Lead Cloud Solution Architect · Microsoft

Martin Opedal

I help organisations land securely on Azure: Landing Zones, AKS, Terraform, and the governance layer that holds it all together.

See selected work Email me
About

About

I'm a Lead Cloud Solution Architect at Microsoft, focused on Azure Landing Zones, AKS Automatic, Terraform, IaC security, and sovereign cloud deployments. Before this I ran datacenters for nearly a decade - experience that shaped how I think about reliability and security from the hardware layer up.

Most of what I ship is built with GitHub Copilot. I steer the architecture and review the output; the agent writes most of the code. I believe AI should be held to the same review standards as human contributors.

On the side I co-founded two craft breweries. Turns out fermentation and infrastructure have more in common than you'd think: both need the right environment, the right controls, and patience.

Work

What I Work On

Azure Landing Zones

End-to-end ALZ Corp deployments with Terraform and Bicep. 135+ automated checklist validations via Azure Resource Graph. Security and compliance built in from day one, not bolted on.

See deployment patterns

AKS & Kubernetes

AKS Automatic clusters with ALZ Corp networking. BYO VNet, Application Gateway for Containers, NGINX, Istio with multiple ingress and egress patterns documented with full Terraform parity.

See AKS patterns

IaC Security

Terraform modules built to run inside ALZ Corp landing zones: no public IPs, central firewall egress, managed identity everywhere. PSRule and azqr integrated into CI pipelines.

See security patterns

GitHub Runners & CI/CD

GitHub-hosted and self-hosted runners with Azure VNet integration, Container Apps, and ALZ Corp firewall egress. GHE.com EU data residency patterns.

See runner patterns
Open Source

Open Source

Terraform modules, ARG queries, and tooling that came out of real customer engagements.

Azure Governance & Assessment

PowerShell

azure-analyzer

Bundled assessment runner that unifies azqr, PSRule, AzGovViz, and 135 ALZ graph queries into one portable JSON + HTML report

 PowerShell

alz-graph-queries

Automated ALZ checklist validation: 135 Azure Resource Graph queries that take coverage from 49 to 135 items

GitHub Runners & Private Networking

Terraform

avm-ptn-cicd-agents-and-runners

Official AVM pattern module: self-hosted ADO agents and GitHub runners with PAT and UAMI auth, no public IP egress

 Terraform

ghec-vnet-runners-azure

GitHub-hosted runners with Azure VNet integration for GHE.com: EU data residency and private endpoint connectivity

 Terraform

terraform-azurerm-github-runners-alz-corp

Self-hosted GitHub Actions runners that run inside ALZ Corp landing zones with central firewall egress

Terraform Platform Modules

Terraform

terraform-azapi-aks-automatic

AKS Automatic with ALZ Corp networking: BYO VNet, multiple ingress options (AGC/NGINX/Istio), managed identity everywhere

 Terraform

avm-ptn-aiml-ai-foundry

Official AVM pattern module for Azure AI Foundry (formerly AI Studio) with network isolation and private endpoints

AKS Automation

PowerShell

aks-automatic-ingress-migration

Automated migration from NGINX Ingress to Application Gateway for Containers on AKS Automatic clusters

Other Tooling

Python

news-fetcher

RSS feed aggregator with AI relevance scoring: ingests tech news and filters for Azure/Kubernetes/IaC content

 Python

linkedin-auto-poster

AI-powered LinkedIn post generator: drafts posts in your voice from RSS feeds, submits via PR approval workflow
All repos

See everything on GitHub →

Terraform modules, ARG queries, MCP servers, and CI/CD tooling from real customer engagements
Speaking

Speaking

NIC speaker (94% approval, Level 300, live-streamed) on Terraform, GitHub Copilot, and IaC security. Nordic Infrastructure Conference →

Contact

Get in Touch

Open to conversations about Azure architecture, IaC patterns, and AI-assisted development.

Email me LinkedIn GitHub