Prometheus - Scrapes Metrics From Your Shit So You Know When It Breaks

I've been running Prometheus in production for 4 years. Here's what the docs won't tell you and why you'll want to throw your laptop out the window.

Prometheus is a monitoring system that scrapes HTTP endpoints for metrics every 15 seconds by default. SoundCloud built it in 2012 because existing tools sucked, and it became the second CNCF project after Kubernetes.

The pull model actually works. Instead of agents pushing metrics everywhere, Prometheus visits your /metrics endpoints and grabs everything. This means when your network is fucked, you don't lose historical data sitting in some agent's buffer.

What You Actually Get

Prometheus Server - This is the thing that eats your memory. It scrapes metrics, stores them in local TSDB files, and runs alerts. No clustering bullshit, no distributed complexity. One server, one problem to debug.

Service Discovery - Automatically finds things to monitor in Kubernetes, AWS, or whatever. Works great until you fat-finger a selector and suddenly you're scraping 10,000 pods instead of 10.

PromQL Query Language - Like SQL but designed by someone who actually uses time series data. Learning curve is steep but once you get it, you can query anything:

## Your app's error rate (actually useful)
rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])

## Memory usage that triggers alerts you care about  
container_memory_working_set_bytes / container_spec_memory_limit_bytes > 0.8

Alertmanager - Handles alert routing and deduplication. The config syntax will make you want to quit programming, but it works once you figure it out.

The Memory Problem Everyone Hits

Here's the bullshit the docs skip: Prometheus uses roughly 3KB per time series in memory. Sounds innocent until you realize that http_requests_total{method="GET", handler="/", status="200"} and http_requests_total{method="POST", handler="/", status="200"} are completely different series. And that 3KB? Total fucking lie in production.

I learned this the hard way when our Prometheus went from 2GB to 16GB overnight. Some genius added a user_id label to request metrics. With 50,000 users, that single fucking metric became 50,000 series. The cardinality explosion killed our monitoring right when our payment system started failing. Spent 3 hours debugging payments while our monitoring was dead. Good times.

Reality check: 1 million series = anywhere from 3GB to 20GB RAM depending on how fucked your labels are. Hit 10 million series? Your server dies a slow, painful death swapping to disk. That's when you throw in the towel and migrate to VictoriaMetrics like you should have done months ago.

What's New in Version 3.0+ (And the 2025 Updates)

Prometheus 3.0 finally dropped in November 2024 after 7 years. The big changes:

• New UI - Thank fuck, the old one looked like it was designed in 2005
• UTF-8 support - You can finally use Unicode in metric names (why this took 12 years, I don't know)
• Better OpenTelemetry - Native OTLP support at /api/v1/otlp/v1/metrics
• Remote Write 2.0 - Better compression, metadata support, handles partial writes properly
• Native Histograms - More efficient than classic histograms, but still experimental

The upgrade from 2.x is "mostly painless" according to the docs. Reality: we broke 3 recording rules and our main SLI dashboard during the 3.0 upgrade. Test EVERYTHING first. Native histograms are still experimental in 3.0, so expect some changes as they mature.

Docker - Good for Testing, Don't Use in Prod

## This gets you started in 30 seconds
docker run -p 9090:9090 prom/prometheus

Works great until Docker restarts and you lose all your metrics like a fucking amateur. For anything resembling production, mount a volume and config file:

docker run -p 9090:9090 \
  -v /path/to/prometheus.yml:/etc/prometheus/prometheus.yml \
  -v prometheus-data:/prometheus \
  prom/prometheus

Docker gotcha: Default retention is 15 days, but they don't mention that means 15 days of EVERYTHING you scrape. I watched a 20GB drive fill up in 3 days because someone enabled debug metrics on all pods. Set --storage.tsdb.retention.time=7d unless you enjoy 3AM disk space alerts.

Kubernetes - Use the Operator or Suffer

The Prometheus Operator is the only sane way to run Prometheus in K8s. Manual YAML deployments become unmanageable fast.

## Install via Helm (easiest path)
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack

What actually happens: The Operator creates ServiceMonitors that magically discover your services. Works beautifully until you hit 500+ services and your Prometheus starts choking on service discovery changes. Then it becomes a stuttering mess.

