Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Where will it converge?
ibknadedeji
0
180
【新卒研修資料】LLM・生成AI研修 / Large Language Model・Generative AI
brainpadpr
23
17k
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
Goにおける 生成AIによるコード生成の ベンチマーク評価入門
daisuketakeda
2
100
いま注目しているデータエンジニアリングの論点
ikkimiyazaki
0
590
Findy Team+のSOC2取得までの道のり
rvirus0817
0
330
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
zozotech
PRO
0
170
stupid jj tricks
indirect
0
7.9k
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
yosuke_nagai
4
580
SOC2取得の全体像
shonansurvivors
1
370
組織観点からIAM Identity CenterとIAMの設計を考える
nrinetcom
PRO
1
170
E2Eテスト設計_自動化のリアル___Playwrightでの実践とMCPの試み__AIによるテスト観点作成_.pdf
findy_eventslides
0
110
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.4k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
KATA
mclloyd
32
15k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
2.6k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
890
GitHub's CSS Performance
jonrohan
1032
460k
Code Reviewing Like a Champion
maltzj
525
40k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
960
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie