diff --git a/helm/vitess/templates/NOTES.txt b/helm/vitess/templates/NOTES.txt
index e69de29bb2d..a08bd9830f4 100644
--- a/helm/vitess/templates/NOTES.txt
+++ b/helm/vitess/templates/NOTES.txt
@@ -0,0 +1,15 @@
+{{- $cell := (index .Values.topology.cells 1).name -}}
+{{- $proxyURL := printf "http://localhost:8001/api/v1/proxy/namespaces/%s" .Release.Namespace -}}
+
+Release name: {{.Release.Name}}
+
+To access administrative web pages, start a proxy with:
+  kubectl proxy --port=8001
+
+Then use the following URLs:
+
+Kubernetes dashboard: http://localhost:8001/ui
+
+vtctld: {{$proxyURL}}/services/vtctld:web/
+vtgate: {{$proxyURL}}/services/vtgate-{{$cell}}:web/
+
diff --git a/helm/vitess/templates/_helpers.tpl b/helm/vitess/templates/_helpers.tpl
index 2da48fe008c..b32a04e6201 100644
--- a/helm/vitess/templates/_helpers.tpl
+++ b/helm/vitess/templates/_helpers.tpl
@@ -14,3 +14,23 @@
 {{- range . }}{{template "format-flags" .}}{{end -}}
 {{- end -}}
 
+# Common init-container to set up vtdataroot volume.
+{{- define "init-vtdataroot" -}}
+{{- $image := . -}}
+{
+  "name": "init-vtdataroot",
+  "image": {{$image | quote}},
+  "command": ["bash", "-c", "
+    set -ex;
+    mkdir -p $VTDATAROOT/tmp;
+    chown vitess:vitess $VTDATAROOT $VTDATAROOT/tmp;
+  "],
+  "volumeMounts": [
+    {
+      "name": "vtdataroot",
+      "mountPath": "/vt/vtdataroot"
+    }
+  ]
+}
+{{- end -}}
+
diff --git a/helm/vitess/templates/_vtctld.tpl b/helm/vitess/templates/_vtctld.tpl
index f35ce547107..32f305c1f24 100644
--- a/helm/vitess/templates/_vtctld.tpl
+++ b/helm/vitess/templates/_vtctld.tpl
@@ -33,6 +33,10 @@ spec:
       labels:
         component: vtctld
         app: vitess
+      annotations:
+        pod.beta.kubernetes.io/init-containers: '[
+{{ include "init-vtdataroot" (.image | default $0.image) | indent 10 }}
+        ]'
     spec:
       containers:
         - name: vtctld
@@ -55,31 +59,29 @@ spec:
               mountPath: /etc/ssl/certs/ca-certificates.crt
           resources:
 {{ toYaml (.resources | default $0.resources) | indent 12 }}
+          securityContext:
+            runAsUser: 999
           command:
             - bash
             - "-c"
             - |
               set -ex
-              mkdir -p $VTDATAROOT/tmp
-              chown -R vitess /vt
-
-              exec su -p -c "$(tr '\n' ' ' <<END_OF_COMMAND
-                exec /vt/bin/vtctld
-                  -cell {{$cell.name | quote}}
-                  -web_dir "$VTTOP/web/vtctld"
-                  -web_dir2 "$VTTOP/web/vtctld2/app"
-                  -workflow_manager_init
-                  -workflow_manager_use_election
-                  -log_dir "$VTDATAROOT/tmp"
-                  -alsologtostderr
-                  -port 15000
-                  -grpc_port 15999
-                  -service_map "grpc-vtctl"
-                  -topo_implementation "etcd"
-                  -etcd_global_addrs "http://etcd-global:4001"
-{{ include "format-flags-all" (tuple $.Values.backupFlags $0.extraFlags .extraFlags) | indent 18 }}
+              eval exec /vt/bin/vtctld $(cat <<END_OF_COMMAND
+                -cell={{$cell.name | quote}}
+                -web_dir="$VTTOP/web/vtctld"
+                -web_dir2="$VTTOP/web/vtctld2/app"
+                -workflow_manager_init
+                -workflow_manager_use_election
+                -log_dir="$VTDATAROOT/tmp"
+                -alsologtostderr
+                -port=15000
+                -grpc_port=15999
+                -service_map="grpc-vtctl"
+                -topo_implementation="etcd"
+                -etcd_global_addrs="http://etcd-global:4001"
+{{ include "format-flags-all" (tuple $.Values.backupFlags $0.extraFlags .extraFlags) | indent 16 }}
               END_OF_COMMAND
-              )" vitess
+              )
       volumes:
         - name: syslog
