Kubernetes on Chris Reddington

ClickOps over GitOps

Thu, 27 Oct 2022 00:00:00 +0000

The gap between raw Kubernetes and a developer-friendly PaaS is where the most interesting tooling is being built today. GitOps gives teams a declarative, version-controlled way to manage their clusters — but the infrastructure expertise required can be a steep barrier. ClickOps offers a different angle: let developers click a dashboard, and let the platform handle the YAML.

In this episode, Chris is joined by Laszlo Folgas, founder of Gimlet.io, to explore how you can combine the accessibility of a UI with the reliability of a GitOps-driven workflow.

Policy as [versioned] code - you're doing it wrong

Thu, 15 Sep 2022 00:00:00 +0000

Chris Nesbitt-Smith presents the case for treating governance policy the same way we treat source code — versioned, iterable, peer-reviewed, and continuously improved. Drawing on his experience advocating modern engineering practices within UK government, Chris explains why policies fail and what it takes to make them work.

Key Topics Covered

Why policies fail: Policies are usually written once, emotionally, as a reaction to a specific incident. They quickly become outdated, overcomplicated, and disconnected from real risk — leading developers to work around them rather than with them.
The lift pitch: Using a story of a CIO, Product Manager, developer, and cleaner sharing a lift, Chris illustrates the different stakeholder perspectives on policy — risk ownership, delivery velocity, and day-to-day practicality — and how good policy serves all of them simultaneously.
Policy as code: Storing policy in version control (Git/GitHub), enforcing it through automated CI/CD pipelines, and treating compliance as a test suite lets teams iterate on policy as fast as the threat landscape changes.
Kubernetes admission control: The specific technical context — using Kubernetes policy engines (such as OPA/Gatekeeper or Kyverno) to enforce rules at deployment time, giving developers fast and understandable feedback in their existing workflow.
Iterative, not waterfall: Attempting to write perfect policy upfront causes the same failures as waterfall software delivery. Small, incremental improvements with clear rationale are more effective and more trusted by the teams subject to them.
Culture over tooling: Tooling is the easy part. The real challenge is helping people understand why a policy exists. When developers understand the consequence, they follow the spirit of the policy — not just its letter.

From this talk you’ll learn how to use a software development pattern and product ways of thinking towards how your organization can manage policy; achieve continual updates to policy allowing the risk mitigations to move as fast as the risk does, not get in the way and be easy to measure compliance.

ToolUp Tuesday - #8

Tue, 31 May 2022 00:00:00 +0000

In this episode, Chris and Matt move from local development to cloud deployment by deploying their Go microservices to Azure Container Apps — a service that had just reached general availability. They walk through the Azure portal to explain Container Apps concepts, including how it abstracts Kubernetes, Dapr, KEDA, and Envoy under the hood. The pair tackle pulling container images from GitHub Packages into Container Apps, work through authentication challenges, and discuss Bicep for infrastructure as code. Chris also shares the news of his move from Microsoft to GitHub as an enterprise advocate.

Tech Roundup - May 2022

Sun, 29 May 2022 00:00:00 +0000

Your monthly digest covering May 2022 — one of the busiest months of the year thanks to Microsoft Build!

Azure Highlights

Azure Container Apps — now generally available; a standout announcement for event-driven, serverless container workloads without managing Kubernetes directly
Azure OpenAI Service — limited access preview with 25 OpenAI models including the GPT-3 series (ada, babbage, curie, davinci) and Codex — the technology behind AI-powered developer tools like GitHub Copilot
Azure DNS Private Resolver — public preview; enables hybrid name resolution and conditional forwarding, solving the long-standing challenge of resolving private Azure DNS from on-premises environments
Open Service Mesh extension for Azure Arc — GA; pluggable service mesh interface enabling consistent mesh capabilities across hybrid and multi-cloud environments
NGINX on Azure — natively integrated SaaS with advanced traffic management, built-in JWT support, active health checks, and Azure Key Vault integration
AKS host process containers — public preview for privileged Windows container workloads requiring host-level access
Azure Communication Services Email — GA; removes the dependency on legacy SMTP/IMAP servers for application email notifications
Azure Cosmos DB — hierarchical partition keys, enhanced serverless elasticity, partition merge, and MongoDB API RBAC now available
Azure Machine Learning — managed endpoints and CLI v2 in public preview

GitHub Updates How GitHub uses Dependabot internally to measure and accelerate dependency remediation, plus GitHub Projects enhancements.

Enqueue and Dequeue messages locally with dapr, Azure Service Bus and Azure Storage Queues

Tue, 26 Apr 2022 00:00:00 +0000

In a previous blog post, I provided an overview of the Distributed Application Runtime (dapr) and explained how it is a useful framework when building microservices. In this blog post, I will show you how to use dapr to enqueue and dequeue messages locally with Azure Service Bus and Azure Storage Queues.

Note: If you haven’t read my previous blog post - Introduction to the Distributed Application Runtime (dapr), please do so now as I will assume that you have initialised dapr and have a working local environment.

