THE FINE ART OF BREAKING STUFF IN PRODUCTION ON …...resilient applications infrastructure network...

CHAOS ENGINEERINGTHE FINE ART OF BREAKING STUFF IN

PRODUCTION ON PURPOSE

GEERT VAN DER CRUIJSEN

@GEERTVDC

CLOUD NATIVE ARCHITECT

#DOEPICSHIT

FULL CYCLE DEVELOPER

DEVOPS COACH

CHAOS ENGINEERING ?

WHY DO WE NEED

@GEERTVDC

“IN A COMPLEX LANDSCAPE YOUR APPLICATION IS NEVER FULLY UP”

@GEERTVDC

TRADITIONAL MONITORING

TOOLS ARE DEAD!

@GEERTVDC

MEASURE

USER IMPACT

@GEERTVDC

MEASURE

USER IMPACT RELIABILITY

AVAILABILITY LATENCY

THROUGHPUT

CORRECTNESS

FRESHNESS

COVERAGE

QUALITY

DURABILITY

@GEERTVDC

RESILIENT APPLICATIONS

INFRASTRUCTURE

NETWORK

APPLICATION

PEOPLE

@GEERTVDC

GRACEFUL DEGRADATION

FAIL OPEN

@GEERTVDC

GRACEFUL DEGRADATION

FAIL OPEN

BUT WE DO TESTS?

@GEERTVDC

BUT WE DO TESTS?

UNIT A

INPUT OUTPUT

UNIT TESTS

@GEERTVDC

BUT WE DO TESTS?

COMPONENT

/ SERVICE A

INPUT OUTPUTCOMPONENT

/SERVICE B

INTEGRATION TESTS

@GEERTVDC

CHAOS ENGINEERING ?

WHAT IS

@GEERTVDC

CHAOS ENGINEERING

IS NOT

RANDOMLY BREAKING

STUFF IN PRODUCTION@GEERTVDC

CHAOS ENGINEERING

“Chaos Engineering is the discipline of

experimenting on a distributed system

in order to build confidence in the

system’s capability to withstand

turbulent conditions in production.”https//principlesofchaos.org

@GEERTVDC

CHAOS ENGINEERING

“Chaos Engineering is the discipline of

experimenting on a distributed system

in order to build confidence in the

system’s capability to withstand

turbulent conditions in production.”https//principlesofchaos.org

@GEERTVDC

SERVICE

INPUT OUTPUT

SERVICE

@GEERTVDC

CHAOS ENGINEERING EXPERIMENTS

HOST FAILURE

RESOURCE CAPACITY ATTACKS

APPLICATION FAILURE

NETWORK ATTACKS

BRENT ATTACK

@GEERTVDC

CHAOS ENGINEERING

ONLY IN PRODUCTION?

@GEERTVDC

YOUR FIRST EXPERIMENT

HOW TO START

@GEERTVDC

GAME DAY

@GEERTVDC

INCIDENT RESPONSE LEARNING

OUTAGENORMALDETECT &

ANALYSISFIX

LEARNIMPROVE

@GEERTVDC

CHAOS GAME DAY

EXPERIMENTNORMAL

DETECT &

ANALYSISFIX

LEARNIMPROVE

@GEERTVDC

CHAOS EXPERIMENT PHASES

STEADY

DEFINE

HYPOTHESIS

DESIGN &

EXECUTELEARN FIX EMBED

@GEERTVDC

STEADY STATE

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

STEADY STATE

MEASURE BUSINESS METRICS

100ms extra load time drop Amazon’s sale by 1%

@GEERTVDC

STEADY STATE

SERVICE

UNDER TESTROUTING SERVICE B

@GEERTVDC

STEADY STATE

SERVICE

CONTROL

SERVICE

EXPERIMENT

SERVICE

@GEERTVDC

STEADY STATE

SERVICE

CONTROL

SERVICE

EXPERIMENT

SERVICE

@GEERTVDC

ALWAYS BE ABLE TO ABORT

@GEERTVDC

DEFINE HYPOTHESIS

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

DEFINE HYPOTHESIS

BRAINSTORM WHAT CAN GO WRONG

BRING EVERYONE

DEVELOPERS

SRE / OPERATIONS

NETWORKS

BUSINESS

INFRASTRUCTURE

TESTERS

WHAT CAN GO WRONG?

WHAT IF DATABASE IS DOWN?

WHAT IF SERVICE RESPONDS SLOWER?

WHAT IF MY CACHE RESPONDS SLOW?

WHAT IF A POD DIES?

WHAT IF LOADBALANCER STOPS?

WHAT IF ….?

STOP IF YOU KNOW THE

EXPERIMENT WILL BREAK

@GEERTVDC

DESIGN & EXECUTE EXPERIMENT

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

DESIGN & EXECUTE EXPERIMENT

START SMALL

NOTIFY PEOPLE INVOLVED

SLOWLY INCREASE BLAST RADIUS

TOOLS:GREMLIN.COM

CHAOSTOOLKIT.ORG

GITHUB.COM/NETFLIX/SIMIANARMY

GITHUB.COM/ASOBTI/KUBE-MONKEY

@GEERTVDC

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

HOW FAST DID WE RECOVER?

HOW FAST DID WE DETECT?

