0

I was following this article - Azure virtual machine scale set agents. Everything is good and I am able to run my custom images to perform builds and deployments.

One thing that is missing there - what if agent needs to access some IP restricted resource? Previously (with a simple VM running as agent) it was easy to whitelist public IP of a given agent. With those scale sets (and --load-balancer "") I am not sure how to get them to use a static IP (preferably only 1 outgoing public IP for all VMs in a set)

Any suggestions?

JleruOHeP
  • 10,106
  • 3
  • 45
  • 71

1 Answers1

1

When you use a Load Balancer in front of the VMSS with only one static public IP address, then all the VMSS instances only can access outside through that one static public IP address. It's easy to achieve it, you just need to configure the public IP address as static. Then you put that public IP address in the whitelist for the restricted resource.

In this way, all the instances access the restricted resource via the static public IP address and it's in the whitelist.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • Thanks for the comment, I`ll try to add it and see how it will work. Was confused a bit with the sentence that Az DevOps will control traffic to VMSS and there is no need to have a load balancer therefore. – JleruOHeP Jul 30 '20 at 12:21
  • Worked, and I was wrong to not try it straight away. Wonder why in documentation they insist on no load balancers? – JleruOHeP Jul 31 '20 at 00:22
  • 1
    @JleruOHeP The link you provided is just an example without a special requirement. So it does not need a Load Balancer. – Charles Xu Jul 31 '20 at 01:40