Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
580
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
Digitization部 紹介資料
sansan33
PRO
1
4.6k
怖くない!GritQLでBiomeプラグインを作ろうよ
pal4de
1
120
20250718_ITSurf_“Bet AI”を支える文化とコストマネジメント
helosshi
1
210
M365アカウント侵害時の初動対応
lhazy
6
4.4k
Turn Your Community into a Fundraising Catalyst for Black Philanthropy Month
auctria
PRO
0
120
Railsの限界を超えろ!「家族アルバム みてね」の画像・動画の大規模アップロードを支えるアーキテクチャの変遷
ojima_h
3
380
手動からの解放!!Strands Agents で実現する総合テスト自動化
ideaws
2
270
PHPでResult型やってみよう
higaki_program
0
180
激動の時代、新卒エンジニアはAIツールにどう向き合うか。 [LayerX Bet AI Day Countdown LT Day1 ツールの選択]
tak848
0
530
Step Functions First - サーバーレスアーキテクチャの新しいパラダイム
taikis
1
270
Jitera Company Deck / JP
jitera
0
140
会社もクラウドも違うけど 通じたコスト削減テクニック/Cost optimization strategies effective regardless of company or cloud provider
aeonpeople
2
150
Featured
See All Featured
4 Signs Your Business is Dying
shpigford
184
22k
We Have a Design System, Now What?
morganepeng
53
7.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
Docker and Python
trallard
45
3.5k
Music & Morning Musume
bryan
46
6.7k
How to Think Like a Performance Engineer
csswizardry
25
1.8k
Fireside Chat
paigeccino
37
3.5k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
How STYLIGHT went responsive
nonsquared
100
5.6k
Site-Speed That Sticks
csswizardry
10
720
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie