Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
260
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
20260311 技術SWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
oidfj
0
360
Tebiki Engineering Team Deck
tebiki
0
27k
進化するBits AI SREと私と組織
nulabinc
PRO
1
230
Keycloak を使った SSO で CockroachDB にログインする / CockroachDB SSO with Keycloak
kota2and3kan
0
150
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
oracle4engineer
PRO
0
150
SRE NEXT 2026 CfP レビュアーが語る聞きたくなるプロポーザルとは?
yutakawasaki0911
1
390
複数クラスタ運用と検索の高度化:ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026
visional_engineering_and_design
0
160
Claude Code 2026年 最新アップデート
oikon48
13
10k
(Test) ai-meetup slide creation
oikon48
3
430
内製AIチャットボットで学んだDatadog LLM Observability活用術
mkdev10
0
120
身体を持ったパーソナルAIエージェントの 可能性を探る開発
yokomachi
1
130
ガバメントクラウドにおけるAWSの長期継続割引について
takeda_h
2
610
Featured
See All Featured
We Have a Design System, Now What?
morganepeng
55
8k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
160
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
990
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
72
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
640
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
350
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
.png){kind=avatar}
oidfj
tebiki
nulabinc
kota2and3kan
oracle4engineer
yutakawasaki0911
visional_engineering_and_design
oikon48
mkdev10
yokomachi
takeda_h
morganepeng
baasie
tamaranovitovic
aleyda
akademiya2063
charlesmeaden
destraynor
sstephenson
kastner
kimpetersen
marktimemedia
afnizarnur
