Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
0
230
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
Tweet
Share
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.4k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
550
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
.NETの非同期戦略とUnityとの相互運用
neuecc
2
2.4k
「XX試験の環境作ってよ」と言われた時によく使うAWSのソリューションについて
bun913
0
120
サービス成長と共に肥大化するモノレポ、長くなるCI時間 / As services grow, monorepos get bigger and CI time gets longer
kohbis
5
2.1k
GraphQLに入門してみた
chiroruxx
2
130
任意コード実行の原理
ffri
0
180
複数の LLM モデルを扱う上で直面した辛みまとめ
kazuyaseki
1
250
BDD(Cucumber)コミュニティが無料提供しているコンテンツの紹介と現在起きている危機
nihonbuson
4
740
Getting started with controlling LEGO using Swift
hcrane
0
130
イチから学ぶdbt / Learn dbt from scratch
shinyaa31
0
130
Azureコストは水道代/The_47th_Tokyo_Jazug
aeonpeople
3
370
Oracle Database で機械学習を始めよう! Oracle Machine Learning
oracle4engineer
PRO
1
140
Challenges - Open Farming Hackdays 2024
loleg
0
560
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Optimizing for Happiness
mojombo
369
69k
Mobile First: as difficult as doing things right
swwweet
215
8.5k
Statistics for Hackers
jakevdp
789
220k
Building Better People: How to give real-time feedback that sticks.
wjessup
350
18k
Building Applications with DynamoDB
mza
88
5.6k
What's in a price? How to price your products and services
michaelherold
236
11k
How to train your dragon (web standard)
notwaldorf
71
5.1k
Designing the Hi-DPI Web
ddemaree
275
33k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
8
8.2k
Embracing the Ebb and Flow
colly
78
4.1k
Product Roadmaps are Hard
iamctodd
43
9.6k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie