Want to see Kubeshark in action right now? Visit this live demo deployment of Kubeshark.
Kubeshark is a network observability platform for Kubernetes, providing real-time, protocol-level visibility into Kubernetes’ network. It enables users to inspect all internal and external cluster connections, API calls, and data in transit. Additionally, Kubeshark detects suspicious network behaviors, triggers automated actions, and provides deep insights into the network.
Think TCPDump and Wireshark reimagined for Kubernetes.
Getting Started
Download Kubeshark's binary distribution latest release or use one of the following methods to deploy Kubeshark. The web-based dashboard should open in your browser, showing a real-time view of your cluster's traffic.
Homebrew
Homebrew :beer: users can install the Kubeshark CLI with:
brew install kubeshark
kubeshark tapTo clean up:
kubeshark cleanHelm
Add the Helm repository and install the chart:
helm repo add kubeshark https://helm.kubeshark.co
helm install kubeshark kubeshark/kubesharkFollow the on-screen instructions how to connect to the dashboard.
To clean up:
helm uninstall kubesharkBuilding From Source
Clone this repository and run the make command to build it. After the build is complete, the executable can be found at ./bin/kubeshark.
Documentation
To learn more, read the documentation.
Additional Use Cases
Dump All Cluster-wide Traffic into a Single PCAP File
Record all cluster traffic and consolidate it into a single PCAP file (tcpdump-style).
Run Kubeshark to start capturing traffic:
kubeshark tap --set headless=trueYou can press
^Cto stop the command. Kubeshark will continue running in the background.
Take a snapshot of traffic (e.g., from the past 5 minutes):
kubeshark pcapdump --time 5mRead more here.
Contributing
We :heart: pull requests! See CONTRIBUTING.md for the contribution guide.