SREcon24 Americas Conference Program

October 2020 wasn't a great month for Slack. Plagued with multiple hours-long outages, our engineering leadership team called for a code slush: all pull requests to our build and configuration mono-repo, aptly named "chef-repo", would need to be reviewed live, over Zoom, by a change advisory board (CAB) until further notice.

Five months later, CAB was still alive and well. We'd made some ergonomic improvements to the process, but development for our infrastructure team had slowed to a crawl.

Armed with a beginner's mindset– I'd only committed to the repo once under the new process– I decided to take matters into my own hands. What follows is a tale of building trust, making compromises, and slowly, but surely restoring our long-lost productivity without eroding reliability.

The cloud-native ecosystem has evolved. Infrastructures self-heal. Features rollout seamlessly. Rollbacks happen automatically. Speed, quality, cost - all optimized. But you're in a different boat: you're dealing with an outdated legacy system and a migration is essential to stay in the game.

Embark with us as we tackled this challenge, moving from scavenged servers to a global Kubernetes infrastructure. Our path sailed the complexities of modernizing legacy systems, managing a baremetal Kubernetes cluster, migrating it to self-managed Kubernetes cluster in the cloud, and migrating it once again to a managed installation using a service mesh. We faced tough trade-offs and learned to balance resources with operational efficiency. Now, as we reflect on our journey, we're left with valuable insights and a compelling narrative. A narrative that promises to resonate with all SREs facing similar challenges, as we continue to evolve in this rapidly changing ecosystem.

As engineers, we’re constantly aware of topics like high availability, reliability, and defensive programming, but often we gloss over what happens to our applications when they behave as expected! Graceful termination and shutdown are common expectations of our container workloads in an orchestrated world. How does termination really work? Can we take advantage of a deeper understanding of Kubernetes’ termination pathways to improve our apps’ behaviours?

In this talk, I will review the Kubernetes approach to Pods, containers, and their runtime behaviours. I’ll cover the various termination pathways that exist via kubectl, kubelet, and the k8s API. The talk will finish with how to use this knowledge to implement The Most Graceful Termination for Kubernetes Apps™.

What is queueing theory and how does it help us understand how software systems perform? This talk will go over the basics of queueing theory and how it can apply to software systems. It will then go into some intuition that we can get from the math about how we can expect our systems to perform in different configurations. Finally, it will go through some examples of how to use this information with real-world data and metrics. Attendees should leave the talk with some understanding of how to configure systems in the real world and how to understand when those systems are approaching a breaking point.

Modern cloud systems are orchestrated by many independent and interacting subsystems, each specializing in important services such as scheduling, data processing and storage, resource management, etc. Hence, overall cloud system reliability is determined not only by the reliability of each individual subsystem, but also by the interactions between them. With recent practices of microservice and serverless architectures, each individual subsystem becomes simpler and smaller, while their interactions grow in complexity and diversity. We observe that many recent production incidents of large-scale cloud systems are manifested through failures of the interactions across system boundaries, which we term "cross-system interaction failures", or "CSI failures". However, understanding and addressing such failures requires new techniques and practices that are often unavailable or under-developed.

In this talk, we will present our recent work on understanding and preventing cross-system interaction failures. Specifically, we will characterize the many faces of cross-system interactions and their diverse failure modes in modern cloud-native system stacks. We will then discuss the gaps in the current practices and existing techniques in the context of software testing and verification. Lastly, we will present some of the new techniques we developed at the University of Illinois at Urbana-Champaign to address cross-system interaction failures.

In this session, we'll discuss a distributed caching system used at Netflix for streaming, live, games, Ads etc in multiple regions on a public cloud. There are various components that make the system highly resilient - control plane, replication engine, proxy, cache warmer etc. In this session, we will touch up on replication engine which processes around 30 million requests per second and manages to keep the response times for 95% of these requests under 2 seconds across the regions. We present and deep dive into a problem that almost put us at the risk of delaying the global launch of a business critical initiative. We will walk you through the entire process from the start to finish, the debugging journey, our takeaways and how these debugging techniques are generally applicable to any organization. The talk will focus on how and when problems get introduced, how can a simple assumption break the entire stack and how can these be caught sooner.

Apache Pinot, a real-time, distributed OLAP database, encountered resiliency challenges in its large production deployment due to server failures, slowness, and unpredictable query patterns. To ensure adherence to strict SLAs, enhancements were made to its Query Processing framework through two key features: Intelligent Query Routing and Runtime Query Killing.

Intelligent Query Routing replaces the traditional round-robin server query distribution with a dynamic approach based on continuous server performance metrics. This adaptive method proactively routes queries to more efficient servers, reducing the need for manual intervention and preserving availability during transient server issues.

Runtime Query Killing addresses the issue of complex queries causing Out of Memory errors and availability dips. By monitoring resource consumption in real-time and employing a lockless sampling algorithm for minimal overhead, this framework can terminate resource-intensive queries preemptively, safeguarding system availability and maintaining high SLAs.

This technical talk will delve into the design, deployment practices, and observed benefits of these features in a large-scale Pinot deployment, offering insights for developers and administrators of similar large-scale distributed data management systems.