Question 1

How does Kubeshark compare to Istio or Linkerd for Kubernetes observability?

Accepted Answer

Kubeshark focuses on kernel-level network traffic capture and decryption without service mesh deployment, while Istio and Linkerd provide service mesh features like traffic management and security. Kubeshark offers deeper protocol inspection and AI integration, but lacks built-in traffic control or policy enforcement.

Question 2

How to set up Kubeshark with Claude AI for incident response?

Accepted Answer

Install Kubeshark via Helm, then use the MCP setup: run 'claude mcp add kubeshark -- kubeshark mcp' after installing the CLI. This exposes network data to Claude for natural language queries, as shown in the README's MCP guide and demo.

Question 3

Can Kubeshark decrypt mTLS traffic without certificate management?

Accepted Answer

Yes, Kubeshark uses eBPF to automatically decrypt mTLS traffic without requiring private keys or certificate management. This is highlighted in the features for encrypted traffic inspection, making it seamless for Kubernetes environments.

Question 4

What is the storage overhead for traffic snapshots in Kubeshark?

Accepted Answer

Storage overhead depends on traffic volume and retention settings, as snapshots include raw PCAP data and indexed traffic. Kubeshark supports cloud storage integration (S3, Azure Blob, GCS) for scalability, but users must manage storage costs and capacity.

Question 5

Does Kubeshark support alerting on network anomalies?

Accepted Answer

No, Kubeshark primarily focuses on traffic capture, querying, and visualization, with no built-in alerting system mentioned in the README. Teams would need to integrate it with external monitoring tools for anomaly detection and notifications.

Question 6

How to export PCAP files from Kubeshark for analysis in Wireshark?

Accepted Answer

Use the traffic snapshots feature to capture and retain network traffic, then export PCAP files scoped by time, nodes, or workloads. The README notes that these PCAPs are downloadable and compatible with Wireshark for deeper analysis.

Question 7

Is Kubeshark suitable for air-gapped or on-premises Kubernetes clusters?

Accepted Answer

Yes, Kubeshark is designed for 100% on-premises use with air-gapped support, as stated in the philosophy and features. It has no external dependencies, making it ideal for secure, isolated environments.

kubeshark

What is kubeshark?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions