Wolfgang Ofner
Senior Cloud Architect and MCT
Toronto, Canada
Actions
Wolfgang Ofner, a Microsoft Certified Trainer, is a dedicated Freelance Cloud Architect specializing in Azure, DevOps, and .NET solutions. His passion lies in software architecture, Kubernetes, cloud technologies, and DevOps.
Wolfgang’s global experience is noteworthy, having worked on projects across Austria, Switzerland, Australia, and Canada. This international exposure has enriched his expertise and broadened his understanding of diverse technological landscapes.
In addition to his project work, Wolfgang is a recognized speaker at conferences and meetups around the world, sharing his knowledge and experiences with the global tech community.
When he isn’t architecting solutions or speaking at events, Wolfgang shares his knowledge and insights on his YouTube channel, https://youtube.com/@programmingwithwolfgang, and on his blog, https://ProgrammingWithWolfgang.com.
Links
Area of Expertise
Topics
Set It and Forget It: Secure & Automated Certificate Management on AKS
Manual certificate rotation has become a significant operational liability. In an era of shrinking certificate lifespans and increasing cluster complexity, traditional manual methods are no longer a viable way to maintain production uptime. Automation has transitioned from a luxury to a fundamental security requirement for modern cloud-native environments.
This session breaks down the implementation of a modern "Gold Standard" for certificate management on Azure Kubernetes Service, explaining the mechanics of both HTTP-01 and DNS-01 validation challenges while detailing the practical differences between specific and wildcard certificates.
The presentation demonstrates a secure, zero-secret identity model using Azure Workload Identity to grant Cert-Manager access to Azure DNS without managing long-lived credentials.
Attendees will gain a technical understanding of the mechanics behind the DNS-01 challenge and why it is the essential method for issuing wildcard certificates. The discussion also covers how to configure automated renewals and on-demand provisioning, enabling advanced workflows such as dynamic certificate creation for ephemeral environments during pull request deployments.
By the end of the session, participants will have the specific technical knowledge required to integrate these automated systems with both Ingress and the Gateway API, allowing them to build and maintain a fully automated, hands-off certificate lifecycle.
Private, Secure, and Cost-Effective: The Trifecta of Managed DevOps Pools
Traditionally, securing the enterprise cloud has meant moving critical resources like AKS, Azure SQL, and Key Vault behind Private Endpoints. While this posture significantly reduces the attack surface, it often creates a connectivity gap where standard cloud build agents lack native visibility into these private environments.
Historically, teams have been forced to choose between the high maintenance of virtual machines or complex, insecure networking workarounds. Managed DevOps Pools resolve this conflict by providing the seamless experience of hosted agents with the security of native Virtual Network integration.
This session demonstrates the technical implementation of VNet injection to grant build agents direct access to private resources without the need for firewall modifications or public IP addresses. The presentation demonstrates how to leverage Managed Identities for authentication,, eliminating the risks of Service Principal secrets and the operational burden of password rotation. Furthermore, the session provides a framework for optimizing the total cost of ownership by transitioning from static, idle infrastructure to ephemeral, on-demand agents that scale dynamically with development needs.
By the end of the session, participants will have the technical knowledge required to build a secure, cost-effective pipeline foundation that serves the requirements of platform, security, and development teams alike.
Beyond Ingress: Mastering the Kubernetes Gateway API
For years, Kubernetes Ingress has been the default, yet it often forces teams into a fragile web of vendor-specific "annotation hell" to handle modern traffic requirements. The Gateway API moves beyond these limitations, offering an expressive, role-oriented standard that fundamentally rethinks the networking stack.
This session demonstrates why the Gateway API is the superior choice by breaking down its modular resource model, from core infrastructure components to granular routing definitions, and showing how it resolves the friction between platform, DevOps, and development teams.
This session compares in-cluster proxies like Traefik, Envoy, and Nginx against managed controllers like Azure Application Gateway for Containers. The presentation provides practical insights into native traffic engineering patterns, such as canary splits and path-based routing, alongside the specific technical steps for automating HTTPS via cert-manager.
By breaking down the integration between these components, the session ensures participants understand exactly how the Gateway API functions and how to implement a fully automated, secure, and easier-to-manage networking stack independently.
Come Cloud with Us User group Sessionize Event Upcoming
Azure Cloud Native User group Sessionize Event
Festive Tech Calendar 2025 Sessionize Event
Azure Back to School 2025 Sessionize Event
Azure Spring Clean 2024 Sessionize Event
Azure User Group Sweden User group Sessionize Event
Virtual Boston Azure User group Sessionize Event
2022 All Day DevOps Sessionize Event
Welsh Azure User Group - Event User group Sessionize Event
BASTA! Frankfurt 2022
Level Up your Kubernetes Scaling with KEDA
Wolfgang Ofner
Senior Cloud Architect and MCT
Toronto, Canada
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top