A validation sandbox is a real Kubernetes environment created for one Foyre request. Foyre provisions it as a vcluster on your connected host cluster and gives the requester a scoped kubeconfig so they can deploy the application being reviewed.
Important
Create the sandbox, deploy your application into it, verify it is running, and only then click Mark ready for review. That signal tells the admin or reviewer team that there is a live environment they can inspect.
Before you start
You need:
- A submitted Foyre request
- A connected host Kubernetes cluster in Foyre
- Permission to create a validation environment for the request
kubectlinstalled locally- The application manifests, Helm chart, or deployment commands you want reviewers to validate
1. Create the isolated cluster
Open the request from the Foyre requests page. On the request detail page, find the Validation environment section.
Click Create isolated cluster. Foyre provisions a vcluster dedicated to that request. This can take a short time while Kubernetes creates the namespace, services, vcluster workloads, and endpoint.
2. Review the validation environment details
After creation, the validation environment should show as ready and display details similar to:
- Status
- Ready
- Namespace
- foyre-req-3-4
- vcluster
- req-3-4
- API endpoint
- https://192.168.1.92:32574
- Expires
- 5/23/2026, 5:28:48 PM
- Actions
- Download kubeconfig · Tear down
The namespace and vcluster name identify the host-cluster resources Foyre created. The API endpoint is the address your kubeconfig uses to connect to the virtual cluster.
3. Download the kubeconfig and connect
Click Download kubeconfig from the validation environment section. Save the file somewhere you can access from your terminal.
Use the downloaded kubeconfig with kubectl:
export KUBECONFIG=/path/to/downloaded-foyre-kubeconfig.yaml
kubectl get namespaces
kubectl get pods --all-namespaces
If the connection succeeds, you are talking to the validation vcluster, not the host cluster directly.
4. Deploy your application into the sandbox
Deploy the same application you want reviewed. Use your normal Kubernetes workflow: raw manifests, Kustomize, Helm, or your team’s deployment scripts.
# Example: apply Kubernetes manifests
kubectl apply -f ./k8s/
# Example: install with Helm
helm upgrade --install my-ai-app ./chart --namespace default --create-namespace
Then verify the workload is running:
kubectl get pods
kubectl get svc
kubectl describe pod <pod-name>
Warning
Do not use the sandbox as production. It exists to prove the workload can run and to give reviewers a concrete environment to inspect.
5. Mark the request ready for review
After your application is deployed and healthy, return to the request in Foyre and click Mark ready for review.
This is the handoff to the admin or reviewer team. It tells them the request is ready for hands-on validation and that they can connect to the vcluster to inspect what is actually deployed.
Reviewers can use the request details, risk score, risk reasons, comments, history, and validation environment to decide whether to approve, reject, or request changes.
Tear down when you are finished
The validation environment includes a Tear down action. Use it when the sandbox is no longer needed, or when your organization’s review workflow says to remove the environment.
Danger
Tearing down the sandbox removes the validation cluster and the workloads deployed inside it. Export anything you need before deleting the environment.
What you should have now
- A ready validation environment attached to the request
- A downloaded kubeconfig for the vcluster
- A deployed application inside the validation sandbox
- A request marked ready for review after the deployment is running