Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
12k
Autonomous Database サービス・アップデート (FY25)
oracle4engineer
PRO
2
760
Classmethod AI Talks(CATs) #22 司会進行スライド(2025.06.12) / classmethod-ai-talks-aka-cats_moderator-slides_vol22_2025-06-12
shinyaa31
0
200
"SaaS is Dead" は本当か!? 生成AI時代の医療 Vertical SaaS のリアル
kakehashi
PRO
3
160
本部長の代わりに提案書レビュー! KDDI営業が毎日使うAIエージェント「A-BOSS」開発秘話
minorun365
PRO
12
1.5k
AIコーディング新時代を生き残るための試行錯誤 / AI Coding Survival Guide
tomohisa
9
12k
Model Mondays S2E01: Advanced Reasoning
nitya
0
270
OCI Oracle Database Services新機能アップデート(2025/03-2025/05)
oracle4engineer
PRO
1
120
Roo CodeとClaude Code比較してみた
pharma_x_tech
1
290
OpenTelemetry Collector internals
ymotongpoo
5
520
“プロダクトを好きになれるか“も QAエンジニア転職の大事な判断基準だと思ったの
tomodakengo
0
110
ソフトウェア開発現代史: "LeanとDevOpsの科学"の「科学」とは何か? - DORA Report 10年の変遷を追って - #開発生産性_findy
takabow
1
360
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
228
22k
Automating Front-end Workflow
addyosmani
1370
200k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Designing for humans not robots
tammielis
253
25k
Code Reviewing Like a Champion
maltzj
524
40k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.3k
KATA
mclloyd
29
14k
For a Future-Friendly Web
brad_frost
179
9.8k
Site-Speed That Sticks
csswizardry
10
620
Product Roadmaps are Hard
iamctodd
PRO
53
11k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
sansan33
oracle4engineer
shinyaa31
kakehashi
minorun365
tomohisa
nitya
.png){kind=icon}
pharma_x_tech
ymotongpoo
tomodakengo
takabow
samlambert
danielanewman
addyosmani
pedronauck
tammielis
maltzj
eileencodes
mclloyd
brad_frost
csswizardry
iamctodd
morganepeng
