Kubeshark
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
What is Kubeshark?
Kubeshark is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ebpf-powered network observability for kubernetes. indexes l4/l7 traffic with full k8s context, decrypts tls without keys. queryable by ai agents via mcp and humans via dashboard.
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
This server falls under the Monitoring & Observability category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- eBPF-powered network observability for Kubernetes. Indexes L
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx kubesharkConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Kubeshark
Kubeshark is an eBPF-powered network observability tool for Kubernetes that indexes L4 and L7 traffic with full Kubernetes context and decrypts TLS without requiring private keys. Its built-in MCP server exposes cluster network data directly to AI agents, enabling natural-language incident investigation, service dependency mapping, and real-time traffic analysis. Platform engineers, SREs, and DevOps teams who need AI-driven root cause analysis of Kubernetes network issues will find Kubeshark's MCP integration transformative for on-call workflows.
Prerequisites
- A running Kubernetes cluster (local like minikube/kind or cloud-managed)
- kubectl configured and pointing to the target cluster
- Helm 3+ for production installation, or Homebrew for local CLI use
- An MCP-compatible client such as Claude Desktop or Claude Code
- Kubeshark CLI installed on your local machine
Install the Kubeshark CLI
Install the Kubeshark CLI using Homebrew on macOS/Linux. Alternatively, download the binary from the GitHub releases page for your platform.
brew install kubesharkDeploy Kubeshark to your Kubernetes cluster
Run `kubeshark tap` to deploy the Kubeshark pods into your cluster. This starts capturing network traffic across all namespaces.
kubeshark tapVerify traffic capture in the dashboard
Kubeshark automatically opens a browser dashboard at http://localhost:8899. Confirm you can see live L4/L7 traffic from your cluster workloads before enabling MCP.
Start the Kubeshark MCP server
Register Kubeshark as an MCP server in Claude Code using the built-in mcp add command, or configure it manually in claude_desktop_config.json.
claude mcp add kubeshark -- kubeshark mcpAdd Kubeshark to Claude Desktop configuration
If you prefer Claude Desktop, add the MCP server entry to the configuration file manually.
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp"]
}
}
}Restart your MCP client and investigate traffic
Restart Claude Desktop or reload the MCP server list in Claude Code. You can now ask the AI to query Kubernetes network traffic using natural language.
Kubeshark Examples
Client configuration
Claude Desktop configuration for the Kubeshark MCP server.
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp"]
}
}
}Prompts to try
Example prompts for AI-assisted Kubernetes network investigation through Kubeshark.
- "Why did the checkout service fail at 2:15 PM? Show me the relevant network traffic"
- "Which services have HTTP error rates above 1% in the last hour?"
- "Show TCP retransmission rates across all node-to-node paths in the production namespace"
- "Trace request ID abc123 through all services and show where the latency spike occurred"
- "List all external API calls made from the payments service in the last 10 minutes"Troubleshooting Kubeshark
kubeshark tap fails with permission errors on the cluster
Kubeshark requires elevated privileges to deploy eBPF-based capture agents. Ensure your kubectl context has ClusterAdmin permissions. Run `kubectl auth can-i create daemonsets --all-namespaces` to check.
No traffic appears in the Kubeshark dashboard
Confirm Kubeshark pods are running with `kubectl get pods -n kubeshark`. If pods are in CrashLoopBackOff, check that your kernel version supports eBPF (Linux 4.18+ required). TLS decryption requires the eBPF uprobe feature available in most modern kernels.
MCP server command 'kubeshark mcp' is not recognized
Ensure you are running Kubeshark CLI version 52.0 or later, which introduced the MCP subcommand. Update with `brew upgrade kubeshark` or download the latest binary from the GitHub releases page.
Frequently Asked Questions about Kubeshark
What is Kubeshark?
Kubeshark is a Model Context Protocol (MCP) server that ebpf-powered network observability for kubernetes. indexes l4/l7 traffic with full k8s context, decrypts tls without keys. queryable by ai agents via mcp and humans via dashboard. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Kubeshark?
Follow the installation instructions on the Kubeshark GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Kubeshark?
Kubeshark works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Kubeshark free to use?
Yes, Kubeshark is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Kubeshark Alternatives — Similar Monitoring & Observability Servers
Looking for alternatives to Kubeshark? Here are other popular monitoring & observability servers you can use with Claude, Cursor, and VS Code.
Netdata
★ 78.9kReal-time infrastructure monitoring with metrics, logs, alerts, and ML-based anomaly detection.
Mission Control
★ 4.9kSelf-hosted AI agent orchestration platform: dispatch tasks, run multi-agent workflows, monitor spend, and govern operations from one mission control dashboard.
Grafana
★ 3.0kThis MCP server enables natural-language querying of Grafana logs by automatically detecting log sources and service labels. It provides read-only access to log data with intelligent caching for efficient repeat queries.
Sentrux
★ 2.4kReal-time architectural sensor that helps AI agents close the feedback loop, enabling recursive self-improvement of code quality. Pure Rust.
OpenInference
★ 986OpenTelemetry Instrumentation for AI Observability
Thinkwatch
★ 967Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.
Browse More Monitoring & Observability MCP Servers
Explore all monitoring & observability servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Kubeshark in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Kubeshark?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.