Christof VG

You don't need to come out of your comfort zone, if automation is in it!

Manage Azure Resource Manager using a Managed Identity

Read time: 5 minutes
Execution time: 5 minutes

Introduction

In some cases you want to grant someone access to your Azure environment, but you don’t want them to connect from everywhere or at any given moment. But if a user is given a role in Azure, he or she can access the environment from everywhere with the rights, configured in their assigned role.

To solve this, Managed Identities are an easy way to grant access to a user, but only on a certain virtual machine.

In this short article, I will show you how you can grant access this way.

Read More

Kubernetes 3 node php

Read time: 15 minutes
Execution time: 30 minutes

Introduction

Getting started with Kubernetes can be quite hard. There are some very good books, like ‘Kubernetes in Action’ from Manning or ‘Kubernetes the hard way’ on Linux Academy. But you will certainly agree that learning works best when you get started with a nice project that is easy to understand or at least well documented.

The project I’m presenting here is a php page, served from 3 pods, spread over 3 nodes. An nginx ingress controller is used to enable ingress network traffic and cert-manager is used to create a certificate, signed by Let’s Encrypt. Here a high level overview:

Read More

Automatically convert a PowerShell script to an executable

Read time: 5 minutes

Introduction

In my previous post “PowerShell GUI with externally managed data“, we created a PowerShell GUI script that uses externally managed data. But wouldn’t it be great if the application was just an executable, which could be easily used by end-users, and that could be deployed using Mobile Device Management? Of course! In this blog post, I will guide you through the process of updating your pipeline to automatically convert the PowerShell script into an executable.

Read More

PowerShell GUI with externally managed data

Read time: 15 minutes

Introduction

A while ago, I got a question from a customer to create a PowerShell GUI script to be used by their end-users. The customer is a global company, with multiple offices in various countries. This script had following requirements:

  • data, displayed in the application, should be filtered by the selected country/location
  • the data to display should be maintained by someone without programming skills

The suggestions I made were also accepted:

  • Source control should be used for the code
  • Automated build and release (CI/CD) should be used

In this blog post I want to show you how I created an PowerShell script with a GUI with one release pipeline, and another pipeline with the data, used in the script.

Read More

Azure Virtual Datacenter - Part 3 - Firewall deployment

Read time: 10 minutes
Execution time: 10 minutes

Series overview

Introduction

We now have the foundation of our Virtual Datacenter in place. We created a central hub, meant to accommodate centralized services like firewalls, domain controllers, file servers, … . Spoke networks are created for specific workloads that need to be separated from other workloads for security or governance purposes. Another network is created that will be connected using a site-to-site ipsec tunnel to simulate an on-premises network. With all these networks in place, we are ready to implement the centralized firewalls that will inspect and control all east-west traffic (between the spokes and the on-premises network) and north-south traffic (between the internal networks and the internet).

The ARM templates for the deployment are available on my GitHub page so I won’t put the files here. But we will go deeper into certain parts of the ARM templates in this article where needed.

Read More

Azure Virtual Datacenter - Part 2 - Virtual Networks

Read time: 5 minutes
Execution time: 10 minutes

Series overview

Introduction

In the previous post, we designed the Azure Virtual Datacenter using the Hub-and-Spoke model. Now, it is time to get our hands dirty and start with the fun part! In this post, we will create the virtual networks that create the base

Read More

Azure Virtual Datacenter - Part 1 - Overview

Read time: 5 minutes

Series overview

What is an Azure Virtual Datacenter?

The term Azure Virtual Datacenter was introduced by Microsoft as an approach for extending your on-premises datacenter to the public cloud in a secure way. The complete description of the Azure Virtual Datacenter is described in the eBook “Azure Virtual Datacenter”, which can be found here: https://azure.microsoft.com/mediahandler/files/resourcefiles/1ad643b8-73f7-43f6-b05a-8e160168f9df/Azure_Virtual_Datacenter.pdf.

Read More

pfSense on Azure - Part 4 - Deploy pfSense in Azure with ARM templates

Read time: 5 minutes
Execution time: 5 minutes

Series overview

Introduction

After publishing part 1 through 3, someone brought to my attention that I should do the deployment using ARM templates instead of using PowerShell. This is completely true, so I created the necessary ARM templates to deploy the exact same environment. I made use of a main template that gathers all parameters and creates all resource groups. It also deploys 4 linked templates:

  • virtualNetwork.json: Deploys the virtual network and subnets
  • managedDisk.json: Deploys a managed disk from the uploaded VHD
  • pfSense.json: Deploys an instance of pfSense, attaching the managed disk
  • managementVM.json: Deploys a management VM to access and configure the pfSense instance

    Read More

pfSense on Azure - Part 3 - Deploy pfSense in Azure

Read time: 5 minutes
Execution time: 10 minutes

Series overview

Introduction

In the first part, we prepared the virtual machine for pfsense with all necessary tweeks for Azure. In part 2, all necessary packages are installed, along with the Azure Linux Agent. Now we are ready to upload the VHD to an Azure storage account, create an image and deploy a new virtual machine, based on that image.

Read More