Kubeshark — API Traffic Viewer for Kubernetes
eBPF-powered, sidecar-free traffic viewer for Kubernetes that decodes HTTP, gRPC, Kafka, Redis and more across every pod in the cluster.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(145%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFD7BA%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FEF3E2%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M421%20119c11%206%2021%2013%2028%2023%2010%2011%2017%2023%2019%2038%202%2013%200%2027-5%2039%2016-6%2034-9%2051-10%2035-1%2070%205%20102%2017%2026%2010%2049%2025%2066%2048%2011%2013%2017%2029%2021%2046%201%207%202%2015%201%2022l-1%207c0%203%200%207-2%2010-4%2013-15%2023-27%2027-3%201-7%202-10%200-2-1-2-4-3-6l-1-2-9-23-10-34-3-11-10-1a441%20441%200%200%201-21-1c-3%200-5-2-8-4l-9-7-3-2-5%2012c-3%202-6%202-9%201l-17-4c-27-4-54-5-81-3a633%20633%200%200%200-75%208%20615%20615%200%200%200-19-6l1%209%202%2018c-1%204-1%207-3%2010l-7%2014-14%2028c-7%2017-12%2034-16%2052-1%203-2%205-4%206a74%2074%200%200%201-12%202c5%209%205%2019%205%2029-1%2012-2%2026-9%2037%208%2010%2010%2023%2011%2036%200%2018-1%2035-8%2052-2%204-5%209-9%2011h-5l-2-10-1-5c-2-14-9-28-20-38%207%2025%2018%2049%2032%2072%2010%2018%2021%2034%2033%2051l5%208%204%205%2011%2016%202%204%204%206c0%205-5%2010-9%2012-3%200-7-2-10-4l-7-6a67%2067%200%200%201-7-4l-6-3c-6-2-12-1-18%201-7%202-13%206-18%2010h-2c-6%205-11%2011-15%2019-1%202-3%202-4%200-4-3-3-9-2-14%203-7%208-14%2013-20%207-7%2017-11%2026-14-35-34-59-79-74-125a393%20393%200%200%201-20-138v-5c2-21%205-42%2012-63l6-17%204-8c-12-2-24-9-31-19s-10-22-9-34a148%20148%200%200%201%2055-99c15-21%2035-38%2059-49%2019-9%2041-13%2062-10a73%2073%200%200%201%2061%2064l1%208a215%20215%200%200%200%201%205c1-6%202-13%201-19-2-12-8-22-15-32-10-12-20-22-33-30-5-4-12-6-18-8l-6-2%205-2c14-2%2027%202%2038%209Zm136%20108c31%203%2062%2013%2088%2030a111%20111%200%200%201%2044%2051c-8-10-16-20-26-29a196%20196%200%200%200-58-35c-15-7-32-13-48-17Zm-318%2021c-6%2013-12%2028-12%2042%200%2011%206%2022%2015%2028l13%207%203-6a78%2078%200%200%201-19-40c-2-10-1-21%200-31Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M495%20234c28%201%2056%206%2084%2015a201%20201%200%200%201%20100%2065c19%2025%2031%2055%2035%2086a361%20361%200%200%201%202%20101l-5%2034-4%2020c-1%202-1%202-3%202-2-4-2-8-2-12-1-15%201-29%202-44%201-24%203-48%201-72l-6-45c-7-28-20-54-40-75-18-18-40-33-63-43-22-9-44-15-67-19-18-3-36-4-54-4a277%20277%200%200%200-128%2029c-13%209-25%2020-35%2032a276%20276%200%200%200-55%20139c-1%2024%200%2047%208%2070l7%2015%2012%201%201%203c-3%202-7%202-11%203-10%202-20%206-29%2012-7%205-14%2011-18%2019-5%2010-3%2022-1%2033%205%2019%2017%2037%2033%2049%2011%209%2025%2014%2039%2016%2010%202%2020%200%2030-1%205%204%208%2012%2011%2017l18%2027a136%20136%200%200%200%2