           hostPath: {path: /dev/log}
diff --git a/helm/vitess/templates/_vtgate.tpl b/helm/vitess/templates/_vtgate.tpl
index 09bc50afa8c..ed492d48682 100644
--- a/helm/vitess/templates/_vtgate.tpl
+++ b/helm/vitess/templates/_vtgate.tpl
@@ -36,6 +36,10 @@ spec:
         component: vtgate
         cell: {{$cell.name}}
         app: vitess
+      annotations:
+        pod.beta.kubernetes.io/init-containers: '[
+{{ include "init-vtdataroot" (.image | default $0.image) | indent 10 }}
+        ]'
     spec:
       containers:
         - name: vtgate
@@ -53,30 +57,28 @@ spec:
               mountPath: /vt/vtdataroot
           resources:
 {{ toYaml (.resources | default $0.resources) | indent 12 }}
+          securityContext:
+            runAsUser: 999
           command:
             - bash
             - "-c"
             - |
               set -ex
-              mkdir -p $VTDATAROOT/tmp &&
-              chown -R vitess /vt &&
-
-              exec su -p -c "$(tr '\n' ' ' <<END_OF_COMMAND
-                exec /vt/bin/vtgate
-                  -topo_implementation "etcd"
-                  -etcd_global_addrs "http://etcd-global:4001"
-                  -log_dir "$VTDATAROOT/tmp"
-                  -alsologtostderr
-                  -port 15001
-                  -grpc_port 15991
-                  -service_map "grpc-vtgateservice"
-                  -cells_to_watch {{$cell.name | quote}}
-                  -tablet_types_to_wait "MASTER,REPLICA"
-                  -gateway_implementation "discoverygateway"
-                  -cell {{$cell.name | quote}}
-{{ include "format-flags-all" (tuple $0.extraFlags .extraFlags) | indent 18 }}
+              eval exec /vt/bin/vtgate $(cat <<END_OF_COMMAND
+                -topo_implementation="etcd"
+                -etcd_global_addrs="http://etcd-global:4001"
+                -log_dir="$VTDATAROOT/tmp"
+                -alsologtostderr
+                -port=15001
+                -grpc_port=15991
+                -service_map="grpc-vtgateservice"
+                -cells_to_watch={{$cell.name | quote}}
+                -tablet_types_to_wait="MASTER,REPLICA"
+                -gateway_implementation="discoverygateway"
+                -cell={{$cell.name | quote}}
+{{ include "format-flags-all" (tuple $0.extraFlags .extraFlags) | indent 16 }}
               END_OF_COMMAND
-              )" vitess
+              )
       volumes:
         - name: syslog
           hostPath: {path: /dev/log}
diff --git a/helm/vitess/templates/_vttablet.tpl b/helm/vitess/templates/_vttablet.tpl
index 52df58a6fe2..d2dcbd57860 100644
--- a/helm/vitess/templates/_vttablet.tpl
+++ b/helm/vitess/templates/_vttablet.tpl
@@ -1,148 +1,249 @@
-{{- define "vttablet" -}}
+# vttablet pod spec (template for both StatefulSet and naked pod)
+{{- define "vttablet-pod-spec" -}}
 {{- $ := index . 0 -}}
 {{- $cell := index . 1 -}}
 {{- $keyspace := index . 2 -}}
 {{- $shard := index . 3 -}}
 {{- $tablet := index . 4 -}}
-{{- $index := index . 5 -}}
+{{- $uid := index . 5 -}}
 {{- with index . 6 -}}
 {{- $0 := $.Values.vttablet -}}
-{{- $uid := add $tablet.uidBase $index -}}
-{{- $alias := printf "%s-%d" $cell.name $uid -}}
+containers:
+  - name: vttablet
+    image: {{.image | default $0.image | quote}}
+    livenessProbe:
+      httpGet:
+        path: /debug/vars
+        port: 15002
+      initialDelaySeconds: 60
+      timeoutSeconds: 10
+    volumeMounts:
+      - name: syslog
+        mountPath: /dev/log
+      - name: vtdataroot
+        mountPath: /vt/vtdataroot
+      - name: certs
+        readOnly: true
+        # Mount root certs from the host OS into the location
+        # expected for our container OS (Debian):
+        mountPath: /etc/ssl/certs/ca-certificates.crt
+    resources:
+{{ toYaml (.resources | default $0.resources) | indent 6 }}
+    ports:
