We built network isolation for 1,500 services

bea · 5 November 2019 15:49

You might have spotted this tweet from backend engineer @jack-monzo this weekend:

The Security team has been working on network isolation for these 1,500 services – Jack breaks down how they’ve done it in this post

micsco · 5 November 2019 16:32

Well done Jack and the rest of the team, this is a massive accomplishment.

I’m interested in the tools/ways you implement the automated check on new code, are you using something like Danger?

kolok · 5 November 2019 17:26

Great write up and progress too.

jack-monzo · 5 November 2019 17:54

We write our own CI check scripts and tools and run them in CircleCI

educostadev · 8 November 2019 14:23

Great article! I can imagine how excited is to develop this feature and rolling it out to production.

baabel · 1 October 2020 14:22

That’s a nice network security design. Let’s say a rogue actor gains access to kube API server, outside your normal CD process. They deploy a workload using a pod spec containing the known labels necessary to call some service. Will the system prevent/detect this type of intrusion?

Topic		Replies	Views
Humans who can RPC: securing staff access to 2000 microservices :lock: News & Updates blog	3	1697	7 December 2022
Monzo on k8s - Ingress traffic management Developers	9	2518	24 July 2019
Bringing Automated Rollbacks to 2,100+ services at Monzo News & Updates blog , engineering	5	1556	7 May 2023
Controlling outbound traffic from Kubernetes News & Updates	1	2106	25 May 2022
Outages Monzo Chat	19	5022	21 September 2016

We built network isolation for 1,500 services

Related topics