Pooling: diagnose and tame an exhausted pool

Take a small HTTP service backed by a real Postgres or MySQL pool, deliberately drive it into pool starvation and connection-leak exhaustion, then bring it to a healthy steady state — right-sized pool, fail-fast acquisition, no leaks, fresh connections — proving each step with the active/idle/total/waiting gauges.

• Build or take a small HTTP service in any language with a real connection pool (HikariCP, pgx/database-sql, node-postgres, etc.) against a local Postgres or MySQL. Expose at least one endpoint that runs a query, and one that holds a connection across a deliberately slow operation.
• Wire pool observability: expose the four gauges — active (in use), idle (free), total, and waiting (threads queued for a connection) — plus acquisition wait time and a leak-detection threshold (e.g. HikariCP leakDetectionThreshold ~2 s). Log or graph them over time.
• Reproduce starvation: with the acquisition timeout left at the 30 s default, load the slow endpoint until every connection is busy. Capture the gauges (idle pinned at 0, waiting climbing) and show upstream threads pinning until the tier stops accepting requests.
• Reproduce a leak: add a handler whose error path skips release() (no try/finally), then send traffic that hits that path. Show active climbing and never falling, idle ratcheting to 0, and that a restart temporarily cures it — the leak signature, not overload.
• Size the pool from hardware: compute (cores x 2) + spindles for your database box, set maximum-pool-size accordingly, and load-test to find the saturation point — raise concurrency until throughput flattens, then sit at the smallest pool that reaches peak.
• Bound the wait and guarantee the return: cut the acquisition timeout to roughly 1–3x a normal query so a starved pool fails fast, and wrap every borrow in try/finally (or using/defer/context manager) so release runs on success and on throw.
• Defend lifecycle: set maxLifetime strictly below the database's wait_timeout / idle limit, enable validation on borrow, and confirm the first request after an induced idle period succeeds instead of failing with a reset.
• Re-run the identical load tests for starvation and the leak path and record after numbers next to before; the leak path must now show active returning to baseline, and starvation must fail fast with bounded waiting instead of pinning the web tier.

• A before/after table of the four gauges (active, idle, total, waiting), acquisition wait p99, and request p99 — measured under the same load, not estimated, for both the starvation and the leak scenarios.
• The leak is provably gone: with the try/finally fix, active returns to baseline after the error-path traffic stops, and leak detection emits no warnings under sustained load.
• The pool is sized to (cores x 2) + spindles (or the measured saturation point) and a short load-test shows it reaches peak throughput at lower latency than a 2x-larger pool on the same hardware.
• A one-paragraph write-up naming which lever fixed each scenario (size, acquisition timeout, try/finally, maxLifetime) and why enlarging the pool was the wrong instinct for the leak.