Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
リリース2ヶ月で収益化した話
kent_code3
1
300
MCP認可の現在地と自律型エージェント対応に向けた課題 / MCP Authorization Today and Challenges to Support Autonomous Agents
yokawasa
5
2.4k
Claude CodeでKiroの仕様駆動開発を実現させるには...
gotalab555
3
1.1k
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
3
710
生成AIによるデータサイエンスの変革
taka_aki
0
3k
Nx × AI によるモノレポ活用 〜コードジェネレーター編〜
puku0x
0
580
마라톤 끝의 단거리 스퍼트: 2025년의 AI
inureyes
PRO
1
750
人に寄り添うAIエージェントとアーキテクチャ #BetAIDay
layerx
PRO
9
2.3k
LLMで構造化出力の成功率をグンと上げる方法
keisuketakiguchi
0
850
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
27
13k
AI関数が早くなったので試してみよう
kumakura
0
300
ロールが細分化された組織でSREと協働するインフラエンジニアは何をするか? / SRE Lounge #18
kossykinto
0
220
Featured
See All Featured
Speed Design
sergeychernyshev
32
1.1k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
332
22k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Facilitating Awesome Meetings
lara
54
6.5k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Gamification - CAS2011
davidbonilla
81
5.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Scaling GitHub
holman
461
140k
RailsConf 2023
tenderlove
30
1.2k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
kent_code3
yokawasa
gotalab555
mixi_engineers
taka_aki
puku0x
inureyes
layerx
keisuketakiguchi
brainpadpr
kumakura
kossykinto
sergeychernyshev
caitiem20
soudai
lara
hatefulcrawdad
mraible
davidbonilla
destraynor
holman
tenderlove
sonatard
marktimemedia
