Speaker

Kristina Devochko

Kristina Devochko

Preaching about K8s, green tech and cats 😻 CNCF Ambassador, Microsoft Azure MVP and Kubernetes Unpacked podcast host 🦄 Animal Welfare, DEI && Tech community activist

Oslo, Norway

Hi there! I'm Kris, aka kristhecodingunicorn. I'm a techie from Norway who loves preaching about all things cloud native, Kubernetes, green tech and cats. I am working as a Software Architect and driving tech projects that support digitalization journey in public and private sector, minimizing bureaucracy and making citizens' life easier. I am also a Microsoft Azure MVP, CNCF ambassador and a Kubernetes Unpacked podcast host.

I love learning new things and sharing my journey and experiences with others. My goal is to inspire others developers to code with sustainability, security and cloud native principles in mind. I also hope that with my actions and contributions I can inspire and motivate more ladies to join the world of tech!

I strongly believe that contributing to making this world a better place by volunteering is something all of us should consider doing, therefore being a volunteer is a big part of my life. Both when it comes to contributing back to tech community and non-profit organizations making a crucial positive impact in other areas of our life on this planet. On a personal note, I love reading books, photography, puzzles, board games, drawing and hiking. I am also an active supporter of sustainability in tech and outside of it, and animal welfare.

Awards

Area of Expertise

  • Information & Communications Technology
  • Environment and Cleantech

Topics

  • .NET
  • C#.Net
  • .NET (Core) development
  • Azure
  • Microsoft Azure
  • Azure DevOps
  • Azure Security
  • Azure Kubernetes Services (AKS)
  • Cloud Security
  • Application Security
  • DevSecOps and GitOps in practice
  • DevSecOps
  • Modern Software Development
  • DevOpsCulture
  • Software Deveopment
  • Cloud & DevOps
  • DevOps
  • Cloud Security Architecture
  • Software Development
  • Web Development
  • DevOps & Automation
  • Software Architecture
  • Microservice Architecture
  • Cloud Architecture
  • Azure Architecture
  • Kubernetes
  • Kubernetes Security
  • Containerization
  • Container Security
  • Azure Container Registry (ACR)
  • Azure Container Instance (ACI)
  • Windows containers
  • Azure container Apps
  • Container and Kubernetes security
  • Docker
  • GitHub
  • GitHub Actions

AKS Survival Pack: what to consider before going all-in with Azure Kubernetes Service

Kubernetes has been a hot and popular technology for a while - everyone wants it, everyone needs it, everyone loves it. Now that cloud providers like Microsoft are offering a managed Kubernetes service it sounds like setting up a new cluster and start deploying applications to it should be Easy Peasy Lemon Squeezy...just a few "Next-Next-Next" clicks in the portal, right? Right?!🙃

Well, reality is more brutal than that. Yes, it's true that Microsoft offers Azure Kubernetes Service as a partially managed offering, but it doesn't mean that Microsoft takes responsibility for everything. Long before you start running your applications on AKS, especially in production, it's extremely important for you to be aware of what you will be responsible for in terms of operating, securing and maintaining AKS clusters - and how these changes will affect the rest of your organization. Especially your dearest developers.

That's when this AKS Survival Pack comes to the rescue! In this session I will share experiences from my own journey of migrating from VM-hosted applications to AKS and containers, what learnings I have taken out of it and what you should consider and plan for BEFORE you start your Azure Kubernetes Service journey.

During this session I'll touch upon considerations related to:
- Culture, mindset and readiness of your organization;
- Readiness and maturity of your application(s);
- Day 2 Operations;
- Security and configuration of AKS clusters;
- Cluster upgrade strategy;
- Developer experience;

During the session I will also show a few examples (based on real-life events), of how changes of minor significance (like missing request and resource limits in a deployment template) can have disastrous consequences in production - and how the probability of such issues happening can be minimized with proper policies, planning...and a sprinkle of automation!😼

Deploying to Kubernetes with Azure DevOps Environments

There are a lot of different ways you can set up continuous deployment to AKS - many of these ways may mean introducing a new tool. Introducing a new tool will require competence development, increased maintenance, auditing and operating needs - not to mention that it will be a new external tool to add to your supply chain.

But what if you could utilize additional capabilities of the tool that you already have? That's where Azure DevOps Environments and multi-staged Azure Pipelines come into picture! If you're actively using Azure DevOps and have all of your source code stored there, it can be easier and more lightweight for you to utilize Azure DevOps Environments as a deployment tool.
In this session I will talk about what Azure DevOps Environments are and what can be the benefits of using it. I will also share recommendations on how to group Kubernetes resources in ADO Environments based on my experience.

I will also demonstrate a whole flow from checking in your microservice to setting up an Azure DevOps Environment that will target an AKS cluster that the microservice will be deployed to, and a deployment stage in the build pipeline that will execute the deployment itself based on the newly created ADO Environment.
We'll also take a look at additional policies and checks you can set up for an ADO Environment in order to implement even more granular control over your deployment to critical environments like production environment.

Finally, we'll take a look at how much information you can retrieve directly from Azure DevOps once the application is deployed in AKS, both when it's running successfully and when something goes wrong and starts failing - without the need to interact with AKS cluster directly or learn kubectl :)

Creating development blueprints with dotnet custom templates

If a developer needs to create a microservice in a modern, cloud native world there are quite a few areas that he/she may be expected to understand and have good skills in:
- Remember about and comply with tens or even hundreds of coding guidelines;
- Know how to create build and deployment pipelines;
- Know how to implement automated security and quality checks;
- Know how to containerize application and configure it's application container;
- Know how to create a deployment configuration to securely and sustainably deploy the microservice to Kubernetes;
- Know how to create an actual deployment workflow to get that microservice up and running in Kubernetes;

...and the list may go on....All in all, as a developer, you may suddenly need to gain a lot of new knowledge and competence, from software development to DevOps or even DevSecOps, in order to deliver a new microservice.

So, how can we help reduce cognitive load on developers so that they can purely focus on bringing value to the application? At the same time, how can we ensure that development and deployment of microservices is done in the same, standardized way by different developers - and established policies, coding and security guidelines are being followed?

In this session I would like to show how dotnet custom templates can help you with that. We'll take a look at what dotnet custom templates are, how you can create a dotnet custom template collection, what you can include in this kind of templates and how developers can use it to their advantage.

By making it more practical I'll put myself in the shoes of a developer that needs to create a new .NET microservice and deploy it to AKS. I will use dotnet custom templates, Azure DevOps Environments and multi-staged Azure Pipelines for this purpose. The whole flow will be demonstrated: from the point we install a dotnet custom template until the microservice is up and running in AKS. During the demo we'll also take a look at how microservice blueprints that were created with dotnet custom templates can be extended to include automatic security and quality controls to ensure that new code or configuration doesn't introduce breaking changes or security vulnerabilities.

Managed Kubernetes Service: Day Zero Survival Pack

Now that cloud providers are offering a managed Kubernetes service it sounds like setting up a new Kubernetes cluster and start deploying applications to it should be really easy...but reality is more brutal than that.

Even though Kubernetes Service can be offered as a partially managed offering it doesn't mean that cloud provider takes responsibility for everything. It's therefore extremely important to be aware of what you will be responsible for in terms of operating, securing and maintaining managed Kubernetes clusters - and how these changes will affect the rest of your organization.

In this session we'll take a look at what you should consider and include in the planning and designing phase (Day Zero) BEFORE going all-in with managed Kubernetes Service.

By looking at some real-life examples we'll also see what the consequences may be if some of the areas are not planned for or are downprioritized.

Exploring DevSecOps controls for AKS throughout the value chain

One of many misconceptions that I have experienced (and believed at some point of my dark past) while working with Kubernetes, and specifically with managed Kubernetes services like Azure Kubernetes Service, is that it's secure by default. I hate to break it to you but...in reality it's a trap.

Just like many other services that are offered by cloud providers, managed Kubernetes services also fall under a shared responsibility model where you, as a service consumer, have a high level of responsibility for keeping your Kubernetes clusters and workloads that are running on them, secure.

Fortunately, there are many valuable resources that can help us and guide us on this journey towards more secure AKS clusters. In this session, based on concrete examples, I will show how DevSecOps objectives can be applied to AKS and workloads that are running on AKS clusters. I will also demonstrate a few of the misconceptions regarding AKS cluster security in action and how those can be mitigated with help of tools like Azure Policy, Trivy, and a few others.

Exploring chaos engineering…the FUN way!

In this session we will find out what chaos engineering is, what it's purpose is and how we can use it to test and strengthen resilience and availability of our systems and applications. We'll take a look at how chaos engineering can be applied both to Kubernetes and beyond.

As part of the session we'll take to the test the serious, enterprise-grade chaos engineering tools like Azure Chaos Studio, but also the fun, gamified chaos engineering tools like KubeInvaders, that were created by the open source community.

How YOU Can Contribute to Running Environment-Friendly Workloads on Kubernetes

Climate change affects us all and it’s impact can be seen throughout all aspects of our life, including software engineering. Reducing carbon footprint and following sustainable software engineering principles is now a part of every software company’s goal, but do you know that YOU, as a developer or a platform engineer, have all the power to contribute to making your technical platform and this world a better, greener place?

Kubernetes is one of the technologies that comes in multiple flavors, but it’s up to YOU to utilize it in a way that will lessen harmful impacts of global warming.

During this session Kristina will shed light on how sustainable software engineering principles can be applied to Kubernetes and it’s workloads, as well as which eye-opening insights she has gained during her Kubernetes journey and what concrete actions you can take with you and apply further in your projects after the conference in order to make your Kubernetes workloads more eco-friendly.

Swetugg Stockholm 2023

February 2023 Stockholm, Sweden

Azure User Group Sweden User group

September 2022

Azure Back to School 2022

September 2022

Kristina Devochko

Preaching about K8s, green tech and cats 😻 CNCF Ambassador, Microsoft Azure MVP and Kubernetes Unpacked podcast host 🦄 Animal Welfare, DEI && Tech community activist

Oslo, Norway