopping process"
+          ls -lah coverage-output-e2e/
+        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true' && matrix.kubernetes.latest)}}
+      - name: Output Rerun Overview
+        run: |
+          [[ -f rerunreport.txt ]] && cat rerunreport.txt || echo "No rerun report found"
+      - name: Upload E2E Test Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: E2E Test Results (k8s ${{ matrix.kubernetes.version }})
+          path: |
+            junit-e2e-test.xml
+      - name: Upload e2e-controller logs
+        uses: actions/upload-artifact@v4
+        with:
+          name: e2e-controller-k8s-${{ matrix.kubernetes.version }}.log
+          path: /tmp/e2e-controller.log
+        if: ${{ always() }}
+      - name: Upload code coverage artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-output-e2e
+          path: coverage-output-e2e
+        if: ${{ matrix.kubernetes.latest }}
+
+  coverage-process:
+    name: Process Coverage Files
+    runs-on: ubuntu-latest
+    needs:
+      - test-unit
+      - test-e2e
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v5.4.0
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+        id: go
+      - uses: actions/checkout@v4
+      - name: Get e2e code coverage
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: coverage-output-e2e
+          path: coverage-output-e2e
+      - name: Get unit test code coverage
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: coverage-output-unit
+          path: coverage-output-unit
+      - name: combine-go-coverage
+        run: |
+          go tool covdata textfmt -i=coverage-output-unit/,coverage-output-e2e/ -o full-coverage.out
+      - name: Upload code coverage information to codecov.io
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          file: full-coverage.out
+          fail_ci_if_error: false
+          codecov_yml_path: .codecov.yml
+          disable_search: true
+          verbose: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/waiting-issues.yml
+++ b/.github/workflows/waiting-issues.yml
@ -13,7 +13,7 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
        with:
          operations-per-run: 250
          stale-issue-message: 'This issue is stale because it has awaiting-response label for 5 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
--- a/.gitignore
+++ b/.gitignore
@ -2,9 +2,11 @@
 .idea/
 .DS_Store
 dist/
+github.com/
+k8s.io/
 *.iml
 # delve debug binaries
-__debug_bin
+__debug_bin*
 cmd/**/debug
 debug.test
 coverage.out
@ -17,3 +19,7 @@ plugin-bin/
 # static
 server/static/*
 !server/static/.gitkeep
+coverage-output-e2e/
+coverage-output-unit/
+junit*
+
--- a/.golangci.yml
+++ b/.golangci.yml
@ -1,20 +1,41 @@
+version: "2"
 run:
-  deadline: 1m
-  skip-files:
-    - ".*\\.pb\\.go"
-  skip-dirs:
-    - pkg/client
  modules-download-mode: readonly
-linter-settings:
-  goimports:
-    local-prefixes: github.com/argoproj/argo-rollouts
+  timeout: 10m
 linters:
+  default: none
+  enable:
+    - govet
+    - ineffassign
+    - misspell
+    - unconvert
+    - unused
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    paths:
+      - .*\.pb\.go
+      - pkg/client
+      - third_party$
+      - builtin$
+      - examples$
+formatters:
  enable:
-    - vet
    - gofmt
    - goimports
-    - unused
-    - ineffassign
-    - unconvert
-    - misspell
-  disable-all: true
+  settings:
+    goimports:
+      local-prefixes:
+        - github.com/argoproj/argo-rollouts
+  exclusions:
+    generated: lax
+    paths:
+      - .*\.pb\.go
+      - pkg/client
+      - third_party$
+      - builtin$
+      - examples$
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@ -0,0 +1,12 @@
+version: 2
+formats: all
+mkdocs:
+  configuration: mkdocs.yml
+  fail_on_warning: false
+python:
+  install:
+    - requirements: docs/requirements.txt
+build:
+  os: "ubuntu-22.04"
+  tools:
+    python: "3.7"
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@ -1,7 +0,0 @@
-version: 2
-formats: all
-mkdocs:
-  fail_on_warning: false
-python:
-  install:
-    - requirements: docs/requirements.txt
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,879 @@

