Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
e
enough-kite-69616
07/20/2020, 4:52 PMHas anyone used Azure DevOps to run Pulumi to manage PostgreSQL instances? What do I need to do about firewall rules?
c
colossal-room-15708
07/20/2020, 10:56 PMDo you mean deploy the Postgresql itself or data into it?
e
enough-kite-69616
07/21/2020, 1:39 PMI can create the server and database from my machine, but I ran into issues with creating schemas and users because you have to create Azure firewall rules to use the Postgres client. I create firewall rules for my VPC / subnet as part of creating the Postgres instance, and now I'm hoping to be able to set up the database schema, etc. as part of my project builds.
From looking at the Azure docs it looks like they recommend running powershell scripts to create and tear down firewall rules as part of the ADO pipeline. Is there a way to do this in Pulumi itself so I don't have to have every team putting these scripts in their pipeline?
f
fresh-pilot-59899
07/23/2020, 7:14 AMyou could create a pipeline template with this: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/templates?view=azure-devops
e
enough-kite-69616
07/23/2020, 2:11 PMOkay, but no way to do it in Pulumi?
f
fresh-pilot-59899
07/23/2020, 3:01 PMthe fact that the agent is ephemeral means you need to create the firewall rule and tear it down at the end of the pipeline run, which does not really belongs to the pulumi code, as such access is not really infrastructure you want / need to manage
we are using pipeline templates and that works pretty well
since azure devops introduced Azure virtual machine scale set agents (https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/scale-set-agents?view=azure-devops) we tried creating such an agent pool, assign the LB a static ip, and then use this agents for infrastructure provisioning. That means this static IP we can then add in out pulumi code to each firewall needed, as the agent is guaranteed to have this IP
e
enough-kite-69616
07/23/2020, 3:11 PMOkay, thanks!