Devops

Introduction: Theory Meets Practice In my previous article about GitHub Spec-Kit, I explored the theoretical foundations of spec-driven development: why structured AI workflows matter for compliance, auditability, and team collaboration. I discussed the high-level concepts of audit trails, liability, and how spec-kit transforms “vibe coding” into a rigorous, documented process. Today, I’m sharing something different: a raw, unfiltered hands-on experience building a real tool from scratch using spec-kit. This is a chronological journey documenting what actually happened when I let spec-kit drive the development process from constitution to working code. ...

Introduction: From Web Chatbots to CLI Tools AI is a powerful tool, and for IT professionals, the most effective way to leverage it is through CLI tools like GitHub Copilot CLI, Claude Code, Gemini CLI, or similar agents. In previous articles like GitHub Spec-Kit, I explored spec-driven development and structured AI workflows, but I realized I skipped fundamental concepts: why CLI tools beat web chatbots and how to standardize your AI setup for portability. ...

Introduction: Spec-Driven Development vs. Vibe Coding If you’ve been working with AI coding assistants, you’ve probably experienced what some call “vibe coding”, throwing prompts at an LLM and hoping for the best. Sometimes it works brilliantly. Other times, you end up with code that technically runs but doesn’t align with what you actually needed, or worse, introduces architectural decisions that create technical debt down the road. Spec-Driven Development (SDD) flips this approach on its head. Instead of starting with code and documenting later (if at all), you begin with comprehensive specifications that define the what and why before anyone, human or AI, writes a single line of code. The specification becomes the single source of truth, guiding implementation and ensuring alignment across the entire team. ...

Like your favorite music streaming service’s 2025 Wrapped®, here’s my recap of Kubernetes security highlights from 2025, plus predictions for features likely graduating to stable in early 2026. As a DevSecOps Team Leader, I bridge development speed with security rigor daily. Kubernetes and cloud-native security are my passion, especially hardening workloads for production. With Kubernetes v1.35 releasing December 17, now’s the perfect time to review 2025’s security wins and plan for 2026. ...

In today’s fast-paced tech landscape, it’s common to find incredibly talented engineers mastering complex orchestrators like Kubernetes or crafting intricate Infrastructure as Code solutions. We’re living in an era of high-level abstractions, which is fantastic for productivity. However, this focus on the ’new and shiny’ can sometimes lead us to overlook the foundational bedrock upon which everything is built. It might seem a bit old-school to write a blog post about hardening SSH in 2025. Yet, these ‘basic’ skills are more critical than ever. In a world of ephemeral infrastructure and complex supply chains, securing the front door to our systems remains a non-negotiable first step. ...

AI is part of our daily life, and I’m not afraid to say that I’m using it regularly for personal tasks. Naturally, I keep and respect the confidentiality of data, and I use my knowledge to understand what AI is telling me back; AI without being driven the correct way can produce absolute garbage. Now I’m transitioning from chatbot to AI CLI usage. I’m a victim of Network Chuck’s enthusiasm, so I wanted to build my first AI agent for publishing content on my personal blog. See below how I did it in minutes. ...

On November 5th, 2025, a set of high-severity vulnerabilities in runc were publicly disclosed, allowing for full container breakouts. Runc is the cornerstone of containerization on Linux, serving as the default low-level container runtime for industry-standard tools like Docker, Podman, and Kubernetes. Its ubiquity means that a vulnerability in runc has far-reaching implications for the entire cloud-native ecosystem. This post summarizes the vulnerabilities, the affected versions, and the recommended actions to mitigate them. ...

Starting with version 12, Grafana introduces the ability to configure dashboards using a GitOps approach through an experimental feature called Git Sync. This is a particularly interesting capability that can help manage dashboards in large and complex environments. Git Sync is available as an experimental feature in both Grafana OSS and Enterprise editions. Activation can also be requested for the Cloud version (currently available as a private preview). You can find the relevant documentation in this page, and below I am including a demo video. ...

As a consultant, it’s always a pleasure to explore new tools, and since the end of 2024, we have been experimenting with CyberArk’s SaaS offering. The first component we started working with is Conjur Cloud, the SaaS version of Conjur Enterprise, which we are already very familiar with. Conjur Cloud features an impressive UI that allows users to configure and manage most settings seamlessly. Like Conjur Enterprise, it also has its own dedicated CLI, available for download on the CyberArk Marketplace. After installing the Conjur Cloud CLI on macOS 15.2, I encountered the following error when attempting to execute it: ...

Hello there! As I mentioned before, I’ve always been a community person, and I’ve found a new way to contribute: during the first half of 2024, I’ll be one of the editors helping to curate content for KubeWeekly. KubeWeekly is a newsletter that delivers a curated selection of news, tweets, articles, and videos about Kubernetes and the CNCF landscape straight to your inbox. If you’d like to see what we’re working on or join the mailing list, please check out this page!