diff --git a/helm/openwhisk/templates/_helpers.tpl b/helm/openwhisk/templates/_helpers.tpl
index f57c5781..7fd61e70 100644
--- a/helm/openwhisk/templates/_helpers.tpl
+++ b/helm/openwhisk/templates/_helpers.tpl
@@ -292,23 +292,21 @@ imagePullSecrets:
 {{/* Environment variables required for invoker volumes configuration */}}
 {{- define "openwhisk.invoker.volumes" -}}
 {{- if eq .Values.invoker.containerFactory.impl "docker" }}
-      volumes:
-{{ include "openwhisk.docker_volumes" . | indent 6 }}
-      - name: scripts-dir
-        configMap:
-          name: {{ .Release.Name }}-invoker-scripts
+{{ include "openwhisk.docker_volumes" . }}
+- name: scripts-dir
+  configMap:
+    name: {{ .Release.Name }}-invoker-scripts
 {{- end }}
 {{- end }}
 
 {{/* Environment variables required for invoker volumes configuration */}}
 {{- define "openwhisk.invoker.volume_mounts" -}}
 {{- if (eq .Values.invoker.containerFactory.impl "docker") }}
-        volumeMounts:
-{{ include "openwhisk.docker_volume_mounts" . | indent 8 }}
+{{ include "openwhisk.docker_volume_mounts" . }}
 {{- if .Values.invoker.containerFactory.networkConfig.dns.inheritInvokerConfig }}
-        - name: scripts-dir
-          mountPath: "/invoker-scripts/configureDNS.sh"
-          subPath: "configureDNS.sh"
+- name: scripts-dir
+  mountPath: "/invoker-scripts/configureDNS.sh"
+  subPath: "configureDNS.sh"
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/helm/openwhisk/templates/controller-pod.yaml b/helm/openwhisk/templates/controller-pod.yaml
index 28a97565..44550a7d 100644
--- a/helm/openwhisk/templates/controller-pod.yaml
+++ b/helm/openwhisk/templates/controller-pod.yaml
@@ -66,9 +66,13 @@ spec:
       # The controller must wait for elasticsearch to be ready before it starts
 {{ include "openwhisk.readiness.waitForElasticSearch" . | indent 6 }}
 {{- end }}
+      volumes:
+      - name: jmxremote-secret
+        secret:
+          secretName: {{ .Release.Name }}-jmxremote-secret
       # The lean controller requires invoker volumes mounts
 {{- if .Values.controller.lean }}
-{{ include "openwhisk.invoker.volumes" . }}
+{{ include "openwhisk.invoker.volumes" . | indent 6 }}
 {{- end }}
 {{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }}
 
@@ -84,12 +88,23 @@ spec:
         ports:
         - name: controller
           containerPort: {{ .Values.controller.port }}
+        - name: jmx
+          jmxPort: {{ .Values.jmx.port }}
+        - name: jmx-rmi
+          jmxPort: {{ .Values.jmx.rmiPort }}
         - name: akka-remoting
           containerPort: 2552
         - name: akka-mgmt-http
           containerPort: 19999
+        volumeMounts:
+        - name: jmxremote-secret
+          mountPath: "/conf/jmxremote.access"
+          subPath: "jmxremote.access"
+        - name: jmxremote-secret
+          mountPath: "/conf/jmxremote.password"
+          subPath: "jmxremote.password"
 {{- if .Values.controller.lean }}
-{{ include "openwhisk.invoker.volume_mounts" . }}
+{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }}
 {{- end }}
         livenessProbe:
           httpGet:
@@ -127,7 +142,7 @@ spec:
 
         # Java options
         - name: "JAVA_OPTS"
-          value: "-Xmx{{- .Values.controller.jvmHeapMB -}}M {{ .Values.controller.jvmOptions }}"
+          value: "-Xmx{{- .Values.controller.jvmHeapMB -}}M {{ .Values.controller.jvmOptions }} {{ if .Values.jmx.enabled }} {{ .Values.jmx.jvmCommonArgs }} -Dcom.sun.management.jmxremote.rmi.port={{ .Values.jmx.rmiPort }} -Dcom.sun.management.jmxremote.port={{ .Values.jmx.port }} {{ end }}"
 