+<a name="v1.8.3"></a>
+## [v1.8.3](https://github.com/argoproj/argo-rollouts/compare/v1.8.2...v1.8.3) (2025-05-31)
+
+### Chore
+
+* **deps:** bump github.com/golang-jwt/jwt to 4.5.2 ([#4235](https://github.com/argoproj/argo-rollouts/issues/4235)) ([#4236](https://github.com/argoproj/argo-rollouts/issues/4236))
+* **deps:** bump golang.org/x/oauth2 from 0.24.0 to 0.29.0 to fix CVE-2025-22868 ([#4225](https://github.com/argoproj/argo-rollouts/issues/4225))
+
+### Docs
+
+* explain skew policy between the kubectl plugin and the controller ([#4300](https://github.com/argoproj/argo-rollouts/issues/4300))
+* blue green w/ ALB not supported without downtime ([#4259](https://github.com/argoproj/argo-rollouts/issues/4259))
+
+### Fix
+
+* abort scenario where canary/stable service is not provided ([#4299](https://github.com/argoproj/argo-rollouts/issues/4299))
+* restarts during updates could cause downtime ([#4221](https://github.com/argoproj/argo-rollouts/issues/4221))
+* **experiments:** fire rollout event on experiment step ([#4124](https://github.com/argoproj/argo-rollouts/issues/4124))
+* **trafficrouting:** patch VirtualService when there is only one named route ([#4055](https://github.com/argoproj/argo-rollouts/issues/4055))
+
+
+<a name="v1.8.2"></a>
+## [v1.8.2](https://github.com/argoproj/argo-rollouts/compare/v1.8.1...v1.8.2) (2025-03-21)
+
+### Fix
+
+* Revert "fix(controller):  rollout stuck in `Progressing`. fixes [#3988](https://github.com/argoproj/argo-rollouts/issues/3988)" ([#4201](https://github.com/argoproj/argo-rollouts/issues/4201))
+* **analysis:** prevent promotion on inconclusive background run. Fixes: [#3850](https://github.com/argoproj/argo-rollouts/issues/3850) ([#3873](https://github.com/argoproj/argo-rollouts/issues/3873))
+
+<a name="v1.8.1"></a>
+## [v1.8.1](https://github.com/argoproj/argo-rollouts/compare/v1.8.0...v1.8.1) (2025-03-15)
+
+### Chore
+
+* **deps:** Updated go version in go.mod file ([#4182](https://github.com/argoproj/argo-rollouts/issues/4182))
+
+### Docs
+
+* new syntax for docs conf ([#4012](https://github.com/argoproj/argo-rollouts/issues/4012))
+
+### Fix
+
+* guardrail to not overload stable replicaset ([#3878](https://github.com/argoproj/argo-rollouts/issues/3878))
+* redo PR 3639 ([#4114](https://github.com/argoproj/argo-rollouts/issues/4114))
+* check ephemeral metadata is set before delete ([#4089](https://github.com/argoproj/argo-rollouts/issues/4089))
+* correct typo in linter settings key name ([#4094](https://github.com/argoproj/argo-rollouts/issues/4094))
+* loop when paused and completed ([#4134](https://github.com/argoproj/argo-rollouts/issues/4134))
+* nil pointer on logging ([#4127](https://github.com/argoproj/argo-rollouts/issues/4127))
+* Upgrade go-retryablehttp to v0.7.7 ([#3743](https://github.com/argoproj/argo-rollouts/issues/3743))
+* **controller:**  rollout stuck in `Progressing`. fixes [#3988](https://github.com/argoproj/argo-rollouts/issues/3988) ([#4072](https://github.com/argoproj/argo-rollouts/issues/4072))
+* **dashboard:** Revert react-scripts upgrade due to performance regression. Fixes [#4122](https://github.com/argoproj/argo-rollouts/issues/4122) ([#4166](https://github.com/argoproj/argo-rollouts/issues/4166))
+* **metricprovider:** not require address in kubernetes secret for Datadog. Fixes [#4103](https://github.com/argoproj/argo-rollouts/issues/4103) ([#4145](https://github.com/argoproj/argo-rollouts/issues/4145))
+
+
+<a name="v1.8.0"></a>
+## [v1.8.0](https://github.com/argoproj/argo-rollouts/compare/v1.8.0-rc2...v1.8.0) (2024-12-17)
+
+
+<a name="v1.8.0-rc2"></a>
+## [v1.8.0-rc2](https://github.com/argoproj/argo-rollouts/compare/v1.8.0-rc1...v1.8.0-rc2) (2024-12-17)
+
+### Ci
+
+* add testing for k8s 1.30 and 1.31 ([#3858](https://github.com/argoproj/argo-rollouts/issues/3858))
+
+### Docs
+
+* **analysis:** add docs for consecutiveSuccessLimit ([#3996](https://github.com/argoproj/argo-rollouts/issues/3996))
+
+### Fix
+
+* don't over reconcile on error ([#4005](https://github.com/argoproj/argo-rollouts/issues/4005))
+* remove ReplicaSet write-back ([#4044](https://github.com/argoproj/argo-rollouts/issues/4044))
+* **controller:** Fixed broken pprof links [#4037](https://github.com/argoproj/argo-rollouts/issues/4037) ([#4038](https://github.com/argoproj/argo-rollouts/issues/4038))
+* **experiments:** move recorder event to after experiment reconciliation, fixes [#4021](https://github.com/argoproj/argo-rollouts/issues/4021) ([#4022](https://github.com/argoproj/argo-rollouts/issues/4022))
+
+
+<a name="v1.8.0-rc1"></a>
+## [v1.8.0-rc1](https://github.com/argoproj/argo-rollouts/compare/v1.7.2...v1.8.0-rc1) (2024-12-06)
+
+### Chore
+
+* update the link of DCO in PR template ([#3944](https://github.com/argoproj/argo-rollouts/issues/3944))
+* remove some k8s e2e test versions ([#3495](https://github.com/argoproj/argo-rollouts/issues/3495))
+* upgrade react-scripts ([#3584](https://github.com/argoproj/argo-rollouts/issues/3584))
+* update golangci-lint to v1.61.0 ([#3857](https://github.com/argoproj/argo-rollouts/issues/3857))
+* fix and add more cli usage case ([#3592](https://github.com/argoproj/argo-rollouts/issues/3592))
+* don't fail code-cov on failure ([#3661](https://github.com/argoproj/argo-rollouts/issues/3661))
+* add example for updating all container images in set command ([#3667](https://github.com/argoproj/argo-rollouts/issues/3667))
+* add codecov token ([#3623](https://github.com/argoproj/argo-rollouts/issues/3623))
+* code coverage for e2e ([#3740](https://github.com/argoproj/argo-rollouts/issues/3740))
+* use codecov config and only send merged coverage file ([#3751](https://github.com/argoproj/argo-rollouts/issues/3751))
+* Add Cloudflare to users ([#3768](https://github.com/argoproj/argo-rollouts/issues/3768))
+* capitalize AS in Dockerfile ([#3781](https://github.com/argoproj/argo-rollouts/issues/3781))
+* move ReplicaSet creation and Rollout validation earlier during the reconciliation process. ([#3657](https://github.com/argoproj/argo-rollouts/issues/3657))
+* Add Trustly to USERS.md ([#3837](https://github.com/argoproj/argo-rollouts/issues/3837))
+* add step plugin proposal ([#3480](https://github.com/argoproj/argo-rollouts/issues/3480))
+* **deps:** bump docker/setup-buildx-action from 3.4.0 to 3.5.0 ([#3738](https://github.com/argoproj/argo-rollouts/issues/3738))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.42.2 to 1.42.3 ([#3923](https://github.com/argoproj/argo-rollouts/issues/3923))
+* **deps:** bump github.com/newrelic/newrelic-client-go/v2 from 2.48.2 to 2.50.1 ([#3924](https://github.com/argoproj/argo-rollouts/issues/3924))
+* **deps:** bump softprops/action-gh-release from 2.0.8 to 2.0.9 ([#3928](https://github.com/argoproj/argo-rollouts/issues/3928))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.28.1 ([#3917](https://github.com/argoproj/argo-rollouts/issues/3917))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.6.1 to 1.6.2 ([#3908](https://github.com/argoproj/argo-rollouts/issues/3908))
+* **deps:** bump actions/setup-go from 5.0.2 to 5.1.0 ([#3912](https://github.com/argoproj/argo-rollouts/issues/3912))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.3 ([#3919](https://github.com/argoproj/argo-rollouts/issues/3919))
+* **deps:** bump github.com/newrelic/newrelic-client-go/v2 from 2.50.1 to 2.51.3 ([#3939](https://github.com/argoproj/argo-rollouts/issues/3939))
+* **deps:** bump google.golang.org/grpc from 1.66.2 to 1.67.1 ([#3903](https://github.com/argoproj/argo-rollouts/issues/3903))
+* **deps:** bump docker/setup-buildx-action from 3.6.1 to 3.7.1 ([#3876](https://github.com/argoproj/argo-rollouts/issues/3876))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.40.8 to 1.42.2 ([#3901](https://github.com/argoproj/argo-rollouts/issues/3901))
+* **deps:** bump github.com/aws/smithy-go from 1.21.0 to 1.22.0 ([#3885](https://github.com/argoproj/argo-rollouts/issues/3885))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.31.0 to 1.32.2 ([#3886](https://github.com/argoproj/argo-rollouts/issues/3886))
+* **deps:** bump google.golang.org/protobuf from 1.34.2 to 1.35.1 ([#3887](https://github.com/argoproj/argo-rollouts/issues/3887))
+* **deps:** bump golang.org/x/oauth2 from 0.22.0 to 0.23.0 ([#3841](https://github.com/argoproj/argo-rollouts/issues/3841))
+* **deps:** bump codecov/codecov-action from 4.5.0 to 4.6.0 ([#3865](https://github.com/argoproj/argo-rollouts/issues/3865))
+* **deps:** bump github.com/newrelic/newrelic-client-go/v2 from 2.45.0 to 2.48.2 ([#3874](https://github.com/argoproj/argo-rollouts/issues/3874))
+* **deps:** bump sigstore/cosign-installer from 3.6.0 to 3.7.0 ([#3875](https://github.com/argoproj/argo-rollouts/issues/3875))
+* **deps:** bump docker/build-push-action from 6.8.0 to 6.9.0 ([#3863](https://github.com/argoproj/argo-rollouts/issues/3863))
+* **deps:** bump docker/build-push-action from 6.7.0 to 6.8.0 ([#3860](https://github.com/argoproj/argo-rollouts/issues/3860))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.33 to 1.27.38 ([#3851](https://github.com/argoproj/argo-rollouts/issues/3851))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.40.5 to 1.40.8 ([#3838](https://github.com/argoproj/argo-rollouts/issues/3838))
+* **deps:** bump github.com/newrelic/newrelic-client-go/v2 from 2.43.1 to 2.45.0 ([#3829](https://github.com/argoproj/argo-rollouts/issues/3829))
+* **deps:** bump google.golang.org/grpc from 1.65.0 to 1.66.2 ([#3831](https://github.com/argoproj/argo-rollouts/issues/3831))
+* **deps:** bump softprops/action-gh-release from 2.0.9 to 2.1.0 ([#3938](https://github.com/argoproj/argo-rollouts/issues/3938))
+* **deps:** bump peter-evans/create-pull-request from 6 to 7 ([#3819](https://github.com/argoproj/argo-rollouts/issues/3819))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.33 ([#3822](https://github.com/argoproj/argo-rollouts/issues/3822))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.30 to 1.27.31 ([#3807](https://github.com/argoproj/argo-rollouts/issues/3807))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.40.3 to 1.40.5 ([#3808](https://github.com/argoproj/argo-rollouts/issues/3808))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.27 to 1.27.30 ([#3804](https://github.com/argoproj/argo-rollouts/issues/3804))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.42.3 to 1.42.4 ([#3935](https://github.com/argoproj/argo-rollouts/issues/3935))
+* **deps:** bump github.com/newrelic/newrelic-client-go/v2 from 2.41.2 to 2.43.1 ([#3793](https://github.com/argoproj/argo-rollouts/issues/3793))
+* **deps:** bump github.com/aws/smithy-go from 1.20.3 to 1.20.4 ([#3794](https://github.com/argoproj/argo-rollouts/issues/3794))
+* **deps:** bump docker/build-push-action from 6.6.1 to 6.7.0 ([#3791](https://github.com/argoproj/argo-rollouts/issues/3791))
+* **deps:** bump github.com/influxdata/influxdb-client-go/v2 from 2.13.0 to 2.14.0 ([#3786](https://github.com/argoproj/argo-rollouts/issues/3786))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.32.3 to 1.32.4 ([#3934](https://github.com/argoproj/argo-rollouts/issues/3934))
+* **deps:** bump docker/build-push-action from 6.5.0 to 6.6.1 ([#3776](https://github.com/argoproj/argo-rollouts/issues/3776))
+* **deps:** bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ([#3777](https://github.com/argoproj/argo-rollouts/issues/3777))
+* **deps:** bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 ([#3766](https://github.com/argoproj/argo-rollouts/issues/3766))
+* **deps:** bump docker/build-push-action from 6.9.0 to 6.10.0 ([#3963](https://github.com/argoproj/argo-rollouts/issues/3963))
+* **deps:** bump docker/setup-buildx-action from 3.5.0 to 3.6.1 ([#3755](https://github.com/argoproj/argo-rollouts/issues/3755))
+* **deps:** bump google.golang.org/protobuf from 1.35.1 to 1.35.2 ([#3950](https://github.com/argoproj/argo-rollouts/issues/3950))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.26 to 1.27.27 ([#3732](https://github.com/argoproj/argo-rollouts/issues/3732))
+* **deps:** bump softprops/action-gh-release from 2.0.6 to 2.0.8 ([#3733](https://github.com/argoproj/argo-rollouts/issues/3733))
+* **deps:** bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 ([#3949](https://github.com/argoproj/argo-rollouts/issues/3949))
+* **deps:** bump docker/setup-qemu-action from 3.1.0 to 3.2.0 ([#3736](https://github.com/argoproj/argo-rollouts/issues/3736))
+* **deps:** bump docker/build-push-action from 6.4.0 to 6.5.0 ([#3737](https://github.com/argoproj/argo-rollouts/issues/3737))
+* **deps:** bump codecov/codecov-action from 4.6.0 to 5.0.7 ([#3961](https://github.com/argoproj/argo-rollouts/issues/3961))
+* **deps:** bump docker/login-action from 3.2.0 to 3.3.0 ([#3739](https://github.com/argoproj/argo-rollouts/issues/3739))
+* **deps:** bump docker/build-push-action from 6.3.0 to 6.4.0 ([#3723](https://github.com/argoproj/argo-rollouts/issues/3723))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.24 to 1.27.26 ([#3717](https://github.com/argoproj/argo-rollouts/issues/3717))
+* **deps:** bump actions/setup-go from 5.0.1 to 5.0.2 ([#3716](https://github.com/argoproj/argo-rollouts/issues/3716))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.40.1 to 1.40.3 ([#3719](https://github.com/argoproj/argo-rollouts/issues/3719))
+* **deps:** bump docker/setup-qemu-action from 3.0.0 to 3.1.0 ([#3696](https://github.com/argoproj/argo-rollouts/issues/3696))
+* **deps:** bump docker/build-push-action from 6.2.0 to 6.3.0 ([#3697](https://github.com/argoproj/argo-rollouts/issues/3697))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.23 to 1.27.24 ([#3698](https://github.com/argoproj/argo-rollouts/issues/3698))
+* **deps:** bump docker/setup-buildx-action from 3.3.0 to 3.4.0 ([#3705](https://github.com/argoproj/argo-rollouts/issues/3705))
+* **deps:** bump google.golang.org/grpc from 1.64.0 to 1.65.0 ([#3694](https://github.com/argoproj/argo-rollouts/issues/3694))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.22 to 1.27.23 ([#3695](https://github.com/argoproj/argo-rollouts/issues/3695))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.28.1 to 1.28.6 ([#3981](https://github.com/argoproj/argo-rollouts/issues/3981))
+* **deps:** bump github.com/aws/smithy-go from 1.20.2 to 1.20.3 ([#3685](https://github.com/argoproj/argo-rollouts/issues/3685))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.38.7 to 1.40.1 ([#3687](https://github.com/argoproj/argo-rollouts/issues/3687))
+* **deps:** bump softprops/action-gh-release from 2.0.5 to 2.0.6 ([#3656](https://github.com/argoproj/argo-rollouts/issues/3656))
+* **deps:** bump docker/build-push-action from 6.1.0 to 6.2.0 ([#3676](https://github.com/argoproj/argo-rollouts/issues/3676))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.19 to 1.27.22 ([#3680](https://github.com/argoproj/argo-rollouts/issues/3680))
+* **deps:** bump docker/build-push-action from 6.0.2 to 6.1.0 ([#3662](https://github.com/argoproj/argo-rollouts/issues/3662))
+* **deps:** bump docker/build-push-action from 6.0.0 to 6.0.2 ([#3659](https://github.com/argoproj/argo-rollouts/issues/3659))
+* **deps:** bump google.golang.org/grpc from 1.67.1 to 1.68.1 ([#3979](https://github.com/argoproj/argo-rollouts/issues/3979))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.18 to 1.27.19 ([#3646](https://github.com/argoproj/argo-rollouts/issues/3646))
+* **deps:** bump docker/build-push-action from 5.4.0 to 6.0.0 ([#3644](https://github.com/argoproj/argo-rollouts/issues/3644))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.38.6 to 1.38.7 ([#3647](https://github.com/argoproj/argo-rollouts/issues/3647))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.42.4 to 1.43.3 ([#3980](https://github.com/argoproj/argo-rollouts/issues/3980))
+* **deps:** bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ([#3640](https://github.com/argoproj/argo-rollouts/issues/3640))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.38.0 to 1.38.6 ([#3619](https://github.com/argoproj/argo-rollouts/issues/3619))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.18 ([#3625](https://github.com/argoproj/argo-rollouts/issues/3625))
+* **deps:** bump google.golang.org/protobuf from 1.34.1 to 1.34.2 ([#3633](https://github.com/argoproj/argo-rollouts/issues/3633))
+* **deps:** bump codecov/codecov-action from 4.4.1 to 4.5.0 ([#3634](https://github.com/argoproj/argo-rollouts/issues/3634))
+* **deps:** bump docker/build-push-action from 5.3.0 to 5.4.0 ([#3624](https://github.com/argoproj/argo-rollouts/issues/3624))
+* **deps:** bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 ([#3631](https://github.com/argoproj/argo-rollouts/issues/3631))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.31.1 to 1.31.3 ([#3620](https://github.com/argoproj/argo-rollouts/issues/3620))
+* **deps:** bump actions/setup-go from 5.0.0 to 5.0.1 ([#3552](https://github.com/argoproj/argo-rollouts/issues/3552))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2 ([#3621](https://github.com/argoproj/argo-rollouts/issues/3621))
+* **deps:** bump docker/login-action from 3.1.0 to 3.2.0 ([#3604](https://github.com/argoproj/argo-rollouts/issues/3604))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.6.0 to 1.6.1 ([#3606](https://github.com/argoproj/argo-rollouts/issues/3606))
+* **deps:** bump google.golang.org/grpc from 1.63.2 to 1.64.0 ([#3607](https://github.com/argoproj/argo-rollouts/issues/3607))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.30.5 to 1.31.1 ([#3608](https://github.com/argoproj/argo-rollouts/issues/3608))
+* **deps:** bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 ([#3554](https://github.com/argoproj/argo-rollouts/issues/3554))
+* **deps:** bump golangci/golangci-lint-action from 5 to 6 ([#3556](https://github.com/argoproj/argo-rollouts/issues/3556))
+* **deps:** bump google.golang.org/protobuf from 1.34.0 to 1.34.1 ([#3557](https://github.com/argoproj/argo-rollouts/issues/3557))
+* **deps:** bump softprops/action-gh-release from 2.0.4 to 2.0.5 ([#3561](https://github.com/argoproj/argo-rollouts/issues/3561))
+* **deps:** bump codecov/codecov-action from 4.3.1 to 4.4.1 ([#3588](https://github.com/argoproj/argo-rollouts/issues/3588))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.11 to 1.27.16 ([#3597](https://github.com/argoproj/argo-rollouts/issues/3597))
+* **deps:** update golang to 1.23 ([#3987](https://github.com/argoproj/argo-rollouts/issues/3987))
+* **deps:** bump google.golang.org/protobuf from 1.33.0 to 1.34.0 ([#3548](https://github.com/argoproj/argo-rollouts/issues/3548))
+* **deps:** bump codecov/codecov-action from 4.3.0 to 4.3.1 ([#3550](https://github.com/argoproj/argo-rollouts/issues/3550))
+* **deps:** bump codecov/codecov-action from 5.0.7 to 5.1.1 ([#3986](https://github.com/argoproj/argo-rollouts/issues/3986))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.37.0 to 1.38.0 ([#3525](https://github.com/argoproj/argo-rollouts/issues/3525))
+* **deps:** bump golangci/golangci-lint-action from 4 to 5 ([#3540](https://github.com/argoproj/argo-rollouts/issues/3540))
+* **deps:** bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ([#3522](https://github.com/argoproj/argo-rollouts/issues/3522))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 ([#3537](https://github.com/argoproj/argo-rollouts/issues/3537))
+* **deps:** bump codecov/codecov-action from 4.2.0 to 4.3.0 ([#3517](https://github.com/argoproj/argo-rollouts/issues/3517))
+* **deps:** bump go version to 1.22 ([#3516](https://github.com/argoproj/argo-rollouts/issues/3516))
+* **deps:** bump google.golang.org/grpc from 1.63.0 to 1.63.2 ([#3512](https://github.com/argoproj/argo-rollouts/issues/3512))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.10 to 1.27.11 ([#3510](https://github.com/argoproj/argo-rollouts/issues/3510))
+* **deps:** bump peaceiris/actions-gh-pages from 3 to 4 ([#3513](https://github.com/argoproj/argo-rollouts/issues/3513))
+* **deps:** bump docker/setup-buildx-action from 3.2.0 to 3.3.0 ([#3514](https://github.com/argoproj/argo-rollouts/issues/3514))
+* **deps:** bump google.golang.org/grpc from 1.62.1 to 1.63.0 ([#3497](https://github.com/argoproj/argo-rollouts/issues/3497))
+* **deps:** bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 ([#3499](https://github.com/argoproj/argo-rollouts/issues/3499))
+* **deps:** bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 ([#3506](https://github.com/argoproj/argo-rollouts/issues/3506))
+* **deps:** bump codecov/codecov-action from 4.1.1 to 4.2.0 ([#3500](https://github.com/argoproj/argo-rollouts/issues/3500))
+* **deps:** bump github.com/stretchr/testify from 1.9.0 to 1.10.0 ([#3985](https://github.com/argoproj/argo-rollouts/issues/3985))
+
+### Docs
+
+* fix broken links ([#3962](https://github.com/argoproj/argo-rollouts/issues/3962))
+* add descriptions for additional default trigger templates ([#3960](https://github.com/argoproj/argo-rollouts/issues/3960))
+* document dynamicStableScale ([#3978](https://github.com/argoproj/argo-rollouts/issues/3978))
+* add 7shifts to users.md ([#3965](https://github.com/argoproj/argo-rollouts/issues/3965))
+* add CarGurus to users.md ([#3940](https://github.com/argoproj/argo-rollouts/issues/3940))
+* Add technique for ConfigMap change detection in Rollout ([#3515](https://github.com/argoproj/argo-rollouts/issues/3515))
+* document canary step plugin (alpha) ([#3906](https://github.com/argoproj/argo-rollouts/issues/3906))
+* GTW API support changed to Gloo Gateway instead of GloodMesh ([#3914](https://github.com/argoproj/argo-rollouts/issues/3914))
+* Add Amadeus to Users.md ([#3527](https://github.com/argoproj/argo-rollouts/issues/3527))
+* add TBC Bank to USERS.md ([#3871](https://github.com/argoproj/argo-rollouts/issues/3871))
+* Update specification document ([#3877](https://github.com/argoproj/argo-rollouts/issues/3877))
+* clarify supported deployment strategies ([#3823](https://github.com/argoproj/argo-rollouts/issues/3823))
+* Update metric job docs with some of the available config options ([#3839](https://github.com/argoproj/argo-rollouts/issues/3839))
+* Clarify analysis count with value 0 ([#3847](https://github.com/argoproj/argo-rollouts/issues/3847))
+* fix a link to e2e.yaml ([#3834](https://github.com/argoproj/argo-rollouts/issues/3834))
+* Update Changelog ([#3788](https://github.com/argoproj/argo-rollouts/issues/3788))
+* remove obsolete roadmap page ([#3783](https://github.com/argoproj/argo-rollouts/issues/3783))
+* Update ephemeral-metadata.md with a small fix ([#3782](https://github.com/argoproj/argo-rollouts/issues/3782))
+* add Priceline to USERS.md ([#3764](https://github.com/argoproj/argo-rollouts/issues/3764))
+* added clarifications for short releases ([#3753](https://github.com/argoproj/argo-rollouts/issues/3753))
+* correct the case that autoPromotionSeconds feature is ignored ([#2388](https://github.com/argoproj/argo-rollouts/issues/2388))
+* copy omission in rollout docs ([#3690](https://github.com/argoproj/argo-rollouts/issues/3690))
+* Update Changelog ([#3666](https://github.com/argoproj/argo-rollouts/issues/3666))
+* Update Changelog ([#3632](https://github.com/argoproj/argo-rollouts/issues/3632))
+* provide recommendation for strategies ([#3531](https://github.com/argoproj/argo-rollouts/issues/3531))
+* Update Changelog ([#3507](https://github.com/argoproj/argo-rollouts/issues/3507))
+* **analysis:** new plugin is added to the documentation ([#3915](https://github.com/argoproj/argo-rollouts/issues/3915))
+* **analysis:** plugin url is changed and redirected to argoproj-labs project ([#3922](https://github.com/argoproj/argo-rollouts/issues/3922))
+
+### Feat
+
+* New Prometheus metric: build_info ([#3591](https://github.com/argoproj/argo-rollouts/issues/3591))
+* support multi account Datadog metrics provider ([#3787](https://github.com/argoproj/argo-rollouts/issues/3787))
+* **analysis:** Add ConsecutiveSuccessLimit feature to Analysis ([#3970](https://github.com/argoproj/argo-rollouts/issues/3970))
+* **analysis:** Returns the resolved query as metadata in the New Relic provider ([#3715](https://github.com/argoproj/argo-rollouts/issues/3715))
+* **analysis:** Adds timeout property to NewRelic metrics provider. Resolves: [#3741](https://github.com/argoproj/argo-rollouts/issues/3741) ([#3742](https://github.com/argoproj/argo-rollouts/issues/3742))
+* **controller:** enable pprof profiling support ([#3769](https://github.com/argoproj/argo-rollouts/issues/3769))
+* **controller:** add canary steps plugin ([#3521](https://github.com/argoproj/argo-rollouts/issues/3521))
+* **controller:** Allow specifying full annotations for nginx canary ingresses. ([#3671](https://github.com/argoproj/argo-rollouts/issues/3671))
+* **dashboard:** change the color of the current rollout step ([#3526](https://github.com/argoproj/argo-rollouts/issues/3526))
+* **metricprovider:** credentials to download plugin ([#3905](https://github.com/argoproj/argo-rollouts/issues/3905))
+* **metricprovider:** add prometheus range query support ([#3704](https://github.com/argoproj/argo-rollouts/issues/3704))
+
+### Fix
+
+* add update verb to ClusterRole permissions for scaleDown feature. Fixes [#3672](https://github.com/argoproj/argo-rollouts/issues/3672) ([#3675](https://github.com/argoproj/argo-rollouts/issues/3675))
+* e2e test results processing change key name to run-id ([#3744](https://github.com/argoproj/argo-rollouts/issues/3744))
+* Update loader-utils to 2.0.4 ([#3601](https://github.com/argoproj/argo-rollouts/issues/3601))
+* remove condition where header routes can stay directed at empty service in preemption ([#3898](https://github.com/argoproj/argo-rollouts/issues/3898))
+* add secrets so we can download across workflows ([#3746](https://github.com/argoproj/argo-rollouts/issues/3746))
+* rollout should skip timeout when paused ([#3711](https://github.com/argoproj/argo-rollouts/issues/3711))
+* check isScalingEvent only on stable and newRS ([#3883](https://github.com/argoproj/argo-rollouts/issues/3883))
+* rs conflict with fallback to patch ([#3559](https://github.com/argoproj/argo-rollouts/issues/3559))
+* verify the weight of the alb at the end of the rollout ([#3627](https://github.com/argoproj/argo-rollouts/issues/3627))
+* stop rollout from entering degraded state during blueGreen pause. Fixes [#3843](https://github.com/argoproj/argo-rollouts/issues/3843) ([#3845](https://github.com/argoproj/argo-rollouts/issues/3845))
+* when Rollout has pingpong and stable/canary service defined, only alb traffic management uses pingpong. ([#3628](https://github.com/argoproj/argo-rollouts/issues/3628))
+* protocol missing in ambassador canary mapping creation. Fixes  [#3593](https://github.com/argoproj/argo-rollouts/issues/3593) ([#3603](https://github.com/argoproj/argo-rollouts/issues/3603))
+* Change indentation to properly render Markdown - fixes [#3509](https://github.com/argoproj/argo-rollouts/issues/3509) ([#3511](https://github.com/argoproj/argo-rollouts/issues/3511))
+* Add volume for plugin and tmp folder ([#3546](https://github.com/argoproj/argo-rollouts/issues/3546))
+* replicaSet not scaled down due to incorrect annotations ([#3762](https://github.com/argoproj/argo-rollouts/issues/3762)) ([#3784](https://github.com/argoproj/argo-rollouts/issues/3784))
+* don't default datadog aggregator ([#3643](https://github.com/argoproj/argo-rollouts/issues/3643))
+* Support kustomize v5 labels transformer. Fixes [#3105](https://github.com/argoproj/argo-rollouts/issues/3105) ([#3775](https://github.com/argoproj/argo-rollouts/issues/3775))
+* separate  e2e and unit test reporting uploads ([#3747](https://github.com/argoproj/argo-rollouts/issues/3747))
+* retain non-nginx canary annotations. Fixes: [#1070](https://github.com/argoproj/argo-rollouts/issues/1070) ([#3806](https://github.com/argoproj/argo-rollouts/issues/3806))
+* docs site version selector broken ([#3590](https://github.com/argoproj/argo-rollouts/issues/3590))
+* **analysis:** explicitly set datadog aggregator to last only on v2 ([#3730](https://github.com/argoproj/argo-rollouts/issues/3730))
+* **analysis:** Take RollbackWindow into account when Reconciling Analysis Runs. Fixes [#3669](https://github.com/argoproj/argo-rollouts/issues/3669) ([#3670](https://github.com/argoproj/argo-rollouts/issues/3670))
+* **controller:** use the stableRS from the rollout context rather tha… ([#3664](https://github.com/argoproj/argo-rollouts/issues/3664))
+* **controller:** weighted experiment validation should allow delegating to trafficRouter plugins ([#3909](https://github.com/argoproj/argo-rollouts/issues/3909))
+* **controller:** Corrects the logic of comparing sha256 has. Fixes [#3519](https://github.com/argoproj/argo-rollouts/issues/3519) ([#3520](https://github.com/argoproj/argo-rollouts/issues/3520))
+* **controller:** Get the right resourceName for traefik.io.Fixes [#3615](https://github.com/argoproj/argo-rollouts/issues/3615) ([#3759](https://github.com/argoproj/argo-rollouts/issues/3759))
+* **controller:** fix race condition in updating ephemeral metadata ([#3975](https://github.com/argoproj/argo-rollouts/issues/3975))
+* **dashboard:** Update pod status logic to support native sidecars. Fixes [#3366](https://github.com/argoproj/argo-rollouts/issues/3366) ([#3639](https://github.com/argoproj/argo-rollouts/issues/3639))
+* **dashboard:** No redirect loop when running on root. Fixes [#3967](https://github.com/argoproj/argo-rollouts/issues/3967) ([#3968](https://github.com/argoproj/argo-rollouts/issues/3968))
+* **dashboard:** parse analysis values with JSON5 to handle NaN. Fixes [#2758](https://github.com/argoproj/argo-rollouts/issues/2758) ([#3801](https://github.com/argoproj/argo-rollouts/issues/3801))
+* **dashboard:** analysis modal crashed when value not valid ([#3881](https://github.com/argoproj/argo-rollouts/issues/3881))
+* **dashboard:** Cleanup viewcontroller after each request. Fixes [#2095](https://github.com/argoproj/argo-rollouts/issues/2095) ([#3966](https://github.com/argoproj/argo-rollouts/issues/3966))
+* **metricprovider:** fix handling null values in datadog ([#3893](https://github.com/argoproj/argo-rollouts/issues/3893))
+* **metricprovider:** reuse http.Transport for http.Client ([#3780](https://github.com/argoproj/argo-rollouts/issues/3780))
+* **trafficrouting:** add nil check for desired annotations map in ALB… ([#3853](https://github.com/argoproj/argo-rollouts/issues/3853))
+* **trafficrouting:** Fix downtime on initial deployment using Istio DestinationRule Subsets. Fixes [#2507](https://github.com/argoproj/argo-rollouts/issues/2507) ([#3602](https://github.com/argoproj/argo-rollouts/issues/3602))
+
+
+<a name="v1.7.2"></a>
+## [v1.7.2](https://github.com/argoproj/argo-rollouts/compare/v1.7.1...v1.7.2) (2024-08-12)
+
+### Fix
+
+* replicaSet not scaled down due to incorrect annotations ([#3762](https://github.com/argoproj/argo-rollouts/issues/3762)) ([#3784](https://github.com/argoproj/argo-rollouts/issues/3784))
+* add update verb to ClusterRole permissions for scaleDown feature. Fixes [#3672](https://github.com/argoproj/argo-rollouts/issues/3672) ([#3675](https://github.com/argoproj/argo-rollouts/issues/3675))
+* **analysis:** explicitly set datadog aggregator to last only on v2 ([#3730](https://github.com/argoproj/argo-rollouts/issues/3730))
+* **analysis:** Take RollbackWindow into account when Reconciling Analysis Runs. Fixes [#3669](https://github.com/argoproj/argo-rollouts/issues/3669) ([#3670](https://github.com/argoproj/argo-rollouts/issues/3670))
+* **controller:** Get the right resourceName for traefik.io.Fixes [#3615](https://github.com/argoproj/argo-rollouts/issues/3615) ([#3759](https://github.com/argoproj/argo-rollouts/issues/3759))
+* **controller:** use the stableRS from the rollout context rather tha… ([#3664](https://github.com/argoproj/argo-rollouts/issues/3664))
+* **dashboard:** Update pod status logic to support native sidecars. Fixes [#3366](https://github.com/argoproj/argo-rollouts/issues/3366) ([#3639](https://github.com/argoproj/argo-rollouts/issues/3639))
+* **metricprovider:** reuse http.Transport for http.Client ([#3780](https://github.com/argoproj/argo-rollouts/issues/3780))
+
+
+<a name="v1.7.1"></a>
+## [v1.7.1](https://github.com/argoproj/argo-rollouts/compare/v1.7.0...v1.7.1) (2024-06-22)
+
+### Fix
+
+* docs site version selector broken ([#3590](https://github.com/argoproj/argo-rollouts/issues/3590))
+* don't default datadog aggregator ([#3643](https://github.com/argoproj/argo-rollouts/issues/3643))
+* Add volume for plugin and tmp folder ([#3546](https://github.com/argoproj/argo-rollouts/issues/3546))
+
+
+<a name="v1.7.0"></a>
+## [v1.7.0](https://github.com/argoproj/argo-rollouts/compare/v1.7.0-rc1...v1.7.0) (2024-06-12)
+
+### Fix
+
+* verify the weight of the alb at the end of the rollout ([#3627](https://github.com/argoproj/argo-rollouts/issues/3627))
+* when Rollout has pingpong and stable/canary service defined, only alb traffic management uses pingpong. ([#3628](https://github.com/argoproj/argo-rollouts/issues/3628))
+* protocol missing in ambassador canary mapping creation. Fixes  [#3593](https://github.com/argoproj/argo-rollouts/issues/3593) ([#3603](https://github.com/argoproj/argo-rollouts/issues/3603))
+* rs conflict with fallback to patch ([#3559](https://github.com/argoproj/argo-rollouts/issues/3559))
+* **controller:** Corrects the logic of comparing sha256 has. Fixes [#3519](https://github.com/argoproj/argo-rollouts/issues/3519) ([#3520](https://github.com/argoproj/argo-rollouts/issues/3520))
+
+
+<a name="v1.7.0-rc1"></a>
+## [v1.7.0-rc1](https://github.com/argoproj/argo-rollouts/compare/v1.6.6...v1.7.0-rc1) (2024-04-03)
+
+### Build
+
+* **deps:** always resolve momentjs version 2.29.4 ([#3182](https://github.com/argoproj/argo-rollouts/issues/3182))
+
+### Chore
+
+* fix PodSecurity warning ([#3424](https://github.com/argoproj/argo-rollouts/issues/3424))
+* add WeLab Bank to users.md ([#2996](https://github.com/argoproj/argo-rollouts/issues/2996))
+* change file name for readthedocs compatibility ([#2999](https://github.com/argoproj/argo-rollouts/issues/2999))
+* Update users doc with CircleCI ([#3028](https://github.com/argoproj/argo-rollouts/issues/3028))
+* bump k8s versions to 1.29 ([#3494](https://github.com/argoproj/argo-rollouts/issues/3494))
+* updating getCanaryConfigId to be more efficient with better error handling ([#3070](https://github.com/argoproj/argo-rollouts/issues/3070))
+* add missing rollout fields ([#3062](https://github.com/argoproj/argo-rollouts/issues/3062))
+* upgrade cosign ([#3139](https://github.com/argoproj/argo-rollouts/issues/3139))
+* add OpenSSF Scorecard badge ([#3154](https://github.com/argoproj/argo-rollouts/issues/3154))
+* add test for reconcileEphemeralMetadata() ([#3163](https://github.com/argoproj/argo-rollouts/issues/3163))
+* leave the validation of setHeaderRoute to the plugin when plugins is not empty. ([#2898](https://github.com/argoproj/argo-rollouts/issues/2898))
+* fix lint errors reported by golangci-lint ([#3458](https://github.com/argoproj/argo-rollouts/issues/3458))
+* fix unit test data races ([#3478](https://github.com/argoproj/argo-rollouts/issues/3478)) ([#3479](https://github.com/argoproj/argo-rollouts/issues/3479))
+* added organization to users.md ([#3481](https://github.com/argoproj/argo-rollouts/issues/3481))
+* set webpack hashFunction to modern sha256, remove legacy-provider. Fixes [#2609](https://github.com/argoproj/argo-rollouts/issues/2609) ([#3475](https://github.com/argoproj/argo-rollouts/issues/3475))
+* remove year from codegen license  ([#3282](https://github.com/argoproj/argo-rollouts/issues/3282))
+* update follow-redirects to 1.15.5 ([#3314](https://github.com/argoproj/argo-rollouts/issues/3314))
+* add logging context around replicaset updates ([#3326](https://github.com/argoproj/argo-rollouts/issues/3326))
+* bump notification engine lib ([#3327](https://github.com/argoproj/argo-rollouts/issues/3327))
+* change controller's deploy strategy to RollingUpdate due to leader election ([#3334](https://github.com/argoproj/argo-rollouts/issues/3334))
+* Add exception to `requireCanaryStableServices` to disable validation when using the `hashicorp/consul` plugin ([#3339](https://github.com/argoproj/argo-rollouts/issues/3339))
+* Update notifications engine to 7a06976 ([#3384](https://github.com/argoproj/argo-rollouts/issues/3384))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.30.4 to 1.30.5 ([#3491](https://github.com/argoproj/argo-rollouts/issues/3491))
+* **deps:** bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 ([#3422](https://github.com/argoproj/argo-rollouts/issues/3422))
+* **deps:** bump softprops/action-gh-release from 2.0.3 to 2.0.4 ([#3442](https://github.com/argoproj/argo-rollouts/issues/3442))
+* **deps:** bump softprops/action-gh-release from 2.0.2 to 2.0.3 ([#3440](https://github.com/argoproj/argo-rollouts/issues/3440))
+* **deps:** bump softprops/action-gh-release from 1 to 2 ([#3438](https://github.com/argoproj/argo-rollouts/issues/3438))
+* **deps:** bump docker/build-push-action from 5.1.0 to 5.2.0 ([#3439](https://github.com/argoproj/argo-rollouts/issues/3439))
+* **deps:** bump docker/setup-buildx-action from 3.1.0 to 3.2.0 ([#3449](https://github.com/argoproj/argo-rollouts/issues/3449))
+* **deps:** bump google.golang.org/grpc from 1.62.0 to 1.62.1 ([#3426](https://github.com/argoproj/argo-rollouts/issues/3426))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.5 ([#3421](https://github.com/argoproj/argo-rollouts/issues/3421))
+* **deps:** bump github.com/stretchr/testify from 1.8.4 to 1.9.0 ([#3419](https://github.com/argoproj/argo-rollouts/issues/3419))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.0 to 1.27.4 ([#3410](https://github.com/argoproj/argo-rollouts/issues/3410))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.27.0 to 1.30.1 ([#3399](https://github.com/argoproj/argo-rollouts/issues/3399))
+* **deps:** bump google.golang.org/grpc from 1.61.0 to 1.62.0 ([#3404](https://github.com/argoproj/argo-rollouts/issues/3404))
+* **deps:** bump docker/setup-buildx-action from 3.0.0 to 3.1.0 ([#3406](https://github.com/argoproj/argo-rollouts/issues/3406))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.33.0 to 1.36.1 ([#3400](https://github.com/argoproj/argo-rollouts/issues/3400))
+* **deps:** bump codecov/codecov-action from 4.0.1 to 4.1.0 ([#3403](https://github.com/argoproj/argo-rollouts/issues/3403))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.30.1 to 1.30.3 ([#3447](https://github.com/argoproj/argo-rollouts/issues/3447))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.0 ([#3368](https://github.com/argoproj/argo-rollouts/issues/3368))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.32.2 to 1.33.0 ([#3363](https://github.com/argoproj/argo-rollouts/issues/3363))
+* **deps:** bump docker/login-action from 3.0.0 to 3.1.0 ([#3443](https://github.com/argoproj/argo-rollouts/issues/3443))
+* **deps:** bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 ([#3357](https://github.com/argoproj/argo-rollouts/issues/3357))
+* **deps:** bump golangci/golangci-lint-action from 3 to 4 ([#3359](https://github.com/argoproj/argo-rollouts/issues/3359))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.7 to 1.27.0 ([#3341](https://github.com/argoproj/argo-rollouts/issues/3341))
+* **deps:** bump peter-evans/create-pull-request from 5 to 6 ([#3342](https://github.com/argoproj/argo-rollouts/issues/3342))
+* **deps:** bump sigstore/cosign-installer from 3.3.0 to 3.4.0 ([#3343](https://github.com/argoproj/argo-rollouts/issues/3343))
+* **deps:** bump codecov/codecov-action from 3.1.5 to 4.0.1 ([#3347](https://github.com/argoproj/argo-rollouts/issues/3347))
+* **deps:** bump github.com/evanphx/json-patch/v5 from 5.8.1 to 5.9.0 ([#3335](https://github.com/argoproj/argo-rollouts/issues/3335))
+* **deps:** bump docker/build-push-action from 5.2.0 to 5.3.0 ([#3448](https://github.com/argoproj/argo-rollouts/issues/3448))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.5 to 1.26.6 ([#3322](https://github.com/argoproj/argo-rollouts/issues/3322))
+* **deps:** bump github.com/evanphx/json-patch/v5 from 5.8.0 to 5.8.1 ([#3312](https://github.com/argoproj/argo-rollouts/issues/3312))
+* **deps:** bump codecov/codecov-action from 3.1.4 to 3.1.5 ([#3330](https://github.com/argoproj/argo-rollouts/issues/3330))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.9.0 to 1.9.1 ([#3456](https://github.com/argoproj/argo-rollouts/issues/3456))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.36.1 to 1.36.3 ([#3452](https://github.com/argoproj/argo-rollouts/issues/3452))
+* **deps:** bump google.golang.org/grpc from 1.60.1 to 1.61.0 ([#3325](https://github.com/argoproj/argo-rollouts/issues/3325))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.4 to 1.26.5 ([#3319](https://github.com/argoproj/argo-rollouts/issues/3319))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.3 to 1.26.4 ([#3313](https://github.com/argoproj/argo-rollouts/issues/3313))
+* **deps:** bump actions/cache from 3 to 4 ([#3315](https://github.com/argoproj/argo-rollouts/issues/3315))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.9.1 to 1.10.0 ([#3462](https://github.com/argoproj/argo-rollouts/issues/3462))
+* **deps:** bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.8.0 ([#3309](https://github.com/argoproj/argo-rollouts/issues/3309))
+* **deps:** bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 ([#3294](https://github.com/argoproj/argo-rollouts/issues/3294))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.32.1 to 1.32.2 ([#3288](https://github.com/argoproj/argo-rollouts/issues/3288))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.2 to 1.26.3 ([#3289](https://github.com/argoproj/argo-rollouts/issues/3289))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.6 to 1.26.7 ([#3290](https://github.com/argoproj/argo-rollouts/issues/3290))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 ([#3291](https://github.com/argoproj/argo-rollouts/issues/3291))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.30.3 to 1.30.4 ([#3461](https://github.com/argoproj/argo-rollouts/issues/3461))
+* **deps:** bump google.golang.org/protobuf from 1.31.0 to 1.32.0 ([#3273](https://github.com/argoproj/argo-rollouts/issues/3273))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 ([#3268](https://github.com/argoproj/argo-rollouts/issues/3268))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.5 to 1.26.6 ([#3269](https://github.com/argoproj/argo-rollouts/issues/3269))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.32.0 to 1.32.1 ([#3270](https://github.com/argoproj/argo-rollouts/issues/3270))
+* **deps:** bump google.golang.org/grpc from 1.60.0 to 1.60.1 ([#3260](https://github.com/argoproj/argo-rollouts/issues/3260))
+* **deps:** bump github/codeql-action from 2 to 3 ([#3252](https://github.com/argoproj/argo-rollouts/issues/3252))
+* **deps:** bump actions/upload-artifact from 3 to 4 ([#3255](https://github.com/argoproj/argo-rollouts/issues/3255))
+* **deps:** bump sigstore/cosign-installer from 3.2.0 to 3.3.0 ([#3245](https://github.com/argoproj/argo-rollouts/issues/3245))
+* **deps:** bump google.golang.org/grpc from 1.59.0 to 1.60.0 ([#3246](https://github.com/argoproj/argo-rollouts/issues/3246))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.26.0 to 1.26.1 ([#3241](https://github.com/argoproj/argo-rollouts/issues/3241))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.4 to 1.26.5 ([#3240](https://github.com/argoproj/argo-rollouts/issues/3240))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.31.4 to 1.32.0 ([#3239](https://github.com/argoproj/argo-rollouts/issues/3239))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.25.12 to 1.26.0 ([#3236](https://github.com/argoproj/argo-rollouts/issues/3236))
+* **deps:** bump codecov/codecov-action from 4.1.0 to 4.1.1 ([#3476](https://github.com/argoproj/argo-rollouts/issues/3476))
+* **deps:** bump github.com/influxdata/influxdb-client-go/v2 from 2.12.4 to 2.13.0 ([#3217](https://github.com/argoproj/argo-rollouts/issues/3217))
+* **deps:** bump actions/stale from 8 to 9 ([#3232](https://github.com/argoproj/argo-rollouts/issues/3232))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.31.3 to 1.31.4 ([#3235](https://github.com/argoproj/argo-rollouts/issues/3235))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.3 to 1.26.4 ([#3234](https://github.com/argoproj/argo-rollouts/issues/3234))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.25.11 to 1.25.12 ([#3230](https://github.com/argoproj/argo-rollouts/issues/3230))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.31.2 to 1.31.3 ([#3226](https://github.com/argoproj/argo-rollouts/issues/3226))
+* **deps:** bump actions/setup-python from 4 to 5 ([#3227](https://github.com/argoproj/argo-rollouts/issues/3227))
+* **deps:** bump actions/setup-go from 4.1.0 to 5.0.0 ([#3228](https://github.com/argoproj/argo-rollouts/issues/3228))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.2 to 1.26.3 ([#3229](https://github.com/argoproj/argo-rollouts/issues/3229))
+* **deps:** Bump k8s dependencies to v1.26.11 ([#3211](https://github.com/argoproj/argo-rollouts/issues/3211))
+* **deps:** bump argo-ui and fix browser console errors ([#3212](https://github.com/argoproj/argo-rollouts/issues/3212))
+* **deps:** bump docker/build-push-action from 5.0.0 to 5.1.0 ([#3178](https://github.com/argoproj/argo-rollouts/issues/3178))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.25.10 to 1.25.11 ([#3206](https://github.com/argoproj/argo-rollouts/issues/3206))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.26.1 to 1.26.2 ([#3207](https://github.com/argoproj/argo-rollouts/issues/3207))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.31.1 to 1.31.2 ([#3208](https://github.com/argoproj/argo-rollouts/issues/3208))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.30.5 to 1.31.1 ([#3201](https://github.com/argoproj/argo-rollouts/issues/3201))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.25.2 to 1.26.1 ([#3203](https://github.com/argoproj/argo-rollouts/issues/3203))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.25.8 to 1.25.10 ([#3204](https://github.com/argoproj/argo-rollouts/issues/3204))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.25.5 to 1.25.8 ([#3191](https://github.com/argoproj/argo-rollouts/issues/3191))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.24.3 to 1.25.2 ([#3192](https://github.com/argoproj/argo-rollouts/issues/3192))
+* **deps:** bump golang.org/x/oauth2 from 0.13.0 to 0.15.0 ([#3187](https://github.com/argoproj/argo-rollouts/issues/3187))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.30.3 to 1.30.5 ([#3193](https://github.com/argoproj/argo-rollouts/issues/3193))
+* **deps:** bump github.com/antonmedv/expr from 1.15.4 to 1.15.5 ([#3186](https://github.com/argoproj/argo-rollouts/issues/3186))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.30.1 to 1.30.3 ([#3179](https://github.com/argoproj/argo-rollouts/issues/3179))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.24.0 to 1.24.3 ([#3180](https://github.com/argoproj/argo-rollouts/issues/3180))
+* **deps:** bump github.com/influxdata/influxdb-client-go/v2 from 2.12.3 to 2.12.4 ([#3150](https://github.com/argoproj/argo-rollouts/issues/3150))
+* **deps:** bump github.com/antonmedv/expr from 1.15.3 to 1.15.4 ([#3184](https://github.com/argoproj/argo-rollouts/issues/3184))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.23.0 to 1.25.5 ([#3183](https://github.com/argoproj/argo-rollouts/issues/3183))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.30.0 to 1.30.1 ([#3166](https://github.com/argoproj/argo-rollouts/issues/3166))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.5.2 to 1.6.0 ([#3167](https://github.com/argoproj/argo-rollouts/issues/3167))
+* **deps:** update golang to 1.21 ([#3482](https://github.com/argoproj/argo-rollouts/issues/3482))
+* **deps:** bump github.com/bombsimon/logrusr/v4 from 4.0.0 to 4.1.0 ([#3151](https://github.com/argoproj/argo-rollouts/issues/3151))
+* **deps:** bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ([#3152](https://github.com/argoproj/argo-rollouts/issues/3152))
+* **deps:** bump sigstore/cosign-installer from 3.1.2 to 3.2.0 ([#3158](https://github.com/argoproj/argo-rollouts/issues/3158))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.22.0 to 1.23.0 ([#3161](https://github.com/argoproj/argo-rollouts/issues/3161))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.5 to 1.27.9 ([#3469](https://github.com/argoproj/argo-rollouts/issues/3469))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.28.0 to 1.30.0 ([#3144](https://github.com/argoproj/argo-rollouts/issues/3144))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.22.0 to 1.24.0 ([#3143](https://github.com/argoproj/argo-rollouts/issues/3143))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.20.0 to 1.22.0 ([#3149](https://github.com/argoproj/argo-rollouts/issues/3149))
+* **deps:** bump google.golang.org/protobuf from 1.32.0 to 1.33.0 ([#3429](https://github.com/argoproj/argo-rollouts/issues/3429))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.20.0 ([#3135](https://github.com/argoproj/argo-rollouts/issues/3135))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.21.2 to 1.22.0 ([#3136](https://github.com/argoproj/argo-rollouts/issues/3136))
+* **deps:** bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 ([#3122](https://github.com/argoproj/argo-rollouts/issues/3122))
+* **deps:** bump google.golang.org/grpc from 1.58.3 to 1.59.0 ([#3113](https://github.com/argoproj/argo-rollouts/issues/3113))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.21.6 to 1.22.0 ([#3127](https://github.com/argoproj/argo-rollouts/issues/3127))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.19.0 to 1.19.1 ([#3123](https://github.com/argoproj/argo-rollouts/issues/3123))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.9 to 1.28.0 ([#3124](https://github.com/argoproj/argo-rollouts/issues/3124))
+* **deps:** bump golang.org/x/oauth2 from 0.10.0 to 0.13.0 ([#3107](https://github.com/argoproj/argo-rollouts/issues/3107))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.45 to 1.19.0 ([#3109](https://github.com/argoproj/argo-rollouts/issues/3109))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.44 to 1.18.45 ([#3101](https://github.com/argoproj/argo-rollouts/issues/3101))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.21.4 to 1.21.6 ([#3100](https://github.com/argoproj/argo-rollouts/issues/3100))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.8 to 1.27.9 ([#3102](https://github.com/argoproj/argo-rollouts/issues/3102))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.21.1 to 1.21.2 ([#3103](https://github.com/argoproj/argo-rollouts/issues/3103))
+* **deps:** bump github.com/aws/smithy-go from 1.20.1 to 1.20.2 ([#3488](https://github.com/argoproj/argo-rollouts/issues/3488))
+* **deps:** bump google.golang.org/grpc from 1.58.2 to 1.58.3 ([#3098](https://github.com/argoproj/argo-rollouts/issues/3098))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.43 to 1.18.44 ([#3099](https://github.com/argoproj/argo-rollouts/issues/3099))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.21.0 to 1.21.1 ([#3085](https://github.com/argoproj/argo-rollouts/issues/3085))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.7 to 1.27.8 ([#3086](https://github.com/argoproj/argo-rollouts/issues/3086))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.42 to 1.18.43 ([#3072](https://github.com/argoproj/argo-rollouts/issues/3072))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.5.1 to 1.5.2 ([#3056](https://github.com/argoproj/argo-rollouts/issues/3056))
+* **deps:** bump github.com/prometheus/common from 0.42.0 to 0.51.1 ([#3468](https://github.com/argoproj/argo-rollouts/issues/3468))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.41 to 1.18.42 ([#3055](https://github.com/argoproj/argo-rollouts/issues/3055))
+* **deps:** bump github.com/antonmedv/expr from 1.15.2 to 1.15.3 ([#3046](https://github.com/argoproj/argo-rollouts/issues/3046))
+* **deps:** bump docker/setup-qemu-action from 2.2.0 to 3.0.0 ([#3031](https://github.com/argoproj/argo-rollouts/issues/3031))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.39 to 1.18.41 ([#3047](https://github.com/argoproj/argo-rollouts/issues/3047))
+* **deps:** bump google.golang.org/grpc from 1.58.0 to 1.58.2 ([#3050](https://github.com/argoproj/argo-rollouts/issues/3050))
+* **deps:** bump google.golang.org/grpc from 1.57.0 to 1.58.0 ([#3023](https://github.com/argoproj/argo-rollouts/issues/3023))
+* **deps:** bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0 ([#3030](https://github.com/argoproj/argo-rollouts/issues/3030))
+* **deps:** bump docker/metadata-action from 4 to 5 ([#3032](https://github.com/argoproj/argo-rollouts/issues/3032))
+* **deps:** bump docker/build-push-action from 4.1.1 to 5.0.0 ([#3033](https://github.com/argoproj/argo-rollouts/issues/3033))
+* **deps:** bump docker/setup-buildx-action from 2.10.0 to 3.0.0 ([#3034](https://github.com/argoproj/argo-rollouts/issues/3034))
+* **deps:** bump docker/login-action from 2.2.0 to 3.0.0 ([#3035](https://github.com/argoproj/argo-rollouts/issues/3035))
+* **deps:** bump github.com/antonmedv/expr from 1.15.1 to 1.15.2 ([#3036](https://github.com/argoproj/argo-rollouts/issues/3036))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.26.0 to 1.26.1 ([#3490](https://github.com/argoproj/argo-rollouts/issues/3490))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.21.3 to 1.21.4 ([#3025](https://github.com/argoproj/argo-rollouts/issues/3025))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.5.0 to 1.5.1 ([#3017](https://github.com/argoproj/argo-rollouts/issues/3017))
+* **deps:** bump github.com/antonmedv/expr from 1.13.0 to 1.15.1 ([#3024](https://github.com/argoproj/argo-rollouts/issues/3024))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.38 to 1.18.39 ([#3018](https://github.com/argoproj/argo-rollouts/issues/3018))
+* **deps:** bump actions/checkout from 3 to 4 ([#3012](https://github.com/argoproj/argo-rollouts/issues/3012))
+* **deps:** bump sigstore/cosign-installer from 3.1.1 to 3.1.2 ([#3011](https://github.com/argoproj/argo-rollouts/issues/3011))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.37 to 1.18.38 ([#3002](https://github.com/argoproj/argo-rollouts/issues/3002))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.4.10 to 1.5.0 ([#2995](https://github.com/argoproj/argo-rollouts/issues/2995))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.36.3 to 1.37.0 ([#3489](https://github.com/argoproj/argo-rollouts/issues/3489))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.27.9 to 1.27.10 ([#3492](https://github.com/argoproj/argo-rollouts/issues/3492))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.6 to 1.27.7 ([#2990](https://github.com/argoproj/argo-rollouts/issues/2990))
+* **deps:** bump docker/setup-buildx-action from 2.9.1 to 2.10.0 ([#2994](https://github.com/argoproj/argo-rollouts/issues/2994))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.21.0 to 1.21.3 ([#2977](https://github.com/argoproj/argo-rollouts/issues/2977))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.36 to 1.18.37 ([#2984](https://github.com/argoproj/argo-rollouts/issues/2984))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 ([#2983](https://github.com/argoproj/argo-rollouts/issues/2983))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.33 to 1.18.36 ([#2978](https://github.com/argoproj/argo-rollouts/issues/2978))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.2 to 1.27.6 ([#2979](https://github.com/argoproj/argo-rollouts/issues/2979))
+
+### Docs
+
+* more best practices ([#3484](https://github.com/argoproj/argo-rollouts/issues/3484))
+* typo in BlueGreen ([#3463](https://github.com/argoproj/argo-rollouts/issues/3463))
+* minor readability on migration ([#3427](https://github.com/argoproj/argo-rollouts/issues/3427))
+* added Consul plugin support to website ([#3362](https://github.com/argoproj/argo-rollouts/issues/3362))
+* Update shell autocompletion instructions ([#3377](https://github.com/argoproj/argo-rollouts/issues/3377))
+* Update Changelog ([#3365](https://github.com/argoproj/argo-rollouts/issues/3365))
+* Guides for popular use-cases ([#3346](https://github.com/argoproj/argo-rollouts/issues/3346))
+* Update Changelog ([#3328](https://github.com/argoproj/argo-rollouts/issues/3328))
+* Fixed the key for headers in prometheus based argo analysis ([#3306](https://github.com/argoproj/argo-rollouts/issues/3306))
+* mention archival of the SMI spec ([#3263](https://github.com/argoproj/argo-rollouts/issues/3263))
+* Update Changelog ([#3244](https://github.com/argoproj/argo-rollouts/issues/3244))
+* Update Changelog ([#3214](https://github.com/argoproj/argo-rollouts/issues/3214))
+* Update Changelog ([#2952](https://github.com/argoproj/argo-rollouts/issues/2952))
+* fix typo in smi.md ([#3160](https://github.com/argoproj/argo-rollouts/issues/3160))
+* Update Changelog ([#3148](https://github.com/argoproj/argo-rollouts/issues/3148))
+* add Gateway-API integration information to README.md ([#2985](https://github.com/argoproj/argo-rollouts/issues/2985))
+* add CONTRIBUTING.md at root of repo, directing to docs/ ([#3121](https://github.com/argoproj/argo-rollouts/issues/3121))
+* Ensure image not present between incomplete sentence. ([#3079](https://github.com/argoproj/argo-rollouts/issues/3079))
+* clarify external clusters ([#3058](https://github.com/argoproj/argo-rollouts/issues/3058))
+* Update Changelog ([#3021](https://github.com/argoproj/argo-rollouts/issues/3021))
+* replace `patchesStrategicMerge` with `patches` in tests/docs ([#3010](https://github.com/argoproj/argo-rollouts/issues/3010))
+* update all ingress objects to networking.k8s.io/v1 ([#3005](https://github.com/argoproj/argo-rollouts/issues/3005))
+* Remove rogue apostrophe in features/analysis.md ([#3001](https://github.com/argoproj/argo-rollouts/issues/3001))
+* add contour integration information to README.md ([#2980](https://github.com/argoproj/argo-rollouts/issues/2980))
+* **analysis:** Add note about availability of new datadog v2 functionality ([#3131](https://github.com/argoproj/argo-rollouts/issues/3131))
+* **deps:** Specify minimum kustomize version ([#3199](https://github.com/argoproj/argo-rollouts/issues/3199))
+
+### Feat
+
+* Reference AnalysisTemplates inside an AnalysisTemplate ([#3353](https://github.com/argoproj/argo-rollouts/issues/3353))
+* add command args for plugin ([#2992](https://github.com/argoproj/argo-rollouts/issues/2992))
+* expose secrets for notification templates ([#3455](https://github.com/argoproj/argo-rollouts/issues/3455)) ([#3466](https://github.com/argoproj/argo-rollouts/issues/3466))
+* ping pong support for istio ([#3371](https://github.com/argoproj/argo-rollouts/issues/3371))
+* display init container images on the rollout dashboard ([#3473](https://github.com/argoproj/argo-rollouts/issues/3473))
+* add Analysis run to rollout  notifications ([#3296](https://github.com/argoproj/argo-rollouts/issues/3296))
+* add the max traffic weight support for the traffic routing (nginx/plugins). ([#3215](https://github.com/argoproj/argo-rollouts/issues/3215))
+* allow analysis run to use separate kubeconfig for jobs ([#3350](https://github.com/argoproj/argo-rollouts/issues/3350))
+* Support AnalysisRunMetadata and Dryrun for experiments via Rollout ([#3213](https://github.com/argoproj/argo-rollouts/issues/3213))
+* allow setting traefik versions ([#3348](https://github.com/argoproj/argo-rollouts/issues/3348))
+* support ability to run only the analysis controller ([#3336](https://github.com/argoproj/argo-rollouts/issues/3336))
+* Support OAuth2 for prometheus and web providers ([#3038](https://github.com/argoproj/argo-rollouts/issues/3038))
+* Add support for aggregator type in DataDog metric provider  ([#3293](https://github.com/argoproj/argo-rollouts/issues/3293))
+* add analysis modal ([#3174](https://github.com/argoproj/argo-rollouts/issues/3174))
+* automatically scale down Deployment after migrating to Rollout ([#3111](https://github.com/argoproj/argo-rollouts/issues/3111))
+* Rollouts UI List View Refresh ([#3118](https://github.com/argoproj/argo-rollouts/issues/3118))
+* **analysis:** add ttlStrategy on AnalysisRun for garbage collecting stale AnalysisRun automatically ([#3324](https://github.com/argoproj/argo-rollouts/issues/3324))
+* **dashboard:** improve pods visibility ([#3483](https://github.com/argoproj/argo-rollouts/issues/3483))
+* **trafficrouting:** use values array for multiple accepted values under same header name ([#2974](https://github.com/argoproj/argo-rollouts/issues/2974))
+
+### Fix
+
+* set formatter for klog logger ([#3493](https://github.com/argoproj/argo-rollouts/issues/3493))
+* fix the issue that when max weight is 100000000, and the replicas> 20,  the trafficWeightToReplicas will return negative value. ([#3474](https://github.com/argoproj/argo-rollouts/issues/3474))
+* analysis step should be ignored after promote ([#3016](https://github.com/argoproj/argo-rollouts/issues/3016))
+* job metrics owner ref when using custom job kubeconfig/ns ([#3425](https://github.com/argoproj/argo-rollouts/issues/3425))
+* Add the GOPATH to the go-to-protobuf command ([#3022](https://github.com/argoproj/argo-rollouts/issues/3022))
+* prevent hot loop when fully promoted rollout is aborted ([#3064](https://github.com/argoproj/argo-rollouts/issues/3064))
+* include the correct response error in the plugin init error message ([#3388](https://github.com/argoproj/argo-rollouts/issues/3388))
+* append weighted destination only when weight is mentioned  ([#2734](https://github.com/argoproj/argo-rollouts/issues/2734))
+* stuck rollout when 2nd deployment happens before 1st finishes ([#3354](https://github.com/argoproj/argo-rollouts/issues/3354))
+* do not require pod readiness when switching desired service selector on abort ([#3338](https://github.com/argoproj/argo-rollouts/issues/3338))
+* log rs name when update fails ([#3318](https://github.com/argoproj/argo-rollouts/issues/3318))
+* keep rs inormer updated upon updating labels and annotations ([#3321](https://github.com/argoproj/argo-rollouts/issues/3321))
+* updates to replicas and pod template at the same time causes rollout to get stuck ([#3272](https://github.com/argoproj/argo-rollouts/issues/3272))
+* canary step analysis run wasn't terminated as keep running after promote action being called. Fixes [#3220](https://github.com/argoproj/argo-rollouts/issues/3220) ([#3221](https://github.com/argoproj/argo-rollouts/issues/3221))
+* make sure we use the updated rs when we write back to informer ([#3237](https://github.com/argoproj/argo-rollouts/issues/3237))
+* conflict on updates to replicaset revision ([#3216](https://github.com/argoproj/argo-rollouts/issues/3216))
+* rollouts getting stuck due to bad rs informer updates ([#3200](https://github.com/argoproj/argo-rollouts/issues/3200))
+* missing notification on error ([#3076](https://github.com/argoproj/argo-rollouts/issues/3076))
+* istio destionationrule subsets enforcement ([#3126](https://github.com/argoproj/argo-rollouts/issues/3126))
+* docs require build.os to be defined ([#3133](https://github.com/argoproj/argo-rollouts/issues/3133))
+* rollback to stable with dynamicStableScale could overwhelm stable pods ([#3077](https://github.com/argoproj/argo-rollouts/issues/3077))
+* inopportune scaling events would lose some status fields ([#3060](https://github.com/argoproj/argo-rollouts/issues/3060))
+* codegen was missed ([#3104](https://github.com/argoproj/argo-rollouts/issues/3104))
+* keep rs informer updated ([#3091](https://github.com/argoproj/argo-rollouts/issues/3091))
+* bump notification-engine to fix double send on self server notifications ([#3095](https://github.com/argoproj/argo-rollouts/issues/3095))
+* revert repo change to expr ([#3094](https://github.com/argoproj/argo-rollouts/issues/3094))
+* Replace antonmedv/expr with expr-lang/expr ([#3090](https://github.com/argoproj/argo-rollouts/issues/3090))
+* Revert "fix: istio destionationrule subsets enforcement ([#3126](https://github.com/argoproj/argo-rollouts/issues/3126))" ([#3147](https://github.com/argoproj/argo-rollouts/issues/3147))
+* sync notification controller configmaps/secrets first ([#3075](https://github.com/argoproj/argo-rollouts/issues/3075))
+* **controller:** don't timeout rollout when still waiting for scale down delay ([#3417](https://github.com/argoproj/argo-rollouts/issues/3417))
+* **controller:** treat spec.canary.analysis.template empty list as spec.canary.analysis not set ([#3446](https://github.com/argoproj/argo-rollouts/issues/3446))
+* **controller:** prevent negative vsvc weights on a replica scaledown following a canary abort for istio trafficrouting ([#3467](https://github.com/argoproj/argo-rollouts/issues/3467))
+* **controller:** rollback should skip all steps to active rs within RollbackWindow ([#2953](https://github.com/argoproj/argo-rollouts/issues/2953))
+* **controller:** typo fix ("Secrete" -> "Secret") in secret informer ([#2965](https://github.com/argoproj/argo-rollouts/issues/2965))
+* **metricprovider:** support Datadog v2 API Fixes [#2813](https://github.com/argoproj/argo-rollouts/issues/2813) ([#2997](https://github.com/argoproj/argo-rollouts/issues/2997))
+
+### Refactor
+
+* rename interface{} => any ([#3000](https://github.com/argoproj/argo-rollouts/issues/3000))
+
+### Test
+
+* add unit tests for maxSurge=0, replicas=1 ([#3375](https://github.com/argoproj/argo-rollouts/issues/3375))
+
+
+<a name="v1.6.6"></a>
+## [v1.6.6](https://github.com/argoproj/argo-rollouts/compare/v1.6.5...v1.6.6) (2024-02-12)
+
+### Fix
+
+* stuck rollout when 2nd deployment happens before 1st finishes ([#3354](https://github.com/argoproj/argo-rollouts/issues/3354))
+* do not require pod readiness when switching desired service selector on abort ([#3338](https://github.com/argoproj/argo-rollouts/issues/3338))
+
+
+<a name="v1.6.5"></a>
+## [v1.6.5](https://github.com/argoproj/argo-rollouts/compare/v1.6.4...v1.6.5) (2024-01-25)
+
+### Chore
+
+* add logging context around replicaset updates ([#3326](https://github.com/argoproj/argo-rollouts/issues/3326))
+* remove year from codegen license  ([#3282](https://github.com/argoproj/argo-rollouts/issues/3282))
+
+### Fix
+
+* log rs name when update fails ([#3318](https://github.com/argoproj/argo-rollouts/issues/3318))
+* keep rs inormer updated upon updating labels and annotations ([#3321](https://github.com/argoproj/argo-rollouts/issues/3321))
+* updates to replicas and pod template at the same time causes rollout to get stuck ([#3272](https://github.com/argoproj/argo-rollouts/issues/3272))
+
+
+<a name="v1.6.4"></a>
+## [v1.6.4](https://github.com/argoproj/argo-rollouts/compare/v1.6.3...v1.6.4) (2023-12-08)
+
+### Fix
+
+* make sure we use the updated rs when we write back to informer ([#3237](https://github.com/argoproj/argo-rollouts/issues/3237))
+* conflict on updates to replicaset revision ([#3216](https://github.com/argoproj/argo-rollouts/issues/3216))
+
+
+<a name="v1.6.3"></a>
+## [v1.6.3](https://github.com/argoproj/argo-rollouts/compare/v1.6.2...v1.6.3) (2023-12-04)
+
+### Build
+
+* **deps:** always resolve momentjs version 2.29.4 ([#3182](https://github.com/argoproj/argo-rollouts/issues/3182))
+
+### Fix
+
+* rollouts getting stuck due to bad rs informer updates ([#3200](https://github.com/argoproj/argo-rollouts/issues/3200))
+
+
+<a name="v1.6.2"></a>
+## [v1.6.2](https://github.com/argoproj/argo-rollouts/compare/v1.6.1...v1.6.2) (2023-11-02)
+
+### Fix
+
+* Revert "fix: istio destionationrule subsets enforcement ([#3126](https://github.com/argoproj/argo-rollouts/issues/3126))" ([#3147](https://github.com/argoproj/argo-rollouts/issues/3147))
+
+
+<a name="v1.6.1"></a>
+## [v1.6.1](https://github.com/argoproj/argo-rollouts/compare/v1.6.0...v1.6.1) (2023-11-01)
+
+### Chore
+
+* upgrade cosign ([#3139](https://github.com/argoproj/argo-rollouts/issues/3139))
+* add missing rollout fields ([#3062](https://github.com/argoproj/argo-rollouts/issues/3062))
+* change file name for readthedocs compatibility ([#2999](https://github.com/argoproj/argo-rollouts/issues/2999))
+
+### Fix
+
+* istio destionationrule subsets enforcement ([#3126](https://github.com/argoproj/argo-rollouts/issues/3126))
+* docs require build.os to be defined ([#3133](https://github.com/argoproj/argo-rollouts/issues/3133))
+* inopportune scaling events would lose some status fields ([#3060](https://github.com/argoproj/argo-rollouts/issues/3060))
+* rollback to stable with dynamicStableScale could overwhelm stable pods ([#3077](https://github.com/argoproj/argo-rollouts/issues/3077))
+* prevent hot loop when fully promoted rollout is aborted ([#3064](https://github.com/argoproj/argo-rollouts/issues/3064))
+* keep rs informer updated ([#3091](https://github.com/argoproj/argo-rollouts/issues/3091))
+* bump notification-engine to fix double send on self server notifications ([#3095](https://github.com/argoproj/argo-rollouts/issues/3095))
+* sync notification controller configmaps/secrets first ([#3075](https://github.com/argoproj/argo-rollouts/issues/3075))
+* missing notification on error ([#3076](https://github.com/argoproj/argo-rollouts/issues/3076))
+
+
+<a name="v1.6.0"></a>
+## [v1.6.0](https://github.com/argoproj/argo-rollouts/compare/v1.6.0-rc1...v1.6.0) (2023-09-05)
+
+### Chore
+
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.20.2 to 1.21.0 ([#2950](https://github.com/argoproj/argo-rollouts/issues/2950))
+* **deps:** bump github.com/antonmedv/expr from 1.12.7 to 1.13.0 ([#2951](https://github.com/argoproj/argo-rollouts/issues/2951))
+
+### Docs
+
+* update supported k8s version ([#2949](https://github.com/argoproj/argo-rollouts/issues/2949))
+
+### Fix
+
+* analysis step should be ignored after promote ([#3016](https://github.com/argoproj/argo-rollouts/issues/3016))
+* **controller:** rollback should skip all steps to active rs within RollbackWindow ([#2953](https://github.com/argoproj/argo-rollouts/issues/2953))
+* **controller:** typo fix ("Secrete" -> "Secret") in secret informer ([#2965](https://github.com/argoproj/argo-rollouts/issues/2965))
+
+
+<a name="v1.6.0-rc1"></a>
+## [v1.6.0-rc1](https://github.com/argoproj/argo-rollouts/compare/v1.5.1...v1.6.0-rc1) (2023-08-10)
+
+### Chore
+
+* quote golang version string to not use go 1.2.2 ([#2915](https://github.com/argoproj/argo-rollouts/issues/2915))
+* bump gotestsum and fix flakey test causing nil channel send ([#2934](https://github.com/argoproj/argo-rollouts/issues/2934))
+* Update test and related docs for plugin name standard ([#2728](https://github.com/argoproj/argo-rollouts/issues/2728))
+* bump k8s deps to v0.25.8 ([#2712](https://github.com/argoproj/argo-rollouts/issues/2712))
+* add zachaller as lead in owers file ([#2759](https://github.com/argoproj/argo-rollouts/issues/2759))
+* add unit test ([#2798](https://github.com/argoproj/argo-rollouts/issues/2798))
+* add make help cmd ([#2854](https://github.com/argoproj/argo-rollouts/issues/2854))
+* Add tests for pause functionality in rollout package ([#2772](https://github.com/argoproj/argo-rollouts/issues/2772))
+* bump golang to 1.20 ([#2910](https://github.com/argoproj/argo-rollouts/issues/2910))
+* **deps:** bump actions/setup-go from 4.0.1 to 4.1.0 ([#2947](https://github.com/argoproj/argo-rollouts/issues/2947))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.30 to 1.18.31 ([#2924](https://github.com/argoproj/argo-rollouts/issues/2924))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.29 to 1.18.30 ([#2919](https://github.com/argoproj/argo-rollouts/issues/2919))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.19.0 to 1.19.1 ([#2920](https://github.com/argoproj/argo-rollouts/issues/2920))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.26.3 to 1.27.0 ([#2922](https://github.com/argoproj/argo-rollouts/issues/2922))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.31 to 1.18.32 ([#2928](https://github.com/argoproj/argo-rollouts/issues/2928))
+* **deps:** bump google.golang.org/grpc from 1.56.2 to 1.57.0 ([#2908](https://github.com/argoproj/argo-rollouts/issues/2908))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.28 to 1.18.29 ([#2907](https://github.com/argoproj/argo-rollouts/issues/2907))
+* **deps:** bump github.com/antonmedv/expr from 1.12.6 to 1.12.7 ([#2894](https://github.com/argoproj/argo-rollouts/issues/2894))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.26.2 to 1.26.3 ([#2884](https://github.com/argoproj/argo-rollouts/issues/2884))
+* **deps:** bump docker/setup-qemu-action from 2.1.0 to 2.2.0 ([#2878](https://github.com/argoproj/argo-rollouts/issues/2878))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.27 to 1.18.28 ([#2883](https://github.com/argoproj/argo-rollouts/issues/2883))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 ([#2880](https://github.com/argoproj/argo-rollouts/issues/2880))
+* **deps:** bump actions/setup-go from 4.0.0 to 4.0.1 ([#2881](https://github.com/argoproj/argo-rollouts/issues/2881))
+* **deps:** bump docker/setup-buildx-action from 2.5.0 to 2.9.1 ([#2879](https://github.com/argoproj/argo-rollouts/issues/2879))
+* **deps:** bump docker/login-action from 2.1.0 to 2.2.0 ([#2877](https://github.com/argoproj/argo-rollouts/issues/2877))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.13 to 1.19.14 ([#2886](https://github.com/argoproj/argo-rollouts/issues/2886))
+* **deps:** bump github.com/antonmedv/expr from 1.12.5 to 1.12.6 ([#2882](https://github.com/argoproj/argo-rollouts/issues/2882))
+* **deps:** bump google.golang.org/grpc from 1.56.1 to 1.56.2 ([#2872](https://github.com/argoproj/argo-rollouts/issues/2872))
+* **deps:** bump sigstore/cosign-installer from 3.1.0 to 3.1.1 ([#2860](https://github.com/argoproj/argo-rollouts/issues/2860))
+* **deps:** bump google.golang.org/protobuf from 1.30.0 to 1.31.0 ([#2859](https://github.com/argoproj/argo-rollouts/issues/2859))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.0 to 1.27.1 ([#2927](https://github.com/argoproj/argo-rollouts/issues/2927))
+* **deps:** bump google.golang.org/grpc from 1.55.0 to 1.56.1 ([#2856](https://github.com/argoproj/argo-rollouts/issues/2856))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.14 to 1.20.1 ([#2926](https://github.com/argoproj/argo-rollouts/issues/2926))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.12 to 1.19.13 ([#2847](https://github.com/argoproj/argo-rollouts/issues/2847))
+* **deps:** bump actions/setup-go from 3.5.0 to 4.0.1 ([#2849](https://github.com/argoproj/argo-rollouts/issues/2849))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.26 to 1.18.27 ([#2844](https://github.com/argoproj/argo-rollouts/issues/2844))
+* **deps:** bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 ([#2846](https://github.com/argoproj/argo-rollouts/issues/2846))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.26.1 to 1.26.2 ([#2848](https://github.com/argoproj/argo-rollouts/issues/2848))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.11 to 1.19.12 ([#2839](https://github.com/argoproj/argo-rollouts/issues/2839))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.26.0 to 1.26.1 ([#2840](https://github.com/argoproj/argo-rollouts/issues/2840))
+* **deps:** bump sigstore/cosign-installer from 3.0.5 to 3.1.0 ([#2858](https://github.com/argoproj/argo-rollouts/issues/2858))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.25 to 1.18.26 ([#2841](https://github.com/argoproj/argo-rollouts/issues/2841))
+* **deps:** bump docker/build-push-action from 4.0.0 to 4.1.0 ([#2832](https://github.com/argoproj/argo-rollouts/issues/2832))
+* **deps:** bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 ([#2821](https://github.com/argoproj/argo-rollouts/issues/2821))
+* **deps:** bump github.com/hashicorp/go-plugin from 1.4.9 to 1.4.10 ([#2822](https://github.com/argoproj/argo-rollouts/issues/2822))
+* **deps:** bump github.com/stretchr/testify from 1.8.3 to 1.8.4 ([#2817](https://github.com/argoproj/argo-rollouts/issues/2817))
+* **deps:** bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 ([#2789](https://github.com/argoproj/argo-rollouts/issues/2789))
+* **deps:** bump github.com/stretchr/testify from 1.8.2 to 1.8.3 ([#2796](https://github.com/argoproj/argo-rollouts/issues/2796))
+* **deps:** bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 ([#2936](https://github.com/argoproj/argo-rollouts/issues/2936))
+* **deps:** bump sigstore/cosign-installer from 3.0.3 to 3.0.5 ([#2788](https://github.com/argoproj/argo-rollouts/issues/2788))
+* **deps:** bump docker/build-push-action from 4.1.0 to 4.1.1 ([#2837](https://github.com/argoproj/argo-rollouts/issues/2837))
+* **deps:** bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 ([#2784](https://github.com/argoproj/argo-rollouts/issues/2784))
+* **deps:** bump codecov/codecov-action from 3.1.3 to 3.1.4 ([#2782](https://github.com/argoproj/argo-rollouts/issues/2782))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.24 to 1.18.25 ([#2770](https://github.com/argoproj/argo-rollouts/issues/2770))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.23 to 1.18.24 ([#2768](https://github.com/argoproj/argo-rollouts/issues/2768))
+* **deps:** bump google.golang.org/grpc from 1.54.0 to 1.55.0 ([#2763](https://github.com/argoproj/argo-rollouts/issues/2763))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.22 to 1.18.23 ([#2756](https://github.com/argoproj/argo-rollouts/issues/2756))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.20.1 to 1.20.2 ([#2941](https://github.com/argoproj/argo-rollouts/issues/2941))
+* **deps:** replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml` ([#2681](https://github.com/argoproj/argo-rollouts/issues/2681))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.25.10 to 1.26.0 ([#2755](https://github.com/argoproj/argo-rollouts/issues/2755))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.10 to 1.19.11 ([#2757](https://github.com/argoproj/argo-rollouts/issues/2757))
+* **deps:** bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 ([#2754](https://github.com/argoproj/argo-rollouts/issues/2754))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.21 to 1.18.22 ([#2746](https://github.com/argoproj/argo-rollouts/issues/2746))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.25.9 to 1.25.10 ([#2745](https://github.com/argoproj/argo-rollouts/issues/2745))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.27.1 to 1.27.2 ([#2944](https://github.com/argoproj/argo-rollouts/issues/2944))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.9 to 1.19.10 ([#2747](https://github.com/argoproj/argo-rollouts/issues/2747))
+* **deps:** bump codecov/codecov-action from 3.1.2 to 3.1.3 ([#2735](https://github.com/argoproj/argo-rollouts/issues/2735))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.18.33 ([#2943](https://github.com/argoproj/argo-rollouts/issues/2943))
+* **deps:** bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 ([#2721](https://github.com/argoproj/argo-rollouts/issues/2721))
+* **deps:** bump codecov/codecov-action from 3.1.1 to 3.1.2 ([#2711](https://github.com/argoproj/argo-rollouts/issues/2711))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.20 to 1.18.21 ([#2709](https://github.com/argoproj/argo-rollouts/issues/2709))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.8 to 1.19.9 ([#2708](https://github.com/argoproj/argo-rollouts/issues/2708))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.25.8 to 1.25.9 ([#2710](https://github.com/argoproj/argo-rollouts/issues/2710))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/config from 1.18.19 to 1.18.20 ([#2705](https://github.com/argoproj/argo-rollouts/issues/2705))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.19.7 to 1.19.8 ([#2704](https://github.com/argoproj/argo-rollouts/issues/2704))
+* **deps:** bump github.com/aws/aws-sdk-go-v2 from 1.17.7 to 1.17.8 ([#2703](https://github.com/argoproj/argo-rollouts/issues/2703))
+* **deps:** bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.25.7 to 1.25.8 ([#2702](https://github.com/argoproj/argo-rollouts/issues/2702))
+* **deps:** bump peter-evans/create-pull-request from 4 to 5 ([#2697](https://github.com/argoproj/argo-rollouts/issues/2697))
+* **deps:** bump github.com/spf13/cobra from 1.6.1 to 1.7.0 ([#2698](https://github.com/argoproj/argo-rollouts/issues/2698))
+* **deps:** bump github.com/influxdata/influxdb-client-go/v2 from 2.12.2 to 2.12.3 ([#2684](https://github.com/argoproj/argo-rollouts/issues/2684))
+
+### Ci
+
+* generate attestations during a release  ([#2785](https://github.com/argoproj/argo-rollouts/issues/2785))
+* use keyless signing for main and release branches ([#2783](https://github.com/argoproj/argo-rollouts/issues/2783))
+
+### Docs
+
+* mirroring support in Traefik is not implemented yet ([#2904](https://github.com/argoproj/argo-rollouts/issues/2904))
+* update contributions.md to include k3d as recommended cluster, add details on e2e test setup, and update kubectl install link. Fixes [#1750](https://github.com/argoproj/argo-rollouts/issues/1750) ([#1867](https://github.com/argoproj/argo-rollouts/issues/1867))
+* fix minor mistakes in Migrating to Deployments ([#2270](https://github.com/argoproj/argo-rollouts/issues/2270))
+* Update docs of Rollout spec to add active/previewMetadata ([#2833](https://github.com/argoproj/argo-rollouts/issues/2833))
+* Update datadog.md - clarify formulas [#2813](https://github.com/argoproj/argo-rollouts/issues/2813) ([#2819](https://github.com/argoproj/argo-rollouts/issues/2819))
+* support for Kong ingress ([#2820](https://github.com/argoproj/argo-rollouts/issues/2820))
+* Fix AWS App Mesh getting started documentation to avoid connection pooling problems ([#2814](https://github.com/argoproj/argo-rollouts/issues/2814))
+* Update Changelog ([#2807](https://github.com/argoproj/argo-rollouts/issues/2807))
+* use correct capitalization for "Datadog" in navigation sidebar ([#2809](https://github.com/argoproj/argo-rollouts/issues/2809))
+* Fix typo in header routing specification docs ([#2808](https://github.com/argoproj/argo-rollouts/issues/2808))
+* support for Google Cloud Load balancers ([#2803](https://github.com/argoproj/argo-rollouts/issues/2803))
+* Show how plugins are loaded ([#2801](https://github.com/argoproj/argo-rollouts/issues/2801))
+* Add gateway API link, fix Contour plugin naming ([#2787](https://github.com/argoproj/argo-rollouts/issues/2787))
+* Add some details around running locally to make things clearer new contributors ([#2786](https://github.com/argoproj/argo-rollouts/issues/2786))
+* Add docs for Amazon Managed Prometheus ([#2777](https://github.com/argoproj/argo-rollouts/issues/2777))
+* Update Changelog ([#2765](https://github.com/argoproj/argo-rollouts/issues/2765))
+* copy argo cd docs drop down fix ([#2731](https://github.com/argoproj/argo-rollouts/issues/2731))
+* Add contour trafficrouter plugin ([#2729](https://github.com/argoproj/argo-rollouts/issues/2729))
+* fix link to plugins for traffic routers ([#2719](https://github.com/argoproj/argo-rollouts/issues/2719))
+* Update Changelog ([#2683](https://github.com/argoproj/argo-rollouts/issues/2683))
+* **analysis:** fix use stringData in the examples ([#2715](https://github.com/argoproj/argo-rollouts/issues/2715))
+* **example:** Add example on how to execute subset of e2e tests ([#2867](https://github.com/argoproj/argo-rollouts/issues/2867))
+* **example:** interval requires count ([#2690](https://github.com/argoproj/argo-rollouts/issues/2690))
+
+### Feat
+
+* Send informer add k8s event ([#2834](https://github.com/argoproj/argo-rollouts/issues/2834))
+* enable self service notification support ([#2930](https://github.com/argoproj/argo-rollouts/issues/2930))
+* support prometheus headers ([#2937](https://github.com/argoproj/argo-rollouts/issues/2937))
+* Add insecure option for Prometheus. Fixes [#2913](https://github.com/argoproj/argo-rollouts/issues/2913) ([#2914](https://github.com/argoproj/argo-rollouts/issues/2914))
+* Add prometheus timeout ([#2893](https://github.com/argoproj/argo-rollouts/issues/2893))
+* Support Multiple ALB Ingresses ([#2639](https://github.com/argoproj/argo-rollouts/issues/2639))
+* add merge key to analysis template ([#2842](https://github.com/argoproj/argo-rollouts/issues/2842))
+* retain TLS configuration for canary ingresses in the nginx integration. Fixes [#1134](https://github.com/argoproj/argo-rollouts/issues/1134) ([#2679](https://github.com/argoproj/argo-rollouts/issues/2679))
+* **analysis:** Adds rollout Spec.Selector.MatchLabels to AnalysisRun. Fixes [#2888](https://github.com/argoproj/argo-rollouts/issues/2888) ([#2903](https://github.com/argoproj/argo-rollouts/issues/2903))
+* **controller:** Add custom metadata support for AnalysisRun. Fixes [#2740](https://github.com/argoproj/argo-rollouts/issues/2740) ([#2743](https://github.com/argoproj/argo-rollouts/issues/2743))
+* **dashboard:** Refresh Rollouts dashboard UI ([#2723](https://github.com/argoproj/argo-rollouts/issues/2723))
+* **metricprovider:** allow user to define metrics.provider.job.metadata ([#2762](https://github.com/argoproj/argo-rollouts/issues/2762))
+
+### Fix
+
+* make new alb fullName field  optional for backward compatability ([#2806](https://github.com/argoproj/argo-rollouts/issues/2806))
+* cloudwatch metrics provider multiple dimensions ([#2932](https://github.com/argoproj/argo-rollouts/issues/2932))
+*  rollout not modify the VirtualService whit setHeaderRoute step with workloadRef ([#2797](https://github.com/argoproj/argo-rollouts/issues/2797))
+* get new httpRoutesI after removeRoute() to avoid duplicates. Fixes [#2769](https://github.com/argoproj/argo-rollouts/issues/2769) ([#2887](https://github.com/argoproj/argo-rollouts/issues/2887))
+* change logic of analysis run to better handle errors ([#2695](https://github.com/argoproj/argo-rollouts/issues/2695))
+* istio dropping fields during removing of managed routes ([#2692](https://github.com/argoproj/argo-rollouts/issues/2692))
+* resolve args to metric in garbage collection function ([#2843](https://github.com/argoproj/argo-rollouts/issues/2843))
+* properly wrap Datadog API v2 request body ([#2771](https://github.com/argoproj/argo-rollouts/issues/2771)) ([#2775](https://github.com/argoproj/argo-rollouts/issues/2775))
+* add required ingress permission ([#2933](https://github.com/argoproj/argo-rollouts/issues/2933))
+* **analysis:** Adding field in YAML to provide region for Sigv4 signing.  ([#2794](https://github.com/argoproj/argo-rollouts/issues/2794))
+* **analysis:** Graphite query - remove whitespaces ([#2752](https://github.com/argoproj/argo-rollouts/issues/2752))
+* **analysis:** Graphite metric provider - index out of range [0] with length 0 ([#2751](https://github.com/argoproj/argo-rollouts/issues/2751))
+* **controller:** Remove name label from some k8s client metrics on events and replicasets ([#2851](https://github.com/argoproj/argo-rollouts/issues/2851))
+* **controller:** Fix for rollouts getting stuck in loop ([#2689](https://github.com/argoproj/argo-rollouts/issues/2689))
+* **controller:** Add klog logrus bridge. Fixes [#2707](https://github.com/argoproj/argo-rollouts/issues/2707). ([#2701](https://github.com/argoproj/argo-rollouts/issues/2701))
+* **trafficrouting:** apply stable selectors on canary service on rollout abort [#2781](https://github.com/argoproj/argo-rollouts/issues/2781) ([#2818](https://github.com/argoproj/argo-rollouts/issues/2818))
+
+### Refactor
+
+* change plugin naming pattern [#2720](https://github.com/argoproj/argo-rollouts/issues/2720) ([#2722](https://github.com/argoproj/argo-rollouts/issues/2722))
+
+### BREAKING CHANGE
+
+
+The metric labels have changed on controller_clientset_k8s_request_total to not include the name of the resource for events and replicasets. These names have generated hashes in them and cause really high cardinality.
+
+Remove name label from k8s some client metrics
+
+The `name` label in the `controller_clientset_k8s_request_total` metric
+produce an excessive amount of cardinality for `events` and `replicasets`.
+This can lead to hundreds of thousands of unique metrics over a couple
+weeks in a large deployment. Set the name to "N/A" for these client request
+types.
+
+
 <a name="v1.5.1"></a>
 ## [v1.5.1](https://github.com/argoproj/argo-rollouts/compare/v1.5.0...v1.5.1) (2023-05-24)

