Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
560
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
チームが毎日小さな変化と適応を続けたら1年間でスケール可能なアジャイルチームができた話 / Building a Scalable Agile Team
kakehashi
2
230
Visual StudioとかIDE関連小ネタ話
kosmosebi
1
370
PaaSの歴史と、 アプリケーションプラットフォームのこれから
jacopen
7
1.4k
re:Invent2024 KeynoteのAmazon Q Developer考察
yusukeshimizu
1
130
カップ麺の待ち時間(3分)でわかるPartyRockアップデート
ryutakondo
0
130
Amazon Q Developerで.NET Frameworkプロジェクトをモダナイズしてみた
kenichirokimura
1
190
あなたの知らないクラフトビールの世界
miura55
0
120
AWS Community Builderのススメ - みんなもCommunity Builderに応募しよう! -
smt7174
0
170
Docker Desktop で Docker を始めよう
zembutsu
PRO
0
150
デジタルアイデンティティ技術 認可・ID連携・認証 応用 / 20250114-OIDF-J-EduWG-TechSWG
oidfj
2
610
SpiderPlus & Co. エンジニア向け会社紹介資料
spiderplus_cb
0
870
RubyでKubernetesプログラミング
sat
PRO
4
160
Featured
See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
How GitHub (no longer) Works
holman
312
140k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
Being A Developer After 40
akosma
89
590k
Making Projects Easy
brettharned
116
6k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Music & Morning Musume
bryan
46
6.3k
How to train your dragon (web standard)
notwaldorf
89
5.8k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
kakehashi
kosmosebi
jacopen
yusukeshimizu
ryutakondo
kenichirokimura
miura55
smt7174
zembutsu
oidfj
spiderplus_cb
sat
philnash
eileencodes
wjessup
holman
marcduiker
akosma
brettharned
tanoku
chriscoyier
bryan
notwaldorf