LunchBytes Series 1 Episode 3: Azure Arc for Application Services

Wed, 23 Mar 2022 00:00:00 +0000

Azure Arc extends the use of Azure Services beyond the Azure cloud. With Azure Arc you are able to deploy and monitor Azure services in your own datacentres or other cloud providers. This event will focus on Azure Application Services and how they can be deployed outside of Azure through Kubernetes with Azure Arc.

In this show you will learn:

Quick overview of Azure Arc
How to deploy your own API Management Gateway through Arc
How to deploy APIs and Logic Apps to Kubernetes clusters
How to monitor on-premise applications through Azure

This show is particularly suitable for Architects and Developers interested in application development and hybrid cloud approaches.

Tech Roundup - January 2022

Sun, 30 Jan 2022 00:00:00 +0000

Your monthly digest covering Azure, GitHub, and Azure DevOps updates — so you don’t have to keep up with it all yourself!

In this January 2022 edition, Chris returns to Cloud With Chris after a break and opens with an honest account of his mental health journey — including depression, anxiety, and the importance of asking for support. He then covers:

Cloud With Chris Updates A retrospective on 2021 content performance, the shift from weekly to monthly roundups, and upcoming changes to the channel format and content cadence.

Introduction to The Distributed Application Runtime (Dapr)

Thu, 13 Jan 2022 00:00:00 +0000

In this post, we’re going to explore the Open Source project known as Dapr (The Distributed Application Runtime). This post is primarily aimed at those who already have an understanding of Containers, Kubernetes and Microservices. However, if you’re not familiar with these topics - I’ll do my best to set the right context and background without making the blog too lengthy!

Are you building a Microservice based system? Are you looking help to solve frequent challenges that come with this architecture? Challenges such as encryption, message broker integration, observability, service discovery and secret management are frequent in this archetype. This is exactly where Dapr shines, and may be of value. If this sounds like you, then carry on reading to find out more!

Tales from the Real World on DevOps

Fri, 17 Sep 2021 00:00:00 +0000

In this episode Chris is joined by Thomas Thornton, a DevOps specialist at Kainos in Belfast, for a grounded, real-world discussion on what DevOps actually looks like at scale.

What’s covered

DevOps as culture — why DevOps is far more than a buzzword, and how to bring stakeholders beyond dev and ops into the conversation
Version control fundamentals — why getting Git right is the prerequisite to everything else in a CI/CD workflow
Branching strategies — trunk-based development vs. feature branches, managing environment drift, and when fewer branches is better
CI/CD pipeline design — starting simple, avoiding over-engineering, and incrementally adding checks and quality gates
Infrastructure as Code — using Terraform modules vs. copy-paste resources, and the long-term payoff of DRY pipelines
Kubernetes and GitOps — how pull-based GitOps (e.g. Flux/ArgoCD) enables scalable, consistent deployments across 120+ applications and multiple clusters
Practical advice for all levels — tips for those just starting out, those mid-journey, and those looking to take a mature DevOps practice further

Thomas brings examples from a real environment spanning 83 Azure subscriptions, making this one of the most grounded DevOps conversations on the channel.

V036 - Talking cloud and playing Among Us with the community

Sun, 05 Sep 2021 09:30:00 +0000

Chris and community guests Dean, John, Matt, and Simon play Among Us while discussing the latest in cloud technology. The conversation covers Azure Spring Cloud Enterprise entering preview, a wave of Azure deprecation notices including Node 6/10, PowerShell 6, and Azure AD Graph retirement, plus notable updates like AKS custom policy definitions and App Service availability zone support going GA.

The group also dives into the Docker Desktop pricing changes affecting enterprise usage, private link now supporting NSGs and UDRs, and shares tips on multi-platform streaming with OBS and Restream. Between rounds of imposter hunting, the community discusses meetup organizing, the challenges of building online audiences, and the value of learning in the open.

43 - A Decentralized Reference Architecture for Cloud-native Applications

Fri, 20 Aug 2021 03:30:00 +0000

Asanka Abeysinghe from WSO2 joins Chris Reddington to introduce the cell-based architecture — a decentralised, API-centric reference architecture for cloud-native applications, intentionally designed to be vendor and technology neutral.

Key Topics Covered

Why a new reference architecture? Most published reference architectures are really reference implementations tied to specific vendors or products. The cell-based model aims to be genuinely technology-agnostic and reusable across organisations.
Microservices governance challenges: As the number of microservices grows, coordinating them becomes complex. Without clear domain boundaries, teams accumulate technical debt and federated governance becomes unmanageable.
Domain-Driven Design (DDD): Scoping microservices by business domain — not arbitrary size — is the foundation. A cell groups related microservices under a single, well-defined boundary aligned to a business capability.
Cell-based architecture: A cell is an independently deployable unit that exposes a well-defined API surface outward while managing its own internal microservices privately. Analogous to biological cells — self-contained, composable, and independently scalable.
API management and identity: API management, integration middleware, and identity & access management (IAM) are the glue between cells — WSO2 provides these as open-source components.
Aligning architecture, development, and DevOps: The three disciplines have historically operated in silos. The cell-based model provides a common unit of work that spans all three, enabling the iterative architecture approach teams need to keep up with evolving systems.
Organisational alignment: Cells map naturally to autonomous two-pizza teams structured around business domains, making the architecture a reflection of real team ownership and accountability.

