Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
240
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
560
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
160
成果を出しながら成長する、アウトプット駆動のキャッチアップ術 / Output-driven catch-up techniques to grow while producing results
aiandrox
0
260
Amazon SageMaker Unified Studio(Preview)、Lakehouse と Amazon S3 Tables
ishikawa_satoru
0
150
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
100
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
310
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
190
継続的にアウトカムを生み出し ビジネスにつなげる、 戦略と運営に対するタイミーのQUEST(探求)
zigorou
0
530
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
2
250
.NET 9 のパフォーマンス改善
nenonaninu
0
810
Fanstaの1年を大解剖! 一人SREはどこまでできるのか!?
syossan27
2
160
re:Invent をおうちで楽しんでみた ~CloudWatch のオブザーバビリティ機能がスゴい!/ Enjoyed AWS re:Invent from Home and CloudWatch Observability Feature is Amazing!
yuj1osm
0
120
20241220_S3 tablesの使い方を検証してみた
handy
3
370
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
40
7.1k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
We Have a Design System, Now What?
morganepeng
51
7.3k
The Cult of Friendly URLs
andyhume
78
6.1k
Side Projects
sachag
452
42k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
Code Reviewing Like a Champion
maltzj
520
39k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Navigating Team Friction
lara
183
15k
Raft: Consensus for Rubyists
vanstee
137
6.7k
The Cost Of JavaScript in 2023
addyosmani
45
7k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
marsee101
aiandrox
ishikawa_satoru
naoki_0531
shotashiratori
scarletplover
zigorou
kniino
nenonaninu
syossan27
yuj1osm
handy
jmmastey
garrettdimon
sstephenson
morganepeng
andyhume
sachag
tammyeverts
maltzj
kastner
lara
vanstee
addyosmani
