Some Lagoon features can be controlled by setting feature flags. This is designed to assist users and administrators to roll out new platform features in a controlled manner.
The following environment variables can be set on an environment or project to toggle feature flags.
|Environment Variable Name
enabled to set a non-root pod security context on the pods in this environment or project.
This flag will eventually be deprecated, at which point non-root workloads will be enforced.
enabled to add a default namespace isolation network policy to each environment on deployment.
This flag will eventually be deprecated, at which point the namespace isolation network policy will be enforced.
NOTE: enabling and then disabling this feature will not remove any existing network policy from previous deployments. Those must be removed manually.
Feature flags may also be controlled at the cluster level. There is support for this in the
For each feature flag there are two flavours of values which can be set:
defaultcontrols the default policy for environments deployed to the cluster, but can be overridden at the project or environment level by the environment variables documented above.
forcealso controls the policy for environments deployed to the cluster, but cannot be overridden by the environment variables documented above.