We built network isolation for 1,500 services

You might have spotted this tweet from backend engineer @jack-monzo this weekend:

The Security team has been working on network isolation for these 1,500 services – Jack breaks down how they’ve done it in this post :point_down:


Well done Jack and the rest of the team, this is a massive accomplishment.

I’m interested in the tools/ways you implement the automated check on new code, are you using something like Danger?

1 Like

Great write up and progress too.

1 Like

We write our own CI check scripts and tools and run them in CircleCI


Great article! I can imagine how excited is to develop this feature and rolling it out to production.

1 Like

That’s a nice network security design. Let’s say a rogue actor gains access to kube API server, outside your normal CD process. They deploy a workload using a pod spec containing the known labels necessary to call some service. Will the system prevent/detect this type of intrusion?

1 Like