PHP-FPM Prometheus Monitoring on Kubernetes: A Tactical Guide for Scaling Teams
Introduction — “When the dashboard says nothing”
A fast-growing AI sales tech startup recently secured funding. Their product — an AI-powered outbound calling platform for mortgage negotiations — was gaining serious traction with finance clients.
PHP-FPM Prometheus Monitoring
Why It Matters for Fast-Growing Tech Companies
Four Deployment Paths—Pick Your Trade-Off
1. Sidecar Exporter (Gold Standard)
A lightweight Go binary (hipages/php-fpm_exporter) runs next to PHP-FPM in the same pod.
2. DaemonSet or Shared Exporter (Ops Minimalist)
Run one exporter per node. It scrapes every PHP-FPM socket over localhost TCP or Unix socket.
3. Nginx/NJS In-Place Transformation (Zero New Workload)
Leverage the existing Nginx ingress container (often already side-carred) to sub-request /status, parse key:value pairs with NJS or Lua, and emit /metrics.
4. Direct PodMonitor Scrape (Lucky Unicorn)
If the container image owner already enabled pm.status_path = /metrics and emits Prom-formatted text, a simple PodMonitor or ServiceMonitor does the job.
The migration went live without a hitch. A few minor issues — like app warm-up and health check tuning — surfaced and were resolved quickly.
Conclusion
The migration went live without a hitch. A few minor issues — like app warm-up and health check tuning — surfaced and were resolved quickly.
Frequently Asked Questions
Q1. How much overhead does the php-fpm_exporter add?
A1. Less than 10 MiB RAM and ~1 % CPU per pod under normal scrape intervals.
Q2. Can I run the exporter in Alpine-based images?
A2. Yes—static Go binaries work in scratch or alpine without glibc.
Q3. What if my PHP-FPM listens on a Unix socket?
A3. The exporter supports unix:///run/php/php-fpm.sock with a query string for status.
Q4. Is HTTPS required for the /metrics endpoint?
A4. Inside the cluster, HTTP is typical; use mTLS ingress only if your compliance policy demands.
Q5. Does enabling pm.status_path expose sensitive data?
A5. Only aggregated counters—not stack traces—are revealed, but still restrict access to cluster-internal IPs.
Stay Ahead in Cloud & InfraSubscribe to get concise, engineering-first insights on scaling infrastructure, cloud architecture, DevOps, and AWS funding opportunities—delivered monthly.No noise. Just practical knowledge.