This post shows how to add an AI assistant plugin to Backstage that lets internal developers chat with their own domain data using Azure AI Foundry Agents. We cover agent concepts, minimal API usage, plugin structure (frontend + lightweight backend proxy), security (secrets & identity), and deployment guidance. 1. Why an AI Chat Plugin in… Continue reading Building Backstage AI Chat Plugin with Azure AI Foundry Agents
Category: docker
Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
End-to-end guide: containerizing Backstage, provisioning Azure resources (with Bicep & CLI), enabling Microsoft Entra (formerly Azure AD) sign-in, managing secrets, scaling, observing, troubleshooting, and cleaning up — all aligned with current Azure best practices (managed identities, least privilege, and no hard‑coded secrets). Why Backstage + Azure Container Apps Backstage centralizes your internal developer portal (catalog,… Continue reading Backstage on Azure Container Apps with Microsoft Entra ID (Azure AD) Authentication
Measuring API Latency & Throughput with k6
Modern API platforms live and die by their tail latency. Your users do not care that the “average” response time is fine if 5% of requests are 10× slower. This post walks through using k6 to benchmark Azure API Management (APIM) backed APIs, first with a basic latency script and then with per‑request telemetry streamed into Azure… Continue reading Measuring API Latency & Throughput with k6
Streamlining Azure Resource Management with AI-Powered LCM
Introduction The source code of the POC can be found in this GitHub repository. In the dynamic landscape of cloud computing, staying up-to-date with the latest updates and changes to Azure resources is crucial for maintaining efficiency and security. However, managing the lifecycle of Azure resources can be a daunting task, especially for large-scale deployments.… Continue reading Streamlining Azure Resource Management with AI-Powered LCM
AKS Workload identity – A Deeper look
Background Recently, I found myself delving into the intricacies of Workload Identity Federation within Azure Kubernetes Service (AKS) while explaining it to some friends. As I delved deeper into the topic, I realized the importance of documenting and summarizing this information for anyone else navigating the same waters - including my future self. So, let's… Continue reading AKS Workload identity – A Deeper look
Orion-Guardian: Azure DevOps Security Management at Scale
Introduction In the ever-evolving landscape of software development, ensuring the security and autonomy of your projects is paramount. Azure DevOps has become a cornerstone for many development teams, providing a robust set of tools for collaboration and project management. However, managing security at scale can be a daunting task. Enter Orion Guardian – a game-changing… Continue reading Orion-Guardian: Azure DevOps Security Management at Scale
Azure DevOps Container agents without PAT
Azure DevOps now supports Service principals and Managed identities for authentication. This is currently (at the time of writing) in Public Preview. This is quite an interesting feature and addresses many concerns related to personal access tokens (PATs). I have a self-hosted container agent runs on Docker which needs PAT to spin up. With the new development… Continue reading Azure DevOps Container agents without PAT
Azure DevOps security as Code
Accompanied source code can be found here. A while ago, I have written an application that could simplify managing Azure DevOps security. The idea was that one could define bunch of YAML file that describes numerous security aspect for an Azure DevOps project (for example, security for teams, build and release folders, repositories etc.) and… Continue reading Azure DevOps security as Code
Exploring WASM, WASI with .net7 & Docker
Web Assembly aka WASM is currently gaining a lot of attention into the container community - for legit reasons! WASM is a web-optimized code format that significantly improve web application performances running on browsers. However, it is gaining more and more attention in the container world lately, because of its sandbox/isolation hence - safety, near-native… Continue reading Exploring WASM, WASI with .net7 & Docker
Elastic self-hosted pool for Azure DevOps (on Kubernetes)
UpdateThere is a follow up post with some updates, you can read here. Introduction If you are using Azure Pipelines, then you surely have used Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. However, there are times when self-hosted agents are needed (i.e. customized images, network connectivity requirements etc.).… Continue reading Elastic self-hosted pool for Azure DevOps (on Kubernetes)
Reverse Engineering 