V033 - Weekly Technology Vlog #33

Sun, 15 Aug 2021 09:30:00 +0000

Chris delivers a packed weekly update covering the Azure, DevOps and GitHub ecosystems along with Cloud with Chris community news.

Azure Blog Highlights

Container app modernization — Azure Migrate enhancements for converting existing applications into containers, including integration with Key Vault for secrets management.
Azure DDoS Protection trends — Analysis of attack vectors, hot spots, and threat actor patterns across H1 2021, with insights into attack duration and geographic distribution.
Virtual network resizing (preview) — A long-awaited capability allowing resizing of peered Azure Virtual Networks, lifting a significant platform limitation.

Azure Updates

Key announcements include GitHub Codespaces reaching general availability for GitHub Teams and Enterprise Cloud, global disaster recovery via Azure Site Recovery removing region-pairing restrictions, Azure VPN Client for macOS, VM extension auto-upgrade, and Azure Machine Learning previews for cross-location compute and auto start/shutdown.

44 - AKS, AGIC and Kubenet - Tips and tricks to make it work

Fri, 13 Aug 2021 00:00:00 +0000

When using Azure Kubernetes Service (AKS), there’s a chance that kubenet might be the only possible choice due to your requirements. If so, you may still want to use Application Gateway Ingress Controller (AGIC) to leverage Azure Application Gateway’s Web Application Firewall (WAF) capabilities. In this session, we will make the journey together to have a working AGIC in an AKS cluster with kubenet and managed identities.

V032 - Talking cloud and playing Among Us with the community

Sun, 08 Aug 2021 00:00:00 +0000

Chris hosts a community Among Us gaming stream with around twelve cloud professionals including Azure SMEs, cloud solution architects, developer relations leads, and community organizers. Between rounds, the group dives into substantive tech discussions covering several topics.

The Kubernetes debate takes center stage, sparked by Ben’s viral blog post about not using Kubernetes in production. The group explores when container orchestration adds unnecessary complexity, the trade-offs of serverless alternatives, and how Kubernetes has become a career-driven technology choice rather than always the right architectural fit.

Lessons Learned from Cultivating Open Source Projects and Communities

Fri, 23 Jul 2021 00:00:00 +0000

Open source projects and communities are the backbone of modern software development, yet the human side of building and sustaining them is rarely discussed as openly as the technology itself. In this episode, Chris is joined by JJ Asghar, Developer Advocate at IBM (yes, his email really is awesome@ibm.com), who shares hard-won lessons from over a decade cultivating open source projects and communities.

JJ’s journey began tending the FAQ for CRUX, a stripped-down BSD-style Linux distribution, before moving on to the OpenStack-Chef project — building clouds at scale — and later contributing to and leading efforts in the Kubernetes, Tekton, and Istio ecosystems, with a current focus on OpenShift.

Introducing the Cloud Native Compute Foundation (CNCF)

Mon, 05 Jul 2021 00:00:00 +0000

Inspired by the recent episode with Annie Talvasto, I wanted to put together a blog post that will introduce an ongoing series on Cloud With Chris. Before we introduce that series though, it’s important that we first introduce the Cloud Native Compute Foundation (more commonly known as CNCF).

The CNCF is a Linux Foundation project that provides a set of tools and services for running cloud native applications. The project was started in 2016 by a group of companies including Red Hat, Google, IBM, and others. The project is led by a team of core committers and several external companies. The project is open source and is available on GitHub. (Fun fact: That line was added by GitHub Co-Pilot! If you’re reading this and recognising this line, let me know).

V027 - Weekly Technology Vlog #27

Sun, 04 Jul 2021 00:00:00 +0000

Vlog #27 was the first dedicated tech episode under the new alternating format (gaming one week, tech deep-dives the next). No Sea of Thieves this time — the full runtime went to GitHub Copilot, CNCF, Kubernetes, Azure Arc, and more.

GitHub Copilot Technical Preview

Chris walked through a live GitHub Copilot demo across two languages, showing how the AI pair programmer synthesises code from natural language comments and surrounding context.

41 - DevOps on Azure

Fri, 02 Jul 2021 00:00:00 +0000

In this episode, Chris is joined by Mert Yeter — software architect, Azure MVP, and Traefik Ambassador — for a live-demo-driven tour of the key DevOps building blocks on Azure.

Key topics covered:

Azure DevOps Starter: Spinning up a complete CI/CD pipeline for a containerized .NET application in minutes — including a Git repository, build pipeline, release pipeline, and Azure Container Registry — without writing YAML from scratch
Azure Container Registry (ACR): Storing and managing container images within the Azure ecosystem
Azure Container Instances (ACI) and Azure Kubernetes Service (AKS): Deploying containers at different scales, from quick single-container workloads to fully orchestrated production clusters
Traefik: A cloud-native reverse proxy and load balancer that integrates natively with Kubernetes, featuring dynamic service discovery, pluggable middleware, and a built-in dashboard for monitoring cluster ingresses and service health
Traefik Pilot and Traefik Mesh: An introduction to the broader Traefik ecosystem, including service mesh capabilities and the difference from sidecar-based approaches

Mert also highlights the value of the open-source community around projects like Traefik and encourages viewers to explore contributing via GitHub. If you want to see how quickly you can go from zero to a production-ready containerized deployment pipeline on Azure, this session is a great starting point.

