Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Oliver Beattie
January 26, 2017
Technology
0
260
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Phase12_総括_自走化
overflowinc
0
1.6k
タスク管理も1on1も、もう「管理」じゃない - KiroとBedrock AgentCoreで変わった“判断の仕事”
yusukeshimizu
0
110
SaaSに宿る21g
kanyamaguc
2
170
AI時代のオンプレ-クラウドキャリアチェンジ考
yuu0w0yuu
0
240
FASTでAIエージェントを作りまくろう!
yukiogawa
4
110
Why we keep our community?
kawaguti
PRO
0
290
LLMに何を任せ、何を任せないか
cap120
10
5.8k
契約書からの情報抽出を行うLLMのスループットを、バッチ処理を用いて最大40%改善した話
sansantech
PRO
3
290
スピンアウト講座02_ファイル管理
overflowinc
0
1.4k
AI時代のIssue駆動開発のススメ
moongift
PRO
0
260
Phase08_クイックウィン実装
overflowinc
0
1.9k
スピンアウト講座03_CLAUDE-MDとSKILL-MD
overflowinc
0
1.4k
Featured
See All Featured
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
120
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
120
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
The Spectacular Lies of Maps
axbom
PRO
1
650
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
190
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
480
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
10k
sira's awesome portfolio website redesign presentation
elsirapls
0
200
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.5k
Design in an AI World
tapps
0
180
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
overflowinc
yusukeshimizu
kanyamaguc
yuu0w0yuu
yukiogawa
kawaguti
cap120
sansantech
moongift
techseoconnect
bermonpainter
marketingsoph
productmarketing
axbom
samtorres
reverentgeek
hatefulcrawdad
aleyda
elsirapls
garrettdimon
tapps
