SoliDeoGloria.tech

Technology for the Glory of God

2024

Automatic Virtual Network CIDR Assignments with Azure IPAM and Bicep

Recently Microsoft announced a public preview of native IP Address Management in Azure, powered by Virtual Network Manager. Being new technology, and with a new landing zone to build, I decided to test and see if we could use it to make IP management simpler.

The starting point was to completely miss the documentation and try and work it out myself. Sadly, the API documentation has yet to be updated to cover the new properties, and tracing the portal requests didn’t help either, since it uses a slightly different flow (sigh!).

Read more…

Self-Hosted GitHub Runners FOR FREE!

I recently had the privilege of opening the New Zealand GitHub User Group with a presentation on using Azure Container Apps for self-hosted GitHub Actions Runners. The recording of the session is available on YouTube.

<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
  <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="allowfullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/vVTpss4WpOA?autoplay=0&controls=1&end=0&loop=0&mute=0&start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"
  ></iframe>
</div>

Deploy a Flex Consumption Function App with Terraform

In May 2024 Microsoft released the Public Preview of the new Flex Consumption Azure Functions. This is an exciting release, primarily because it finally allows a consumption Function App to be VNet integrated. Before the release of Flex Consumption Function Apps, we had to either decide to use a consumption plan or allow access to internal resources (and pay 24/7 for the privilege). While there have been workarounds (e.g. run a Function App in Container Apps) none were ideal.

Read more…

Ansible, Python, PEP668, and Virtual Environments

Have you ever had one of those days where your troubleshooting resembles doing the foxtrot? Forward. Sideways. Backwards. Round in Circles. I had one of those last week.

My current customer is using Ansible for orchestration. As part of proving out the capabilities, and working through the best way to make it all work, I needed to set up my local environment.

Running macOS typically makes setup a breeze. Thanks to the wonderful Homebrew Pacakge Manager. Tools such as Ansible and Ansible Lint are just a brew install away.

Read more…

Azure Virtual WAN Route Maps and Reflected Routes

Microsoft have make controlling routing within a Virtual WAN much easier thanks to a combination of Routing Intent and Route Maps (in preview at time of writing). Route Maps work in the same manner (at least theoretically) to route map configuratons network administrators are used to in on-premises equipment.

In testing tehm out for a customer, I ran straight into a problem. I like to keep things tidy, and when I looked at the output of the outbound route map configuration for a site to site VPN with AWS, I didn’t like that it showed all my AWS routes being published back out to the VPN. So I configured a route map rule to drop reflected routes.

Read more…

Grant Admin Consent for an Azure AD application with Terraform

One challenge we often run into when provisioning Azure AD applications with Terraform is a need to grant admin consent for API permissions. Sadly there is not a native resource within Terraform to make this happen, however with some creative use of provisioners (yes, I feel bad about it too) we can ensure that admin consent is granted for our applications.

To start with, we deploy our Azure AD application as normal. As part of the configuration, we also assign the required API permissions.

Read more…

2023

Access Terraform Private Modules in GitHub Actions

In a recent project we used GitHub Actions to deploy our Terraform code. While not the best way to deploy Terraform, we had it working nicely.

One of the biggest challenges we encountered was how to download the private Terraform modules we had created. In a GitHub Actions workflow you can specify the permissions that the runner should be granted. However, these permissions are scoped to the repository that the Action is running on, and it is not possible to add additonal repos to the permission set.

Read more…