# kubeshark/kubeshark **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/kubeshark-kubeshark).** 11,794 stars · 517 forks · Go · apache-2.0 ## Links - GitHub: https://github.com/kubeshark/kubeshark - Homepage: https://kubeshark.com - awesome-repositories: https://awesome-repositories.com/repository/kubeshark-kubeshark.md ## Topics `amqp` `cloud-native` `devops` `devops-tools` `docker` `forensics` `go` `golang` `grpc` `incident-response` `kafka` `kubernetes` `microservice` `microservices` `microservices-application` `observability` `redis` `rest` `sniffer` `wireshark` ## Description Kubeshark is a network observability platform designed for Kubernetes environments, functioning as an eBPF-powered engine for cluster-wide traffic analysis. It captures, indexes, and visualizes network activity and API calls directly from the kernel, providing deep visibility into service-to-service communication without requiring sidecar proxies or manual code instrumentation. The platform distinguishes itself through its ability to perform protocol-aware traffic dissection and user-space cryptographic hooking, which allows for the inspection of encrypted traffic and the reconstruction of application-layer protocols like HTTP, gRPC, and Kafka. It supports advanced diagnostic capabilities, including AI-driven troubleshooting, forensic analysis of network snapshots, and the correlation of infrastructure events with application-level traffic patterns. Beyond core monitoring, the system provides a comprehensive suite of tools for managing traffic data, including granular role-based access control, sensitive data redaction, and flexible storage options ranging from ephemeral local buffers to cloud-based object storage. It is built to operate in diverse environments, supporting air-gapped deployments and integrating with standard Kubernetes ingress resources for secure dashboard access. The project is managed via a command-line interface that facilitates deployment control, custom script execution, and the sharing of specific traffic analysis views through encoded search queries. ## Tags ### Networking & Communication - [Network Traffic Analyzers](https://awesome-repositories.com/f/networking-communication/network-traffic-analyzers.md) — Captures and analyzes cluster-wide network traffic to visualize service dependencies and communication patterns. - [eBPF Interceptors](https://awesome-repositories.com/f/networking-communication/traffic-interception-tools/ebpf-interceptors.md) — Uses kernel-level probes to capture network packets and system events directly from the operating system without requiring sidecar proxies. - [Kubernetes API Inspectors](https://awesome-repositories.com/f/networking-communication/network-traffic-inspectors/kubernetes-api-inspectors.md) — Provides a dashboard for real-time analysis of request and response payloads across services without code instrumentation. - [API Payload Inspectors](https://awesome-repositories.com/f/networking-communication/http-clients/request-payloads/api-payload-inspectors.md) — Dissects captured traffic to reveal chronological sequences of API calls and full request/response payloads. ([source](https://docs.kubeshark.com/en/use-cases/incident_response)) - [Ingress Controllers](https://awesome-repositories.com/f/networking-communication/ingress-controllers.md) — Configures stable and secure network routes to the observability dashboard using standard cluster ingress resources for persistent access. ([source](https://docs.kubeshark.com/en/helm_reference)) - [Network Flow Analyzers](https://awesome-repositories.com/f/networking-communication/network-flow-analyzers.md) — Captures connection data to monitor handshake latency, throughput, and connection lifecycle events across the cluster. ([source](https://docs.kubeshark.com/en/use-cases/real_time_traffic_inspection)) ### System Administration & Monitoring - [Kubernetes](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/kubernetes.md) — Captures, indexes, and visualizes cluster-wide network traffic and API calls using eBPF for deep service-level insights. - [Automated Root Cause Analysis](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/failure-analysis-tools/automated-root-cause-analysis.md) — Integrates network telemetry with AI assistants to perform automated root cause analysis and query traffic patterns using natural language. - [Application Layer Protocol Dissectors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/application-layer-protocol-dissectors.md) — Reconstructs and decodes protocols like HTTP, gRPC, and Kafka to display full request and response payloads. ([source](https://docs.kubeshark.com/en/use-cases/real_time_traffic_inspection)) - [Distributed Observability