Kubernetes gotcha: The default scrape config will try to monitor everything in your cluster. This includes test pods, CI runners, and other junk. You'll hit memory limits fast. Use `serviceMonitorSelector` to be selective:

serviceMonitorSelector:
  matchLabels:
    prometheus: main

Binary - For When You Need Control

Download, extract, run. Simple until you need systemd, proper permissions, and security.

## Basic systemd service file - save to /etc/systemd/system/prometheus.service
[Unit]
Description=Prometheus
After=network-online.target

[Service]
Type=simple  
User=prometheus
Group=prometheus
ExecStart=/opt/prometheus/prometheus \
  --config.file=/etc/prometheus/prometheus.yml \
  --storage.tsdb.path=/var/lib/prometheus/ \
  --storage.tsdb.retention.time=15d \
  --web.console.libraries=/opt/prometheus/console_libraries \
  --web.console.templates=/opt/prometheus/consoles \
  --web.listen-address=0.0.0.0:9090 \
  --web.external-url=http://monitoring.yourdomain.com/
Restart=always

[Install]
WantedBy=multi-user.target

Binary gotcha: Prometheus runs as root by default. Create a prometheus user or you're asking for security problems.

Configuration Reality Check

Here's a config that actually works in production:

global:
  scrape_interval: 30s  # Don't use 15s unless you hate your memory
  evaluation_interval: 30s

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
      - targets: ['localhost:9090']

  - job_name: 'node-exporter'
    static_configs:
      - targets: ['server1:9100', 'server2:9100']
    scrape_interval: 60s  # System metrics don't need 30s resolution

  - job_name: 'application'
    static_configs:
      - targets: ['app1:8080', 'app2:8080']
    metrics_path: '/actuator/prometheus'  # Spring Boot default
    scrape_interval: 15s  # App metrics matter more

## Don't forget this or your disk dies
storage:
  tsdb:
    retention.time: 7d
    retention.size: 10GB

Configuration gotcha: Every unique label combination creates a new time series. I've seen people add instance_id or request_id labels and accidentally create millions of series. Your Prometheus will OOM.

Memory Planning (The Part That Kills Everyone)

That "3KB per series" rule is complete bullshit if you have messy labels. After watching servers die because of this lie, here's what actually happens in prod:

• 100k series: 2-4GB RAM
• 1M series: 8-16GB RAM
• 10M series: 64-128GB RAM (you need VictoriaMetrics at this point)

Check your cardinality before it kills you:

## Top metrics by series count
topk(10, count by (__name__)({__name__=~\".+\"}))

## Total series count
prometheus_tsdb_head_series

What Breaks in Production

Memory issues: Cardinality explosion is the #1 killer. One bad label and you're fucked. Monitor `prometheus_tsdb_head_series` and set alerts.

Disk space: Default retention fills disks fast. Set `--storage.tsdb.retention.size` as a safety net.

Service discovery choking: With 500+ pods, Kubernetes service discovery turns into a fucking crawl. During our biggest deploy ever (Black Friday prep), service discovery took 10 minutes to catch up. Our monitoring went completely dark right when we needed it most. I spent 45 minutes refreshing Grafana wondering if our sales were tanking or if monitoring was just dead. Enable `--web.enable-lifecycle` and reload configs via the management API instead of restarts.

Alert fatigue: Alertmanager default config spams everything. Group by cluster/service and set proper repeat intervals.

High Availability (There Isn't Any)

Prometheus doesn't cluster. Run multiple identical instances and accept that you might lose some samples. Alertmanager handles deduplication.

The HA setup that works:

• 2+ Prometheus servers with identical configs
• Shared Alertmanager cluster (3 nodes minimum for true HA)
• Load balancer for queries (or just pick one server)
• Accept that you'll lose ~1% of samples during failover
• 3.0 improvement: Service discovery is more resilient during failovers compared to 2.x

When You Need More Than Prometheus

Long-term storage: Use Thanos or VictoriaMetrics. Don't try to store months of data in vanilla Prometheus.

Scale beyond 10M series: VictoriaMetrics handles 100M+ series on reasonable hardware.

Multi-tenancy: Thanos or Cortex if you need proper tenant isolation.

Bottom line: Most companies can run Prometheus + Grafana + Thanos for years without issues. The nightmare scenarios happen when someone ignores the memory warnings or adds user_id labels like a maniac. I've debugged this shit at 3AM more times than I want to remember - just respect the cardinality limits and you'll sleep better.