What is a cluster environment?
Every cluster in Niro has an environment tag that tells Niro how to treat that cluster. The environment affects policy severity — checks that are informational on a dev cluster can escalate to high severity on a production cluster.
Environment values
| Value | Use case |
|---|
unspecified | Default. No severity escalation. Use when you haven’t classified a cluster yet. |
dev | Local development and testing clusters. Low severity on all findings. |
staging | Pre-production validation. Moderate severity. |
production | Customer-facing or business-critical clusters. Full policy severity escalation. |
How environment affects policies
Some policy rules have different severity levels depending on the cluster environment:
| Policy rule | Non-production severity | Production severity |
|---|
| Single replica | Info | High |
Mutable :latest tag | Low | High |
| Missing resource requests | Medium | Medium |
| Missing resource limits | Medium | Medium |
| Missing health probes | Medium | Medium |
| Privileged container | High | High |
| No rollback history | Low | Medium |
Environment is declared by the operator — Niro doesn’t try to infer it from namespace names or labels. This is intentional: an MSP might have a namespace called production in a dev cluster, or vice versa.
Setting the environment
During cluster creation
When you add a new cluster, you can set the environment in the “Add cluster” dialog.
After enrollment
Open the cluster detail page → Settings → change the Environment dropdown → save.
The change takes effect on the next heartbeat (within ~15 seconds). New policy findings will use the updated severity; existing findings are re-evaluated on the next heartbeat cycle.
Environments and policy evaluation
Policy checks run at three points:
- Build time — when you fill in the visual builder form. Findings appear inline as you edit.
- Merge time — when a PR is opened against a linked repo. Findings appear as PR comments with the cluster’s current environment in scope.
- Runtime — continuously. Niro evaluates the live pod state against the cluster’s current environment.
In all three cases, the environment tag is used to determine the final severity shown to you.