Top new CNCF projects to look out for

Wed, 30 Jun 2021 00:00:00 +0000

The Cloud Native Computing Foundation (CNCF) gave us Kubernetes and Prometheus — but the ecosystem spans over 90 projects across sandbox, incubating, and graduated tiers. Chris is joined by Annie Talvasto (CNCF/Kubernetes meetup organizer for Finland and host of the Cloud Gossip podcast) to walk through the most exciting projects you should know about.

They cover:

Helm — the de facto Kubernetes package manager, making deployments, upgrades, and rollbacks dramatically simpler than raw manifests
Artifact Hub — a centralised CNCF sandbox project for discovering Helm charts and other cloud native artifacts, replacing the old Helm Hub
Linkerd — a lightweight, Rust-powered service mesh delivering observability, reliability, and security for Kubernetes microservices without complex APIs
KUDO — the Kubernetes Universal Declarative Operator, enabling stateful app operator creation without thousands of lines of custom Go code
KEDA — Kubernetes Event-Driven Autoscaling, extending Kubernetes beyond CPU/memory scaling to external event sources like queues and message brokers

Annie also explains CNCF’s three project maturity stages (sandbox, incubating, graduated) and why understanding them matters when evaluating production readiness — along with practical advice on how to get involved in the open source community behind these projects.

Hybrid Cloud Update and Life as a Cloud Advocate

Thu, 10 Jun 2021 00:00:00 +0000

Chris Reddington is joined by Sarah Lean (Techielass), Senior Cloud Advocate at Microsoft, for a wide-ranging session covering two distinct topics.

Azure Arc & Hybrid Cloud

The first half focuses on Azure Arc — Microsoft’s solution for extending Azure management capabilities beyond the public cloud. Sarah explains how Azure Arc acts as a unified management plane for on-premises servers, Kubernetes clusters, data services, and (more recently) application services, regardless of whether they live in your own datacentre, AWS, or Google Cloud. Key capabilities discussed include:

Using Azure Arc for Apps - Part 6 - Setting up Event Grid on Kubernetes with Azure Arc

Thu, 10 Jun 2021 00:00:00 +0000

Setting up Event Grid on Kubernetes with Azure Arc

In part 1 of this Using Azure Arc for Apps series, we explored Azure Arc and Azure Arc enabled Kubernetes clusters. In this post, we’ll be exploring Event Grid for Kubernetes. At time of writing, this approach is in public preview, so we may see certain limitations / features that are not yet available.

Tip: Part 1 is a pre-requisite to working through this blog post, if you plan to get hands on. As noted above, an Azure Arc enabled Kubernetes cluster is a pre-requisite in the scenario we’re walking through.

Using Azure Arc for Apps - Part 4 - Deploying Logic Apps into your App Services Kubernetes Environment

Fri, 04 Jun 2021 00:00:00 +0000

App Service Kubernetes Environment

In part 1 of this Using Azure Arc for Apps series, we explored Azure Arc and Azure Arc enabled Kubernetes clusters. In part 2, we deployed an App Service Kubernetes Environment into our Azure Arc enabled Kubernetes cluster. In part 3, we deployed a Function App into our Azure Arc enabled Kubernetes cluster. Azure Logic Apps will be the focus of this blog post. Just like App Services and Function Apps, Logic Apps can run in an App Service Environment, which means they can also run in an App Service Kubernetes Environment.

Using Azure Arc for Apps - Part 5 - Deploying an Azure API Management gateway to an Azure Arc enabled Kubernetes Cluster

Fri, 04 Jun 2021 00:00:00 +0000

Setting up an Azure API Management Gateway on Azure Arc

In part 1 of this Using Azure Arc for Apps series, we explored Azure Arc and Azure Arc enabled Kubernetes clusters. In this post, we’ll be exploring API Management on Azure Arc. At time of writing, this approach is in public preview, so we may see certain limitations / features that are not yet available.

Tip: Part 1 is a pre-requisite to working through this blog post, if you plan to get hands on. As noted above, an Azure Arc enabled Kubernetes cluster is a pre-requisite in the scenario we’re walking through. It is possible to deploy an API Management Gateway directly to Kubernetes, directly to Azure Kubernetes Service or directly to docker as an alternative approach. We will be focusing on deploying the Azure API Management Gateway to an Azure Arc enabled Kubernetes cluster.

