Want to see Kubeshark in action right now? Visit this live demo deployment of Kubeshark.
Kubeshark is an API traffic analyzer for Kubernetes, providing deep packet inspection with complete API and Kubernetes contexts, retaining cluster-wide L4 traffic (PCAP), and using minimal production compute resources.
Think TCPDump and Wireshark reimagined for Kubernetes.
Access cluster-wide PCAP traffic by pressing a single button, without the need to install tcpdump or manually copy files. Understand the traffic context in relation to the API and Kubernetes contexts.
Service-Map w/Kubernetes Context
Export Cluster-Wide L4 Traffic (PCAP)
Imagine having a cluster-wide TCPDump-like capability—exporting a single PCAP file that consolidates traffic from multiple nodes, all accessible with a single click.
- Go to the Snapshots tab
- Create a new snapshot
- Optionally select the nodes (default: all nodes)
- Optionally select the time frame (default: last one hour)
- Press Create
Once the snapshot is ready, click the PCAP file to export its contents and open it in Wireshark.
Getting Started
Download Kubeshark's binary distribution latest release or use one of the following methods to deploy Kubeshark. The web-based dashboard should open in your browser, showing a real-time view of your cluster's traffic.
Homebrew
Homebrew :beer: users can install the Kubeshark CLI with:
brew install kubeshark
kubeshark tap
To clean up:
kubeshark clean
Helm
Add the Helm repository and install the chart:
helm repo add kubeshark https://helm.kubehq.com
helm install kubeshark kubeshark/kubeshark
Follow the on-screen instructions how to connect to the dashboard.
To clean up:
helm uninstall kubeshark
Building From Source
Clone this repository and run the make command to build it. After the build is complete, the executable can be found at ./bin/kubeshark.
Documentation
To learn more, read the documentation.
Contributing
We :heart: pull requests! See CONTRIBUTING.md for the contribution guide.