kubeshark

mirror of https://github.com/kubeshark/kubeshark.git synced 2026-04-07 03:07:25 +00:00

Go to file

Alon Girmonsky 9b5ac2821f Network RCA skill: update resolution tools to list_workloads/list_ips (#1887 )

Replace deprecated resolve_workload/resolve_ip references with the new
list_workloads and list_ips tools that support both singular lookup
(name+namespace or IP) and filtered scan (namespace/regex/label filters
against snapshots).

Ref: kubeshark/hub#687

Co-authored-by: Alon Girmonsky <alongir@Alons-Mac-Studio.local>

2026-04-06 12:40:34 -07:00

.claude-plugin

Add KFL and Network RCA skills (#1875 )

2026-03-18 15:31:32 -07:00

.github

Add gcs cloudstorage configuration docs (#1862 )

2026-03-09 07:48:17 -07:00

cmd

Verify hub/front pods are ready by conditions (#1864 )

2026-03-21 17:33:48 -07:00

config

🛂 Demo Portal: Readonly mode / no authn (#1869 )

2026-03-16 20:01:18 -07:00

debounce

🔨 Move cli folder contents into project root (#1253 )

2022-11-26 01:17:50 +03:00

errormessage

chore: fix some minor issues in the comments (#1767 )

2025-07-28 12:10:50 -07:00

helm-chart

🔖 Bump the Helm chart version to 53.2.0 (#1889 )

2026-03-31 11:30:42 -07:00

integration

Add MCP registry metadata for official registry submission (#1835 )

2026-02-06 10:39:42 -08:00

internal/connect

Make the scritps command directly use the K8s API without requiring a connector to Hub (#1615 )

2024-09-23 10:11:44 -07:00

kubernetes

Add --release-helmChartPath CLI flag for local Helm chart support (#1851 )

2026-03-04 08:29:04 -08:00

manifests

🔖 Bump the Helm chart version to 53.2.0 (#1889 )

2026-03-31 11:30:42 -07:00

mcp

Add KFL and Network RCA skills (#1875 )

2026-03-18 15:31:32 -07:00

misc

Migrate kubehq.com to kubeshark.com domain (#1824 )

2026-01-21 19:23:50 -08:00

semver

🔨 Move cli folder contents into project root (#1253 )

2022-11-26 01:17:50 +03:00

skills

Network RCA skill: update resolution tools to list_workloads/list_ips (#1887 )

2026-04-06 12:40:34 -07:00

utils

Fix method name

2024-08-19 21:14:31 +03:00

.gitignore

updated gitignore (#1849 )

2026-02-18 11:52:13 -08:00

.goreleaser.yml

👷 Add GoReleaser job for automatically generating the Homebrew formulae (#1258 )

2022-12-09 19:19:06 +03:00

.mcp.json

Add KFL and Network RCA skills (#1875 )

2026-03-18 15:31:32 -07:00

CODE_OF_CONDUCT.md

📚 Move CODE_OF_CONDUCT.md and CONTRIBUTING.md to project root (#1251 )

2022-11-25 04:37:58 +03:00

codecov.yml

codecov yml for tests threshold (#214 )

2021-08-15 12:19:00 +03:00

CONTRIBUTING.md

Migrate kubehq.com to kubeshark.com domain (#1824 )

2026-01-21 19:23:50 -08:00

go.mod

CVE-2025-53547: Update helm to latest (#1774 )

2025-07-28 12:17:53 -07:00

go.sum

CVE-2025-53547: Update helm to latest (#1774 )

2025-07-28 12:17:53 -07:00

install.sh

Remove brew version before installing with script (#1503 )

2024-02-28 11:48:43 -08:00

kubectl.sh

🔧 Add some useful kubectl commands to Makefile

2023-04-10 01:09:34 +03:00

kubeshark.go

🐛 Have a short caller (file:line) log

2022-12-30 08:30:48 +03:00

LICENSE

📜 Update LICENSE

2022-11-30 04:50:12 +03:00

Makefile

🐛 Fix release-pr Makefile target cleanup and macOS sed compatibility (#1890 )

2026-03-31 12:05:21 -07:00

README.md

💄 Improve README with AI skills, KFL semantics, and cloud storage (#1892 )

2026-04-02 18:38:13 -07:00

RELEASE.md.TEMPLATE

Update RELEASE.md.TEMPLATE

2025-03-01 22:23:24 +02:00

README.md

Network Observability for SREs & AI Agents

Live Demo · Docs

Kubeshark indexes cluster-wide network traffic at the kernel level using eBPF — delivering instant answers to any query using network, API, and Kubernetes semantics.

