Mettle is part of NatWest’s business banking innovation arm in the UK, that provides free business accounts for startups, small businesses, limited companies and sole traders. To keep the Mettle application running, and ensure that all services are available to their customers 24x7, the engineering team needed a way to deploy new features quickly without compromising on reliability or security.
We recently caught up with Mettle to find out how they were able to solve their challenges using Weave Flux and GitOps.
“One of my team’s biggest principles is to provide a self-service platform for our engineers. GitOps is making this possible.” said Steve Wade, Platform Lead, Mettle
Who is Mettle?
Mettle’s goal is to provide small business customers with an application that speeds up payments and helps them manage their finances. One third of small businesses suffer problems due to late payments and lack of visibility, which is why the Natwest team have set out to revolutionize business banking. Customers can apply for an account in minutes, create and send customized invoices and connect to accounting software to help keep track of their books.
Mitigate the risk of compromised CI/CD pipelines
One of the main changes Mettle's platform team wanted to make was making sure the CI tooling (Concourse) was secure and wasn’t an attack vector into other environments. If hackers were to penetrate a cluster, the first place they would go to would be the CI machine(s) because they always have elevated privileges to access environments/clusters. Prior to implementing GitOps, Concourse had the ability to create, edit and delete almost anything in all of their clusters. This meant that the current state of a cluster could only truly be determined by Concourse itself.
Decrease operational overhead whilst being compliant
Another challenge was that the Platform Team, who is responsible for the creation and deployment of all infrastructure and Kubernetes clusters, needed a self-service platform. This would empower their developers to innovate and deploy microservices all the way to production with no input required from the team. Furthermore, with Mettle being a Fintech company, they are regularly audited for compliance, so they needed a solution for securing their Kubernetes clusters for compliance for their auditors.
Download the case study to learn more about how Mettle implemented a self-service developer platform using Weave Flux and GitOps to positively increase their time to deployment and mean time to recovery (MTTR), whilst enabling greater security within their workflows.