Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Oliver Beattie
January 26, 2017
Technology
0
260
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Phase11_戦略的AI経営
overflowinc
0
1.7k
開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-
kaomi_wombat
0
250
【社内勉強会】新年度からコーディングエージェントを使いこなす - 構造と制約で引き出すClaude Codeの実践知
nwiizo
24
12k
スピンアウト講座04_ルーティン処理
overflowinc
0
1.3k
AWS Systems Managerのハイブリッドアクティベーションを使用したガバメントクラウド環境の統合管理
toru_kubota
0
170
20260323_データ分析基盤でGeminiを使う話
1210yuichi0
0
180
RGBに陥らないために -プロダクトの価値を届けるまで-
righttouch
PRO
0
120
「活動」は激変する。「ベース」は変わらない ~ 4つの軸で捉える_AI時代ソフトウェア開発マネジメント
sentokun
0
110
スピンアウト講座05_実践活用事例
overflowinc
0
1.3k
AIエージェント時代に必要な オペレーションマネージャーのロールとは
kentarofujii
0
140
「通るまでRe-run」から卒業!落ちないテストを書く勘所
asumikam
2
750
Bref でサービスを運用している話
sgash708
0
200
Featured
See All Featured
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
490
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
590
How Software Deployment tools have changed in the past 20 years
geshan
0
33k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
190
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4k
Designing Powerful Visuals for Engaging Learning
tmiket
0
300
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
270
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
160
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.7k
Code Reviewing Like a Champion
maltzj
528
40k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
86
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
SiteGround - Reliable hosting with speed, security, and support you can count on.
obeattie
overflowinc
kaomi_wombat
nwiizo
toru_kubota
1210yuichi0
righttouch
sentokun
kentarofujii
asumikam
sgash708
inesmontani
bluesmoon
tomoyanonymous
geshan
nikkihalliwell
productmarketing
tmiket
baasie
katarinadahlin
raygrieselhuber
maltzj
marketingsoph
