Install PMM Server with Helm on Kubernetes clusters¶
Deploy PMM Server on Kubernetes using Helm for scalable, orchestrated monitoring in containerized environments.
Helm is the package manager for Kubernetes. You can find Percona Helm charts in our GitHub repository.
Prerequisites¶
- Helm v3
- Kubernetes cluster running a supported version and supported Helm versions
- storage driver with snapshot support (for backups)
kubectlconfigured to communicate with your cluster
OpenShift-specific requirements¶
For OpenShift deployments, you’ll also need:
- OpenShift Container Platform 4.16. Other versions will likely work but they haven’t been tested
ocCLI tool configured- permissions to create Routes and manage RBAC policies
Storage requirements¶
Different Kubernetes platforms offer varying storage capabilities. When planning your deployment, consider:
- for production use, ensure your platform provides storage drivers supporting snapshots for backups
- for cloud environments, verify your provider’s Kubernetes storage options and costs
- for on-premises deployments, confirm your storage solution is compatible with dynamic provisioning
- for OpenShift, use OpenShift Container Storage (OCS) with
ReadWriteOnceaccess mode and appropriatePersistentVolumepermissions for non-root containers
Deployment best practices¶
For optimal monitoring in production environments:
-
Separate PMM Server from monitored systems by either:
- using separate Kubernetes clusters for monitoring and databases.
- configuring workload separation through node configurations, affinity rules, and label selectors.
-
Enable High Availability to ensure continuous monitoring during node failures.
-
Openshift considerations:
- use OpenShift Routes for external access instead of Kubernetes Ingress.
- define resource quotas and limits as OpenShift projects often have stricter defaults.
Install PMM Server on your Kubernetes cluster/Openshift clusters¶
Create the required Kubernetes secret and deploy PMM Server using Helm:
-
Create Kubernetes secret to set up
pmm-adminpassword:cat <<EOF | kubectl create -f - apiVersion: v1 kind: Secret metadata: name: pmm-secret labels: app.kubernetes.io/name: pmm type: Opaque data: # base64 encoded password # encode some password: `echo -n "admin" | base64` PMM_ADMIN_PASSWORD: YWRtaW4= EOF -
Verify the secret was created and retrieve the password if needed:
kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode -
Add the Percona repository and check available PMM versions:
helm repo add percona https://percona.github.io/percona-helm-charts helm repo update -
Choose your PMM version by checking available chart versions:
helm search repo percona/pmm --versionsExample output
NAME CHART VERSION APP VERSION DESCRIPTION percona/pmm 1.4.3 3.1.0 A Helm chart for Percona Monitoring and Managem... percona/pmm 1.4.2 3.1.0 A Helm chart for Percona Monitoring and Managem... percona/pmm 1.4.1 3.0.0 A Helm chart for Percona Monitoring and Managem... percona/pmm 1.4.0 3.0.0 A Helm chart for Percona Monitoring and Managem... percona/pmm 1.3.21 2.44.0 A Helm chart for Percona Monitoring and Managem... -
Deploy PMM Server with your chosen version and secret:
Use Helm to deploy PMM Server on standard Kubernetes clusters. This approach works with most Kubernetes distributions and cloud providers.
helm install pmm \ --set secret.create=false \ --set secret.name=pmm-secret \ --version 1.4.8 \ percona/pmmOpenShift requires additional security configurations due to its stricter security policies:
-
Create a custom values file for OpenShift:
cat <<EOF > openshift-values.yaml secret: create: false name: pmm-secret # OpenShift-specific pod security settings podSecurityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault EOF -
Deploy using the values file:
helm install pmm \ -f openshift-values.yaml \ --version 1.4.3 \ percona/pmm
-
-
Verify the deployment:
helm list kubectl get pods -l app.kubernetes.io/name=pmm -
Access PMM Server:
Standard Kubernetes clusters provide several options for accessing PMM Server. Choose the method that best fits your networking setup and security requirements:
# If using ClusterIP (default) kubectl port-forward svc/pmm-service 443:443 # If using NodePort kubectl get svc pmm-service -o jsonpath='{.spec.ports[0].nodePort}'OpenShift offers native routing capabilities through its Route resource, which provides external access with built-in load balancing and SSL termination:
# Create a Route to expose PMM oc expose svc/pmm-service --port=443 # Get the Route URL oc get route pmm-service -o jsonpath='{.spec.host}' # Or use port-forwarding for testing oc port-forward svc/pmm-service 443:443
Configure PMM Server¶
View available parameters¶
Check the list of available parameters in the PMM Helm chart documentation. You can also list the default parameters by either:
- check values.yaml file in our repository
- run the chart definition:
helm show values percona/pmm
Set configuration values¶
Configure PMM Server using either command-line arguments or a YAML file:
helm install pmm \
--set secret.create=false \
--set secret.name=pmm-secret \
--set service.type="NodePort" \
percona/pmm
helm show values percona/pmm > values.yaml
Change credentials¶
Helm cannot modify application credentials after deployment. To change credentials after deployment, either:
- redeploy PMM Server with new persistent volumes
- use PMM’s built-in administrative tools
PMM environment variables¶
Add environment variables for advanced operations (like custom init scripts) using the pmmEnv property:
pmmEnv:
PMM_ENABLE_UPDATES: "0"
SSL certificates¶
PMM comes with self-signed SSL certificates, ensuring a secure connection between the Client and Server. However, since these certificates are not issued by a trusted authority, you may encounter a security warning when connecting to PMM.
To enhance security, you have two options:
-
Configure custom certificates:
certs: name: pmm-certs files: certificate.crt: <content> certificate.key: <content> ca-certs.pem: <content> dhparam.pem: <content> -
Use Ingress controller with TLS. See PMM network configuration for details.