Anatomy of Kubeshark

Kubeshark consists of three different software that works together harmoniously; CLI, Hub and Worker.

Anatomy of Kubeshark


It's a binary distribution of the client that communicates with your cluster through K8s API. Which you're going to use it to deploy the hub.

Written in Go language and it is the program which you need to install into your computer.

Source code: kubeshark/kubeshark


It's a Docker image which is deployed into your cluster as a normal pod. It orchestrates the worker deployments, receives sniffed and dissected directed from each worker and collects into a central place. It also serves a web interface to display the collected traffic on your web browser.

Written in Go, serves a React app which is used to display the traffic on your web browser. It communicates with the workers through WebSocket connections.

It's the software which you deploy into your cluster using kubeshark deploy command.

Source code: kubeshark/hub


It's a Docker image which is deployed into your cluster as a DaemonSet to ensure each node in your cluster are covered by Kubeshark. The worker contains the implementations of network sniffer, kernel tracing and more. Workers transmit the collected traffic to hub via WebSocket.

The worker by itself can be used as a network sniffer on your computer without requiring a Kubernetes cluster.

Source code: kubeshark/worker