         # specific controller arguments
         - name: "CONTROLLER_OPTS"
diff --git a/helm/openwhisk/templates/invoker-pod.yaml b/helm/openwhisk/templates/invoker-pod.yaml
index dbb80289..84704414 100644
--- a/helm/openwhisk/templates/invoker-pod.yaml
+++ b/helm/openwhisk/templates/invoker-pod.yaml
@@ -68,8 +68,11 @@ spec:
       tolerations:
 {{ include "openwhisk.toleration.invoker" . | indent 8 }}
 {{- end }}
-
-{{ include "openwhisk.invoker.volumes" . }}
+      volumes:
+      - name: jmxremote-secret
+        secret:
+          secretName: {{ .Release.Name }}-jmxremote-secret
+{{ include "openwhisk.invoker.volumes" . | indent 6 }}
 
       initContainers:
 {{- if eq .Values.invoker.containerFactory.impl "docker" }}
@@ -138,7 +141,7 @@ spec:
 
           # Java options
           - name: "JAVA_OPTS"
-            value: "-Xmx{{- .Values.invoker.jvmHeapMB -}}M {{ .Values.invoker.jvmOptions }}"
+            value: "-Xmx{{- .Values.invoker.jvmHeapMB -}}M {{ .Values.invoker.jvmOptions }} {{ if .Values.jmx.enabled }} {{ .Values.jmx.jvmCommonArgs }} -Dcom.sun.management.jmxremote.rmi.port={{ .Values.jmx.rmiPort }} -Dcom.sun.management.jmxremote.port={{ .Values.jmx.port }} {{ end }}"
 
           # Invoker options
           - name: "INVOKER_OPTS"
@@ -214,5 +217,16 @@ spec:
         ports:
         - name: invoker
           containerPort: {{ .Values.invoker.port }}
-{{ include "openwhisk.invoker.volume_mounts" . }}
+        - name: jmx
+          jmxPort: {{ .Values.jmx.port }}
+        - name: jmx-rmi
+          jmxPort: {{ .Values.jmx.rmiPort }}
+        volumeMounts:
+        - name: jmxremote-secret
+          mountPath: "/conf/jmxremote.access"
+          subPath: "jmxremote.access"
+        - name: jmxremote-secret
+          mountPath: "/conf/jmxremote.password"
+          subPath: "jmxremote.password"
+{{ include "openwhisk.invoker.volume_mounts" . | indent 8 }}
 {{- end }}
diff --git a/helm/openwhisk/templates/jmx-remote-secret.yaml b/helm/openwhisk/templates/jmx-remote-secret.yaml
new file mode 100644
index 00000000..7eea8b5f
--- /dev/null
+++ b/helm/openwhisk/templates/jmx-remote-secret.yaml
@@ -0,0 +1,27 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-jmxremote-secret
+  labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+type: Opaque
+data:
+  jmxremote.access: {{ (printf "%s %s" .Values.jmx.user "readwrite") | b64enc }}
+  jmxremote.password: {{ (printf "%s %s" .Values.jmx.user .Values.jmx.pass) | b64enc }}
diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml
index f89b8a02..ecd6f56d 100644
--- a/helm/openwhisk/values.yaml
+++ b/helm/openwhisk/values.yaml
@@ -289,6 +289,15 @@ invoker:
       isolateUserActions: true
       replicaCount: 1
 
+# JMX configurations
+jmx:
+  enabled: false
+  port: 15000
+  rmiPort: 16000
+  user: "jmxuser"
+  pass: "jmxpass"
+  jvmCommonArgs: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/home/owuser/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/home/owuser/jmxremote.access"
+
 # API Gateway configurations
 apigw:
   imageName: "openwhisk/apigateway"