Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building a Bank with Kubernetes – Kubecon 2016

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Oliver Beattie Oliver Beattie
November 09, 2016
Technology
610
1

Building a Bank with Kubernetes – Kubecon 2016

Avatar for Oliver Beattie

Oliver Beattie

November 09, 2016

More Decks by Oliver Beattie

See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
Avatar for Oliver Beattie obeattie
4
4.6k
DevOps Exchange London – Network Security at Monzo
Avatar for Oliver Beattie obeattie
0
270
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
Avatar for Oliver Beattie obeattie
10
47k

Other Decks in Technology

See All in Technology
【2026年版】 ベクトル検索とEmbedding最前線
Avatar for Tomoko Uchida mocobeta
23
7k
現地で盛り上がった WWDC26 Keynote
Avatar for ZOZO Developers zozotech
PRO
1
270
フィジカル版Github Onshapeの紹介
Avatar for shiba_8ro shiba_8ro
0
310
AWS Security Agent といっしょに脅威モデリングをやってみよう
Avatar for amarelo_n24 amarelo_n24
1
200
新しいUbuntu/GNOMEが使いたいからXからWaylandへ移行頑張ってるの巻 2026-06-20
Avatar for Nobuto Murata nobutomurata
0
160
徹底討論!ECS vs EKS!
Avatar for 高棹大樹 daitak
3
1.2k
AIAU_UMEMOGU_ninomiya_slide
Avatar for ninomiya ninomiya_ii
0
250
脱SaaS!FDEを支えるプロビジョニングと分離設計
Avatar for Kenichi SUZUKI knih
0
260
秘密度ラベル初心者が第1歩でつまづかないための「設計・運用」ポイント
Avatar for seafay seafay
PRO
1
420
Bucharest Tech Week 2026 - Reinventing testing practices in the AI era
Avatar for Eric Deandrea edeandrea
PRO
1
170
2026年6月23日 Syncable Tech + Start Python Club にて
Avatar for Kimikazu Kato hamukazu
0
140
WebGIS AI Agentの紹介
Avatar for _shimizu _shimizu
0
220

Featured

See All Featured
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
160
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
52k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.6k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.4k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
260
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
2
580

Transcript

  1. Building a Bank with Kubernetes

  2. Oliver Beattie @obeattie Head of Engineering, Monzo

  3. None
  4. None
  5. None
  6. None
  7. None
  8. None
  9. None
  10. None

  11. Pre-application 9 months Application 6 months Mobilisation 4–8 months

  12. Extensible Efficient Resilient Secure

  13. Extensible Efficient Resilient Secure

  14. Application Database

  15. Application Database Cache

  16. Application Database Cache Load balancer Cache Cache Application Application

  17. Database Cache Load balancer Database Database Cache Cache Application Application

    Application

  18. Database Cache Load balancer Database Database Cache Cache Application Application

    Application

  19. Application Database Cache Load balancer Application Application Database Database Cache

    Cache
  20. None
  21. None
  22. None

  23. Extensible Efficient Resilient Secure

  24. None

  25. app

  26. app

  27. core app

  28. None
  29. None

  30. Extensible Efficient Resilient Secure

  31. None
  32. None

  33. Load balancing Tracing Circuit breakers Retries Canarying Load shedding Error

    tracking Metrics Service discovery Logging Timeouts Expirations Security policies Back-offs Retry budgets Dynamic routing

  34. Minimise latency ⏱ Maximise success

  35. linkerd Finagle

  36. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  37. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  38. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3

  39. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 LINKERD 10.102.32.198

    10.224.15.3 Host: service. → 10.224.17.3 GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.34.192 10.224.16.3 HOST C service. CONTAINER 10.224.17.2 service.cruft CONTAINER 10.224.17.1 LINKERD 10.102.36.187 10.224.17.3 Host: service. → 10.224.17.2

  40. HOST A service. CONTAINER 10.224.15.2 service.cruft CONTAINER 10.224.15.1 10.224.15.3 Host:

    service. GET / HTTP/1.1 Host: service. HOST B service. CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 10.224.16.3 HOST n edge CONTAINER 10.224.18.2 service.cruft CONTAINER 10.224.18.1 LINKERD 10.102.36.110 10.224.18.3 HOST n edge CONTAINER 10.224.16.2 service.cruft CONTAINER 10.224.16.1 LINKERD 10.102.32.192 10.224.16.3 GET / HTTP/1.1 → service. ELB

  41. AWS eu-west-1

  42. AWS eu-west-1

  43. None

  44. Co-location uk-1 Co-location uk-2 AWS eu-west-1

  45. Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡

  46. Co-location uk-1 Co-location uk-2 AWS eu-west-1 ⚡

  47. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP

  48. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP BGP BGP

    ⚡ ⚡

  49. Co-location uk-1 Co-location uk-2 AWS eu-west-1 BGP BGP ⚡ ⚡

  50. “Connectivity” Pod BGP IPSec BGP BGP StrongSwan (IPSec) GNU Zebra


    (BGP) Hardware VPN device Services Services Services AWS Co-location Third parties

  51. Extensible Efficient Resilient Secure

  52. Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation

    Network isolation Resource isolation Principle of least privilege Log monitoring Secret management

  53. Device isolation Process isolation Data encryption Filesystem isolation Privilege isolation

    Network isolation Resource isolation Principle of least privilege Log monitoring Secret management

  54. k8s-master Availability Zone A Availability Zone B Availability Zone C

    admin user data k8s-worker dmz

  55. k8s-master Availability Zone A Availability Zone B Availability Zone C

    k8s-worker dmz

  56. Calico + network policy

  57. zone: super-secure

  58. apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: super-secure-zone spec: podSelector: matchLabels:

    zone: super-secure ingress: - from: - podSelector: matchLabels: zone: super-secure ports: - protocol: tcp

  59. Extensible Efficient Resilient Secure

  60. monzo.com/careers

  61. Q&A .

  62. @obeattie