https://mialdo.com/Recent content on Mialdo | Cloud, AI and Infrastructure ConsultancyHugoen-AUhttps://mialdo.com/blog/containers-importance-2025/Thu, 08 May 2025 00:00:00 +0000https://mialdo.com/blog/containers-importance-2025/<p><strong>Originally written in 2019 and updated for 2025 by the author.</strong></p> <h2 id="introduction">Introduction</h2> <p>With over a decade of hands-on experience in containerisation, from the early Docker betas to managing production workloads on Kubernetes at scale, I have seen firsthand how containers have evolved from a developer novelty into a foundational enterprise technology.</p> <p>In 2025, containers are no longer a nice-to-have. They are essential. They enable the agility, portability, and scalability modern applications require. And as businesses migrate to the cloud, containers are often the bridge between legacy systems and modern cloud-native architectures.</p>https://mialdo.com/blog/fundamentals/Wed, 20 Nov 2024 00:00:00 +0000https://mialdo.com/blog/fundamentals/<p>Every cloud environment we audit has the same gaps. Not in the fancy services, but in the basics. Identity is too permissive. Networking is flat. Resources have no tags. Cost management is an afterthought.</p> <h2 id="identity-comes-first">Identity comes first</h2> <p>Before you deploy anything, get your identity right. Microsoft Entra ID (formerly Azure AD) with conditional access, privileged identity management, and RBAC scoped to the narrowest possible level. Not &ldquo;Owner on the subscription.&rdquo;</p>https://mialdo.com/blog/aks-to-aca-migration-app-gateway-bicep/Sat, 15 Jun 2024 00:00:00 +0000https://mialdo.com/blog/aks-to-aca-migration-app-gateway-bicep/<p>This post covers the technical patterns behind our <a href="https://mialdo.com/case-studies/from-aks-overheads-to-cloud-native-freedom/">Scalene Solutions case study</a>, focusing on the Bicep automation and Application Gateway configuration.</p> <h2 id="the-architecture">The architecture</h2> <p>Azure Container Apps run inside a private VNet with no public endpoints. All inbound traffic routes through Azure Application Gateway, which provides WAF protection, SSL termination, and host-based routing.</p> <p>This gives you the simplicity of Container Apps with the security posture of a properly segmented network.</p> <h2 id="bicep-loop-patterns">Bicep loop patterns</h2> <p>The key insight is that Application Gateway configuration is highly repetitive. Every microservice needs a backend pool, an HTTP listener, a health probe, and a routing rule. Instead of writing these individually, we use Bicep&rsquo;s <code>for</code> loops against a parameter array.</p>https://mialdo.com/case-studies/from-aks-overheads-to-cloud-native-freedom/Mon, 20 May 2024 00:00:00 +0000https://mialdo.com/case-studies/from-aks-overheads-to-cloud-native-freedom/Scalene Solutions needed to reduce the operational burden of running Kubernetes while maintaining enterprise-grade security for their retail intelligence platform. We audited their Azure environment, redesigned the architecture using the Well-Architected Framework, and migrated workloads from AKS to Azure Container Apps with full Bicep automation.