066%2050c22%209%2045%2014%2068%2019l41%208%2017%205v4h-12a535%20535%200%200%201-67-8%20255%20255%200%200%201-84-33c-11-7-21-16-29-27a214%20214%200%200%201-16%20123c-15%2027-40%2048-70%2057-3%201-7%202-10%201-2%200-2-1-2-3%201-3%204-5%206-6%2012-8%2026-14%2038-23%2013-11%2024-23%2031-38%206-15%2010-32%2012-49%202-13%203-26%202-40l-4-38-18-36-19%204a88%2088%200%200%201-75-38%2093%2093%200%200%201-20-58c0-9%203-18%208-25s12-13%2019-17c5-4%2012-6%2018-8l-9-24c-5-22-5-45-2-67a292%20292%200%200%201%2063-149c9-10%2018-19%2029-26%207-4%2014-5%2020-9%2043-19%2090-25%20137-22Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M475%20243a276%20276%200%200%201%20121%2023c23%2010%2045%2025%2063%2043%2020%2021%2033%2047%2040%2075l6%2045c2%2024%200%2048-1%2072-1%2015-3%2029-2%2044%200%204%200%208%202%2012l-1%2020c-2%205-2%2010-2%2016-2%2024-2%2049-6%2074-1%2012-3%2025-8%2036-3%209-8%2017-15%2024-12%2013-27%2024-43%2033-19%2011-39%2016-58%2024-5%202-10%204-13%208%208%201%2015%200%2023-2-5%2012-6%2024-6%2036%200%205-1%2011%201%2016%203%205%208%209%2013%2012l35%2013c22%208%2043%2018%2065%2027%202%204%205%207%206%2012%206%2011%207%2023%203%2035-5%2013-15%2024-27%2031-16%2011-36%2019-55%2024a494%20494%200%200%201-235-7c-20-7-40-14-58-24-14-8-29-18-40-31-6-8-11-19-12-29a122%20122%200%200%200%2086-107c4-24%204-49%200-73%208%2011%2018%2020%2029%2027l27%2014a331%20331%200%200%200%20124%2027h12v-4l-17-5-41-8c-23-5-46-10-68-19-13-6-27-13-39-21-10-9-19-18-27-29l-18-27c-3-5-6-13-11-17-10%201-20%203-30%201-14-2-28-7-39-16a94%2094%200%200%201-33-49c-2-11-4-23%201-33%204-8%2011-14%2018-19%209-6%2019-10%2029-12%204-1%208-1%2011-3l-1-3-12-1-7-15c-8-23-9-46-7-70a276%20276%200%200%201%2054-139c10-12%2022-23%2035-32a277%20277%200%200%201%20128-30Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M260%20571c4%200%207%200%2011%202%205%201%2011%204%2014%208%202%203%202%207%200%2010-5%206-12%2010-16%2016%206%204%2014%206%2021%209%204%201%208%203%2011%206l1%203-8-2-24-7c-4-1-8-3-9-7-1-3%201-7%203-10l15-13c-4-7-15-8-19-15ZM703%20577l2%203%202%2016a483%20483%200%200%201-2%2089c-2%2011-5%2023-10%2033a198%20198%200%200%201-106%2071c-1%2014-3%2031-2%2047l5%205c8%206%2018%209%2027%2012a451%20451%200%200%201%2068%2028c7%204%2013%209%2018%2015-5%201-10-1-16-2-22-9-43-19-65-27l-35-13c-5-3-10-7-13-12-2-5-1-11-1-16%200-12%201-24%206-36-8%202-15%203-23%202%203-4%208-6%2013-8%2019-8%2039-13%2058-24%2016-9%2031-20%2043-33%207-7%2012-15%2015-24%205-11%207-24%208-36%204-25%204-50%206-74%200-6%200-11%202-16Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M668%20488c8%200%2016%204%2022%2010%202%203%205%208%204%2012%200%203-4%205-4%208-2%208-9%2014-16%2018-4%202-11%202-14-2-3-3-3-8-4-12%200-8%203-17%206-24-4%200-8%202-11%205-11%206-19%2017-24%2028-2%203-3%208-6%2010-1%201-3%201-4-1v-9c4-13%2