Platforms](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/telemetry-collection-aggregation/distributed-observability-platforms.md) — Deploys lightweight monitoring components across cluster nodes to collect and process network telemetry in parallel for high-performance observability. - [Kubernetes Monitors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/metric-performance-monitors/infrastructure-monitoring/kubernetes-monitors.md) — Correlates network traffic with cluster metadata to identify communication paths between pods, services, and nodes. ([source](https://docs.kubeshark.com/en/mcp)) - [Network Traffic Analysis Assistants](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/failure-analysis-tools/automated-root-cause-analysis/network-traffic-analysis-assistants.md) — Integrates network data into AI assistants to perform automated root cause analysis and debug connectivity issues. ([source](https://docs.kubeshark.com/en/v2/ai_powered_analysis)) - [Root Cause Analysis](https://awesome-repositories.com/f/system-administration-monitoring/root-cause-analysis.md) — Provides deep packet inspection and forensic data to accelerate root cause analysis during service anomalies. ([source](https://docs.kubeshark.com/en/best_practice)) - [Automated Incident Response Workflows](https://awesome-repositories.com/f/system-administration-monitoring/incident-management/automated-incident-response-workflows.md) — Executes reusable instruction sets that guide AI agents through standardized diagnostic procedures for incident response. ([source](https://docs.kubeshark.com/en/v2/ai_powered_analysis)) - [Monitoring and Observability](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability.md) — Provides deep visibility into process behavior and system calls using eBPF-powered kernel-level tracing. ([source](https://docs.kubeshark.com/en/anatomy_of_kubeshark)) - [Observability Tools](https://awesome-repositories.com/f/system-administration-monitoring/observability-tools.md) — Enables starting or stopping network monitoring deployments within a cluster through proxy connections to control data collection and resource usage. ([source](https://docs.kubeshark.com/en/mcp/cursor)) - [Resource Optimization](https://awesome-repositories.com/f/system-administration-monitoring/resource-optimization.md) — Toggles traffic capture and scopes monitoring to specific workloads to minimize resource usage. ([source](https://docs.kubeshark.com/en/best_practice)) - [Code-Telemetry Correlation Tools](https://awesome-repositories.com/f/system-administration-monitoring/telemetry-correlation/code-telemetry-correlation-tools.md) — Integrates network observability data with local source code to identify configuration errors or logic flaws. ([source](https://docs.kubeshark.com/en/mcp/claude_code)) - [Traffic Filtering](https://awesome-repositories.com/f/system-administration-monitoring/traffic-filtering.md) — Queries indexed network traffic using expression-based syntax to isolate specific requests and responses for analysis. ([source](https://docs.kubeshark.com/en/v2/kfl2)) ### Development Tools & Productivity - [Debugging and Inspection Tools](https://awesome-repositories.com/f/development-tools-productivity/debugging-profiling-testing/debugging-diagnostics/debugging-inspection-tools/debugging-and-inspection-tools.md) — Dissects and inspects HTTP, gRPC, and Kafka request payloads in real-time to troubleshoot service interactions and identify API-level errors. ### DevOps & Infrastructure - [Service Mesh Alternatives](https://awesome-repositories.com/f/devops-infrastructure/service-mesh-alternatives.md) — Monitors and decrypts internal service communication without requiring manual certificate management or sidecar proxies. - [Air-Gapped Deployments](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-deployment/infrastructure-deployment/air-gapped-deployments.md) — Operates within isolated networks by disabling external dependencies and utilizing local container image registries for all required components. ([source](https://docs.kubeshark.com/en/air_gapped)) - [Resource Controllers](https://awesome-repositories.com/f/devops-infrastructure/kubernetes-cluster-management/resource-controllers.md) — Leverages standard cluster APIs and custom resource definitions to manage monitoring deployments, access controls, and network traffic scoping. - [Snapshot Buffers](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/storage-volume-orchestration/ephemeral-volume-management/snapshot-buffers.md) — Buffers captured network data in local memory or temporary disk volumes with automated lifecycle management to minimize long-term resource footprint. - [Infrastructure Event Correlation Tools](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-operations/infrastructure-event-correlation-tools.md) — Links network traffic data with