Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevOps Exchange London – Network Security at Monzo
Search
Oliver Beattie
January 26, 2017
Technology
260
0
Share
DevOps Exchange London – Network Security at Monzo
Oliver Beattie
January 26, 2017
More Decks by Oliver Beattie
See All by Oliver Beattie
Anatomy of a Production Kubernetes Outage – Kubecon EU 2018
obeattie
4
4.6k
Building a Bank with Kubernetes – Kubecon 2016
obeattie
1
600
Building a Bank with Kubernetes – Kubernetes London Meetup, Autumn 2016
obeattie
10
47k
Other Decks in Technology
See All in Technology
QAエンジニアはどうやって プロダクト議論の場に入れるのか?
moritamasami
1
310
データ定義の混乱と戦う 〜 管理会計と財務会計 〜
wonohe
0
170
生成AIはソフトウェア開発の革命か、ソフトウェア工学の宿題再提出なのか -ソフトウェア品質特性の追加提案-
kyonmm
PRO
2
780
コードや知識を組み込む / Incorporate Code and Knowledge
ks91
PRO
0
200
Forget technical debt
ufried
0
150
AIの揺らぎに“コシ”を与える階層化品質設計
ickx
0
190
サービスの信頼性を高めるため、形骸化した「プロダクションミーティング」を立て直すまでの取り組み
stefafafan
0
210
No Types Needed, Just Callable Method Check
dak2
1
2.8k
Shipping AI Agents — Lessons from Production
vvatanabe
0
310
[Oracle TechNight#99] 生成AI時代のAI/ML入門 ~ AIとオラクルデータベースの関係 (前半)
oracle4engineer
PRO
1
170
AWS Agent Registry の基礎・概要を理解する/aws-agent-registry-intro
ren8k
3
430
ボトムアップの改善の火を灯し続けろ!〜支援現場で学んだ、消えないための3つの打ち手〜 / 20260509 Kazuki Mori
shift_evolve
PRO
2
350
Featured
See All Featured
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
360
Abbi's Birthday
coloredviolet
2
7.4k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Music & Morning Musume
bryan
47
7.2k
Between Models and Reality
mayunak
3
280
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.4k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
130
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
250
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
Site-Speed That Sticks
csswizardry
13
1.2k
Transcript
Oliver Beattie @obeattie Head of Engineering, Monzo
None
None
None
None
None
Pre-application 9 months Application 6 months Mobilisation 4–8 months
Isolation Authentication
Isolation Authentication
k8s-master Availability Zone A Availability Zone B Availability Zone C
admin user data k8s-worker dmz
k8s-master Availability Zone A Availability Zone B Availability Zone C
k8s-worker dmz
None
None
+
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: com.monzo.mastercard.proxy spec: podSelector: matchLabels:
stage: prod routing-name: com.monzo.mastercard.proxy ingress: - from: - podSelector: matchLabels: stage: prod routing-name: com.monzo.mastercard.processor ports: - protocol: tcp port: 80
“Cluster-aware” netfilter/iptables under the hood Filtering at “both ends” No
control over egress Only understands TCP/UDP Proxies
Isolation Authentication
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
Host A Host B Service A linkerd Service B linkerd
CA CA CA Vault
Secret management Message signing Transaction authorisation Secure build Audit logging
WAN tunnels
IPSec StrongSwan (IPSec) Hardware VPN device Services Services Services AWS
Co-location Third parties
monzo.com/careers
& Questions
@obeattie
obeattie
moritamasami
wonohe
kyonmm
ks91
ufried
ickx
stefafafan
dak2
vvatanabe
oracle4engineer
ren8k
shift_evolve
inesmontani
coloredviolet
wjessup
bryan
mayunak
sarafernandez
hatefulcrawdad
rkaga
auna
techseoconnect
keavy
csswizardry
