Previously, I have been working on demonstrating how in an enterprise, Platform Engineering Team can provide curated, compliant templates that provides deployment strategies out of the box for workload teams. You can read all about that here: https://moimhossain.com/2026/01/06/blueprints-for-unified-azure-pipelines-governing-rolling-blue-green-and-canary-deployments/ I have put a bit more work on top of that concept to make it more easy… Continue reading This Azure Pipeline Pattern Scales to 100+ Teams (Rolling, Canary & Blue-Green)
Category: docker
Blueprints for Unified Azure Pipelines: Governing Rolling, Blue/Green, and Canary Deployments
Governing Azure Pipelines with Extensible Templates Modern enterprises rarely run a single delivery workflow. They run dozens—each with its own language stack, runtime, and compliance targets. Without a consistent orchestration model, the platform team spends its life reviewing YAML changes while workload teams reinvent complex rollout mechanics. The solution is to treat pipeline templates like… Continue reading Blueprints for Unified Azure Pipelines: Governing Rolling, Blue/Green, and Canary Deployments
Building Backstage AI Chat Plugin with Azure AI Foundry Agents
This post shows how to add an AI assistant plugin to Backstage that lets internal developers chat with their own domain data using Azure AI Foundry Agents. We cover agent concepts, minimal API usage, plugin structure (frontend + lightweight backend proxy), security (secrets & identity), and deployment guidance. 1. Why an AI Chat Plugin in… Continue reading Building Backstage AI Chat Plugin with Azure AI Foundry Agents
Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
End-to-end guide: containerizing Backstage, provisioning Azure resources (with Bicep & CLI), enabling Microsoft Entra (formerly Azure AD) sign-in, managing secrets, scaling, observing, troubleshooting, and cleaning up — all aligned with current Azure best practices (managed identities, least privilege, and no hard‑coded secrets). Why Backstage + Azure Container Apps Backstage centralizes your internal developer portal (catalog,… Continue reading Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
Measuring API Latency & Throughput with k6
Modern API platforms live and die by their tail latency. Your users do not care that the “average” response time is fine if 5% of requests are 10× slower. This post walks through using k6 to benchmark Azure API Management (APIM) backed APIs, first with a basic latency script and then with per‑request telemetry streamed into Azure… Continue reading Measuring API Latency & Throughput with k6
Streamlining Azure Resource Management with AI-Powered LCM
Introduction The source code of the POC can be found in this GitHub repository. In the dynamic landscape of cloud computing, staying up-to-date with the latest updates and changes to Azure resources is crucial for maintaining efficiency and security. However, managing the lifecycle of Azure resources can be a daunting task, especially for large-scale deployments.… Continue reading Streamlining Azure Resource Management with AI-Powered LCM
AKS Workload identity – A Deeper look
Background Recently, I found myself delving into the intricacies of Workload Identity Federation within Azure Kubernetes Service (AKS) while explaining it to some friends. As I delved deeper into the topic, I realized the importance of documenting and summarizing this information for anyone else navigating the same waters - including my future self. So, let's… Continue reading AKS Workload identity – A Deeper look
Orion-Guardian: Azure DevOps Security Management at Scale
Introduction In the ever-evolving landscape of software development, ensuring the security and autonomy of your projects is paramount. Azure DevOps has become a cornerstone for many development teams, providing a robust set of tools for collaboration and project management. However, managing security at scale can be a daunting task. Enter Orion Guardian – a game-changing… Continue reading Orion-Guardian: Azure DevOps Security Management at Scale
Azure DevOps Container agents without PAT
Azure DevOps now supports Service principals and Managed identities for authentication. This is currently (at the time of writing) in Public Preview. This is quite an interesting feature and addresses many concerns related to personal access tokens (PATs). I have a self-hosted container agent runs on Docker which needs PAT to spin up. With the new development… Continue reading Azure DevOps Container agents without PAT
Azure DevOps security as Code
Accompanied source code can be found here. A while ago, I have written an application that could simplify managing Azure DevOps security. The idea was that one could define bunch of YAML file that describes numerous security aspect for an Azure DevOps project (for example, security for teams, build and release folders, repositories etc.) and… Continue reading Azure DevOps security as Code
Reverse Engineering 