 Hi, I'm Michelle and I'm a founding engineer at Pixie. At Pixie, I work on a lot of different things, but I primarily work on Pixie Cloud and the metadata service, which we'll talk about briefly later. Today, we're going to talk about what happens after you install the Pixie CLI and deploy Pixie to your cluster. First, we'll talk about all the different ways we provide for you to install the Pixie CLI. After, we'll show you how you can deploy Pixie using the CLI. And finally, we'll talk about what Pixie deploys to your cluster and what all those different components do so that you can understand what is running on your system. We offer a variety of different ways to download the CLI on your computer. The main way is the spatch command that we show in the main page of Pixie. This command installs the binary to your computer and adds it to the folder where it can be executable. We also offer different methods, such as Debian or RPM or Docker for you to run the CLI. If you choose not to download the Pixie CLI, you can actually deploy Pixie directly to your cluster using Helm charts as well. So now that you have the CLI, how do you actually use the CLI to deploy Pixie to your cluster? Let's take a look. All you need to do is enter this simple command, px deploy, and Pixie automatically starts downloading to your cluster. It may take a few minutes, but after a few minutes, Pixie is ready for querying. So here you can see we're running the HTTP data script, which gathers all the data that we've collected for HTTP traffic on your cluster. You can pipe that output to external tools as well, such as JQ as we just did for post-processing. So now that Pixie is running inside your cluster, how does it actually work? To answer this, we talk about an implementation detail that we decided on. We split up our services in Pixie into two different planes, the control plane and the data plane. The control plane is responsible for handling orchestration and requests that occur when you make a request through the CLI, the UI, or the API. The data plane handles all data-related operations. This is essentially collecting data or executing queries on that data, and all of this lives entirely within your Kubernetes cluster. By having this separation, you're able to keep all of your data within your network in your cluster. So let's dive a little bit deeper into what is actually running inside your cluster, the data plane. We deployed a set of services and pods to your cluster, which we call Pixie Vizier, and you can see that in this diagram here. We're going to step through each component of Pixie Vizier so that you understand exactly what each of these things do. First, we have the Pixie Edge modules, or PEMs for short. These are agents that we deploy to every single node on your cluster using a Kubernetes daemon set. These PEMs are responsible for collecting data using eBPF and storing it in memory in your cluster. They're also responsible for executing any queries about that data. Obviously, we collect a lot of data using our PEMs, but not all of it is very interesting. The PEMs decide which data may be significant for the user to query later on and ships it to the collectors for later storage. The collectors are responsible for keeping this data but also storing any interesting historical trends so that you can see how your cluster performs over time. The collectors are also responsible for aggregating data from the different PEMs. Next, we have the Queer Broker. The Pixie UI is powered by pixel scripts, and since your data is distributed across different nodes in your cluster, the Queer Broker helps determine which nodes contain the data necessary for running each script. It also compiles the script down into pieces that our system can actually execute. Next is the metadata service. The metadata service manages all of the metadata running in the system. Next, we have metadata about the state of your Vizier running on the cluster and also information about the Kubernetes updates that is given by the Kubernetes API. Similar to Kubernetes, we store all of our metadata in SED, which is the key value store. We next have the NATS message bus. NATS is a message bus system that's similar to Kafka or RabbitMQ, and we use it for communicating between all of our services running in Vizier. They could range from heartbeats between our PEMs and they could also include even the data from your script executions. And finally, we have the Cloud Connector. The Cloud Connector handles all communication with Pixie Cloud. It might send information to Pixie Cloud, such as the state, how it's currently running on your system, and it can also receive information from Pixie Cloud, such as any updates or configuration changes that should be made to it. So now that we know all of the data is stored in the node in your network, how do you actually access that data? For this, we provide two modes. The first one is the data pass-through mode, which is essentially a reverse proxy. When you make a request for your data, the request is sent to the Pixie Cloud. The Pixie Cloud forwards this request to the Vizier running on your cluster. And once that script is finished executing, it sends those results back to Pixie Cloud, where it sends it back to your browser or CLI. In this mode, the data is actually going through Pixie Cloud, so it is not fully retained inside your network. However, it does make it easier for users who might need to see your data to access the data without having to be inside your network. In contrast, we have the data isolation mode. In this mode, when you make a request for data, you talk directly to Vizier running on your cluster. In this mode, you can ensure that no data ever leaves your network, but it also does make it harder for users who are not within your network to access that data. So to recap, what did we learn about Pixie? We learned that Pixie can be installed in a variety of different ways. We also learned how Pixie is implemented by splitting its services into two planes, the data and control plane. And by separating these planes between Pixie Cloud and Vizier running on your cluster, we're able to retain the data that we collect all within your cluster behind your network. And finally, we talked about how you can configure your data access so that you can use either reverse proxy or direct mode in order to determine how that data is accessed. Thank you for listening to my talk. I hope you learned a lot about Pixie and how it works in your system.