Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
270
0
Share
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
600
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Amazon Bedrock 経由の Claude Cowork を試してみよう・MCP にも繋いでみよう
sugimomoto
0
210
Agentic Design Patterns
glaforge
0
230
AI時代に求められる思考のパラダイムシフト
nrinetcom
PRO
1
160
「使われるデータ基盤」を目指してデータアナリストとワークショップをやった話
jackojacko_
2
900
layerx-fde-practices
cipepser
6
2.8k
Cloud Run のアップデート 触ってみる&紹介
gre212
0
160
oracle-to-databricks-migration-with-llm-and-dbt
casek
0
280
GitHub Copilot のこれまでとこれから: From Copilot to Collaborative Agents
yuriemori
1
210
大学生が本気でDatabricksを活用してDiscordサークルをデータ駆動させてみた
phantomjuju
0
200
シンデレラなんかになりたくない!ガラスの靴が割れた時代にどう歩く?
nomizone
0
210
電子辞書Brainをネットに繋げてみた(自力編)
raspython3
0
210
Claude Codeですべての日常業務を爆速化しよう!
minorun365
PRO
16
14k
Featured
See All Featured
The Invisible Side of Design
smashingmag
302
52k
The SEO identity crisis: Don't let AI make you average
varn
0
470
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
250
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
310
Leo the Paperboy
mayatellez
7
1.8k
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
510
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
140
A Soul's Torment
seathinner
6
2.8k
Code Review Best Practice
trishagee
74
20k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.3k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
sugimomoto
glaforge
nrinetcom
jackojacko_
cipepser
gre212
casek
yuriemori
phantomjuju
nomizone
raspython3
minorun365
smashingmag
varn
techseoconnect
sergeychernyshev
ks91
mayatellez
jmmastey
marktimemedia
davidcarrasco
seathinner
trishagee
irinanazarova
