ORIGIN9 Feature

Environment Governance

Dev, staging, production — each with its own approvals, windows, policies, and isolation.

Origin9 treats environments as first-class governance boundaries. Each is classified on a tier (development → production) and carries policies that match: how many approvers a deploy requires, when deploys are permitted, whether strict pod validation is enforced via webhook, which network policies apply, and who holds which Kubernetes RBAC roles. Ephemeral preview environments are created automatically per branch and destroyed on merge. Lock an environment during an incident; it will refuse deploys until unlocked — with an audit trail of who did what, when, and why.

Environments from dev to production each surrounded by policy guardrails and an approval gate

Classification-Driven Policy

Development, Testing, Staging, UAT, Production, and Disaster Recovery — each tier ships with defaults for approvals, windows, and workload validation.

Multi-Approver Gates

Require N reviewers before a deploy can proceed to sensitive environments. Approvals are recorded in the audit trail with timestamp and rationale.

Deployment Windows

Restrict when deploys can run — business hours, maintenance windows, or a custom schedule — timezone-aware per environment.

Environment Lock

Lock an environment during an incident or a cutover. Deploys are refused with a reason. Auto-lock during maintenance windows.

Ephemeral Previews

A branch or PR spins up a full preview environment. On merge or expiry, the environment is torn down automatically — no orphans.

Strict Workload Validation

Opt-in STRICT mode uses a webhook to validate pod identity tokens at admission — production only accepts workloads Origin9 knows about.

What This Replaces

CapabilityTraditional ApproachORIGIN9

Environment tieringNaming conventions + tribal knowledgeClassification with inherited policy

Approval workflowCustom scripts or CI pluginsNative multi-approver gates

Preview environmentsHand-written CI that rarely cleans upAutomatic lifecycle per PR

Environment lockdownPaused pipelines or manual commsExplicit lock with audit trail

Related Features

Deployment Pipeline

From commit to cluster — GitOps, approvals, rollback, and drift detection, natively connected.

Secrets Engine

Encrypted vault with rotation, versioning, audit, and direct-to-pod injection.

Audit & Compliance

Every action logged across the platform — searchable, exportable, ready for your auditor.

Ready to try Environment Governance?

From idea to production in days. Not months.