Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
習慣とAIと環境 — 技術探求を続ける3つの鍵
azukiazusa1
2
680
2026/01/16_実体験から学ぶ 2025年の失敗と対策_Progate Bar
teba_eleven
1
210
Eight Engineering Unit 紹介資料
sansan33
PRO
0
6.3k
Digitization部 紹介資料
sansan33
PRO
1
6.6k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
63k
Scrum Guide Expansion Pack が示す現代プロダクト開発への補完的視点
sonjin
0
800
産業的変化も組織的変化も乗り越えられるチームへの成長 〜チームの変化から見出す明るい未来〜
kakehashi
PRO
1
850
AIAgentを駆使してSREが貢献する開発体験の向上
yoshiiryo1
1
370
Vivre en Bitcoin : le tutoriel que votre banquier ne veut pas que vous voyiez
rlifchitz
0
320
[Iceberg Meetup #4] ゼロからはじめる: Apache Icebergとはなにか? / Apache Iceberg for Beginners
databricksjapan
0
150
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
AI Agent Standards and Protocols: a Walkthrough of MCP, A2A, and more...
glaforge
0
420
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
How to train your dragon (web standard)
notwaldorf
97
6.5k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
43
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
150
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.7k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
710
How to make the Groovebox
asonas
2
1.9k
Navigating Weather and Climate Data
rabernat
0
72
Building Flexible Design Systems
yeseniaperezcruz
330
40k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
azukiazusa1
teba_eleven
sansan33
sonjin
kakehashi
yoshiiryo1
rlifchitz
databricksjapan
fullkaiten
glaforge
tammyeverts
cassininazir
notwaldorf
marketingsoph
frankvandijk
honnibal
aleyda
asonas
rabernat
yeseniaperezcruz
eileencodes
bermonpainter
