ConfigsApr 15, 2026·3 min read

Pixie — eBPF-Based Auto-Instrumentation for Kubernetes Observability

CNCF observability platform that uses eBPF to capture metrics, traces, and logs from every pod with zero code changes.

AI Open Source
AI Open Source · Community

Introduction

Pixie is a CNCF sandbox project that instruments Kubernetes workloads using eBPF probes attached at the kernel boundary. There are no agents to import, no SDKs to adopt, and no sampling — Pixie captures full-fidelity HTTP, gRPC, MySQL, Postgres, Redis, DNS, and TLS traffic, plus CPU profiles, automatically from every pod on every node.

What Pixie Does

  • Runs an eBPF-based collector (PEM) on every Kubernetes node
  • Captures HTTP/2, gRPC, MySQL, Postgres, Cassandra, Redis, DNS, Kafka traffic
  • Records CPU stack samples, TCP stats, and Kubernetes events
  • Stores data in-cluster in an embedded time-series DB; nothing leaves the cluster by default
  • Exposes a PxL scripting language + live dashboards for exploration

Architecture Overview

Pixie deploys a Vizier control plane plus a DaemonSet of PEMs (Pixie Edge Modules). PEMs load eBPF programs that attach to kprobes/uprobes and syscall tracepoints, enrich events with Kubernetes metadata, and store them in a compressed in-memory ring buffer sharded by node. Queries (written in PxL) are pushed down to the PEMs and aggregated by the Vizier. Data is ephemeral by default, addressing the "observability egress tax" and data-locality concerns.

Self-Hosting & Configuration

  • Deploy via px deploy or Helm; requires kernel 4.14+ with BTF
  • pixie-chart runs Vizier + PEMs; pixie-cloud (optional) runs the UI locally
  • PxL scripts live in px/*.pxl — versioned, shareable, and LSP-friendly
  • Export to Prometheus, OpenTelemetry, or long-term storage via otel-plugin
  • Requires privileged eBPF permissions (CAP_BPF, CAP_PERFMON)

Key Features

  • Zero-instrumentation — no code changes, no SDK bumps
  • Full-fidelity capture — not sampled
  • Data stays in-cluster by default (privacy friendly)
  • PxL scripting for ad-hoc analyses (like a SQL for observability)
  • CNCF sandbox; originally by Pixie Labs, now New Relic open source

Comparison with Similar Tools

  • Cilium Tetragon / Hubble — eBPF network/security visibility; not focused on APM
  • Parca — eBPF CPU profiling only; Pixie does profiling + protocol parsing
  • Datadog / New Relic — hosted APM with agents; Pixie can feed them via OTel
  • OpenTelemetry Collector — needs instrumented apps; Pixie captures without them
  • Elastic APM — agent-based, multi-language, polished UI; heavier footprint

FAQ

Q: Does Pixie replace Prometheus? A: No. It complements it — Pixie excels at deep, full-trace protocol data, Prometheus at cheap time series.

Q: What kernel version do I need? A: Linux 4.14+ with BTF is recommended. Most modern distros (Ubuntu 20.04+) are supported.

Q: Is my data sent to a SaaS? A: No. Data stays in-cluster; the hosted UI (optional) proxies queries over a tunnel without storing data.

Q: Does it work with mTLS? A: Yes via uprobes on openssl / Go's crypto/tls — captures decrypted payloads before they hit the wire.

Sources

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Stern — Multi-Pod Multi-Container Log Tailing for Kubernetes

The missing multi-Pod tail -f for Kubernetes. Follows every matching Pod and container with color-coded names — the first tool SREs install after kubectl.

AI Open Source

k0s — Zero Friction Kubernetes Distribution

Mirantis' single-binary Kubernetes distro with etcd, containerd, and CNI baked in. From a Raspberry Pi edge cluster to FIPS-validated production HA.

AI Open Source

External Secrets Operator — Sync Secrets from Any Vault to Kubernetes

CNCF operator that pulls secrets from AWS Secrets Manager, Vault, GCP, Azure, 1Password, Doppler, and 25+ other backends into native Kubernetes Secret objects.

AI Open Source
Home🔍Search👤Me