Using Azure Arc for Apps - Part 3 - Deploying Azure Functions into an App Service Kubernetes Environment

Wed, 02 Jun 2021 00:00:00 +0000

App Service Kubernetes Environment

In part 1 of this Using Azure Arc for Apps series, we explored Azure Arc and Azure Arc enabled Kubernetes clusters. In part 2, we deployed an App Service Kubernetes Environment into our Azure Arc enabled Kubernetes cluster. As you’ll likely be aware, both Azure Functions (this blog post) and Azure Logic Apps (the next blog post) can run on Azure App Service. The same is true for an App Service Kubernetes Environment, we can run App Services, Logic Apps and Azure Functions.

Using Azure Arc for Apps - Part 1 - Setting up an Azure Arc enabled Kubernetes Cluster

Tue, 01 Jun 2021 00:00:00 +0000

Cloud Native Applications that run anywhere

At Microsoft //Build 2021, Microsoft announced a series of updates relating to Cloud Native Applications anywhere. In summary, those updates refer to running Azure Services (such as App Services, Logic Apps, Azure Functions, Event Grid and API Management) in any Kubernetes cluster which is managed by Azure Arc. That means you could have Azure App Services running in Amazon Web Services (AWS), Google Cloud Platform (GCP), or in your on-premises Kubernetes deployment. This is a significant update, so I’ve decided that I’ll be writing a series of blog posts on the topic - as one post would not do the topic justice!

Using Azure Arc for Apps - Part 2 - Deploying App Services to Kubernetes

Tue, 01 Jun 2021 00:00:00 +0000

App Service Kubernetes Environment

In part 1 of this Using Azure Arc for Apps series, we explored Azure Arc and Azure Arc enabled Kubernetes clusters. In this post, we’ll be exploring App Services on Azure Arc. More specifically, these application services run on an Azure Arc enabled Kubernetes cluster, which is a pre-requisite for us to progress. At time of writing, this approach is in public preview, so we may see certain limitations / features that are not yet available.

V022 - Weekly Technology Vlog #22

Sun, 30 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #22! This episode is a dedicated Microsoft Build 2021 recap — Chris not only walks through the headline announcements but also shares his experience presenting at the conference and reflects on the week’s standout moments.

Chris at Microsoft Build

Chris presented Creating Friction-Free Code Across All Tools and Frameworks alongside Dean Brian and Carol Logan, showcasing an end-to-end workflow with Blazor, GitHub Codespaces, GitHub Actions, and Azure Static Web Apps — recovering live demo issues on-stage in true developer fashion. The session also spotlighted UK developer communities (Thames Valley Azure, Cloud Security London, and carol’s Glasgow groups) to encourage broader community engagement.

Tales from the real world with Matt Bradley

Fri, 28 May 2021 00:00:00 +0000

Chris is joined by Matt Bradley, who helped establish the Public Cloud division at UKFast — one of the UK’s leading managed hosting providers — and shares four years of hands-on Azure experience: from first-generation migrations and consultancy to DevOps automation, Kubernetes, and hybrid cloud management.

Topics covered include:

Keeping up with Azure — the Azure Updates page, Microsoft Tech Community blog, and John Savill’s weekly infrastructure summaries as practical ways to stay current
The Azure Storage Minefield — the security and access-control pitfalls Matt uncovered and shared in his widely-attended community talk
Infrastructure as code trade-offs — ARM templates vs Terraform vs the emerging Bicep language, including why the native ARM tooling receives new Azure features first
Azure DevOps as a unified platform — consolidating fragmented “Frankenstein DevOps” pipelines (Jenkins, Jira, Bitbucket) into a single boards-repos-pipelines-artifacts workflow
Azure Arc and hybrid cloud governance — applying Azure Policy to on-premises virtual machines for consistent compliance reporting
Designing for failure — HA patterns, cattle-vs-pets thinking, and the real cost of single-instance cloud deployments that appear cheap but carry hidden risk
Compliance acceleration — how public cloud adoption simplifies ISO accreditation by providing pre-built infrastructure-level documentation
Kubernetes learning and certification — Nigel Poulton’s books, the hands-on CKA and CKAD exams, and why practical certifications better reflect real-world capability

V021 - Weekly Technology Vlog #21

Sun, 23 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #21! This week is a focused build-up episode ahead of Microsoft Build, with Chris previewing his upcoming conference presentation and covering a compact but impactful set of Azure and GitHub updates alongside a hands-on Application Insights deep dive.

Upcoming: Chris at Microsoft Build

Chris will be presenting at Microsoft Build on Wednesday 26th May at 14:30 UTC alongside Dean Brian and Carol Logan. The session — Creating Friction-Free Code Across All Tools and Frameworks — demonstrates an end-to-end developer workflow using GitHub Codespaces, GitHub Actions, and Azure Static Web Apps, with a spotlight on UK developer communities and meetup groups.

V019 - Weekly Technology Vlog #19

Sun, 09 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #19, broadcast live! This week leads with Azure’s visual rebrand and covers a wide range of security, platform, and community updates across Azure, GitHub, and Cloud with Chris.