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1 @@
+See [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md).
--- a/10
+++ b/10
@ -3,7 +3,7 @@
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM golang:1.20 as builder
+FROM --platform=$BUILDPLATFORM golang:1.23 AS builder

 RUN apt-get update && apt-get install -y \
    wget \
@ -12,7 +12,7 @@ RUN apt-get update && apt-get install -y \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

 # Install golangci-lint
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.53.3 && \
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6 && \
    golangci-lint linters

 COPY .golangci.yml ${GOPATH}/src/dummy/.golangci.yml
@ -24,7 +24,7 @@ RUN cd ${GOPATH}/src/dummy && \
 ####################################################################################################
 # UI build stage
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/node:18 as argo-rollouts-ui
+FROM --platform=$BUILDPLATFORM docker.io/library/node:18 AS argo-rollouts-ui

 WORKDIR /src
 ADD ["ui/package.json", "ui/yarn.lock", "./"]
@ -40,7 +40,7 @@ RUN NODE_ENV='production' yarn build
 ####################################################################################################
 # Rollout Controller Build stage which performs the actual build of argo-rollouts binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM golang:1.20 as argo-rollouts-build
+FROM --platform=$BUILDPLATFORM golang:1.23 AS argo-rollouts-build

 WORKDIR /go/src/github.com/argoproj/argo-rollouts

@ -69,7 +69,7 @@ RUN GOOS=$TARGETOS GOARCH=$TARGETARCH make ${MAKE_TARGET}
 ####################################################################################################
 # Kubectl plugin image
 ####################################################################################################
-FROM gcr.io/distroless/static-debian11 as kubectl-argo-rollouts
+FROM gcr.io/distroless/static-debian11 AS kubectl-argo-rollouts

 COPY --from=argo-rollouts-build /go/src/github.com/argoproj/argo-rollouts/dist/kubectl-argo-rollouts /bin/kubectl-argo-rollouts

--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -1,7 +1,7 @@
 ####################################################################################################
 # argo-rollouts-dev
 ####################################################################################################
-FROM golang:1.20 as builder
+FROM golang:1.20 AS builder

 RUN apt-get update && apt-get install -y \
    ca-certificates && \
@ -12,9 +12,12 @@ FROM gcr.io/distroless/static-debian11

 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY rollouts-controller-linux-amd64 /bin/rollouts-controller
+COPY step-plugin-e2e-linux-amd64 /bin/plugin-files/step-plugin-e2e

 # Use numeric user, allows kubernetes to identify this user as being
 # non-root when we use a security context with runAsNonRoot: true
 USER 999

+WORKDIR /home/argo-rollouts
+
 ENTRYPOINT [ "/bin/rollouts-controller" ]
--- a/97
+++ b/97
@ -12,19 +12,26 @@ GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ;
 GIT_REMOTE_REPO=upstream
 VERSION=$(shell if [ ! -z "${GIT_TAG}" ] ; then echo "${GIT_TAG}" | sed -e "s/^v//"  ; else cat VERSION ; fi)

+
+TARGET_ARCH?=linux/amd64
+
 # docker image publishing options
-DOCKER_PUSH=false
-IMAGE_TAG=latest
+DOCKER_PUSH ?= false
+IMAGE_TAG ?= latest
 # build development images
 DEV_IMAGE ?= false

 # E2E variables
+E2E_K8S_CONTEXT ?= rancher-desktop
 E2E_INSTANCE_ID ?= argo-rollouts-e2e
-E2E_TEST_OPTIONS ?= 
+E2E_TEST_OPTIONS ?=
 E2E_PARALLEL ?= 1
-E2E_WAIT_TIMEOUT ?= 120
+E2E_WAIT_TIMEOUT ?= 90
 GOPATH ?= $(shell go env GOPATH)

+# Global toolchain configuration
+NODE_OPTIONS=""
+
 override LDFLAGS += \
  -X ${PACKAGE}/utils/version.version=${VERSION} \
  -X ${PACKAGE}/utils/version.buildDate=${BUILD_DATE} \
@ -57,8 +64,8 @@ define protoc
      -I ${GOPATH}/src \
      -I ${GOPATH}/pkg/mod/github.com/gogo/protobuf@v1.3.2/gogoproto \
      -I ${GOPATH}/pkg/mod/github.com/grpc-ecosystem/grpc-gateway@v1.16.0/third_party/googleapis \
-      --gogofast_out=plugins=grpc:${GOPATH}/src \
-      --grpc-gateway_out=logtostderr=true:${GOPATH}/src \
+      --gogofast_out=plugins=grpc:${CURDIR} \
+      --grpc-gateway_out=logtostderr=true:${CURDIR} \
      --swagger_out=logtostderr=true,fqn_for_swagger_name=true:. \
      $(1)
 endef
@ -94,6 +101,7 @@ install-tools-local: install-go-tools-local install-protoc-local install-devtool

 TYPES := $(shell find pkg/apis/rollouts/v1alpha1 -type f -name '*.go' -not -name openapi_generated.go -not -name '*generated*' -not -name '*test.go')
 APIMACHINERY_PKGS=k8s.io/apimachinery/pkg/util/intstr,+k8s.io/apimachinery/pkg/api/resource,+k8s.io/apimachinery/pkg/runtime/schema,+k8s.io/apimachinery/pkg/runtime,k8s.io/apimachinery/pkg/apis/meta/v1,k8s.io/api/core/v1,k8s.io/api/batch/v1
+PKG := $(shell go list ./pkg/apis/rollouts/v1alpha1)

 .PHONY: install-toolchain
 install-toolchain: install-go-tools-local install-protoc-local
@ -110,21 +118,31 @@ gen-proto: k8s-proto api-proto ui-proto

 # generates the .proto files affected by changes to types.go
 .PHONY: k8s-proto
-k8s-proto: go-mod-vendor $(TYPES) ## generate kubernetes protobuf files
-	PATH=${DIST_DIR}:$$PATH go-to-protobuf \
+k8s-proto: go-mod-vendor install-protoc-local install-go-tools-local $(TYPES) ## generate kubernetes protobuf files
+	mkdir -p ${PKG}
+	cp -f $(CURDIR)/pkg/apis/rollouts/v1alpha1/*.* ${PKG}/
+	PATH=${DIST_DIR}:$$PATH GOPATH=${GOPATH} go-to-protobuf \
 		--go-header-file=./hack/custom-boilerplate.go.txt \
-		--packages=github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1 \
+		--packages=${PKG} \
 		--apimachinery-packages=${APIMACHINERY_PKGS} \
-		--proto-import $(CURDIR)/vendor \
-		--proto-import=${DIST_DIR}/protoc-include
+		--proto-import=${CURDIR}/vendor \
+		--proto-import=${GOPATH}/src \
+		--proto-import=${DIST_DIR}/protoc-include 
 	touch pkg/apis/rollouts/v1alpha1/generated.proto
-	cp -R ${GOPATH}/src/github.com/argoproj/argo-rollouts/pkg . | true
-
+	cp -Rf $(CURDIR)/github.com/argoproj/argo-rollouts/pkg . | true
+	# cleaning up
+	rm -Rf $(CURDIR)/github.com/
+	rm -Rf $(CURDIR)/k8s.io/

 # generates *.pb.go, *.pb.gw.go, swagger from .proto files
 .PHONY: api-proto
 api-proto: go-mod-vendor k8s-proto ## generate api protobuf files
+	mkdir -p ${PKG}
+	cp -f $(CURDIR)/pkg/apis/rollouts/v1alpha1/generated.proto ${PKG}
 	$(call protoc,pkg/apiclient/rollout/rollout.proto)
+	cp -Rf $(CURDIR)/github.com/argoproj/argo-rollouts/pkg . | true
+	# cleaning up
+	rm -Rf $(CURDIR)/github.com/

 # generates ui related proto files
 .PHONY: ui-proto
@ -138,22 +156,26 @@ gen-k8scodegen: go-mod-vendor ## generate kubernetes codegen files

 # generates ./manifests/crds/
 .PHONY: gen-crd
-gen-crd: install-go-tools-local ## generate crd manifests
-	go run ./hack/gen-crd-spec/main.go
+gen-crd: go-mod-vendor install-go-tools-local ## generate crd manifests
+	go run -mod=mod ./hack/gen-crd-spec/main.go

 # generates mock files from interfaces
 .PHONY: gen-mocks
 gen-mocks: install-go-tools-local ## generate mock files
 	./hack/update-mocks.sh

+gen-mocks-fast:
+	./hack/update-mocks.sh
+
 # generates openapi_generated.go
 .PHONY: gen-openapi
-gen-openapi: $(DIST_DIR)/openapi-gen ## generate openapi files
-	PATH=${DIST_DIR}:$$PATH openapi-gen \
+gen-openapi: install-go-tools-local $(DIST_DIR)/openapi-gen ## generate openapi files
+	PATH=${DIST_DIR}:$$PATH GOPATH=${GOPATH} openapi-gen ${CURRENT_DIR}/pkg/apis/rollouts/v1alpha1 \
 		--go-header-file ${CURRENT_DIR}/hack/custom-boilerplate.go.txt \
-		--input-dirs github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1 \
-		--output-package github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1 \
-		--report-filename pkg/apis/api-rules/violation_exceptions.list
+		--output-pkg github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1 \
+		--output-dir ${CURRENT_DIR}/pkg/apis/rollouts/v1alpha1 \
+		--output-file openapi_generated.go \
+		--report-filename ${CURRENT_DIR}/pkg/apis/api-rules/violation_exceptions.list

 ##@ Plugins

@ -197,10 +219,11 @@ builder-image: ## build builder image
 .PHONY: image
 image:
 ifeq ($(DEV_IMAGE), true)
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/step-plugin-e2e-linux-amd64 ./test/cmd/step-plugin-e2e
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/rollouts-controller-linux-amd64 ./cmd/rollouts-controller
-	DOCKER_BUILDKIT=1 docker build -t $(IMAGE_PREFIX)argo-rollouts:$(IMAGE_TAG) -f Dockerfile.dev ${DIST_DIR}
+	DOCKER_BUILDKIT=1 docker build --platform=$(TARGET_ARCH) -t $(IMAGE_PREFIX)argo-rollouts:$(IMAGE_TAG) -f Dockerfile.dev ${DIST_DIR}
 else
-	DOCKER_BUILDKIT=1 docker build -t $(IMAGE_PREFIX)argo-rollouts:$(IMAGE_TAG)  .
+	DOCKER_BUILDKIT=1 docker build --platform=$(TARGET_ARCH) -t $(IMAGE_PREFIX)argo-rollouts:$(IMAGE_TAG)  .
 endif
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argo-rollouts:$(IMAGE_TAG) ; fi

@ -209,15 +232,19 @@ endif
 # https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.html
 .PHONY: build-sample-metric-plugin-debug
 build-sample-metric-plugin-debug: ## build sample metric plugin with debug info
-	go build -gcflags="all=-N -l" -o metric-plugin test/cmd/metrics-plugin-sample/main.go
+	go build -gcflags="all=-N -l" -o plugin-bin/metric-plugin test/cmd/metrics-plugin-sample/main.go

 .PHONY: build-sample-traffic-plugin-debug
 build-sample-traffic-plugin-debug: ## build sample traffic plugin with debug info
-	go build -gcflags="all=-N -l" -o traffic-plugin test/cmd/trafficrouter-plugin-sample/main.go
+	go build -gcflags="all=-N -l" -o plugin-bin/traffic-plugin test/cmd/trafficrouter-plugin-sample/main.go
+
+.PHONY: build-sample-step-plugin-debug
+build-sample-step-plugin-debug: ## build sample traffic plugin with debug info
+	go build -gcflags="all=-N -l" -o plugin-bin/step-plugin test/cmd/step-plugin-sample/main.go

 .PHONY: plugin-image
 plugin-image: ## build plugin image
-	DOCKER_BUILDKIT=1 docker build --target kubectl-argo-rollouts -t $(IMAGE_PREFIX)kubectl-argo-rollouts:$(IMAGE_TAG) .
+	DOCKER_BUILDKIT=1 docker build --platform=$(TARGET_ARCH) --target kubectl-argo-rollouts -t $(IMAGE_PREFIX)kubectl-argo-rollouts:$(IMAGE_TAG) .
 	if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)kubectl-argo-rollouts:$(IMAGE_TAG) ; fi

 ##@ Test
@ -230,17 +257,25 @@ test: test-kustomize ## run all tests
 test-kustomize: ## run kustomize tests
 	./test/kustomize/test.sh

+setup-e2e:
+	@kubectl apply --context='${E2E_K8S_CONTEXT}' -f manifests/crds/rollout-crd.yaml
+	@kubectl apply --context='${E2E_K8S_CONTEXT}' -n argo-rollouts -f test/e2e/step-plugin/argo-rollouts-config.yaml
+	@rm -rf plugin-bin
+	@go build -gcflags="all=-N -l" -o plugin-bin/e2e-step-plugin test/cmd/step-plugin-e2e/main.go
+
 .PHONY: start-e2e
 start-e2e: ## start e2e test environment
-	go run ./cmd/rollouts-controller/main.go --instance-id ${E2E_INSTANCE_ID} --loglevel debug --kloglevel 6
+	mkdir -p coverage-output-e2e
+	GOCOVERDIR=coverage-output-e2e go run -cover ./cmd/rollouts-controller/main.go --instance-id ${E2E_INSTANCE_ID} --loglevel debug --kloglevel 6

 .PHONY: test-e2e
 test-e2e: install-devtools-local
-	${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=junit.xml --format=testname --packages="./test/e2e" --rerun-fails=5 -- -timeout 60m -count 1 --tags e2e -p ${E2E_PARALLEL} -parallel ${E2E_PARALLEL} -v --short ./test/e2e ${E2E_TEST_OPTIONS}
+	${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=junit-e2e-test.xml --format=testname --packages="./test/e2e" --rerun-fails=5 -- -timeout 60m -count 1 --tags e2e -p ${E2E_PARALLEL} -parallel ${E2E_PARALLEL} -v --short ./test/e2e ${E2E_TEST_OPTIONS}

 .PHONY: test-unit
 test-unit: install-devtools-local ## run unit tests
-	${DIST_DIR}/gotestsum --junitfile=junit.xml --format=testname -- -covermode=count -coverprofile=coverage.out `go list ./... | grep -v ./test/cmd/metrics-plugin-sample`
+	mkdir -p coverage-output-unit
+	${DIST_DIR}/gotestsum --junitfile=junit-unit-test.xml --format=testname -- `go list ./... | grep -v ./test/cmd/metrics-plugin-sample` -cover -test.gocoverdir=$(CURDIR)/coverage-output-unit


 .PHONY: coverage
@ -256,6 +291,8 @@ manifests: ## generate manifests e.g. CRD, RBAC etc.
 clean: ## clean up build artifacts
 	-rm -rf ${CURRENT_DIR}/dist
 	-rm -rf ${CURRENT_DIR}/ui/dist
+	-rm -Rf ${CURRENT_DIR}/github.com/
+	-rm -Rf ${CURRENT_DIR}/k8s.io/

 .PHONY: precheckin
 precheckin: test lint
@ -268,8 +305,8 @@ serve-docs: docs ## serve docs locally
 	docker run --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8000

 .PHONY: docs
-docs: ## build docs
-	go run ./hack/gen-docs/main.go
+docs: go-mod-vendor install-go-tools-local ## build docs
+	go run -mod=mod ./hack/gen-docs/main.go

 ##@ Release

--- a/README.md
+++ b/README.md
@ -4,6 +4,7 @@
 [![codecov](https://codecov.io/gh/argoproj/argo-rollouts/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-rollouts)
 [![slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/3834/badge)](https://bestpractices.coreinfrastructure.org/projects/3834)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-rollouts/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-rollouts)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/argo-rollouts)](https://artifacthub.io/packages/helm/argo/argo-rollouts)

 ## What is Argo Rollouts?
@ -48,20 +49,24 @@ For these reasons, in large scale high-volume production environments, a rolling
 * Metric provider integration: Prometheus, Wavefront, Kayenta, Web, Kubernetes Jobs, Datadog, New Relic, InfluxDB

 ## Supported Traffic Shaping Integrations
-| Traffic Shaping Integration       | SetWeight                    | SetWeightExperiments        | SetMirror                  | SetHeader                  |
-|-----------------------------------|------------------------------|-----------------------------|----------------------------|----------------------------|
-| ALB Ingress Controller            | :white_check_mark: (stable)  | :white_check_mark: (stable) | :x:                        | :white_check_mark: (alpha) |
-| Ambassador                        | :white_check_mark: (stable)  | :x:                         | :x:                        | :x:                        |
-| Apache APISIX Ingress Controller  | :white_check_mark: (alpha)   | :x:                         | :x:                        | :white_check_mark: (alpha)                        |
-| Istio                             | :white_check_mark: (stable)  | :white_check_mark: (stable) | :white_check_mark: (alpha) | :white_check_mark: (alpha) |
-| Nginx Ingress Controller          | :white_check_mark: (stable)  | :x:                         | :x:                        | :x:                        |
-| SMI                               | :white_check_mark: (stable)  | :white_check_mark: (stable) | :x:                        | :x:                        |
-| Traefik                           | :white_check_mark: (beta)    | :x:                         | :x:                        | :x:                        |
+| Traffic Shaping Integration       | SetWeight                    | SetWeightExperiments        | SetMirror                  | SetHeader                  | Implemented As Plugin       |
+|-----------------------------------|------------------------------|-----------------------------|----------------------------|----------------------------|-----------------------------|
+| ALB Ingress Controller            | :white_check_mark: (stable)  | :white_check_mark: (stable) | :x:                        | :white_check_mark: (alpha) |                             |
+| Ambassador                        | :white_check_mark: (stable)  | :x:                         | :x:                        | :x:                        |                             |
+| Apache APISIX Ingress Controller  | :white_check_mark: (alpha)   | :x:                         | :x:                        | :white_check_mark: (alpha) |                             |
+| Istio                             | :white_check_mark: (stable)  | :white_check_mark: (stable) | :white_check_mark: (alpha) | :white_check_mark: (alpha) |                             |
+| Nginx Ingress Controller          | :white_check_mark: (stable)  | :x:                         | :x:                        | :x:                        |                             |
+| SMI                               | :white_check_mark: (stable)  | :white_check_mark: (stable) | :x:                        | :x:                        |                             |
+| Traefik                           | :white_check_mark: (beta)    | :x:                         | :x:                        | :x:                        |                             |
+| Contour                           | :white_check_mark: (beta)    | :x:                         | :x:                        | :x:                        | :heavy_check_mark:          |
+| Gateway API                       | :white_check_mark: (alpha)   | :x:                         | :x:                        | :x:                        | :heavy_check_mark:          |

 :white_check_mark: = Supported

 :x: = Not Supported

+:heavy_check_mark: = Yes
+
 ## Documentation

 To learn more about Argo Rollouts go to the [complete documentation](https://argo-rollouts.readthedocs.io/en/stable/).
@ -96,3 +101,6 @@ You can reach the Argo Rollouts community and developers via the following chann
 * [How Scalable is Argo-Rollouts: A Cloud Operator’s Perspective](https://www.youtube.com/watch?v=rCEhxJ2NSTI)
 * [Minimize Impact in Kubernetes Using Argo Rollouts](https://medium.com/@arielsimhon/minimize-impact-in-kubernetes-using-argo-rollouts-992fb9519969)
 * [Progressive Application Delivery with GitOps on Red Hat OpenShift](https://www.youtube.com/watch?v=DfeL7cdTx4c)
+* [Progressive delivery for Kubernetes Config Maps using Argo Rollouts](https://codefresh.io/blog/progressive-delivery-for-kubernetes-config-maps-using-argo-rollouts/)
+* [Multi-Service Progressive Delivery with Argo Rollouts](https://codefresh.io/blog/multi-service-progressive-delivery-with-argo-rollouts/)
+* [Progressive Delivery for Stateful Services Using Argo Rollouts](https://codefresh.io/blog/progressive-delivery-for-stateful-services-using-argo-rollouts/)
--- a/USERS.md
+++ b/USERS.md
@ -1,26 +1,42 @@
 ## Who uses Argo Rollouts?
+
 Organizations below are **officially** using Argo Rollouts. Please send a PR with your organization name if you are using Argo Rollouts.

+1. [7shifts](https://www.7shifts.com)
+1. [Ada](https://www.ada.cx)
 1. [ADP](https://www.adp.com)
 1. [Akuity](https://akuity.io/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
+1. [Amadeus IT Group](https://amadeus.com/)
 1. [Ambassador Labs](https://www.getambassador.io)
 1. [Ant Group](https://www.antgroup.com/)
+1. [AppsFlyer](https://www.appsflyer.com/)
+1. [Batumbu](https://batumbu.id/)
 1. [Bucketplace](https://www.bucketplace.co.kr/)
 1. [BukuKas](https://bukukas.co.id/)
 1. [Calm](https://www.calm.com/)
+1. [CarGurus](https://www.cargurus.com/)
+1. [CircleCI](https://circleci.com/)
+1. [Cloudflare](https://cloudflare.com/)
 1. [Codefresh](https://codefresh.io/)
 1. [Credit Karma](https://creditkarma.com/)
 1. [DaoCloud](https://daocloud.io)
 1. [Databricks](https://github.com/databricks)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
+1. [Doubble](https://www.doubble.app)
+1. [Factorial](https://factorialhr.com)
 1. [Farfetch](https://www.farfetch.com/)
 1. [Flipkart](https://flipkart.com)
 1. [GetYourGuide](https://www.getyourguide.com)
 1. [Gllue](https://gllue.com)
+1. [Groww](https://groww.in/)
+1. [HashiCorp](https://www.hashicorp.com/)
+1. [Hepsiburada](https://hepsiburada.com/)
 1. [Ibotta](https://home.ibotta.com/)
 1. [Intuit](https://www.intuit.com/)
+1. [Microsoft](https://microsoft.com/)
 1. [New Relic](https://newrelic.com/)
+1. [Nextdoor](https://nextdoor.com)
 1. [Nitro](https://www.gonitro.com)
 1. [Nozzle](https://nozzle.io)
 1. [Opensurvey Inc.](https://opensurvey.co.kr)
@ -31,18 +47,32 @@ Organizations below are **officially** using Argo Rollouts. Please send a PR wit
 1. [PagerDuty](https://www.pagerduty.com/)
 1. [PayPal](https://www.paypal.com/)
 1. [PayPay](https://paypay.ne.jp/)
+1. [Plaid](https://plaid.com/)
+1. [Priceline](https://priceline.com)
 1. [Productboard](https://www.productboard.com)
 1. [Quipper](https://www.quipper.com/)
 1. [Quizlet](https://quizlet.com)
+1. [Red Hat](https://www.redhat.com/)
 1. [Salesforce](https://www.salesforce.com/)
 1. [SAP Concur](https://www.concur.com/)
+1. [Schneider Electric](https://www.se.com)
 1. [Shipt](https://www.shipt.com/)
 1. [Skillz](https://www.skillz.com)
 1. [Spotify](https://www.spotify.com/)
+1. [suXess-it](https://www.suxess-it.com/)
 1. [Synamedia](https://www.synamedia.com)
+1. [StormForge](https://www.stormforge.io)
+1. [Taboola](https://www.taboola.com)
+1. [TBC Bank](https://tbcbank.ge/)
+1. [Trustly](https://www.trustly.com/)
 1. [Tuhu](https://www.tuhu.cn/)
 1. [Twilio SendGrid](https://sendgrid.com)
 1. [Ubie](https://ubie.life/)
+1. [Verkada](https://verkada.com)
 1. [VISITS Technologies](https://visits.world/en)
+1. [WeLab Bank](https://www.welab.bank/)
+1. [Wolt](https://wolt.com/)
 1. [Yotpo](https://www.yotpo.com/)
+1. [Yuno](https://y.uno/)
 1. [VGS](https://www.vgs.io)
+1. [X3M ads](https://x3mads.com)
--- a/analysis/analysis.go
+++ b/analysis/analysis.go
@ -9,8 +9,9 @@ import (

 	log "github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"

 	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	analysisutil "github.com/argoproj/argo-rollouts/utils/analysis"
@ -40,10 +41,15 @@ type metricTask struct {
 }

 func (c *Controller) reconcileAnalysisRun(origRun *v1alpha1.AnalysisRun) *v1alpha1.AnalysisRun {
+	logger := logutil.WithAnalysisRun(origRun)
 	if origRun.Status.Phase.Completed() {
+		err := c.maybeGarbageCollectAnalysisRun(origRun, logger)
+		if err != nil {
+			// TODO(jessesuen): surface errors to controller so they can be retried
+			logger.Warnf("Failed to garbage collect analysis run: %v", err)
+		}
 		return origRun
 	}
-	logger := logutil.WithAnalysisRun(origRun)
 	run := origRun.DeepCopy()

 	if run.Status.MetricResults == nil {
@ -108,6 +114,10 @@ func (c *Controller) reconcileAnalysisRun(origRun *v1alpha1.AnalysisRun) *v1alph
 		run.Status.Message = newMessage
 		if newStatus.Completed() {
 			c.recordAnalysisRunCompletionEvent(run)
+			if run.Status.CompletedAt == nil {
+				now := timeutil.MetaNow()
+				run.Status.CompletedAt = &now
+			}
 		}
 	}

@ -135,7 +145,7 @@ func getResolvedMetricsWithoutSecrets(metrics []v1alpha1.Metric, args []v1alpha1
 		newArg := arg.DeepCopy()
 		if newArg.ValueFrom != nil && newArg.ValueFrom.SecretKeyRef != nil {
 			newArg.ValueFrom = nil
-			newArg.Value = pointer.StringPtr("temp-for-secret")
+			newArg.Value = ptr.To[string]("temp-for-secret")
 		}
 		newArgs = append(newArgs, *newArg)
 	}
@ -322,7 +332,7 @@ func (c *Controller) runMeasurements(run *v1alpha1.AnalysisRun, tasks []metricTa
 			logger := logutil.WithRedactor(*logutil.WithAnalysisRun(run).WithField("metric", t.metric.Name), secrets)

 			var newMeasurement v1alpha1.Measurement
-			provider, providerErr := c.newProvider(*logger, t.metric)
+			provider, providerErr := c.newProvider(*logger, run.Namespace, t.metric)
 			if providerErr != nil {
 				log.Errorf("Error in getting metric provider :%v", providerErr)
 				if t.incompleteMeasurement != nil {
@ -377,17 +387,21 @@ func (c *Controller) runMeasurements(run *v1alpha1.AnalysisRun, tasks []metricTa
 					metricResult.Successful++
 					metricResult.Count++
 					metricResult.ConsecutiveError = 0
+					metricResult.ConsecutiveSuccess++
 				case v1alpha1.AnalysisPhaseFailed:
 					metricResult.Failed++
 					metricResult.Count++
 					metricResult.ConsecutiveError = 0
+					metricResult.ConsecutiveSuccess = 0
 				case v1alpha1.AnalysisPhaseInconclusive:
 					metricResult.Inconclusive++
 					metricResult.Count++
 					metricResult.ConsecutiveError = 0
+					metricResult.ConsecutiveSuccess = 0
 				case v1alpha1.AnalysisPhaseError:
 					metricResult.Error++
 					metricResult.ConsecutiveError++
+					metricResult.ConsecutiveSuccess = 0
 					logger.Warnf("Measurement had error: %s", newMeasurement.Message)
 				}
 			}
@ -589,11 +603,47 @@ func assessMetricStatus(metric v1alpha1.Metric, result v1alpha1.MetricResult, te
 		return phaseFailureInconclusiveOrError
 	}

+	// Check if consecutiveSuccessLimit is applicable and was reached.
+	if metric.ConsecutiveSuccessLimit != nil && metric.ConsecutiveSuccessLimit.IntValue() > 0 && result.ConsecutiveSuccess >= int32(metric.ConsecutiveSuccessLimit.IntValue()) {
+		logger.Infof("Metric Assessment Result - %s: ConsecutiveSuccessLimit (%s) Reached", v1alpha1.AnalysisPhaseSuccessful, metric.ConsecutiveSuccessLimit.String())
+		return v1alpha1.AnalysisPhaseSuccessful
+	}
+
 	// If a count was specified, and we reached that count, then metric is considered Successful.
 	// The Error, Failed, Inconclusive counters are ignored because those checks have already been
 	// taken into consideration above, and we do not want to fail if failures < failureLimit.
 	effectiveCount := metric.EffectiveCount()
 	if effectiveCount != nil && result.Count >= int32(effectiveCount.IntValue()) {
+
+		failureApplicable := (metric.FailureLimit != nil && metric.FailureLimit.IntValue() >= 0) || metric.FailureLimit == nil
+		successApplicable := metric.ConsecutiveSuccessLimit != nil && metric.ConsecutiveSuccessLimit.IntValue() > 0
+
+		if failureApplicable && successApplicable {
+
+			// failureLimit was checked above and not reached.
+			// consecutiveSuccessLimit was checked above and not reached.
+
+			failureLimit := "0"
+			if metric.FailureLimit != nil {
+				failureLimit = metric.FailureLimit.String()
+			}
+
+			logger.Infof("Metric Assessment Result - %s: ConsecutiveSuccessLimit (%s) Not Reached and FailureLimit (%s) Not Violated", v1alpha1.AnalysisPhaseInconclusive, metric.ConsecutiveSuccessLimit.String(), failureLimit)
+			return v1alpha1.AnalysisPhaseInconclusive
+
+		} else if successApplicable {
+
+			logger.Infof("Metric Assessment Result - %s: ConsecutiveSuccessLimit (%s) Not Reached", v1alpha1.AnalysisPhaseFailed, metric.ConsecutiveSuccessLimit.String())
+			return v1alpha1.AnalysisPhaseFailed
+
+		} else if failureApplicable {
+			// failureLimit was not reached in assessMetricFailureInconclusiveOrError above.
+			// AnalysisPhaseSuccessful below.
+		} else {
+			// This cannot happen, since one of failureLimit or consecutiveSuccessLimit will be applicable
+			// We validate that failureLimit >= 0 when consecutiveSuccessLimit == 0
+		}
+
 		logger.Infof("Metric Assessment Result - %s: Count (%s) Reached", v1alpha1.AnalysisPhaseSuccessful, effectiveCount.String())
 		return v1alpha1.AnalysisPhaseSuccessful
 	}
@ -613,7 +663,8 @@ func assessMetricFailureInconclusiveOrError(metric v1alpha1.Metric, result v1alp
 	if metric.FailureLimit != nil {
 		failureLimit = int32(metric.FailureLimit.IntValue())
 	}
-	if result.Failed > failureLimit {
+	// If failureLimit is negative, that means it isn't applicable.
+	if failureLimit >= 0 && result.Failed > failureLimit {
 		phase = v1alpha1.AnalysisPhaseFailed
 		message = fmt.Sprintf("failed (%d) > failureLimit (%d)", result.Failed, failureLimit)
 	}
@ -734,7 +785,7 @@ func (c *Controller) garbageCollectMeasurements(run *v1alpha1.AnalysisRun, measu
 				continue
 			}
 			logger := logutil.WithAnalysisRun(run).WithField("metric", metric.Name)
-			provider, err := c.newProvider(*logger, metric)
+			provider, err := c.newProvider(*logger, run.Namespace, metric)
 			if err != nil {
 				errors = append(errors, err)
 				continue
@ -752,3 +803,40 @@ func (c *Controller) garbageCollectMeasurements(run *v1alpha1.AnalysisRun, measu
 	}
 	return nil
 }
+
+func (c *Controller) maybeGarbageCollectAnalysisRun(run *v1alpha1.AnalysisRun, logger *log.Entry) error {
+	ctx := context.TODO()
+	if run.DeletionTimestamp != nil || !isAnalysisRunTtlExceeded(run) {
+		return nil
+	}
+	logger.Infof("Trying to cleanup TTL exceeded analysis run")
+	err := c.argoProjClientset.ArgoprojV1alpha1().AnalysisRuns(run.Namespace).Delete(ctx, run.Name, metav1.DeleteOptions{})
+	if err != nil && !k8serrors.IsNotFound(err) {
+		return err
+	}
+	return nil
+}
+
+func isAnalysisRunTtlExceeded(run *v1alpha1.AnalysisRun) bool {
+	// TTL only counted for completed runs with TTL strategy.
+	if !run.Status.Phase.Completed() || run.Spec.TTLStrategy == nil {
+		return false
+	}
+	// Cannot determine TTL if run has no completion time.
+	if run.Status.CompletedAt == nil {
+		return false
+	}
+	secondsCompleted := timeutil.MetaNow().Sub(run.Status.CompletedAt.Time).Seconds()
+	var ttlSeconds *int32
+	if run.Status.Phase == v1alpha1.AnalysisPhaseSuccessful && run.Spec.TTLStrategy.SecondsAfterSuccess != nil {
+		ttlSeconds = run.Spec.TTLStrategy.SecondsAfterSuccess
+	} else if run.Status.Phase == v1alpha1.AnalysisPhaseFailed && run.Spec.TTLStrategy.SecondsAfterFailure != nil {
+		ttlSeconds = run.Spec.TTLStrategy.SecondsAfterFailure
+	} else if run.Spec.TTLStrategy.SecondsAfterCompletion != nil {
+		ttlSeconds = run.Spec.TTLStrategy.SecondsAfterCompletion
+	}
+	if ttlSeconds == nil {
+		return false
+	}
+	return int32(secondsCompleted) > *ttlSeconds
+}
--- a/analysis/analysis_test.go
+++ b/analysis/analysis_test.go
@ -3,6 +3,7 @@ package analysis
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 	"testing"
@ -14,12 +15,18 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	k8sschema "k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"k8s.io/utils/pointer"
+	"k8s.io/apimachinery/pkg/util/uuid"
+	k8stesting "k8s.io/client-go/testing"
+	"k8s.io/utils/ptr"

 	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	"github.com/argoproj/argo-rollouts/utils/defaults"
+	logutil "github.com/argoproj/argo-rollouts/utils/log"
 )

 func timePtr(t metav1.Time) *metav1.Time {
@ -587,6 +594,208 @@ func TestAssessMetricStatusFailureLimit(t *testing.T) { // max failures
 	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
 }

