Azure 容器实例不使用公共 IP

Question

Tldr: The issue is that the IP address the agent uses doesn't match the public IP address attached to the container Instance. It's like it is using some hidden internal IP address that isn't visible to an end user.

Background: I setup a self-hosted DevOps agent in an Azure Container Instance. I added a public IP so I could whitelist it in my subscription, and the DevOps agent would have access to alter resource per Terraform templates.

Problem: The agent is unable to alter resources that have firewall rules, despite adding the container Instance IP to the whitelist. The error message states failure due to network access from an unapproved IP address. The issue is that the IP address the agent uses doesn't match the public IP address attached to the container Instance. It's like it is using some hidden internal IP address that isn't visible to an end user.

Anyone encountered this before? The whole reason I decided on a self-hosted agent was to avoid the IP hopping problem caused by using DevOps hosted agents.

Answer 1

I just tried with a simple curl container, outgoing IP is different with the IP the container is exposed on. This is something I'd expect to see as well (I believe it would be using Kubernetes underneath). Nothing you can do about that.

You can create a container in the VNet, hence you won't need to whitelist random IP addresses. or you can just create a VM assign a Public IP to it and whitelist that IP (that will always work).