Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOps Exchange London – Network Security at Monzo

Oliver Beattie
January 26, 2017
Technology
0
240

DevOps Exchange London – Network Security at Monzo

Oliver Beattie

January 26, 2017
Tweet

More Decks by Oliver Beattie

See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.5k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
560
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k

Other Decks in Technology

See All in Technology
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
580
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
TypeScript、上達の瞬間
sadnessojisan
46
13k
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
2
530
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
12k
いざ、BSC討伐の旅
nikinusu
2
780

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
654
59k
What's new in Ruby 2.0
geeforr
343
31k
Code Review Best Practice
trishagee
64
17k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Into the Great Unknown - MozCon
thekraken
32
1.5k
Thoughts on Productivity
jonyablonski
67
4.3k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Typedesign – Prime Four
hannesfritz
40
2.4k
How STYLIGHT went responsive
nonsquared
95
5.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k

Transcript

  1. Oliver Beattie @obeattie Head of Engineering, Monzo

  2. None
  3. None
  4. None
  5. None
  6. None

  7. Pre-application 9 months Application 6 months Mobilisation 4–8 months

  8. Isolation Authentication

  9. Isolation Authentication

  10. k8s-master Availability Zone A Availability Zone B Availability Zone C

    admin user data k8s-worker dmz

  11. k8s-master Availability Zone A Availability Zone B Availability Zone C

    k8s-worker dmz
  12. None
  13. None

  14. +

  15. apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:

    stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80

  16. “Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No

    control over egress Only understands TCP/UDP Proxies

  17. Isolation Authentication

  18. Host A Host B Service A linkerd Service B linkerd

  19. Host A Host B Service A linkerd Service B linkerd

  20. Host A Host B Service A linkerd Service B linkerd

    CA CA CA Vault

  21. Secret management Message signing Transaction authorisation Secure build Audit logging

    WAN tunnels

  22. IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS

    Co-location Third parties

  23. monzo.com/careers

  24. & Questions

  25. @obeattie