Speaker

Kristina Devochko

Kristina Devochko

Spreading love for secure and sustainable cloud tech - and cats!😻 Open Sourceress. With coding and animal welfare at heart.

Oslo, Norway

I'm Kris, I live in Norway, love coding and spreading love for cats in presentations😼 Currently I am working as a Software Architect and driving several exciting tech projects that support digitalization journey in public and private sector, minimizing bureaucracy and making citizens' life easier.

As a person I love learning new things and sharing my journey and experiences with others. My biggest passion is tech and my goal is to inspire other developers to code with sustainability and security in mind by spreading my knowledge and experience. My goal is also to be a female coder role model that can inspire and motivate all the beautiful girls and ladies out there to join the world of tech! 💖

I also strongly believe that contributing to making this world a better place by volunteering is something all of us should consider doing, therefore being a volunteer is a big part of my life. Other than that, I'm a cat mom and a bookworm. I love books, photography, puzzles, board games, hiking, cats and unicorns. I am also an active supporter of sustainability, including sustainable software engineering, and animal welfare.

Awards

Area of Expertise

  • Information & Communications Technology
  • Environment and Cleantech

Topics

  • .NET
  • C#.Net
  • .NET (Core) development
  • Azure
  • Microsoft Azure
  • Azure DevOps
  • Azure Security
  • Azure Kubernetes Services (AKS)
  • Cloud Security
  • Application Security
  • DevSecOps and GitOps in practice
  • DevSecOps
  • Modern Software Development
  • DevOpsCulture
  • Software Deveopment
  • Cloud & DevOps
  • DevOps
  • Cloud Security Architecture
  • Software Development
  • Web Development
  • DevOps & Automation
  • Software Architecture
  • Microservice Architecture
  • Cloud Architecture
  • Azure Architecture
  • Kubernetes
  • Kubernetes Security
  • Containerization
  • Container Security
  • Azure Container Registry (ACR)
  • Azure Container Instance (ACI)
  • Windows containers
  • Azure container Apps
  • Container and Kubernetes security
  • Docker
  • GitHub
  • GitHub Actions

Can we prevent the Grinch from stealing Christmas with chaos engineering?

Christmas is almost at the doorstep of Kubernetesville and all the Pods and Nodes are happily Running around the Xmas tree and are Ready to receive presents from Santa. When suddenly the Grinch has sneaked his way into Kubernetesville and has big plans on causing disruption and bringing down the Deployment of presents. Will we be able to stop him and save Christmas?

Let's see if chaos engineering can come to the rescue and help us stop the Grinch from stealing Christmas in Kubernetesville! In this session we will find out what chaos engineering is, what it's purpose is and how we can use it to test and strengthen resilience and availability of a Kubernetes cluster and applications that are being hosted on it. And bringing the Grinch to justice as a benefit.

AKS Survival Pack: what to consider before going all-in with Azure Kubernetes Service

Kubernetes has been a hot and popular technology for a while - everyone wants it, everyone needs it, everyone loves it. Now that cloud providers like Microsoft are offering a managed Kubernetes service it sounds like setting up a new cluster and start deploying applications to it should be Easy Peasy Lemon Squeezy...just a few "Next-Next-Next" clicks in the portal, right? Right?!🙃

Well, reality is more brutal than that. Yes, it's true that Microsoft offers Azure Kubernetes Service as a partially managed offering, but it doesn't mean that Microsoft takes responsibility for everything. Long before you start running your applications on AKS, especially in production, it's extremely important for you to be aware of what you will be responsible for in terms of operating, securing and maintaining AKS clusters - and how these changes will affect the rest of your organization. Especially your dearest developers.

That's when this AKS Survival Pack comes to the rescue! In this session I will share experiences from my own journey of migrating from VM-hosted applications to AKS and containers, what learnings I have taken out of it and what you should consider and plan for BEFORE you start your Azure Kubernetes Service journey.

During this session I'll touch upon considerations related to:
- Culture, mindset and readiness of your organization;
- Readiness and maturity of your application(s);
- Day 2 Operations;
- Security and configuration of AKS clusters;
- Cluster upgrade strategy;
- Developer experience;

During the session I will also show a few examples (based on real-life events), of how changes of minor significance (like missing request and resource limits in a deployment template) can have disastrous consequences in production - and how the probability of such issues happening can be minimized with proper policies, planning...and a sprinkle of automation!😼

Deploying microservices to AKS with Azure DevOps

There are a lot of different ways you can set up Continuous Deployment to AKS - many of these ways may mean introducing a new tool. Introducing a new tool will require competence development, increased maintenance, auditing and operating needs - not to mention that it will be a new external tool to add to your supply chain.