+      - name: web
+        containerPort: 15002
+      - name: grpc
+        containerPort: 16002
+    securityContext:
+      runAsUser: 999
+    command:
+      - bash
+      - "-c"
+      - |
+        set -ex
+        eval exec /vt/bin/vttablet $(cat <<END_OF_COMMAND
+          -topo_implementation "etcd"
+          -etcd_global_addrs "http://etcd-global:4001"
+          -log_dir "$VTDATAROOT/tmp"
+          -alsologtostderr
+          -port 15002
+          -grpc_port 16002
+          -service_map "grpc-queryservice,grpc-tabletmanager,grpc-updatestream"
+          -tablet-path "{{$cell.name}}-{{$uid}}"
+{{ if eq (.controllerType | default $0.controllerType) "None" }}
+          -tablet_hostname "$(hostname -i)"
+{{ end }}
+          -init_keyspace {{$keyspace.name | quote}}
+          -init_shard {{$shard.name | quote}}
+          -init_tablet_type {{$tablet.type | quote}}
+          -health_check_interval "5s"
+          -mysqlctl_socket "$VTDATAROOT/mysqlctl.sock"
+          -db-config-app-uname "vt_app"
+          -db-config-app-dbname "vt_{{$keyspace.name}}"
+          -db-config-app-charset "utf8"
+          -db-config-dba-uname "vt_dba"
+          -db-config-dba-dbname "vt_{{$keyspace.name}}"
+          -db-config-dba-charset "utf8"
+          -db-config-repl-uname "vt_repl"
+          -db-config-repl-dbname "vt_{{$keyspace.name}}"
+          -db-config-repl-charset "utf8"
+          -db-config-filtered-uname "vt_filtered"
+          -db-config-filtered-dbname "vt_{{$keyspace.name}}"
+          -db-config-filtered-charset "utf8"
+          -enable_semi_sync
+          -enable_replication_reporter
+          -orc_api_url "http://orchestrator/api"
+          -orc_discover_interval "5m"
+          -restore_from_backup
+{{ include "format-flags-all" (tuple $.Values.backupFlags $0.extraFlags .extraFlags) | indent 10 }}
+        END_OF_COMMAND
+        )
+  - name: mysql
+    image: {{.image | default $0.image | quote}}
+    volumeMounts:
+      - name: syslog
+        mountPath: /dev/log
+      - name: vtdataroot
+        mountPath: /vt/vtdataroot
+    resources:
+{{ toYaml (.mysqlResources | default $0.mysqlResources) | indent 6 }}
+    securityContext:
+      runAsUser: 999
+    command:
+      - bash
+      - "-c"
+      - |
+        set -ex
+        eval exec /vt/bin/mysqlctld $(cat <<END_OF_COMMAND
+          -log_dir "$VTDATAROOT/tmp"
+          -alsologtostderr
+          -tablet_uid "{{$uid}}"
+          -socket_file "$VTDATAROOT/mysqlctl.sock"
+          -db-config-app-uname "vt_app"
+          -db-config-app-dbname "vt_{{$keyspace.name}}"
+          -db-config-app-charset "utf8"
+          -db-config-allprivs-uname "vt_allprivs"
+          -db-config-allprivs-dbname "vt_{{$keyspace.name}}"
+          -db-config-allprivs-charset "utf8"
+          -db-config-dba-uname "vt_dba"
+          -db-config-dba-dbname "vt_{{$keyspace.name}}"
+          -db-config-dba-charset "utf8"
+          -db-config-repl-uname "vt_repl"
+          -db-config-repl-dbname "vt_{{$keyspace.name}}"
+          -db-config-repl-charset "utf8"
+          -db-config-filtered-uname "vt_filtered"
+          -db-config-filtered-dbname "vt_{{$keyspace.name}}"
+          -db-config-filtered-charset "utf8"
+          -init_db_sql_file "$VTROOT/config/init_db.sql"
+{{ include "format-flags-all" (tuple $0.mysqlctlExtraFlags .mysqlctlExtraFlags) | indent 10 }}
+        END_OF_COMMAND
+        )
+    env:
+      - name: EXTRA_MY_CNF
+        value: {{.extraMyCnf | default $0.extraMyCnf | quote}}
+volumes:
+  - name: syslog
+    hostPath: {path: /dev/log}
+{{ if eq (.dataVolumeType | default $0.dataVolumeType) "EmptyDir" }}
+  - name: vtdataroot
+    emptyDir: {}
+{{ end }}
+  - name: certs
+    hostPath: { path: {{$.Values.certsPath | quote}} }
+{{- end -}}
+{{- end -}}
+
+# init-container to compute tablet UID.
