Increase IP range limit in ACR whitelisting
I would like to increase this limit because I am trying to add 200 IP ranges that belongs to Azure Cloud West Europe in order for my Azure Pipelines be able to push to ACR. These IPs belongs to Microsoft, not my company and I would like to have a feature to facilitate the security between Azure DevOps and ACR OR an increase in the range. Talking to microsoft support the alternative was to have self hosted agents which is not a good idea for us at the moment since we are starting with Azure DevOps and also we don't want to manage a self hosted agent.
Vote for this feature. The 100 ACR firewall rules limits\blocks the Microsoft-hosted agents IP ranges which more than 100.
Really appreciate your attention and suggestions.
Paul Gear commented
We are running hard up against this limit for exactly the same reason in Australia East/Southeast at the moment. We use self-hosted AzDO agents for most builds, but they aren't always appropriate because some of our pipelines spin up the VNets where the self-hosted agents live.
A superior alternative to increasing the IP range limit would be to support the use of service tags so that we could simply add the AzureCloud.australiaeast service tag to the firewall, and have it manage the IP ranges itself.
Another alternative would be to allow the use of a user-defined NSG, which itself supports service tags and all the usual NSG constructs.
There aren't any good workarounds for this at the moment. Support suggested using an IP checking service in our AzDO pipeline and then adding that address to the ACR IP range, then pausing the pipeline for 2 minutes whilst we wait for the change to apply. This is a bad workaround because it makes us reliant on an external service with no SLA, and also makes our pipelines slower.