Kubeshark

v53.3.0Monitoring & Observabilitystable

eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.

cloud-nativedevopsdockerebpfgolang
Share:
11,904
Stars
0
Downloads
0
Weekly
0/5

What is Kubeshark?

Kubeshark is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ebpf-powered network observability for kubernetes. indexes l4/l7 traffic with full k8s context, decrypts tls without keys. queryable by ai agents via mcp and humans via dashboard.

eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.

This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • eBPF-powered network observability for Kubernetes. Indexes L

Use Cases

Kubernetes network visibility
Traffic analysis
Incident investigation
kubeshark

Maintainer

LicenseApache-2.0
Languagego
Versionv53.3.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx kubeshark

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Kubeshark

Kubeshark is an eBPF-powered network observability tool for Kubernetes that indexes L4 and L7 traffic with full Kubernetes context and decrypts TLS without requiring private keys. Its built-in MCP server exposes cluster network data directly to AI agents, enabling natural-language incident investigation, service dependency mapping, and real-time traffic analysis. Platform engineers, SREs, and DevOps teams who need AI-driven root cause analysis of Kubernetes network issues will find Kubeshark's MCP integration transformative for on-call workflows.

Prerequisites

  • A running Kubernetes cluster (local like minikube/kind or cloud-managed)
  • kubectl configured and pointing to the target cluster
  • Helm 3+ for production installation, or Homebrew for local CLI use
  • An MCP-compatible client such as Claude Desktop or Claude Code
  • Kubeshark CLI installed on your local machine
1

Install the Kubeshark CLI

Install the Kubeshark CLI using Homebrew on macOS/Linux. Alternatively, download the binary from the GitHub releases page for your platform.

brew install kubeshark
2

Deploy Kubeshark to your Kubernetes cluster

Run `kubeshark tap` to deploy the Kubeshark pods into your cluster. This starts capturing network traffic across all namespaces.

kubeshark tap
3

Verify traffic capture in the dashboard

Kubeshark automatically opens a browser dashboard at http://localhost:8899. Confirm you can see live L4/L7 traffic from your cluster workloads before enabling MCP.

4

Start the Kubeshark MCP server

Register Kubeshark as an MCP server in Claude Code using the built-in mcp add command, or configure it manually in claude_desktop_config.json.

claude mcp add kubeshark -- kubeshark mcp
5

Add Kubeshark to Claude Desktop configuration

If you prefer Claude Desktop, add the MCP server entry to the configuration file manually.

{
  "mcpServers": {
    "kubeshark": {
      "command": "kubeshark",
      "args": ["mcp"]
    }
  }
}
6

Restart your MCP client and investigate traffic

Restart Claude Desktop or reload the MCP server list in Claude Code. You can now ask the AI to query Kubernetes network traffic using natural language.

Kubeshark Examples

Client configuration

Claude Desktop configuration for the Kubeshark MCP server.

{
  "mcpServers": {
    "kubeshark": {
      "command": "kubeshark",
      "args": ["mcp"]
    }
  }
}

Prompts to try

Example prompts for AI-assisted Kubernetes network investigation through Kubeshark.

- "Why did the checkout service fail at 2:15 PM? Show me the relevant network traffic"
- "Which services have HTTP error rates above 1% in the last hour?"
- "Show TCP retransmission rates across all node-to-node paths in the production namespace"
- "Trace request ID abc123 through all services and show where the latency spike occurred"
- "List all external API calls made from the payments service in the last 10 minutes"

Troubleshooting Kubeshark

kubeshark tap fails with permission errors on the cluster

Kubeshark requires elevated privileges to deploy eBPF-based capture agents. Ensure your kubectl context has ClusterAdmin permissions. Run `kubectl auth can-i create daemonsets --all-namespaces` to check.

No traffic appears in the Kubeshark dashboard

Confirm Kubeshark pods are running with `kubectl get pods -n kubeshark`. If pods are in CrashLoopBackOff, check that your kernel version supports eBPF (Linux 4.18+ required). TLS decryption requires the eBPF uprobe feature available in most modern kernels.

MCP server command 'kubeshark mcp' is not recognized

Ensure you are running Kubeshark CLI version 52.0 or later, which introduced the MCP subcommand. Update with `brew upgrade kubeshark` or download the latest binary from the GitHub releases page.

Frequently Asked Questions about Kubeshark

What is Kubeshark?

Kubeshark is a Model Context Protocol (MCP) server that ebpf-powered network observability for kubernetes. indexes l4/l7 traffic with full k8s context, decrypts tls without keys. queryable by ai agents via mcp and humans via dashboard. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Kubeshark?

Follow the installation instructions on the Kubeshark GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Kubeshark?

Kubeshark works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Kubeshark free to use?

Yes, Kubeshark is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Browse More Monitoring & Observability MCP Servers

Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "kubeshark": { "command": "npx", "args": ["-y", "kubeshark"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Kubeshark?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides