Kubeshark: Traffic analyzer for Kubernetes.

GitHub Latest Release Docker pulls Image size Discord Slack

Want to see Kubeshark in action right now? Visit this live demo deployment of Kubeshark.

**Kubeshark** is a network observability platform for [**Kubernetes**](https://kubernetes.io/), providing real-time, protocol-level visibility into Kubernetes’ network. It enables users to inspect all internal and external cluster connections, API calls, and data in transit. Additionally, Kubeshark detects suspicious network behaviors, triggers automated actions, and provides deep insights into the network. ![Simple UI](https://github.com/kubeshark/assets/raw/master/png/kubeshark-ui.png) Think [TCPDump](https://en.wikipedia.org/wiki/Tcpdump) and [Wireshark](https://www.wireshark.org/) reimagined for Kubernetes. ## Getting Started Download **Kubeshark**'s binary distribution [latest release](https://github.com/kubeshark/kubeshark/releases/latest) or use one of the following methods to deploy **Kubeshark**. The [web-based dashboard](https://docs.kubeshark.co/en/ui) should open in your browser, showing a real-time view of your cluster's traffic. ### Homebrew [Homebrew](https://brew.sh/) :beer: users can install the Kubeshark CLI with: ```shell brew install kubeshark kubeshark tap ``` To clean up: ```shell kubeshark clean ``` ### Helm Add the Helm repository and install the chart: ```shell helm repo add kubeshark https://helm.kubeshark.co helm install kubeshark kubeshark/kubeshark ``` Follow the on-screen instructions how to connect to the dashboard. To clean up: ```shell helm uninstall kubeshark ``` ## Building From Source Clone this repository and run the `make` command to build it. After the build is complete, the executable can be found at `./bin/kubeshark`. ## Documentation To learn more, read the [documentation](https://docs.kubeshark.co). ## Additional Use Cases ### Dump All Cluster-wide Traffic into a Single PCAP File Record **all** cluster traffic and consolidate it into a single PCAP file (tcpdump-style). Run Kubeshark to start capturing traffic: ```shell kubeshark tap --set headless=true ``` > You can press `^C` to stop the command. Kubeshark will continue running in the background. Take a snapshot of traffic (e.g., from the past 5 minutes): ```shell kubeshark pcapdump --time 5m ``` > Read more [here](https://docs.kubeshark.co/en/pcapdump). ## Contributing We :heart: pull requests! See [CONTRIBUTING.md](CONTRIBUTING.md) for the contribution guide.