Due to differences across various Kubernetes environments and providers, extra configurations may be necessary to run Pixie.
No extra configuration should be necessary to run on these environments. However, please consult with your cluster admin regarding cluster network setup, such as firewalls, and podSecurityPolicies.
Pixie utilizes the Operator Lifecycle Manager. However, OLM runs by default in OpenShift Container Platform 4.5.
If deploying Pixie through CLI/manifests, ensure you are settting
--deploy_olm=false when running
If deploying Pixie through Helm, ensure you are setting
-set deployOLM=false or update
deployOLM in your
OpenShift utilizes SCCs to restrict pod actions and access. If your cluster is running a more restrictive set of SCCs, you will need to give Pixie privileged access.
kind: SecurityContextConstraintsapiVersion: security.openshift.io/v1metadata:name: pl-sccallowPrivilegedContainer: trueallowHostPID: trueallowHostIPC: falseallowHostPorts: falsereadOnlyRootFilesystem: falseallowedCapabilities:- SYS_ADMIN- SYS_PTRACEallowHostNetwork: trueallowHostDirVolumePlugin: truerunAsUser:type: RunAsAnyseLinuxContext:type: RunAsAnyusers:- system:serviceaccount:pl:default
Note: Make sure to set the namespace on the serviceAccount to the namespace you deployed Pixie to.