$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Haskell を武器にして挑む競技プログラミング ─ 操作的思考から意味モデル思考へ
naoya
6
1.6k
ログ管理の新たな可能性?CloudWatchの新機能をご紹介
ikumi_ono
1
840
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
pauli
2
210
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
masahirokawahara
1
2.1k
re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)
masukawa
0
390
Snowflakeでデータ基盤を もう一度作り直すなら / rebuilding-data-platform-with-snowflake
pei0804
6
1.6k
初めてのDatabricks AI/BI Genie
taka_aki
0
200
生成AI時代におけるグローバル戦略思考
taka_aki
0
200
SSO方式とJumpアカウント方式の比較と設計方針
yuobayashi
7
690
ガバメントクラウド利用システムのライフサイクルについて
techniczna
0
190
Challenging Hardware Contests with Zephyr and Lessons Learned
iotengineer22
0
230
AI 駆動開発勉強会 フロントエンド支部 #1 w/あずもば
1ftseabass
PRO
0
400
Featured
See All Featured
Building Applications with DynamoDB
mza
96
6.8k
Rails Girls Zürich Keynote
gr2m
95
14k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
Visualization
eitanlees
150
16k
BBQ
matthewcrist
89
9.9k
[RailsConf 2023] Rails as a piece of cake
palkan
58
6.2k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
970
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
Designing for Performance
lara
610
69k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Practical Orchestrator
shlominoach
190
11k
A better future with KSS
kneath
240
18k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
naoya
ikumi_ono
pauli
masahirokawahara
masukawa
pei0804
taka_aki
yuobayashi
techniczna
iotengineer22
1ftseabass
mza
gr2m
tammyeverts
eitanlees
matthewcrist
palkan
mraible
lara
malarkey
shlominoach
kneath
