https://blog.eula.no/ Recent content on blog.eula.no Hugo -- gohugo.io en-us Sun, 28 Dec 2025 18:22:19 +0100 https://blog.eula.no/posts/github-safe-settings/ Sun, 28 Dec 2025 18:22:19 +0100 https://blog.eula.no/posts/github-safe-settings/ With a growing organization and a growing count of repositories it will also be a growing need to centrally enforce repository settings, branch protection, team access and more accross the entire GitHub organization. What is Safe-Settings Safe-settings is an app to manage policy-as-code and apply repository settings across an organization. The official repository is found on GitHub. Create GitHub App In order to create an app registration from a manifest flow, create a html file with a form and include the manifest. https://blog.eula.no/posts/opentelemetry-for-vm-insights/ Sun, 26 Oct 2025 16:54:22 +0200 https://blog.eula.no/posts/opentelemetry-for-vm-insights/ More and more Azure services are getting support for OpenTelemetry. Today I’ll have a look at how VM Insights can capture and display metrics in the opentelemetry format. What is OpenTelemetry OpenTelemetry is an observability framework and toolkit designed to facilitate the generation, export and collection of telemetry data such as traces, metrics and logs. The OpenTelemetry defines a semantic convention (semantic attributes) for system metrics that is OS independent. https://blog.eula.no/posts/eliminate-easy-auth-client-secrets/ Mon, 25 Aug 2025 17:15:00 +0200 https://blog.eula.no/posts/eliminate-easy-auth-client-secrets/ At work we use acmebot with a dashboard available through an azure web app. Access to the dashboard is configured to use authentication to Entra via an Enterprise application and Easy Auth. The app registration is configured to use a client secret and by the time I got back from summer vacation, the secret had expired… So now I want to eliminate the need for these client secrets! Easy Auth Easy Auth is the built-in authentication (signing in users) and authorization (providing access to secure data) capabilities in Azure App Service. https://blog.eula.no/posts/acr-psgallery/ Fri, 25 Jul 2025 04:19:19 +0200 https://blog.eula.no/posts/acr-psgallery/ The PowerShell Gallery is full of useful modules shared by community members, but the nature of this community content makes the gallery inherently untrusted. In this post I will have a look at how you can improve your Supply Chain Security and availability by utilizing Microsoft Artifact Registry and building your own private PSGallery. $PSGallery = -not $secure Aqua published an article outlining some of the issues with the gallery and compared it to other package managers, you can read it in their blog. https://blog.eula.no/posts/epac/ Fri, 18 Jul 2025 09:12:22 +0200 https://blog.eula.no/posts/epac/ As the number of policy resources grows, EPAC is designed to be an toolkit to handle policy resources at scale, with Infrastructure as Code (IaC) in mind. What is EPAC Enterprise Azure Policy as Code (EPAC) is a declarative and idempotent desired state deployment technology for Azure Policy. It handles the creation, updating and deletion of policy resources. EPAC comes as a collection of PowerShell scripts to manage Policies, PolicySets, Policy Assignments, Policy Exemptions and Role Assignments. https://blog.eula.no/posts/modulefast-compare-speed/ Fri, 11 Jul 2025 16:22:47 +0200 https://blog.eula.no/posts/modulefast-compare-speed/ Most of the management I do in Azure is automated with powershell and put into a GitHub Actions workflow or an automation runbook. Most of them use the same modules; Az.Accounts, Az.Resources, Microsoft.Graph.Authentication, etc. Previously I’ve used the action psmodulecache. This has the benefit of generating a cache at the end of the workflow run, if no cache already exists. This way, any consecutive runs will use the cache instead of re-downloading the modules. https://blog.eula.no/posts/github-hosted-runners-azure-vnet/ Fri, 11 Jul 2025 09:12:22 +0200 https://blog.eula.no/posts/github-hosted-runners-azure-vnet/ After my previous fiddling with Azure Container Apps I decided to seeked out how to achive access a private azure network from a GitHub-hosted runner. How it works When a workflow is triggered, GitHub creates a runner service and deploys a network interface card (NIC) in the customers private azure network. Once the nic is created an attached, the job is picked up by the runner and started. The runner logs are sent back to GitHub Actions while the runner has access to any resource in the vNet. https://blog.eula.no/posts/avd-hostpool-registration-token/ Mon, 12 Aug 2024 10:41:12 +0200 https://blog.eula.no/posts/avd-hostpool-registration-token/ The old ways Up until now I’ve been using the reference function fetch a registration token. It’s possible to specify an explicit api-version: output token1 object = reference(hostPool.id, '2023-09-05').registrationInfo.token output token2 string = reference(hostPool.id).registrationInfo.token The bicep compiles to this json: "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostpoolName')), '2023-09-05').registrationInfo.token]" "[reference(resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostpoolName'))).registrationInfo.token)]" Recent errors Recently these deployments has began to fail in some envornments, with the errors: …The language expression property ’token’ can’t be evaluated. …Expected a value of type ‘String, Uri’ but received a value of type ‘Null’. https://blog.eula.no/posts/github-runners-self-hosted-part-2/ Mon, 05 Aug 2024 09:43:22 +0200 https://blog.eula.no/posts/github-runners-self-hosted-part-2/ This is part 2 about building container images for self-hosted runners in GitHub and deploying to Azure Container Apps. If you haven’t checked out part 1, do that first. This post will be building upon the last setup, focusing on auto-scaling the Azure Container App and virtual network integration for the Azure Container Apps environment. Why scale container apps Having container app replicas ready and warm makes workflow jobs start quickly since there isn’t any need for instances to initialize. https://blog.eula.no/posts/github-runners-self-hosted-part-1/ Fri, 02 Aug 2024 10:56:27 +0200 https://blog.eula.no/posts/github-runners-self-hosted-part-1/ Why self-hosted runners GitHub-hosted runners are great! They come in a variety OS and release versions, and with a bunch of preinstalled software. However self-hosted runners allows for more flexibility when you require something different, such as: beefier hardware longer workflow runs other OS private vnet access While GitHub-hosted runners are hosted on virtual machines, self-hosted runners can run from both on-prem and in a cloud, inside of a virtual machine or in a container. https://blog.eula.no/posts/batman/ Thu, 01 Aug 2024 12:00:00 +0200 https://blog.eula.no/posts/batman/ mkdir eula.blog.no cd eula.blog.no blog init . firefox eula.blog.no Hello world and welcome! My name is Eskil, I live in Norway and work as an cloud & devops engineer. You migt be wondering “what is up with the post title?”. Well this will be the first post and it won’t have any parents… and since Batman also is an orphan, I’ve decided to name the post after him!