Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
TypeScript入門
recruitengineers
PRO
12
2.7k
マイクロモビリティシェアサービスを支える プラットフォームアーキテクチャ
grimoh
1
200
OpenAPIから画面生成に挑戦した話
koinunopochi
0
150
Browser
recruitengineers
PRO
3
290
実践アプリケーション設計 ③ドメイン駆動設計
recruitengineers
PRO
1
180
Preferred Networks (PFN) とLLM Post-Training チームの紹介 / 第4回 関東Kaggler会 スポンサーセッション
pfn
PRO
1
180
どこで動かすか、誰が動かすか 〜 kintoneのインフラ基盤刷新と運用体制のシフト 〜
ueokande
0
180
GitHub Copilot coding agent を推したい / AIDD Nagoya #1
tnir
2
4.5k
モダンフロントエンド 開発研修
recruitengineers
PRO
2
300
株式会社ARAV 採用案内
maqui
0
340
我々は雰囲気で仕事をしている / How can we do vibe coding as well
naospon
2
220
GCASアップデート(202506-202508)
techniczna
0
250
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Become a Pro
speakerdeck
PRO
29
5.5k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
RailsConf 2023
tenderlove
30
1.2k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.6k
Speed Design
sergeychernyshev
32
1.1k
Designing Experiences People Love
moore
142
24k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Typedesign – Prime Four
hannesfritz
42
2.8k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie