Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building a Bank with Kubernetes – Kubecon 2016
Search
Oliver Beattie
November 09, 2016
Technology
610
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Building a Bank with Kubernetes – Kubecon 2016
Oliver Beattie
November 09, 2016
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
DevOps Exchange London – Network Security at Monzo
obeattie
0
270
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
“全部コピーしない”ファイルデータの活用 : — FSx for ONTAP × S3 Tables × Icebergで作るメタデータカタログ
yoshiki0705
0
470
RAGの精度向上とエージェント活用
kintotechdev
2
140
小さいから、全部わかる。— 常駐AI "xangi" のすすめ
sugupoko
0
270
從觀望到全公司落地:AI Agentic Coding 導入實戰 — 流程整合與安全治理
appleboy
1
1k
SRE歴2ヶ月でも開発6年の知見を活かして、チームで止まっていた環境改善を前に進めた話
a_ono
1
210
Kotlin 開発のツラミを爆破した話! / Explode the difficulty of Kotlin dev!
eller86
0
150
はじめてのWDM
miyukichi_ospf
1
120
デジタル・デザイン構想 by Sayaka Ishizuka
y150saya
0
190
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2.1k
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
0
520
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
210
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
370
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Statistics for Hackers
jakevdp
799
230k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
180
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
How to build a perfect <img>
jonoalderson
1
5.8k
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
200
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Skip the Path - Find Your Career Trail
mkilby
1
160
Transcript
Building a Bank with Kubernetes
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Extensible Efficient Resilient Secure
Extensible Efficient Resilient Secure
Application Database
Application Database Cache
Application Database Cache Load balancer Cache Cache Application Application
Database Cache Load balancer Database Database Cache Cache Application Application
Application
Database Cache Load balancer Database Database Cache Cache Application Application
Application
Application Database Cache Load balancer Application Application Database Database Cache
Cache
None
None
None
Extensible Efficient Resilient Secure
None
app
app
core app
None
None
Extensible Efficient Resilient Secure
None
None
Load balancing Tracing Circuit breakers Retries Canarying Load shedding Error
tracking Metrics Service discovery Logging Timeouts Expirations Security policies Back-offs Retry budgets Dynamic routing
Minimise latency ⏱ Maximise success
linkerd Finagle
HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198
10.224.15.3 HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3
HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198
10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3
HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198
10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3
HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198
10.224.15.3 Host: service. → 10.224.17.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3 Host: service. → 10.224.17.2
HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 10.224.15.3 Host:
service. GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 10.224.16.3 HOST n edge CONTAINER 10.224.18.2 service.cruft CONTAINER 10.224.18.1 LINKERD 10.102.36.110 10.224.18.3 HOST n edge CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.32.192 10.224.16.3 GET / HTTP/1.1 → service. ELB
AWS eu-west-1
AWS eu-west-1
None
Co-location uk-1 Co-location uk-2 AWS eu-west-1
Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡
Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡
Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP
Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP
⚡ ⚡
Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP ⚡ ⚡
“Connectivity” Pod BGP IPSec BGP BGP StrongSwan (IPSec) GNU Zebra
(BGP) Hardware VPN device Services Services Services AWS Co-location Third parties
Extensible Efficient Resilient Secure
Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation
Network isolation Resource isolation Principle of least privilege Log monitoring Secret management
Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation
Network isolation Resource isolation Principle of least privilege Log monitoring Secret management
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
Calico + network policy
zone: super-secure
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: super-secure-zone spec: podSelector: matchLabels:
zone: super-secure ingress: - from: - podSelector: matchLabels: zone: super-secure ports: - protocol: tcp
Extensible Efficient Resilient Secure
monzo.com/careers
Q&A .
@obeattie