+func TestAssessMetricStatusConsecutiveSuccessLimit(t *testing.T) {
+	failureLimit := intstr.FromInt(-1)
+	consecutiveSuccessLimit := intstr.FromInt(3)
+	metric := v1alpha1.Metric{
+		Name:                    "success-rate",
+		ConsecutiveSuccessLimit: &consecutiveSuccessLimit,
+		FailureLimit:            &failureLimit,
+		Interval:                "60s",
+	}
+	result := v1alpha1.MetricResult{
+		Failed:             3,
+		Successful:         4,
+		ConsecutiveSuccess: 3,
+		Count:              7,
+		Measurements: []v1alpha1.Measurement{{
+			Value:      "99",
+			Phase:      v1alpha1.AnalysisPhaseFailed,
+			StartedAt:  timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+			FinishedAt: timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+		}},
+	}
+
+	/////////////////////////////////////////////////////////////////////////
+	// For indefinite analysis (count is not set)
+
+	// When ConsecutiveSuccess == ConsecutiveSuccessLimit
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	// When ConsecutiveSuccess < ConsecutiveSuccessLimit
+	consecutiveSuccessLimit = intstr.FromInt(5)
+	metric.ConsecutiveSuccessLimit = &consecutiveSuccessLimit
+	assert.Equal(t, v1alpha1.AnalysisPhaseRunning, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	/////////////////////////////////////////////////////////////////////////
+	// For limited analysis (count is >= 1)
+
+	/// When metric.Count is reached
+	metricCount := intstr.FromInt(7)
+	metric.Count = &metricCount
+
+	//// ConsecutiveSuccess=3 < ConsecutiveSuccessLimit=5
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	//// ConsecutiveSuccess = ConsecutiveSuccessLimit = 3
+	consecutiveSuccessLimit = intstr.FromInt(3)
+	metric.ConsecutiveSuccessLimit = &consecutiveSuccessLimit
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	/// When metric.Count is not reached
+	metricCount = intstr.FromInt(9)
+	metric.Count = &metricCount
+
+	//// ConsecutiveSuccess = ConsecutiveSuccessLimit = 3
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	//// ConsecutiveSuccess=3 < ConsecutiveSuccessLimit=5
+	consecutiveSuccessLimit = intstr.FromInt(5)
+	metric.ConsecutiveSuccessLimit = &consecutiveSuccessLimit
+	assert.Equal(t, v1alpha1.AnalysisPhaseRunning, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+}
+
+func TestAssessMetricStatusFailureLimitAndConsecutiveSuccessLimit(t *testing.T) {
+	failureLimit := intstr.FromInt(4)
+	consecutiveSuccessLimit := intstr.FromInt(4)
+	metric := v1alpha1.Metric{
+		Name:                    "success-rate",
+		ConsecutiveSuccessLimit: &consecutiveSuccessLimit,
+		FailureLimit:            &failureLimit,
+		Interval:                "60s",
+	}
+	result := v1alpha1.MetricResult{
+		Failed:             3,
+		Successful:         4,
+		ConsecutiveSuccess: 3,
+		Count:              7,
+		Measurements: []v1alpha1.Measurement{{
+			Value:      "99",
+			Phase:      v1alpha1.AnalysisPhaseFailed,
+			StartedAt:  timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+			FinishedAt: timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+		}},
+	}
+
+	/////////////////////////////////////////////////////////////////////////
+	// For indefinite analysis (count is not set)
+
+	// FailureLimit is not violated and consecutiveSuccessLimit not yet satisfied.
+	assert.Equal(t, v1alpha1.AnalysisPhaseRunning, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	// FailureLimit is violated and consecutiveSuccessLimit is not yet satisfied.
+	result.Failed = 5
+	result.Successful = 9
+	result.Count = 9
+	result.ConsecutiveSuccess = 0
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	// FailureLimit is not violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 3
+	result.Successful = 5
+	result.Count = 8
+	result.ConsecutiveSuccess = 4
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	// FailureLimit is violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 5
+	result.Successful = 5
+	result.Count = 10
+	result.ConsecutiveSuccess = 4
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	/////////////////////////////////////////////////////////////////////////
+	// For limited analysis (count is >= 1)
+	metricCount := intstr.FromInt(10)
+	metric.Count = &metricCount
+
+	/// When metric.Count is reached
+
+	//// FailureLimit is not violated and consecutiveSuccessLimit not yet satisfied.
+	result.Failed = 4
+	result.Successful = 6
+	result.Count = 10
+	result.ConsecutiveSuccess = 3
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseInconclusive, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseInconclusive, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is violated and consecutiveSuccessLimit is not yet satisfied.
+	result.Failed = 5
+	result.Successful = 5
+	result.Count = 10
+	result.ConsecutiveSuccess = 3
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is not violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 4
+	result.Successful = 6
+	result.Count = 10
+	result.ConsecutiveSuccess = 4
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 5
+	result.Successful = 5
+	result.Count = 10
+	result.ConsecutiveSuccess = 4
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	/// When metric.Count is not yet reached
+
+	//// FailureLimit is not violated and consecutiveSuccessLimit not yet satisfied.
+	result.Failed = 3
+	result.Successful = 5
+	result.Count = 8
+	result.ConsecutiveSuccess = 3
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseRunning, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is violated and consecutiveSuccessLimit is not yet satisfied.
+	result.Failed = 5
+	result.Successful = 3
+	result.Count = 8
+	result.ConsecutiveSuccess = 3
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is not violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 3
+	result.Successful = 5
+	result.Count = 8
+	result.ConsecutiveSuccess = 4
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, assessMetricStatus(metric, result, true))
+
+	//// FailureLimit is violated and consecutiveSuccessLimit is satisfied.
+	result.Failed = 5
+	result.Successful = 4
+	result.Count = 9
+	result.ConsecutiveSuccess = 4
+
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, false))
+	assert.Equal(t, v1alpha1.AnalysisPhaseFailed, assessMetricStatus(metric, result, true))
+}
+
 func TestAssessMetricStatusInconclusiveLimit(t *testing.T) {
 	inconclusiveLimit := intstr.FromInt(2)
 	metric := v1alpha1.Metric{
@ -1106,7 +1315,7 @@ func TestGarbageCollectArgResolution(t *testing.T) {
 	defer f.Close()
 	c, _, _ := f.newController(noResyncPeriodFunc)

-	c.newProvider = func(logCtx log.Entry, metric v1alpha1.Metric) (metric.Provider, error) {
+	c.newProvider = func(logCtx log.Entry, namespace string, metric v1alpha1.Metric) (metric.Provider, error) {
 		assert.Equal(t, "https://prometheus.kubeaddons:8080", metric.Provider.Prometheus.Address)
 		return f.provider, nil
 	}
@ -1184,7 +1393,7 @@ func TestGarbageCollectArgResolution(t *testing.T) {
 	}
 	run.Spec.Args = append(run.Spec.Args, v1alpha1.Argument{
 		Name:  "port",
-		Value: pointer.String("8080"),
+		Value: ptr.To[string]("8080"),
 	})
 	var measurementRetentionMetricsMap = map[string]*v1alpha1.MeasurementRetention{}
 	measurementRetentionMetricsMap["metric2"] = &v1alpha1.MeasurementRetention{MetricName: "metric2", Limit: 2}
@ -1862,7 +2071,7 @@ func StartTerminatingAnalysisRun(t *testing.T, isDryRun bool) *v1alpha1.Analysis
 			Args: []v1alpha1.Argument{
 				{
 					Name:  "service",
-					Value: pointer.StringPtr("rollouts-demo-canary.default.svc.cluster.local"),
+					Value: ptr.To[string]("rollouts-demo-canary.default.svc.cluster.local"),
 				},
 			},
 			Metrics: []v1alpha1.Metric{{
@ -1921,7 +2130,7 @@ func TestInvalidDryRunConfigThrowsError(t *testing.T) {
 			Args: []v1alpha1.Argument{
 				{
 					Name:  "service",
-					Value: pointer.StringPtr("rollouts-demo-canary.default.svc.cluster.local"),
+					Value: ptr.To[string]("rollouts-demo-canary.default.svc.cluster.local"),
 				},
 			},
 			Metrics: []v1alpha1.Metric{{
@ -1962,7 +2171,7 @@ func TestInvalidMeasurementsRetentionConfigThrowsError(t *testing.T) {
 			Args: []v1alpha1.Argument{
 				{
 					Name:  "service",
-					Value: pointer.StringPtr("rollouts-demo-canary.default.svc.cluster.local"),
+					Value: ptr.To[string]("rollouts-demo-canary.default.svc.cluster.local"),
 				},
 			},
 			Metrics: []v1alpha1.Metric{{
@ -1985,3 +2194,412 @@ func TestInvalidMeasurementsRetentionConfigThrowsError(t *testing.T) {
 	assert.Equal(t, v1alpha1.AnalysisPhaseError, newRun.Status.Phase)
 	assert.Equal(t, "Analysis spec invalid: measurementRetention[0]: Rule didn't match any metric name(s)", newRun.Status.Message)
 }
+
+func TestExceededTtlChecked(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	testTTLStrategy := func(
+		t *testing.T,
+		ttlStrategy *v1alpha1.TTLStrategy,
+		expiredStatus *v1alpha1.AnalysisRunStatus,
+		notExpiredStatus *v1alpha1.AnalysisRunStatus) {
+		testId := string(uuid.NewUUID())
+		ttlExpiredRun := &v1alpha1.AnalysisRun{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "expired-run" + testId,
+				Namespace: metav1.NamespaceDefault,
+			},
+			Spec: v1alpha1.AnalysisRunSpec{
+				TTLStrategy: ttlStrategy,
+			},
+			Status: *expiredStatus,
+		}
+		_ = c.reconcileAnalysisRun(ttlExpiredRun)
+		if notExpiredStatus != nil {
+			ttlNotExpiredRun := &v1alpha1.AnalysisRun{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "not-expired-run" + testId,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.AnalysisRunSpec{
+					TTLStrategy: ttlStrategy,
+				},
+				Status: *notExpiredStatus,
+			}
+			_ = c.reconcileAnalysisRun(ttlNotExpiredRun)
+		}
+
+		pi := f.expectDeleteAnalysisRunAction(ttlExpiredRun)
+		assert.Equal(t, fmt.Sprintf("%s/%s", metav1.NamespaceDefault, "expired-run"+testId), f.getDeletedAnalysisRunNamespaceAndName(pi))
+		// Nothing else is deleted
+		assert.Equal(t, 1, len(filterInformerActions(f.client.Actions())))
+		// Clear actions to avoid affecting other test instances.
+		f.client.ClearActions()
+		f.actions = nil
+	}
+
+	ttlNotExpiredCompletedTime := f.now.Add(-86400 * time.Second)
+	ttlExpiredCompletedTime := ttlNotExpiredCompletedTime.Add(-1 * time.Second)
+	secondsOfOneDay := int32(86400)
+
+	// Test completed TTL.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	})
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	})
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseError,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseError,
+	})
+	// Test successful TTL.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterSuccess: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	})
+	// Test failed TTL.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterFailure: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	})
+
+	// Test success TTL does not affect failed run.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterSuccess: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	})
+	// Test failed TTL does not affect successful run.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterFailure: &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	})
+	// Test success TTL overrides completed TTL.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: ptr.To[int32](100000),
+		SecondsAfterSuccess:    &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	})
+	// Test failed TTL overrides completed TTL.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: ptr.To[int32](100000),
+		SecondsAfterFailure:    &secondsOfOneDay,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	})
+	// Test completed TTL still evaluated when non-matching overrides exist.
+	testTTLStrategy(t, &v1alpha1.TTLStrategy{
+		SecondsAfterCompletion: &secondsOfOneDay,
+		SecondsAfterFailure:    ptr.To[int32](86401),
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseSuccessful,
+	}, &v1alpha1.AnalysisRunStatus{
+		CompletedAt: timePtr(metav1.NewTime(ttlNotExpiredCompletedTime)),
+		Phase:       v1alpha1.AnalysisPhaseFailed,
+	})
+}
+
+func TestTtlNotGCInProgressAnalysisRun(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	expectedCount := intstr.FromInt(3)
+	origRun := &v1alpha1.AnalysisRun{
+		Spec: v1alpha1.AnalysisRunSpec{
+			Metrics: []v1alpha1.Metric{
+				{
+					Name:     "metric1",
+					Interval: "60s",
+					Count:    &expectedCount,
+					Provider: v1alpha1.MetricProvider{
+						Job: &v1alpha1.JobMetric{},
+					},
+				},
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase:     v1alpha1.AnalysisPhaseRunning,
+			StartedAt: timePtr(metav1.NewTime(time.Now())),
+			MetricResults: []v1alpha1.MetricResult{
+				{
+					Name:  "metric1",
+					Phase: v1alpha1.AnalysisPhaseRunning,
+					Count: 1,
+					Measurements: []v1alpha1.Measurement{{
+						Value:      "1",
+						Phase:      v1alpha1.AnalysisPhaseSuccessful,
+						StartedAt:  timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+						FinishedAt: timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+					}},
+				},
+			},
+		},
+	}
+	newRun := c.reconcileAnalysisRun(origRun)
+	assert.Equal(t, v1alpha1.AnalysisPhaseRunning, newRun.Status.Phase)
+	assert.Nil(t, newRun.Status.CompletedAt)
+	// Nothing else is deleted
+	assert.Equal(t, 0, len(filterInformerActions(f.client.Actions())))
+}
+
+func TestCompletedTimeFilled(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	expectedCount := intstr.FromInt(1)
+	origRun := &v1alpha1.AnalysisRun{
+		Spec: v1alpha1.AnalysisRunSpec{
+			Metrics: []v1alpha1.Metric{
+				{
+					Name:     "metric1",
+					Interval: "60s",
+					Count:    &expectedCount,
+					Provider: v1alpha1.MetricProvider{
+						Job: &v1alpha1.JobMetric{},
+					},
+				},
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase:     v1alpha1.AnalysisPhaseRunning,
+			StartedAt: timePtr(metav1.NewTime(time.Now())),
+			MetricResults: []v1alpha1.MetricResult{
+				{
+					Name:  "metric1",
+					Phase: v1alpha1.AnalysisPhaseSuccessful,
+					Count: 1,
+					Measurements: []v1alpha1.Measurement{{
+						Value:      "1",
+						Phase:      v1alpha1.AnalysisPhaseSuccessful,
+						StartedAt:  timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+						FinishedAt: timePtr(metav1.NewTime(time.Now().Add(-60 * time.Second))),
+					}},
+				},
+			},
+		},
+	}
+	newRun := c.reconcileAnalysisRun(origRun)
+	assert.Equal(t, v1alpha1.AnalysisPhaseSuccessful, newRun.Status.Phase)
+	assert.NotNil(t, newRun.Status.CompletedAt)
+	assert.Equal(t, f.now, newRun.Status.CompletedAt.Time)
+}
+
+func TestReconcileAnalysisRunOnRunNotFound(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+	buf := bytes.NewBufferString("")
+	log.SetOutput(buf)
+
+	// Prepend since there is a default reaction that captures it.
+	f.client.Fake.PrependReactor("delete", "analysisruns", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
+		return true, nil, k8serrors.NewNotFound(k8sschema.GroupResource{Resource: "analysisruns"}, "test")
+	})
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "run" + string(uuid.NewUUID()),
+			Namespace: metav1.NamespaceDefault,
+		},
+		Spec: v1alpha1.AnalysisRunSpec{
+			TTLStrategy: &v1alpha1.TTLStrategy{
+				SecondsAfterCompletion: ptr.To[int32](1),
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase:       v1alpha1.AnalysisPhaseSuccessful,
+			CompletedAt: timePtr(metav1.NewTime(f.now.Add(-2 * time.Second))),
+		},
+	}
+	_ = c.reconcileAnalysisRun(origRun)
+	logMessage := buf.String()
+	assert.Contains(t, logMessage, "Trying to cleanup TTL exceeded analysis run")
+	assert.NotContains(t, logMessage, "Failed to garbage collect analysis run")
+	// One deletion issued.
+	assert.Len(t, f.client.Fake.Actions(), 1)
+	assert.Equal(t, "delete", f.client.Fake.Actions()[0].GetVerb())
+	assert.Equal(t, "analysisruns", f.client.Fake.Actions()[0].GetResource().Resource)
+}
+
+func TestReconcileAnalysisRunOnOtherRunErrors(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+	buf := bytes.NewBufferString("")
+	log.SetOutput(buf)
+
+	// Prepend since there is a default reaction that captures it.
+	f.client.Fake.PrependReactor("delete", "analysisruns", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
+		return true, nil, errors.New("some error")
+	})
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "run" + string(uuid.NewUUID()),
+			Namespace: metav1.NamespaceDefault,
+		},
+		Spec: v1alpha1.AnalysisRunSpec{
+			TTLStrategy: &v1alpha1.TTLStrategy{
+				SecondsAfterCompletion: ptr.To[int32](1),
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase:       v1alpha1.AnalysisPhaseSuccessful,
+			CompletedAt: timePtr(metav1.NewTime(f.now.Add(-2 * time.Second))),
+		},
+	}
+	_ = c.reconcileAnalysisRun(origRun)
+	logMessage := buf.String()
+	assert.Contains(t, logMessage, "Failed to garbage collect analysis run")
+	// One deletion issued.
+	assert.Len(t, f.client.Fake.Actions(), 1)
+	assert.Equal(t, "delete", f.client.Fake.Actions()[0].GetVerb())
+	assert.Equal(t, "analysisruns", f.client.Fake.Actions()[0].GetResource().Resource)
+}
+
+func TestMaybeGarbageCollectAnalysisRunNoGCIfNotCompleted(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "run" + string(uuid.NewUUID()),
+			Namespace: metav1.NamespaceDefault,
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase: v1alpha1.AnalysisPhaseRunning,
+		},
+	}
+	logger := logutil.WithAnalysisRun(origRun)
+	err := c.maybeGarbageCollectAnalysisRun(origRun, logger)
+	// No error, no deletion issued.
+	assert.NoError(t, err)
+	assert.Empty(t, f.client.Fake.Actions())
+}
+
+func TestMaybeGarbageCollectAnalysisRunNoGCIfNoTTLStrategy(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "run" + string(uuid.NewUUID()),
+			Namespace: metav1.NamespaceDefault,
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase: v1alpha1.AnalysisPhaseSuccessful,
+		},
+	}
+	logger := logutil.WithAnalysisRun(origRun)
+	err := c.maybeGarbageCollectAnalysisRun(origRun, logger)
+	// No error, no deletion issued.
+	assert.NoError(t, err)
+	assert.Empty(t, f.client.Fake.Actions())
+}
+
+func TestMaybeGarbageCollectAnalysisRunNoGCIfWithDeletionTimestamp(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:              "run" + string(uuid.NewUUID()),
+			Namespace:         metav1.NamespaceDefault,
+			DeletionTimestamp: timePtr(metav1.NewTime(f.now)),
+		},
+		Spec: v1alpha1.AnalysisRunSpec{
+			TTLStrategy: &v1alpha1.TTLStrategy{
+				SecondsAfterCompletion: ptr.To[int32](1),
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase:       v1alpha1.AnalysisPhaseSuccessful,
+			CompletedAt: timePtr(metav1.NewTime(f.now.Add(-2 * time.Second))),
+		},
+	}
+	logger := logutil.WithAnalysisRun(origRun)
+	err := c.maybeGarbageCollectAnalysisRun(origRun, logger)
+	// No error, no deletion issued.
+	assert.NoError(t, err)
+	assert.Empty(t, f.client.Fake.Actions())
+}
+
+func TestMaybeGarbageCollectAnalysisRunNoGCIfNoCompletedAt(t *testing.T) {
+	f := newFixture(t)
+	defer f.Close()
+	c, _, _ := f.newController(noResyncPeriodFunc)
+
+	origRun := &v1alpha1.AnalysisRun{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "run" + string(uuid.NewUUID()),
+			Namespace: metav1.NamespaceDefault,
+		},
+		Spec: v1alpha1.AnalysisRunSpec{
+			TTLStrategy: &v1alpha1.TTLStrategy{
+				SecondsAfterCompletion: ptr.To[int32](1),
+			},
+		},
+		Status: v1alpha1.AnalysisRunStatus{
+			Phase: v1alpha1.AnalysisPhaseSuccessful,
+		},
+	}
+	logger := logutil.WithAnalysisRun(origRun)
+	err := c.maybeGarbageCollectAnalysisRun(origRun, logger)
+	// No error, no deletion issued.
+	assert.NoError(t, err)
+	assert.Empty(t, f.client.Fake.Actions())
+}
--- a/analysis/controller.go
+++ b/analysis/controller.go
@ -5,7 +5,12 @@ import (
 	"sync"
 	"time"

+	"github.com/aws/smithy-go/ptr"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+
 	"github.com/argoproj/argo-rollouts/metric"
+	jobProvider "github.com/argoproj/argo-rollouts/metricproviders/job"

 	unstructuredutil "github.com/argoproj/argo-rollouts/utils/unstructured"

@ -31,6 +36,10 @@ import (
 	timeutil "github.com/argoproj/argo-rollouts/utils/time"
 )

+var (
+	analysisRunGVK = v1alpha1.SchemeGroupVersion.WithKind("AnalysisRun")
+)
+
 // Controller is the controller implementation for Analysis resources
 type Controller struct {
 	// kubeclientset is a standard kubernetes clientset
@ -46,11 +55,11 @@ type Controller struct {

 	metricsServer *metrics.MetricsServer

-	newProvider func(logCtx log.Entry, metric v1alpha1.Metric) (metric.Provider, error)
+	newProvider func(logCtx log.Entry, namespace string, metric v1alpha1.Metric) (metric.Provider, error)

 	// used for unit testing
-	enqueueAnalysis      func(obj interface{})
-	enqueueAnalysisAfter func(obj interface{}, duration time.Duration)
+	enqueueAnalysis      func(obj any)
+	enqueueAnalysisAfter func(obj any, duration time.Duration)

 	// workqueue is a rate limited work queue. This is used to queue work to be
 	// processed instead of performing it as soon as a change happens. This
@ -91,10 +100,10 @@ func NewController(cfg ControllerConfig) *Controller {
 		resyncPeriod:         cfg.ResyncPeriod,
 	}

-	controller.enqueueAnalysis = func(obj interface{}) {
+	controller.enqueueAnalysis = func(obj any) {
 		controllerutil.Enqueue(obj, cfg.AnalysisRunWorkQueue)
 	}
-	controller.enqueueAnalysisAfter = func(obj interface{}, duration time.Duration) {
+	controller.enqueueAnalysisAfter = func(obj any, duration time.Duration) {
 		controllerutil.EnqueueAfter(obj, duration, cfg.AnalysisRunWorkQueue)
 	}

@ -105,14 +114,14 @@ func NewController(cfg ControllerConfig) *Controller {
 	controller.newProvider = providerFactory.NewProvider

 	cfg.JobInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
-		AddFunc: func(obj interface{}) {
-			controller.enqueueIfCompleted(obj)
+		AddFunc: func(obj any) {
+			controller.enqueueJobIfCompleted(obj)
 		},
-		UpdateFunc: func(oldObj, newObj interface{}) {
-			controller.enqueueIfCompleted(newObj)
+		UpdateFunc: func(oldObj, newObj any) {
+			controller.enqueueJobIfCompleted(newObj)
 		},
-		DeleteFunc: func(obj interface{}) {
-			controller.enqueueIfCompleted(obj)
+		DeleteFunc: func(obj any) {
+			controller.enqueueJobIfCompleted(obj)
 		},
 	})

@ -120,10 +129,10 @@ func NewController(cfg ControllerConfig) *Controller {
 	// Set up an event handler for when analysis resources change
 	cfg.AnalysisRunInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc: controller.enqueueAnalysis,
-		UpdateFunc: func(old, new interface{}) {
+		UpdateFunc: func(old, new any) {
 			controller.enqueueAnalysis(new)
 		},
-		DeleteFunc: func(obj interface{}) {
+		DeleteFunc: func(obj any) {
 			controller.enqueueAnalysis(obj)
 			if ar := unstructuredutil.ObjectToAnalysisRun(obj); ar != nil {
 				logCtx := logutil.WithAnalysisRun(ar)
@ -186,7 +195,35 @@ func (c *Controller) syncHandler(ctx context.Context, key string) error {
 	return c.persistAnalysisRunStatus(run, newRun.Status)
 }

-func (c *Controller) enqueueIfCompleted(obj interface{}) {
+func (c *Controller) jobParentReference(obj any) (*v1.OwnerReference, string) {
+	job, ok := obj.(*batchv1.Job)
+	if !ok {
+		return nil, ""
+	}
+	// if it has owner reference, return it as is
+	ownerRef := v1.GetControllerOf(job)
+	// else if it's missing owner reference check if analysis run uid is set and
+	// if it is there use labels/annotations to create owner reference
+	if ownerRef == nil && job.Labels[jobProvider.AnalysisRunUIDLabelKey] != "" {
+		ownerRef = &v1.OwnerReference{
+			APIVersion:         analysisRunGVK.GroupVersion().String(),
+			Kind:               analysisRunGVK.Kind,
+			Name:               job.Annotations[jobProvider.AnalysisRunNameAnnotationKey],
+			UID:                types.UID(job.Labels[jobProvider.AnalysisRunUIDLabelKey]),
+			BlockOwnerDeletion: ptr.Bool(true),
+			Controller:         ptr.Bool(true),
+		}
+	}
+	ns := job.GetNamespace()
+	if job.Annotations != nil {
+		if job.Annotations[jobProvider.AnalysisRunNamespaceAnnotationKey] != "" {
+			ns = job.Annotations[jobProvider.AnalysisRunNamespaceAnnotationKey]
+		}
+	}
+	return ownerRef, ns
+}
+
+func (c *Controller) enqueueJobIfCompleted(obj any) {
 	job, ok := obj.(*batchv1.Job)
 	if !ok {
 		return
@ -194,7 +231,7 @@ func (c *Controller) enqueueIfCompleted(obj interface{}) {
 	for _, condition := range job.Status.Conditions {
 		switch condition.Type {
 		case batchv1.JobFailed, batchv1.JobComplete:
-			controllerutil.EnqueueParentObject(job, register.AnalysisRunKind, c.enqueueAnalysis)
+			controllerutil.EnqueueParentObject(job, register.AnalysisRunKind, c.enqueueAnalysis, c.jobParentReference)
 			return
 		}
 	}
--- a/analysis/controller_test.go
+++ b/analysis/controller_test.go
@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"reflect"
+	"sync"
 	"testing"
 	"time"

@ -50,11 +51,18 @@ type fixture struct {
 	// Actions expected to happen on the client.
 	actions []core.Action
 	// Objects from here preloaded into NewSimpleFake.
-	objects         []runtime.Object
-	enqueuedObjects map[string]int
-	unfreezeTime    func() error
+	objects []runtime.Object
+
+	// Acquire 'enqueuedObjectMutex' before accessing enqueuedObjects
+	enqueuedObjects     map[string]int
+	enqueuedObjectMutex sync.Mutex
+
+	unfreezeTime func() error
 	// fake provider
 	provider *mocks.Provider
+
+	// Reference to frozen now
+	now time.Time
 }

 func newFixture(t *testing.T) *fixture {
@ -62,12 +70,12 @@ func newFixture(t *testing.T) *fixture {
 	f.t = t
 	f.objects = []runtime.Object{}
 	f.enqueuedObjects = make(map[string]int)
-	now := time.Now()
-	timeutil.Now = func() time.Time {
-		return now
-	}
+	f.now = time.Now()
+	timeutil.SetNowTimeFunc(func() time.Time {
+		return f.now
+	})
 	f.unfreezeTime = func() error {
-		timeutil.Now = time.Now
+		timeutil.SetNowTimeFunc(time.Now)
 		return nil
 	}
 	return f
@ -113,12 +121,16 @@ func (f *fixture) newController(resync resyncFunc) (*Controller, informers.Share
 		Recorder:             record.NewFakeEventRecorder(),
 	})

-	c.enqueueAnalysis = func(obj interface{}) {
+	c.enqueueAnalysis = func(obj any) {
 		var key string
 		var err error
 		if key, err = cache.MetaNamespaceKeyFunc(obj); err != nil {
 			panic(err)
 		}
+
+		f.enqueuedObjectMutex.Lock()
+		defer f.enqueuedObjectMutex.Unlock()
+
 		count, ok := f.enqueuedObjects[key]
 		if !ok {
 			count = 0
@ -127,11 +139,11 @@ func (f *fixture) newController(resync resyncFunc) (*Controller, informers.Share
 		f.enqueuedObjects[key] = count
 		c.analysisRunWorkQueue.Add(obj)
 	}
-	c.enqueueAnalysisAfter = func(obj interface{}, duration time.Duration) {
+	c.enqueueAnalysisAfter = func(obj any, duration time.Duration) {
 		c.enqueueAnalysis(obj)
 	}
 	f.provider = &mocks.Provider{}
-	c.newProvider = func(logCtx log.Entry, metric v1alpha1.Metric) (metric.Provider, error) {
+	c.newProvider = func(logCtx log.Entry, namespace string, metric v1alpha1.Metric) (metric.Provider, error) {
 		return f.provider, nil
 	}

@ -286,6 +298,22 @@ func (f *fixture) getPatchedAnalysisRun(index int) v1alpha1.AnalysisRun { //noli
 	return ar
 }

+func (f *fixture) expectDeleteAnalysisRunAction(analysisRun *v1alpha1.AnalysisRun) int { //nolint:unused
+	action := core.NewDeleteAction(schema.GroupVersionResource{Resource: "analysisrun"}, analysisRun.Namespace, analysisRun.Name)
+	len := len(f.actions)
+	f.actions = append(f.actions, action)
+	return len
+}
+
+func (f *fixture) getDeletedAnalysisRunNamespaceAndName(index int) string { //nolint:unused
+	action := filterInformerActions(f.client.Actions())[index]
+	deleteAction, ok := action.(core.DeleteAction)
+	if !ok {
+		f.t.Fatalf("Expected Patch action, not %s", action.GetVerb())
+	}
+	return fmt.Sprintf("%s/%s", deleteAction.GetNamespace(), deleteAction.GetName())
+}
+
 func TestNoReconcileForNotFoundAnalysisRun(t *testing.T) {
 	f := newFixture(t)
 	defer f.Close()
@ -342,7 +370,7 @@ func TestFailedToCreateProviderError(t *testing.T) {
 	f.objects = append(f.objects, ar)

 	c, i, k8sI := f.newController(noResyncPeriodFunc)
-	c.newProvider = func(logCtx log.Entry, metric v1alpha1.Metric) (metric.Provider, error) {
+	c.newProvider = func(logCtx log.Entry, namespace string, metric v1alpha1.Metric) (metric.Provider, error) {
 		return nil, fmt.Errorf("failed to create provider")
 	}

--- a/cmd/kubectl-argo-rollouts/main.go
+++ b/cmd/kubectl-argo-rollouts/main.go
@ -3,7 +3,6 @@ package main
 import (
 	"os"

-	logutil "github.com/argoproj/argo-rollouts/utils/log"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/azure"
@ -11,6 +10,8 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
 	"k8s.io/klog/v2"

+	logutil "github.com/argoproj/argo-rollouts/utils/log"
+
 	"github.com/argoproj/argo-rollouts/pkg/kubectl-argo-rollouts/cmd"
 	"github.com/argoproj/argo-rollouts/pkg/kubectl-argo-rollouts/options"
 )
--- a/cmd/rollouts-controller/main.go
+++ b/cmd/rollouts-controller/main.go
@ -2,12 +2,11 @@ package main

 import (
 	"fmt"
+	"net/http"
 	"os"
 	"strings"
 	"time"

-	"github.com/argoproj/argo-rollouts/utils/record"
-
 	"github.com/argoproj/pkg/kubeclientmetrics"
 	smiclientset "github.com/servicemeshinterface/smi-sdk-go/pkg/gen/client/split/clientset/versioned"
 	log "github.com/sirupsen/logrus"
@ -23,6 +22,11 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
 	"k8s.io/client-go/tools/clientcmd"

+	"github.com/argoproj/argo-rollouts/metricproviders"
+	"github.com/argoproj/argo-rollouts/rollout"
+	"github.com/argoproj/argo-rollouts/utils/errors"
+	"github.com/argoproj/argo-rollouts/utils/record"
+
 	"github.com/argoproj/argo-rollouts/controller"
 	"github.com/argoproj/argo-rollouts/controller/metrics"
 	jobprovider "github.com/argoproj/argo-rollouts/metricproviders/job"
@ -42,8 +46,12 @@ const (
 	cliName    = "argo-rollouts"
 	jsonFormat = "json"
 	textFormat = "text"
+
+	controllerAnalysis = "analysis"
 )

+var supportedControllers = map[string]bool{controllerAnalysis: true}
+
 func newCommand() *cobra.Command {
 	var (
 		clientConfig                   clientcmd.ClientConfig
@ -61,8 +69,13 @@ func newCommand() *cobra.Command {
 		analysisThreads                int
 		serviceThreads                 int
 		ingressThreads                 int
+		ephemeralMetadataThreads       int
+		targetGroupBindingVersion      string
+		albTagKeyResourceID            string
 		istioVersion                   string
 		trafficSplitVersion            string
+		traefikAPIGroup                string
+		traefikVersion                 string
 		ambassadorVersion              string
 		ingressVersion                 string
 		appmeshCRDVersion              string
@ -72,6 +85,8 @@ func newCommand() *cobra.Command {
 		namespaced                     bool
 		printVersion                   bool
 		selfServiceNotificationEnabled bool
+		controllersEnabled             []string
+		pprofAddress                   string
 	)
 	electOpts := controller.NewLeaderElectionOptions()
 	var command = cobra.Command{
@ -82,47 +97,59 @@ func newCommand() *cobra.Command {
 				fmt.Println(version.GetVersion())
 				return nil
 			}
+			logger := log.New()
 			setLogLevel(logLevel)
 			if logFormat != "" {
 				log.SetFormatter(createFormatter(logFormat))
+				logger.SetFormatter(createFormatter(logFormat))
 			}
-			logutil.SetKLogLogger(log.New())
+			logutil.SetKLogLogger(logger)
 			logutil.SetKLogLevel(klogLevel)
-			log.WithField("version", version.GetVersion()).Info("Argo Rollouts starting")

 			// set up signals so we handle the first shutdown signal gracefully
 			ctx := signals.SetupSignalHandlerContext()

 			defaults.SetVerifyTargetGroup(awsVerifyTargetGroup)
+			defaults.SetTargetGroupBindingAPIVersion(targetGroupBindingVersion)
+			defaults.SetalbTagKeyResourceID(albTagKeyResourceID)
 			defaults.SetIstioAPIVersion(istioVersion)
 			defaults.SetAmbassadorAPIVersion(ambassadorVersion)
 			defaults.SetSMIAPIVersion(trafficSplitVersion)
 			defaults.SetAppMeshCRDVersion(appmeshCRDVersion)
+			defaults.SetTraefikAPIGroup(traefikAPIGroup)
+			defaults.SetTraefikVersion(traefikVersion)

 			config, err := clientConfig.ClientConfig()
-			checkError(err)
+			errors.CheckError(err)
 			config.QPS = qps
 			config.Burst = burst
 			namespace := metav1.NamespaceAll
 			configNS, _, err := clientConfig.Namespace()
-			checkError(err)
+			errors.CheckError(err)
 			if namespaced {
 				namespace = configNS
-				log.Infof("Using namespace %s", namespace)
 			}
+			log.WithFields(log.Fields{
+				"version":     version.GetVersion(),
+				"namespace":   namespace,
+				"instanceID":  instanceID,
+				"metricsPort": metricsPort,
+				"healthzPort": healthzPort,
+			}).Info("Argo Rollouts controller starting")

 			k8sRequestProvider := &metrics.K8sRequestsCountProvider{}
 			kubeclientmetrics.AddMetricsTransportWrapper(config, k8sRequestProvider.IncKubernetesRequest)

 			kubeClient, err := kubernetes.NewForConfig(config)
-			checkError(err)
+			errors.CheckError(err)
 			argoprojClient, err := clientset.NewForConfig(config)
-			checkError(err)
+			errors.CheckError(err)
 			dynamicClient, err := dynamic.NewForConfig(config)
-			checkError(err)
+			errors.CheckError(err)
 			discoveryClient, err := discovery.NewDiscoveryClientForConfig(config)
-			checkError(err)
+			errors.CheckError(err)
 			smiClient, err := smiclientset.NewForConfig(config)
+			errors.CheckError(err)
 			resyncDuration := time.Duration(rolloutResyncPeriod) * time.Second
 			kubeInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(
 				kubeClient,
@ -132,10 +159,17 @@ func newCommand() *cobra.Command {
 			instanceIDTweakListFunc := func(options *metav1.ListOptions) {
 				options.LabelSelector = instanceIDSelector.String()
 			}
+			jobKubeClient, _, err := metricproviders.GetAnalysisJobClientset(kubeClient)
+			errors.CheckError(err)
+			jobNs := metricproviders.GetAnalysisJobNamespace()
+			if jobNs == "" {
+				// if not set explicitly use the configured ns
+				jobNs = namespace
+			}
 			jobInformerFactory := kubeinformers.NewSharedInformerFactoryWithOptions(
-				kubeClient,
+				jobKubeClient,
 				resyncDuration,
-				kubeinformers.WithNamespace(namespace),
+				kubeinformers.WithNamespace(jobNs),
 				kubeinformers.WithTweakListOptions(func(options *metav1.ListOptions) {
 					options.LabelSelector = jobprovider.AnalysisRunUIDLabelKey
 				}))
@ -165,7 +199,7 @@ func newCommand() *cobra.Command {
 				resyncDuration,
 				kubeinformers.WithNamespace(notificationConfigNamespace),
 				kubeinformers.WithTweakListOptions(func(options *metav1.ListOptions) {
-					options.Kind = "Secrete"
+					options.Kind = "Secret"
 					options.FieldSelector = fmt.Sprintf("metadata.name=%s", record.NotificationSecret)
 				}),
 			)
@ -181,45 +215,77 @@ func newCommand() *cobra.Command {
 			)

 			mode, err := ingressutil.DetermineIngressMode(ingressVersion, kubeClient.DiscoveryClient)
-			checkError(err)
+			errors.CheckError(err)
 			ingressWrapper, err := ingressutil.NewIngressWrapper(mode, kubeClient, kubeInformerFactory)
-			checkError(err)
+			errors.CheckError(err)

-			cm := controller.NewManager(
-				namespace,
-				kubeClient,
-				argoprojClient,
-				dynamicClient,
-				smiClient,
-				discoveryClient,
-				kubeInformerFactory.Apps().V1().ReplicaSets(),
-				kubeInformerFactory.Core().V1().Services(),
-				ingressWrapper,
-				jobInformerFactory.Batch().V1().Jobs(),
-				tolerantinformer.NewTolerantRolloutInformer(dynamicInformerFactory),
-				tolerantinformer.NewTolerantExperimentInformer(dynamicInformerFactory),
-				tolerantinformer.NewTolerantAnalysisRunInformer(dynamicInformerFactory),
-				tolerantinformer.NewTolerantAnalysisTemplateInformer(dynamicInformerFactory),
-				tolerantinformer.NewTolerantClusterAnalysisTemplateInformer(clusterDynamicInformerFactory),
-				istioPrimaryDynamicClient,
-				istioDynamicInformerFactory.ForResource(istioutil.GetIstioVirtualServiceGVR()).Informer(),
-				istioDynamicInformerFactory.ForResource(istioutil.GetIstioDestinationRuleGVR()).Informer(),
-				notificationConfigMapInformerFactory,
-				notificationSecretInformerFactory,
-				resyncDuration,
-				instanceID,
-				metricsPort,
-				healthzPort,
-				k8sRequestProvider,
-				nginxIngressClasses,
-				albIngressClasses,
-				dynamicInformerFactory,
-				clusterDynamicInformerFactory,
-				istioDynamicInformerFactory,
-				namespaced,
-				kubeInformerFactory,
-				jobInformerFactory)
+			if pprofAddress != "" {
+				mux := controller.NewPProfServer()
+				go func() { log.Println(http.ListenAndServe(pprofAddress, mux)) }()
+			}

+			var cm *controller.Manager
+
+			enabledControllers, err := getEnabledControllers(controllersEnabled)
+			errors.CheckError(err)
+
+			// currently only supports running analysis controller independently
+			if enabledControllers[controllerAnalysis] {
+				log.Info("Running only analysis controller")
+				cm = controller.NewAnalysisManager(
+					namespace,
+					kubeClient,
+					argoprojClient,
+					jobInformerFactory.Batch().V1().Jobs(),
+					tolerantinformer.NewTolerantAnalysisRunInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantAnalysisTemplateInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantClusterAnalysisTemplateInformer(clusterDynamicInformerFactory),
+					resyncDuration,
+					metricsPort,
+					healthzPort,
+					k8sRequestProvider,
+					dynamicInformerFactory,
+					clusterDynamicInformerFactory,
+					namespaced,
+					kubeInformerFactory,
+					jobInformerFactory)
+			} else {
+				cm = controller.NewManager(
+					namespace,
+					kubeClient,
+					argoprojClient,
+					dynamicClient,
+					smiClient,
+					discoveryClient,
+					kubeInformerFactory.Apps().V1().ReplicaSets(),
+					kubeInformerFactory.Core().V1().Services(),
+					ingressWrapper,
+					jobInformerFactory.Batch().V1().Jobs(),
+					tolerantinformer.NewTolerantRolloutInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantExperimentInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantAnalysisRunInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantAnalysisTemplateInformer(dynamicInformerFactory),
+					tolerantinformer.NewTolerantClusterAnalysisTemplateInformer(clusterDynamicInformerFactory),
+					istioPrimaryDynamicClient,
+					istioDynamicInformerFactory.ForResource(istioutil.GetIstioVirtualServiceGVR()).Informer(),
+					istioDynamicInformerFactory.ForResource(istioutil.GetIstioDestinationRuleGVR()).Informer(),
+					notificationConfigMapInformerFactory,
+					notificationSecretInformerFactory,
+					resyncDuration,
+					instanceID,
+					metricsPort,
+					healthzPort,
+					k8sRequestProvider,
+					nginxIngressClasses,
+					albIngressClasses,
+					dynamicInformerFactory,
+					clusterDynamicInformerFactory,
+					istioDynamicInformerFactory,
+					namespaced,
+					kubeInformerFactory,
+					jobInformerFactory,
+					ephemeralMetadataThreads)
+			}
 			if err = cm.Run(ctx, rolloutThreads, serviceThreads, ingressThreads, experimentThreads, analysisThreads, electOpts); err != nil {
 				log.Fatalf("Error running controller: %s", err.Error())
 			}
@ -236,7 +302,7 @@ func newCommand() *cobra.Command {
 	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&logFormat, "logformat", "", "Set the logging format. One of: text|json")
 	command.Flags().IntVar(&klogLevel, "kloglevel", 0, "Set the klog logging level")
-	command.Flags().IntVar(&metricsPort, "metricsport", controller.DefaultMetricsPort, "Set the port the metrics endpoint should be exposed over")
+	command.Flags().IntVar(&metricsPort, "metricsPort", controller.DefaultMetricsPort, "Set the port the metrics endpoint should be exposed over")
 	command.Flags().IntVar(&healthzPort, "healthzPort", controller.DefaultHealthzPort, "Set the port the healthz endpoint should be exposed over")
 	command.Flags().StringVar(&instanceID, "instance-id", "", "Indicates which argo rollout objects the controller should operate on")
 	command.Flags().Float32Var(&qps, "qps", defaults.DefaultQPS, "Maximum QPS (queries per second) to the K8s API server")
@ -246,9 +312,14 @@ func newCommand() *cobra.Command {
 	command.Flags().IntVar(&analysisThreads, "analysis-threads", controller.DefaultAnalysisThreads, "Set the number of worker threads for the Experiment controller")
 	command.Flags().IntVar(&serviceThreads, "service-threads", controller.DefaultServiceThreads, "Set the number of worker threads for the Service controller")
 	command.Flags().IntVar(&ingressThreads, "ingress-threads", controller.DefaultIngressThreads, "Set the number of worker threads for the Ingress controller")
+	command.Flags().IntVar(&ephemeralMetadataThreads, "ephemeral-metadata-threads", rollout.DefaultEphemeralMetadataThreads, "Set the number of worker threads for the Ephemeral Metadata reconciler")
+	command.Flags().StringVar(&targetGroupBindingVersion, "aws-target-group-binding-api-version", defaults.DefaultTargetGroupBindingAPIVersion, "Set the default AWS TargetGroupBinding apiVersion that controller uses when verifying target group weights.")
+	command.Flags().StringVar(&albTagKeyResourceID, "alb-tag-key-resource-id", defaults.DefaultAlbTagKeyResourceID, "Set the default AWS LoadBalancer tag key for resource ID that controller uses when verifying target group weights.")
 	command.Flags().StringVar(&istioVersion, "istio-api-version", defaults.DefaultIstioVersion, "Set the default Istio apiVersion that controller should look when manipulating VirtualServices.")
 	command.Flags().StringVar(&ambassadorVersion, "ambassador-api-version", defaults.DefaultAmbassadorVersion, "Set the Ambassador apiVersion that controller should look when manipulating Ambassador Mappings.")
 	command.Flags().StringVar(&trafficSplitVersion, "traffic-split-api-version", defaults.DefaultSMITrafficSplitVersion, "Set the default TrafficSplit apiVersion that controller uses when creating TrafficSplits.")
+	command.Flags().StringVar(&traefikAPIGroup, "traefik-api-group", defaults.DefaultTraefikAPIGroup, "Set the default Traefik apiGroup that controller uses.")
+	command.Flags().StringVar(&traefikVersion, "traefik-api-version", defaults.DefaultTraefikVersion, "Set the default Traefik apiVersion that controller uses.")
 	command.Flags().StringVar(&ingressVersion, "ingress-api-version", "", "Set the Ingress apiVersion that the controller should use.")
 	command.Flags().StringVar(&appmeshCRDVersion, "appmesh-crd-version", defaults.DefaultAppMeshCRDVersion, "Set the default AppMesh CRD Version that controller uses when manipulating resources.")
 	command.Flags().StringArrayVar(&albIngressClasses, "alb-ingress-classes", defaultALBIngressClass, "Defines all the ingress class annotations that the alb ingress controller operates on. Defaults to alb")
@ -262,6 +333,8 @@ func newCommand() *cobra.Command {
 	command.Flags().DurationVar(&electOpts.LeaderElectionRenewDeadline, "leader-election-renew-deadline", controller.DefaultLeaderElectionRenewDeadline, "The interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.")
 	command.Flags().DurationVar(&electOpts.LeaderElectionRetryPeriod, "leader-election-retry-period", controller.DefaultLeaderElectionRetryPeriod, "The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.")
 	command.Flags().BoolVar(&selfServiceNotificationEnabled, "self-service-notification-enabled", false, "Allows rollouts controller to pull notification config from the namespace that the rollout resource is in. This is useful for self-service notification.")
+	command.Flags().StringSliceVar(&controllersEnabled, "controllers", nil, "Explicitly specify the list of controllers to run, currently only supports 'analysis', eg. --controller=analysis. Default: all controllers are enabled")
+	command.Flags().StringVar(&pprofAddress, "enable-pprof-address", "", "Enable pprof profiling on controller by providing a server address.")
 	return &command
 }