+# This converts the unique identity assigned by StatefulSet (pod name)
+# into a 31-bit unsigned integer for use as a Vitess tablet UID.
+{{- define "init-tablet-uid" -}}
+{{- $image := index . 0 -}}
+{{- $cell := index . 1 -}}
+{
+  "name": "init-tablet-uid",
+  "image": {{$image | quote}},
+  "securityContext": {"runAsUser": 999},
+  "command": ["bash", "-c", "
+    set -ex\n
+    # Split pod name (via hostname) into prefix and ordinal index.\n
+    [[ `hostname` =~ ^(.+)-([0-9]+)$ ]] || exit 1\n
+    pod_prefix=${BASH_REMATCH[1]}\n
+    pod_index=${BASH_REMATCH[2]}\n
+    # Prepend cell name since tablet UIDs must be globally unique.\n
+    uid_name={{$cell.name | replace "_" "-" | lower}}-$pod_prefix\n
+    # Take MD5 hash of cellname-podprefix.\n
+    uid_hash=$(echo -n $uid_name | md5sum | awk \"{print \\$1}\")\n
+    # Take first 24 bits of hash, convert to decimal.\n
+    # Shift left 2 decimal digits, add in index.\n
+    tablet_uid=$((16#${uid_hash:0:6} * 100 + $pod_index))\n
+    # Save UID for other containers to read.\n
+    mkdir -p $VTDATAROOT/init\n
+    echo $tablet_uid > $VTDATAROOT/init/tablet-uid\n
+  "],
+  "volumeMounts": [
+    {
+      "name": "vtdataroot",
+      "mountPath": "/vt/vtdataroot"
+    }
+  ]
+}
+{{- end -}}
+
+# vttablet StatefulSet
+{{- define "vttablet-stateful-set" -}}
+{{- $ := index . 0 -}}
+{{- $cell := index . 1 -}}
+{{- $keyspace := index . 2 -}}
+{{- $shard := index . 3 -}}
+{{- $tablet := index . 4 -}}
+{{- with $tablet.vttablet -}}
+{{- $0 := $.Values.vttablet -}}
+{{- $keyspaceClean := $keyspace.name | replace "_" "-" -}}
+{{- $setName := printf "%s-%s-%s" $keyspaceClean $shard.name $tablet.type | lower -}}
+{{- $uid := "$(cat $VTDATAROOT/init/tablet-uid)" }}
+# vttablet StatefulSet
+apiVersion: apps/v1alpha1
+kind: PetSet
+metadata:
+  name: {{$setName | quote}}
+spec:
+  serviceName: vttablet
+  replicas: {{.replicas | default $0.replicas}}
+  template:
+    metadata:
+      labels:
+        app: vitess
+        component: vttablet
+        keyspace: {{$keyspace.name | quote}}
+        shard: {{$shard.name | quote}}
+        type: {{$tablet.type | quote}}
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+        pod.beta.kubernetes.io/init-containers: '[
+{{ include "init-vtdataroot" (.image | default $0.image) | indent 10 }},
+{{ include "init-tablet-uid" (tuple (.image | default $0.image) $cell) | indent 10 }}
+        ]'
+    spec:
+{{ include "vttablet-pod-spec" (tuple $ $cell $keyspace $shard $tablet $uid .) | indent 6 }}
+{{ if eq (.dataVolumeType | default $0.dataVolumeType) "PersistentVolume" }}
+  volumeClaimTemplates:
+    - metadata:
+        name: vtdataroot
+        annotations:
+{{ toYaml (.dataVolumeClaimAnnotations | default $0.dataVolumeClaimAnnotations) | indent 10 }}
+      spec:
+{{ toYaml (.dataVolumeClaimSpec | default $0.dataVolumeClaimSpec) | indent 8 }}
+{{ end }}
+{{- end -}}
+{{- end -}}
+
+# vttablet naked pod (not using StatefulSet)
