Skip to main content

Degraded mode

Degraded mode governs how Stacklok clients behave when the Enterprise Manager is unreachable, for example during a network partition, server maintenance, or an outage. You can configure a stricter policy to prevent unapproved activity during outages.

Unlike the policy directives described in Policies, degraded mode does not carry an enforcement field. It controls client fallback behavior: what happens when the server cannot be reached to enforce anything at all.

Modes

ModeBehavior
warnAll operations proceed normally. A warning is shown to the user.
block_newNew MCP server installations are blocked. Servers already running continue to operate.

Configuration

Add the degraded_mode block to your enterprise configuration.

For Helm deployments, set the values in values.yaml:

values.yaml
enterpriseConfig:
  degraded_mode:
    # One of: warn, block_new
    policy: 'block_new'
    # Optional: how long to wait before the policy takes effect after the
    # server becomes unreachable. Go duration string (e.g., "24h", "30m").
    grace_period: '24h'
    # Optional: message shown to users when degraded mode is active
    message: 'Enterprise Manager unreachable. Contact your administrator.'

For manual Kubernetes deployments, set the same fields in your enterprise-config.json ConfigMap:

enterprise-config.json
{
  "degraded_mode": {
    "policy": "block_new",
    "grace_period": "24h",
    "message": "Enterprise Manager unreachable. Contact your administrator."
  }
}

Grace period

The grace_period field delays the policy taking effect after the server becomes unreachable. During the grace period, clients operate as if in warn mode regardless of the configured policy. This prevents brief network interruptions from immediately blocking developer workflows.

For example, with grace_period: "24h" and policy: "block_new", clients continue working normally for 24 hours after losing contact with the server. After 24 hours, new server installations are blocked.

Next steps