Skip to content

Posting articles about Microsoft Azure, cloud security, infrastructure as code, DevOps and site reliability engineering topics.

Articles

Setting Up Spec-Driven Development for Success

Spec-Driven Development architecture: DevContainer → spec-kit → azd → Azure Container Apps

Ever wondered how you can stop "vibe coding" and start building actual value from your ideas in a structured and repeatable way.

The fix isn't a better prompt — it's a better starting setup. Specifically: a repository structure that gives AI assistants structured context, pins the environment so every contributor runs identical tooling, and built in Azure deployment so there's no gap between "works locally" and "running in Azure."

This post shows you how by combining three tools into one workflow:

  • spec-kit — a CLI and VS Code workflow that turns vague feature ideas into structured specifications, implementation plans, and dependency-ordered task lists before a single line of code is written
  • DevContainers — a VS Code / GitHub Codespaces feature that pins the exact development environment in a .devcontainer/devcontainer.json committed to the repository
  • Azure Developer CLI (azd) — a CLI that standardises repository layout and enables one-command provisioning and deployment to Azure

Who this is for

Developers building on Azure who are comfortable with Git and VS Code but haven't yet established a structured, AI-assisted development workflow.

Prerequisites

  • Git and VS Code installed locally
  • Docker Desktop (or Rancher Desktop / Podman Desktop) for running the DevContainer — or access to GitHub Codespaces
  • An active Azure subscription (required for the azd up step)
  • A GitHub Copilot license (Individual, Business, or Enterprise) if you want to use the cloud agent path in Step 8

By the end you will have a working repository: containerised for reproducibility, deployable to Azure Container Apps with a single command, and pre-wired for the full spec-kit SDD pipeline.

Microsoft Planetary Computer as sustainability tool

Growing up on a farm opened my eyes early on to how amazing and fragile nature is and how we as humans need to live in harmony with nature. Living in the Netherlands for the last couple of years has exposed me to awesome ways that farmers are pushing the boundaries to what is possible in "smart" technology driven agriculture. With that innovation comes the responsibility to keep ourselves accountable for our impact on nature. I believe that is where the Microsoft Planetary computer can play a role as real-time "planetary nervous system".

Azure cloud adoption and migration pitfalls

Whether you are just starting out in Azure, running many production workloads on a full Azure landing zone architecture, looking to migrate resources from on-prem to Azure or want to improve your hybrid cloud environment each of these phases comes with its set of challenges. In this article I will highlight some common pitfalls you can avoid in your cloud journey.

  • in Azure
  • 15 min read

Secure your Azure Container Apps Environment (Part 02)

Series recap — Part 01: In Part 01 we covered the security baseline for Azure Container Apps Environments: network isolation using a custom VNet with dedicated subnets, locking down egress with Azure Firewall and UDR, disabling public network access, and enabling internal-only ingress. We also walked through the zero-trust identity model using Managed Identity and Azure Container Registry access.

In the 2nd part of this 2 part series on securing Azure Container Apps Environment, we will look into a deployment example. We will make use of Azure Verified Modules as far as possible. Then we will cover some scenarios on how you can make this available to your development teams and how development teams can perform deployments of Azure Container Apps into the managed environment safely.

  • in Azure
  • 20 min read

Secure your Azure Container Apps Environment (Part 01)

By now we all know Azure Container Apps is an amazing service, which provides us with a quick way to get up and running with the deployment of our containerized workloads. Azure Container Apps also gives us the opportunity of using containers at scale without the complexities of managing our own Kubernetes cluster. However, Azure Container apps is a configurable PaaS service and is not secure by default. In this article, which is part 01 of a series, I will cover some of the configuration options we have available to make our deployments more secure.