@ -310,8 +383,14 @@ func createFormatter(logFormat string) log.Formatter {
 	return formatType
 }

-func checkError(err error) {
-	if err != nil {
-		log.Fatal(err)
+func getEnabledControllers(controllersEnabled []string) (map[string]bool, error) {
+	enabledControllers := make(map[string]bool)
+	for _, controller := range controllersEnabled {
+		if supportedControllers[controller] {
+			enabledControllers[controller] = true
+		} else {
+			return nil, fmt.Errorf("unsupported controller: %s", controller)
+		}
 	}
+	return enabledControllers, nil
 }
--- a/controller/controller.go
+++ b/controller/controller.go
@ -13,9 +13,10 @@ import (

 	istioutil "github.com/argoproj/argo-rollouts/utils/istio"

-	rolloutsConfig "github.com/argoproj/argo-rollouts/utils/config"
 	goPlugin "github.com/hashicorp/go-plugin"

+	rolloutsConfig "github.com/argoproj/argo-rollouts/utils/config"
+
 	"k8s.io/apimachinery/pkg/util/wait"

 	"k8s.io/client-go/dynamic/dynamicinformer"
@ -163,6 +164,87 @@ type Manager struct {
 	notificationSecretInformerFactory    kubeinformers.SharedInformerFactory
 	jobInformerFactory                   kubeinformers.SharedInformerFactory
 	istioPrimaryDynamicClient            dynamic.Interface
+
+	onlyAnalysisMode bool
+}
+
+func NewAnalysisManager(
+	namespace string,
+	kubeclientset kubernetes.Interface,
+	argoprojclientset clientset.Interface,
+	jobInformer batchinformers.JobInformer,
+	analysisRunInformer informers.AnalysisRunInformer,
+	analysisTemplateInformer informers.AnalysisTemplateInformer,
+	clusterAnalysisTemplateInformer informers.ClusterAnalysisTemplateInformer,
+	resyncPeriod time.Duration,
+	metricsPort int,
+	healthzPort int,
+	k8sRequestProvider *metrics.K8sRequestsCountProvider,
+	dynamicInformerFactory dynamicinformer.DynamicSharedInformerFactory,
+	clusterDynamicInformerFactory dynamicinformer.DynamicSharedInformerFactory,
+	namespaced bool,
+	kubeInformerFactory kubeinformers.SharedInformerFactory,
+	jobInformerFactory kubeinformers.SharedInformerFactory,
+) *Manager {
+	runtime.Must(rolloutscheme.AddToScheme(scheme.Scheme))
+	log.Info("Creating event broadcaster")
+
+	metricsAddr := fmt.Sprintf(listenAddr, metricsPort)
+	metricsServer := metrics.NewMetricsServer(metrics.ServerConfig{
+		Addr:                          metricsAddr,
+		RolloutLister:                 nil,
+		AnalysisRunLister:             analysisRunInformer.Lister(),
+		AnalysisTemplateLister:        analysisTemplateInformer.Lister(),
+		ClusterAnalysisTemplateLister: clusterAnalysisTemplateInformer.Lister(),
+		ExperimentLister:              nil,
+		K8SRequestProvider:            k8sRequestProvider,
+	})
+
+	healthzServer := NewHealthzServer(fmt.Sprintf(listenAddr, healthzPort))
+	analysisRunWorkqueue := workqueue.NewNamedRateLimitingQueue(queue.DefaultArgoRolloutsRateLimiter(), "AnalysisRuns")
+	recorder := record.NewEventRecorder(kubeclientset, metrics.MetricRolloutEventsTotal, metrics.MetricNotificationFailedTotal, metrics.MetricNotificationSuccessTotal, metrics.MetricNotificationSend, nil)
+	analysisController := analysis.NewController(analysis.ControllerConfig{
+		KubeClientSet:        kubeclientset,
+		ArgoProjClientset:    argoprojclientset,
+		AnalysisRunInformer:  analysisRunInformer,
+		JobInformer:          jobInformer,
+		ResyncPeriod:         resyncPeriod,
+		AnalysisRunWorkQueue: analysisRunWorkqueue,
+		MetricsServer:        metricsServer,
+		Recorder:             recorder,
+	})
+
+	cm := &Manager{
+		wg:                            &sync.WaitGroup{},
+		metricsServer:                 metricsServer,
+		healthzServer:                 healthzServer,
+		jobSynced:                     jobInformer.Informer().HasSynced,
+		analysisRunSynced:             analysisRunInformer.Informer().HasSynced,
+		analysisTemplateSynced:        analysisTemplateInformer.Informer().HasSynced,
+		clusterAnalysisTemplateSynced: clusterAnalysisTemplateInformer.Informer().HasSynced,
+		analysisRunWorkqueue:          analysisRunWorkqueue,
+		analysisController:            analysisController,
+		namespace:                     namespace,
+		kubeClientSet:                 kubeclientset,
+		dynamicInformerFactory:        dynamicInformerFactory,
+		clusterDynamicInformerFactory: clusterDynamicInformerFactory,
+		namespaced:                    namespaced,
+		kubeInformerFactory:           kubeInformerFactory,
+		jobInformerFactory:            jobInformerFactory,
+		onlyAnalysisMode:              true,
+	}
+
+	_, err := rolloutsConfig.InitializeConfig(kubeclientset, defaults.DefaultRolloutsConfigMapName)
+	if err != nil {
+		log.Fatalf("Failed to init config: %v", err)
+	}
+
+	err = plugin.DownloadPlugins(plugin.FileDownloaderImpl{}, kubeclientset)
+	if err != nil {
+		log.Fatalf("Failed to download plugins: %v", err)
+	}
+
+	return cm
 }

 // NewManager returns a new manager to manage all the controllers
@ -200,6 +282,7 @@ func NewManager(
 	namespaced bool,
 	kubeInformerFactory kubeinformers.SharedInformerFactory,
 	jobInformerFactory kubeinformers.SharedInformerFactory,
+	ephemeralMetadataThreads int,
 ) *Manager {
 	runtime.Must(rolloutscheme.AddToScheme(scheme.Scheme))
 	log.Info("Creating event broadcaster")
@ -223,7 +306,7 @@ func NewManager(
 	ingressWorkqueue := workqueue.NewNamedRateLimitingQueue(queue.DefaultArgoRolloutsRateLimiter(), "Ingresses")

 	refResolver := rollout.NewInformerBasedWorkloadRefResolver(namespace, dynamicclientset, discoveryClient, argoprojclientset, rolloutsInformer.Informer())
-	apiFactory := notificationapi.NewFactory(record.NewAPIFactorySettings(), defaults.Namespace(), notificationSecretInformerFactory.Core().V1().Secrets().Informer(), notificationConfigMapInformerFactory.Core().V1().ConfigMaps().Informer())
+	apiFactory := notificationapi.NewFactory(record.NewAPIFactorySettings(analysisRunInformer), defaults.Namespace(), notificationSecretInformerFactory.Core().V1().Secrets().Informer(), notificationConfigMapInformerFactory.Core().V1().ConfigMaps().Informer())
 	recorder := record.NewEventRecorder(kubeclientset, metrics.MetricRolloutEventsTotal, metrics.MetricNotificationFailedTotal, metrics.MetricNotificationSuccessTotal, metrics.MetricNotificationSend, apiFactory)
 	notificationsController := notificationcontroller.NewControllerWithNamespaceSupport(dynamicclientset.Resource(v1alpha1.RolloutGVR), rolloutsInformer.Informer(), apiFactory,
 		notificationcontroller.WithToUnstructured(func(obj metav1.Object) (*unstructured.Unstructured, error) {
@ -264,6 +347,7 @@ func NewManager(
 		IngressWorkQueue:                ingressWorkqueue,
 		MetricsServer:                   metricsServer,
 		Recorder:                        recorder,
+		EphemeralMetadataThreads:        ephemeralMetadataThreads,
 	})

 	experimentController := experiments.NewController(experiments.ControllerConfig{
@ -363,7 +447,7 @@ func NewManager(
 		log.Fatalf("Failed to init config: %v", err)
 	}

-	err = plugin.DownloadPlugins(plugin.FileDownloaderImpl{})
+	err = plugin.DownloadPlugins(plugin.FileDownloaderImpl{}, kubeclientset)
 	if err != nil {
 		log.Fatalf("Failed to download plugins: %v", err)
 	}
@ -441,11 +525,13 @@ func (c *Manager) Run(ctx context.Context, rolloutThreadiness, serviceThreadines
 	log.Info("Shutting down workers")
 	goPlugin.CleanupClients()

-	c.serviceWorkqueue.ShutDownWithDrain()
-	c.ingressWorkqueue.ShutDownWithDrain()
-	c.rolloutWorkqueue.ShutDownWithDrain()
-	c.experimentWorkqueue.ShutDownWithDrain()
-	c.analysisRunWorkqueue.ShutDownWithDrain()
+	if !c.onlyAnalysisMode {
+		c.serviceWorkqueue.ShutDownWithDrain()
+		c.ingressWorkqueue.ShutDownWithDrain()
+		c.rolloutWorkqueue.ShutDownWithDrain()
+		c.experimentWorkqueue.ShutDownWithDrain()
+	}
+
 	c.analysisRunWorkqueue.ShutDownWithDrain()

 	ctxWithTimeout, cancel := context.WithTimeout(ctx, 5*time.Second) // give max of 10 seconds for http servers to shut down
@ -471,34 +557,52 @@ func (c *Manager) startLeading(ctx context.Context, rolloutThreadiness, serviceT
 	}
 	c.kubeInformerFactory.Start(ctx.Done())

-	c.notificationConfigMapInformerFactory.Start(ctx.Done())
-	c.notificationSecretInformerFactory.Start(ctx.Done())
-
 	c.jobInformerFactory.Start(ctx.Done())

-	// Check if Istio installed on cluster before starting dynamicInformerFactory
-	if istioutil.DoesIstioExist(c.istioPrimaryDynamicClient, c.namespace) {
-		c.istioDynamicInformerFactory.Start(ctx.Done())
-	}
-
-	// Wait for the caches to be synced before starting workers
-	log.Info("Waiting for controller's informer caches to sync")
-	if ok := cache.WaitForCacheSync(ctx.Done(), c.serviceSynced, c.ingressSynced, c.jobSynced, c.rolloutSynced, c.experimentSynced, c.analysisRunSynced, c.analysisTemplateSynced, c.replicasSetSynced, c.configMapSynced, c.secretSynced); !ok {
-		log.Fatalf("failed to wait for caches to sync, exiting")
-	}
-	// only wait for cluster scoped informers to sync if we are running in cluster-wide mode
-	if c.namespace == metav1.NamespaceAll {
-		if ok := cache.WaitForCacheSync(ctx.Done(), c.clusterAnalysisTemplateSynced); !ok {
-			log.Fatalf("failed to wait for cluster-scoped caches to sync, exiting")
+	if c.onlyAnalysisMode {
+		log.Info("Waiting for controller's informer caches to sync")
+		if ok := cache.WaitForCacheSync(ctx.Done(), c.analysisRunSynced, c.analysisTemplateSynced, c.jobSynced); !ok {
+			log.Fatalf("failed to wait for caches to sync, exiting")
 		}
+		// only wait for cluster scoped informers to sync if we are running in cluster-wide mode
+		if c.namespace == metav1.NamespaceAll {
+			if ok := cache.WaitForCacheSync(ctx.Done(), c.clusterAnalysisTemplateSynced); !ok {
+				log.Fatalf("failed to wait for cluster-scoped caches to sync, exiting")
+			}
+		}
+		go wait.Until(func() { c.wg.Add(1); c.analysisController.Run(ctx, analysisThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+	} else {
+
+		c.notificationConfigMapInformerFactory.Start(ctx.Done())
+		c.notificationSecretInformerFactory.Start(ctx.Done())
+		if ok := cache.WaitForCacheSync(ctx.Done(), c.configMapSynced, c.secretSynced); !ok {
+			log.Fatalf("failed to wait for configmap/secret caches to sync, exiting")
+		}
+
+		// Check if Istio installed on cluster before starting dynamicInformerFactory
+		if istioutil.DoesIstioExist(c.istioPrimaryDynamicClient, c.namespace) {
+			c.istioDynamicInformerFactory.Start(ctx.Done())
+		}
+
+		// Wait for the caches to be synced before starting workers
+		log.Info("Waiting for controller's informer caches to sync")
+		if ok := cache.WaitForCacheSync(ctx.Done(), c.serviceSynced, c.ingressSynced, c.jobSynced, c.rolloutSynced, c.experimentSynced, c.analysisRunSynced, c.analysisTemplateSynced, c.replicasSetSynced, c.configMapSynced, c.secretSynced); !ok {
+			log.Fatalf("failed to wait for caches to sync, exiting")
+		}
+		// only wait for cluster scoped informers to sync if we are running in cluster-wide mode
+		if c.namespace == metav1.NamespaceAll {
+			if ok := cache.WaitForCacheSync(ctx.Done(), c.clusterAnalysisTemplateSynced); !ok {
+				log.Fatalf("failed to wait for cluster-scoped caches to sync, exiting")
+			}
+		}
+
+		go wait.Until(func() { c.wg.Add(1); c.rolloutController.Run(ctx, rolloutThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+		go wait.Until(func() { c.wg.Add(1); c.serviceController.Run(ctx, serviceThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+		go wait.Until(func() { c.wg.Add(1); c.ingressController.Run(ctx, ingressThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+		go wait.Until(func() { c.wg.Add(1); c.experimentController.Run(ctx, experimentThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+		go wait.Until(func() { c.wg.Add(1); c.analysisController.Run(ctx, analysisThreadiness); c.wg.Done() }, time.Second, ctx.Done())
+		go wait.Until(func() { c.wg.Add(1); c.notificationsController.Run(rolloutThreadiness, ctx.Done()); c.wg.Done() }, time.Second, ctx.Done())
+
 	}
-
-	go wait.Until(func() { c.wg.Add(1); c.rolloutController.Run(ctx, rolloutThreadiness); c.wg.Done() }, time.Second, ctx.Done())
-	go wait.Until(func() { c.wg.Add(1); c.serviceController.Run(ctx, serviceThreadiness); c.wg.Done() }, time.Second, ctx.Done())
-	go wait.Until(func() { c.wg.Add(1); c.ingressController.Run(ctx, ingressThreadiness); c.wg.Done() }, time.Second, ctx.Done())
-	go wait.Until(func() { c.wg.Add(1); c.experimentController.Run(ctx, experimentThreadiness); c.wg.Done() }, time.Second, ctx.Done())
-	go wait.Until(func() { c.wg.Add(1); c.analysisController.Run(ctx, analysisThreadiness); c.wg.Done() }, time.Second, ctx.Done())
-	go wait.Until(func() { c.wg.Add(1); c.notificationsController.Run(rolloutThreadiness, ctx.Done()); c.wg.Done() }, time.Second, ctx.Done())
-
 	log.Info("Started controller")
 }
--- a/controller/controller_test.go
+++ b/controller/controller_test.go
@ -205,7 +205,7 @@ func (f *fixture) newManager(t *testing.T) *Manager {
 		Recorder:                        record.NewFakeEventRecorder(),
 	})

-	apiFactory := notificationapi.NewFactory(record.NewAPIFactorySettings(), "default", k8sI.Core().V1().Secrets().Informer(), k8sI.Core().V1().ConfigMaps().Informer())
+	apiFactory := notificationapi.NewFactory(record.NewAPIFactorySettings(i.Argoproj().V1alpha1().AnalysisRuns()), "default", k8sI.Core().V1().Secrets().Informer(), k8sI.Core().V1().ConfigMaps().Informer())
 	// rolloutsInformer := rolloutinformers.NewRolloutInformer(f.client, "", time.Minute, cache.Indexers{})
 	cm.notificationsController = notificationcontroller.NewController(dynamicClient.Resource(v1alpha1.RolloutGVR), i.Argoproj().V1alpha1().Rollouts().Informer(), apiFactory,
 		notificationcontroller.WithToUnstructured(func(obj metav1.Object) (*unstructured.Unstructured, error) {
@ -269,6 +269,41 @@ func TestNewManager(t *testing.T) {
 		false,
 		nil,
 		nil,
+		rolloutController.DefaultEphemeralMetadataThreads,
+	)
+
+	assert.NotNil(t, cm)
+}
+
+func TestNewAnalysisManager(t *testing.T) {
+	f := newFixture(t)
+
+	i := informers.NewSharedInformerFactory(f.client, noResyncPeriodFunc())
+	k8sI := kubeinformers.NewSharedInformerFactory(f.kubeclient, noResyncPeriodFunc())
+
+	scheme := runtime.NewScheme()
+	listMapping := map[schema.GroupVersionResource]string{}
+	dynamicClient := dynamicfake.NewSimpleDynamicClientWithCustomListKinds(scheme, listMapping)
+	dynamicInformerFactory := dynamicinformer.NewDynamicSharedInformerFactory(dynamicClient, 0)
+
+	k8sRequestProvider := &metrics.K8sRequestsCountProvider{}
+	cm := NewAnalysisManager(
+		"default",
+		f.kubeclient,
+		f.client,
+		k8sI.Batch().V1().Jobs(),
+		i.Argoproj().V1alpha1().AnalysisRuns(),
+		i.Argoproj().V1alpha1().AnalysisTemplates(),
+		i.Argoproj().V1alpha1().ClusterAnalysisTemplates(),
+		noResyncPeriodFunc(),
+		8090,
+		8080,
+		k8sRequestProvider,
+		nil,
+		dynamicInformerFactory,
+		false,
+		nil,
+		nil,
 	)

 	assert.NotNil(t, cm)
--- a/controller/metrics/experiment_test.go
+++ b/controller/metrics/experiment_test.go
@ -10,9 +10,10 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/yaml"

-	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+
+	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 )

 const (
--- a/controller/metrics/metrics.go
+++ b/controller/metrics/metrics.go
@ -2,6 +2,7 @@ package metrics

 import (
 	"net/http"
+	"runtime"
 	"time"

 	"github.com/argoproj/argo-rollouts/utils/defaults"
@ -16,6 +17,7 @@ import (
 	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	rolloutlister "github.com/argoproj/argo-rollouts/pkg/client/listers/rollouts/v1alpha1"
 	"github.com/argoproj/argo-rollouts/utils/log"
+	"github.com/argoproj/argo-rollouts/utils/version"
 )

 type MetricsServer struct {
@ -39,6 +41,16 @@ const (
 	MetricsPath = "/metrics"
 )

+var (
+	buildInfo = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name: "build_info",
+			Help: "A metric with a constant '1' value labeled by version from which Argo-Rollouts was built.",
+		},
+		[]string{"version", "goversion", "goarch", "commit"},
+	)
+)
+
 type ServerConfig struct {
 	Addr                          string
 	RolloutLister                 rolloutlister.RolloutLister
@ -55,9 +67,13 @@ func NewMetricsServer(cfg ServerConfig) *MetricsServer {

 	reg := prometheus.NewRegistry()

-	reg.MustRegister(NewRolloutCollector(cfg.RolloutLister))
+	if cfg.RolloutLister != nil {
+		reg.MustRegister(NewRolloutCollector(cfg.RolloutLister))
+	}
+	if cfg.ExperimentLister != nil {
+		reg.MustRegister(NewExperimentCollector(cfg.ExperimentLister))
+	}
 	reg.MustRegister(NewAnalysisRunCollector(cfg.AnalysisRunLister, cfg.AnalysisTemplateLister, cfg.ClusterAnalysisTemplateLister))
-	reg.MustRegister(NewExperimentCollector(cfg.ExperimentLister))
 	cfg.K8SRequestProvider.MustRegister(reg)
 	reg.MustRegister(MetricRolloutReconcile)
 	reg.MustRegister(MetricRolloutReconcileError)
@ -70,6 +86,9 @@ func NewMetricsServer(cfg ServerConfig) *MetricsServer {
 	reg.MustRegister(MetricNotificationFailedTotal)
 	reg.MustRegister(MetricNotificationSend)
 	reg.MustRegister(MetricVersionGauge)
+	reg.MustRegister(buildInfo)
+
+	recordBuildInfo()

 	mux.Handle(MetricsPath, promhttp.HandlerFor(prometheus.Gatherers{
 		// contains app controller specific metrics
@ -170,6 +189,12 @@ func (m *MetricsServer) Remove(namespace string, name string, kind string) {

 }

+// recordBuildInfo publishes information about Argo-Rollouts version and runtime info through an info metric (gauge).
+func recordBuildInfo() {
+	vers := version.GetVersion()
+	buildInfo.WithLabelValues(vers.Version, runtime.Version(), runtime.GOARCH, vers.GitCommit).Set(1)
+}
+
 func boolFloat64(b bool) float64 {
 	if b {
 		return 1
--- a/controller/metrics/metrics_test.go
+++ b/controller/metrics/metrics_test.go
@ -9,11 +9,12 @@ import (
 	"testing"
 	"time"

-	"github.com/argoproj/argo-rollouts/utils/defaults"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/cache"

+	"github.com/argoproj/argo-rollouts/utils/defaults"
+
 	"github.com/argoproj/argo-rollouts/pkg/client/clientset/versioned/fake"
 	informerfactory "github.com/argoproj/argo-rollouts/pkg/client/informers/externalversions"
 	logutil "github.com/argoproj/argo-rollouts/utils/log"
@ -54,7 +55,7 @@ func newFakeServerConfig(objs ...runtime.Object) ServerConfig {
 	}
 }

-func testHttpResponse(t *testing.T, handler http.Handler, expectedResponse string, testFunc func(t assert.TestingT, s interface{}, contains interface{}, msgAndArgs ...interface{}) bool) {
+func testHttpResponse(t *testing.T, handler http.Handler, expectedResponse string, testFunc func(t assert.TestingT, s any, contains any, msgAndArgs ...any) bool) {
 	t.Helper()
 	req, err := http.NewRequest("GET", "/metrics", nil)
 	assert.NoError(t, err)
--- a/controller/metrics/prommetrics.go
+++ b/controller/metrics/prommetrics.go
@ -1,8 +1,9 @@
 package metrics

 import (
-	"github.com/argoproj/argo-rollouts/utils/version"
 	"github.com/prometheus/client_golang/prometheus"
+
+	"github.com/argoproj/argo-rollouts/utils/version"
 )

 // Follow Prometheus naming practices
@ -135,7 +136,7 @@ var (
 	MetricAnalysisTemplateInfo = prometheus.NewDesc(
 		"analysis_template_info",
 		"Information about analysis templates.",
-		append(namespaceNameLabels),
+		namespaceNameLabels,
 		nil,
 	)

--- a/controller/metrics/rollout_test.go
+++ b/controller/metrics/rollout_test.go
@ -10,10 +10,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/yaml"

-	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
-	"github.com/argoproj/argo-rollouts/utils/conditions"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+
+	"github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
+	"github.com/argoproj/argo-rollouts/utils/conditions"
 )

 const (
--- a/controller/profiling.go
+++ b/controller/profiling.go
@ -0,0 +1,21 @@
+package controller
+
+import (
+	"net/http"
+	"net/http/pprof"
+)
+
+// NewPProfServer returns a new pprof server to gather runtime profiling data
+func NewPProfServer() *http.ServeMux {
+	mux := http.NewServeMux()
+
+	// TODO: Remove enumerating all pprof endpoints if/when a more ergonomic
+	// attachment solution is introduced. See: https://github.com/golang/go/issues/71213.
+	mux.HandleFunc("/debug/pprof/", pprof.Index)
+	mux.HandleFunc("/debug/pprof/cmdline/", pprof.Cmdline)
+	mux.HandleFunc("/debug/pprof/profile/", pprof.Profile)
+	mux.HandleFunc("/debug/pprof/symbol/", pprof.Symbol)
+	mux.HandleFunc("/debug/pprof/trace/", pprof.Trace)
+
+	return mux
+}
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@ -1,24 +1,27 @@
 # Contributing
+
 ## Before You Start
+
 Argo Rollouts is written in Golang. If you do not have a good grounding in Go, try out [the tutorial](https://tour.golang.org/).

 ## Pre-requisites
+
 Install:

-* [docker](https://docs.docker.com/install/#supported-platforms)
-* [golang](https://golang.org/)
-* [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-* [kustomize](https://github.com/kubernetes-sigs/kustomize/releases)
-* [k3d](https://k3d.io/) recommended
+- [docker](https://docs.docker.com/install/#supported-platforms)
+- [golang](https://golang.org/)
+- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
+- [kustomize](https://github.com/kubernetes-sigs/kustomize/releases) >= 4.5.5
+- [k3d](https://k3d.io/) recommended

 Kustomize is required for unit tests (`make test` is using it), so you [must install it](https://kubectl.docs.kubernetes.io/installation/kustomize/)
 locally if you wish to make code contributions to Argo Rollouts.

 Argo Rollout additionally uses the following tools

-* `golangci-lint` to lint the project.
-* `protoc` and `swagger-codegen` to generate proto related files
-* `yarn` to build the UI
+- `golangci-lint` to lint the project.
+- `protoc` and `swagger-codegen` to generate proto related files
+- `yarn` to build the UI

 Run the following commands to install them:

@ -56,10 +59,9 @@ cd ~/go/src/github.com/argoproj/argo-rollouts

 The `make controller` command will build the controller.

-* `make install-tools-local` - Runs scripts to install codegen utility CLIs necessary for codegen.
-
-* `make codegen` - Runs the code generator that creates the informers, client, lister, and deepcopies from the types.go and modifies the open-api spec.
+- `make install-tools-local` - Runs scripts to install codegen utility CLIs necessary for codegen.

+- `make codegen` - Runs the code generator that creates the informers, client, lister, and deepcopies from the types.go and modifies the open-api spec.

 ## Running Controller Locally

@ -83,11 +85,7 @@ make test
 ## Running E2E tests

 The end-to-end tests need to run against a kubernetes cluster with the Argo Rollouts controller
-running. The rollout controller can be started with the command:
-
-```
-make start-e2e
-```
+running.

 Start and prepare your cluster for e2e tests:

@ -98,6 +96,12 @@ kubectl apply -k manifests/crds
 kubectl apply -f test/e2e/crds
 ```

+The rollout controller can be started with the command:
+
+```
+make start-e2e
+```
+
 Then run the e2e tests:

 ```
@ -110,6 +114,66 @@ To run a subset of e2e tests, you need to specify the suite with `-run`, and the
 E2E_TEST_OPTIONS="-run 'TestCanarySuite' -testify.m 'TestCanaryScaleDownOnAbortNoTrafficRouting'" make test-e2e
 ```

+Available test suites [are the following](https://github.com/argoproj/argo-rollouts/tree/master/test/e2e):
+
+* `TestBlueGreenSuite`
+* `TestCanarySuite`
+* `TestAnalysisSuite`
+* `TestExperimentSuite`
+* `TestFunctionalSuite`
+* `TestRollbackSuite`
+* `TestIstioSuite`
+* `TestHeaderRoutingSuite` (Istio only)
+* `TestMirrorRouteSuite` (Istio only)
+* `TestAPISIXSuite`
+* `TestAppMeshSuite`
+* `TestAWSSuite`
+* `StepPluginSuite`
+* `SMISuite` (SMI is [deprecated](https://www.cncf.io/blog/2023/10/03/cncf-archives-the-service-mesh-interface-smi-project/))
+* `SMIIngressSuite` (SMI is [deprecated](https://www.cncf.io/blog/2023/10/03/cncf-archives-the-service-mesh-interface-smi-project/))
+
+## Running the UI
+
+If you'd like to run the UI locally, you first need a running Rollouts controller. This can be a locally running controller with a k3d cluster, as described above, or a controller running in a remote Kubernetes cluster.
+
+In order for the local React app to communicate with the controller and Kubernetes API, run the following to open a port forward to the dashboard:
+
+```bash
+kubectl argo rollouts dashboard
+```
+
+Note that you can also build the API server and run this instead,
+
+```
+make plugin
+./dist/kubectl-argo-rollouts dashboard
+```
+
+In another terminal, run the following to start the UI:
+
+```bash
+cd ui
+yarn install
+yarn start
+```
+
+## Getting your feature accepted 
+
+To be eligible for inclusion in a minor release, a new feature must meet the following criteria before the release’s RC
+date.
+
+If it is a large feature that involves significant design decisions, that feature must be described in a Proposal.
+
+The feature PR must include:
+
+* Tests (passing)
+* Documentation
+* If necessary, a note in the Upgrading docs for the planned minor release
+* The PR must be reviewed, approved, and merged by an Approver.
+
+If these criteria are not met by the RC date, the feature will be ineligible for inclusion in the RC series or GA for
+that minor release. It will have to wait for the next minor release.
+
 ## Controller architecture

 Argo Rollouts is actually a collection of individual controllers
@ -119,11 +183,11 @@ that handle a specific aspect of Progressive Delivery.

 The controllers are:

-* [Rollout Controller](https://github.com/argoproj/argo-rollouts/blob/master/rollout/controller.go)
-* [Service Controller](https://github.com/argoproj/argo-rollouts/blob/master/service/service.go)
-* [Ingress Controller](https://github.com/argoproj/argo-rollouts/blob/master/ingress/ingress.go)
-* [Experiment Controller](https://github.com/argoproj/argo-rollouts/blob/master/experiments/controller.go)
-* [AnalysisRun Controller](https://github.com/argoproj/argo-rollouts/blob/master/analysis/controller.go)
+- [Rollout Controller](https://github.com/argoproj/argo-rollouts/blob/master/rollout/controller.go)
+- [Service Controller](https://github.com/argoproj/argo-rollouts/blob/master/service/service.go)
+- [Ingress Controller](https://github.com/argoproj/argo-rollouts/blob/master/ingress/ingress.go)
+- [Experiment Controller](https://github.com/argoproj/argo-rollouts/blob/master/experiments/controller.go)
+- [AnalysisRun Controller](https://github.com/argoproj/argo-rollouts/blob/master/analysis/controller.go)

 ### Tips

@ -135,36 +199,35 @@ KUBECONFIG=~/.kube/minikube make test-e2e
 ```

 2. To run a specific e2e test, set the `E2E_TEST_OPTIONS` environment variable to specify the test
-(or test regex):
+   (or test regex):

 ```shell
 make test-e2e E2E_TEST_OPTIONS="-testify.m ^TestRolloutRestart$"
 ```

 3. The e2e tests are designed to run as quickly as possible, eliminating readiness and termination
-delays. However, it is often desired to artificially slow down the tests for debugging purposes,
-as well as to understand what the test is doing. To delay startup and termination of pods, set the
-`E2E_POD_DELAY` to an integer value in seconds. This environment variable is often coupled with
-`E2E_TEST_OPTIONS` to debug and slow down a specific test.
+   delays. However, it is often desired to artificially slow down the tests for debugging purposes,
+   as well as to understand what the test is doing. To delay startup and termination of pods, set the
+   `E2E_POD_DELAY` to an integer value in seconds. This environment variable is often coupled with
+   `E2E_TEST_OPTIONS` to debug and slow down a specific test.

 ```shell
 make test-e2e E2E_POD_DELAY=10
 ```

 4. Increasing the timeout. The E2E tests time out waiting on conditions to be met within 60 seconds.
-If debugging the rollout controller, it may be useful to increase this timeout while say sitting
-at a debugger breakpoint:
+   If debugging the rollout controller, it may be useful to increase this timeout while say sitting
+   at a debugger breakpoint:

 ```shell
 make test-e2e E2E_WAIT_TIMEOUT=999999
 ```

-
 5. The e2e tests leverage a feature of the controller allowing the controller to be sharded with
-a user-specific "instance id" label. This allows the tests to operate only on rollouts with the
-specified label, and prevents any other controllers (including the system rollout controller),
-from also operating on the same set of rollouts. This value can be changed (from the default of
-`argo-rollouts-e2e`), using the `E2E_INSTANCE_ID` environment variable:
+   a user-specific "instance id" label. This allows the tests to operate only on rollouts with the
+   specified label, and prevents any other controllers (including the system rollout controller),
+   from also operating on the same set of rollouts. This value can be changed (from the default of
+   `argo-rollouts-e2e`), using the `E2E_INSTANCE_ID` environment variable:

 ```shell
 make start-e2e E2E_INSTANCE_ID=foo
@ -177,6 +240,11 @@ Alternatively, the e2e tests can be run against the system controller (i.e. with
 make start-e2e E2E_INSTANCE_ID=''
 ```

+6. Working on CRDs? While editing them directly works when you are finding the shape of things you want, the final CRDs are autogenerated. Make sure to regenerate them by running `make gen-crd` before submitting PRs. They are controlled by the relevant annotations in the types file:
+
+eg: Analysis Templates are controlled by annotations in `pkg/apis/rollouts/v1alpha1/analysis_types.go`.
+
+Refer to https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html and https://book.kubebuilder.io/reference/markers/crd-validation.html for more info on annotations you can use.

 ## Running Local Containers

@ -213,11 +281,30 @@ kubectl -n argo-rollouts apply -f manifests/install.yaml
 ```

 ## Upgrading Kubernetes Libraries
+
 Argo Rollouts has a dependency on the kubernetes/kubernetes repo for some of the functionality that has not been
 pushed into the other kubernetes repositories yet. In order to import the kubernetes/kubernetes repo, all of the
 associated repos have to pinned to the correct version specified by the kubernetes/kubernetes release. The
 `./hack/update-k8s-dependencies.sh` updates all the dependencies to the those correct versions.

+## Upgrading Notifications Engine
+
+Argo Rollouts has a dependency on the [argoproj/notifications-engines](https://github.com/argoproj/notifications-engine) repo
+for the notifications functionality and related documentation.
+
+This is updated by upgrading the Go library in `go.mod` by running the commands:
+
+```shell
+go get github.com/argoproj/notifications-engine@LATEST_COMMIT_HASH
+go mod tidy
+```
+
+Next the latest notifications documentation can be imported by running:
+
+```shell
+make docs
+```
+
 ## Documentation Changes

 Modify contents in `docs/` directory.
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@ -1,5 +1,7 @@
 # FAQ

+Be sure to read the [Best practices page](../best-practices) as well.
+
 ## General

 ### Does Argo Rollouts depend on Argo CD or any other Argo project?
@ -13,7 +15,7 @@ Argo CD understands the health of Argo Rollouts resources via Argo CD’s [Lua h
 As a result, an operator can build automation to react to the states of the Argo Rollouts resources. For example, if a Rollout created by Argo CD is paused, Argo CD detects that and marks the Application as suspended. Once the new version is verified to be good, the operator can use Argo CD’s resume resource action to unpause the Rollout so it can continue to make progress. 

 ### Can we run the Argo Rollouts kubectl plugin commands via Argo CD?
-Argo CD supports running Lua scripts to modify resource kinds (i.e. suspending a CronJob by setting the `.spec.suspend` to true). These Lua Scripts can be configured in the argocd-cm ConfigMap or upstreamed to the Argo CD's [resource_customizations](https://github.com/argoproj/argo-cd/tree/master/resource_customizations) directory. These custom actions have two Lua scripts: one to modify the said resource and another to detect if the action can be executed (i.e. A user should not be able to resuming a unpaused Rollout). Argo CD allows users to execute these actions via the UI or CLI.
+Argo CD supports running Lua scripts to modify resource kinds (i.e. suspending a CronJob by setting the `.spec.suspend` to true). These Lua Scripts can be configured in the argocd-cm ConfigMap or upstreamed to the Argo CD's [resource_customizations](https://github.com/argoproj/argo-cd/tree/master/resource_customizations) directory. These custom actions have two Lua scripts: one to modify the said resource and another to detect if the action can be executed (i.e. A user should not be able to resuming an unpaused Rollout). Argo CD allows users to execute these actions via the UI or CLI.

 In the CLI, a user (or a CI system) can run
 ```bash
@ -41,6 +43,14 @@ solution that does not follow the GitOps approach.

 Yes. A k8s cluster can run multiple replicas of Argo-rollouts controllers to achieve HA. To enable this feature, run the controller with `--leader-elect` flag and increase the number of replicas in the controller's deployment manifest. The implementation is based on the [k8s client-go's leaderelection package](https://pkg.go.dev/k8s.io/client-go/tools/leaderelection#section-documentation). This implementation is tolerant to *arbitrary clock skew* among replicas. The level of tolerance to skew rate can be configured by setting `--leader-election-lease-duration` and `--leader-election-renew-deadline` appropriately. Please refer to the [package documentation](https://pkg.go.dev/k8s.io/client-go/tools/leaderelection#pkg-overview) for details.

+### Can we install Argo Rollouts centrally in a cluster and manage Rollout resources in external clusters? 
+
+No you cannot do that (even though Argo CD can work that way). This is by design because the Rollout is a custom resource unknown to vanilla Kubernetes. You need the Rollout CRD as well as the controller in the deployment cluster (every cluster that will use workloads with Rollouts).
+
+### What is the version skew policy between the controller and the kubectl plugin?
+
+The Argo Rollout CLI/Kubectl plugin just patches the Rollout object or reads fields from it. [There is no separate "Argo Rollouts API"](../best-practices#there-is-no-argo-rollouts-api). Old versions of the plugin might not understand new fields that are added in the [Rollout specification](../features/specification/). We have never made a breaking change intentionally (removed something from the Rollout Spec). So old clients should work even with newer Rollout versions (excluding new features).
+
 ## Rollouts

 ### Which deployment strategies does Argo Rollouts support?
--- a/docs/analysis/datadog.md
+++ b/docs/analysis/datadog.md
@ -1,8 +1,5 @@
 # Datadog Metrics

-!!! important
-    Available since v0.10.0
-
 A [Datadog](https://www.datadoghq.com/) query can be used to obtain measurements for analysis.

 ```yaml
@ -26,10 +23,7 @@ spec:
          sum:requests.error.rate{service:{{args.service-name}}}
 ```

-The field `apiVersion` refers to the API version of Datadog (v1 or v2). Default value is `v1` if this is omitted.
-
-!!! note
-    Datadog is moving away from the legacy v1 API. Rate limits imposed by Datadog are therefore stricter when using v1. It is recommended to switch to v2 soon. If you switch to v2, you will not be able to use formulas (operations between individual queries).
+The field `apiVersion` refers to the API version of Datadog (v1 or v2). Default value is `v1` if this is omitted. See "Working with Datadog API v2" below for more information.

 Datadog api and app tokens can be configured in a kubernetes secret in argo-rollouts namespace.

