๐ kubeshark - Awesome Go Library for Software Packages
API traffic analyzer for Kubernetes, inspired by Wireshark, purposely built for Kubernetes
Detailed Description of kubeshark
Network Observability for SREs & AI Agents
Kubeshark indexes cluster-wide network traffic at the kernel level using eBPF โ delivering instant answers to any query using network, API, and Kubernetes semantics.
What you can do:
- Download Retrospective PCAPs โ cluster-wide packet captures filtered by nodes, time, workloads, and IPs. Store PCAPs for long-term retention and later investigation.
- Visualize Network Data โ explore traffic matching queries with API, Kubernetes, or network semantics through a real-time dashboard.
- See Encrypted Traffic in Plain Text โ automatically decrypt TLS/mTLS traffic using eBPF, with no key management or sidecars required.
- Integrate with AI โ connect your favorite AI assistant (e.g. Claude, Copilot) to include network data in AI-driven workflows like incident response and root cause analysis.
Get Started
helm repo add kubeshark https://helm.kubeshark.com
helm install kubeshark kubeshark/kubeshark
kubectl port-forward svc/kubeshark-front 8899:80
Open http://localhost:8899 in your browser. You're capturing traffic.
For production use, we recommend using an ingress controller instead of port-forward.
Connect an AI agent via MCP:
brew install kubeshark
claude mcp add kubeshark -- kubeshark mcp
Network Data for AI Agents
Kubeshark exposes cluster-wide network data via MCP โ enabling AI agents to query traffic, investigate API calls, and perform root cause analysis through natural language.
"Why did checkout fail at 2:15 PM?" "Which services have error rates above 1%?" "Show TCP retransmission rates across all node-to-node paths" "Trace request abc123 through all services"
Works with Claude Code, Cursor, and any MCP-compatible AI.
AI Skills
Open-source, reusable skills that teach AI agents domain-specific workflows on top of Kubeshark's MCP tools:
| Skill | Description |
|---|---|
| Network RCA | Retrospective root cause analysis โ snapshots, dissection, PCAP extraction, trend comparison |
| KFL | KFL (Kubeshark Filter Language) expert โ writes, debugs, and optimizes traffic filters |
Install as a Claude Code plugin:
/plugin marketplace add kubeshark/kubeshark
/plugin install kubeshark
Or clone and use directly โ skills trigger automatically based on conversation context.
Query with API, Kubernetes, and Network Semantics
Kubeshark indexes cluster-wide network traffic by parsing it according to protocol specifications, with support for HTTP, gRPC, Redis, Kafka, DNS, and more. A single KFL query can combine all three semantic layers โ Kubernetes identity, API context, and network attributes โ to pinpoint exactly the traffic you need. No code instrumentation required.
KFL reference โ ยท Traffic indexing โ
Workload Dependency Map
A visual map of how workloads communicate, showing dependencies, traffic volume, and protocol usage across the cluster.
Traffic Retention & PCAP Export
Capture and retain raw network traffic cluster-wide, including decrypted TLS. Download PCAPs scoped by time range, nodes, workloads, and IPs โ ready for Wireshark or any PCAP-compatible tool. Store snapshots in cloud storage (S3, Azure Blob, GCS) for long-term retention and cross-cluster sharing.
Snapshots guide โ ยท Cloud storage โ
Features
| Feature | Description |
|---|---|
| Traffic Snapshots | Point-in-time snapshots with cloud storage (S3, Azure Blob, GCS), PCAP export for Wireshark |
| Traffic Indexing | Real-time and delayed L7 indexing with request/response matching and full payloads |
| Protocol Support | HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more |
| TLS Decryption | eBPF-based decryption without key management, included in snapshots |
| AI Integration | MCP server + open-source AI skills for network RCA and traffic filtering |
| KFL Query Language | CEL-based query language with Kubernetes, API, and network semantics |
| 100% On-Premises | Air-gapped support, no external dependencies |
Install
| Method | Command |
|---|---|
| Helm | helm repo add kubeshark https://helm.kubeshark.com && helm install kubeshark kubeshark/kubeshark |
| Homebrew | brew install kubeshark && kubeshark tap |
| Binary | Download |
Contributing
We welcome contributions. See CONTRIBUTING.md.