Description
This repository provides a reference architecture with documentation links for deploying secure Azure DevOps self-hosted agents as Docker containers within Azure Container Instances, focusing on enterprise network integration with Private Endpoints, Private DNS zones, and Azure Firewall configurations, where agents are authenticated using App Registration.
Components Diagram
Reference
Self-hosted Agent (Azure Container Instance)
Network
- Communication with Azure Pipelines
- Domain Name resolution: Link the private DNS zone with all virtual networks that need to resolve your private endpoint DNS name; Private DNS zones are typically hosted centrally in the same Azure subscription where the hub virtual network deploys.
- Firewall: Determine whether you use a network virtual appliance such as Azure Firewall
- Communication through an NVA
- Firewall Configuration recommendations
- If you're running a firewall and your code is in Azure Repos. These articles has information about which domain URLs and IP addresses your private agent needs to communicate with. Azure Pipelines self-hosted agents; Allowed IP addresses and domain URLs