$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
AI/MLのマルチテナント基盤を支えるコンテナ技術
pfn
PRO
5
780
Agents IA : la nouvelle frontière des LLMs (Tech.Rocks Summit 2025)
glaforge
0
460
生成AI時代の自動E2Eテスト運用とPlaywright実践知_引持力哉
legalontechnologies
PRO
0
190
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
240
AI時代におけるアジャイル開発について
polyscape_inc
0
120
GitLab Duo Agent Platformで実現する“AI駆動・継続的サービス開発”と最新情報のアップデート
jeffi7
0
200
著者と読み解くAIエージェント現場導入の勘所 Lancers TechBook#2
smiyawaki0820
11
5.4k
プロダクトマネージャーが押さえておくべき、ソフトウェア資産とAIエージェント投資効果 / pmconf2025
i35_267
2
520
日本Rubyの会の構造と実行とあと何か / hokurikurk01
takahashim
4
800
Oracle Technology Night #95 GoldenGate 26ai の実装に迫る1
oracle4engineer
PRO
0
120
Oracle Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
0
160
私のRails開発環境
yahonda
0
190
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Mobile First: as difficult as doing things right
swwweet
225
10k
We Have a Design System, Now What?
morganepeng
54
7.9k
4 Signs Your Business is Dying
shpigford
186
22k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
The Power of CSS Pseudo Elements
geoffreycrofte
80
6.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
700
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Raft: Consensus for Rubyists
vanstee
141
7.2k
Visualization
eitanlees
150
16k
Statistics for Hackers
jakevdp
799
230k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.6k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
pfn
glaforge
legalontechnologies
anjn
polyscape_inc
jeffi7
smiyawaki0820
i35_267
takahashim
oracle4engineer
yahonda
lynnandtonic
swwweet
morganepeng
shpigford
jeffersonlam
geoffreycrofte
bluesmoon
marcelosomers
vanstee
eitanlees
jakevdp
bcantrill
