Skip to content
Foyre Foyre

Validation environments

Create a validation sandbox with vcluster

Provision an isolated Kubernetes virtual cluster for a submitted request, download the scoped kubeconfig, deploy your application into the sandbox, and mark the request ready for review.

Difficulty
Beginner
Time
10-15 minutes
Category
Validation setup
Tags
vcluster, kubectl

A validation sandbox is a real Kubernetes environment created for one Foyre request. Foyre provisions it as a vcluster on your connected host cluster and gives the requester a scoped kubeconfig so they can deploy the application being reviewed.

Important

Create the sandbox, deploy your application into it, verify it is running, and only then click Mark ready for review. That signal tells the admin or reviewer team that there is a live environment they can inspect.

Before you start

You need:

  • A submitted Foyre request
  • A connected host Kubernetes cluster in Foyre
  • Permission to create a validation environment for the request
  • kubectl installed locally
  • The application manifests, Helm chart, or deployment commands you want reviewers to validate

1. Create the isolated cluster

Open the request from the Foyre requests page. On the request detail page, find the Validation environment section.

Click Create isolated cluster. Foyre provisions a vcluster dedicated to that request. This can take a short time while Kubernetes creates the namespace, services, vcluster workloads, and endpoint.

2. Review the validation environment details

After creation, the validation environment should show as ready and display details similar to:

Status
Ready
Namespace
foyre-req-3-4
vcluster
req-3-4
API endpoint
https://192.168.1.92:32574
Expires
5/23/2026, 5:28:48 PM
Actions
Download kubeconfig · Tear down

The namespace and vcluster name identify the host-cluster resources Foyre created. The API endpoint is the address your kubeconfig uses to connect to the virtual cluster.

3. Download the kubeconfig and connect

Click Download kubeconfig from the validation environment section. Save the file somewhere you can access from your terminal.

Use the downloaded kubeconfig with kubectl:

shell
export KUBECONFIG=/path/to/downloaded-foyre-kubeconfig.yaml
kubectl get namespaces
kubectl get pods --all-namespaces

If the connection succeeds, you are talking to the validation vcluster, not the host cluster directly.

4. Deploy your application into the sandbox

Deploy the same application you want reviewed. Use your normal Kubernetes workflow: raw manifests, Kustomize, Helm, or your team’s deployment scripts.

shell
# Example: apply Kubernetes manifests
kubectl apply -f ./k8s/

# Example: install with Helm
helm upgrade --install my-ai-app ./chart --namespace default --create-namespace

Then verify the workload is running:

shell
kubectl get pods
kubectl get svc
kubectl describe pod <pod-name>

Warning

Do not use the sandbox as production. It exists to prove the workload can run and to give reviewers a concrete environment to inspect.

5. Mark the request ready for review

After your application is deployed and healthy, return to the request in Foyre and click Mark ready for review.

This is the handoff to the admin or reviewer team. It tells them the request is ready for hands-on validation and that they can connect to the vcluster to inspect what is actually deployed.

Reviewers can use the request details, risk score, risk reasons, comments, history, and validation environment to decide whether to approve, reject, or request changes.

Tear down when you are finished

The validation environment includes a Tear down action. Use it when the sandbox is no longer needed, or when your organization’s review workflow says to remove the environment.

Danger

Tearing down the sandbox removes the validation cluster and the workloads deployed inside it. Export anything you need before deleting the environment.

What you should have now

  • A ready validation environment attached to the request
  • A downloaded kubeconfig for the vcluster
  • A deployed application inside the validation sandbox
  • A request marked ready for review after the deployment is running