DO NOT BLAME!

@GEERTVDC

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

IMPLEMENT FIX

RERUN EXPERIMENT

@GEERTVDC

STEADY

DEFINE

HYPOTHESIS

DESIGN &

@GEERTVDC

ONBOARDING

CONTINUOUS CHAOS

EMBED IN CULTURE

@GEERTVDC

PATTERNS

RESILIENT ARCHITECTURE

@GEERTVDC

PARALLEL EXECUTION

ASYNC COMMUNICATION

QUEUE BASED LOAD DISTRIBUTION

IDEMPOTENT APIS

BULKHEAD PATTERN

CIRCUIT BREAKERS

SPLIT RESPONSIBILITIES

MULTI PARALELLISM

PARALLELISM AVAILABILITY DOWNTIME PER YEAR

1 99% 3 DAYS 16 HOURS

2 99,99% 53 MINUTES

3 99,9999% 32 SECONDS

HOW PARALEL IS YOUR CLOUD COMPONENT ?

REGIONSAVAILABILITY ZONES

@GEERTVDC

ASYNC COMMUNICATION

SYNC REQUIRES A CONNECTION PER REQUEST

FOCUS ON MESSAGE BASED COMMUNICATION

DECOUPLING PUB SUB LISTENER

@GEERTVDC

SERVICE BUS

@GEERTVDC

IDEMPOTENT APIS

HTTP METHOD IDEMPOTENCE SAFETY

GET YES YES

HEAD YES YES

PUT YES NO

DELETE YES NO

POST NO NO

PATCH NO NO

@GEERTVDC

BULKHEAD PATTERN

ISOLATE WORKLOADS LIKE THE HULL OF A SHIP

@GEERTVDC

CIRCUIT BREAKER

@GEERTVDC

CIRCUIT BREAKER

ADD JITTER TO RETRIES

SPLIT RESPONSIBILITIES

READ / WRITE SHARDING

@GEERTVDC

WRAP UP

BIG CULTURE CHANGE

FULL CYCLE DEVELOPERSPRODUCTION ACCESS

START EXPERIMENTING

START SMALL CHECK OUT TOOLSOBSERVABILITY

@GEERTVDC

“CHAOS ENGINEERING DOESN’T CAUSE PROBLEMS, IT JUST REVEALS THEM”

NORA JONES – CHAOS ENGINEERING LEAD SLACK

@GEERTVDC

THANK YOU!ALL PICTURES USED ARE FROM UNSPLASHED.COM

RESOURCES

BOOKS:

Chaos engineering -O’Reilly

Chaos engineering observability -O’Reilly

TOOLS:

chaostoolkit.org

gremlin.com

github.com/netflix/simianarmy

github.com/asobti/kube-monkey

RESOURCES:principlesofchaos.org

github.com/dastergon/awesome-chaos-engineering

docs.microsoft.com/en-us/azure/architecture/patterns/category/resiliency

THE FINE ART OF BREAKING STUFF IN PRODUCTION ON …...resilient applications infrastructure network...

Documents

Transcript of THE FINE ART OF BREAKING STUFF IN PRODUCTION ON …...resilient applications infrastructure network...

INTRODUCTION TO GRACEFUL GRAPHS - Sharif

CIRCUIT BREAKERS Miniature circuit breakers C45, C60 ......Miniature circuit breakers (MCB) C40N 16 CIRCUIT BREAKERS Miniature circuit breakers C45, C60 TERMINAL NON-FLAMMABLE COVER

BGP Graceful Shutdown - IOS XR

Graceful Kelly Bag

AToM Graceful Restart · AToM Graceful Restart TheAToMGracefulRestartfeatureassistsneighboringroutersthathavenonstopforwarding(NSF),stateful switchover(SSO)andgracefulrestart(GR ...

Graceful degradation progressive_enhancement

Graceful Living. Graceful Wishing! Graceful Living. II Cor. 5:4-5-- 4 For while we are in this tent, we groan and are burdened, because we do not wish.

Modeling of graceful motions: determining characteristics of graceful motions … · 2014. 5. 14. · Modeling of graceful motions: determining characteristics of graceful motions

Graceful Malevolence

Rabi’ al 30 Day SirahSeries Awwal By Yusuf Badat€¦ · Muhammad Elegant,graceful,Elegant,graceful,graceful,lovinglovinglovingand andanddignified dignified DDiiddDidhisDid hhiisshisown

Graceful Decline? Paul K. MacDonald

graceful as grace

Towards Designing Graceful Degradation into Trajectory ...

Graceful Lifestyle Home Form Geotech Blessings

terribly - pearson.com · Activity Workbook 73 Let’s say you’re a dancer, a graceful gracefully 9 dancer who dances very graceful gracefully, 10 as graceful gracefully 11 dancers

Graceful Database Schema Evolution: the PRISM Workbenchyellowstone.cs.ucla.edu/schema-evolution/documents/curino08... · Graceful Database Schema Evolution: the PRISM Workbench ...

Personal Projects for Graceful Aging

Graceful EvanGElism - Baker Publishing Group

BL Miller - Graceful Waters

More CSS goodness with CSS3 - Course Stuff 08a... · 2014-11-12 · •For a long time, web designers have used the concept of “graceful degradation” in order to design rich,