Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Oliver Beattie
January 26, 2017
Technology
0
260
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
大規模な組織におけるAI Agent活用の促進と課題
lycorptech_jp
PRO
6
7.8k
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
120
GitLab Duo Agent Platform + Local LLMサービングで幸せになりたい
jyoshise
0
120
「使いにくい」も「運用疲れ」も卒業する UIデザイナーとエンジニアが創る持続可能な内製開発
nrinetcom
PRO
1
780
JAWS DAYS 2026 CDP道場 事前説明会 / JAWS DAYS 2026 CDP Dojo briefing document
naospon
0
180
ビズリーチにおける検索・推薦の取り組み / DEIM2026
visional_engineering_and_design
1
100
Introduction to Bill One Development Engineer
sansan33
PRO
0
380
技術的負債の泥沼から組織を救う3つの転換点
nwiizo
7
2.3k
Databricksアシスタントが自分で考えて動く時代に! エージェントモード体験もくもく会
taka_aki
0
320
EMからICへ、二周目人材としてAI全振りのプロダクト開発で見つけた武器
yug1224
4
420
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1.1k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
95k
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
430
Writing Fast Ruby
sferik
630
63k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
370
Marketing to machines
jonoalderson
1
5k
エンジニアに許された特別な時間の終わり
watany
106
240k
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.2k
Thoughts on Productivity
jonyablonski
75
5.1k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
210
GitHub's CSS Performance
jonrohan
1032
470k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
110
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
SiteGround - Reliable hosting with speed, security, and support you can count on.
obeattie
lycorptech_jp
jpishikawa
jyoshise
nrinetcom
naospon
visional_engineering_and_design
sansan33
nwiizo
taka_aki
yug1224
oracle4engineer
hatefulcrawdad
marktimemedia
sferik
konakalab
jonoalderson
watany
ivargrimstad
jonyablonski
axbom
jonrohan
codingconduct
kastner
