PrivateBuild

Private subnet placement for build instances only. This parameter is unused if Private is set to Yes, since all instances are already in private subnets in that case.

| Default value | No | | Allowed values | Yes, No |

Use Cases

  • Keeping build instances private while allowing runtime instances to remain in public subnets
  • Preventing build instances from having public IP addresses when builds pull from private registries or internal artifact stores
  • Reducing the attack surface for build infrastructure without requiring a fully private Rack

Additional Information

When PrivateBuild is set to Yes, build instances are placed in private subnets and require a NAT Gateway for outbound internet access (e.g., to pull base images from Docker Hub or other public registries).

When this parameter is enabled, registry authentication is handled entirely on the build cluster rather than through the main Rack. This means private registry credentials are not passed through the Rack API path, and all registry access stays within the build environment.

If Private is already set to Yes, this parameter has no additional effect because all instances, including build instances, are already in private subnets.

$ convox rack params set PrivateBuild=Yes

See Also

Convox Logo
Find
HomeProductPricingEnterpriseBlogDocumentation
Follow
LinkedInXGitHub
Chat
sales@convox.com
© Convox 2024 / A Curious Company
Privacy PolicyTerms of Use