Skip to content

Install PMM server with Helm on the Kubernetes clusters

Helm is the package manager for Kubernetes. Percona Helm charts can be found in percona/percona-helm-charts repository on Github.

Before you start

Helm v3 is needed to run the following steps.

Refer to Kubernetes Supported versions and Helm Version Support Policy to find the supported versions.

PMM should be platform-agnostic, but it requires escalated privileges inside a container. It is necessary to have a root user inside the PMM container. Thus, PMM would not work for Kubernetes Platforms such as OpenShift or others that have hardened Security Context Constraints, for example:

Kubernetes platforms offer a different set of capabilities. To use PMM in production, you would need backups and, thus storage driver that supports snapshots. Consult your provider for Kubernetes and Cloud storage capabilities.

Locality and Availability

You should not run the PMM monitoring server along with the monitored database clusters and services on the same system.

Please ensure proper locality either by physically separating workloads in Kubernetes clusters or running separate Kubernetes clusters for the databases and monitoring workloads.

You can physically separate workloads by properly configuring Kubernetes nodes, affinity rules, label selections, etc.

Also, ensure that the Kubernetes cluster has high availability so that in case of a node failure, the monitoring service will be running and capturing the required data.

Install PMM server

Availability

This feature is available starting with PMM 2.29.0.

Summary
  • Setup PMM admin password
  • Install
  • Configuration parameters
  • PMM environment variables
  • PMM SSL certificates
  • Backup
  • Upgrade
  • Restore
  • Uninstall

Setup PMM admin password

Create Kubernetes secret with PMM admin password:

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Secret
metadata:
  name: pmm-secret
  labels:
    app.kubernetes.io/name: pmm
type: Opaque
data:
# base64 encoded password
# encode some password: `echo -n "admin" | base64`
  PMM_ADMIN_PASSWORD: YWRtaW4=
EOF

To get admin password execute:

kubectl get secret pmm-secret -o jsonpath='{.data.PMM_ADMIN_PASSWORD}' | base64 --decode

Install

To install the chart with the release name pmm:

helm repo add percona https://percona.github.io/percona-helm-charts/
helm install pmm \
--set secret.create=false \
--set secret.name=pmm-secret \
percona/pmm
The command deploys PMM on the Kubernetes cluster in the default configuration and specified secret. The Parameters section lists the parameters that can be configured during installation.

Tip

List all releases using helm list.

Parameters

The list of Parameters is subject to change from release to release. Check the Parameters section of the PMM Helm Chart.

Tip

You can list the default parameters values.yaml or get them from chart definition: helm show values percona/pmm

Specify each parameter using the --set key=value[,key=value] or --set-string key=value[,key=value] arguments to helm install. For example,

helm install pmm \
--set secret.create=false --set secret.name=pmm-secret \
--set-string pmmEnv.ENABLE_DBAAS="1" \
--set service.type="NodePort" \
--set storage.storageClassName="linode-block-storage-retain" \
    percona/pmm

The above command installs PMM with the enabled PMM DBaaS feature. Additionally, it sets the Service network type to NodePort and storage class to linode-block-storage-retain for persistence storage on LKE.

Important

Once this chart is deployed, it is impossible to change the application’s access credentials, such as password, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application’s built-in administrative tools (if available)

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example:

helm show values percona/pmm > values.yaml

#change needed parameters in values.yaml, you need `yq` tool pre-installed
yq -i e '.secret.create |= false' values.yaml

helm install pmm -f values.yaml percona/pmm

PMM environment variables

In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the pmmEnv property.

pmmEnv:
  DISABLE_UPDATES: "1"
  ENABLE_DBAAS: "1"

PMM SSL certificates

PMM ships with self signed SSL certificates to provide secure connection between client and server (check here).

You will see the warning when connecting to PMM. To further increase security, you should provide your certificates and add values of credentials to the fields of the cert section:

certs:
  name: pmm-certs
  files:
    certificate.crt: <content>
    certificate.key: <content>
    ca-certs.pem: <content>
    dhparam.pem: <content>

Another approach to set up TLS certificates is to use the Ingress controller, see TLS. PMM helm chart supports Ingress. See PMM network configuration.

Get expert help

If you need assistance, you can find comprehensive and free database knowledge on our community forum or blog posts. For professional support and services, contact our Percona Database Experts.


Last update: 2024-02-19