Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Multimodal AI Driving Solutions to Societal Challenges
keio_smilab
PRO
1
130
コミューンのデータ分析AIエージェント「Community Sage」の紹介
fufufukakaka
0
320
生成AI時代の自動E2Eテスト運用とPlaywright実践知_引持力哉
legalontechnologies
PRO
0
190
AI時代の開発フローとともに気を付けたいこと
kkamegawa
0
1.1k
20251209_WAKECareer_生成AIを活用した設計・開発プロセス
syobochim
1
390
Product Engineer
resilire
0
150
たかが特別な時間の終わり / It's Only the End of Special Time
watany
28
7.6k
プロダクトマネジメントの分業が生む「デリバリーの渋滞」を解消するTPMの越境
recruitengineers
PRO
3
630
Bakuraku Engineering Team Deck
layerx
PRO
12
6.6k
Playwright x GitHub Actionsで実現する「レビューしやすい」E2Eテストレポート
kinosuke01
0
190
AIと二人三脚で育てた、個人開発アプリグロース術
zozotech
PRO
0
560
Ryzen NPUにおけるAI Engineプログラミング
anjn
0
240
Featured
See All Featured
How GitHub (no longer) Works
holman
316
140k
Agile that works and the tools we love
rasmusluckow
331
21k
A designer walks into a library…
pauljervisheath
210
24k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.3k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Designing for Performance
lara
610
69k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
37
2.6k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
keio_smilab
fufufukakaka
legalontechnologies
kkamegawa
syobochim
resilire
watany
recruitengineers
layerx
kinosuke01
zozotech
anjn
holman
rasmusluckow
pauljervisheath
samanthasiow
lauravandoore
lara
erikaheidi
jlugia
tammyeverts
marcelosomers
jeffersonlam
eileencodes
