Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
570
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
250510 StepFunctionのテスト自動化始めました vol.1
east_takumi
1
240
Sleep-time Compute: LLM推論コスト削減のための事前推論
sergicalsix
1
140
猫でもわかるS3 Tables【Apache Iceberg編】
kentapapa
2
220
テストコードにはテストの意図を込めよう(2025年版) #retechtalk / Put the intent of the test 2025
nihonbuson
PRO
9
1.7k
試作とデモンストレーション / Prototyping and Demonstrations
ks91
PRO
0
140
LINE 購物幕後推手
line_developers_tw
PRO
0
560
地に足の付いた現実的な技術選定から魔力のある体験を得る『AIレシート読み取り機能』のケーススタディ / From Grounded Tech Choices to Magical UX: A Case Study of AI Receipt Scanning
moznion
5
1.7k
Global Azure2025(GitHub Copilot ハンズオン)
tomokusaba
2
800
さくらのクラウド開発の裏側
metakoma
PRO
18
5.3k
Kaigi Effect 2025 #rubykaigi2025_after
sue445
0
160
Google Cloud Next 2025 Recap マーケティング施策の運用及び開発を支援するAIの活用 / Use of AI to support operation and development of marketing campaign
atsushiyoshikawa
0
260
分解し、導き、託す ログラスにおける“技術でリードする” 実践の記録
hryushm
0
350
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
54
13k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.7k
Fireside Chat
paigeccino
37
3.4k
Music & Morning Musume
bryan
47
6.5k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
120
52k
Producing Creativity
orderedlist
PRO
344
40k
Why You Should Never Use an ORM
jnunemaker
PRO
56
9.4k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.7k
Documentation Writing (for coders)
carmenintech
71
4.8k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
710
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
east_takumi
sergicalsix
kentapapa
nihonbuson
ks91
line_developers_tw
moznion
tomokusaba
metakoma
sue445
atsushiyoshikawa
hryushm
erikaheidi
sstephenson
maggiecrowley
paigeccino
bryan
chrisshort
aki_iinuma
orderedlist
jnunemaker
bluesmoon
carmenintech
irinanazarova
