Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Oliver Beattie
January 26, 2017
Technology
260
0
Share
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
最初の一歩を踏み出せなかった私が、誰かの背中を押したいと思うようになるまで / give someone a push
mii3king
0
130
QGISプラグイン CMChangeDetector
naokimuroki
1
220
LLM とプロンプトエンジニアリング/チューターを定義する / LLMs and Prompt Engineering, and Defining Tutors
ks91
PRO
0
390
NOSTR, réseau social et espace de liberté décentralisé
rlifchitz
0
170
明日からドヤれる!超マニアックなAWSセキュリティTips10連発 / 10 Ultra-Niche AWS Security Tips
yuj1osm
0
400
会社紹介資料 / Sansan Company Profile
sansan33
PRO
17
410k
Master Dataグループ紹介資料
sansan33
PRO
1
4.6k
Code Interpreter で、AIに安全に コードを書かせる。
yokomachi
0
5.4k
最近の技術系の話題で気になったもの色々(IoT系以外も) / IoTLT 花見予定会(たぶんBBQ) @都立潮風公園バーベキュー広場
you
PRO
1
140
JEDAI in Osaka 2026イントロ
taka_aki
0
190
3つのボトルネックを解消し、リリースエンジニアリングを再定義した話
nealle
0
440
建設的な現実逃避のしかた / How to practice constructive escapism
pauli
4
330
Featured
See All Featured
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.3k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
7.3k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
310
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
190
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
250
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.2k
How Software Deployment tools have changed in the past 20 years
geshan
0
33k
Darren the Foodie - Storyboard
khoart
PRO
3
3.2k
Reality Check: Gamification 10 Years Later
codingconduct
0
2.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.3k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
200
Six Lessons from altMBA
skipperchong
29
4.2k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
SiteGround - Reliable hosting with speed, security, and support you can count on.
obeattie
mii3king
naokimuroki
ks91
rlifchitz
yuj1osm
sansan33
yokomachi
you
taka_aki
nealle
pauli
inesmontani
aleyda
greggifford
dugsong
uxyall
charlesmeaden
geshan
khoart
codingconduct
kevinliebholz
nikkihalliwell
skipperchong
