Posted April 17, 20231 yr There is a common scenario that customers want their app service being allocated inside private network and cannot be accessed by public network. Therefore, they usually enable private endpoint as well as configure Access Restriction to deny all the public traffic. When the private endpoint is enabled and public traffic is denied to the web app, all the public traffic to this app is cut off. Since there is a range of IP addresses where agents are deployed, they have a public IP. Obviously, these agents are unable to reach web app. As a solution, we can either allow the IP ranges list in the firewall or use self-hosted agents to deploy. You may check below document for more information Microsoft-hosted-agents for Azure Pipelines In below lab, we will demo 2 tests. One is what if we deploy code to a web app with private endpoint by Microsoft-agent and another one is how to deploy by a self-hosted agent. Lab Test1: deploy using Microsoft-hosted agent Result: We will see Error: Failed to deploy web package to App Service. Ip Forbidden (CODE: 403) since web app is not accessible via internet. Create a new pipeline Here, I select GitHub in this demo Deploy a Django app. So I choose the second one. Select subscription and web app name Save and run Web app is private endpoint enabled which means the inbound traffic needs to be a private IP from the same subnet as web app or an IP that has permission to access this app service. However, Microsoft-agent works over public network. It is deployed failed and the Error - Failed to deploy web package to App Service. Ip Forbidden (CODE: 403) Test2: deploy using self-hosted agent on Linux VM (Ubuntu 20.04) Result: it works fine. Deploy successfully. Create Linux VM (Ubuntu 20.04) in the same VNET as web app. In Azure Devops portal, Add agent pool Then New Agent and choose operating system of your build machine. (Here, I choose Linux) Get Personal Access Tokens New token and grant permission to agent pools Remember to record this token as it will not displayed again. SSH into Linux VM and configure agent to connect Azure pipeline Download and create agent Configure agent settings Sever URL: Please refer to Deploy an Azure Pipelines agent on Linux - Azure Pipelines | Microsoft Learn Run agent Check from portal that agent is online In order to get confused, we create a separated pipeline here. Creation Steps are the same as previous steps: New Pipeline -> GitHub -> Python to Linux Web App on Azure -> Select subscription -> Select web app name -> Save and run Modify the yml file. Change pool to the one just created. Then, run the pipeline again. We can see that it deployed successfully this time. References Deploy an Azure Pipelines agent on Linux - Azure Pipelines | Microsoft Learn Microsoft-hosted-agents for Azure Pipelines Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.