Quick tip: Get in control by using your GitHub context

GitHib actions and workflows are very powerful by nature. They help me to build and deploy my Azure environments, without having me to do all the tedious and errorprone work. I create a pull request, have it peer reviewed and once approved my environments are provisoned the way I envisioned it. This is also the case at my current assignment for a large organization. Last year the organization decided that a new change management system (which name I refuse to pronounce) should handle all changes. Continue reading

Quick tip: Find permissions in RBAC roles easily

When building infrastructures in Azure, you sometimes come to a point in which you need to add an additional action to a RBAC role in order to access certain Azure resources. In our case we needed to add read permissions on the Front Door activity logs to an internal security administrator role. The way I used to do it, was browing MS-learn to can find a comprehensive list of built-in roles. Continue reading

Where is that documentation? A tale on setting up diagnostic settings...

I’m a big fan of Azure and building infrastructure on it using IaC (Infrastructure as Code) and deploy it through pipelines (Azure DevOps) or workflows (Github). The last two years, I primarily used Bicep to build the infrastructure. This is often a very satisfying experience but in some cases it can be quite frustrating. Frustrating because I can’t find the information that I need in the MS Learn documentation at the location where I would expect it to be. Continue reading

A nightmare on FrontDoor in Bicep...

For some reason I seem to attract the most exotic scenarios when it comes to building Infrastructure as Code (IaC). This time it was no different. For a client I’m working on building an environment in which disaster recovery is a top priority. Besides being zone redundant, the client requires region redundancy as well, in case a complete Azure region gets wiped out by a disaster or a combination of disasters… My imagination gets triggered and I envision all kinds of apocalyptic movie scenarios. Continue reading

Note to self: fix invalid GitHub credentials in VSCode

From time to time I start working on projects for new customers. As soon as I start I receive an invitation from Github to join the customer’s Github organization. Most of the organization have a SAML based single sign on (SSO). After joining the organization using my personal Github account, I’m able to work on the repositories on which I have access. So far so good… Then the moment comes that I need to clone the repository, which can be a hassle from time-to-time. Continue reading

Note to self: localhost in kestrel is localhost

In one of the projects I’m involved in, I ran into a problem. In this project we are building a solution that is running on a Linux based Edge Device connected to Azure. On the Edge device, a k3s cluster hosts a number of services required by the solution. In order to be able to develop and debug on a Linux environment, I equiped my system with Hyper-V, an internal NAT switch and a fresh copy of Ubuntu. Continue reading