eBPF-powered network observability for Kubernetes, indexing L4/L7 traffic with full context and TLS decryption.
Kubeshark is a network observability platform for Kubernetes that captures and indexes cluster-wide traffic at the kernel level using eBPF. It provides deep visibility into API calls and service dependencies without requiring code instrumentation, enabling rapid troubleshooting and analysis for SREs and AI agents.
Site Reliability Engineers (SREs) and DevOps teams managing Kubernetes clusters who need to monitor, troubleshoot, and analyze network traffic. It also targets developers integrating AI agents for automated incident response and root cause analysis.
Developers choose Kubeshark for its eBPF-powered, kernel-level traffic capture that works without code changes, automatic TLS decryption without key management, and its unique KFL query language that combines Kubernetes, API, and network semantics. Its integration with AI agents via MCP for natural language queries and open-source AI skills provides a distinct advantage for automated workflows.
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Indexes L4/L7 traffic directly from the kernel using eBPF, providing real-time and retrospective visibility without code instrumentation, as emphasized in the README for efficient data capture.
Decrypts TLS/mTLS traffic without requiring private keys or sidecar deployments, leveraging eBPF to simplify encrypted traffic analysis, a key feature highlighted in the documentation.
Exposes network data via MCP for AI-driven workflows like root cause analysis, with open-source skills for Claude and other agents, enabling natural language queries as shown in the demo.
Uses KFL to combine Kubernetes, API, and network semantics in a single query language, allowing precise traffic filtering without instrumentation, detailed in the README's query examples.
Captures and stores raw traffic in cloud storage (S3, Azure Blob, GCS) with PCAP export for tools like Wireshark, supporting long-term retention and investigation.
Requires configuring an ingress controller for production deployments instead of simple port-forwarding, adding infrastructure management overhead, as noted in the README installation guide.
While it parses common protocols like HTTP and gRPC, custom or legacy protocols may not be supported, potentially limiting visibility in heterogeneous environments.
Relies on eBPF, which requires specific kernel versions and can introduce performance overhead or compatibility issues on older Kubernetes nodes.
AI integration is tied to MCP-compatible agents, potentially restricting users to specific tools like Claude or requiring additional setup for others.