Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Playwrightで始めるUI自動テスト入門
devops_vtj
0
260
お試しで oxlint を導入してみる #vuefes_aftertalk
bengo4com
2
1.4k
AWS 環境で GitLab Self-managed を試してみた/aws-gitlab-self-managed
emiki
0
340
個人開発からエンプラまで。AIコードレビューで開発を楽しもう
moongift
PRO
0
280
Pythonで構築する全国市町村ナレッジグラフ: GraphRAGを用いた意味的地域検索への応用
negi111111
8
3.2k
ソフトウェアエンジニアとデータエンジニアの違い・キャリアチェンジ
mtpooh
1
720
【AWS reInvent 2025 関西組 事前勉強会】re:Inventの“感動と興奮”を思い出してモチベ爆上げしたいです
ttelltte
0
120
Sansan BIが実践する AI on BI とセマンティックレイヤー / data_summit_findy
sansan_randd
0
120
AI時代に必要なデータプラットフォームの要件とは by @Kazaneya_PR / 20251107
kazaneya
PRO
4
920
次世代のメールプロトコルの斜め読み
hirachan
3
440
技術の総合格闘技!?AIインフラの現在と未来。
ebiken
PRO
0
220
品質保証の取り組みを広げる仕組みづくり〜スキルの移譲と自律を支える実践知〜
tarappo
2
780
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
527
40k
4 Signs Your Business is Dying
shpigford
186
22k
Balancing Empowerment & Direction
lara
5
730
How to Think Like a Performance Engineer
csswizardry
28
2.3k
How STYLIGHT went responsive
nonsquared
100
5.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
34
2.3k
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Into the Great Unknown - MozCon
thekraken
40
2.1k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Building Applications with DynamoDB
mza
96
6.7k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
devops_vtj
bengo4com
emiki
moongift
negi111111
mtpooh
ttelltte
sansan_randd
kazaneya
hirachan
ebiken
tarappo
maltzj
shpigford
lara
csswizardry
nonsquared
chriscoyier
marcduiker
mraible
thekraken
lynnandtonic
mza
