Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
93k
#23 Turing × atmaCup 2nd 6th Place Solution + 取り組み方紹介
yumizu
0
130
Claude Code で画面の仕様書を作ろう
zozotech
PRO
0
180
ランサムウェア対策としてのpnpm導入のススメ
ishikawa_satoru
0
300
マネージャー視点で考えるプロダクトエンジニアの評価 / Evaluating Product Engineers from a Manager's Perspective
hiro_torii
0
260
Claude Code for NOT Programming
kawaguti
PRO
1
130
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
640
生成AIを活用した音声文字起こしシステムの2つの構築パターンについて
miu_crescent
PRO
3
250
StrandsAgentsで構築したAIエージェントにMCP Apps機能を追加してみた
kmiya84377
0
120
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
270
Oracle AI Database 移行・アップグレード勉強会 - RAT活用編
oracle4engineer
PRO
0
140
[CV勉強会@関東 World Model 読み会] Orbis: Overcoming Challenges of Long-Horizon Prediction in Driving World Models (Mousakhan+, NeurIPS 2025)
abemii
0
170
Featured
See All Featured
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.6k
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
290
エンジニアに許された特別な時間の終わり
watany
106
230k
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
450
Faster Mobile Websites
deanohume
310
31k
4 Signs Your Business is Dying
shpigford
187
22k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
440
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.4k
How to Talk to Developers About Accessibility
jct
2
140
The Pragmatic Product Professional
lauravandoore
37
7.1k
KATA
mclloyd
PRO
34
15k
Agile Actions for Facilitating Distributed Teams - ADO2019
mkilby
0
120
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
oracle4engineer
yumizu
zozotech
ishikawa_satoru
.jpg){kind=avatar}
hiro_torii
kawaguti
riku_423
miu_crescent
kmiya84377
taketakekaho
abemii
aleyda
mfonobong
watany
reverentgeek
deanohume
shpigford
inesmontani
jct
lauravandoore
mclloyd
mkilby
