Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Oliver Beattie
January 26, 2017
Technology
260
0
Share
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
60分で学ぶ最新Webフロントエンド
mizdra
PRO
33
16k
QGISプラグイン CMChangeDetector
naokimuroki
1
220
Bluesky Meetup in Tokyo vol.4 - 2023to2026
shinoharata
0
180
LLM とプロンプトエンジニアリング/チューターを定義する / LLMs and Prompt Engineering, and Defining Tutors
ks91
PRO
0
390
OBI+APMでお手軽にアプリケーションのオブザーバビリティを手に入れよう
kenshimuto
0
290
Azure Static Web Apps の自動ビルドがタイムアウトしやすくなった状況に対応した件/global-azure2026
thara0402
0
210
Code Interpreter で、AIに安全に コードを書かせる。
yokomachi
0
5.4k
仕様通り動くの先へ。Claude Codeで「使える」を検証する
gotalab555
9
3.3k
3つのボトルネックを解消し、リリースエンジニアリングを再定義した話
nealle
0
430
AWS認定資格は本当に意味があるのか?
nrinetcom
PRO
0
180
Hooks, Filters & Now Context: Why MCPs Are the “Hooks” of the AI Era
miriamschwab
0
160
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1.1k
Featured
See All Featured
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
510
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
320
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
510
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
23k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
350
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
130
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
sira's awesome portfolio website redesign presentation
elsirapls
0
210
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
1
2.5k
Google's AI Overviews - The New Search
badams
0
960
A Soul's Torment
seathinner
6
2.6k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
mizdra
naokimuroki
shinoharata
ks91
kenshimuto
thara0402
yokomachi
gotalab555
nealle
nrinetcom
miriamschwab
sansan33
baasie
morganepeng
tmiket
inesmontani
danielanewman
jct
kimpetersen
charlesmeaden
elsirapls
lindahogenes
badams
seathinner