+{{- define "vttablet-pod" -}}
+{{- $ := index . 0 -}}
+{{- $cell := index . 1 -}}
+{{- $keyspace := index . 2 -}}
+{{- $shard := index . 3 -}}
+{{- $tablet := index . 4 -}}
+{{- $uid := index . 5 -}}
+{{- with $tablet.vttablet -}}
+{{- $0 := $.Values.vttablet -}}
 # vttablet
 kind: Pod
 apiVersion: v1
 metadata:
   name: "vttablet-{{$uid}}"
   labels:
+    app: vitess
     component: vttablet
     keyspace: {{$keyspace.name | quote}}
     shard: {{$shard.name | quote}}
-    tablet: {{$alias | quote}}
-    app: vitess
+    type: {{$tablet.type | quote}}
+  annotations:
+    pod.beta.kubernetes.io/init-containers: '[
+{{ include "init-vtdataroot" (.image | default $0.image) | indent 6 }}
+    ]'
 spec:
-  containers:
-    - name: vttablet
-      image: {{.image | default $0.image | quote}}
-      livenessProbe:
-        httpGet:
-          path: /debug/vars
-          port: 15002
-        initialDelaySeconds: 60
-        timeoutSeconds: 10
-      volumeMounts:
-        - name: syslog
-          mountPath: /dev/log
-        - name: vtdataroot
-          mountPath: /vt/vtdataroot
-        - name: certs
-          readOnly: true
-          # Mount root certs from the host OS into the location
-          # expected for our container OS (Debian):
-          mountPath: /etc/ssl/certs/ca-certificates.crt
-      resources:
-{{ toYaml (.resources | default $0.resources) | indent 8 }}
-      ports:
-        - name: web
-          containerPort: 15002
-        - name: grpc
-          containerPort: 16002
-      command:
-        - bash
-        - "-c"
-        - |
-          set -ex
-          mkdir -p $VTDATAROOT/tmp
-          chown -R vitess /vt
-
-          exec su -p -c "$(tr '\n' ' ' <<END_OF_COMMAND
-            exec /vt/bin/vttablet
-              -topo_implementation "etcd"
-              -etcd_global_addrs "http://etcd-global:4001"
-              -log_dir "$VTDATAROOT/tmp"
-              -alsologtostderr
-              -port 15002
-              -grpc_port 16002
-              -service_map "grpc-queryservice,grpc-tabletmanager,grpc-updatestream"
-              -tablet-path {{$alias | quote}}
-              -tablet_hostname "$(hostname -i)"
-              -init_keyspace {{$keyspace.name | quote}}
-              -init_shard {{$shard.name | quote}}
-              -init_tablet_type {{$tablet.type | quote}}
-              -health_check_interval "5s"
-              -mysqlctl_socket "$VTDATAROOT/mysqlctl.sock"
-              -db-config-app-uname "vt_app"
-              -db-config-app-dbname "vt_{{$keyspace.name}}"
-              -db-config-app-charset "utf8"
-              -db-config-dba-uname "vt_dba"
-              -db-config-dba-dbname "vt_{{$keyspace.name}}"
-              -db-config-dba-charset "utf8"
-              -db-config-repl-uname "vt_repl"
-              -db-config-repl-dbname "vt_{{$keyspace.name}}"
-              -db-config-repl-charset "utf8"
-              -db-config-filtered-uname "vt_filtered"