@ -46,3 +40,204 @@ stringData:
 ```

 `apiVersion` here is different from the `apiVersion` from the Datadog configuration above.
+
+!!! important
+    ###### Namespaced secret
+    Datadog integration supports referring to secrets inside the same namespace as argo-rollouts (by default)
+    or referring to a secret in the same namespace as the `AnalysisTemplate`.
+
+    To use a secret from the `AnalysisTemplate` namespace, include a `secretRef` section in the template, specifying the `name` of the secret and setting the `namespaced` property to `true`.
+
+    The process for retrieving Datadog credentials is as follows:
+    1. **If a `secretRef` is defined in the `AnalysisTemplate`:** Argo Rollouts will search for the secret with the specified name in the namespace where the template resides.
+    2. **If the secret is not found in the specified namespace:** Argo Rollouts will then check the environment variables.
+    3. **If the credentials are not found in environment variables:** Argo Rollouts will look for a secret named "Datadog" in the namespace where Argo Rollouts itself is deployed.
+
+--- 
+
+Let me know if there's anything else you'd like to adjust!
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: loq-error-rate
+spec:
+  args:
+  - name: service-name
+  metrics:
+  - name: error-rate
+    interval: 5m
+    successCondition: result <= 0.01
+    failureLimit: 3
+    provider:
+      datadog:
+        apiVersion: v2
+        interval: 5m
+        secretRef:
+          name: "mysecret"
+          namespaced: true
+        query: |
+          sum:requests.error.rate{service:{{args.service-name}}}
+  ```
+
+
+
+### Working with Datadog API v2
+
+!!! important
+    While some basic v2 functionality is working in earlier versions, the new properties of `formula` and `queries` are only available as of v1.7
+
+#### Moving to v2
+
+If your old v1 was just a simple metric query - no formula as part of the query - then you can just move to v2 by updating the `apiVersion` in your existing Analysis Template, and everything should work.
+
+If you have a formula, you will need to update how you configure your metric. Here is a before/after example of what your Analysis Template should look like:
+
+Before:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: log-error-rate
+spec:
+  args:
+  - name: service-name
+  metrics:
+  - name: error-rate
+    interval: 30s
+    successCondition: default(result, 0) < 10
+    failureLimit: 3
+    provider:
+      datadog:
+        apiVersion: v1
+        interval: 5m
+        query: "moving_rollup(sum:requests.errors{service:{{args.service-name}}}.as_count(), 60, 'sum') / sum:requests{service:{{args.service-name}}}.as_count()"
+```
+
+After:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: loq-error-rate
+spec:
+  args:
+  - name: service-name
+  metrics:
+  - name: error-rate
+    # Polling rate against the Datadog API
+    interval: 30s
+    successCondition: default(result, 0) < 10
+    failureLimit: 3
+    provider:
+      datadog:
+        apiVersion: v2
+        # The window of time we are looking at in DD. Basically we will fetch data from (now-5m) to now.
+        interval: 5m
+        queries:
+          a: sum:requests.errors{service:{{args.service-name}}}.as_count()
+          b: sum:requests{service:{{args.service-name}}}.as_count()
+        formula: "moving_rollup(a, 60, 'sum') / b"
+```
+
+#### Examples
+
+Simple v2 query with no formula
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: canary-container-restarts
+spec:
+  args:
+    # This is set in rollout using the valueFrom: podTemplateHashValue functionality
+    - name: canary-hash
+    - name: service-name
+    - name: restarts.initial-delay
+      value: "60s"
+    - name: restarts.max-restarts
+      value: "4"
+  metrics:
+    - name: kubernetes.containers.restarts
+      initialDelay: "{{ args.restarts.initial-delay }}"
+      interval: 15s
+      failureCondition: default(result, 0) > {{ args.restarts.max-restarts }}
+      failureLimit: 0
+      provider:
+        datadog:
+          apiVersion: v2
+          interval: 5m
+          queries:
+            # The key is arbitrary - you will use this key to refer to the query if you use a formula.
+            q: "max:kubernetes.containers.restarts{service-name:{{args.service-name}},rollouts_pod_template_hash:{{args.canary-hash}}}"
+```
+
+### Tips
+
+#### Datadog Results
+
+Datadog queries can return empty results if the query takes place during a time interval with no metrics. The Datadog provider will return a `nil` value yielding an error during the evaluation phase like:
+
+```
+invalid operation: < (mismatched types <nil> and float64)
+```
+
+However, empty query results yielding a `nil` value can be handled using the `default()` function. Here is a succeeding example using the `default()` function:
+
+```yaml
+successCondition: default(result, 0) < 0.05
+```
+
+#### Metric aggregation (v2 only)
+
+By default, Datadog analysis run is configured to use `last` metric aggregator when querying Datadog v2 API. This value can be overridden by specifying a new `aggregator` value from a list of supported aggregators (`avg,min,max,sum,last,percentile,mean,l2norm,area`) for the V2 API ([docs](https://docs.datadoghq.com/api/latest/metrics/#query-scalar-data-across-multiple-products)).
+
+For example, using count-based distribution metric (`count:metric{*}.as_count()`) with values `1,9,3,7,5` in a given `interval` will make `last` aggregator return `5`. To return a sum of all values (`25`), set `aggregator: sum` in Datadog provider block and use `moving_rollup()` function to aggregate values in the specified rollup interval. These functions can be combined in a `formula` to perform additional calculations:
+
+```yaml
+...<snip>
+  metrics:
+  - name: error-percentage
+    interval: 30s
+    successCondition: default(result, 0) < 5
+    failureLimit: 3
+    provider:
+      datadog:
+        apiVersion: v2
+        interval: 5m
+        aggregator: sum # override default aggregator
+        queries:
+          a: count:requests.errors{service:my-service}.as_count()
+          b: count:requests{service:my-service}.as_count()
+        formula: "moving_rollup(a, 300, 'sum') / moving_rollup(b, 300, 'sum') * 100" # percentage of requests with errors
+```
+
+#### Templates and Helm
+
+Helm and Argo Rollouts both try to parse things between `{{ ... }}` when rendering templates. If you use Helm to deliver your manifests, you will need to escape `{{ args.whatever }}`. Using the example above, here it is set up for Helm:
+
+```yaml
+...<snip>
+metrics:
+  - name: kubernetes.containers.restarts
+      initialDelay: "{{ `{{ args.restarts.initial-delay }}` }}"
+    interval: 15s
+      failureCondition: default(result, 0) > {{ `{{ args.restarts.max-restarts }}` }}
+    failureLimit: 0
+    provider:
+      datadog:
+        apiVersion: v2
+        interval: 5m
+        queries:
+          q: "{{ `max:kubernetes.containers.restarts{kube_app_name:{{args.kube_app_name}},rollouts_pod_template_hash:{{args.canary-hash}}}` }}"
+```
+
+#### Rate Limits
+
+For the `v1` API, you ask for an increase on the `api/v1/query` route.
+
+For the `v2` API, the Ratelimit-Name you ask for an increase in is the `query_scalar_public`.
--- a/docs/analysis/job.md
+++ b/docs/analysis/job.md
@ -4,7 +4,7 @@ A Kubernetes Job can be used to run analysis. When a Job is used, the metric is
 successful if the Job completes and had an exit code of zero, otherwise it is failed.

 ```yaml
-  metrics:
+metrics:
  - name: test
    provider:
      job:
@ -18,8 +18,19 @@ successful if the Job completes and had an exit code of zero, otherwise it is fa
          template:
            spec:
              containers:
-              - name: test
-                image: my-image:latest
-                command: [my-test-script, my-service.default.svc.cluster.local]
+                - name: test
+                  image: my-image:latest
+                  command:
+                    [my-test-script, my-service.default.svc.cluster.local]
              restartPolicy: Never
 ```
+
+## Control where the jobs run
+
+Argo Rollouts allows you some control over where your metric job runs.
+
+The following env vars can be set on the Rollouts controller:
+
+`ARGO_ROLLOUTS_ANALYSIS_JOB_NAMESPACE` will allow you to run your metric jobs in a namespace other than the default (which can vary depending on if you are running Rollouts in cluster mode or not).
+
+`ARGO_ROLLOUTS_ANALYSIS_JOB_KUBECONFIG` will allow running metric jobs in a different cluster entirely. This should be a path to the kubeconfig you want to use.
--- a/docs/analysis/newrelic.md
+++ b/docs/analysis/newrelic.md
@ -21,6 +21,7 @@ spec:
        profile: my-newrelic-secret  # optional, defaults to 'newrelic'
        query: |
          FROM Transaction SELECT percentage(count(*), WHERE httpResponseCode != 500) as successRate where appName = '{{ args.application-name }}'
+        timeout: 10 # NRQL query timeout in seconds. Optional, defaults to 5
 ```

 The `result` evaluated for the condition will always be map or list of maps. The name will follow the pattern of either `function` or `function.field`, e.g. `SELECT average(duration) from Transaction` will yield `average.duration`. In this case the field result cannot be accessed with dot notation and instead should be accessed like `result['average.duration']`. Query results can be renamed using the [NRQL clause `AS`](https://docs.newrelic.com/docs/query-your-data/nrql-new-relic-query-language/get-started/nrql-syntax-clauses-functions#sel-as) as seen above.
@ -54,3 +55,11 @@ stringData:
  base-url-rest: <your-base-url>
  base-url-nerdgraph: <your-base-url>
 ```
+
+## Additional Metadata
+
+The New Relic provider returns the below metadata under the `Metadata` map in the `MetricsResult` object of `AnalysisRun`.
+
+| KEY                   | Description |
+|-----------------------|-------------|
+| ResolvedNewRelicQuery | Resolved query after substituting the template's arguments |
--- a/docs/analysis/plugins.md
+++ b/docs/analysis/plugins.md
@ -1,26 +1,28 @@
 # Metric Plugins

-!!! important
-    Available since v1.5 - Status: Alpha
+!!! warning "Alpha Feature (Since 1.5.0)"

-Argo Rollouts supports getting analysis metrics via 3rd party plugin system. This allows users to extend the capabilities of Rollouts
+    This is an experimental, [alpha-quality](https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#alpha)
+    feature that allows you to support metric providers that are not natively supported.
+
+Argo Rollouts supports getting analysis metrics via 3rd party [plugin system](../plugins.md). This allows users to extend the capabilities of Rollouts
 to support metric providers that are not natively supported. Rollout's uses a plugin library called
 [go-plugin](https://github.com/hashicorp/go-plugin) to do this. You can find a sample plugin
 here: [rollouts-plugin-metric-sample-prometheus](https://github.com/argoproj-labs/rollouts-plugin-metric-sample-prometheus)

-## Using a Metric Plugin
+## Installing

 There are two methods of installing and using an argo rollouts plugin. The first method is to mount up the plugin executable
-into the rollouts controller container. The second method is to use a HTTP(S) server to host the plugin executable.
+into the rollouts controller container. The second method is to use an HTTP(S) server to host the plugin executable.

 ### Mounting the plugin executable into the rollouts controller container

 There are a few ways to mount the plugin executable into the rollouts controller container. Some of these will depend on your
 particular infrastructure. Here are a few methods:

-* Using an init container to download the plugin executable
-* Using a Kubernetes volume mount with a shared volume such as NFS, EBS, etc.
-* Building the plugin into the rollouts controller container
+- Using an init container to download the plugin executable
+- Using a Kubernetes volume mount with a shared volume such as NFS, EBS, etc.
+- Building the plugin into the rollouts controller container

 Then you can use the configmap to point to the plugin executable file location. Example:

@ -31,13 +33,26 @@ metadata:
  name: argo-rollouts-config
 data:
  metricProviderPlugins: |-
-    - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
+    - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so it can find its configuration
      location: "file://./my-custom-plugin" # supports http(s):// urls and file://
 ```

-### Using a HTTP(S) server to host the plugin executable
+### Using an HTTP(S) server to host the plugin executable

-Argo Rollouts supports downloading the plugin executable from a HTTP(S) server. To use this method, you will need to
+!!! warning "Installing a plugin with http(s)"
+
+    Depending on which method you use to install and the plugin, there are some things to be aware of.
+    The rollouts controller will not start if it can not download or find the plugin executable. This means that if you are using
+    a method of installation that requires a download of the plugin and the server hosting the plugin for some reason is not available and the rollouts
+    controllers pod got deleted while the server was down or is coming up for the first time, it will not be able to start until
+    the server hosting the plugin is available again.
+
+    Argo Rollouts will download the plugin at startup only once but if the pod is deleted it will need to download the plugin again on next startup. Running
+    Argo Rollouts in HA mode can help a little with this situation because each pod will download the plugin at startup. So if a single pod gets
+    deleted during a server outage, the other pods will still be able to take over because there will already be a plugin executable available to it. It is the
+    responsibility of the Argo Rollouts administrator to define the plugin installation method considering the risks of each approach.
+
+Argo Rollouts supports downloading the plugin executable from an HTTP(S) server. To use this method, you will need to
 configure the controller via the `argo-rollouts-config` configmap and set `pluginLocation` to a http(s) url. Example:

 ```yaml
@ -47,11 +62,24 @@ metadata:
  name: argo-rollouts-config
 data:
  metricProviderPlugins: |-
-    - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
+    - name: "argoproj-labs/sample-prometheus" # name of the plugin, it must match the name required by the plugin so it can find its configuration
      location: "https://github.com/argoproj-labs/rollouts-plugin-metric-sample-prometheus/releases/download/v0.0.4/metric-plugin-linux-amd64" # supports http(s):// urls and file://
      sha256: "dac10cbf57633c9832a17f8c27d2ca34aa97dd3d" #optional sha256 checksum of the plugin executable
+      headersFrom: #optional headers for the download via http request 
+        - secretRef:
+            name: secret-name
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-name
+stringData:
+  Authorization: Basic <Base 64 TOKEN>
+  My-Header: value
 ```

+
+
 ## Some words of caution

 Depending on which method you use to install and the plugin, there are some things to be aware of.
@ -67,8 +95,13 @@ responsibility of the Argo Rollouts administrator to define the plugin installat

 ## List of Available Plugins (alphabetical order)

-#### Add Your Plugin Here
-  * If you have created a plugin, please submit a PR to add it to this list.
-#### [rollouts-plugin-metric-sample-prometheus](https://github.com/argoproj-labs/rollouts-plugin-metric-sample-prometheus)
-  * This is just a sample plugin that can be used as a starting point for creating your own plugin.
-It is not meant to be used in production. It is based on the built-in prometheus provider.
+If you have created a plugin, please submit a PR to add it to this list.
+
+### [rollouts-plugin-metric-opensearch](https://github.com/argoproj-labs/rollouts-plugin-metric-opensearch)
+
+- The application is an OpenSearch plugin designed for use with the Argo Rollouts plugin system. This plugin enables the integration of OpenSearch metrics into Argo Rollouts, allowing for advanced metric analysis and monitoring during application rollouts.
+
+### [rollouts-plugin-metric-sample-prometheus](https://github.com/argoproj-labs/rollouts-plugin-metric-sample-prometheus)
+
+- This is just a sample plugin that can be used as a starting point for creating your own plugin.
+  It is not meant to be used in production. It is based on the built-in prometheus provider.
--- a/docs/analysis/prometheus.md
+++ b/docs/analysis/prometheus.md
@ -23,7 +23,7 @@ spec:
        # timeout is expressed in seconds
        timeout: 40
        headers:
-        - name: X-Scope-Org-ID
+        - key: X-Scope-OrgID
          value: tenant_a
        query: |
          sum(irate(
@ -39,7 +39,50 @@ you validate your [PromQL expression](https://prometheus.io/docs/prometheus/late

 See the [Analysis Overview page](../../features/analysis) for more details on the available options.

-## Utilizing Amazon Managed Prometheus
+## Range queries
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: range-query-example
+spec:
+  args:
+  - name: service-name
+  - name: lookback-duration
+    value: 5m
+  metrics:
+  - name: success-rate
+    # checks that all returned values are under 1000ms
+    successCondition: "all(result, # < 1000)"
+    failureLimit: 3
+    provider:
+      prometheus:
+        rangeQuery:
+          # See https://expr-lang.org/docs/language-definition#date-functions
+          # for value date functions
+          # The start point to query from
+          start: 'now() - duration("{{args.lookback-duration}}")'
+          # The end point to query to
+          end: 'now()'
+          # Query resolution width 
+          step: 1m
+        address: http://prometheus.example.com:9090
+        query: http_latency_ms{service="{{args.service-name}}"}
+```
+
+### Range query and successCondition/failureCondition
+
+Since range queries will usually return multiple values from prometheus. It is important to assert on every value returned. See the following examples:
+
+* ❌ `result[0] < 1000` - this will only check the first value returned
+* ✅ `all(result, # < 1000)` - checks every value returns from prometheus
+
+See [expr](https://github.com/expr-lang/expr) for more expression options.
+
+## Authorization
+
+### Utilizing Amazon Managed Prometheus

 Amazon Managed Prometheus can be used as the prometheus data source for analysis. In order to do this the namespace where your analysis is running will have to have the appropriate [IRSA attached](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-ingest-metrics-new-Prometheus.html#AMP-onboard-new-Prometheus-IRSA) to allow for prometheus queries. Once you ensure the proper permissions are in place to access AMP, you can use an AMP workspace url in your ```provider``` block and add a SigV4 config for Sigv4 signing:

@ -61,6 +104,55 @@ provider:
        roleArn: $ROLEARN
 ```

+### With OAuth2
+
+You can setup an [OAuth2 client credential](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) flow using the following values:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: success-rate
+spec:
+  args:
+  - name: service-name
+  # from secret
+  - name: oauthSecret  # This is the OAuth2 shared secret
+    valueFrom:
+      secretKeyRef:
+        name: oauth-secret
+        key: secret
+  metrics:
+  - name: success-rate
+    interval: 5m
+    # NOTE: prometheus queries return results in the form of a vector.
+    # So it is common to access the index 0 of the returned array to obtain the value
+    successCondition: result[0] >= 0.95
+    failureLimit: 3
+    provider:
+      prometheus:
+        address: http://prometheus.example.com:9090
+        # timeout is expressed in seconds
+        timeout: 40
+        authentication:
+          oauth2:
+            tokenUrl: https://my-oauth2-provider/token
+            clientId: my-client-id
+            clientSecret: "{{ args.oauthSecret }}"
+            scopes: [
+              "my-oauth2-scope"
+            ]
+        query: |
+          sum(irate(
+            istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
+          )) /
+          sum(irate(
+            istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+          ))
+```
+
+The AnalysisRun will first get an access token using that information, and provide it as an `Authorization: Bearer` header for the metric provider call.
+
 ## Additional Metadata

 Any additional metadata from the Prometheus controller, like the resolved queries after substituting the template's
--- a/docs/analysis/web.md
+++ b/docs/analysis/web.md
@ -1,7 +1,7 @@
 # Web Metrics

 An HTTP request can be performed against some external service to obtain the measurement. This example
-makes a HTTP GET request to some URL. The webhook response must return JSON content. The result of
+makes an HTTP GET request to some URL. The webhook response must return JSON content. The result of
 the optional `jsonPath` expression will be assigned to the `result` variable that can be referenced
 in the `successCondition` and `failureCondition` expressions. If omitted, will use the entire body
 of the as the result variable.
@ -49,7 +49,7 @@ NOTE: if the result is a string, two convenience functions `asInt` and `asFloat`
 to convert a result value to a numeric type so that mathematical comparison operators can be used
 (e.g. >, <, >=, <=).

-### Optional web methods
+## Optional web methods
 It is possible to use a POST or PUT requests, by specifying the `method` and either `body` or `jsonBody` fields

 ```yaml
@ -96,7 +96,7 @@ It is possible to use a POST or PUT requests, by specifying the `method` and eit
        jsonPath: "{$.data.ok}"
 ```

-### Skip TLS verification
+## Skip TLS verification

 You can skip the TLS verification of the web host provided by setting the options `insecure: true`.

@ -112,4 +112,47 @@ You can skip the TLS verification of the web host provided by setting the option
          - key: Authorization
            value: "Bearer {{ args.api-token }}"
        jsonPath: "{$.data}"
-```
+```
+## Authorization
+
+### With OAuth2
+
+You can setup an [OAuth2 client credential](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) flow using the following values:
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisTemplate
+metadata:
+  name: success-rate
+spec:
+  args:
+  - name: service-name
+  # from secret
+  - name: oauthSecret  # This is the OAuth2 shared secret
+    valueFrom:
+      secretKeyRef:
+        name: oauth-secret
+        key: secret
+  metrics:
+  - name: webmetric
+    successCondition: result == true
+    provider:
+      web:
+        url: "http://my-server.com/api/v1/measurement?service={{ args.service-name }}"
+        timeoutSeconds: 20 # defaults to 10 seconds
+        authentication:
+          oauth2:
+            tokenUrl: https://my-oauth2-provider/token
+            clientId: my-client-id
+            clientSecret: "{{ args.oauthSecret }}"
+            scopes: [
+              "my-oauth2-scope"
+            ]
+        headers:
+          - key: Content-Type # if body is a json, it is recommended to set the Content-Type
+            value: "application/json"
+        jsonPath: "{$.data.ok}"
+```
+
+In that case, no need to provide specifically the `Authentication` header.
+The AnalysisRun will first get an access token using that information, and provide it as an `Authorization: Bearer` header for the metric provider call.
--- a/docs/assets/versions.css
+++ b/docs/assets/versions.css
@ -53,7 +53,7 @@ div[data-md-component=announce]>div#announce-msg>a{
 }

 /* from https://assets.readthedocs.org/static/css/badge_only.css,
-most styles have to be overriden here */
+most styles have to be overridden here */
 .rst-versions{
  position: relative !important;
  bottom: 0;
--- a/docs/assets/versions.js
+++ b/docs/assets/versions.js
@ -1,15 +1,40 @@
-setTimeout(function() {
-  const callbackName = 'callback_' + new Date().getTime();
-  window[callbackName] = function (response) {
-  const div = document.createElement('div');
-  div.innerHTML = response.html;
-  document.querySelector(".md-header__inner > .md-header__title").appendChild(div);
-  const container = div.querySelector('.rst-versions');
-  var caret = document.createElement('div');
-  caret.innerHTML = "<i class='fa fa-caret-down dropdown-caret'></i>"
-  caret.classList.add('dropdown-caret')
-  div.querySelector('.rst-current-version').appendChild(caret);
+const targetNode = document.querySelector('.md-header__inner');
+const observerOptions = {
+  childList: true,
+  subtree: true
+};
+
+const observerCallback = function(mutationsList, observer) {
+  for (let mutation of mutationsList) {
+    if (mutation.type === 'childList') {
+      const titleElement = document.querySelector('.md-header__inner > .md-header__title');
+      if (titleElement) {
+        initializeVersionDropdown();
+        observer.disconnect();
+      }
+    }
  }
+};
+
+const observer = new MutationObserver(observerCallback);
+observer.observe(targetNode, observerOptions);
+
+function initializeVersionDropdown() {
+  const callbackName = 'callback_' + new Date().getTime();
+  window[callbackName] = function(response) {
+    const div = document.createElement('div');
+    div.innerHTML = response.html;
+    document.querySelector(".md-header__inner > .md-header__title").appendChild(div);
+    const container = div.querySelector('.rst-versions');
+    var caret = document.createElement('div');
+    caret.innerHTML = "<i class='fa fa-caret-down dropdown-caret'></i>";
+    caret.classList.add('dropdown-caret');
+    div.querySelector('.rst-current-version').appendChild(caret);
+
+    div.querySelector('.rst-current-version').addEventListener('click', function() {
+      container.classList.toggle('shift-up');
+    });
+  };

  var CSSLink = document.createElement('link');
  CSSLink.rel='stylesheet';
@ -20,6 +45,31 @@ setTimeout(function() {
  script.src = 'https://argo-rollouts.readthedocs.io/_/api/v2/footer_html/?'+
      'callback=' + callbackName + '&project=argo-rollouts&page=&theme=mkdocs&format=jsonp&docroot=docs&source_suffix=.md&version=' + (window['READTHEDOCS_DATA'] || { version: 'latest' }).version;
  document.getElementsByTagName('head')[0].appendChild(script);
-}, 0);
-
+}

+// VERSION WARNINGS
+window.addEventListener("DOMContentLoaded", function() {
+  var currentVersion = window.location.href.match(/\/en\/(release-(?:v\d+|\w+)|latest|stable)\//);
+  var margin = 30;
+  var headerHeight = document.getElementsByClassName("md-header")[0].offsetHeight;
+  if (currentVersion && currentVersion.length > 1) {
+    currentVersion = currentVersion[1];
+    if (currentVersion === "latest") {
+      document.querySelector("div[data-md-component=announce]").innerHTML = "<div id='announce-msg'>You are viewing the docs for an unreleased version of Argo Rollouts, <a href='https://argoproj.github.io/argo-rollouts/'>click here to go to the latest stable version.</a></div>";
+      var bannerHeight = document.getElementById('announce-msg').offsetHeight + margin;
+      document.querySelector("header.md-header").style.top = bannerHeight + "px";
+      document.querySelector('style').textContent +=
+          "@media screen and (min-width: 76.25em){ .md-sidebar { height: 0;  top:" + (bannerHeight + headerHeight) + "px !important; }}";
+      document.querySelector('style').textContent +=
+          "@media screen and (min-width: 60em){ .md-sidebar--secondary { height: 0;  top:" + (bannerHeight + headerHeight) + "px !important; }}";
+    } else if (currentVersion !== "stable") {
+      document.querySelector("div[data-md-component=announce]").innerHTML = "<div id='announce-msg'>You are viewing the docs for a previous version of Argo Rollouts, <a href='https://argoproj.github.io/argo-rollouts/'>click here to go to the latest stable version.</a></div>";
+      var bannerHeight = document.getElementById('announce-msg').offsetHeight + margin;
+      document.querySelector("header.md-header").style.top = bannerHeight + "px";
+      document.querySelector('style').textContent +=
+          "@media screen and (min-width: 76.25em){ .md-sidebar { height: 0;  top:" + (bannerHeight + headerHeight) + "px !important; }}";
+      document.querySelector('style').textContent +=
+          "@media screen and (min-width: 60em){ .md-sidebar--secondary { height: 0;  top:" + (bannerHeight + headerHeight) + "px !important; }}";
+    }
+  }
+});
--- a/docs/best-practices.md
+++ b/docs/best-practices.md
@ -1,6 +1,89 @@
 # Best Practices

-This document describes some best practices, tips and tricks when using Argo Rollouts.
+This document describes some best practices, tips and tricks when using Argo Rollouts. Be sure to read the [FAQ page](../FAQ) as well.
+
+
+## Check application compatibility
+
+Argo Rollouts is a great solution for applications that your team is deploying in a continuous manner (and you have access to the source code). Before using Argo Rollouts you need to contact the developers of the application and verify that you can indeed run multiple versions of the same application at the same time. 
+
+Not all applications can work with Argo Rollouts. Applications that use shared resources (e.g. writing to a shared file) will have issues, and "worker" type applications (that load data from queues) will rarely work ok without source code modifications.
+
+Note that using Argo Rollouts for "infrastructure" applications such as cert-manager, nginx, coredns, sealed-secrets etc is **NOT** recommended.
+
+## Understand the scope of Argo Rollouts
+
+Currently, Argo Rollouts works with a single Kubernetes deployment/application and within a single cluster only. You also need to have the controller deployed on *every* cluster where a Rollout is running if have more than one clusters using Rollout workloads.
+
+If you want to look at multiple-services on multiple clusters
+see discussion at issues [2737](https://github.com/argoproj/argo-rollouts/issues/2737), [451](https://github.com/argoproj/argo-rollouts/issues/451) and [2088](https://github.com/argoproj/argo-rollouts/issues/2088).
+
+
+Note also that Argo Rollouts is a self-contained solution. It doesn't need Argo CD or any other Argo project to work.
+
+## Understand your use case
+
+Argo Rollouts is perfect for all progressive delivery scenarios as explained in [the concepts page](../concepts).
+
+You should *NOT* use Argo Rollouts for preview/ephemeral environments. For that use case check the [Argo CD Pull Request generator](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Pull-Request/).
+
+The recommended way to use Argo Rollouts is for brief deployments that take 15-20 minutes or maximum 1-2 hours. If you want to run new versions for days or weeks before deciding to promote, then Argo Rollouts is probably not the best solution for you.
+
+Keeping parallel releases for long times, complicates the deployment process a lot and opens several questions where different people have different views on how Argo Rollouts should work.
+
+For example let's say that you are testing for a week version 1.3 as stable and 1.4 as preview.
+Then somebody deploys 1.5
+
+1. Some people believe that the new state should be 1.3 stable and 1.5 as preview
+1. Some people believe that the new state should be 1.4 stable and 1.5 as preview
+
+Currently, Argo Rollouts follows the first approach, under the assumption that something was really wrong with 1.4 and 1.5 is the hotfix. 
+
+And then let's say that 1.5 has an issue. Some people believe that Argo rollouts should "rollback" to 1.3 while other people think it should rollback to 1.4
+
+Currently, Argo Rollouts assumes that the version to rollback is always 1.3 regardless of how many "hotfixes" have been previewed in-between.
+
+All these problems are not present if you make the assumption that each release stays active only for a minimal time and you always create one new version when the previous one has finished.
+
+Also, if you want to run a wave of multiple versions at the same time (i.e. have 1.1 and 1.2 and 1.3 running at the same time), know that Argo Rollouts was not designed for this scenario. Argo Rollouts always works with the assumption that there is one stable/previous version and one preview/next version.
+
+A version that has just been promoted is assumed to be ready for production and has already passed all your tests (either manual or automated).
+
+## Prepare your metrics
+
+The end-goal for using Argo Rollouts is to have **fully automated** deployments that also include rollbacks when needed.
+
+While Argo Rollouts supports manual promotions and other manual pauses, these are best used for experimentation and test reasons.
+
+Ideally you should have proper metrics that tell you in 5-15 minutes if a deployment is successful or not. If you don't have those metrics, then you will miss a lot of value from Argo Rollouts.
+
+If you are doing a deployment right now and then have an actual human looking at logs/metrics/traces for the next 2 hours, adopting Argo Rollouts is not going to help you a lot with automated deployments.
+
+Get your [metrics](../features/analysis) in place first and test them with dry-runs before applying them to production deployments.
+
+
+## There is no "Argo Rollouts API"
+
+A lot of people want to find an official API for managing Rollouts. There isn't any separate Argo Rollouts API. You can always use the Kubernetes API and patching of resources if you want to control a rollout.
+
+But as explained in the previous point the end goal should be fully automated deployments without you having to tell Argo Rollouts to promote or abort.
+
+## Integrating with other systems and processes
+
+There are two main ways to integrate other systems with Argo Rollouts.
+
+The easiest way is to use [Notifications](../features/notifications). This means that when a rollout is finished/aborted you send a notification to another system that does other tasks that you want to happen.
+
+Alternatively you can control Rollouts with the CLI or by patching manually the Kubernetes resources.
+
+
+## Use the Kubernetes Downward API
+
+If you want your applications to know if they are part of a canary or not, you can use [Ephemeral labels](../features/ephemeral-metadata) along with the [Kubernetes downward api](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/).
+
+This means that your application will read from files its configuration in a dynamic manner and adapt according to the situation.
+
+

 ## Ingress desired/stable host routes

@ -19,7 +102,7 @@ to the ingress rules so that it is possible to specifically reach to the desired
 pods or stable pods.

 ```yaml
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: guestbook
@ -29,35 +112,79 @@ spec:
  - host: guestbook-desired.argoproj.io
    http:
      paths:
-      - backend:
-          serviceName: guestbook-desired
-          servicePort: 443
-        path: /*
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: guestbook-desired
+            port:
+              number: 443
+
  # host rule to only reach the stable pods
  - host: guestbook-stable.argoproj.io
    http:
      paths:
-      - backend:
-          serviceName: guestbook-stable
-          servicePort: 443
-        path: /*
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: guestbook-stable
+            port:
+              number: 443
+
  # default rule which omits host, and will split traffic between desired vs. stable
  - http:
      paths:
-      - backend:
-          serviceName: guestbook-root
-          servicePort: 443
-        path: /*
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: guestbook-root
+            port:
+            number: 443
 ```

-The above technique has the a benefit in that it would not incur additional cost of allocating
+The above technique has a benefit in that it would not incur additional cost of allocating
 additional load balancers.

 ## Reducing operator memory usage

 On clusters with thousands of rollouts memory usage for the argo-rollouts
-operator can be reduced significantly by changing RevisionHistoryLimit from the
-default of 10 to a lower number. One user of Argo Rollouts saw a 27% reduction
-in memory usage for a cluster with 1290 rollouts by changing
-RevisionHistoryLimit from 10 to 0.
+controller can be reduced significantly by changing the `RevisionHistoryLimit` property from the
+default of 10 to a lower number. 

+One user of Argo Rollouts saw a 27% reduction
+in memory usage for a cluster with 1290 rollouts by changing
+`RevisionHistoryLimit` from 10 to 0.
+
+
+## Rollout a ConfigMap change
+
+Argo Rollouts is meant to work on a Kubernetes Deployment. When a ConfigMap is mounted inside one the Deployment container and a change occurs inside the ConfigMap, it won't trigger a new Rollout by default.
+
+One technique to trigger the Rollout it to name dynamically the ConfigMap.
+For example, adding a hash of its content at the end of the name:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-config-7270e14e6
+```
+
+Each time a change occurs in the ConfigMap, its name will change in the Deployment reference as well, triggering a Rollout.
+
+However, it's not enough to perform correctly progressive rollouts, as the old ConfigMap might get deleted as soon as the new one is created. This would prevent Experiments and rollbacks in case of rollout failure to work correctly.
+
+While no magical solution exist to work aroud that, you can tweak your deployment tool to remove the ConfigMap only when the Rollout is completed successfully.
+
+Example with Argo CD:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: my-config-7270e14e6
+  annotations:
+    argocd.argoproj.io/sync-options: PruneLast=true
+```
--- a/docs/concepts.md
+++ b/docs/concepts.md
@ -3,7 +3,7 @@
 ## Rollout

 A Rollout is Kubernetes workload resource which is equivalent to a Kubernetes Deployment object.
-It is intended to replace a Deployment object in scenarios when more advanced deployment or 
+It is intended to replace a Deployment object in scenarios when more advanced deployment or
 progressive delivery functionality is needed. A Rollout provides the following features which
 a Kubernetes Deployment cannot:

@ -17,17 +17,17 @@ a Kubernetes Deployment cannot:

 Progressive delivery is the process of releasing updates of a product in a controlled and gradual
 manner, thereby reducing the risk of the release, typically coupling automation and metric analysis
-to drive the automated promotion or rollback of the update. 
+to drive the automated promotion or rollback of the update.

 Progressive delivery is often described as an evolution of continuous delivery, extending the
 speed benefits made in CI/CD to the deployment process. This is accomplished by limiting the
-exposure of the new version to a subset of users, observing and analyzing for correct behavior, 
+exposure of the new version to a subset of users, observing and analyzing for correct behavior,
 then progressively increasing the exposure to a broader and wider audience while continuously
 verifying correctness.

 ## Deployment Strategies

-While the industry has used a consistent terminology to describe various deployment strategies, the implementations of these strategies tend to differ across tooling. To make it clear how the Argo Rollouts will behave, here are the descriptions of the various deployment strategies implementations offered by the Argo Rollouts.
+While the industry has used a consistent terminology to describe various deployment strategies, the implementations of these strategies tend to differ across tooling. To make it clear how the Argo Rollouts will behave, here are the descriptions of the various deployment strategy implementations. Argo Rollouts only supports Blue-Green and Canary.

 ### Rolling Update
 A `RollingUpdate` slowly replaces the old version with the new version. As the new version comes up, the old version is scaled down in order to maintain the overall count of the application. This is the default strategy of the Deployment object.
@ -46,4 +46,33 @@ A Canary deployment exposes a subset of users to the new version of the applicat
 [![How Canary deployments work](concepts-assets/canary-deployments.png)](concepts-assets/canary-deployments.png)

 The picture above shows a canary with two stages (10% and 33% of traffic goes to new version) but this is just an example. With Argo Rollouts you can define the exact number of stages
-and percentages of traffic according to your use case.
+and percentages of traffic according to your use case.
+
+## Which strategy to choose
+
+In general Blue/Green is the easier strategy to start with, but also the more limited. We recommend you start with Blue/Green deployments first and as you gain confidence for your metrics and applications switch to Canaries.
+
+You also need to examine if your application can handle canaries or not.
+
+* Blue/Green always works because only one application is active at a time. Not all applications can have different versions running in parallel at the same time (which is what canaries are doing). This can be a showstopper for adopting canary deployments especially for legacy applications.
+* Blue/Green is simpler because you can get their full value WITHOUT a traffic manager. While canaries can also work without a traffic manager, most of their advanced features assume a fine-grained way to control traffic. If you don't have a traffic manager, then you can easily get the full value
+of blue/green deployments but only the basic capabilities of canaries.
+* Blue/Green also works with services that use queues and databases (workers that fetch tasks). Argo Rollouts doesn't control traffic flow for
+connections it doesn't understand (i.e. binary/queue channels).
+
+Here is a summary table for the possible approaches.
+
+|                           |         Blue/Green        |       Basic Canary         | Canary with Traffic manager    |
+|--------------------------:|:-------------------------:|:--------------------------:| :-----------------------------:|
+|       Adoption Complexity |           Low             |       Medium               |        High                    |
+|        Flexibility        |           Low             |        High                |        Maximum                 |
+|    Needs traffic provider |                 No        |         No                 |           Yes                  |
+|  Works with queue workers |                Yes        |         No                 |            No                  |
+|  Works with shared/locked resources | Yes             |         No                 |            No                  |
+|            Traffic switch |     All or nothing        |  Gradual percentage        |      Gradual percentage        |
+|           Traffic control |     0% or 100%            |  coarse grained            |     fine grained               |
+|       Traffic depends on  |     deployment state      |  number of canary pods     |     Any split option is possible                |
+| Advanced routing scenarios |         No               |       No                   |         Yes                    |
+|      Failure Blast Radius | Massive impact            |  Low impact                       | Low impact              |
+
+Note that the traffic manager can be any compatible Service Mesh or Ingress Controller or Gateway API implementation (via a plugin).
--- a/docs/features/analysis.md
+++ b/docs/features/analysis.md
@ -2,7 +2,7 @@

 Argo Rollouts provides several ways to perform analysis to drive progressive delivery.
 This document describes how to achieve various forms of progressive delivery, varying the point in
-time analysis is performed, it's frequency, and occurrence.
+time analysis is performed, its frequency, and occurrence.

 ## Custom Resource Definitions

@ -154,8 +154,7 @@ spec:
          ))
 ```

-Multiple measurements can be performed over a longer duration period, by specifying the `count` and
-`interval` fields:
+Multiple measurements can be performed over a longer duration period, by specifying the `count` and `interval` fields:

 ```yaml hl_lines="4 5"
  metrics:
@ -169,6 +168,13 @@ Multiple measurements can be performed over a longer duration period, by specify
        query: ...
 ```

+!!! note
+    The `count` can have 0 as value which means that it will run until
+    the end of the Rollout execution for background analysis (outside
+    of steps). However if the `count` has value 0 and the analysis is
+    defined in the steps, the analysis won't be executed.
+
+
 ## ClusterAnalysisTemplates

 !!! important
@ -358,6 +364,184 @@ templates together. The controller combines the `metrics` and `args` fields of a
    * Multiple metrics in the templates have the same name
    * Two arguments with the same name have different default values no matter the argument value in Rollout

+## Analysis Template referencing other Analysis Templates
+
+AnalysisTemplates and ClusterAnalysisTemplates may reference other templates.
+
+They can be combined with other metrics:
+
+=== "AnalysisTemplate"
+
+    ```yaml
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisTemplate
+    metadata:
+      name: error-rate
+    spec:
+      args:
+      - name: service-name
+      metrics:
+      - name: error-rate
+        interval: 5m
+        successCondition: result[0] <= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code=~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisTemplate
+    metadata:
+      name: rates
+    spec:
+      args:
+      - name: service-name
+      metrics:
+      - name: success-rate
+        interval: 5m
+        successCondition: result[0] >= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+      templates:
+      - templateName: error-rate
+        clusterScope: false
+    ```
+
+Or without additional metrics:
+
+=== "AnalysisTemplate"
+
+    ```yaml
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisTemplate
+    metadata:
+      name: success-rate
+    spec:
+      args:
+      - name: service-name
+      metrics:
+      - name: success-rate
+        interval: 5m
+        successCondition: result[0] >= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisTemplate
+    metadata:
+      name: error-rate
+    spec:
+      args:
+      - name: service-name
+      metrics:
+      - name: error-rate
+        interval: 5m
+        successCondition: result[0] <= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code=~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+    ---
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisTemplate
+    metadata:
+      name: rates
+    spec:
+      args:
+      - name: service-name
+      templates:
+      - templateName: success-rate
+        clusterScope: false
+      - templateName: error-rate
+        clusterScope: false
+    ```
+
+The result in the AnalysisRun will have the aggregation of metrics of each template:
+
+=== "AnalysisRun"
+
+    ```yaml
+    # NOTE: Generated AnalysisRun from a single template referencing several templates
+    apiVersion: argoproj.io/v1alpha1
+    kind: AnalysisRun
+    metadata:
+      name: guestbook-CurrentPodHash-templates-in-template
+    spec:
+      args:
+      - name: service-name
+        value: guestbook-svc.default.svc.cluster.local
+      metrics:
+      - name: success-rate
+        interval: 5m
+        successCondition: result[0] >= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+      - name: error-rate
+        interval: 5m
+        successCondition: result[0] <= 0.95
+        failureLimit: 3
+        provider:
+          prometheus:
+            address: http://prometheus.example.com:9090
+            query: |
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code=~"5.*"}[5m]
+              )) /
+              sum(irate(
+                istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}"}[5m]
+              ))
+    ```
+
+!!! note
+    The same limitations as for the multiple templates feature apply.
+    The controller will error when merging the templates if:
+
+    * Multiple metrics in the templates have the same name
+    * Two arguments with the same name have different default values no matter the argument value in Rollout
+
+    However, if the same AnalysisTemplate is referenced several times along the chain of references, the controller will only keep it once and discard the other references.
+
 ## Analysis Template Arguments

 AnalysisTemplates may declare a set of arguments that can be passed by Rollouts. The args can then be used as in metrics configuration and are resolved at the time the AnalysisRun is created. Argument placeholders are defined as
@ -575,6 +759,67 @@ The entire analysis run is considered as Failed after three failed measurements.
          ))
 ```

+## ConsecutiveSuccessLimit and FailureLimit
+
+!!! important
+    `consecutiveSuccessLimit` available since v1.8
+
+You can use either `failureLimit` to define a limit for the number of failures before the analysis is considered failed, `consecutiveSuccessLimit` to define the required consecutive number of successes for the analysis to succeed, or both together. One of them has to be applicable (i.e. not disabled, see below for more), otherwise a validation error is thrown.
+
+To disable:
+
+  * `failureLimit`, set the field to `-1`.
+  * `consecutiveSuccessLimit`, set the field to `0` (the default value).
+
+The default value for both is `0`, the meaning of which differs for each one of them. A value of `0` for `failureLimit` means its logic _is_ applicable and no failures are tolerated. However, a value of `0` for `consecutiveSuccessLimit` means it's inapplicable or disabled.
+
+Let's go through each case and show what the behavior would look like.
+
+### Only FailureLimit applicable
+
+The behavior is shown above in the [Failure Conditions and Failure Limit](#failure-conditions-and-failure-limit) section. This is the default behavior if you set nothing of the two fields (with `failureLimit` having a default value of `0`, so no failures are tolerated).
+
+
+### Only ConsecutiveSuccessLimit applicable
+
+To have this behavior, you need to have something like
+```yaml
+failureLimit: -1
+consecutiveSuccessLimit: 4 # Any value > 0
+```
+
+This behavior is essentially waiting for a condition to hold, or an event to happen. That is, keep measuring a metric and keep failing until you measure `N` consecutive successful measurements, at which point the analysis concludes successfully. This can be useful as an event-driven way of promoting a rollout when used in an inline analysis.
+
+
+### Both FailureLimit and ConsecutiveSuccessLimit applicable
+
+To have this behavior, you need to have something like
+```yaml
+failureLimit: 3 # Any value >= 0
+consecutiveSuccessLimit: 4 # Any value > 0 
+``` 
+
+The behavior is simply waiting to measure `N` consecutive successful measurements, _while_ being limited by the number of overall failures specified by `failureLimit`. Above, we need to have at most 3 failures before we get 4 consecutive successful measurements for the analysis to be considered successful.
+
+
+In case of an analysis that has `count` specified (that is, runs for a specific amount of time) and that `count` is reached, the evaluation of success is as follows:
+
+  * `failureLimit` is violated and `consecutiveSuccessLimit` is satisfied: Failure.
+  * `failureLimit` is violated and `consecutiveSuccessLimit` is not satisfied: Failure.
+  * `failureLimit` is not violated and `consecutiveSuccessLimit` is satisfied: Success.
+  * `failureLimit` is not violated and `consecutiveSuccessLimit` is not satisfied: Inconclusive State.
+
+As illustrated, `failureLimit` takes priority if violated. However, if neither is violated/satisfied, the analysis reaches an inconclusive state.
+
+
+!!! note
+    When terminating analyses prematurely, they are always terminated successfully, unless it happens that `failureLimit` is enabled and violated, then they terminate in failure. `consecutiveSuccessLimit`, if enabled, doesn't affect the termination status.
+
+    For more clarity, examples of analyses terminated "prematurely":
+
+    * A background analysis with `count` not specified when terminated at the end of the rollout.
+    * Any analysis with `count` specified and not yet reached when the rollout is aborted.
+
 ## Dry-Run Mode

 !!! important
@ -854,6 +1099,24 @@ spec:
    limit: 20
 ```

+## Time-to-live (TTL) Strategy
+
+!!! important
+    Available since v1.7
+
+`ttlStrategy` limits the lifetime of an analysis run that has finished execution depending on if it Succeeded or Failed. If this struct is set, once the run finishes, it will be deleted after the time to live expires. If this field is unset, the analysis controller will keep the completed runs, unless they are associated with rollouts using other garbage collection policies (e.g. `successfulRunHistoryLimit` and `unsuccessfulRunHistoryLimit`).
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: AnalysisRun
+spec:
+  ...
+  ttlStrategy:
+    secondsAfterCompletion: 3600
+    secondsAfterSuccess: 1800
+    secondsAfterFailure: 1800
+```
+
 ## Inconclusive Runs

 Analysis runs can also be considered `Inconclusive`, which indicates the run was neither successful,
@ -888,7 +1151,7 @@ A use case for having `Inconclusive` analysis runs are to enable Argo Rollouts t
 whether or not measurement value is acceptable and decide to proceed or abort.

 ## Delay Analysis Runs
-If the analysis run does not need to start immediately (i.e give the metric provider time to collect
+If the analysis run does not need to start immediately (i.e. give the metric provider time to collect
 metrics on the canary version), Analysis Runs can delay the specific metric analysis. Each metric
 can be configured to have a different delay. In additional to the metric specific delays, the rollouts
 with background analysis can delay creating an analysis run until a certain step is reached
--- a/docs/features/anti-affinity/anti-affinity.md
+++ b/docs/features/anti-affinity/anti-affinity.md
@ -31,6 +31,7 @@ You can learn more about anti-affinity [here](https://kubernetes.io/docs/concept

 Repeating the above example with anti-affinity enabled, here is what happens when the `.spec.template` of the Rollout changes. Due to anti-affinity, the new pods cannot be scheduled on nodes which run the old ReplicaSet's pods.
 As a result, the cluster auto-scaler must create 2 nodes to host the new ReplicaSet's pods. In this case, pods won't be started since the scaled-down nodes are guaranteed to not have the new pods.
+
 ![ Original Rollout is running, spread across two nodes](images/solution.png)

 ## Enabling Anti-Affinity in Rollouts
@ -41,7 +42,7 @@ This feature will not modify any of the ReplicaSet's pre-existing affinity rules
 Users have a choice between these scheduling rules: `RequiredDuringSchedulingIgnoredDuringExecution` and `PreferredDuringSchedulingIgnoredDuringExecution`.

 `RequiredDuringSchedulingIgnoredDuringExecution` requires a new version's pods to be on a separate node than the previous versions. If this
-is not possible, the the new version's pods will not be scheduled.
+is not possible, the new version's pods will not be scheduled.

