Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
260
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
大規模サービスにおける レガシーコードからReactへの移行
magicpod
1
170
SaaSからAIへの過渡期の中で現在、組織内で起こっている変化 / SaaS to AI Paradigm Shift
aeonpeople
0
100
自動テストが巻き起こした開発プロセス・チームの変化 / Impact of Automated Testing on Development Cycles and Team Dynamics
codmoninc
3
1.2k
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
110
[JAWS DAYS 2026]私の AWS DevOps Agent 推しポイント
furuton
0
110
AIエージェント時代に備える AWS Organizations とアカウント設計
kossykinto
2
370
「ストレッチゾーンに挑戦し続ける」ことって難しくないですか? メンバーの持続的成長を支えるEMの環境設計
sansantech
PRO
3
390
Shifting from MCP to Skills / ベストプラクティスの変遷を辿る
yamanoku
4
690
8万デプロイ
iwamot
PRO
2
200
型を書かないRuby開発への挑戦
riseshia
0
200
楽しく学ぼう!ネットワーク入門
shotashiratori
0
300
メタデータ同期に潜んでいた問題 〜 Cache Stampede 時の Cycle Wait を⾒つけた話
lycorptech_jp
PRO
0
150
Featured
See All Featured
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
Paper Plane (Part 1)
katiecoart
PRO
0
5.2k
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
130
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
150
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
170
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
470
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.4k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
82
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
Mobile First: as difficult as doing things right
swwweet
225
10k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
magicpod
aeonpeople
codmoninc
p0n
furuton
kossykinto
sansantech
yamanoku
iwamot
riseshia
shotashiratori
lycorptech_jp
ivargrimstad
katiecoart
katarinadahlin
gurzu
iamctodd
samtorres
inesmontani
marcduiker
tammyeverts
techseoconnect
kastner
swwweet
