Skip to content

The API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. Inspired by Wireshark, purposely built for Kubernetes

License

Notifications You must be signed in to change notification settings

kubeshark/kubeshark

Folders and files

NameName
Last commit message
Last commit date

Latest commit

529ca63 · Mar 1, 2025
Mar 18, 2024
Feb 21, 2025
Feb 21, 2025
Nov 25, 2022
Aug 2, 2024
Mar 1, 2025
Sep 23, 2024
Nov 5, 2024
Mar 1, 2025
Oct 15, 2024
Nov 25, 2022
Aug 19, 2024
Nov 10, 2024
Dec 9, 2022
Nov 25, 2022
Mar 17, 2023
Nov 30, 2022
Feb 10, 2025
Jan 29, 2025
Mar 1, 2025
Aug 15, 2021
Oct 15, 2024
Oct 15, 2024
Feb 28, 2024
Apr 9, 2023
Dec 30, 2022

Repository files navigation

Kubeshark: Traffic analyzer for Kubernetes.

GitHub Latest Release Docker pulls Image size Discord Slack

Want to see Kubeshark in action right now? Visit this live demo deployment of Kubeshark.

Kubeshark is a network observability platform for Kubernetes, providing real-time, protocol-level visibility into Kubernetes’ network. It enables users to inspect all internal and external cluster connections, API calls, and data in transit. Additionally, Kubeshark detects suspicious network behaviors, triggers automated actions, and provides deep insights into the network.

Simple UI

Think TCPDump and Wireshark reimagined for Kubernetes.

Getting Started

Download Kubeshark's binary distribution latest release or use one of the following methods to deploy Kubeshark. The web-based dashboard should open in your browser, showing a real-time view of your cluster's traffic.

Homebrew

Homebrew 🍺 users can install the Kubeshark CLI with:

brew install kubeshark
kubeshark tap

To clean up:

kubeshark clean

Helm

Add the Helm repository and install the chart:

helm repo add kubeshark https://helm.kubeshark.co
helm install kubeshark kubeshark/kubeshark

Follow the on-screen instructions how to connect to the dashboard.

To clean up:

helm uninstall kubeshark

Building From Source

Clone this repository and run the make command to build it. After the build is complete, the executable can be found at ./bin/kubeshark.

Documentation

To learn more, read the documentation.

Additional Use Cases

Dump All Cluster-wide Traffic into a Single PCAP File

Record all cluster traffic and consolidate it into a single PCAP file (tcpdump-style).

Run Kubeshark to start capturing traffic:

kubeshark tap --set headless=true

You can press ^C to stop the command. Kubeshark will continue running in the background.

Take a snapshot of traffic (e.g., from the past 5 minutes):

kubeshark pcapdump --time 5m

Read more here.

Contributing

We ❤️ pull requests! See CONTRIBUTING.md for the contribution guide.