Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
560
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
160
AI前提のサービス運用ってなんだろう?
ryuichi1208
8
1.4k
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
強いチームと開発生産性
onk
PRO
35
12k
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
0
160
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
560
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
260
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
13k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
240
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
110
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Building an army of robots
kneath
302
43k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Done Done
chrislema
181
16k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Ruby is Unlike a Banana
tanoku
97
11k
A Tale of Four Properties
chriscoyier
156
23k
Site-Speed That Sticks
csswizardry
0
33
Unsuck your backbone
ammeep
668
57k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
What's in a price? How to price your products and services
michaelherold
243
12k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
sinsoku
ryuichi1208
oracle4engineer
onk
techiro
kazuhitotakahashi
4su_para
sonatard
hirosatogamo
ryder472
.jpeg){kind=avatar}
ostk0069
eileencodes
kneath
caitiem20
swwweet
chrislema
pedronauck
tanoku
chriscoyier
csswizardry
ammeep
lemiorhan
michaelherold
