Case Study

Millennium bcp

Millennium bcp Enhances Digital Banking Resilience with k8gb

Executive Summary

Millennium bcp, the largest privately-owned bank in Portugal, operates in a highly regulated environment, requiring continuous compliance with European Central Bank and Banco de Portugal mandates, including the Digital Operational Resilience Act (DORA) and similar regulations. To meet stringent requirements around availability, disaster recovery, and cloud neutrality, Millennium bcp adopted k8gb, a CNCF sandbox project for global load balancing across Kubernetes clusters. This solution enabled the bank to:

  • Improve workload resilience
  • Reduce recovery times
  • Support a clear exit strategy from hyperscaler lock-in

With k8gb, the bank has been able to build a globally resilient Kubernetes infrastructure that provides automated DNS failover between cloud regions, supporting the uninterrupted delivery of essential banking services. The results have been exceptional: 

  • Zero downtime during regional failover testing 
  • A 70% reduction in DNS-related incident response times 
  • 99.99% service uptime across critical banking applications

This modern architecture not only enhances technical capabilities but also supports strategic compliance and operational goals, positioning Millennium bcp ahead of the DORA compliance deadline.

About Millennium bcp

Millennium bcp is a leading financial institution in Portugal, serving over eight million customers – more than 80% of whom engage through digital banking channels. As a publicly traded company, Millennium bcp is committed to digital transformation and operational resilience, investing heavily in secure, scalable, and efficient IT platforms.

With a strong culture of innovation, the bank has embraced open-source technologies and cloud-native architectures to modernize legacy systems, support business growth, and meet evolving customer expectations. The bank’s infrastructure spans five regions across two cloud providers plus on-premises environments, supporting over 1,000 Kubernetes-based applications that are critical to daily banking operations.

The Challenge

Operating under tight regulatory oversight, Millennium bcp needed to guarantee resilience and service continuity for critical workloads. The introduction of the DORA regulation added further urgency, requiring robust and demonstrable disaster recovery capabilities, regional redundancy, and vendor-agnostic architecture with compliance deadlines approaching in January 2025.

Historically, the bank’s applications were bound to individual cloud regions or providers, creating complexity in achieving automated failover and compliance with maximum tolerable downtime and service level objectives. The DNS layer became a particular pain point, as existing vendor-specific DNS solutions lacked the flexibility, automation, and cross-cloud support necessary for modern cloud-native expectations such as: 

  • Health-based traffic routing
  • Seamless failover
  • Dynamic scaling across their extensive Kubernetes infrastructure

Furthermore, the regulatory landscape demanded that any resiliency solution be auditable, transparent, and interoperable across vendors – ruling out many proprietary or single-cloud offerings. The bank also needed to ensure that it could avoid vendor lock-in while maintaining high service availability and meeting the strict operational resilience requirements that define modern banking.

Why CNCF and Open Source

Millennium bcp’s cloud-native team had been exploring vendor-neutral, open-source solutions that aligned with CNCF best practices. k8gb stood out for its:

  • Seamless integration with Kubernetes-native DNS tools like CoreDNS and external-dns
  • Transparent open-source governance model 
  • Proven capability for global failover and geo-based routing 
  • Strong alignment with exit strategy goals by reducing dependency on proprietary tools

The bank values the CNCF ecosystem for its maturity, interoperability, and strong community support. Open-source projects like k8gb allow Millennium bcp to tailor solutions to their specific needs while remaining compliant with internal governance policies and external regulations. This approach provides the flexibility and innovation potential that traditional vendor solutions simply cannot match, particularly in the rapidly evolving landscape of financial services technology.

The Solution: k8gb

Millennium bcp deployed k8gb across multiple Kubernetes clusters hosted in different regions and cloud providers, creating a comprehensive global load balancing solution. Key elements of the implementation included: 

  • k8gb for DNS-based global load balancing
  • CoreDNS as the internal DNS server extended by k8gb logic
  • external-dns for dynamic DNS record management
  • Automated health checks and failover logic to redirect traffic during outages
  • Integration with GitOps-based deployment and configuration management
  • Integration with Prometheus-based metrics for monitoring, alerting, and visibility into failover events

k8gb acts as a Global Service Load Balancer using DNS as the control plane. Each cluster operates its own CoreDNS instance with the k8gb plugin, allowing for decentralized control and high availability. Global Service Load Balancer Custom Resource Definitions define load balancing strategies such as failover or round-robin. When a cluster becomes unhealthy, it is automatically removed from DNS records to ensure traffic is only directed to healthy endpoints.

Security and compliance were top priorities throughout the implementation. k8gb was deployed with strict Role-Based Access Control and network policies, and its configuration was included in regular compliance reviews and audits. All failover scenarios are rigorously tested as part of the bank’s disaster recovery drills, ensuring that the solution not only meets technical requirements but also satisfies the demanding regulatory standards that govern financial services operations.

Results and Strategic Impact

The deployment of k8gb has delivered remarkable technical and operational benefits that demonstrate the power of cloud-native solutions in regulated industries. The bank achieved zero downtime during regional failover testing across all five regions, proving the robustness of their operational resilience strategy. DNS-related incident response times were reduced by an impressive 70%, significantly enhancing the bank’s ability to respond quickly to potential service disruptions.

Most importantly, Millennium bcp now maintains 99.99% service uptime across key applications, a level of reliability that directly translates to enhanced customer trust and satisfaction. The bank achieved full alignment with DORA failover and resilience requirements well ahead of the January 2025 deadline, including comprehensive geographic redundancy capabilities that exceed regulatory expectations.

Beyond pure technical metrics, the solution has delivered substantial operational improvements:

  • Improved agility in disaster recovery planning and regulatory audits
  • Simplified operational model for managing multi-region clusters
  • Increased team confidence in handling regional outages and failover events

These improvements have created a culture of reliability that builds confidence among stakeholders, customers, and regulators alike.

Lessons Learned and Best Practices

Implementing k8gb in a highly regulated environment surfaced several important lessons that other financial institutions can apply to their own digital transformation journeys:

  • Cross-team collaboration between infrastructure, networking, and compliance teams proved essential for success
  • Observability and clear logging are key to successful DR testing and production failovers
  • CNCF community tools provide excellent foundations, but customization is often necessary in regulated industries
  • Early stakeholder involvement, including participation from risk and audit functions proved critical to accelerating adoption and securing the compliance sign-offs

Perhaps most importantly, the team learned the value of designing with failure in mind. By proactively simulating outages and practicing failover scenarios, they improved both system robustness and team readiness, creating a more resilient organization overall.

Looking Forward: Innovation Through Open Source

With k8gb, Millennium bcp is not just meeting regulatory requirements – it’s redefining what resilience means in modern finance. As open-source adoption continues to grow across the banking sector, this case serves as a blueprint for how cloud-native technologies can deliver on reliability, transparency, and compliance – without compromise.

About k8gb

k8gb is the global server load balancer for Kubernetes developed under the CNCF umbrella. It enables DNS-based traffic routing and failover across multiple Kubernetes clusters. Designed to integrate with CoreDNS and external-dns, k8gb supports geo-aware routing, active/passive setups, and high availability across regions.

Website: https://k8gb.io
GitHub: https://github.com/k8gb-io/k8g

Contact

To learn more about Millennium bcp’s journey with k8gb and CNCF technologies, please contact:

Nuno Guedes, Head of Public Cloud
https://www.linkedin.com/in/nunoguedes/

Industry:
Financial Services
Location:
Portugal
Published:
September 16, 2025

Projects used

k8gb logo