Awesome video Matt, thank you a lot. You explain very well and clear. =)
@MattAllford
2 ай бұрын
Thanks so much for taking the time to leave a comment! Really glad it was helpful!
@prateekbansal9774
4 ай бұрын
Hey Matt, The tutorial is really awesome. You have covered everything in an hour-long video. I liked the way that you have also added some intentional common mistakes which can happen during the setup, such as configuring the runners into the default group instead of the one that needs to be used, which is eventually going to deploy NIC cards. Overall, it is really very easy to follow.
@MattAllford
4 ай бұрын
Thank you mate, glad you liked it 🙂
@gigahardonfire
2 ай бұрын
Great videos, exactly what I'm looking for. I have one question, what tool did you use to draw the screen ?
@MattAllford
2 ай бұрын
Thanks for watching, glad it was helpful! I use a physical Wacom device with a pen, and for this one I was just using Microsoft whiteboard. As you can tell I’m not very experienced with it yet and still figuring that bit out 🤣 When I was drawing boxes / arrows on the screen, that was using “ZoomIt” from Microsoft, part of the sysinternals suite of software. There are a number of 3rd party apps that can achieve this on screen annotation too. www.wacom.com/en-au/products/pen-tablets/one-by-wacom
@dus10dnd
5 ай бұрын
I get why it works for Azure (considering that the GitHub Hosted runners already live there), but it would be great to get integration to networks on other clouds, so there could be a consistent pattern.
@MattAllford
5 ай бұрын
100% agree! I’m sure they’ll see a big uptake in this integration, and can then hopefully bring it to other cloud platforms too.
@cfcode
3 ай бұрын
Hi Matt, I have 2 questions around setting this up for Enterprise. 1. We have multiple organisations in our enterprise. The instructions and your video, shows you need to get the Database ID to setup, this is based on your Organisation Name. But you can set up a Azure Virtual Network at Enterprise level. Do we uses any Organisation Database ID? 2. If we did setup multiple organisations each with their own private network configuration, do they each need a separate subnet in our VNet? Or can they use the same subnet?
@MattAllford
3 ай бұрын
Hey Paul! Yeah, I realised after I filmed this that things were slightly different in an Enterprise, and I added a few sections in, but I can't recall how many. For your first question, yes, you still get the Database ID, but instead you pass in your enterprise slug, the specific docs are here: docs.github.com/en/enterprise-cloud@latest/admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#1-obtain-the-databaseid-for-your-enterprise For question 2, given the setup in an Enterprise is done at the Enterprise level, you can then leverage it from multiple organisations. So you could probably go either way you want, where you setup specific runners and runner groups at the enterprise level, for each organisation, or you could just set up one at the enterprise level to use across multiple orgs. Hope that helps!
@csisbw
4 ай бұрын
Great video mate! Thinking out loud, if I'm using a virtual WAN - I would assume you just ensure that there a hub connection from the vnet to the VWan and it will be able to find resources that way?
@MattAllford
4 ай бұрын
Thanks for watching, and sorry for the delay in response. You are correct! As long as the VNET where the GitHub runner NIC is located has routing and firewall access to the target resources, it will be good to go. It will abide by any network policies and configurations such as DNS that you have applied to the network it joins 👍
@learnazureajatha5159
3 ай бұрын
awesome tutorial I am revisiting again and again and following the steps..thanks alot
@MattAllford
3 ай бұрын
You're most welcome, glad it is helpful!
@tjw590
3 ай бұрын
Great overview, NSG tip saved me some time. Thanks
@MattAllford
3 ай бұрын
Glad it helped! Thanks for watching!
@emilkordahl4113
Ай бұрын
How did you make the GitHub runner use the identity defined in 22:37?
@MattAllford
Ай бұрын
Hey! That's the service principal that was set up to authenticate to Azure using the azure/login@v1 action int he workflow (lines 27-32 in the GitHub workflow in the repository). When the workflow runs, it logs into Azure using this principal, and that's the same one I'm defining to give access to the key vault in the Bicep template. Hope that makes sense?
@emilkordahl4113
Ай бұрын
@@MattAllford Hey! Yep, that makes sense, but I am wondering how is the runner allowed to log in using the principal? And where does it come from, did you just create it yourselves?
@MattAllford
Ай бұрын
@@emilkordahl4113 So in this scenario, I created a Microsoft Entra Application with a service principal, and then gave this the required access it needs in Azure. From there, you store the information about the service principal in a GitHub secret, and then reference those secrets with the azure/login@v1 action. Part of this also requires you to configure the app registration to allow tokens from GitHub to leverage the app registration / service principal. John Savill has a great overview of OIDC authentication from GitHub to Azure (which is what I'm using) over here - kzitem.info/news/bejne/uaGe0Z-Ce51yh2k
@emilkordahl4113
Ай бұрын
@@MattAllford Ah great, thanks for the quick response!
Пікірлер: 21