Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
260
0
Share
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
600
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
[Scram Fest Niigata2026]Quality as Code〜AIにQAの思考を再現させる試み〜
masamiyajiri
1
140
FessのAI検索モード:検索システムとLLMへの取り組み
marevol
0
170
EMから幅を広げるために最近挑戦していること / Recent challenges I'm undertaking to expand my horizons beyond EM
hiro_torii
1
180
20260428_Product Management Summit_Loglass_JoeHirose
loglassjoe
4
6.5k
COBOL婆さんの伝説
poropinai1966
0
130
AIと乗り切った1,500ページ超のヘルプサイト基盤刷新とさらにその先の話
mugi_uno
1
270
バイブコーディングで3倍早く⚪⚪を作ってみた
samakada
0
210
20年前の「OSS革命」に学ぶ AI時代の生存戦略
samakada
0
530
変化の激しい時代をゴキゲンに生き抜くために 〜ストレスマネジメントのススメ〜
kakehashi
PRO
2
680
AWS Agent Registry の基礎・概要を理解する/aws-agent-registry-intro
ren8k
3
430
AI와 협업하는 조직으로의 여정
arawn
0
580
Percolatorを廃止し、マルチ検索サービスへ刷新した話 / Search Engineering Tech Talk 2026 Spring
visional_engineering_and_design
0
230
Featured
See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
For a Future-Friendly Web
brad_frost
183
10k
The Cult of Friendly URLs
andyhume
79
6.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
エンジニアに許された特別な時間の終わり
watany
106
240k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
180
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Skip the Path - Find Your Career Trail
mkilby
1
110
HDC tutorial
michielstock
2
650
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.7k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
160
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
masamiyajiri
marevol
.jpg){kind=avatar}
hiro_torii
loglassjoe
poropinai1966
mugi_uno
samakada
kakehashi
ren8k
arawn
visional_engineering_and_design
aki_iinuma
brad_frost
andyhume
morganepeng
watany
ryanjones
scottboms
mkilby
michielstock
rkaga
inesmontani
tmiket
