Lately we've been running into some issues with our php-fpm processes spinning out of control and causing the site to become unresponsive. There's some obvious php-fpm configuration tooling that needs to be done, but I'd also like to implement a reasonable livenessProbe health check for the php-fpm container that will restart the container when the probe fails.
I've dug up several resources on how to ping the server as a health check (e.g. https://easyengine.io/tutorials/php/fpm-status-page/), but I have yet to find a good answer on what to be on the lookout for. Will the /ping route return something other than 'pong' if the server is effectively dead? Will it just time out? Assuming the latter, what is a reasonable timeout limit?
Running some tests of my own, I notice that a healthy php-fpm server will return the 'pong' response quickly:
# time curl localhost/ping
pong
real 0m0.040s
user 0m0.006s
sys 0m0.001s
I simulated heavy load and indeed it took 1-3 seconds for the 'pong' response, and that coincided with the site becoming unresponsive. Based on that I drew up a draft of a livenessProbe that will fail and restart the container if the liveness probe script takes longer than 2 seconds on 2 consecutive probes:
livenessProbe:
exec:
command:
- sh
- -c
- timeout 2 /var/www/livenessprobe.sh
initialDelaySeconds: 15
periodSeconds: 3
successThreshold: 1
failureThreshold: 2
And the probe script is simply this (There are reasons why this needs to be a shell script and not a direct httpGet from the livenessProbe that I won't get into):
#!/bin/bash
curl -s localhost/ping
Now I don't know if I'm being too aggressive or too conservative. I'll be running a canary deploy to test this, but in the meantime I'd like to get some feedback from others that have implemented health checks on php-fpm servers, bonus points if it's in a Kubernetes context.
