We use Azure DevOps with Microsoft-hosted agents, and because we would like to apply authorized IP ranges for our AKS we need the agent IP addresses. To automate the process in our release pipeline we have included Azure CLI task with the command :
AGENT_IP=$(curl -s https://ipinfo.io/json | jq -r .ip)
az aks update --resource-group xxx --name yyy --api-server-authorized-ip-ranges ${AGENT_IP}
All the AGENT_IPs, we are getting from the command line, are not listed in the weekly json file. Even the operation is executed successfully and the AGENT_IP is included in the "apiServerAccessProfile.authorizedIpRanges" section, sometimes we are not able to deploy our microservice to the AKS and we are getting an error: "Unable to connect to the server: dial tcp xx.xx.xx.xx:443: i/o timeout". However sometimes the deployment is successful, even though the AGENT_IP is not listed in the weekly json.
Why the IP addresses I am getting, are not in the weekly json file ? Randomly I am able to deploy to AKS ?
Please read these docs:
I got IP address using this script:
And for build pipelines I got IP address which was outside of any IP range from weekly file for
AzureCloud.westeurope. (In my case it was 168.63.69.117, 137.135.240.152). However for relese pipeline I got IP which are in IP ranges from weekly file:But I noticed that build agents are located in Ireland and this is North Europe region. And yes, IP addresses matches IP ranges from North Europe:
I have no idea why this works like that since I have West Europe region in my settings.
But to sum up: