The Headlines

We built network isolation for 1,500 services
Jack Kleeman, Monzo
In the Security team at Monzo, one of our goals is to move towards a completely zero trust platform. This means that in theory, we'd be able to run malicious code inside our platform with no risk – the code wouldn't be able to interact with anything dangerous without the security team granting special access.

The idea is that we don't want to trust just anything simply because it's inside our platform. Instead, we want individual services to be trusted based on a short and deliberate list of which other services they're allowed to interact with. This makes an attack substantially more difficult.

In this blog, Jack outlines their thought process and includes examples of their test policy code.

CNCF Prometheus Project Journey Report
CNCF

Prometheus is a widely-adopted open source metrics-based monitoring and alerting system. Initially developed at SoundCloud to solve end user needs, Prometheus is now hosted by the Cloud Native Computing Foundation (CNCF). This report attempts to objectively assess the state of the Prometheus project and how CNCF has impacted the progress and growth of Prometheus. This report is one of a series of project journey reports we will be publishing focused on graduated projects hosted by CNCF.

The Technical

Inviting Security to the Party – Part I
Brenno Oliveira

Kubernetes Beyond
Andrea Tosatto

Provision a Kubernetes Cluster in Amazon EKS with Weaveworks eksctl and AWS CDK
Reaction Commerce

Migrating your app to Kubernetes: what to do with files?
Flant

KUDO, with Gerred Dillon
Adam Glick and Craig Box, Kubernetes Podcast from Google

Backyards 1.0
Marton Sereg, Banzai Cloud

Contour 1.0
Dave Cheney, Steve Sloka, Nick Young, and James Peach

From image security to workload security
Gareth Rushgrove, Snyk

The Editorial