Skip to content

Commit

Permalink
feat(infra.ci.jenkins.io) allow WinRM from agents to anywhere (#906)
Browse files Browse the repository at this point in the history
Related to
jenkins-infra/packer-images#1611 (comment)

This PR allows WinRM outbound to *any* internet IP, as we can't
determine in advance the public IPs of packer images in EC2.
  • Loading branch information
dduportal authored Dec 18, 2024
1 parent eb253eb commit 0cfda1f
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions infra.ci.jenkins.io.tf
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,10 @@ resource "azurerm_network_security_rule" "allow_outbound_winrm_http_from_infraci
source_port_range = "*"
destination_port_range = "5985"
source_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_ephemeral_agents.address_prefix
destination_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_packer_builds.address_prefix
## Restriction to only Azure private subnet
# destination_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_packer_builds.address_prefix
## Allow all destinations as we cannot know the AWS EC2 public IPs of instance in advance
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.infra_ci_jenkins_io_controller_jenkins_sponsorship.name
network_security_group_name = module.infra_ci_jenkins_io_azurevm_agents_jenkins_sponsorship.ephemeral_agents_nsg_name
}
Expand All @@ -240,7 +243,10 @@ resource "azurerm_network_security_rule" "allow_outbound_winrm_https_from_infrac
source_port_range = "*"
destination_port_range = "5986"
source_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_ephemeral_agents.address_prefix
destination_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_packer_builds.address_prefix
## Restriction to only Azure private subnet
# destination_address_prefix = data.azurerm_subnet.infra_ci_jenkins_io_sponsorship_packer_builds.address_prefix
## Allow all destinations as we cannot know the AWS EC2 public IPs of instance in advance
destination_address_prefix = "*"
resource_group_name = azurerm_resource_group.infra_ci_jenkins_io_controller_jenkins_sponsorship.name
network_security_group_name = module.infra_ci_jenkins_io_azurevm_agents_jenkins_sponsorship.ephemeral_agents_nsg_name
}
Expand Down

0 comments on commit 0cfda1f

Please sign in to comment.