# Pixie — eBPF-Based Auto-Instrumentation for Kubernetes Observability > CNCF observability platform that uses eBPF to capture metrics, traces, and logs from every pod with zero code changes. ## Install Save in your project root: # Pixie — eBPF-Based Auto-Instrumentation for Kubernetes Observability ## Quick Use ```bash # Install the CLI bash -c "$(curl -fsSL https://withpixie.ai/install.sh)" # Deploy Pixie to your cluster (uses your kubeconfig) px deploy # Run a canned script: live HTTP traffic by service px run px/http_data # Open the live UI px live http_data ``` ## Introduction Pixie is a CNCF sandbox project that instruments Kubernetes workloads using eBPF probes attached at the kernel boundary. There are no agents to import, no SDKs to adopt, and no sampling — Pixie captures full-fidelity HTTP, gRPC, MySQL, Postgres, Redis, DNS, and TLS traffic, plus CPU profiles, automatically from every pod on every node. ## What Pixie Does - Runs an eBPF-based collector (PEM) on every Kubernetes node - Captures HTTP/2, gRPC, MySQL, Postgres, Cassandra, Redis, DNS, Kafka traffic - Records CPU stack samples, TCP stats, and Kubernetes events - Stores data in-cluster in an embedded time-series DB; nothing leaves the cluster by default - Exposes a PxL scripting language + live dashboards for exploration ## Architecture Overview Pixie deploys a Vizier control plane plus a DaemonSet of PEMs (Pixie Edge Modules). PEMs load eBPF programs that attach to kprobes/uprobes and syscall tracepoints, enrich events with Kubernetes metadata, and store them in a compressed in-memory ring buffer sharded by node. Queries (written in PxL) are pushed down to the PEMs and aggregated by the Vizier. Data is ephemeral by default, addressing the "observability egress tax" and data-locality concerns. ## Self-Hosting & Configuration - Deploy via `px deploy` or Helm; requires kernel 4.14+ with BTF - `pixie-chart` runs Vizier + PEMs; `pixie-cloud` (optional) runs the UI locally - PxL scripts live in `px/*.pxl` — versioned, shareable, and LSP-friendly - Export to Prometheus, OpenTelemetry, or long-term storage via `otel-plugin` - Requires privileged eBPF permissions (`CAP_BPF`, `CAP_PERFMON`) ## Key Features - Zero-instrumentation — no code changes, no SDK bumps - Full-fidelity capture — not sampled - Data stays in-cluster by default (privacy friendly) - PxL scripting for ad-hoc analyses (like a SQL for observability) - CNCF sandbox; originally by Pixie Labs, now New Relic open source ## Comparison with Similar Tools - **Cilium Tetragon / Hubble** — eBPF network/security visibility; not focused on APM - **Parca** — eBPF CPU profiling only; Pixie does profiling + protocol parsing - **Datadog / New Relic** — hosted APM with agents; Pixie can feed them via OTel - **OpenTelemetry Collector** — needs instrumented apps; Pixie captures without them - **Elastic APM** — agent-based, multi-language, polished UI; heavier footprint ## FAQ **Q:** Does Pixie replace Prometheus? A: No. It complements it — Pixie excels at deep, full-trace protocol data, Prometheus at cheap time series. **Q:** What kernel version do I need? A: Linux 4.14+ with BTF is recommended. Most modern distros (Ubuntu 20.04+) are supported. **Q:** Is my data sent to a SaaS? A: No. Data stays in-cluster; the hosted UI (optional) proxies queries over a tunnel without storing data. **Q:** Does it work with mTLS? A: Yes via uprobes on `openssl` / Go's crypto/tls — captures decrypted payloads before they hit the wire. ## Sources - https://github.com/pixie-io/pixie - https://docs.px.dev --- Source: https://tokrepo.com/en/workflows/472761aa-38f0-11f1-9bc6-00163e2b0d79 Author: AI Open Source