https://pulumi.com logo
Join Slack
Powered by
Has anyone used Azure DevOps to run Pulumi to mana...
# azure
e
Has anyone used Azure DevOps to run Pulumi to manage PostgreSQL instances? What do I need to do about firewall rules?
c
Do you mean deploy the Postgresql itself or data into it?
e
I can create the server and database from my machine, but I ran into issues with creating schemas and users because you have to create Azure firewall rules to use the Postgres client. I create firewall rules for my VPC / subnet as part of creating the Postgres instance, and now I'm hoping to be able to set up the database schema, etc. as part of my project builds.
From looking at the Azure docs it looks like they recommend running powershell scripts to create and tear down firewall rules as part of the ADO pipeline. Is there a way to do this in Pulumi itself so I don't have to have every team putting these scripts in their pipeline?
f
e
Okay, but no way to do it in Pulumi?
f
the fact that the agent is ephemeral means you need to create the firewall rule and tear it down at the end of the pipeline run, which does not really belongs to the pulumi code, as such access is not really infrastructure you want / need to manage
we are using pipeline templates and that works pretty well
since azure devops introduced Azure virtual machine scale set agents (https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/scale-set-agents?view=azure-devops) we tried creating such an agent pool, assign the LB a static ip, and then use this agents for infrastructure provisioning. That means this static IP we can then add in out pulumi code to each firewall needed, as the agent is guaranteed to have this IP
e
Okay, thanks!
3 Views
Open in Slack
PreviousNext
Powered by