Azure Highlights

New Azure Fluent Design Icon: Microsoft’s Fluent Design language arrives in Azure with a refreshed icon — widely celebrated across the developer community on social media.
AKS Secret Store CSI Driver Add-on: The open-source Secret Store CSI driver is now a managed AKS add-on (alongside App Gateway Ingress Controller and Pod Identity), making Kubernetes secret management significantly simpler.
Azure Security Center Updates: New hybrid and multi-cloud Kubernetes protection via Microsoft Defender for Kubernetes; recommendations for Defender for DNS and Resource Manager; Windows Server 2019 and Windows 10 Virtual Desktop now supported in Defender for Endpoint integration.
Azure VPN Gateway Enhancements: Multi-authentication type support (Azure AD, certificate, RADIUS) on a single gateway, BGP diagnostics, VPN packet capture in the Azure portal, and per-connection reset support.
Azure Backup for Blobs (GA): Operational backup for block blobs is now generally available.
Prevent Shared Key Authorization: New control to disable shared key authorization for Azure Storage accounts, improving security posture for teams moving to identity-based access.

GitHub Highlights

GitHub Enterprise Server 3.1: Now available, adding GitHub Actions visualisations, pull request auto-merge, Advanced Security improvements, and the mono-repo performance enhancements discussed in a prior week’s engineering post.
GitHub Release Radar: Pulumi 3.0 highlighted — a compelling cross-cloud infrastructure-as-code framework supporting multiple languages; distinct from Terraform’s approach.
GitHub Web Components: Engineering insight into how GitHub builds and maintains its own open-source UI component library.
Availability Report: Transparent post-incident analysis covering a DNS resolution failure affecting GitHub Packages and an elevated API error rate impacting repository creation, with clear remediation steps.

Cloud with Chris

Schema.org SEO blog post: How structured data — breadcrumbs, video previews, speaker cards — influences search engine result rendering.
Hugo CrossPoster open-source project post: Introducing the cross-posting automation tool for Dev.to and Medium, complete with GitHub Actions integration plans.
Cloud Gaming Notes Episode 4 with Dominic Williamson: Sudoku Social — a social sudoku game built with Unity and Azure PlayFab, now in beta on iOS and Android at sudoku.social.
Cloud Drop with Carol de Winter: A beginner’s guide to PowerShell in Azure Functions — the first Cloud Drop featuring a guest.
GitHub Actions + Azure Environments session: A focused walkthrough of environment-based deployment gates and approvals in GitHub Actions.

V018 - Weekly Technology Vlog #18

Sun, 02 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #18, recorded on a UK Bank Holiday! This week’s episode covers an action-packed set of updates across Azure, Azure DevOps, and GitHub, plus a detailed engineering update on the Hugo CrossPoster open-source project.

Azure Highlights

Microsoft acquires Kinvolk: A significant cloud-native investment — Kinvolk are contributors to Flatcar Container Linux and CoreOS, reinforcing Azure’s commitment to containers and the Kubernetes ecosystem.
Azure Web PubSub (Preview): A new fully managed WebSocket service enabling real-time applications such as live chat, bidding platforms, and gaming backends, priced per connection unit similarly to Event Hubs.
Azure Site Recovery + Azure Policy (Preview): Enables onboarding VMs into Azure Site Recovery at scale via Azure Policy — a key governance unlock for enterprise disaster recovery.
Delivery Plans 2.0 GA: Azure DevOps now offers improved portfolio-level planning with higher team limits, start/target dates, dependency tracking, and richer roll-up visualisations.
Red Hat Summit recap: JBoss EAP preview on App Service, RHEL Reserved Instance hybrid benefits, Azure Arc-enabled OpenShift cluster onboarding, and upcoming Ansible integration enhancements.

GitHub Highlights

Feature flags engineering post: How GitHub decouples deployments from releases using feature flags at scale.
Mono-repo optimisation deep dive: Bitmaps, pack files, and multi-pack indexes — how GitHub engineers tackle maintenance costs on large repositories.
Dependabot Preview retirement: The legacy Dependabot Preview and dependabot.com will be shut down on August 3rd — migrate to native GitHub Dependabot now and review the feature parity roadmap.
GitHub Desktop 2.8: Whitespace hiding, diff expansion, and repository aliases.

Hugo CrossPoster Update

Chris’s Hugo CrossPoster open-source project is progressing with several new engineering practices in place:

35 - A discussion on Azure Spring Cloud

Fri, 23 Apr 2021 00:00:00 +0000

Spring, Spring Boot, and Azure Spring Cloud demystified. Chris is joined by Gitte Vermeiren (Microsoft FastTrack Engineer) to explore the Java microservices landscape on Azure. They cover:

Spring vs Spring Boot — how Spring Boot is to Java what ASP.NET scaffolding is to .NET, and how start.spring.io gets you up and running instantly
Spring Cloud — adding microservice concerns like service discovery, circuit breakers, and routing on top of Spring
Azure Spring Cloud — the fully managed platform that lets you run Spring Cloud applications without provisioning or managing the underlying infrastructure
Comparing your options — when to choose Azure Spring Cloud vs. Azure App Service vs. AKS, and understanding the trade-offs around simplicity, control, and learning curve
Real customer reactions — why Java developers with existing Spring workloads often describe Azure Spring Cloud as a game-changer

Whether you’re coming from the Java world or just exploring Azure’s app hosting options, this episode offers a clear and approachable introduction.

