Skip to content
Percona Operators Documentation

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

5. Monitor database with Percona Monitoring and Management (PMM)

In this section you will learn how to monitor the health of Percona Server for MongoDB with Percona Monitoring and Management (PMM) .

The Operator supports both PMM version 2 and PMM version 3.

It determines which PMM server version you are using based on the authentication method you provide. For PMM 2, the Operator uses API keys for authentication. For PMM 3, it uses service account tokens.

We recommend using the latest PMM 3.

PMM is a client/server application. It includes the PMM Server and the number of PMM Clients running on each node with the database you wish to monitor.

A PMM Client collects needed metrics and sends gathered data to the PMM Server. As a user, you connect to the PMM Server to see database metrics on a number of dashboards.

PMM Server and PMM Client are installed separately.

Considerations

  1. If you are using PMM server version 2, use a PMM client image compatible with PMM 2. If you are using PMM server version 3, use a PMM client image compatible with PMM 3. Check Percona certified images for the right one.
  2. If you specified both authentication methods for PMM server configuration and they have non-empty values, priority goes to PMM 3.
  3. For migration from PMM2 to PMM3, see PMM upgrade documentation . Also check the Automatic migration of API keys page.

Install PMM Server

You must have PMM server up and running. You can run PMM Server as a Docker image, a virtual appliance, or in Kubernetes. Please refer to the official PMM documentation for the installation instructions.

Install PMM Client

PMM Client is installed as a side-car container in the database Pods in your Kubernetes-based environment. To install PMM Client, do the following:

Configure authentication

PMM3 uses service accounts to control access to PMM server components and resources. To authenticate in PMM server, you need a service account token. Generate a service account and token . Specify the Admin role for the service account.

Warning

When you create a service account token, you can select its lifetime: it can be either a permanent token that never expires or the one with the expiration date. PMM server cannot rotate service account tokens after they expire. So you must take care of reconfiguring PMM Client in this case.

Get the PMM API key from PMM Server . The API key must have the role “Admin”. You need this key to authorize PMM Client within PMM Server.

Generate the PMM API key

You can query your PMM Server installation for the API Key using curl and jq utilities. Replace <login>:<password>@<server_host> placeholders with your real PMM Server login, password, and hostname in the following command:

$ API_KEY=$(curl --insecure -X POST -H "Content-Type: application/json" -d '{"name":"operator", "role": "Admin"}' "https://<login>:<password>@<server_host>/graph/api/auth/keys" | jq .key)

Warning

The API key is not rotated automatically when it expires. You must manually recreate it and reconfigure the PMM Client.

Create a secret

Now you must pass the credentials to the Operator. To do so, create a Secret object.

  1. Create a Secret configuration file. You can use the deploy/secrets.yaml secrets file.

    Specify the service account token as the PMM_SERVER_TOKEN value in the secrets file:

    apiVersion: v1
kind: Secret
metadata:
  name: my-cluster-name-secrets
type: Opaque
stringData:
  ....
  PMM_SERVER_TOKEN: ""

    Specify the API key as the PMM_SERVER_API_KEY value in the secrets file:

    apiVersion: v1
kind: Secret
metadata:
  name: my-cluster-name-secrets
type: Opaque
stringData:
  ....
  PMM_SERVER_API_KEY: ""

  2. Create the Secrets object using the deploy/secrets.yaml file.

    $ kubectl apply -f deploy/secrets.yaml -n <namespace>
    Expected output 
    secret/my-cluster-name-secrets created

Deploy the PMM Client

  1. Update the pmm section in the deploy/cr.yaml file:

    • Set pmm.enabled=true.
    • Specify your PMM Server hostname / an IP address for the pmm.serverHost option. The PMM Server IP address should be resolvable and reachable from within your cluster.
    • Check that the name of the Secret object that you created earlier is specified in the secrets.users field.
    secrets:
  users: my-cluster-name-secrets
pmm:
  enabled: true
  image: percona/pmm-client:2.44.1
  serverHost: monitoring-service

  2. Apply the changes:

    $ kubectl apply -f deploy/cr.yaml -n <namespace>

  3. Check that corresponding Pods are not in a cycle of stopping and restarting. This cycle occurs if there are errors on the previous steps:

    $ kubectl get pods -n <namespace>
$ kubectl logs <cluster-name>-rs0-0 -c pmm-client -n <namespace>

Check the metrics

Let’s see how the collected data is visualized in PMM.

  1. Log in to PMM server.
  2. Click MongoDB from the left-hand navigation menu. You land on the Instances Overview page.
  3. Select your cluster from the Clusters drop-down menu and the desired time range on the top of the page. You should see the metrics.
  4. Click MongoDBOther dashboards to see the list of available dashboards that allow you to drill down to the metrics you are interested in.

Next steps

What’s next

Last update: 2025-09-30