What you can do:

Download Retrospective PCAPs — cluster-wide packet captures filtered by nodes, time, workloads, and IPs. Store PCAPs for long-term retention and later investigation.
Visualize Network Data — explore traffic matching queries with API, Kubernetes, or network semantics through a real-time dashboard.
See Encrypted Traffic in Plain Text — automatically decrypt TLS/mTLS traffic using eBPF, with no key management or sidecars required.
Integrate with AI — connect your favorite AI assistant (e.g. Claude, Copilot) to include network data in AI-driven workflows like incident response and root cause analysis.

Get Started

helm repo add kubeshark https://helm.kubeshark.com
helm install kubeshark kubeshark/kubeshark
kubectl port-forward svc/kubeshark-front 8899:80

Open http://localhost:8899 in your browser. You're capturing traffic.

For production use, we recommend using an ingress controller instead of port-forward.

Connect an AI agent via MCP:

brew install kubeshark
claude mcp add kubeshark -- kubeshark mcp

MCP setup guide →

Network Data for AI Agents

Kubeshark exposes cluster-wide network data via MCP — enabling AI agents to query traffic, investigate API calls, and perform root cause analysis through natural language.

"Why did checkout fail at 2:15 PM?" "Which services have error rates above 1%?" "Show TCP retransmission rates across all node-to-node paths" "Trace request abc123 through all services"

Works with Claude Code, Cursor, and any MCP-compatible AI.

MCP setup guide →

AI Skills

Open-source, reusable skills that teach AI agents domain-specific workflows on top of Kubeshark's MCP tools:

Skill	Description
Network RCA	Retrospective root cause analysis — snapshots, dissection, PCAP extraction, trend comparison
KFL	KFL (Kubeshark Filter Language) expert — writes, debugs, and optimizes traffic filters

Install as a Claude Code plugin:

/plugin marketplace add kubeshark/kubeshark
/plugin install kubeshark

Or clone and use directly — skills trigger automatically based on conversation context.

AI Skills docs →

Query with API, Kubernetes, and Network Semantics

Kubeshark indexes cluster-wide network traffic by parsing it according to protocol specifications, with support for HTTP, gRPC, Redis, Kafka, DNS, and more. A single KFL query can combine all three semantic layers — Kubernetes identity, API context, and network attributes — to pinpoint exactly the traffic you need. No code instrumentation required.

KFL reference → · Traffic indexing →

Workload Dependency Map

A visual map of how workloads communicate, showing dependencies, traffic volume, and protocol usage across the cluster.

Learn more →

Traffic Retention & PCAP Export

Capture and retain raw network traffic cluster-wide, including decrypted TLS. Download PCAPs scoped by time range, nodes, workloads, and IPs — ready for Wireshark or any PCAP-compatible tool. Store snapshots in cloud storage (S3, Azure Blob, GCS) for long-term retention and cross-cluster sharing.

Snapshots guide → · Cloud storage →

Features

Feature	Description
Traffic Snapshots	Point-in-time snapshots with cloud storage (S3, Azure Blob, GCS), PCAP export for Wireshark
Traffic Indexing	Real-time and delayed L7 indexing with request/response matching and full payloads
Protocol Support	HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more
TLS Decryption	eBPF-based decryption without key management, included in snapshots
AI Integration	MCP server + open-source AI skills for network RCA and traffic filtering
KFL Query Language	CEL-based query language with Kubernetes, API, and network semantics
100% On-Premises	Air-gapped support, no external dependencies

Install

Method	Command
Helm	`helm repo add kubeshark https://helm.kubeshark.com && helm install kubeshark kubeshark/kubeshark`
Homebrew	`brew install kubeshark && kubeshark tap`
Binary	Download

Installation guide →

Contributing

We welcome contributions. See CONTRIBUTING.md.

License

Apache-2.0

Description

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters.. Think TCPDump and Wireshark re-invented for Kubernetes

amqp cloud-native devops devops-tools docker forensics go golang grpc incident-response kafka kubernetes microservice microservices microservices-application observability redis rest sniffer wireshark

Readme 165 MiB