-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2900 from newrelic/pixie-ga-2
Pixie ga 2
- Loading branch information
Showing
11 changed files
with
142 additions
and
46 deletions.
There are no files selected for viewing
9 changes: 3 additions & 6 deletions
9
...-data/auto-telemetry-pixie-data-model.mdx → ...pixie/auto-telemetry-pixie-data-model.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
File renamed without changes
File renamed without changes
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
73 changes: 73 additions & 0 deletions
73
src/content/docs/auto-telemetry-pixie/pixie-data-security-overview.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
--- | ||
title: Pixie data and security | ||
tags: | ||
- Pixie Auto-telemetry data | ||
- Service monitoring | ||
- Kubernetes | ||
- eBPF | ||
- Pixie data | ||
metaDescription: | ||
--- | ||
|
||
New Relic hosts Pixie, our open source observability tool for Kubernetes applications. Pixie fetches data flowing through a systems kernel via [eBPF](https://ebpf.io/) probes from a privileged state. If an application contains sensitive data, this data flow can potentially collect that data in plain text and save it to [NRDB](/docs/telemetry-data-platform/get-started/nrdb-horsepower-under-hood/). For example, Pixie gives insight into any data on your system, including raw HTTP requests in the kernel, allowing you to view all headers, query parameters, and HTTP bodies of a request. | ||
|
||
New Relic, on the other hand, fetches and stores a subset of data that only revolves around an application's performance. These performance metrics include, but are not limited to: | ||
|
||
* Golden metrics (throughput, latency, error rate) for HTTP-based services | ||
* HTTP transaction data | ||
* Database transaction data (for MySQL & PostgreSQL) | ||
* Distributed tracing | ||
* JVM metrics | ||
|
||
|
||
The data you view on the **Live debugging** tab comes via Pixie, and is therefore potentially sensitive. It is not stored by New Relic and is ephemeral, queryable for only 24 hours. | ||
|
||
## Control who has access to Pixie data | ||
|
||
If you want to manage which members of your organization can view Pixie data, as well as install and delete Pixie links, you can [create a custom role](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#roles). Note that this option is available only to Enterprise and Pro level customers. | ||
For more information, see [New Relic's user model](/docs/accounts/accounts-billing/new-relic-one-user-management/new-relic-one-user-model-understand-user-structure/). | ||
|
||
## Manage auto-upate and two-way communication | ||
|
||
Pixie maintains an active two-way communication channel from your host system to Pixie at [withpixie.ai](https://work.withpixie.ai/). Pixie uses this communication channel to query data, push updates, and retrieve metadata and health checks about Pixie and your Kubernetes cluster. | ||
|
||
By default, Pixie queries withpixie.ai to check if new updates have been pushed and then automatically installs them if they’re present. To disable auto updates, you must set a flag prior to the install process using either Helm or in the `newrelic-manifest.yaml` file. To disable automatic updates, choose one: | ||
|
||
<CollapserGroup> | ||
<Collapser | ||
className="freq-link" | ||
id="" | ||
title="Helm option" | ||
> | ||
Add `--set pixie-chart.disableAutoUpdate=true` to your Helm command. | ||
|
||
</Collapser> | ||
<Collapser | ||
className="freq-link" | ||
id="" | ||
title="newrelic-manifest.yaml option" | ||
> | ||
in your newrelic-manifest.yaml file under the pl-cluster-config section, add `PL_DISABLE_AUTO_UPDATE: "true"` to the `data` directive. Example: | ||
``` | ||
--- | ||
apiVersion: v1 | ||
data: | ||
PL_CUSTOM_ANNOTATIONS: "" | ||
PL_CUSTOM_LABELS: "" | ||
PL_DISABLE_AUTO_UPDATE: "true" | ||
PL_ETCD_OPERATOR_ENABLED: "false" | ||
PL_MD_ETCD_SERVER: "https://etcd.newrelic.svc:2379" | ||
PX_MEMORY_LIMIT: "" | ||
kind: ConfigMap | ||
metadata: | ||
annotations: | ||
creationTimestamp: null | ||
labels: | ||
name: pl-cluster-config | ||
namespace: newrelic | ||
--- | ||
``` | ||
</Collapser> | ||
</CollapserGroup> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.