On-prem quick start
TL;DR. On-prem PanDev Metrics is the same product as Cloud — same UI, same integrations. The differences are: it runs on your servers (Docker or Kubernetes), it is single-tenant (one organisation per install), and there is no Google sign-in (email + password and LDAP / AD only). Plan for ~1–2 hours from a clean VM to first metrics. You will need PostgreSQL 17, Docker Engine ≥ 20.10 or Kubernetes ≥ 1.28, and two machines or one beefy VM (see hardware below). Redis is optional in single-node mode.
Before you begin
You need three things ready before the first docker compose up:
- Hardware that meets the minimum sizing.
- An empty PostgreSQL 17 database with credentials.
- DNS / TLS for the host where PanDev Metrics will run, if you want HTTPS in front (optional but recommended).
Hardware sizing
PanDev Metrics expects two roles: app (backend + frontend) and database. You can co-locate them on a single beefy VM for evaluation, but a split deployment is the supported pattern in production.
| Role | CPU | RAM | Disk |
|---|---|---|---|
| App (backend + frontend) | 8 vCPU | 16 GB | 50 GB SSD |
| Database (PostgreSQL 17) | 16 vCPU | 24 GB | 100 GB SSD |
Software versions
| Component | Minimum | Recommended |
|---|---|---|
| PostgreSQL | 17 | 17 |
| Docker Engine | 20.10 | 24+ |
| Docker Compose | v2.0 | v2.20+ |
| Kubernetes | 1.28 | 1.28+ |
Network ports
| Port | What |
|---|---|
| 8080 | Application (backend) |
| 9090 | Spring Actuator (health, metrics) |
Outgoing traffic from the on-prem install is minimal but cannot be turned off — air-gapped installs are not supported.
Installation steps
1. Verify system requirements
Check disk, RAM, OS, and network access against the full requirements page.
2. Review the architecture
Skim the architecture page so you know what services are about to come up and how they talk to each other.
3. Install with Docker or Kubernetes
PanDev Metrics ships both ways:
- Docker Compose — recommended for small / mid-size installs and proofs of concept. Walk the installation guide.
- Kubernetes — for teams that already run a cluster. Use the Helm chart referenced in the same installation guide.
Upgrades on either path are a one-line image-tag bump. There is no in-place migration tool to be afraid of.
4. First login
Follow first login to create the initial admin account. This is the only out-of-band step in the whole on-prem flow.
5. Connect users
Pick one of two paths:
- LDAP / Active Directory — recommended for corporate environments.
- Manual user management — for small teams or air-gapped tests.
SAML and OIDC are not supported.
6. Install IDE plugins on the team's machines
Follow the IDE plugin overview. Point the plugin Server URL at your on-prem host (e.g. https://metrics.acme.corp) instead of metrics-cloud.pandev.io.
Verify
You have a working on-prem install when all of the following are true:
-
curl http://<host>:9090/actuator/healthreturns{"status":"UP"} - You can sign in to the UI at
http://<host>:8080as the initial admin - At least one user can sign in (LDAP-linked or manually created)
- At least one Git provider in Settings → Integrations shows a green status
- One IDE plugin pointing at your host shows up under Organization → Employees
Backups
Back up the PostgreSQL database — that is the only stateful component. pg_dump of the application database is sufficient to recover the install on another host. RPO/RTO targets are up to you; PanDev Metrics imposes nothing.
FAQ
Can I run on-prem without internet access?
Air-gapped installs are not supported. PanDev Metrics needs minimal outbound traffic (e.g. to pull integration metadata) and that cannot be disabled.
Does on-prem support multi-tenant?
No. On-prem is single-tenant by design — one organisation per install. If you need multiple separate organisations on one set of servers, talk to support about a different architecture.
What's the upgrade story?
Replace the image tag in docker-compose.yml (or in the Helm values), pull, and restart. No data migration tools are required for normal upgrades; database migrations are run automatically by the backend on start-up.
Do I need TLS?
Not strictly. PanDev Metrics talks plain HTTP on 8080 by default. For production we recommend terminating TLS at your own reverse proxy (nginx, Traefik, an ingress controller). The plugin can also be configured to skip SSL validation for self-signed certificates.
Next steps
- System requirements — full hardware and software checklist
- Architecture — services, data flow, dependencies
- Installation — the actual
docker composewalkthrough - LDAP integration — corporate authentication
Related
- Reference: Network and ports — firewall rules
- Concept: Cloud quick start — same product, hosted by PanDev