Kristina Devochko

Preaching about all things cloud native, K8s, green tech and cats 😼

Oslo, Norway

Kristina Devochko is a principal cloud engineer, tech content creator, speaker and tech community contributor based in Norway. She focuses on all things cloud native, Kubernetes, cloud security and green tech. Kristina is an owner of https://kristhecodingunicorn.com tech blog, a CNCF Ambassador, Microsoft Azure MVP, CNCF TAG Environmental Sustainability member and Green Reviews Working Group co-chair, Kubernetes Unpacked podcast host, co-organizer of multiple meetup groups and mentor. Kristina has also been on the KubeCon + CloudNativeCon NA 2023 program committee. In her free time Kristina enjoys doing CTF challenges, reading and cuddling with her two cats.

Kristina's great passion is to share her knowledge with others and provide guidance on how to build systems with sustainability, security and cloud native principles at its core. Kristina strongly believes that contributing to making the world a better place by volunteering is important, therefore being a volunteer is a big part of her life. Both when it comes to contributing back to the tech community and non-profit organizations.

Awards

Area of Expertise

Information & Communications Technology
Environment and Cleantech

Topics

.NET
C#.Net
.NET (Core) development
Azure
Microsoft Azure
Azure DevOps
Azure Security
Azure Kubernetes Services (AKS)
Cloud Security
Application Security
DevSecOps and GitOps in practice
DevSecOps
Modern Software Development
DevOpsCulture
Software Deveopment
Cloud & DevOps
DevOps
Cloud Security Architecture
Software Development
Web Development
DevOps & Automation
Software Architecture
Microservice Architecture
Cloud Architecture
Azure Architecture
Kubernetes
Kubernetes Security
Containerization
Container Security
Azure Container Registry (ACR)
Azure Container Instance (ACI)
Windows containers
Azure container Apps
Container and Kubernetes security
Docker
GitHub
GitHub Actions

AKS Survival Pack: what to consider before going all-in with Azure Kubernetes Service

Kubernetes has been a hot and popular technology for a while - everyone wants it, everyone needs it, everyone loves it. Now that cloud providers like Microsoft are offering a managed Kubernetes service it sounds like setting up a new cluster and start deploying applications to it should be Easy Peasy Lemon Squeezy...just a few "Next-Next-Next" clicks in the portal, right? Right?!🙃

Well, reality is more brutal than that. Yes, it's true that Microsoft offers Azure Kubernetes Service as a partially managed offering, but it doesn't mean that Microsoft takes responsibility for everything. Long before you start running your applications on AKS, especially in production, it's extremely important for you to be aware of what you will be responsible for in terms of operating, securing and maintaining AKS clusters - and how these changes will affect the rest of your organization. Especially your dearest developers.

That's when this AKS Survival Pack comes to the rescue! In this session I will share experiences from my own journey of migrating from VM-hosted applications to AKS and containers, what learnings I have taken out of it and what you should consider and plan for BEFORE you start your Azure Kubernetes Service journey.

During this session I'll touch upon considerations related to:
- Culture, mindset and readiness of your organization;
- Readiness and maturity of your application(s);
- Day 2 Operations;
- Security and configuration of AKS clusters;
- Cluster upgrade strategy;
- Developer experience;

During the session I will also show a few examples (based on real-life events), of how changes of minor significance (like missing request and resource limits in a deployment template) can have disastrous consequences in production - and how the probability of such issues happening can be minimized with proper policies, planning...and a sprinkle of automation!😼

Deploying to Kubernetes with Azure DevOps Environments

There are a lot of different ways you can set up continuous deployment to AKS - many of these ways may mean introducing a new tool. Introducing a new tool will require competence development, increased maintenance, auditing and operating needs - not to mention that it will be a new external tool to add to your supply chain.

But what if you could utilize additional capabilities of the tool that you already have? That's where Azure DevOps Environments and multi-staged Azure Pipelines come into picture! If you're actively using Azure DevOps and have all of your source code stored there, it can be easier and more lightweight for you to utilize Azure DevOps Environments as a deployment tool.
In this session I will talk about what Azure DevOps Environments are and what can be the benefits of using it. I will also share recommendations on how to group Kubernetes resources in ADO Environments based on my experience.

I will also demonstrate a whole flow from checking in your microservice to setting up an Azure DevOps Environment that will target an AKS cluster that the microservice will be deployed to, and a deployment stage in the build pipeline that will execute the deployment itself based on the newly created ADO Environment.
We'll also take a look at additional policies and checks you can set up for an ADO Environment in order to implement even more granular control over your deployment to critical environments like production environment.