Azure role-based access control (RBAC) at the data plane level

Wed, 21 Apr 2021 00:00:00 +0000

Principal of least privilege is a commonly used phrase within the Technology Industry. The idea is that we’ll assign permissions of what the user needs to get the job done, rather than anything broader or more privileged. This helps reduce the blast radius in the event of a compromised account. This stretches to Azure resources at the management plane, but in some cases can also stretch to the data plane of those resources. We’ll be exploring these further in this blog post.

34 - The Bulkhead Pattern (Isolate your components to prevent failures)

Fri, 09 Apr 2021 00:00:00 +0000

The Bulkhead pattern takes its name from the watertight compartments in a ship’s hull. Just as poorly designed bulkheads contributed to the sinking of the Titanic, poorly isolated cloud services can cause a single failure to cascade across your entire application.

What You’ll Learn

The Bulkhead pattern as a resilience mechanism for microservices and distributed cloud architectures
How resource exhaustion in one service can starve others sharing the same underlying infrastructure (e.g., multiple App Services on a shared App Service Plan)
Partitioning strategies:
- Using connection pools to isolate workloads from specific backend services
- Deploying services onto separate VMs, containers, or App Service Plans to enforce hardware-level isolation
- Using Kubernetes resource requests and limits to guarantee quality-of-service between pods
How the Bulkhead pattern limits the blast radius of failures, preventing cascading outages in microservices architectures
Multi-tenancy considerations: per-tenant isolation vs. shared deployment stamps, and the pricing model implications (e.g., Azure SQL Elastic Pools vs. single databases)
Monitoring individual partitions to ensure per-service SLA compliance, not just aggregate system health

Complementary Patterns

The Bulkhead pattern works alongside the Retry, Circuit Breaker, and Throttling patterns to build comprehensive resilience. Define your blast radius with bulkheads, then layer in these patterns to handle the failures that do occur gracefully.

V014 - Tech Roundup #14 Azure, DevOps & GitHub Blogs, Azure Updates & New CloudWithChris content

Sun, 04 Apr 2021 00:00:00 +0000

In this Easter Sunday livestream, Chris rounds up a bumper week of tech news. Azure highlights include Microsoft being named a Forrester Wave leader in Function-as-a-Service platforms — validating the Azure Functions investment — a Cost Management recap for March, and enterprise-scale landing zone guidance from Sarah Lean. A rapid-fire Azure update pass-through covers the new AKS run command feature (enabling ad-hoc commands through the Azure API plane on private clusters while respecting RBAC), AKS node image auto-upgrade, Open Service Mesh add-on for AKS, GA of Kubernetes 1.20 in AKS, and Azure Static Web Apps deployment without a DevOps pipeline.

V010 - Weekly Technology Vlog #10 (Episode backlog until Mid-July! New Microphone, Ignite Content!)

Mon, 08 Mar 2021 00:00:00 +0000

In this milestone tenth episode, Chris marks a birthday and a one-year podcast anniversary, picks up a new microphone, then spends the majority of the runtime covering the best of Microsoft Ignite.

Personal Milestones

Vlog #10 & Birthday: A new Shure SM7B microphone arrives — a noticeable audio quality upgrade. Episodes are now booked through to mid-July with more guests lined up into August.
One Year of Cloud With Chris: The podcast launched on 1 March 2020.

Recent Content

GPG Keys Part 2: Hands-on guide to generating GPG keys; Part 3 (linking keys to Git commits and uploading to GitHub) is coming this week.
Cloud Gaming Notes Ep. 2: Chris and Lee discuss matchmaking in cloud gaming-as-a-service — how cloud infrastructure shapes the player experience when joining sessions dynamically rather than connecting to a fixed server. Next episode covers Sea of Thieves, inventory systems, and in-game economies.
Sidecar & Ambassador Patterns with Peter Piper: Another co-hosted patterns episode with a bingo card of API buzzwords.
DotNet Limerick Azure User Group: A live presentation on using GitHub Actions to build and deploy a static podcast/blog site. Recording available on cloudwithchris.com.

Upcoming

Welsh Azure User Group (18 March): Lightning talk — GitHub for podcast/blog deployment.
MSHowTo Live with Mert (25 March): DevOps discussion.
Northern Azure User Group (6 April): Sharing the bill with Scott Hanselman.
Cache Aside Pattern episode (this Friday).
GPG Keys Part 3 (this Wednesday).

Microsoft Ignite Highlights

Azure Cognitive Search — Semantic Search: Results ranked by user intent rather than keyword frequency, powered by Microsoft Research models.

29 - The Sidecar and Ambassador Patterns

Fri, 05 Mar 2021 00:00:00 +0000

Modernising legacy applications doesn’t have to mean rewriting them from scratch. Two cloud design patterns — the Sidecar and the Ambassador — provide elegant ways to extend legacy services with modern capabilities, incrementally and safely. In this episode of Architecting for the Cloud, one pattern at a time, Chris and Peter break down both patterns.

