Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
570
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
240
インフラをつくるとはどういうことなのか、 あるいはPlatform Engineeringについて
nwiizo
5
2.6k
The Future of SEO: The Impact of AI on Search
badams
0
190
地方拠点で エンジニアリングマネージャーってできるの? 〜地方という制約を楽しむオーナーシップとコミュニティ作り〜
1coin
1
230
個人開発から公式機能へ: PlaywrightとRailsをつなげた3年の軌跡
yusukeiwaki
11
3k
関東Kaggler会LT: 人狼コンペとLLM量子化について
nejumi
3
580
Culture Deck
optfit
0
420
Swiftの “private” を テストする / Testing Swift "private"
yutailang0119
0
130
開発スピードは上がっている…品質はどうする? スピードと品質を両立させるためのプロダクト開発の進め方とは #DevSumi #DevSumiB / Agile And Quality
nihonbuson
2
2.9k
レビューを増やしつつ 高評価維持するテクニック
tsuzuki817
1
710
Nekko Cloud、 これまでとこれから ~学生サークルが作る、 小さなクラウド
logica0419
2
960
次世代KYC活動報告 / 20250219-BizDay17-KYC-nextgen
oidfj
0
250
Featured
See All Featured
Java REST API Framework Comparison - PWX 2021
mraible
28
8.4k
Navigating Team Friction
lara
183
15k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
How STYLIGHT went responsive
nonsquared
98
5.4k
Become a Pro
speakerdeck
PRO
26
5.1k
Bootstrapping a Software Product
garrettdimon
PRO
306
110k
How GitHub (no longer) Works
holman
314
140k
Making Projects Easy
brettharned
116
6k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Designing for Performance
lara
604
68k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
oidfj
nwiizo
badams
1coin
yusukeiwaki
nejumi
.png){kind=avatar}
optfit
yutailang0119
nihonbuson
tsuzuki817
logica0419
mraible
lara
paulrobertlloyd
reverentgeek
nonsquared
speakerdeck
garrettdimon
holman
brettharned
keithpitt
eileencodes
