The Kubernetes API Traffic Analyzer
Crush your Production Incidents’ MTTR!
Think Wireshark re-invented for Kubernetes (K8s), Kubeshark provides SREs and DevOps teams instant and unique insights that were previously unattainable, accelerating the diagnosis process of production incidents and ensuring rapid resolution.
Kubeshark offers real-time, cluster-wide, identity-aware, protocol-level visibility into API traffic, empowering its users to see in their own eyes what’s happening in all (hidden) corners of their K8s clusters.
Observe all traffic, including payloads, entering, exiting, and traversing containers, pods, namespaces, nodes, and clusters, with support for REST, GraphQL, gRPC, Redis, Kafka, RabbitMQ (AMQP), DNS, Websockets, TLS and mTLS.
Visit the following sections to read more about use-cases, Kubeshark can be helpful with:
- Investigation & API Debugging
- Traffic Recording & Offline Investigation
- Detection Engineering & Telemetry
API Traffic Analysis
Kubeshark uses various packet capture technologies (e.g. eBPF, AF_XDP, PF_RING) and leverages custom kernel modules to capture cluster-wide L4 (TCP and UDP) traffic, into distributed PCAP storage and dissect the following application layer protocols:
Kubeshark uses extended BPF (eBPF) to trace function calls in both the kernel space and the user space.
Kubeshark can sniff the encrypted traffic (TLS) in your cluster using eBPF without actually doing decryption. In fact, it hooks into entry and exit points in certain functions inside the OpenSSL library and Go’s crypto/tls package.
Actionable Detection Using Scripts & L4/L7 Hooks
With a combination of a scripting language, hooks, helpers and jobs, Kubeshark can detect suspicious network behaviors and trigger actions supported by the available integrations (e.g Slack, AWS S3, InfluxDB, Elasticsearch and more).