Finally, we'll take a look at how much information you can retrieve directly from Azure DevOps once the application is deployed in AKS, both when it's running successfully and when something goes wrong and starts failing - without the need to interact with AKS cluster directly or learn kubectl :)

Dotnet custom templates for SDLC blueprinting

If a developer needs to create a microservice in a modern, cloud native world there are quite a few areas that he/she may be expected to understand and have good skills in:
- Remember about and comply with tens or even hundreds of coding guidelines;
- Know how to create build and deployment pipelines;
- Know how to implement automated security and quality checks;
- Know how to containerize application and configure it's application container;
- Know how to create a deployment configuration to securely and sustainably deploy the microservice to Kubernetes;
- Know how to create an actual deployment workflow to get that microservice up and running in Kubernetes;

...and the list may go on....All in all, as a developer, you may suddenly need to gain a lot of new knowledge and competence, from software development to DevOps or even DevSecOps, in order to deliver a new microservice.

So, how can we help reduce cognitive load on developers so that they can purely focus on bringing value to the application? At the same time, how can we ensure that development and deployment of microservices is done in the same, standardized way by different developers - and established policies, coding and security guidelines are being followed?

In this session I would like to show how dotnet custom templates can help you with that. We'll take a look at what dotnet custom templates are, how you can create a dotnet custom template collection, what you can include in this kind of templates and how developers can use it to their advantage.

By making it more practical I'll put myself in the shoes of a developer that needs to create a new .NET microservice and deploy it to AKS. I will use dotnet custom templates, Azure DevOps Environments and multi-staged Azure Pipelines for this purpose. The whole flow will be demonstrated: from the point we install a dotnet custom template until the microservice is up and running in AKS. During the demo we'll also take a look at how microservice blueprints that were created with dotnet custom templates can be extended to include automatic security and quality controls to ensure that new code or configuration doesn't introduce breaking changes or security vulnerabilities.

Managed Kubernetes Service: Day Zero Survival Pack

Now that cloud providers are offering a managed Kubernetes service it sounds like setting up a new Kubernetes cluster and start deploying applications to it should be really easy...but reality is more brutal than that.

Even though Kubernetes Service can be offered as a partially managed offering it doesn't mean that cloud provider takes responsibility for everything. It's therefore extremely important to be aware of what you will be responsible for in terms of operating, securing and maintaining managed Kubernetes clusters - and how these changes will affect the rest of your organization.

In this session we'll take a look at what you should consider and include in the planning and designing phase (Day Zero) BEFORE going all-in with managed Kubernetes Service.

By looking at some real-life examples we'll also see what the consequences may be if some of the areas are not planned for or are downprioritized.

Exploring DevSecOps controls for Kubernetes throughout the value chain

One of many misconceptions that I have experienced (and believed at some point of my dark past) while working with Kubernetes, and specifically with managed Kubernetes services like Azure Kubernetes Service, is that it's secure by default. I hate to break it to you but...in reality it's a trap.

Just like many other services that are offered by cloud providers, managed Kubernetes services also fall under a shared responsibility model where you, as a service consumer, have a high level of responsibility for keeping your Kubernetes clusters and workloads that are running on them, secure.

Fortunately, there are many valuable resources that can help us and guide us on this journey towards more secure Kubernetes clusters. In this session, based on concrete examples, I will show how DevSecOps objectives can be applied to Kubernetes clusters and workloads that are running on those clusters. I will also demonstrate a few of the misconceptions regarding Kubernetes cluster security in action and how those can be mitigated with help of tools like Open Policy Agent, Trivy, and a few others.

Exploring chaos engineering…the FUN way!

In this session we will find out what chaos engineering is, what it's purpose is and how we can use it to test and strengthen resilience and availability of our systems and applications. We'll take a look at how chaos engineering can be applied both to Kubernetes and beyond.

As part of the session we'll take to the test the serious, enterprise-grade chaos engineering tools like Azure Chaos Studio, but also the fun, gamified chaos engineering tools like KubeInvaders, that were created by the open source community.

Sustainable Kubernetes and how YOU can make an impact

Climate change affects us all and it’s impact can be seen throughout all aspects of our life, including software engineering. Reducing carbon footprint and following sustainable software engineering principles is now a part of every software company’s goal, but do you know that YOU, as a developer or a platform engineer, have all the power to contribute to making your technical platform and this world a better, greener place?

Kubernetes is one of the technologies that comes in multiple flavors, but it’s up to YOU to utilize it in a way that will lessen harmful impacts of global warming.

During this session Kristina will shed light on how sustainable software engineering principles can be applied to Kubernetes and it’s workloads, as well as which eye-opening insights she has gained during her Kubernetes journey and what concrete actions you can take with you and apply further in your projects after the conference in order to make your Kubernetes workloads more eco-friendly.