012-25%2022-34%209-6%2019-9%2029-9ZM444%20498c20-1%2043%202%2060%2013%209%205%2017%2013%2020%2023%202%204%200%207-2%2011-2%203-7%205-11%207-12%203-24%201-36-1-5-1-11-2-14-6-4-5-3-11-1-17%201-7%203-14%209-20h-23c-17%202-33%209-47%2020-2%202-5%204-8%203-5%200-8-5-7-9s4-6%207-8c16-10%2035-14%2053-16Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M494%20368c5%200%209%203%2011%207%208%208%2015%2018%2020%2028%202%205%204%2010%203%2015-1%202-2%204-4%203l-5-6c-4-8-10-15-16-22%200%204%201%2010-1%2013-1%204-4%206-8%206-5%200-10-4-14-7l-13-5c-2%201-4%203-6%202l-11-2-20-2-18%202c3-4%208-6%2013-8%2010-5%2021-5%2032-4%203%201%206-2%2010-1%2010%200%2017%204%2025%2010l-4-19c-1-4%201-9%206-10ZM637%20383c3%201%205%202%205%205%200%204-3%208-5%2013%204-2%207-5%2011-5%203%201%204%203%206%206%205-2%2012-4%2018-2%203%201%204%203%205%205-3%203-6%205-10%206-5%202-11%204-16%204-3%200-5-2-7-3l-10%206c-3%200-6-1-7-4l-1-8-8%2015-4%206c-2%200-3%200-4-2-2-3%201-8%202-11%203-8%208-16%2014-23%203-3%206-7%2011-8Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M609%20602c1%209-4%2016-9%2023-4%203-9%206-15%206s-13-3-19-5c-4-2-8-3-11-6l5-4c9-1%2017%203%2025%204%204%200%207-3%209-6%205-5%209-10%2015-12Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M622%20659c1-4-5-4-7-4-15%200-30%203-45%207a441%20441%200%200%200-84%2036c-6%203-11%207-15%2013l-2%204%205-1c5-5%2012-8%2018-12%200%207%200%2014%204%2020%203%206%209%2010%2015%2011%209%201%2019-3%2026-9%2011-8%2018-20%2024-32%203-6%203-11%203-17%2016-6%2033-9%2049-12h1c3%200%206-1%208-4Zm-84%2048c6-8%2011-18%2014-29l-27%2010c0%207-4%2014-7%2021l-1-6v-1l2-12-23%2010v1c2%206%204%2014%209%2018%204%205%2010%205%2016%203%207-3%2013-9%2017-15Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M508%20220a271%20271%200%200%201%2097%2024c14%207%2029%2014%2042%2023%208%205%2016%2011%2022%2018l22%2025c-9%204-18%203-27%202-17-2-34-4-51-3l-8-1-7-5-12-8c0%204-1%207-3%2011-2%202-4%203-7%203-4-1-7-3-11-3a470%20470%200%200%200-155%203h-11l-18-6c1%209%204%2018%203%2026-1%204-1%208-3%2011-7%2014-15%2027-21%2042-7%2017-13%2035-17%2053%200%202-1%204-3%205l-12%202c5%209%206%2020%205%2030-1%2012-3%2026-9%2036%207%209%2010%2021%2010%2033%201%2019%200%2037-7%2055-2%204-5%209-10%2011-1%201-4%201-4-1-2-4-2-9-3-13-2-15-9-29-20-40-8-7-17-14-26-19-6-2-11-4-16-8l-6-8c-12-32-16-67-12-101a285%20285%200%200%201%2037-113c10-16%2022-30%2035-43%2010-9%2020-17%2031-23l14-5%2032-11%2019-2h43c23%200%2044-2%2067%200Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
What it is
Kubeshark is an open-source real-time API traffic viewer for Kubernetes. Think of it as Wireshark for your cluster -- it captures pod-to-pod, pod-to-service, and external traffic at the node level using eBPF and raw sockets, then decodes application protocols in a browser-based UI.
