Revealing Vulnerabilities in Spring Boot Architectures

Transcript

1. None

2. Revealing Resilience Vulnerabilities in Spring Boot Architectures

3. YURY NIÑO ROA Site Reliability Engineer Chaos Engineering Advocate @yurynino

   https://www.yurynino.dev/

4. • What could go wrong? • War Stories on PROD.

   • Stability: Antipatterns. • Resilience: Patterns. • Framework for Chaos GameDays. • Demo: Chaos Monkey for Spring Boot. Agenda

5. Our bodies face all kinds of adversities: genetic mutations, toxic

   substances, attacks by (corona)viruses and bacteria and all a lot of diseases. In this dangerous world, how can they still be alive? What could go wrong? https://www.yurynino.dev/

6. Our systems face all kinds of adversities: hard disks failures,

   network can go down, customer traffic can overload and cyberattack can happen. In this chaotic world, how can they still be alive? What could go wrong? https://www.yurynino.dev/

7. War Stories on PROD

8. https://www.yurynino.dev/

9. https://www.yurynino.dev/

10. Netflix Twitter The infrastructure required by a software system can

    be as complex as the software itself. Every production failure is unique. No two incidents will share the precise chain of failure!

11. Stability: AntiPatterns

12. Integration Points Butterfly Spiderman

13. Slow Responses Cascading Failures

14. Resilience: Patterns

15. Face them with Resilience https://www.yurynino.dev/

16. Fail Fast Bulkhead Fail Fast

17. Circuit Breaker Taken from Release it!

18. How to verify that we are facing these antipatterns properly?

19. Chaos Engineering It is the discipline of experimenting failures in

    production in order to reveal their weakness and to build confidence in their resilience capability. https://principlesofchaos.org/

20. Security Chaos Engineering It is the identification of security control

    failures through proactive experimentation to build confidence in the system’s ability to defend against malicious conditions in production. Security Chaos Engineering Book

21. Chaos Principles Hypothesize about Steady State Run Experiments Vary Real-World

    Events Automate Experiments

22. Chaos History 2008 Chaos Engineering was born at Netflix 2010

    Chaos Monkey & Simian Army were launched 2016 Gremlin was born 2019 Chaos Massification 2017 SRE USenix Chaos IQ ChaosConf 2018 Book Chaos Eng 2020 Book Chaos Eng

23. Chaos Tools Chaos Monkey Chaos Toolkit Gremlin Chaos Mesh Chaos

    for Spring Boot

24. Practicing Chaos GameDays Interactive, real-world and learning exercises. They are

    designed to give players a chance to put their skills in a technology to test. GameDays were created by Jesse Robbins inspired by his experience & training as a firefighter. Our Journey

25. GameDays Framework Before After During • • • • •

    • • • • • • • • • • • • • • • • • Russ Miles

26. GameDays Framework Before After During • • • • •

    • • • • • • • • • • • • • • • • • Evolve • • • • • •

27. • • • • Gamedays Framework Before After During •

    • • • • • • • • • • • • • • • • • • • • • Automate

28. Demo Time

29. After

30. How to Begin? https://www.gremlin.com https://chaosengineering.slack.com https://github.com/dastergon/awesome-chaos- engineering https://www.infoq.com/chaos-engineering

31. Take a look at these books!

32. Thanks for coming! @yurynino