Skip to content



PMM on Kubernetes with Helm is currently in technical preview and is subject to change.

Helm is the package manager for Kubernetes. Percona Helm charts can be found in percona/percona-helm-charts repository on Github.

Before you start

Helm v3 is needed to run the following steps.

Use Helm to install PMM server on Kubernetes clusters


This feature is available starting with PMM 2.29.0.


  • Install
  • Configuration parameters
  • PMM admin password
  • PMM environment variables
  • PMM SSL certificates
  • Upgrade
  • Uninstall


To install the chart with the release name pmm:

helm repo add percona
helm install pmm percona/pmm
The command deploys PMM on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.


List all releases using helm list.


The list of Parameters is subject to change from release to release. Check the Parameters section of the PMM Helm Chart.


You can list the default parameters values.yaml or get them from chart definition: helm show values percona/pmm

Specify each parameter using the --set key=value[,key=value] or --set-string key=value[,key=value] arguments to helm install. For example,

helm install pmm \
--set-string pmmEnv.ENABLE_DBAAS="1" \
--set service.type="NodePort" \
--set storage.storageClassName="linode-block-storage-retain" \

The above command installs PMM with the enabled PMM DBaaS feature. Additionally, it sets the Service network type to NodePort and storage class to linode-block-storage-retain for persistence storage on LKE.


Once this chart is deployed, it is impossible to change the application's access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools (if available)

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example:

helm show values percona/pmm > values.yaml
#change needed parameters in values.yaml
helm install pmm -f values.yaml percona/pmm

PMM admin password

PMM admin password would be set only on the first deployment. That setting is ignored if PMM was already provisioned and just restarted and/or updated.

If PMM admin password is not set explicitly (default), it will be generated.

To get admin password execute:

kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode

PMM environment variables

In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the pmmEnv property.


PMM SSL certificates

PMM ships with self signed SSL certificates to provide secure connection between client and server (check here). You will see the warning when connecting to PMM. To further increase security, you could provide your certificates and add values of credentials to the fields of the cert section:

  name: pmm-certs
    certificate.crt: <content>
    certificate.key: <content>
    ca-certs.pem: <content>
    dhparam.pem: <content>


Percona will release a new chart updating its containers if a new version of the main container is available, there are any significant changes, or critical vulnerabilities exist.

By default UI update feature is disabled and should not be enabled. Do not modify that parameter or add it while modifying the custom values.yaml file:


Before updating the helm chart, it is recommended to pre-pull the image on the node where PMM is running, as the PMM images could be large and could take time to download.

Update PMM as follows:

helm repo update percona
helm upgrade pmm -f values.yaml percona/pmm

This will check updates in the repo and upgrade deployment if the updates are available.


To uninstall pmm deployment:

helm uninstall pmm

This command takes a release name and uninstalls the release.

It removes all of the resources associated with the last release of the chart as well as the release history.

Last update: 2022-11-23