Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building a Bank with Kubernetes – Kubecon 2016

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Oliver Beattie Oliver Beattie
November 09, 2016
Technology
610
1

Building a Bank with Kubernetes – Kubecon 2016

Avatar for Oliver Beattie

Oliver Beattie

November 09, 2016

More Decks by Oliver Beattie

See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
Avatar for Oliver Beattie obeattie
4
4.6k
DevOps Exchange London – Network Security at Monzo
Avatar for Oliver Beattie obeattie
0
270
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
Avatar for Oliver Beattie obeattie
10
47k

Other Decks in Technology

See All in Technology
Agent Skills設計で柔軟性と硬さのバランスが難しい話
Avatar for nassy nassy20
0
130
AIの性能が向上しても未解決な組織の重大問題は何か?/An Unsolved Organizational Problem in the Age of AI
Avatar for moriyuya moriyuya
4
630
RAG を使わないという選択肢
Avatar for tatsutaka tatsutaka
1
200
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
880
手塩にかけりゃいいってもんじゃない
Avatar for ming ming_ayami
0
520
Building applications in the Gemini API family.
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
3.1k
AIのReact習熟度を測る
Avatar for uhyo uhyo
2
220
SONiC Scale-Up Working Group から探る Scale-UpやUltraEthernet機能の実装方法
Avatar for ebiken ebiken
PRO
2
140
[モダンアプリ勉強会]今更聞けないGit/GitHub入門
Avatar for つくぼし tsukuboshi
0
370
失敗を資産に変えるClaude Code
Avatar for Shinya Saita shinyasaita
0
590
On-behalf-of Token exchange with AgentCore Identity
Avatar for iganin hironobuiga
2
150
自律型AIエージェントは何を破壊するのか
Avatar for kojira kojira
0
150

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
66
8.5k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.6k
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
2
220
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
11
940
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
950
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
230
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
1.1k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
Building a A Zero-Code AI SEO Workflow
Avatar for Ian Lurie portentint
PRO
0
570
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
15k
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
Avatar for Andy Polaine apolaine
1
350

Transcript

  1. Building a Bank with Kubernetes

  2. Oliver Beattie @obeattie Head of Engineering, Monzo

  3. None
  4. None
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None

  11. Pre-application 9 months Application 6 months Mobilisation 4–8 months

  12. Extensible Efficient Resilient Secure

  13. Extensible Efficient Resilient Secure

  14. Application Database

  15. Application Database Cache

  16. Application Database Cache Load balancer Cache Cache Application Application

  17. Database Cache Load balancer Database Database Cache Cache Application Application

    Application

  18. Database Cache Load balancer Database Database Cache Cache Application Application

    Application

  19. Application Database Cache Load balancer Application Application Database Database Cache

    Cache
  20. None
  21. None
  22. None

  23. Extensible Efficient Resilient Secure

  24. None

  25. app

  26. app

  27. core app

  28. None
  29. None

  30. Extensible Efficient Resilient Secure

  31. None
  32. None

  33. Load balancing Tracing Circuit breakers Retries Canarying Load shedding Error

    tracking Metrics Service discovery Logging Timeouts Expirations Security policies Back-offs Retry budgets Dynamic routing

  34. Minimise latency ⏱ Maximise success

  35. linkerd Finagle

  36. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  37. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  38. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  39. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 Host: service. → 10.224.17.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3 Host: service. → 10.224.17.2

  40. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 10.224.15.3 Host:

    service. GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 10.224.16.3 HOST n edge CONTAINER 10.224.18.2 service.cruft CONTAINER 10.224.18.1 LINKERD 10.102.36.110 10.224.18.3 HOST n edge CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.32.192 10.224.16.3 GET / HTTP/1.1 → service. ELB

  41. AWS eu-west-1

  42. AWS eu-west-1

  43. None

  44. Co-location uk-1 Co-location uk-2 AWS eu-west-1

  45. Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡

  46. Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡

  47. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP

  48. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP

    ⚡ ⚡

  49. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP ⚡ ⚡

  50. “Connectivity” Pod BGP IPSec BGP BGP StrongSwan (IPSec) GNU Zebra


    (BGP) Hardware VPN device Services Services Services AWS Co-location Third parties

  51. Extensible Efficient Resilient Secure

  52. Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation

    Network isolation Resource isolation Principle of least privilege Log monitoring Secret management

  53. Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation

    Network isolation Resource isolation Principle of least privilege Log monitoring Secret management

  54. k8s-master Availability Zone A Availability Zone B Availability Zone C

    admin user data k8s-worker dmz

  55. k8s-master Availability Zone A Availability Zone B Availability Zone C

    k8s-worker dmz

  56. Calico + network policy

  57. zone: super-secure

  58. apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: super-secure-zone spec: podSelector: matchLabels:

    zone: super-secure ingress: - from: - podSelector: matchLabels: zone: super-secure ports: - protocol: tcp

  59. Extensible Efficient Resilient Secure

  60. monzo.com/careers

  61. Q&A .

  62. @obeattie