infrastructure API server events and operating system activity for a unified view. ([source](https://docs.kubeshark.com/en/anatomy_of_kubeshark)) - [Deployment Management](https://awesome-repositories.com/f/devops-infrastructure/deployment-management.md) — Installs network observability tools within dedicated namespaces on managed container platforms to ensure isolated and secure traffic monitoring. ([source](https://docs.kubeshark.com/en/openshift)) - [Storage Management](https://awesome-repositories.com/f/devops-infrastructure/storage-management.md) — Stores captured traffic in-memory or on local disk with configurable time-to-live settings to ensure data remains within the cluster environment. ([source](https://docs.kubeshark.com/en/anatomy_of_kubeshark)) ### Security & Cryptography - [Hooking Utilities](https://awesome-repositories.com/f/security-cryptography/cryptographic-providers/hooking-utilities.md) — Intercepts encrypted traffic by dynamically hooking into process-level memory to access plaintext data before it is sent over the network. - [Traffic Inspection Tools](https://awesome-repositories.com/f/security-cryptography/traffic-inspection-tools.md) — Intercepts and decrypts encrypted network traffic to provide real-time visibility into application-layer protocols. ([source](https://docs.kubeshark.com/en/helm_reference)) - [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Manages granular user permissions for accessing live traffic streams, snapshots, and configuration settings. ([source](https://docs.kubeshark.com/en/helm_reference)) - [Cloud-Native](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/digital-forensics-analysis/forensic-tools/cloud-native.md) — Provides tools for capturing and querying network snapshots to perform security audits in containerized environments. - [Automatic Redaction](https://awesome-repositories.com/f/security-cryptography/sensitive-data-access-controls/automatic-redaction.md) — Automatically detects and removes sensitive information from traffic data at the source. ([source](https://docs.kubeshark.com/en/security)) - [TLS Fingerprinting](https://awesome-repositories.com/f/security-cryptography/device-fingerprinting/fingerprint-configuration/tls-fingerprinting.md) — Computes JA3 and JA3S hashes to identify applications and detect anomalous traffic patterns. ([source](https://docs.kubeshark.com/en/tls_handshake_inspection)) - [SSL/TLS Analyzers](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/audit-and-compliance/cryptographic-configuration-analyzers/ssl-tls-analyzers.md) — Analyzes handshake negotiation data to identify insecure TLS versions and weak cipher suites. ([source](https://docs.kubeshark.com/en/tls_handshake_inspection)) - [Identity Provider Integrations](https://awesome-repositories.com/f/security-cryptography/identity-provider-integrations.md) — Validates user identities against corporate OIDC and SAML providers for secure dashboard access. ([source](https://docs.kubeshark.com/en/oidc)) - [Forensic Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/digital-forensics-analysis/forensic-tools.md) — Provides forensic investigation capabilities for network traffic snapshots in containerized environments. ### Data & Databases - [Cloud Storage Integrations](https://awesome-repositories.com/f/data-databases/cloud-storage-integrations.md) — Uploads and retrieves captured network traffic data to cloud object storage providers for long-term retention, backup, and cross-cluster sharing. ([source](https://docs.kubeshark.com/en/snapshots_cloud_storage)) - [Search and Indexing](https://awesome-repositories.com/f/data-databases/search-indexing-technologies/search-indexing.md) — Parses and indexes raw network packets into structured protocol data to enable fast, cluster-wide searching. ([source](https://docs.kubeshark.com/en/why_network_data)) - [Search Indexing](https://awesome-repositories.com/f/data-databases/search-indexing.md) — Processes captured traffic snapshots into searchable databases for efficient historical network activity retrieval. ([source](https://docs.kubeshark.com/en/mcp/raw_capture_tools)) - [Search and Indexing](https://awesome-repositories.com/f/data-databases/search-indexing-technologies/search-indexing/search-and-indexing.md) — Decouples raw packet capture from data processing to enable intensive protocol analysis and search indexing on non-production compute resources. ### Software Engineering & Architecture - [Namespace Access Controls](https://awesome-repositories.com/f/software-engineering-architecture/naming-conventions/reserved-names/access-restrictions/service-account-permissions/namespace-access-controls.md) — Filters traffic visibility at the server level based on assigned Kubernetes namespaces. ([source](https://docs.kubeshark.com/en/oidc))