GitHub Hosted Runner Azure VNET Integration: Accessing Private Resources Made Easy
Вставка
- Опубліковано 8 лип 2024
- Traditionally, accessing private resources with GitHub Actions required the setup and management of self-hosted runners. Now, with new features available for GitHub's Teams and Enterprise plans, you have the capability to configure GitHub-hosted runners to connect directly to your Azure virtual networks. This enables direct network access from the hosted runner to private resources, whether they're hosted on Azure, or connected through hybrid networks from your Azure VNET to other cloud environments, or even on-premises environments!
Let's take a look at how to set this up and walk through the end-to-end configuration!
// SUBSCRIBE ✅
ua-cam.com/users/mattallford?su...
// RESOURCES & REFERENCES 📃
GitHub Repository:
🔗github.com/mattallford/github...
About Azure private networking for GitHub-hosted runners in your organization:
🔗docs.github.com/en/organizati...
Configuring private networking for GitHub-hosted runners in your organization:
🔗docs.github.com/en/organizati...
About Ubuntu and Windows Larger Runners:
🔗docs.github.com/en/enterprise...
// FOLLOW ME 👉
Blog - mattallford.com
LinkedIn - / mattallford
Twitter - / mattallford
GitHub - github.com/mattallford
// CHAPTERS 🕛
0:00 Introduction
0:56 What Problem is Being Solved?
2:51 Example GitHub Workflow
6:05 The Demo Environment
6:46 What Did We Do Before?
10:45 GitHub Runner VNET Integration
13:14 Reviewing the GitHub Documentation
18:23 GitHub Enterprise Configuration
20:00 High Level Configuration Workflow
22:00 IaC for My Demo Environment
24:43 Prerequisites
26:59 Be Aware of the Deny Outbound NSG Rule!
29:35 Obtaining the GitHub Database ID
33:10 Configure Azure Resources
40:18 GitHub Networking Configuration
42:08 GitHub Runner Groups
43:49 Create a New Hosted Runner
45:45 GitHub Runner Billing and Spending Limit
48:28 Update and Test The Workflow
51:46 Troubleshooting Time - I Made a Mistake!
54:55 Test The Workflow - Take 2
57:06 Summary
59:02: A Final Thought About Managing Cost - Навчання та стиль
Hey Matt,
The tutorial is really awesome. You have covered everything in an hour-long video. I liked the way that you have also added some intentional common mistakes which can happen during the setup, such as configuring the runners into the default group instead of the one that needs to be used, which is eventually going to deploy NIC cards. Overall, it is really very easy to follow.
Thank you mate, glad you liked it 🙂
I get why it works for Azure (considering that the GitHub Hosted runners already live there), but it would be great to get integration to networks on other clouds, so there could be a consistent pattern.
100% agree! I’m sure they’ll see a big uptake in this integration, and can then hopefully bring it to other cloud platforms too.
Great overview, NSG tip saved me some time. Thanks
Glad it helped! Thanks for watching!
awesome tutorial I am revisiting again and again and following the steps..thanks alot
You're most welcome, glad it is helpful!
Hi Matt, I have 2 questions around setting this up for Enterprise. 1. We have multiple organisations in our enterprise. The instructions and your video, shows you need to get the Database ID to setup, this is based on your Organisation Name. But you can set up a Azure Virtual Network at Enterprise level. Do we uses any Organisation Database ID? 2. If we did setup multiple organisations each with their own private network configuration, do they each need a separate subnet in our VNet? Or can they use the same subnet?
Hey Paul!
Yeah, I realised after I filmed this that things were slightly different in an Enterprise, and I added a few sections in, but I can't recall how many.
For your first question, yes, you still get the Database ID, but instead you pass in your enterprise slug, the specific docs are here:
docs.github.com/en/enterprise-cloud@latest/admin/configuration/configuring-private-networking-for-hosted-compute-products/configuring-private-networking-for-github-hosted-runners-in-your-enterprise#1-obtain-the-databaseid-for-your-enterprise
For question 2, given the setup in an Enterprise is done at the Enterprise level, you can then leverage it from multiple organisations. So you could probably go either way you want, where you setup specific runners and runner groups at the enterprise level, for each organisation, or you could just set up one at the enterprise level to use across multiple orgs.
Hope that helps!
Great video mate! Thinking out loud, if I'm using a virtual WAN - I would assume you just ensure that there a hub connection from the vnet to the VWan and it will be able to find resources that way?
Thanks for watching, and sorry for the delay in response.
You are correct! As long as the VNET where the GitHub runner NIC is located has routing and firewall access to the target resources, it will be good to go. It will abide by any network policies and configurations such as DNS that you have applied to the network it joins 👍