 ```yaml
 strategy:
--- a/docs/features/bluegreen.md
+++ b/docs/features/bluegreen.md
@ -1,6 +1,6 @@
 # BlueGreen Deployment Strategy

-A Blue Green Deployment allows users to reduce the amount of time multiple versions running at the same time.
+A Blue Green Deployment allows users to reduce the amount of time multiple versions are running at the same time.

 ## Overview

@ -11,6 +11,12 @@ When there is a change to the `.spec.template` field of a rollout, the controlle
 !!! important
    When the rollout changes the selector on a service, there is a propagation delay before all the nodes update their IP tables to send traffic to the new pods instead of the old. During this delay, traffic will be directed to the old pods if the nodes have not been updated yet. In order to prevent the packets from being sent to a node that killed the old pod, the rollout uses the scaleDownDelaySeconds field to give nodes enough time to broadcast the IP table changes.

+!!! important
+    ALB Ingress with Rollouts blue-green strategy is not supported without a chance of downtime.
+
+    When using an AWS ALB to route traffic to a service, the ALB Ingress Controller does not update the target groups in an atomic or safe manner. This can result in a situation where, during a deployment, the stable target group temporarily has no pods registered. This occurs because the ALB Controller removes all current pods from the target group before registering pods from the desired ReplicaSet.
+    The desired pods must pass their initial configured health check on the stable target group to be considered healthy by the ALB. This creates a risk where the ALB may temporarily have no healthy pods registered to the target group, depending on the timing of deregistration and registration of new pods. This can lead to application downtime that the rollouts controller cannot prevent.
+
 ## Example

 ```yaml
@ -75,7 +81,7 @@ The following describes the sequence of events that happen during a blue-green u
 1. Beginning at a fully promoted, steady-state, a revision 1 ReplicaSet is pointed to by both the `activeService` and `previewService`.
 1. A user initiates an update by modifying the pod template (`spec.template.spec`).
 1. The revision 2 ReplicaSet is created with size 0.
-1. The preview service is modified to point to the revision 2 ReplicaSet. The `activeService` remains pointing to revision 1.
+1. The `previewService` is modified to point to the revision 2 ReplicaSet. The `activeService` remains pointing to revision 1.
 1. The revision 2 ReplicaSet is scaled to either `spec.replicas` or `previewReplicaCount` if set.
 1. Once revision 2 ReplicaSet Pods are fully available, `prePromotionAnalysis` begins.
 1. Upon success of `prePromotionAnalysis`, the blue/green pauses if `autoPromotionEnabled` is false, or `autoPromotionSeconds` is non-zero.
@ -93,12 +99,12 @@ The AutoPromotionEnabled will make the rollout automatically promote the new Rep
 Defaults to true

 ### autoPromotionSeconds
-The AutoPromotionSeconds will make the rollout automatically promote the new ReplicaSet to active Service after the AutoPromotionSeconds time has passed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to false, this field will be ignored
+Setting a positive non-zero value here would make the rollout automatically promote the new `ReplicaSet` to active Service after this much time has been elapsed since the rollout has entered a paused state. If the `AutoPromotionEnabled` field is set to **false**, this field would be ignored.

 Defaults to nil

 ### antiAffinity
-Check out the [Anti Affinity document](anti-affinity/anti-affinity.md) document for more information.
+Check out the [Anti Affinity document](anti-affinity/anti-affinity.md) for more information.

 Defaults to nil

--- a/docs/features/canary/index.md
+++ b/docs/features/canary/index.md
@ -1,15 +1,19 @@
 # Canary Deployment Strategy
-A canary rollout is a deployment strategy where the operator releases a new version of their application to a small percentage of the production traffic. 
+
+A canary rollout is a deployment strategy where the operator releases a new version of their application to a small percentage of the production traffic.

 ## Overview
+
 Since there is no agreed upon standard for a canary deployment, the rollouts controller allows users to outline how they want to run their canary deployment. Users can define a list of steps the controller uses to manipulate the ReplicaSets when there is a change to the `.spec.template`. Each step will be evaluated before the new ReplicaSet is promoted to the stable version, and the old version is completely scaled down.

-Each step can have one of two fields. The `setWeight` field dictates the percentage of traffic that should be sent to the canary, and the `pause` struct instructs the rollout to pause.  When the controller reaches a `pause` step for a rollout, it will add a `PauseCondition` struct to the `.status.PauseConditions` field. If the `duration` field within the `pause` struct is set, the rollout will not progress to the next step until it has waited for the value of the `duration` field. Otherwise, the rollout will wait indefinitely until that Pause condition is removed. By using the `setWeight` and the `pause` fields, a user can declaratively describe how they want to progress to the new version. Below is an example of a canary strategy.
+There are multiple steps available, the most basic ones are `setWeight` and `pause`. The `setWeight` field dictates the percentage of traffic that should be sent to the canary, and the `pause` step instructs the rollout to pause. When the controller reaches a `pause` step for a rollout, it will add a `PauseCondition` struct to the `.status.PauseConditions` field. If the `duration` field within the `pause` struct is set, the rollout will not progress to the next step until it has waited for the value of the `duration` field. Otherwise, the rollout will wait indefinitely until that Pause condition is removed. By using the `setWeight` and the `pause` fields, a user can declaratively describe how they want to progress to the new version. Below is an example of a canary strategy.

 !!! important
-    If the canary Rollout does not use [traffic management](traffic-management/index.md), the Rollout makes a best effort attempt to achieve the percentage listed in the last `setWeight` step between the new and old version. For example, if a Rollout has 10 Replicas and 10% for the first `setWeight` step, the controller will scale the new desired ReplicaSet to 1 replicas and the old stable ReplicaSet to 9. In the case where the setWeight is 15%, the Rollout attempts to get there by rounding up the calculation (i.e. the new ReplicaSet has 2 pods since 15% of 10 rounds up to 2 and the old ReplicaSet has 9 pods since 85% of 10 rounds up to 9). If a user wants to have more fine-grained control of the percentages without a large number of Replicas, that user should use the  [traffic management](#trafficrouting) functionality.
+
+    If the canary Rollout does not use [traffic management](traffic-management/index.md), the Rollout makes a best effort attempt to achieve the percentage listed in the last `setWeight` step between the new and old version. For example, if a Rollout has 10 Replicas and 10% for the first `setWeight` step, the controller will scale the new desired ReplicaSet to 1 replicas and the old stable ReplicaSet to 9. In the case where the setWeight is 41%, the Rollout attempts to get there by finding the whole number with the smallest delta, rounding up the calculation if the deltas are equals (i.e. the new ReplicaSet has 4 pods since 41% of 10 is closer to 4/10 than 5/10, and the old ReplicaSet has 6 pods). If a user wants to have more fine-grained control of the percentages without a large number of Replicas, that user should use the [traffic management](#trafficrouting) functionality.

 ## Example
+
 ```yaml
 apiVersion: argoproj.io/v1alpha1
 kind: Rollout
@ -26,25 +30,26 @@ spec:
        app: nginx
    spec:
      containers:
-      - name: nginx
-        image: nginx:1.15.4
-        ports:
-        - containerPort: 80
+        - name: nginx
+          image: nginx:1.15.4
+          ports:
+            - containerPort: 80
  minReadySeconds: 30
  revisionHistoryLimit: 3
  strategy:
    canary: #Indicates that the rollout should use the Canary strategy
-      maxSurge: "25%"
+      maxSurge: '25%'
      maxUnavailable: 0
      steps:
-      - setWeight: 10
-      - pause:
-          duration: 1h # 1 hour
-      - setWeight: 20
-      - pause: {} # pause indefinitely
+        - setWeight: 10
+        - pause:
+            duration: 1h # 1 hour
+        - setWeight: 20
+        - pause: {} # pause indefinitely
 ```

 ## Pause Duration
+
 Pause duration can be specified with an optional time unit suffix. Valid time units are "s", "m", "h". Defaults to "s" if not specified.

 ```yaml
@ -52,14 +57,14 @@ spec:
  strategy:
    canary:
      steps:
-        - pause: { duration: 10 }  # 10 seconds
+        - pause: { duration: 10 } # 10 seconds
        - pause: { duration: 10s } # 10 seconds
        - pause: { duration: 10m } # 10 minutes
        - pause: { duration: 10h } # 10 hours
-        - pause: {}                # pause indefinitely
+        - pause: {} # pause indefinitely
 ```

-If no `duration` is specified for a pause step, the rollout will be paused indefinitely. To unpause, use the [argo kubectl plugin](kubectl-plugin.md) `promote` command. 
+If no `duration` is specified for a pause step, the rollout will be paused indefinitely. To unpause, use the [argo kubectl plugin](kubectl-plugin.md) `promote` command.

 ```shell
 # promote to the next step
@ -81,31 +86,31 @@ match the traffic weight. Some use cases for this:
   the canary, while setWeight is still set to 0.
 3. You wish to scale the canary up to 100%, in order to facilitate traffic shadowing.

-
 !!! important
+
    Setting canary scale is only available when using the canary strategy with a traffic router, since the basic canary needs to control canary scale in order to approximate canary weight.

-To control canary scales and weights during steps, use the `setCanaryScale` step and indicate which scale the
+To control canary scales and weights during steps, use the `setCanaryScale` step and indicate which scale
 the canary should use:

-* explicit replica count without changing traffic weight (`replicas`)
-* explicit weight percentage of total spec.replicas without changing traffic weight(`weight`)
-* to or not to match current canary's `setWeight` step (`matchTrafficWeight: true or false`)
+- explicit replica count without changing traffic weight (`replicas`)
+- explicit weight percentage of total spec.replicas without changing traffic weight(`weight`)
+- to or not to match current canary's `setWeight` step (`matchTrafficWeight: true or false`)

 ```yaml
 spec:
  strategy:
    canary:
      steps:
-      # explicit count
-      - setCanaryScale:
-          replicas: 3
-      # a percentage of spec.replicas
-      - setCanaryScale:
-          weight: 25
-      # matchTrafficWeight returns to the default behavior of matching the canary traffic weight
-      - setCanaryScale:
-          matchTrafficWeight: true
+        # explicit count
+        - setCanaryScale:
+            replicas: 3
+        # a percentage of spec.replicas
+        - setCanaryScale:
+            weight: 25
+        # matchTrafficWeight returns to the default behavior of matching the canary traffic weight
+        - setCanaryScale:
+            matchTrafficWeight: true
 ```

 When using `setCanaryScale` with explicit values for either replicas or weight, one must be careful
@ -119,12 +124,12 @@ spec:
  strategy:
    canary:
      steps:
-      # 1 canary pod (10% of spec.replicas)
-      - setCanaryScale:
-          weight: 10
-      # 90% of traffic to the 1 canary pod
-      - setWeight: 90
-      - pause: {}
+        # 1 canary pod (10% of spec.replicas)
+        - setCanaryScale:
+            weight: 10
+        # 90% of traffic to the 1 canary pod
+        - setWeight: 90
+        - pause: {}
 ```

 The above situation is caused by the changed behvaior of `setWeight` after `setCanaryScale`. To reset, set `matchTrafficWeight: true` and the `setWeight` behavior will be restored, i.e., subsequent `setWeight` will create canary replicas matching the traffic weight.
@ -132,6 +137,7 @@ The above situation is caused by the changed behvaior of `setWeight` after `setC
 ## Dynamic Stable Scale (with Traffic Routing)

 !!! important
+
    Available since v1.1

 When using traffic routing, by default the stable ReplicaSet is left scaled to 100% during the update.
@ -167,11 +173,12 @@ spec:
      abortScaleDownDelaySeconds: 600
 ```

-
 ## Mimicking Rolling Update
+
 If the `steps` field is omitted, the canary strategy will mimic the rolling update behavior. Similar to the deployment, the canary strategy has the `maxSurge` and `maxUnavailable` fields to configure how the Rollout should progress to the new version.

 ## Other Configurable Features
+
 Here are the optional fields that will modify the behavior of canary strategy:

 ```yaml
@ -188,36 +195,43 @@ spec:
 ```

 ### analysis
-Configure the background [Analysis](analysis.md) to execute during the rollout. If the analysis is unsuccessful the rollout will be aborted.
+
+Configure the background [Analysis](../analysis.md) to execute during the rollout. If the analysis is unsuccessful the rollout will be aborted.

 Defaults to nil

 ### antiAffinity
-Check out the [Anti Affinity document](anti-affinity/anti-affinity.md) document for more information.
+
+Check out the [Anti Affinity](../anti-affinity/anti-affinity.md) document for more information.

 Defaults to nil

 ### canaryService
+
 `canaryService` references a Service that will be modified to send traffic to only the canary ReplicaSet. This allows users to only hit the canary ReplicaSet.

 Defaults to an empty string

 ### stableService
+
 `stableService` the name of a Service which selects pods with stable version and doesn't select any pods with canary version. This allows users to only hit the stable ReplicaSet.

 Defaults to an empty string

 ### maxSurge
+
 `maxSurge` defines the maximum number of replicas the rollout can create to move to the correct ratio set by the last setWeight. Max Surge can either be an integer or percentage as a string (i.e. "20%")

 Defaults to "25%".

 ### maxUnavailable
+
 The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxSurge is 0.

 Defaults to 25%

 ### trafficRouting
-The [traffic management](traffic-management/index.md) rules to apply to control the flow of traffic between the active and canary versions. If not set, the default weighted pod replica based routing will be used.
+
+The [traffic management](../traffic-management/index.md) rules to apply to control the flow of traffic between the active and canary versions. If not set, the default weighted pod replica based routing will be used.

 Defaults to nil
--- a/docs/features/canary/plugins.md
+++ b/docs/features/canary/plugins.md
@ -0,0 +1,168 @@
+# Canary Step Plugins
+
+!!! warning "Alpha Feature (Since 1.8.0)"
+
+    This is an experimental, [alpha-quality](https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#alpha)
+    feature that allows you to execute plugins during canary steps.
+
+Argo Rollouts supports getting step plugins via 3rd party [plugin system](../../plugins.md). This allows users to extend the capabilities of Rollouts
+to support executing arbitrary steps during the canary. Rollout's uses a plugin library called
+[go-plugin](https://github.com/hashicorp/go-plugin) to do this.
+
+## Installing
+
+There are two methods of installing and using an Argo Rollouts plugin. The first method is to mount up the plugin executable
+into the rollouts controller container. The second method is to use an HTTP(S) server to host the plugin executable.
+
+### Mounting the plugin executable into the rollouts controller container
+
+There are a few ways to mount the plugin executable into the rollouts controller container. Some of these will depend on your
+particular infrastructure. Here are a few methods:
+
+- Using an init container to download the plugin executable
+- Using a Kubernetes volume mount with a shared volume such as NFS, EBS, etc.
+- Building the plugin into the rollouts controller container
+
+Then you can use the ConfigMap to point to the plugin executable file location. Example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argo-rollouts-config
+data:
+  stepPlugins: |-
+    - name: "argoproj-labs/sample-step" # name of the plugin, it must match the name required by the plugin so it can find its configuration
+      location: "file://./my-custom-plugin" # supports http(s):// urls and file://
+```
+
+### Using an HTTP(S) server to host the plugin executable
+
+!!! warning "Installing a plugin with http(s)"
+
+    Depending on which method you use to install and the plugin, there are some things to be aware of.
+    The rollouts controller will not start if it can not download or find the plugin executable. This means that if you are using
+    a method of installation that requires a download of the plugin and the server hosting the plugin for some reason is not available and the rollouts
+    controllers pod got deleted while the server was down or is coming up for the first time, it will not be able to start until
+    the server hosting the plugin is available again.
+
+    Argo Rollouts will download the plugin at startup only once but if the pod is deleted it will need to download the plugin again on next startup. Running
+    Argo Rollouts in HA mode can help a little with this situation because each pod will download the plugin at startup. So if a single pod gets
+    deleted during a server outage, the other pods will still be able to take over because there will already be a plugin executable available to it. It is the
+    responsibility of the Argo Rollouts administrator to define the plugin installation method considering the risks of each approach.
+
+Argo Rollouts supports downloading the plugin executable from an HTTP(S) server. To use this method, you will need to
+configure the controller via the `argo-rollouts-config` ConfigMap and set `pluginLocation` to a http(s) url. Example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argo-rollouts-config
+data:
+  stepPlugins: |-
+    - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find its configuration
+      location: "https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx/releases/download/v0.0.1/metric-plugin-linux-amd64" # supports http(s):// urls and file://
+      sha256: "08f588b1c799a37bbe8d0fc74cc1b1492dd70b2c" # optional sha256 checksum of the plugin executable
+```
+
+### Disabling a plugin
+
+A step plugin that will execute during your Rollouts will fail the canary deployment whenever there is an unhandled error.
+If a step plugin is used in multiple rollouts and is suddenly unstable, none of the rollouts will be able to progress.
+To make the plugin less disruptive and the upgrades easier, you can use the `disabled` flag in the plugin configuration to
+disable it globally. This will skip the plugin execution in every Rollout where it is configured, and progress to the next canary step.
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argo-rollouts-config
+data:
+  stepPlugins: |-
+    - name: "argoproj-labs/sample-nginx"
+      location: "https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx/releases/download/v0.0.1/metric-plugin-linux-amd64"
+      disabled: true # Skip all canary steps using this plugin because it may be faulty.
+```
+
+## Usage
+
+You can execute a configured step plugin at any point during your canary steps.
+The plugin will be executed and the rollout step will be progressing until the plugin execution returns a status of
+`Successful`, `Failed` or `Error`. Once completed, the rollout will progress to the next configured step.
+
+For the available plugin `config`, refer to each specific plugin documentation.
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Rollout
+metadata:
+  name: example-plugin-ro
+spec:
+  strategy:
+    canary:
+      steps:
+        - plugin:
+            name: argoproj-labs/step-exec
+            config:
+              command: echo "hello world"
+```
+
+### Plugin Statuses
+
+To know the result of your plugin, you can use the `status.stepPluginStatuses[]` property to find the status that correspond to
+your execution. Each status item is unique by `index`, `name` and `operation`. The `operation` can be one of the following:
+
+- `Run`: The main operation that execute the plugin.
+- `Terminate`: The operation called on your plugin when the `Run` operation is still ongoing, but your rollout is aborted.
+- `Abort`: The operation called on your plugin when it is aborted. This will be called for every `Successful` `Run` operation.
+
+## Implementation
+
+As a plugin developer, your step plugin should follow some conventions to make it predictable and easier to use.
+
+### Run operation
+
+The run operation is the method called on your plugin when executed. The operation can be called
+**multiple times**. It is the responsibility of the plugin's implementation to validate if the desired
+plugin actions were already taken or not.
+
+#### Long-running operations
+
+If the plugin needs to execute an operation that may take a long time, or poll for a result, it can return
+early with a `Running` phase and a `RequeueAfter` duration. The controller will requeue the rollout and call the `Run` operation
+again after the `RequeueAfter` has expired. The `Status` property on the return object can hold any information that would be
+necessary to retrieve the state in subsequent executions.
+
+### Terminate operation
+
+If the `Run` operation returns with a `Running` phase and the rollout needs to cancel the execution, the controller will call the plugin's terminate method
+with the state of the ongoing `Running` operation. The plugin can use this method to cancel any ongoing information.
+This is often called if the rollout is fully promoted during a plugin execution.
+
+If the terminate operation has an error and fails, it will not be retried. The plugin should have a mechanism to cancel
+suspiciously long-running operations if necessary.
+
+### Abort operation
+
+The abort operation will be called whenever a rollout is aborted and plugin step `Run` operation was `Successful` or currently `Running`.
+The operation will be called in the reverse execution order with the existing state of the operation it is aborting.
+
+If the abort operation has an error and fails, it will not be retried. The plugin should have a mechanism to cancel
+suspiciously long-running operations if necessary.
+
+### Returning errors
+
+The plugin can return an error for unhandled operations. In that case, the rollout will handle that error and apply a
+backoff mechanism to retry the execution of the plugin until it returns `Successful` or `Failed` phase. When an error happens, the
+`Status` returned by the plugin is not persisted, allowing it to retry later on the last known valid status.
+
+The controller will keep retrying until it succeeds, or the rollout is aborted.
+
+## List of Available Plugins (alphabetical order)
+
+If you have created a plugin, please submit a PR to add it to this list.
+
+### [plugin-name](#plugin-name)
+
+- Brief plugin description
--- a/docs/features/ephemeral-metadata.md
+++ b/docs/features/ephemeral-metadata.md
@ -2,19 +2,31 @@

 !!! important

-    Available for canary rollouts since v0.10.0
+    This is an **optional** feature of Argo Rollouts that allows you to have more visibility while a rollout is in progress. You do **NOT** need to use emphemeral metadata in order to achieve the main functionality of Argo Rollouts.

-!!! important
+Normally during a deployment, Argo Rollouts automatically handles the pods of the new and old versions along with their labels and their association with your traffic provider (if you use one).

-    Available for blue-green rollouts since v1.0
+In some scenarios however,

-One use case is for a Rollout to label or annotate the desired/stable pods with user-defined
+1. You might want to annotate the pods of each version with your own custom labels
+1. You may want the application itself know when a deployment is happening 
+
+
+Argo Rollouts gives you the capability to label or annotate the desired/stable pods with user-defined
 labels/annotations, for _only_ the duration which they are the desired or stable set, and for the
 labels to be updated/removed as soon as the ReplicaSet switches roles (e.g. from desired to stable).
-The use case which this enables, is to allow prometheus, wavefront, datadog queries and dashboards
-to be built, which can rely on a consistent labels, rather than the `rollouts-pod-template-hash`
+
+In the first use case this allows prometheus, wavefront, datadog queries and dashboards
+to be built, which can rely on a consistent list of labels, rather than the `rollouts-pod-template-hash`
 which is unpredictable and changing from revision to revision.

+In the second use case you can have your application read the labels itself using the [Kubernetes Downward API](https://kubernetes.io/docs/concepts/workloads/pods/downward-api/) and adjust
+its behavior automatically only for the duration of the canary/blue/green deployment. For example you could point your application
+to a different Queue server while the application pods are in "preview" and only use the production instance of your Queue server
+when the pods are marked as "stable". 
+
+## Using Ephemeral labels
+
 A Rollout using the canary strategy has the ability to attach ephemeral metadata to the stable or
 canary Pods using the `stableMetadata` and `canaryMetadata` fields respectively.

@ -47,12 +59,14 @@ spec:

 During an update, the Rollout will create the desired ReplicaSet while also merging the metadata
 defined in `canaryMetadata`/`previewMetadata` to the desired ReplicaSet's `spec.template.metadata`.
-This results in all Pods of the ReplicaSet being created with the desired metadata. When the rollout
+This results in all Pods of the ReplicaSet being created with the desired metadata. 
+
+When the rollout
 becomes fully promoted, the desired ReplicaSet becomes the stable, and is updated to use the labels
 and annotations under `stableMetadata`/`activeMetadata`. The Pods of the ReplicaSet will then be
 updated _in place_ to use the stable metadata (without recreating the pods).

-!!! important
+!!! tip
    In order for tooling to take advantage of this feature, they would need to recognize the change in
    labels and/or annotations that happen _after_ the Pod has already started. Not all tools may detect
-    this.
+    this. For application code apart from the Kubernetes Downward API you also need a programming library that automatically reloads configuration files when they change their contents.
--- a/docs/features/kustomize.md
+++ b/docs/features/kustomize.md
@ -4,7 +4,7 @@ Kustomize can be extended to understand CRD objects through the use of
 [transformer configs](https://github.com/kubernetes-sigs/kustomize/tree/master/examples/transformerconfigs).
 Using transformer configs, kustomize can be "taught" about the structure of a Rollout object and
 leverage kustomize features such as ConfigMap/Secret generators, variable references, and common
-labels & annotations. To use Rollouts with kustomize: 
+labels & annotations. To use Rollouts with kustomize:

 1. Download [`rollout-transform.yaml`](kustomize/rollout-transform.yaml) into your kustomize directory.

@ -28,6 +28,13 @@ configurations:
  - https://argoproj.github.io/argo-rollouts/features/kustomize/rollout-transform.yaml
 ```

+- With Kustomize 5 it is possible to reference the configuration directly from a remote resource:
+
+```yaml
+configurations:
+  - https://argoproj.github.io/argo-rollouts/features/kustomize/rollout-transform-kustomize-v5.yaml
+```
+
 - With Kustomize 4.5.5 kustomize can use kubernetes OpenAPI data to get merge key and patch strategy information about [resource types](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/openapi). For example, given the following rollout:

 ```yaml
@ -65,18 +72,18 @@ resources:
 openapi:
  path: https://raw.githubusercontent.com/argoproj/argo-schema-generator/main/schema/argo_all_k8s_kustomize_schema.json

-patchesStrategicMerge:
- |-
-  apiVersion: argoproj.io/v1alpha1
-  kind: Rollout
-  metadata:
-    name: rollout-canary
-  spec:
-    template:
-      spec:
-        containers:
-        - name: rollouts-demo
-          image: nginx
+patches:
+- patch: |-
+    apiVersion: argoproj.io/v1alpha1
+    kind: Rollout
+    metadata:
+      name: rollout-canary
+    spec:
+      template:
+        spec:
+          containers:
+          - name: rollouts-demo
+            image: nginx
 ```

 The OpenAPI data is auto-generated and defined in this [file](https://github.com/argoproj/argo-schema-generator/blob/main/schema/argo_all_k8s_kustomize_schema.json).
--- a/docs/features/kustomize/rollout-transform-kustomize-v5.yaml
+++ b/docs/features/kustomize/rollout-transform-kustomize-v5.yaml
@ -0,0 +1,274 @@
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/namereference.go
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/template/spec/volumes/configMap/name
+    kind: Rollout
+  - path: spec/template/spec/containers/env/valueFrom/configMapKeyRef/name
+    kind: Rollout
+  - path: spec/template/spec/initContainers/env/valueFrom/configMapKeyRef/name
+    kind: Rollout
+  - path: spec/template/spec/containers/envFrom/configMapRef/name
+    kind: Rollout
+  - path: spec/template/spec/initContainers/envFrom/configMapRef/name
+    kind: Rollout
+  - path: spec/template/spec/volumes/projected/sources/configMap/name
+    kind: Rollout
+  - path: spec/templates/template/spec/volumes/configMap/name
+    kind: Experiment
+  - path: spec/templates/template/spec/containers/env/valueFrom/configMapKeyRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/initContainers/env/valueFrom/configMapKeyRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/containers/envFrom/configMapRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/initContainers/envFrom/configMapRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/volumes/projected/sources/configMap/name
+    kind: Experiment
+  - path: spec/metrics/provider/job/spec/template/spec/volumes/configMap/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/containers/env/valueFrom/configMapKeyRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/initContainers/env/valueFrom/configMapKeyRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/containers/envFrom/configMapRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/initContainers/envFrom/configMapRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/volumes/projected/sources/configMap/name
+    kind: AnalysisTemplate
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/template/spec/volumes/secret/secretName
+    kind: Rollout
+  - path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name
+    kind: Rollout
+  - path: spec/template/spec/initContainers/env/valueFrom/secretKeyRef/name
+    kind: Rollout
+  - path: spec/template/spec/containers/envFrom/secretRef/name
+    kind: Rollout
+  - path: spec/template/spec/initContainers/envFrom/secretRef/name
+    kind: Rollout
+  - path: spec/template/spec/imagePullSecrets/name
+    kind: Rollout
+  - path: spec/template/spec/volumes/projected/sources/secret/name
+    kind: Rollout
+  - path: spec/templates/template/spec/volumes/secret/secretName
+    kind: Experiment
+  - path: spec/templates/template/spec/containers/env/valueFrom/secretKeyRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/initContainers/env/valueFrom/secretKeyRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/containers/envFrom/secretRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/initContainers/envFrom/secretRef/name
+    kind: Experiment
+  - path: spec/templates/template/spec/imagePullSecrets/name
+    kind: Experiment
+  - path: spec/templates/template/spec/volumes/projected/sources/secret/name
+    kind: Experiment
+  - path: spec/metrics/provider/job/spec/template/spec/volumes/secret/secretName
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/containers/env/valueFrom/secretKeyRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/initContainers/env/valueFrom/secretKeyRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/containers/envFrom/secretRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/initContainers/envFrom/secretRef/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/imagePullSecrets/name
+    kind: AnalysisTemplate
+  - path: spec/metrics/provider/job/spec/template/spec/volumes/projected/sources/secret/name
+    kind: AnalysisTemplate
+- kind: ServiceAccount
+  version: v1
+  fieldSpecs:
+  - path: spec/template/spec/serviceAccountName
+    kind: Rollout
+  - path: spec/templates/template/spec/serviceAccountName
+    kind: Experiment
+  - path: spec/metrics/provider/job/spec/template/spec/serviceAccountName
+    kind: AnalysisTemplate
+- kind: PersistentVolumeClaim
+  version: v1
+  fieldSpecs:
+  - path: spec/template/spec/volumes/persistentVolumeClaim/claimName
+    kind: Rollout
+  - path: spec/templates/template/spec/volumes/persistentVolumeClaim/claimName
+    kind: Experiment
+  - path: spec/metrics/provider/job/spec/template/spec/volumes/persistentVolumeClaim/claimName
+    kind: AnalysisTemplate
+- kind: PriorityClass
+  version: v1
+  group: scheduling.k8s.io
+  fieldSpecs:
+  - path: spec/template/spec/priorityClassName
+    kind: Rollout
+  - path: spec/templates/template/spec/priorityClassName
+    kind: Experiment
+  - path: spec/metrics/provider/job/spec/template/spec/priorityClassName
+    kind: AnalysisTemplate
+
+# The name references below are unique to Rollouts and not applicable to Deployment
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - path: spec/strategy/blueGreen/activeService
+    kind: Rollout
+  - path: spec/strategy/blueGreen/previewService
+    kind: Rollout
+  - path: spec/strategy/canary/canaryService
+    kind: Rollout
+  - path: spec/strategy/canary/stableService
+    kind: Rollout
+  - path: spec/strategy/canary/trafficRouting/alb/rootService
+    kind: Rollout
+- kind: VirtualService
+  group: networking.istio.io
+  fieldSpecs:
+  - path: spec/strategy/canary/trafficRouting/istio/virtualService/name
+    kind: Rollout
+- kind: DestinationRule
+  group: networking.istio.io
+  fieldSpecs:
+  - path: spec/strategy/canary/trafficRouting/istio/destinationRule/name
+    kind: Rollout
+- kind: Ingress
+  group: networking.k8s.io
+  fieldSpecs:
+  - path: spec/strategy/canary/trafficRouting/alb/ingress
+    kind: Rollout
+  - path: spec/strategy/canary/trafficRouting/nginx/stableIngress
+    kind: Rollout
+- kind: Ingress
+  group: extensions
+  fieldSpecs:
+  - path: spec/strategy/canary/trafficRouting/alb/ingress
+    kind: Rollout
+  - path: spec/strategy/canary/trafficRouting/nginx/stableIngress
+    kind: Rollout
+- kind: AnalysisTemplate
+  group: argoproj.io
+  fieldSpecs:
+  - path: spec/strategy/blueGreen/prePromotionAnalysis/templates/templateName
+    kind: Rollout
+  - path: spec/strategy/blueGreen/postPromotionAnalysis/templates/templateName
+    kind: Rollout
+  - path: spec/strategy/canary/analysis/templates/templateName
+    kind: Rollout
+  - path: spec/strategy/canary/steps/analysis/templates/templateName
+    kind: Rollout
+  - path: spec/strategy/canary/steps/experiment/analyses/templateName
+    kind: Rollout
+  - path: spec/analyses/templateName
+    kind: Experiment
+- kind: Rollout
+  fieldSpecs:
+  - path: spec/scaleTargetRef/name
+    kind: HorizontalPodAutoscaler
+- kind: Deployment
+  version: v1
+  group: apps
+  fieldSpecs:
+  - path: spec/workloadRef/name
+    kind: Rollout
+- kind: Mapping
+  group: getambassador.io
+  fieldSpecs:
+  - path: spec/strategy/canary/trafficRouting/ambassador/mappings
+    kind: Rollout
+
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/commonlabels.go
+commonLabels:
+- path: spec/selector/matchLabels
+  create: true
+  kind: Rollout
+- path: spec/template/metadata/labels
+  create: true
+  kind: Rollout
+- path: spec/template/spec/affinity/podAffinity/preferredDuringSchedulingIgnoredDuringExecution/podAffinityTerm/labelSelector/matchLabels
+  create: false
+  kind: Rollout
+- path: spec/template/spec/affinity/podAffinity/requiredDuringSchedulingIgnoredDuringExecution/labelSelector/matchLabels
+  create: false
+  kind: Rollout
+- path: spec/template/spec/affinity/podAntiAffinity/preferredDuringSchedulingIgnoredDuringExecution/podAffinityTerm/labelSelector/matchLabels
+  create: false
+  kind: Rollout
+- path: spec/template/spec/affinity/podAntiAffinity/requiredDuringSchedulingIgnoredDuringExecution/labelSelector/matchLabels
+  create: false
+  kind: Rollout
+
+templateLabels:
+- path: spec/template/metadata/labels
+  create: true
+  kind: Rollout
+
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/commonannotations.go
+commonAnnotations:
+- path: spec/template/metadata/annotations
+  create: true
+  kind: Rollout
+
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/varreference.go
+varReference:
+- path: spec/template/spec/containers/args
+  kind: Rollout
+- path: spec/template/spec/containers/command
+  kind: Rollout
+- path: spec/template/spec/containers/env/value
+  kind: Rollout
+- path: spec/template/spec/containers/volumeMounts/mountPath
+  kind: Rollout
+- path: spec/template/spec/initContainers/args
+  kind: Rollout
+- path: spec/template/spec/initContainers/command
+  kind: Rollout
+- path: spec/template/spec/initContainers/env/value
+  kind: Rollout
+- path: spec/template/spec/initContainers/volumeMounts/mountPath
+  kind: Rollout
+- path: spec/templates/template/spec/containers/args
+  kind: Experiment
+- path: spec/templates/template/spec/containers/command
+  kind: Experiment
+- path: spec/templates/template/spec/containers/env/value
+  kind: Experiment
+- path: spec/templates/template/spec/containers/volumeMounts/mountPath
+  kind: Experiment
+- path: spec/templates/template/spec/initContainers/args
+  kind: Experiment
+- path: spec/templates/template/spec/initContainers/command
+  kind: Experiment
+- path: spec/templates/template/spec/initContainers/env/value
+  kind: Experiment
+- path: spec/templates/template/spec/initContainers/volumeMounts/mountPath
+  kind: Experiment
+- path: spec/metrics/provider/job/spec/template/spec/containers/args
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/containers/command
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/containers/env/value
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/containers/volumeMounts/mountPath
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/initContainers/args
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/initContainers/command
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/initContainers/env/value
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/initContainers/volumeMounts/mountPath
+  kind: AnalysisTemplate
+- path: spec/metrics/provider/job/spec/template/spec/volumes/nfs/server
+  kind: AnalysisTemplate
+
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/replicas.go
+replicas:
+- path: spec/replicas
+  create: true
+  kind: Rollout
--- a/docs/features/kustomize/rollout-transform.yaml
+++ b/docs/features/kustomize/rollout-transform.yaml
@ -1,4 +1,4 @@
-# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/namereference.go
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/internal/konfig/builtinpluginconsts/namereference.go
 nameReference:
 - kind: ConfigMap
  version: v1
@ -182,7 +182,7 @@ nameReference:
  - path: spec/strategy/canary/trafficRouting/ambassador/mappings
    kind: Rollout

-# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/commonlabels.go
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/internal/konfig/builtinpluginconsts/commonlabels.go
 commonLabels:
 - path: spec/selector/matchLabels
  create: true
@ -203,13 +203,13 @@ commonLabels:
  create: false
  kind: Rollout

-# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/commonannotations.go
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/internal/konfig/builtinpluginconsts/commonannotations.go
 commonAnnotations:
 - path: spec/template/metadata/annotations
  create: true
  kind: Rollout

-# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/varreference.go
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/internal/konfig/builtinpluginconsts/varreference.go
 varReference:
 - path: spec/template/spec/containers/args
  kind: Rollout
@ -262,7 +262,7 @@ varReference:
 - path: spec/metrics/provider/job/spec/template/spec/volumes/nfs/server
  kind: AnalysisTemplate

-# https://github.com/kubernetes-sigs/kustomize/blob/master/api/konfig/builtinpluginconsts/replicas.go
+# https://github.com/kubernetes-sigs/kustomize/blob/master/api/internal/konfig/builtinpluginconsts/replicas.go
 replicas:
 - path: spec/replicas
  create: true
--- a/docs/features/kustomize/rollout_cr_schema.json
+++ b/docs/features/kustomize/rollout_cr_schema.json
--- a/docs/features/notifications.md
+++ b/docs/features/notifications.md
@ -68,9 +68,14 @@ To enable you need to add a flag to the controller `--self-service-notification-

 ## Default Trigger templates

-Currently the following triggers have [built-in templates](https://github.com/argoproj/argo-rollouts/tree/master/manifests/notifications).
+Currently, the following triggers have [built-in templates](https://github.com/argoproj/argo-rollouts/tree/master/manifests/notifications).

+* `on-analysis-run-error` when an error occurs during the execution of an analysis run
+* `on-analysis-run-failed` when an analysis run fails
+* `on-analysis-run-running` when an analysis run is running
+* `on-rollout-aborted` when a rollout process is aborted before completion.
 * `on-rollout-completed` when a rollout is finished and all its steps are completed
+* `on-rollout-paused` when a rollout is paused
 * `on-rollout-step-completed` when an individual step inside a rollout definition is completed
 * `on-rollout-updated` when a rollout definition is changed
 * `on-scaling-replica-set` when the number of replicas in a rollout is changed
@ -141,8 +146,8 @@ add blocks and attachments for Slack, subject for Email or URL path, and body fo
 In addition to custom notification template administrator and configure custom triggers. Custom trigger defines the
 condition when the notification should be sent. The definition includes name, condition and notification templates reference.
 The condition is a predicate expression that returns true if the notification should be sent. The trigger condition
-evaluation is powered by [antonmedv/expr](https://github.com/antonmedv/expr).
-The condition language syntax is described at [Language-Definition.md](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md).
+evaluation is powered by [expr-lang/expr](https://github.com/expr-lang/expr).
+The condition language syntax is described at [Language-Definition.md](https://github.com/expr-lang/expr/blob/master/docs/language-definition.md).

 The trigger is configured in `argo-rollouts-notification-configmap` ConfigMap. For example the following trigger sends a notification
 when rollout pod spec uses `argoproj/rollouts-demo:purple` image:
@ -165,4 +170,4 @@ Each condition might use several templates. Typically each template is responsib
 The following prometheus metrics are emitted when notifications are enabled in argo-rollouts.
 - notification_send_success is a counter that measures how many times the notification is sent successfully.
 - notification_send_error is a counter that measures how many times the notification failed to send.
- notification_send is a histogram that measures performance of sending notification.
+- notification_send is a histogram that measures performance of sending notification.
--- a/docs/features/restart.md
+++ b/docs/features/restart.md
@ -23,7 +23,7 @@ argocd app actions run my-app restart --kind Rollout --resource-name my-rollout
 ```

 Both of these mechanisms updates the Rollout's `.spec.restartAt` to the current time in the
-form of a [RFC 3339 formatted](https://tools.ietf.org/html/rfc3339) UTC string
+form of an [RFC 3339 formatted](https://tools.ietf.org/html/rfc3339) UTC string
 (e.g. 2020-03-30T21:19:35Z), which indicates to the Rollout controller that all of a Rollout's
 Pods should have been created after this timestamp.

