Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
250
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
590
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
田舎で20年スクラム(後編):一個人が企業で長期戦アジャイルに挑む意味
chinmo
1
1.6k
Kusakabe_面白いダッシュボードの表現方法
ykka
0
350
スクラムを一度諦めたチームにアジャイルコーチが入ってどう変化したか / A Team's Second Try at Scrum with an Agile Coach
kaonavi
0
270
Git Training GitHub
yuhattor
1
210
AWS監視を「もっと楽する」ために
uechishingo
0
180
AWS Amplify Conference 2026 - 仕様からリリースまで一気通貫 生成 AI 時代のフルスタック開発
inariku
2
300
プロンプトエンジニアリングを超えて:自由と統制のあいだでつくる Platform × Context Engineering
yuriemori
0
520
Vivre en Bitcoin : le tutoriel que votre banquier ne veut pas que vous voyiez
rlifchitz
0
320
ソフトとハード両方いけるデータ人材の育て方
waiwai2111
1
530
Digitization部 紹介資料
sansan33
PRO
1
6.6k
SOC2は、取った瞬間よりその後が面白い
3flower
0
130
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3.7k
Featured
See All Featured
Between Models and Reality
mayunak
1
170
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
410
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
61
48k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
Building Applications with DynamoDB
mza
96
6.9k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
AI Search: Where Are We & What Can We Do About It?
aleyda
0
6.9k
The agentic SEO stack - context over prompts
schlessera
0
590
Typedesign – Prime Four
hannesfritz
42
2.9k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
chinmo
ykka
kaonavi
yuhattor
uechishingo
inariku
yuriemori
rlifchitz
waiwai2111
sansan33
3flower
mayunak
reverentgeek
maggiecrowley
bermonpainter
soudai
eileencodes
marktimemedia
mza
denniskardys
aleyda
schlessera
hannesfritz
