Azure Priviate Link Issues

Sureshkumar Nandakumar 106 Reputation points
2021-09-30T17:02:17.353+00:00

Hi All,

We are working on enabling private end point for AKS, Storage account, Cosmos DB , Key vault and other some resources as well. We are provisioning Infra using Azure DevOps Pipeline with Terraform.
We are facing some challenges to whitelist Azure DevOps Microsoft agent IPs in Azure Networking. We have also tried to use self hosted agent to get static IP and can be easily Whitelist the IPs. But we have some challenges to managing self hosted agents as mentioned below

Multiple agents can be installed per machine but Micro Soft strongly suggesting to only install one agent per machine. Installing two or more agents may affect performance and the result of our pipelines. In this case, How do we manage for Multiple environments QA,UAT,PO, DOTEST, PROD? Do we need to manage by installing one agent per environment? If yes, Does it include additional cost to manage multiple Agents for multiple environments?

We have already procured additional 12 parallel jobs in Microsoft hosted agent, suppose if we create Self hosted agent , Do we need to pay additional cost for enabling 12 parallel jobs in Self hosted agent

Is there any other alternative solution available to enable private end points for Azure resources without whitelisting Azure DevOps Microsoft, self hosted Agent IPs?

Can you please help me to understand how do we enable private endpoint for Azure resources by overcome all these challenges .

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
461 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 22,776 Reputation points Microsoft Employee
    2021-10-06T22:31:01.803+00:00

    Hello @Sureshkumar Nandakumar , apologies for the delayed response here. I am not very well versed with Azure DevOps but you can go through this documentation for cost implications of running parallel jobs. If you have any additional queries could you please redirect them to this Azure DevOps Forum. Please let us know if you have any concerns here.

    Regarding alternate way to enable private end points for Azure resources without whitelisting Azure DevOps agent IPs. I think you should able to achieve that if you have a private IP connectivity established with the Azure resources from where you are running your agent pool. There are multiple connectivity services available in Azure Networking services which you can leverage.
    As per the documentation
    138244-image.png
    Please let us know if you have any additional concerns. Thank you!

    0 comments