--- a/docs/features/specification.md
+++ b/docs/features/specification.md
@ -15,7 +15,7 @@ spec:
    # limits the number of successful analysis runs and experiments to be stored in a history
    # Defaults to 5.
    successfulRunHistoryLimit: 10
-    # limits the number of unsuccessful analysis runs and experiments to be stored in a history. 
+    # limits the number of unsuccessful analysis runs and experiments to be stored in a history.
    # Stages for unsuccessful: "Error", "Failed", "Inconclusive"
    # Defaults to 5.
    unsuccessfulRunHistoryLimit: 10
@ -27,20 +27,27 @@ spec:
    matchLabels:
      app: guestbook

-  # WorkloadRef holds a references to a workload that provides Pod template 
+  # WorkloadRef holds a references to a workload that provides Pod template
  # (e.g. Deployment). If used, then do not use Rollout template property.
-  workloadRef: 
+  workloadRef:
    apiVersion: apps/v1
    kind: Deployment
    name: rollout-ref-deployment
+    # Specifies if the workload (Deployment) is scaled down after migrating to Rollout.
+    # The possible options are:
+    # "never": the Deployment is not scaled down
+    # "onsuccess": the Deployment is scaled down after the Rollout becomes healthy
+    # "progressively": as the Rollout is scaled up the Deployment is scaled down
+    # If the Rollout fails the Deployment will be scaled back up.
+    scaleDown: never|onsuccess|progressively

  # Template describes the pods that will be created. Same as deployment.
-  # If used, then do not use Rollout workloadRef property. 
+  # If used, then do not use Rollout workloadRef property.
  template:
    spec:
      containers:
-      - name: guestbook
-        image: argoproj/rollouts-demo:blue
+        - name: guestbook
+          image: argoproj/rollouts-demo:blue

  # Minimum number of seconds for which a newly created pod should be ready
  # without any of its container crashing, for it to be considered available.
@ -76,7 +83,7 @@ spec:
  # its pods. Used by the `kubectl argo rollouts restart ROLLOUT` command.
  # The controller will ensure all pods have a creationTimestamp greater
  # than or equal to this value.
-  restartAt: "2020-03-30T21:19:35Z"
+  restartAt: '2020-03-30T21:19:35Z'

  # The rollback window provides a way to fast track deployments to
  # previously deployed versions.
@ -85,10 +92,8 @@ spec:
    revisions: 3

  strategy:
-
    # Blue-green update strategy
    blueGreen:
-
      # Reference to service that the rollout modifies as the active service.
      # Required.
      activeService: active-service
@ -97,19 +102,19 @@ spec:
      # cutover. +optional
      prePromotionAnalysis:
        templates:
-        - templateName: success-rate
+          - templateName: success-rate
        args:
-        - name: service-name
-          value: guestbook-svc.default.svc.cluster.local
+          - name: service-name
+            value: guestbook-svc.default.svc.cluster.local

      # Post-promotion analysis run which performs analysis after the service
      # cutover. +optional
      postPromotionAnalysis:
        templates:
-        - templateName: success-rate
+          - templateName: success-rate
        args:
-        - name: service-name
-          value: guestbook-svc.default.svc.cluster.local
+          - name: service-name
+            value: guestbook-svc.default.svc.cluster.local

      # Name of the service that the rollout modifies as the preview service.
      # +optional
@ -151,13 +156,13 @@ spec:
        requiredDuringSchedulingIgnoredDuringExecution: {}
        preferredDuringSchedulingIgnoredDuringExecution:
          weight: 1 # Between 1 - 100
-          
+
      # activeMetadata will be merged and updated in-place into the ReplicaSet's spec.template.metadata
      # of the active pods. +optional
      activeMetadata:
        labels:
          role: active
-          
+
      # Metadata which will be attached to the preview pods only during their preview phase.
      # +optional
      previewMetadata:
@ -166,7 +171,6 @@ spec:

    # Canary update strategy
    canary:
-
      # Reference to a service which the controller will update to select
      # canary pods. Required for traffic routing.
      canaryService: canary-service
@ -213,7 +217,7 @@ spec:
      # killed, new RC can be scaled up further, ensuring that total number
      # of pods running at any time during the update is at most 130% of
      # original pods. +optional
-      maxSurge: "20%"
+      maxSurge: '20%'

      # Adds a delay before scaling down the previous ReplicaSet when the
      # canary strategy is used with traffic routing (default 30 seconds).
@ -237,135 +241,154 @@ spec:
      # initial deploy of a rollout. +optional
      analysis:
        templates:
-        - templateName: success-rate
+          - templateName: success-rate
        args:
-        - name: service-name
-          value: guestbook-svc.default.svc.cluster.local
+          - name: service-name
+            value: guestbook-svc.default.svc.cluster.local

-        # valueFrom.podTemplateHashValue is a convenience to supply the
-        # rollouts-pod-template-hash value of either the Stable ReplicaSet
-        # or the Latest ReplicaSet
-        - name: stable-hash
-          valueFrom:
-            podTemplateHashValue: Stable
-        - name: latest-hash
-          valueFrom:
-            podTemplateHashValue: Latest
+          # valueFrom.podTemplateHashValue is a convenience to supply the
+          # rollouts-pod-template-hash value of either the Stable ReplicaSet
+          # or the Latest ReplicaSet
+          - name: stable-hash
+            valueFrom:
+              podTemplateHashValue: Stable
+          - name: latest-hash
+            valueFrom:
+              podTemplateHashValue: Latest

-        # valueFrom.fieldRef allows metadata about the rollout to be
-        # supplied as arguments to analysis.
-        - name: region
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.labels['region']
+          # valueFrom.fieldRef allows metadata about the rollout to be
+          # supplied as arguments to analysis.
+          - name: region
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.labels['region']

      # Steps define sequence of steps to take during an update of the
      # canary. Skipped upon initial deploy of a rollout. +optional
      steps:
+        # Sets the ratio of canary ReplicaSet to 20%
+        - setWeight: 20

-      # Sets the ratio of canary ReplicaSet to 20%
-      - setWeight: 20
+        # Pauses the rollout for an hour. Supported units: s, m, h
+        - pause:
+            duration: 1h

-      # Pauses the rollout for an hour. Supported units: s, m, h
-      - pause:
-          duration: 1h
+        # Pauses indefinitely until manually resumed
+        - pause: {}

-      # Pauses indefinitely until manually resumed
-      - pause: {}
+        # set canary scale to an explicit count without changing traffic weight
+        # (supported only with trafficRouting)
+        - setCanaryScale:
+            replicas: 3

-      # set canary scale to a explicit count without changing traffic weight
-      # (supported only with trafficRouting)
-      - setCanaryScale:
-          replicas: 3
+        # set canary scale to spec.Replica * (setweight / maxTrafficWeight) without changing traffic weight
+        # if maxTrafficWeight unspecified, it defaults to 100
+        # (supported only with trafficRouting)
+        - setCanaryScale:
+            weight: 25

-      # set canary scale to a percentage of spec.replicas without changing traffic weight
-      # (supported only with trafficRouting)
-      - setCanaryScale:
-          weight: 25
+        # set canary scale to match the canary traffic weight (default behavior)
+        - setCanaryScale:
+            matchTrafficWeight: true

-      # set canary scale to match the canary traffic weight (default behavior)
-      - setCanaryScale:
-          matchTrafficWeight: true
+        # The percentage or number of replica pods within the applications ReplicaSet
+        # that are available and ready when a rollout is ready to be promoted. Useful if your application
+        # configured an HPA to help handle different loads of traffic, but you still want quick promotions.
+        # Defaults to 100% if replicaProgressThreshold is not specified.
+        # The 'type' field should be either "Percent" | "Pod"
+        # Current percentage that is checked against the input percent value is calculated by the following:
+        # CURRENT PERCENTAGE = available replicas / desired replicas for the current step
+        # +optional
+        - replicaProgressThreshold:
+            type: Percent
+            value: 90

-      # Sets header based route with specified header values
-      # Setting header based route will send all traffic to the canary for the requests 
-      # with a specified header, in this case request header "version":"2"
-      # (supported only with trafficRouting, for Istio only at the moment)
-      - setHeaderRoute:
-          # Name of the route that will be created by argo rollouts this must also be configured
-          # in spec.strategy.canary.trafficRouting.managedRoutes
-          name: "header-route-1"
-          # The matching rules for the header route, if this is missing it acts as a removal of the route.
-          match:
-              # headerName The name of the header to apply the match rules to.
-            - headerName: "version"
-              # headerValue must contain exactly one field of exact, regex, or prefix. Not all traffic routers support 
-              # all types
-              headerValue:
-                # Exact will only match if the header value is exactly the same
-                exact: "2"
-                # Will match the rule if the regular expression matches
-                regex: "2.0.(.*)"
-                # prefix will be a prefix match of the header value
-                prefix: "2.0"
-                
-        # Sets up a mirror/shadow based route with the specified match rules
-        # The traffic will be mirrored at the configured percentage to the canary service
-        # during the rollout
+
+        # executes the configured plugin by name with the provided configuration
+        - plugin:
+            name: example
+            config:
+              key: value
+
+        # Sets header based route with specified header values
+        # Setting header based route will send all traffic to the canary for the requests
+        # with a specified header, in this case request header "version":"2"
        # (supported only with trafficRouting, for Istio only at the moment)
-      - setMirrorRoute:
-          # Name of the route that will be created by argo rollouts this must also be configured
-          # in spec.strategy.canary.trafficRouting.managedRoutes
-          name: "header-route-1"
-          # The percentage of the matched traffic to mirror to the canary
-          percentage: 100
-          # The matching rules for the header route, if this is missing it acts as a removal of the route.
-          # All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics.
-          # Each type within a match (method, path, headers) must have one and only one match type (exact, regex, prefix)
-          # Not all match types (exact, regex, prefix) will be supported by all traffic routers.
-          match:
-            - method: # What HTTP method to match
-                exact: "GET"
-                regex: "P.*"
-                prefix: "POST"
-              path: # What HTTP url paths to match.
-                exact: "/test"
-                regex: "/test/.*"
-                prefix: "/"
-              headers:
-                agent-1b: # What HTTP header name to use in the match.
-                  exact: "firefox"
-                  regex: "firefox2(.*)"
-                  prefix: "firefox"
+        - setHeaderRoute:
+            # Name of the route that will be created by argo rollouts this must also be configured
+            # in spec.strategy.canary.trafficRouting.managedRoutes
+            name: 'header-route-1'
+            # The matching rules for the header route, if this is missing it acts as a removal of the route.
+            match:
+              # headerName The name of the header to apply the match rules to.
+              - headerName: 'version'
+                # headerValue must contain exactly one field of exact, regex, or prefix. Not all traffic routers support
+                # all types
+                headerValue:
+                  # Exact will only match if the header value is exactly the same
+                  exact: '2'
+                  # Will match the rule if the regular expression matches
+                  regex: '2.0.(.*)'
+                  # prefix will be a prefix match of the header value
+                  prefix: '2.0'

-      # an inline analysis step
-      - analysis:
-          templates:
-          - templateName: success-rate
+          # Sets up a mirror/shadow based route with the specified match rules
+          # The traffic will be mirrored at the configured percentage to the canary service
+          # during the rollout
+          # (supported only with trafficRouting, for Istio only at the moment)
+        - setMirrorRoute:
+            # Name of the route that will be created by argo rollouts this must also be configured
+            # in spec.strategy.canary.trafficRouting.managedRoutes
+            name: 'header-route-1'
+            # The percentage of the matched traffic to mirror to the canary
+            percentage: 100
+            # The matching rules for the header route, if this is missing it acts as a removal of the route.
+            # All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics.
+            # Each type within a match (method, path, headers) must have one and only one match type (exact, regex, prefix)
+            # Not all match types (exact, regex, prefix) will be supported by all traffic routers.
+            match:
+              - method: # What HTTP method to match
+                  exact: 'GET'
+                  regex: 'P.*'
+                  prefix: 'POST'
+                path: # What HTTP url paths to match.
+                  exact: '/test'
+                  regex: '/test/.*'
+                  prefix: '/'
+                headers:
+                  agent-1b: # What HTTP header name to use in the match.
+                    exact: 'firefox'
+                    regex: 'firefox2(.*)'
+                    prefix: 'firefox'

-      # an inline experiment step
-      - experiment:
-          duration: 1h
-          templates:
-          - name: baseline
-            specRef: stable
-            # optional, creates a service for the experiment if set
-            service:
-              # optional, service: {} is also acceptable if name is not included
-              name: test-service
-          - name: canary
-            specRef: canary
-            # optional, set the weight of traffic routed to this version
-            weight: 10
-          analyses:
-          - name : mann-whitney
-            templateName: mann-whitney
-            # Metadata which will be attached to the AnalysisRun.
-            analysisRunMetadata:
-              labels:
-                app.service.io/analysisType: smoke-test
-              annotations:
-                link.argocd.argoproj.io/external-link: http://my-loggin-platform.com/pre-generated-link
+        # an inline analysis step
+        - analysis:
+            templates:
+              - templateName: success-rate
+
+        # an inline experiment step
+        - experiment:
+            duration: 1h
+            templates:
+              - name: baseline
+                specRef: stable
+                # optional, creates a service for the experiment if set
+                service:
+                  # optional, service: {} is also acceptable if name is not included
+                  name: test-service
+              - name: canary
+                specRef: canary
+                # optional, set the weight of traffic routed to this version
+                weight: 10
+            analyses:
+              - name: mann-whitney
+                templateName: mann-whitney
+                # Metadata which will be attached to the AnalysisRun.
+                analysisRunMetadata:
+                  labels:
+                    app.service.io/analysisType: smoke-test
+                  annotations:
+                    link.argocd.argoproj.io/external-link: http://my-loggin-platform.com/pre-generated-link

      # Anti-affinity configuration between desired and previous ReplicaSet.
      # Only one must be specified.
@ -379,10 +402,13 @@ spec:
      # will achieve traffic split via a weighted replica counts between
      # the canary and stable ReplicaSet.
      trafficRouting:
+        # Supports nginx and plugins only: This lets you control the denominator or total weight of traffic.
+        # The total weight of traffic. If unspecified, it defaults to 100
+        maxTrafficWeight: 1000
        # This is a list of routes that Argo Rollouts has the rights to manage it is currently only required for
        # setMirrorRoute and setHeaderRoute. The order of managedRoutes array also sets the precedence of the route
        # in the traffic router. Argo Rollouts will place these routes in the order specified above any routes already
-        # defined in the used traffic router if something exists. The names here must match the names from the 
+        # defined in the used traffic router if something exists. The names here must match the names from the
        # setHeaderRoute and setMirrorRoute steps.
        managedRoutes:
          - name: set-header
@ -390,18 +416,18 @@ spec:
        # Istio traffic routing configuration
        istio:
          # Either virtualService or virtualServices can be configured.
-          virtualService: 
-            name: rollout-vsvc  # required
-            routes:
-            - primary # optional if there is a single route in VirtualService, required otherwise
-          virtualServices:
-          # One or more virtualServices can be configured
-          - name: rollouts-vsvc1  # required
+          virtualService:
+            name: rollout-vsvc # required
            routes:
              - primary # optional if there is a single route in VirtualService, required otherwise
-          - name: rollouts-vsvc2  # required
-            routes:
-              - secondary # optional if there is a single route in VirtualService, required otherwise
+          virtualServices:
+            # One or more virtualServices can be configured
+            - name: rollouts-vsvc1 # required
+              routes:
+                - primary # optional if there is a single route in VirtualService, required otherwise
+            - name: rollouts-vsvc2 # required
+              routes:
+                - secondary # optional if there is a single route in VirtualService, required otherwise

        # NGINX Ingress Controller routing configuration
        nginx:
@ -412,14 +438,16 @@ spec:
            - secondary-ingress
            - tertiary-ingress
          annotationPrefix: customingress.nginx.ingress.kubernetes.io # optional
-          additionalIngressAnnotations:   # optional
+          additionalIngressAnnotations: # optional
            canary-by-header: X-Canary
            canary-by-header-value: iwantsit
+          canaryIngressAnnotations: # optional
+            my-custom-annotation.mygroup.com/key: value

        # ALB Ingress Controller routing configuration
        alb:
-          ingress: ingress  # required
-          servicePort: 443  # required
+          ingress: ingress # required
+          servicePort: 443 # required
          annotationPrefix: custom.alb.ingress.kubernetes.io # optional

        # Service Mesh Interface routing configuration
@ -432,18 +460,24 @@ spec:
      # 0 means canary pods are not scaled down. Default is 30 seconds.
      abortScaleDownDelaySeconds: 30

+      # Automatically reduce the number of stable pods as the number of canary pods increases
+      # Only available when traffic routing is used. Default value is false meaning that as more canary pods
+      # are created the number of stable pods stays the same. 
+      dynamicStableScale: false
+
 status:
  pauseConditions:
-  - reason: StepPause
-    startTime: 2019-10-00T1234
-  - reason: BlueGreenPause
-    startTime: 2019-10-00T1234
-  - reason: AnalysisRunInconclusive
-    startTime: 2019-10-00T1234 
+    - reason: StepPause
+      startTime: 2019-10-00T1234
+    - reason: BlueGreenPause
+      startTime: 2019-10-00T1234
+    - reason: AnalysisRunInconclusive
+      startTime: 2019-10-00T1234
 ```
+
 ## Examples

 You can find examples of Rollouts at:

- * The [example directory](https://github.com/argoproj/argo-rollouts/tree/master/examples)
- * The [Argo Rollouts Demo application](https://github.com/argoproj/rollouts-demo)
+- The [example directory](https://github.com/argoproj/argo-rollouts/tree/master/examples)
+- The [Argo Rollouts Demo application](https://github.com/argoproj/rollouts-demo)
--- a/docs/features/traffic-management/alb.md
+++ b/docs/features/traffic-management/alb.md
@ -53,7 +53,7 @@ spec:
          ingress: ingress
          # If you want to controll multiple ingress resources you can use the ingresses field, if ingresses is specified
          # the ingress field will need to be omitted.
-          ingresses: 
+          ingresses:
           - ingress-1
           - ingress-2
          # Reference to a Service that the Ingress must target in one of the rules (optional).
@ -66,7 +66,7 @@ spec:
 The referenced Ingress should be deployed with an ingress rule that matches the Rollout service:

 ```yaml
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ingress
@ -76,14 +76,17 @@ spec:
  rules:
  - http:
      paths:
-      - path: /*
+      - path: /
+        pathType: Prefix
        backend:
-          # serviceName must match either: canary.trafficRouting.alb.rootService (if specified),
-          # or canary.stableService (if rootService is omitted)
-          serviceName: root-service
-          # servicePort must be the value: use-annotation
-          # This instructs AWS Load Balancer Controller to look to annotations on how to direct traffic
-          servicePort: use-annotation
+          service:
+            # serviceName must match either: canary.trafficRouting.alb.rootService (if specified),
+            # or canary.stableService (if rootService is omitted)
+            name: root-service
+            # servicePort must be the value: use-annotation
+            # This instructs AWS Load Balancer Controller to look to annotations on how to direct traffic
+            port:
+              name: use-annotation
 ```

 During an update, the rollout controller injects the `alb.ingress.kubernetes.io/actions.<SERVICE-NAME>`
@ -95,7 +98,7 @@ annotation that splits traffic between the canary-service and stable-service, wi
 of 10 and 90 respectively:

 ```yaml
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: ingress
@ -123,10 +126,13 @@ spec:
  rules:
  - http:
      paths:
-      - path: /*
+      - path: /
+        pathType: Prefix
        backend:
-          serviceName: root-service
-          servicePort: use-annotation
+          service:
+            name: root-service
+            port:
+              name: use-annotation
 ```

 !!! note
@ -143,7 +149,7 @@ spec:
 By default, a rollout will inject the `alb.ingress.kubernetes.io/actions.<SERVICE-NAME>` annotation
 using the service/action name specified under `spec.strategy.canary.stableService`. However, it may
 be desirable to specify an explicit service/action name different from the `stableService`. For
-example, [one pattern](/argo-rollouts/best-practices/#ingress-desiredstable-host-routes) is to use a single
+example, [one pattern](/best-practices/#ingress-desiredstable-host-routes) is to use a single
 Ingress containing three different rules to reach the canary, stable, and root service separately
 (e.g. for testing purposes). In this case, you may want to specify a "root" service as the
 service/action name instead of stable. To do so, reference a service under `rootService` under the
@ -302,6 +308,9 @@ spec:
        args: [--aws-verify-target-group]
        # NOTE: in v1.0, the --alb-verify-weight flag should be used instead
 ```
+!!! note
+
+    The `--aws-region` flag is mandatory for enabling AWS integrations, including TargetGroup verification. If the Argo Rollouts controller does not have the correct AWS region specified, or lacks access to validate the AWS ALB, the promotion process will fail. Ensure that the necessary AWS API permissions are granted to the controller and that the region is correctly configured.

 For this feature to work, the argo-rollouts deployment requires the following AWS API permissions
 under the [Elastic Load Balancing API](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/Welcome.html):
@ -411,7 +420,7 @@ spec:
 By default, Argo Rollout will operate on Ingresses with the annotation:

 ```yaml
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
@ -420,7 +429,7 @@ metadata:

 Or with the `ingressClassName`:
 ```yaml
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 spec:
  ingressClassName: alb
--- a/docs/features/traffic-management/ambassador.md
+++ b/docs/features/traffic-management/ambassador.md
@ -65,7 +65,7 @@ When Ambassador is configured in the `trafficRouting` attribute of the manifest,

 ## Endpoint Resolver

-By default, Ambassador uses kube-proxy to route traffic to Pods. However we should configure it to bypass kube-proxy and route traffic directly to pods. This will provide true L7 load balancing which is desirable in a canary workflow. This approach is called [endpoint routing](https://www.getambassador.io/docs/latest/topics/running/load-balancer/) and can be achieve by configuring [endpoint resolvers](https://www.getambassador.io/docs/latest/topics/running/resolvers/#the-kubernetes-endpoint-resolver).
+By default, Ambassador uses kube-proxy to route traffic to Pods. However we should configure it to bypass kube-proxy and route traffic directly to pods. This will provide true L7 load balancing which is desirable in a canary workflow. This approach is called [endpoint routing](https://www.getambassador.io/docs/latest/topics/running/load-balancer/) and can be achieved by configuring [endpoint resolvers](https://www.getambassador.io/docs/latest/topics/running/resolvers/#the-kubernetes-endpoint-resolver).

 To configure Ambassador to use endpoint resolver it is necessary to apply the following resource in the cluster:

--- a/docs/features/traffic-management/index.md
+++ b/docs/features/traffic-management/index.md
@ -175,16 +175,16 @@ spec:
      steps:
        - setCanaryScale:
            weight: 25
-      - setMirrorRoute:
-          name: mirror-route
-          percentage: 35
-          match:
-            - method:
-                exact: GET
-              path:
-                prefix: /
-      - pause:
-          duration: 10m
-      - setMirrorRoute:
-          name: "mirror-route" # removes mirror based traffic route
+        - setMirrorRoute:
+            name: mirror-route
+            percentage: 35
+            match:
+              - method:
+                  exact: GET
+                path:
+                  prefix: /
+        - pause:
+            duration: 10m
+        - setMirrorRoute:
+            name: "mirror-route" # removes mirror based traffic route
 ```
--- a/docs/features/traffic-management/istio.md
+++ b/docs/features/traffic-management/istio.md
@ -19,6 +19,10 @@ are available as options in Argo Rollouts:
 1. [Host-level traffic splitting](#host-level-traffic-splitting)
 2. [Subset-level traffic splitting](#subset-level-traffic-splitting)

+!!! note
+
+    When using Istio only traffic that is within the service mesh will follow the rollout strategy. Pods excluded from the service mesh (e.g., because of a `sidecar.istio.io/inject="false"` label) will follow default Kubernetes traffic routing.
+
 ## Host-level Traffic Splitting

 The first approach to traffic splitting using Argo Rollouts and Istio, is splitting between two
@ -303,7 +307,7 @@ spec:

 ## Multicluster Setup
 If you have [Istio multicluster setup](https://istio.io/latest/docs/setup/install/multicluster/)
-where the primary Istio cluster is different than the cluster where the Argo Rollout controller
+where the primary Istio cluster is different from the cluster where the Argo Rollout controller
 is running, then you need to do the following setup:

 1. Create a `ServiceAccount` in the Istio primary cluster.
@ -439,12 +443,12 @@ leverage the following Argo CD features:
      ignoreDifferences:
      - group: networking.istio.io
        kind: VirtualService
-        jsonPointers:
-        - /spec/http/0
+        jqPathExpressions:
+        - .spec.http[].route[].weight
    ```

-    Ignoring the differences in the VirtualServices HTTP route, prevents gitops differences
-    in the VirtualService HTTP routes to contribute to the overall sync status of the Argo CD
+    Ignoring the differences in the VirtualServices HTTP route weights, prevents GitOps differences
+    in the VirtualService HTTP route weights to contribute to the overall sync status of the Argo CD
    application. This adds the additional benefit of prevent auto-sync operations from being
    triggered.

@ -459,6 +463,7 @@ leverage the following Argo CD features:
      syncPolicy:
        syncOptions:
        - ApplyOutOfSyncOnly=true
+        - RespectIgnoreDifferences=true
    ```

    By default, when Argo CD  syncs an application, it runs `kubectl apply` against all resources in
@ -468,10 +473,17 @@ leverage the following Argo CD features:
    feature, provides a way to manage the conflict in the desired state of a VirtualService between
    Argo CD and Argo Rollouts.

-Argo CD also has an [open issue here](https://github.com/argoproj/argo-cd/issues/2913) which would
-help address this problem. The proposed solution is to introduce an annotation to resources, which
-indicates to Argo CD to respect and preserve the differences at a specified path, in order to allow
-other controllers (e.g. Argo Rollouts) controller manage them instead.
+## Ping Pong
+
+!!! important
+
+    Available since v1.7
+
+Argo Rollouts also supports ping pong when using Istio this was added to support configuring both ALB and
+Istio traffic routers at the same time. When using an ALB, ping-pong is generally a best practice especially with ALB readiness 
+gates enabled. However, when we change the service selectors when a rollout is aborted back to stable pod hash it causes a blip 
+of traffic outage because the ALB controller will set the pod readiness gates to false for a short while due to the label changes.
+If we configure both ALB and Istio with ping-pong this selector change does not happen and hence we do not see any outages.

 ## Alternatives Considered

--- a/docs/features/traffic-management/mixed.md
+++ b/docs/features/traffic-management/mixed.md
@ -29,14 +29,14 @@ implement more providers such as Istio, SMI, etc.

 ### Hybrid Scenarios

-In this case, its very similar to avoiding the Big-Bang, either if it is part of the platform roadmap or a new redesign
+In this case, it's very similar to avoiding the Big-Bang, either if it is part of the platform roadmap or a new redesign
 of the architecture, there are multiple scenarios where having the capacity of using multiple trafficRoutings is very 
 much in need: gradual implementation, eased rollback of architecture or even for a fallback.

 ## Requirements

 The use of multiple providers requires that both providers comply with its minimum requirements independently.
-By example, if you want to use NGiNX and SMI you would need to have both SMI and NGiNX in place and produce the rollout configuration
+For example, if you want to use NGiNX and SMI you would need to have both SMI and NGiNX in place and produce the rollout configuration
 for both.

 ```yaml
--- a/docs/features/traffic-management/nginx.md
+++ b/docs/features/traffic-management/nginx.md
@ -7,7 +7,8 @@ The Rollout controller will always set the following two annotations on the cana
 - `canary: true` to indicate that this is the canary Ingress
 - `canary-weight: <num>` to indicate what percentage of traffic to send to the canary. If all traffic is routed to the stable Service, this is set to `0`

-You can provide additional annotations to add to the canary Ingress via the `additionalIngressAnnotations` field to enable features like routing by header or cookie.
+You can provide additional annotations to add to the canary Ingress via the `additionalIngressAnnotations` or `canaryIngressAnnotations` field to enable features like routing by header or cookie.
+While the former offers the possibility of reusing a common, injectable nginx annotation prefix, the latter allows defining custom full annotations of any group, which may be relevant for other, independent mechanisms, such as a third-party metrics scraper or some other infrastructure integration.


 ## Integration with Argo Rollouts
@ -34,6 +35,8 @@ spec:
          additionalIngressAnnotations:   # optional
            canary-by-header: X-Canary
            canary-by-header-value: iwantsit
+          canaryIngressAnnotations:     # optional
+            my-custom-annotation.mygroup.com/key: value
 ```

 The stable Ingress field is a reference to an Ingress in the same namespace of the Rollout. The Rollout requires the primary Ingress routes traffic to the stable Service. The Rollout checks that condition by confirming the Ingress has a backend that matches the Rollout's stableService.
@ -42,6 +45,8 @@ The controller routes traffic to the canary Service by creating a second Ingress

 Since the Nginx Ingress controller allows users to configure the annotation prefix used by the Ingress controller, Rollouts can specify the optional `annotationPrefix` field. The canary Ingress uses that prefix instead of the default `nginx.ingress.kubernetes.io` if the field set.

+If full annotations, [as defined in the Kubernetes docs](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set), perhaps from different groups, need to be declared instead, the `canaryIngressAnnotations` field can be used, which accepts a similar key-value structure, but performs no prefix injection.
+Note that, in case of collision with `additionalIngressAnnotations`, the value under `canaryIngressAnnotations` prevails.

 ## Using Argo Rollouts with multiple NGINX ingress controllers per service
 Starting with v1.5, argo rollouts supports multiple Nginx ingress controllers pointing at one service with canary deployments. If only one ingress controller is needed, utilize the existing key `stableIngress`. If multiple ingress controllers are needed (e.g., separating internal vs external traffic), use the key `stableIngresses` instead. It takes an array of string values that are the names of the ingress controllers. Canary steps are applied identically across all ingress controllers.
--- a/docs/features/traffic-management/plugins.md
+++ b/docs/features/traffic-management/plugins.md
@ -1,26 +1,28 @@
 # Traffic Router Plugins

-!!! important
-    Available since v1.5 - Status: Alpha
+!!! warning "Alpha Feature (Since 1.5.0)"

-Argo Rollouts supports getting analysis metrics via 3rd party plugin system. This allows users to extend the capabilities of Rollouts
-to support metric providers that are not natively supported. Rollout's uses a plugin library called
+    This is an experimental, [alpha-quality](https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#alpha)
+    feature that allows you to supporttraffic router that are not natively supported.
+
+Argo Rollouts supports getting traffic router via 3rd party [plugin system](../../plugins.md). This allows users to extend the capabilities of Rollouts
+to support traffic router that are not natively supported. Rollout's uses a plugin library called
 [go-plugin](https://github.com/hashicorp/go-plugin) to do this. You can find a sample plugin
 here: [rollouts-plugin-trafficrouter-sample-nginx](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx)

-## Using a Traffic Router Plugin
+## Installing

 There are two methods of installing and using an argo rollouts plugin. The first method is to mount up the plugin executable
-into the rollouts controller container. The second method is to use a HTTP(S) server to host the plugin executable.
+into the rollouts controller container. The second method is to use an HTTP(S) server to host the plugin executable.

 ### Mounting the plugin executable into the rollouts controller container

 There are a few ways to mount the plugin executable into the rollouts controller container. Some of these will depend on your
 particular infrastructure. Here are a few methods:

-* Using an init container to download the plugin executable
-* Using a Kubernetes volume mount with a shared volume such as NFS, EBS, etc.
-* Building the plugin into the rollouts controller container
+- Using an init container to download the plugin executable
+- Using a Kubernetes volume mount with a shared volume such as NFS, EBS, etc.
+- Building the plugin into the rollouts controller container

 Then you can use the configmap to point to the plugin executable file location. Example:

@ -31,13 +33,26 @@ metadata:
  name: argo-rollouts-config
 data:
  trafficRouterPlugins: |-
-    - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
+    - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find its configuration
      location: "file://./my-custom-plugin" # supports http(s):// urls and file://
 ```

-### Using a HTTP(S) server to host the plugin executable
+### Using an HTTP(S) server to host the plugin executable

-Argo Rollouts supports downloading the plugin executable from a HTTP(S) server. To use this method, you will need to
+!!! warning "Installing a plugin with http(s)"
+
+    Depending on which method you use to install and the plugin, there are some things to be aware of.
+    The rollouts controller will not start if it can not download or find the plugin executable. This means that if you are using
+    a method of installation that requires a download of the plugin and the server hosting the plugin for some reason is not available and the rollouts
+    controllers pod got deleted while the server was down or is coming up for the first time, it will not be able to start until
+    the server hosting the plugin is available again.
+
+    Argo Rollouts will download the plugin at startup only once but if the pod is deleted it will need to download the plugin again on next startup. Running
+    Argo Rollouts in HA mode can help a little with this situation because each pod will download the plugin at startup. So if a single pod gets
+    deleted during a server outage, the other pods will still be able to take over because there will already be a plugin executable available to it. It is the
+    responsibility of the Argo Rollouts administrator to define the plugin installation method considering the risks of each approach.
+
+Argo Rollouts supports downloading the plugin executable from an HTTP(S) server. To use this method, you will need to
 configure the controller via the `argo-rollouts-config` configmap and set `pluginLocation` to a http(s) url. Example:

 ```yaml
@ -47,34 +62,39 @@ metadata:
  name: argo-rollouts-config
 data:
  trafficRouterPlugins: |-
-    - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find it's configuration
+    - name: "argoproj-labs/sample-nginx" # name of the plugin, it must match the name required by the plugin so it can find its configuration
      location: "https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx/releases/download/v0.0.1/metric-plugin-linux-amd64" # supports http(s):// urls and file://
      sha256: "08f588b1c799a37bbe8d0fc74cc1b1492dd70b2c" #optional sha256 checksum of the plugin executable
+      headersFrom: #optional headers for the download via http request 
+        - secretRef:
+            name: secret-name
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-name
+stringData:
+  Authorization: Basic <Base 64 TOKEN>
+  My-Header: value
 ```

-## Some words of caution
-
-Depending on which method you use to install and the plugin, there are some things to be aware of.
-The rollouts controller will not start if it can not download or find the plugin executable. This means that if you are using
-a method of installation that requires a download of the plugin and the server hosting the plugin for some reason is not available and the rollouts
-controllers pod got deleted while the server was down or is coming up for the first time, it will not be able to start until
-the server hosting the plugin is available again.
-
-Argo Rollouts will download the plugin at startup only once but if the pod is deleted it will need to download the plugin again on next startup. Running
-Argo Rollouts in HA mode can help a little with this situation because each pod will download the plugin at startup. So if a single pod gets
-deleted during a server outage, the other pods will still be able to take over because there will already be a plugin executable available to it. It is the
-responsibility of the Argo Rollouts administrator to define the plugin installation method considering the risks of each approach.
-
 ## List of Available Plugins (alphabetical order)

-#### Add Your Plugin Here
-* If you have created a plugin, please submit a PR to add it to this list.
-#### [rollouts-plugin-trafficrouter-sample-nginx](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx)
-* This is just a sample plugin that can be used as a starting point for creating your own plugin.
+If you have created a plugin, please submit a PR to add it to this list.
+
+### [rollouts-plugin-trafficrouter-sample-nginx](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-sample-nginx)
+
+- This is just a sample plugin that can be used as a starting point for creating your own plugin.
  It is not meant to be used in production. It is based on the built-in prometheus provider.

-#### [Contour](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour)
-* This is a plugin for support Contour.
+### [Consul](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-consul)

-#### [Gateway API](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-gatewayapi/)
-* Provide support for Gateway API, which includes Kuma, Traefix, cilium, Contour, GloodMesh, HAProxy, and [many others](https://gateway-api.sigs.k8s.io/implementations/#implementation-status). 
+- This is a plugin that allows argo-rollouts to work with Consul's service mesh for traffic shaping patterns.
+
+### [Contour](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-contour)
+
+- This is a plugin that allows argo-rollouts to work with contour's resource: HTTPProxy. It enables traffic shaping patterns such as canary releases and more.
+
+### [Gateway API](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-gatewayapi/)
+
+- Provide support for Gateway API, which includes Kuma, Traefix, cilium, Contour, GloodMesh, HAProxy, and [many others](https://gateway-api.sigs.k8s.io/implementations/#implementation-status).
--- a/docs/features/traffic-management/smi.md
+++ b/docs/features/traffic-management/smi.md
@ -3,12 +3,15 @@
 !!! important
    Available since v0.9.0

+!!! warning
+    The Cloud Native Computing Foundation [has archived the SMI Spec](https://www.cncf.io/blog/2023/10/03/cncf-archives-the-service-mesh-interface-smi-project/). The recommended way forward is to look at the [Gateway API](https://gateway-api.sigs.k8s.io/), [Project Gamma](https://gateway-api.sigs.k8s.io/concepts/gamma/) and the [Argo Rollouts Gateway API Plugin](https://github.com/argoproj-labs/rollouts-plugin-trafficrouter-gatewayapi). 
+
 [Service Mesh Interface](https://smi-spec.io/) (SMI) is a standard interface for service meshes on Kubernetes leveraged by many Service Mesh implementations (like Linkerd). SMI offers this functionality through a set of CRDs, and the Argo Rollouts controller creates these resources to manipulate the traffic routing into the desired state. 

 The Argo Rollout controller achieves traffic shaping by creating and manipulating the [TrafficSplit CR](https://github.com/servicemeshinterface/smi-spec/blob/master/traffic-split.md). A TrafficSplit describes the desired traffic routing for an application and relies on the underlying Service Meshes implement that desired state. Instead of worrying about the details of a specific service mesh, a user needs to specify a root Service that clients use to communicate and a list of backends consisting of a Service and weight. The Service Mesh implementing SMI uses this spec to route traffic to the backends Services based on the weights of the backends. For Rollout users, the Argo Rollout controller creates and manipulates the TrafficSplit using the following information:

 - Canary Service: Name of the service that sends traffic only to the canary pods
- Stable Service: Name of the service that sends traffic only to the stable po ds
+- Stable Service: Name of the service that sends traffic only to the stable pods
 - Root Service: Name of the service that clients use to communicate. If a request comes to this root service not through a proxy, the standard Kubernetes service routing will be used.

 Below is an example of a Rollout with all the required fields configured:
--- a/docs/features/vpa-support.md
+++ b/docs/features/vpa-support.md
@ -242,7 +242,7 @@ Status:
 Events:          <none>
 ```

-Here we see the recommendation for cpu, memory with lowerbound, upper bound, Target etc., are provided. If we check the status of the pods.. the older pods with initial configuration would get terminated and newer pods get created.
+Here we see the recommendation for cpu, memory with lowerbound, upper bound, Target etc., are provided. If we check the status of the pods, the older pods with initial configuration would get terminated and newer pods get created.

 ```yaml
 # kubectl get po -n test-vpa -w   
@ -337,7 +337,7 @@ Events:
 ## Requirements  
 In order for the VPA to manipulate the rollout, the Kubernetes cluster hosting the rollout CRD needs the subresources support for CRDs.  This feature was introduced as alpha in Kubernetes version 1.10 and transitioned to beta in Kubernetes version 1.11.  If a user wants to use VPA on v1.10, the Kubernetes Cluster operator will need to add a custom feature flag to the API server.  After 1.10, the flag is turned on by default.  Check out the following [link](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/) for more information on setting the custom feature flag.

-When installing VPA you may need to add the following in RBAC configurations for `system:vpa-target-reader` cluster role as by default VPA maynot support rollouts in all the versions.
+When installing VPA you may need to add the following in RBAC configurations for `system:vpa-target-reader` cluster role as by default VPA may not support rollouts in all the versions.

 ```yaml
  - apiGroups:
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts.md
@ -26,7 +26,7 @@ kubectl argo rollouts promote guestbook
 kubectl argo rollouts abort guestbook

 # Retry the guestbook rollout
-kubectl argo rollouts retry guestbook
+kubectl argo rollouts retry rollout guestbook
 ```

 ## Options
@ -41,6 +41,7 @@ kubectl argo rollouts retry guestbook
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
  -h, --help                           help for kubectl-argo-rollouts
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_abort.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_abort.md
@ -38,6 +38,7 @@ kubectl argo rollouts abort guestbook
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_completion.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_completion.md
@ -66,6 +66,7 @@ kubectl argo rollouts completion [bash|zsh|fish|powershell]
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_create.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_create.md
@ -38,6 +38,7 @@ kubectl argo rollouts create -f my-experiment.yaml -w
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_create_analysisrun.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_create_analysisrun.md
@ -51,6 +51,7 @@ kubectl argo rollouts create analysisrun --global --from my-analysis-cluster-tem
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_dashboard.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_dashboard.md
@ -10,6 +10,16 @@ Start UI dashboard
 kubectl argo rollouts dashboard [flags]
 ```

+## Examples
+
+```shell
+# Start UI dashboard
+kubectl argo rollouts dashboard
+
+# Start UI dashboard on a specific port
+kubectl argo rollouts dashboard --port 8080
+```
+
 ## Options

 ```
@ -30,6 +40,7 @@ kubectl argo rollouts dashboard [flags]
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get.md
@ -41,6 +41,7 @@ kubectl argo rollouts get experiment my-experiment
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get_experiment.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get_experiment.md
@ -52,6 +52,7 @@ kubectl argo rollouts get experiment my-experiment -w
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get_rollout.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_get_rollout.md
@ -30,6 +30,9 @@ kubectl argo rollouts get rollout guestbook

 # Watch progress of a rollout
 kubectl argo rollouts get rollout guestbook -w
+
+# Watch the rollout, fail if it takes more than 60 seconds
+kubectl argo rollouts get rollout guestbook -w --timeout-seconds 60
 ```

 ## Options
@ -53,6 +56,7 @@ kubectl argo rollouts get rollout guestbook -w
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_lint.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_lint.md
@ -36,6 +36,7 @@ kubectl argo rollouts lint -f my-rollout.yaml
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list.md
@ -39,6 +39,7 @@ kubectl argo rollouts list experiments
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list_experiments.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list_experiments.md
@ -26,7 +26,7 @@ kubectl argo rollouts list experiments --watch
 ## Options

 ```
-      --all-namespaces   Include all namespaces
+  -A, --all-namespaces   Include all namespaces
  -h, --help             help for experiments
 ```

@ -42,6 +42,7 @@ kubectl argo rollouts list experiments --watch
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list_rollouts.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_list_rollouts.md
@ -16,6 +16,9 @@ kubectl argo rollouts list rollouts [flags]
 # List rollouts
 kubectl argo rollouts list rollouts

+# List rollouts with a specific name
+kubectl argo rollouts list rollouts --name my-rollout
+
 # List rollouts from all namespaces
 kubectl argo rollouts list rollouts --all-namespaces

@ -45,6 +48,7 @@ kubectl argo rollouts list rollouts --watch
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications.md
@ -22,6 +22,7 @@ kubectl argo rollouts notifications [flags]
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
  -h, --help                           help for notifications
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template.md
@ -29,6 +29,7 @@ kubectl argo rollouts notifications template [flags]
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template_get.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template_get.md
@ -41,6 +41,7 @@ kubectl argo rollouts notifications template get app-sync-succeeded -o=yaml
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template_notify.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_template_notify.md
@ -42,6 +42,7 @@ kubectl argo rollouts notifications template notify app-sync-succeeded guestbook
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger.md
@ -29,6 +29,7 @@ kubectl argo rollouts notifications trigger [flags]
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger_get.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger_get.md
@ -41,6 +41,7 @@ kubectl argo rollouts notifications trigger get on-sync-failed -o=yaml
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger_run.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_notifications_trigger_run.md
@ -41,6 +41,7 @@ kubectl argo rollouts notifications trigger run on-sync-status-unknown ./sample-
      --cluster string                 The name of the kubeconfig cluster to use
      --config-map string              argo-rollouts-notification-configmap.yaml file path
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_pause.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_pause.md
@ -35,6 +35,7 @@ kubectl argo rollouts pause guestbook
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_promote.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_promote.md
@ -42,6 +42,7 @@ kubectl argo rollouts promote guestbook --full
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_restart.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_restart.md
@ -39,6 +39,7 @@ kubectl argo rollouts restart ROLLOUT_NAME --in 10s
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry.md
@ -38,6 +38,7 @@ kubectl argo rollouts retry experiment my-experiment
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry_experiment.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry_experiment.md
@ -35,6 +35,7 @@ kubectl argo rollouts retry experiment my-experiment
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry_rollout.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_retry_rollout.md
@ -35,6 +35,7 @@ kubectl argo rollouts retry rollout guestbook
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_set.md
+++ b/docs/generated/kubectl-argo-rollouts/kubectl-argo-rollouts_set.md
@ -35,6 +35,7 @@ kubectl argo rollouts set image my-rollout demo=argoproj/rollouts-demo:yellow
      --client-key string              Path to a client key file for TLS
      --cluster string                 The name of the kubeconfig cluster to use
      --context string                 The name of the kubeconfig context to use
+      --disable-compression            If true, opt-out of response compression for all requests to the server
      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kloglevel int                  Log level for kubernetes client library
      --kubeconfig string              Path to the kubeconfig file to use for CLI requests.
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`See [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md).`