But what if you could utilize additional capabilities of the tool that you already have? That's where Azure DevOps Environments and multi-staged Azure Pipelines come into picture! If you're actively using Azure DevOps and have all of your source code stored there, it can be easier and more lightweight for you to utilize Azure DevOps Environments as a deployment tool.
In this session I will talk about what Azure DevOps Environments are and what can be the benefits of using it. I will also share recommendations on how to group Kubernetes resources in ADO Environments based on my experience.

I will also demonstrate a whole flow from checking in your microservice to setting up an Azure DevOps Environment that will target an AKS cluster that the microservice will be deployed to, and a deployment stage in the build pipeline that will execute the deployment itself based on the newly created ADO Environment.
We'll also take a look at additional policies and checks you can set up for an ADO Environment in order to implement even more granular control over your deployment to critical environments like production environment.

Finally, we'll take a look at how much information you can retrieve directly from Azure DevOps once the application is deployed in AKS, both when it's running successfully and when something goes wrong and starts failing - without the need to interact with AKS cluster directly or learn kubectl :)

Standardizing microservice-to-AKS workflow with dotnet custom templates and Azure DevOps

If a developer needs to create a microservice in a modern, cloud native world there are quite a few areas that he/she may be expected to understand and have good skills in:
- Remember about and comply with tens or even hundreds of coding guidelines;
- Know how to create build and deployment pipelines;
- Know how to implement automated security and quality checks;
- Know how to containerize application and configure it's application container;
- Know how to create a deployment configuration to securely and sustainably deploy the microservice to Kubernetes;
- Know how to create an actual deployment workflow to get that microservice up and running in Kubernetes;

...and the list may go on....All in all, as a developer, you may suddenly need to gain a lot of new knowledge and competence, from software development to DevOps or even DevSecOps, in order to deliver a new microservice.

So, how can we help reduce cognitive load on developers so that they can purely focus on bringing value to the application? At the same time, how can we ensure that development and deployment of microservices is done in the same, standardized way by different developers - and established policies, coding and security guidelines are being followed?

In this session I would like to show how dotnet custom templates can help you with that. We'll take a look at what dotnet custom templates are, how you can create a dotnet custom template collection, what you can include in this kind of templates and how developers can use it to their advantage.

By making it more practical I'll put myself in the shoes of a developer that needs to create a new .NET microservice and deploy it to AKS. I will use dotnet custom templates, Azure DevOps Environments and multi-staged Azure Pipelines for this purpose. The whole flow will be demonstrated: from the point we install a dotnet custom template until the microservice is up and running in AKS. During the demo we'll also take a look at how microservice blueprints that were created with dotnet custom templates can be extended to include automatic security and quality controls to ensure that new code or configuration doesn't introduce breaking changes or security vulnerabilities.

Managed Kubernetes Service: Day Zero Survival Pack

Now that cloud providers are offering a managed Kubernetes service it sounds like setting up a new Kubernetes cluster and start deploying applications to it should be really easy...but reality is more brutal than that.

Even though Kubernetes Service can be offered as a partially managed offering it doesn't mean that cloud provider takes responsibility for everything. It's therefore extremely important to be aware of what you will be responsible for in terms of operating, securing and maintaining managed Kubernetes clusters - and how these changes will affect the rest of your organization.

In this session we'll take a look at what you should consider and include in the planning and designing phase (Day Zero) BEFORE going all-in with managed Kubernetes Service.

By looking at some real-life examples we'll also see what the consequences may be if some of the areas are not planned for or are downprioritized.

Exploring DevSecOps controls for AKS throughout the value chain

One of many misconceptions that I have experienced (and believed at some point of my dark past) while working with Kubernetes, and specifically with managed Kubernetes services like Azure Kubernetes Service, is that it's secure by default. I hate to break it to you but...in reality it's a trap.

Just like many other services that are offered by cloud providers, managed Kubernetes services also fall under a shared responsibility model where you, as a service consumer, have a high level of responsibility for keeping your Kubernetes clusters and workloads that are running on them, secure.

Fortunately, there are many valuable resources that can help us and guide us on this journey towards more secure AKS clusters. In this session, based on concrete examples, I will show how DevSecOps objectives can be applied to AKS and workloads that are running on AKS clusters. I will also demonstrate a few of the misconceptions regarding AKS cluster security in action and how those can be mitigated with help of tools like Azure Policy, Trivy, and a few others.

Stockholm TECH Show 2023 Upcoming

May 2023 Stockholm, Sweden

Swetugg Stockholm 2023 Upcoming

February 2023 Stockholm, Sweden

Azure User Group Sweden User group

September 2022

Azure Back to School 2022

September 2022

Kristina Devochko

Spreading love for secure and sustainable cloud tech - and cats!😻 Open Sourceress. With coding and animal welfare at heart.

Oslo, Norway