diff --git a/README.md b/README.md index 9e8d13891..939a1af46 100644 --- a/README.md +++ b/README.md @@ -1,98 +1,132 @@

- Kubeshark: Traffic analyzer for Kubernetes. + Kubeshark

- - GitHub Latest Release - - - Docker pulls - - - Image size - - - Discord - - - Slack - + Release + Docker pulls + Discord + Slack

+ +

Network Intelligence for Kubernetes

+

- - Want to see Kubeshark in action right now? Visit this - live demo deployment of Kubeshark. - + Live Demo · Docs

-**Kubeshark** is an API traffic analyzer for Kubernetes, providing deep packet inspection with complete API and Kubernetes contexts, retaining cluster-wide L4 traffic (PCAP), and using minimal production compute resources. +--- -![Simple UI](https://github.com/kubeshark/assets/raw/master/png/kubeshark-ui.png) +* **Cluster-wide, real-time visibility into every packet, API call, and service interaction.** +* Replay any moment in time. +* Resolve incidents at the speed of LLMs. 100% on-premises. -Think [TCPDump](https://en.wikipedia.org/wiki/Tcpdump) and [Wireshark](https://www.wireshark.org/) reimagined for Kubernetes. +![Kubeshark](https://github.com/kubeshark/assets/raw/master/png/stream.png) -Access cluster-wide PCAP traffic by pressing a single button, without the need to install `tcpdump` or manually copy files. Understand the traffic context in relation to the API and Kubernetes contexts. +--- -#### Service-Map w/Kubernetes Context +## Get Started -![Service Map with Kubernetes Context](https://github.com/kubeshark/assets/raw/master/png/kubeshark-servicemap.png) - -#### Export Cluster-Wide L4 Traffic (PCAP) - -Imagine having a cluster-wide [TCPDump](https://www.tcpdump.org/)-like capability—exporting a single [PCAP](https://www.ietf.org/archive/id/draft-gharris-opsawg-pcap-01.html) file that consolidates traffic from multiple nodes, all accessible with a single click. - -1. Go to the **Snapshots** tab -2. Create a new snapshot -3. **Optionally** select the nodes (default: all nodes) -4. **Optionally** select the time frame (default: last one hour) -5. Press **Create** - -image - - -Once the snapshot is ready, click the PCAP file to export its contents and open it in Wireshark. - -## Getting Started -Download **Kubeshark**'s binary distribution [latest release](https://github.com/kubeshark/kubeshark/releases/latest) or use one of the following methods to deploy **Kubeshark**. The [web-based dashboard](https://docs.kubeshark.com/en/ui) should open in your browser, showing a real-time view of your cluster's traffic. - -### Homebrew - -[Homebrew](https://brew.sh/) :beer: users can install the Kubeshark CLI with: - -```shell -brew install kubeshark -kubeshark tap -``` - -To clean up: -```shell -kubeshark clean -``` - -### Helm - -Add the Helm repository and install the chart: - -```shell +```bash helm repo add kubeshark https://helm.kubeshark.com helm install kubeshark kubeshark/kubeshark ``` -Follow the on-screen instructions how to connect to the dashboard. -To clean up: -```shell -helm uninstall kubeshark +Dashboard opens automatically. You're capturing traffic. + +**With AI** — connect your assistant and debug with natural language: + +```bash +brew install kubeshark +claude mcp add kubeshark -- kubeshark mcp ``` -## Building From Source +> *"Why did checkout fail at 2:15 PM?"* +> *"Which services have error rates above 1%?"* -Clone this repository and run the `make` command to build it. After the build is complete, the executable can be found at `./bin/kubeshark`. +[MCP setup guide →](https://docs.kubeshark.com/en/mcp) -## Documentation +--- -To learn more, read the [documentation](https://docs.kubeshark.com). +## Why Kubeshark + +- **Instant root cause** — trace requests across services, see exact errors +- **Zero instrumentation** — no code changes, no SDKs, just deploy +- **Full payload capture** — request/response bodies, headers, timing +- **TLS decryption** — see encrypted traffic without managing keys +- **AI-ready** — query traffic with natural language via MCP + +--- + +### Traffic Analysis and API Dissection + +Capture and inspect every API call across your cluster—HTTP, gRPC, Redis, Kafka, DNS, and more. Request/response matching with full payloads, parsed according to protocol specifications. Headers, timing, and complete context. Zero instrumentation required. + +![API context](https://github.com/kubeshark/assets/raw/master/png/api_context.png) + +[Learn more →](https://docs.kubeshark.com/en/v2/l7_api_dissection) + +### L4/L7 Workload Map + +Visualize how your services communicate. See dependencies, traffic flow, and identify anomalies at a glance. + +![Service Map](https://github.com/kubeshark/assets/raw/master/png/servicemap.png) + +[Learn more →](https://docs.kubeshark.com/en/v2/service_map) + +### AI-Powered Root Cause Analysis + +Resolve production issues in minutes instead of hours. Connect your AI assistant and investigate incidents using natural language. Build network-aware AI agents for forensics, monitoring, compliance, and security. + +> *"Why did checkout fail at 2:15 PM?"* +> *"Which services have error rates above 1%?"* +> *"Trace request abc123 through all services"* + +Works with Claude Code, Cursor, and any MCP-compatible AI. + +[MCP setup guide →](https://docs.kubeshark.com/en/mcp) + +### Traffic Retention + +Retain every packet. Take snapshots. Export PCAP files. Replay any moment in time. + +![Traffic Retention](https://github.com/kubeshark/assets/raw/master/png/snapshots.png) + +[Snapshots guide →](https://docs.kubeshark.com/en/v2/traffic_snapshots) + +--- + +## Features + +| Feature | Description | +|---------|-------------| +| [**Raw Capture**](https://docs.kubeshark.com/en/v2/raw_capture) | Continuous cluster-wide packet capture with minimal overhead | +| [**Traffic Snapshots**](https://docs.kubeshark.com/en/v2/traffic_snapshots) | Point-in-time snapshots, export as PCAP for Wireshark | +| [**L7 API Dissection**](https://docs.kubeshark.com/en/v2/l7_api_dissection) | Request/response matching with full payloads and protocol parsing | +| [**Protocol Support**](https://docs.kubeshark.com/en/protocols) | HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more | +| [**TLS Decryption**](https://docs.kubeshark.com/en/encrypted_traffic) | eBPF-based decryption without key management | +| [**AI-Powered Analysis**](https://docs.kubeshark.com/en/v2/ai_powered_analysis) | Query traffic with Claude, Cursor, or any MCP-compatible AI | +| [**Display Filters**](https://docs.kubeshark.com/en/v2/kfl2) | Wireshark-inspired display filters for precise traffic analysis | +| [**100% On-Premises**](https://docs.kubeshark.com/en/air_gapped) | Air-gapped support, no external dependencies | + +--- + +## Install + +| Method | Command | +|--------|---------| +| Helm | `helm repo add kubeshark https://helm.kubeshark.com && helm install kubeshark kubeshark/kubeshark` | +| Homebrew | `brew install kubeshark && kubeshark tap` | +| Binary | [Download](https://github.com/kubeshark/kubeshark/releases/latest) | + +[Installation guide →](https://docs.kubeshark.com/en/install) + +--- ## Contributing -We :heart: pull requests! See [CONTRIBUTING.md](CONTRIBUTING.md) for the contribution guide. +We welcome contributions. See [CONTRIBUTING.md](CONTRIBUTING.md). + +## License + +[Apache-2.0](LICENSE)