// Infrastructure as Code

The gap between raw Kubernetes and a developer-friendly platform is where the most interesting tooling is being built today. GitOps gives teams a declarative, version-controlled way to manage their clusters — but the YAML expertise and infrastructure knowledge required can be a steep barrier for developers. In this episode, Chris is joined by Laszlo Folgas, founder of Gimlet.io, to explore ClickOps over GitOps: a UI-driven deployment approach where developers click their way to production while the platform silently generates GitOps manifests and commits them to a Git repository. They cover Flux CD, how Gimlet's opinionated platform works end-to-end, and why developer experience has become the defining battleground in the cloud-native ecosystem.

As systems grow in complexity across distributed architectures and microservices, traditional monitoring is no longer sufficient to maintain reliability and user experience. Observability goes beyond monitoring by correlating logs, metrics, and traces to rapidly pinpoint root causes across hybrid and multi-cloud landscapes. In this episode, Chris is joined by Samir Pradka, Enterprise Architect at Artos, to explore how organisations can build an observability platform incrementally, leverage AIOps for predictive analytics, and implement self-healing infrastructure using tools like Ansible and Azure Resource Manager.

Chris and Matt spend this episode tracking down why the World Events Engine keeps crashing on startup in Azure Container Apps — tracing the root cause to a missing GitHub Container Registry credentials block in the Infrastructure as Code and a GitHub Actions token permissions gap. The session also covers Dapr component naming conventions, storage queue message formatting, container app log analysis, and planning a dedicated GitHub Codespaces episode.

Chris Nesbitt-Smith traces how governance policies are typically born — emotionally, reactively, and as one-shot documents — then shows how applying software engineering principles transforms policy into a living, versioned artefact. The talk covers iterative policy management, Kubernetes admission control, open-source policy tooling, and the cultural shift required to make policy genuinely effective rather than just technically compliant.

Chris and Matt deploy the World Events Engine to Azure Container Apps — encountering and fixing a real-world GitHub Actions deployment bug caused by parallel runs generating duplicate container names. The episode covers Dapr storage queue bindings, service invocation between microservices, random bar-type modifier logic, and a viewer-prompted conversation about using GitHub Codespaces to standardise the development environment.

Azure RBAC is a critical security control — but managing custom role definitions manually is error-prone, hard to audit, and doesn't scale. In this episode, Chris is joined by Marcel Lupo, DevOps MVP and Solutions Architect, who demonstrates how GitHub Actions can automate the full lifecycle of custom Azure RBAC role definitions. This session goes beyond typical developer workflows to show how GitHub can serve as the governance backbone for your Azure security posture — with role definitions version-controlled, reviewed via pull requests, and deployed through automated pipelines.

Chris and Matt set up federated identity credentials (OIDC) for passwordless GitHub Actions authentication to Azure, deploy container apps via CI/CD, and discuss workflow trigger strategies for container image deployments.

Chris and Matt debug deployment issues in Azure Container Apps, restructure their Bicep infrastructure as code into separate lifecycles, and configure Dapr state store components backed by Azure Storage.

Chris and Matt deploy their containerized microservices to Azure Container Apps for the first time, pulling images from GitHub Packages and exploring the Dapr, KEDA, and Envoy integrations that Container Apps provides.

Your monthly digest of everything happening across Azure, GitHub, and Azure DevOps — so you don't have to keep up with it all yourself! In this January 2022 roundup, Chris returns to the channel after a break with an honest discussion about mental health and burnout, recaps Cloud With Chris highlights from 2021, and covers a packed set of updates: AKS improvements (containerd GA, FIPS node pools, Kubernetes version aliasing), Static Web Apps Enterprise Grade Edge GA, Azure Cognitive Search semantic updates, Azure Monitor 1-minute frequency log alerts, GitHub Advanced Security, GitHub Projects, Dependabot, and much more. Plus an outlook for what's changing on the channel in 2022.