-              -db-config-filtered-dbname "vt_{{$keyspace.name}}"
-              -db-config-filtered-charset "utf8"
-              -enable_semi_sync
-              -enable_replication_reporter
-              -orc_api_url "http://orchestrator/api"
-              -orc_discover_interval "5m"
-              -restore_from_backup
-{{ include "format-flags-all" (tuple $.Values.backupFlags $0.extraFlags .extraFlags) | indent 14 }}
-          END_OF_COMMAND
-          )" vitess
-    - name: mysql
-      image: {{.image | default $0.image | quote}}
-      volumeMounts:
-        - name: syslog
-          mountPath: /dev/log
-        - name: vtdataroot
-          mountPath: /vt/vtdataroot
-      resources:
-{{ toYaml (.mysqlResources | default $0.mysqlResources) | indent 8 }}
-      command:
-        - sh
-        - "-c"
-        - |
-          set -ex
-          mkdir -p $VTDATAROOT/tmp
-          chown -R vitess /vt
-
-          exec su -p -c "$(tr '\n' ' ' <<END_OF_COMMAND
-            exec /vt/bin/mysqlctld
-              -log_dir "$VTDATAROOT/tmp"
-              -alsologtostderr
-              -tablet_uid {{$uid}}
-              -socket_file "$VTDATAROOT/mysqlctl.sock"
-              -db-config-app-uname "vt_app"
-              -db-config-app-dbname "vt_{{$keyspace.name}}"
-              -db-config-app-charset "utf8"
-              -db-config-allprivs-uname "vt_allprivs"
-              -db-config-allprivs-dbname "vt_{{$keyspace.name}}"
-              -db-config-allprivs-charset "utf8"
-              -db-config-dba-uname "vt_dba"
-              -db-config-dba-dbname "vt_{{$keyspace.name}}"
-              -db-config-dba-charset "utf8"
-              -db-config-repl-uname "vt_repl"
-              -db-config-repl-dbname "vt_{{$keyspace.name}}"
-              -db-config-repl-charset "utf8"
-              -db-config-filtered-uname "vt_filtered"
-              -db-config-filtered-dbname "vt_{{$keyspace.name}}"
-              -db-config-filtered-charset "utf8"
-              -init_db_sql_file "$VTROOT/config/init_db.sql"
-{{ include "format-flags-all" (tuple $0.mysqlctlExtraFlags .mysqlctlExtraFlags) | indent 14 }}
-          END_OF_COMMAND
-          )" vitess
-      env:
-        - name: EXTRA_MY_CNF
-          value: {{.extraMyCnf | default $0.extraMyCnf | quote}}
-  volumes:
-    - name: syslog
-      hostPath: {path: /dev/log}
-    - name: vtdataroot
-{{ toYaml (.dataVolume | default $0.dataVolume) | indent 6 }}
-    - name: certs
-      hostPath: { path: {{$.Values.certsPath | quote}} }
+{{ include "vttablet-pod-spec" (tuple $ $cell $keyspace $shard $tablet $uid .) | indent 2 }}
 {{- end -}}
 {{- end -}}
 
diff --git a/helm/vitess/templates/vitess.yaml b/helm/vitess/templates/vitess.yaml
index e2a94676845..744b7c9aae3 100644
--- a/helm/vitess/templates/vitess.yaml
+++ b/helm/vitess/templates/vitess.yaml
@@ -1,3 +1,24 @@
+# Create global resources.
+---
+# Headless service for vttablets.
+# This is only required when using StatefulSet, but it doesn't hurt otherwise.
