Download as PDF, PPTX
Uploaded byYan Cui
A chaos experiment a day, keeping the outage away
The document discusses chaos engineering, which involves running experiments on systems to evaluate their resilience against failures. It emphasizes the importance of learning about system behavior through controlled experiments and acknowledging that failures are inevitable. Key steps include defining a steady state, hypothesizing outcomes, injecting failures, and validating results to increase system resilience.
More Related Content
![[Poland] SecOps live cooking with OWASP appsec tools](https://cdn.slidesharecdn.com/ss_thumbnails/owasp-eee-2015-151028163928-lva1-app6891-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to A chaos experiment a day, keeping the outage away
![Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck](https://cdn.slidesharecdn.com/ss_thumbnails/ilovepdfmerged12-251029161756-3b829161-thumbnail.jpg?width=640&height=640&fit=bounds)
A chaos experiment a day, keeping the outage away
- 1. one chaos experimenta day. keep the outages away. yan cui,@theburningmonk
- 2.
- 3.
- 4. @theburningmonk theburningmonk.com “the disciplineof experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production” principlesofchaos.org
- 5. @theburningmonk theburningmonk.com microservices deathstars circa 2015
- 6.
- 7. @theburningmonk theburningmonk.com “the capacityto recover quickly from difficulties; toughness.” resilience /rɪˈzɪlɪəns/ noun
- 8. @theburningmonk theburningmonk.com “the capacityto recover quickly from difficulties; toughness.” resilience /rɪˈzɪlɪəns/ noun it’s not about preventing failures!
- 9. everything fails, allthe time
- 10. @theburningmonk theburningmonk.com “You don'tchoose the moment, the moment chooses you! You only choose how prepared you are when it does.” Fire Chief Mike Burtch
- 11.
- 12. @theburningmonk theburningmonk.com anything thatcan go wrong, will go wrong. MURPHY’s LAW
- 13. @theburningmonk theburningmonk.com identify weaknessesbefore they manifest in system-wide, aberrant behaviors GOAL
- 14. @theburningmonk theburningmonk.com learn aboutthe system’s behavior by observing it during a controlled experiments HOW
- 15. @theburningmonk theburningmonk.com learn aboutthe system’s behavior by observing it during a controlled experiments HOW game days failure injection
- 16.
- 17.
- 18.
- 20.
- 21.
- 22.
- 23.
- 24. “using serverless reducesthe blast radius” www.buzzsprout.com/877747/4615985
- 25. @theburningmonk theburningmonk.com serverless improvesresilience as platform takes care of infrastructure failures
- 26.
- 27. @theburningmonk theburningmonk.com by RussMiles @russmiles source https://medium.com/russmiles/chaos-engineering-for-the-business-17b723f26361
- 28. @theburningmonk theburningmonk.com by RussMiles @russmiles source https://medium.com/russmiles/chaos-engineering-for-the-business-17b723f26361
- 29.
- 30. @theburningmonk theburningmonk.com by RussMiles @russmiles source https://medium.com/russmiles/chaos-engineering-for-the-business-17b723f26361
- 31. @theburningmonk theburningmonk.com chaos monkeykills an EC2 instance latency monkey induces artificial delay in APIs chaos gorilla kills an AWS Availability Zone chaos kong kills an entire AWS region
- 32.
- 33.
- 34. @theburningmonk theburningmonk.com there areno servers to kill! SERVERLESS
- 35.
- 36.
- 37.
- 38.
- 39. @theburningmonk theburningmonk.com STEP 1. definesteady state i.e. “what does normal look like”
- 40. @theburningmonk theburningmonk.com STEP 2. hypothesisthat steady state continues in control and experimental group e.g. “the system stays up if a server dies”
- 41. @theburningmonk theburningmonk.com STEP 3. injectrealistic failures e.g. “slow response from 3rd-party service”
- 42. @theburningmonk theburningmonk.com STEP 4. tryto disprove hypothesis i.e. “look for difference between control and experimental group”
- 43. @theburningmonk theburningmonk.com latency injectlatency to function invocation
- 44. @theburningmonk theburningmonk.com “what ifservice X has elevated latency?”
- 45. @theburningmonk theburningmonk.com API GatewayLambda API Gateway Lambda
- 46.
- 47. @theburningmonk theburningmonk.com hypothesis: APIwould timeout and our try-catch would handle it and return default response
- 48.
- 49.
- 50. @theburningmonk theburningmonk.com result: functiontimes out after 6s (hypothesis is disproved)
- 51.
- 52. @theburningmonk theburningmonk.com API GatewayLambda API Gateway Lambda 502 200
- 53. @theburningmonk theburningmonk.com API GatewayLambda API Gateway Lambda 3s timeout 6s timeout
- 54. @theburningmonk theburningmonk.com API GatewayLambda API Gateway Lambda max 29s integration max 15 mins timeout
- 55. @theburningmonk theburningmonk.com and thenthere’s cold starts…
- 56. @theburningmonk theburningmonk.com TIL: mostHTTP client libraries have default timeout of 60s. API Gateway has an integration timeout of 29s. Most Lambda functions default to timeout of 3-6s. Don’t forget about the cold starts!
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
- 65.
- 66.
- 67. @theburningmonk theburningmonk.com outcome: amore resilient system
- 68. @theburningmonk theburningmonk.com latency exception inject latencyto function invocation throws exception
- 69. @theburningmonk theburningmonk.com latency exception statuscode inject latencyto function invocation throws exception return HTTP status code
- 70. @theburningmonk theburningmonk.com latency exception statuscode diskspace inject latencyto function invocation throws exception return HTTP status code fills up /tmp directory
- 71. @theburningmonk theburningmonk.com latency exception statuscode diskspace denylist inject latencyto function invocation throws exception return HTTP status code fills up /tmp directory looses network connectivity
- 72. @theburningmonk theburningmonk.com “what ifDynamoDB has an elevated error rate?”
- 73. @theburningmonk theburningmonk.com API GatewayLambda DynamoDB
- 74.
- 75. @theburningmonk theburningmonk.com hypothesis: theAWS SDK retries would handle it
- 76. @theburningmonk theburningmonk.com result: functiontimes out after 6s (hypothesis is disproved)
- 77. @theburningmonk theburningmonk.com TIL: thejs DynamoDB client defaults to 10 retries with base delay of 50ms
- 78. @theburningmonk theburningmonk.com TIL: thejs DynamoDB client defaults to 10 retries with base delay of 50ms delay = Math.random() * (Math.pow(2, retryCount) * base) this is Marc Brooker’s fav formula!
- 79.
- 80.
- 81. @theburningmonk theburningmonk.com action: setmax retry count + fallback
- 82.
- 83.
- 84.
- 85.
- 86. @theburningmonk theburningmonk.com outcome: amore resilient system
- 87. @theburningmonk theburningmonk.com latency exception statuscode diskspace denylist inject latencyto function invocation throws exception return HTTP status code fills up /tmp directory looses network connectivity
- 88. everything fails, allthe time
- 89. @theburningmonk theburningmonk.com by RussMiles @russmiles source https://medium.com/russmiles/chaos-engineering-for-the-business-17b723f26361
- 90.
- 91. https://theburningmonk.com/hire-me AdviseTraining Delivery “Fundamentally, Yanhas improved our team by increasing our ability to derive value from AWS and Lambda in particular.” Nick Blair Tech Lead
- 92.