Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
SQLだけでマイグレーションしたい!
makki_d
0
1.2k
『君の名は』と聞く君の名は。 / Your name, you who asks for mine.
nttcom
1
120
Agent Skillsがハーネスの垣根を超える日
gotalab555
6
4.5k
オープンソースKeycloakのMCP認可サーバの仕様の対応状況 / 20251219 OpenID BizDay #18 LT Keycloak
oidfj
0
180
TED_modeki_共創ラボ_20251203.pdf
iotcomjpadmin
0
150
ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素
leveragestech
0
220
AgentCoreとStrandsで社内d払いナレッジボットを作った話
motojimayu
1
990
意外と知らない状態遷移テストの世界
nihonbuson
PRO
1
270
Oracle Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
2
200
Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門
shichijoyuhi
2
260
Strands AgentsとNova 2 SonicでS2Sを実践してみた
yama3133
1
1.9k
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
sekido
PRO
0
220
Featured
See All Featured
What does AI have to do with Human Rights?
axbom
PRO
0
1.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
BBQ
matthewcrist
89
9.9k
Discover your Explorer Soul
emna__ayadi
2
1k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
45
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
0
45
Heart Work Chapter 1 - Part 1
lfama
PRO
3
35k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
1
870
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
120
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
0
67
What the history of the web can teach us about the future of AI
inesmontani
PRO
0
380
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
makki_d
nttcom
gotalab555
oidfj
iotcomjpadmin
leveragestech
motojimayu
nihonbuson
oracle4engineer
shichijoyuhi
yama3133
sekido
axbom
afnizarnur
matthewcrist
emna__ayadi
marketingsoph
kimpetersen
lfama
tamaranovitovic
nikkihalliwell
tmiket
inesmontani
denniskardys