It is built for platform engineers, SREs, and developers who need to debug microservice communication without modifying workloads or installing service mesh sidecars. Kubeshark decodes HTTP/1.1, HTTP/2, gRPC, Kafka, Redis, AMQP, MongoDB wire protocol, DNS, and raw TCP.
How it saves time or tokens
Traditional Kubernetes traffic debugging involves adding sidecar proxies, enabling verbose logging in each service, or deploying a full service mesh. Kubeshark eliminates all of that. A single kubeshark tap command deploys a DaemonSet that immediately starts capturing traffic across all pods in the cluster.
The built-in query language (KFL) lets you filter traffic in real time, so you can isolate the exact API call causing issues without sifting through logs. You can also export to PCAP files for offline analysis in Wireshark.
How to use
- Install the CLI:
sh <(curl -Ls https://kubeshark.co/install). - Run
kubeshark tapagainst your current kube-context to capture traffic across all pods, or scope to a namespace withkubeshark tap -n my-ns. - Open the browser UI at
http://localhost:8899to view decoded traffic with filters.
Example
# Install the CLI
sh <(curl -Ls https://kubeshark.co/install)
# Tap all pods in the cluster
kubeshark tap
# Tap a specific namespace
kubeshark tap -n my-namespace
# Tap pods matching a pattern
kubeshark tap 'api-server.*'
# Open the UI at http://localhost:8899
# Use KFL to filter: http and request.path == '/api/v1/users'Related on TokRepo
- DevOps tools -- infrastructure and operations tooling for cloud-native workflows
- Monitoring tools -- observability and monitoring solutions
Common pitfalls
- Kubeshark requires privileged DaemonSet pods with host network access; some managed Kubernetes providers restrict this by default.
- On high-traffic clusters, capturing all traffic can generate significant data volume -- use KFL filters or namespace scoping to reduce noise.
- eBPF-based capture requires a Linux kernel 4.16 or later; older kernels fall back to raw socket capture with reduced protocol support.
Frequently Asked Questions
No. Kubeshark operates independently of any service mesh. It captures traffic at the node level using eBPF and raw sockets, so you do not need Istio, Linkerd, or any sidecar proxy installed.
Kubeshark decodes HTTP/1.1, HTTP/2, gRPC, Kafka, Redis, AMQP, MongoDB wire protocol, DNS, and raw TCP. New protocol decoders can be added through the extension system.
Yes, but with care. Kubeshark captures traffic at the node level, which has minimal performance overhead. However, on very high-traffic clusters you should scope capture to specific namespaces or pod patterns to limit resource usage.
KFL (Kubeshark Filter Language) lets you filter captured traffic in real time using expressions like 'http and request.path contains /api'. It supports logical operators, field comparisons, and regex matching.
Yes. Kubeshark can record traffic to PCAP files that you can open in Wireshark or other network analysis tools for detailed offline investigation.
Citations (3)
- Kubeshark GitHub— Kubeshark is an eBPF-powered API traffic viewer for Kubernetes
- Kubeshark Documentation— Decodes HTTP, gRPC, Kafka, Redis, AMQP, DNS protocols
- eBPF Foundation— eBPF for kernel-level network observability
Related on TokRepo
Discussion
Related Assets
NAPI-RS — Build Node.js Native Addons in Rust
Write high-performance Node.js native modules in Rust with automatic TypeScript type generation and cross-platform prebuilt binaries.
Mamba — Fast Cross-Platform Package Manager
A drop-in conda replacement written in C++ that resolves environments in seconds instead of minutes.
Plasmo — The Browser Extension Framework
Build, test, and publish browser extensions for Chrome, Firefox, and Edge using React or Vue with hot-reload and automatic manifest generation.