|
|
|
|
|
|
by kukkamario
474 days ago
|
|
|
a) resource use is minimal when deployment isn't in progress. It just idling and waiting for commands
b) Agent need to be able to connect to Azure DevOps servers, but it is connection from agent to Azure DevOps servers so no need to open any extra inbound ports or anything like that. Documentation lists the domains that need to be accessible from agents. Agent permissions to Azure are restricted based on the pipeline configuration to only allow things that are used in the pipeline. So if your pipeline does not involve cloning git some private git repo, agent cannot do that. And even that gives only access to that particular resource. So you normally have a build pipeline that generates package from you application and then deployment pipeline that only has access to that generated package which is then distributed to agents configured for some particular deployment environment. I don't really have much direct experience with deployment side of things so someone else can probably provide extra info. |
|
|