The Ambassador Pattern

The Ambassador pattern places a proxy service between a client and an upstream service or external dependency. This proxy handles cross-cutting concerns that the underlying application doesn’t natively support:

27 - The Compute Resource Consolidation Pattern (Optimise for Cost!)

Fri, 19 Feb 2021 00:00:00 +0000

Are you running dedicated compute for every tenant, microservice, or application instance — and paying for it? The Compute Resource Consolidation pattern shows you how to consolidate tasks onto shared infrastructure, such as a single AKS cluster with namespace isolation or an Azure SQL elastic pool, to reduce costs and management overhead. This episode explores the key trade-offs: blast radius containment, noisy neighbour contention, scalability profiles, and multi-tenancy strategies. Part of the “Architecting for the Cloud, One Pattern at a Time” series.

V004 - Weekly Technology Vlog #4 (JamStack + Cloud, Upcoming Talks and Tech News)

Mon, 25 Jan 2021 00:00:00 +0000

Azure Thames Valley is gaining momentum with a website, Meetup page, Twitter account, and LinkedIn group, with the first meetup scheduled for February 16 (subsequently revised to the 17th). The committee agreed on a format of monthly virtual sessions on the third Tuesday of each month, open to speakers and attendees regardless of location.

On the Azure side, the AKS Secret Store CSI driver enters public preview, enabling Kubernetes workloads to inject secrets, keys, and certificates from Azure Key Vault without storing sensitive material in etcd. The new automatic cluster upgrade channels — patch, stable, and rapid — simplify AKS operations but require careful attention to Kubernetes API version deprecations between minor releases. Azure DevOps Delivery Plans 2.0 gains the uses statement for cleaner job resource declarations and a new manual validation task for pausing mid-stage YAML pipelines to verify configuration before continuing. Pulumi is introduced as an infrastructure-as-code tool that lets developers use Python, TypeScript, JavaScript, Go, and .NET instead of domain-specific languages, supporting AWS, Azure, GCP, and Kubernetes with native GitHub and Azure DevOps integrations. GitHub’s comprehensive 2020 year-in-review covers the CLI, mobile app, Actions improvements (self-hosted runners, environments, environment secrets, manual approvals), dark mode, GitHub Discussions, Sponsors, and pull request draft conversions.

6 - Hybrid Cloud

Sun, 10 May 2020 00:00:00 +0000

Hybrid cloud is no longer just a transitional state between on-premises and public cloud — for many enterprises, it is an end state in its own right. Chris is joined by Thomas Maurer, Senior Cloud Advocate at Microsoft, to explore this shift in thinking and how Microsoft’s Azure platform is evolving to support it.

Thomas explains that hybrid today extends well beyond the traditional on-premises-plus-Azure model. It encompasses factory floors running IoT edge workloads that cannot tolerate internet dependency, retail stores with local compute requirements, disaster recovery and backup scenarios, and true multi-cloud deployments spanning multiple public cloud providers. The episode covers a broad range of Azure technologies designed to bring cloud-like management and consistency to all of these environments: Azure Stack Hub, Azure Stack HCI, Azure Stack Edge, Azure Arc, and Azure IoT Edge.

I can use any Azure Compute Service to solve any problem? (Azure Mythbusters)

Fri, 31 Jan 2020 00:00:00 +0000

Azure offers a broad spectrum of compute services, each optimised for different workload characteristics — picking the wrong one results in the wrong scaling envelope, the wrong cost model, and unnecessary management overhead.

The episode steps through the main options:

App Service — fully managed multi-tenant hosting for web apps and APIs; drag a slider to scale.
App Service Environment (ASE) — single-tenant App Service deployed inside your own virtual network, required for compliance scenarios such as PCI DSS where the public front-end of standard App Service is not acceptable.
Container Instances — simple, fast container execution for single containers or small groups without the orchestration overhead of Kubernetes; ideal for short-lived tasks.
Azure Kubernetes Service (AKS) — managed Kubernetes with the platform handling control-plane upgrades; you still configure node pools, networking, and auto-scale rules, and must understand Kubernetes concepts to use it effectively.
Service Fabric — Microsoft’s native microservices platform (underpinning many Azure services) that natively supports stateful services by co-locating data with code, eliminating the network hop to an external state store — critical for ultra-low-latency workloads.
Azure Batch — managed job scheduler for large-scale HPC and Monte Carlo-style workloads across thousands of VMs; think big scheduled jobs, not microservices.
Azure Functions — event-driven serverless execution; consumption plan abstracts all infrastructure but you still choose between consumption and dedicated plans, and must design for stateless execution (or use Durable Functions for state management).
Logic Apps — low-code graphical workflow designer billed per step execution; great for rapid prototyping and integration scenarios.
Virtual Machines — maximum flexibility and compatibility for lift-and-shift or workloads that cannot run on PaaS; requires manual scaling or custom automation.
VM Scale Sets — treats a fleet of VMs as a single object with auto-scale rules; workloads must be stateless since any VM can be removed at any time.

The key question across all options is whether your workload is stateful or stateless, how sensitive it is to latency, what compliance constraints apply, and how predictable or spiky the load profile is.