+apiVersion: v1
+kind: Service
+metadata:
+  name: vttablet
+  labels:
+    app: vitess
+spec:
+  ports:
+    - port: 15002
+      name: web
+    - port: 16002
+      name: grpc
+  clusterIP: None
+  selector:
+    app: vitess
+    component: vttablet
+
 # Create requested resources in each cell.
 {{ range $cell := $.Values.topology.cells }}
 ---
@@ -13,16 +34,25 @@
 {{ range $keyspace := $cell.keyspaces }}
 {{ range $shard := $keyspace.shards }}
 {{ range $tablet := $shard.tablets }}
+{{ with $tablet.vttablet }}
+{{- $0 := $.Values.vttablet -}}
 
-# This inner-most loop is a hack because we don't yet use StatefulSet:
+{{- $controllerType := .controllerType | default $0.controllerType -}}
+{{ if eq $controllerType "StatefulSet" }}
+---
+{{ include "vttablet-stateful-set" (tuple $ $cell $keyspace $shard $tablet) }}
+{{ else if eq $controllerType "None" }}
 {{ range $index := until (atoi (print $tablet.vttablet.replicas)) }}
+{{- $uid := add $tablet.uidBase $index -}}
 ---
-{{ with $tablet.vttablet }}{{ include "vttablet" (tuple $ $cell $keyspace $shard $tablet $index .) }}{{ end }}
-{{ end }}
+{{ include "vttablet-pod" (tuple $ $cell $keyspace $shard $tablet $uid) }}
+{{ end }} # range $index
+{{ end }} # if eq $controllerType
 
-{{ end }}
-{{ end }}
-{{ end }}
+{{ end }} # with $tablet.vttablet
+{{ end }} # range $tablet
+{{ end }} # range $shard
+{{ end }} # range $keyspace
 
-{{ end }}
+{{ end }} # range $cell
 
diff --git a/helm/vitess/values.yaml b/helm/vitess/values.yaml
index 1cc73d20179..8aca9f2abf9 100644
--- a/helm/vitess/values.yaml
+++ b/helm/vitess/values.yaml
@@ -88,8 +88,6 @@ vtgate:
 # Default values for vttablet resources defined in 'topology'.
 vttablet:
   image: "vitess/lite:latest"
-  dataVolume:
-    emptyDir: {}
   resources:
     limits:
       memory: "1Gi"
@@ -100,6 +98,52 @@ vttablet:
       cpu: "500m"
   extraMyCnf: "/vt/config/mycnf/master_mysql56.cnf"
 
+  # Currently supported pod controller types:
+  #
+  # StatefulSet
+  #   Use StatefulSet to manage vttablet pods.
+  #
+  #   This is the recommended way to run vttablets, but some Kubernetes
+  #   clusters may not have StatefulSet enabled yet during the feature's
+  #   alpha/beta phase.
+  #
+  #   NOTE: The "uidBase" setting in the topology map is ignored when using
+  #     StatefulSet. Instead, the tablet UID is generated based on a hash
+  #     of the cell name and stateful pod name. This takes advantage of the
+  #     unique, stable identity provided by StatefulSet to ensure that
+  #     tablet UIDs have the same properties.
+  #
+  # None
+  #   Create naked vttablet pods without any controller.
+  #
+  #   NOTE: This is a temporary hack for when StatefulSet is unavailable.
+  controllerType: None
+
+  # Currently supported data volume types:
+  #
+  # EmptyDir
+  #   Tablets use local storage for MySQL data. When a pod is recreated after
+  #   being deleted (or if its Node died), it must first restore from backup.
+  #
+  # PersistentVolume
+  #   NOTE: This only works if controllerType is "StatefulSet".
+  #
+  #   Tablets use PersistentVolume for MySQL data. These volumes survive pod
+  #   deletion and recreation, so most pod rescheduling events don't trigger
+  #   a fresh restore. The underlying storage used depends on your Kubernetes
+  #   cluster and your "storage-class" setting, but usually it is some kind of
+  #   network volume like EBS or PD.
+  dataVolumeType: EmptyDir
+
+  # The following are only used if dataVolumeType is "PersistentVolume".
+  dataVolumeClaimAnnotations:
+    volume.alpha.kubernetes.io/storage-class: anything
+  dataVolumeClaimSpec:
+    accessModes: ["ReadWriteOnce"]
+    resources:
+      requests:
+        storage: "10Gi"
+
 # Uncomment one of the following lines to configure the location
 # of the root certificates file on your host OS.
 # We need this so we can import it into the container OS.