Environment-Specific Configurations

Due to differences across various Kubernetes environments and providers, extra configurations may be necessary to run Pixie.

No extra configuration should be necessary to run on these environments. However, please consult with your cluster admin regarding cluster network setup, such as firewalls, and podSecurityPolicies.

Pixie utilizes the Operator Lifecycle Manager. However, OLM runs by default in OpenShift Container Platform 4.5.

If deploying Pixie through CLI/manifests, ensure you are settting --deploy_olm=false when running px deploy.

If deploying Pixie through Helm, ensure you are setting -set deployOLM=false or update deployOLM in your values.yaml.

OpenShift utilizes SCCs to restrict pod actions and access. If your cluster is running a more restrictive set of SCCs, you will need to give Pixie privileged access.

kind: SecurityContextConstraints
apiVersion:  security.openshift.io/v1
metadata:
 name: pl-scc
allowPrivilegedContainer: true
allowHostPID: true
allowHostIPC: false
allowHostPorts: false
readOnlyRootFilesystem: false
allowedCapabilities:
- SYS_ADMIN
- SYS_PTRACE
allowHostNetwork: true
allowHostDirVolumePlugin: true
runAsUser:
 type: RunAsAny
seLinuxContext:
 type: RunAsAny
users:
- system:serviceaccount:pl:default

Note: Make sure to set the namespace on the serviceAccount to the namespace you deployed Pixie to.

Deploy OptionsFind a Cluster ID