While a load balancer is a powerful tool to have in your sandbox, it also comes at a high-cost and may take a relatively long time to deploy. So for scenarios where public access to the sandbox environment is not required, you can simply disable its use.
All you need to do is open the blueprint YAML and add the following ingress element:
ingress:
enabled: falseSpecial considerations
Please note that the cloud account’s networking settings in the space may affect access to the sandbox, as explained below.
For brevity, the term "sandbox application" indicates a sandbox application with external ports. "AG" stands for Application Gateway and "ALB" denotes Application Load Balancer.
For Azure cloud accounts:
- If the cloud account is defined as Internet facing in the space:
- With a load balancer: access to sandbox applications is via the AG’s public IP
- Without a load balancer: access to sandbox applications is direct (via the sandbox applications’ public IPs)
- If the cloud account is NOT Internet facing in the space:
- With a load balancer: access to sandbox applications is via the AG’s private IP
- Without a load balancer: access to sandbox applications is direct (via applications’ private IPs). Note that in this mode, access to applications is only allowed from within the VNET.
For AWS cloud accounts:
- AWS cloud accounts are internet facing by design and therefore access is allowed via the public IPs of the sandbox's ALB/applications, not the private IPs.
- With a load balancer: access to sandbox applications is via the ALB's public IP.
- Without a load balancer: direct access to sandbox applications is allowed.
Comments
0 comments
Please sign in to leave a comment.