Kubeshark
公式MCP access to cluster-wide L4 and L7 network traffic, packets, APIs, and complete payloads.
Kubeshark MCP Server
Kubeshark MCP (Model Context Protocol) server enables AI assistants like Claude Desktop, Cursor, and other MCP-compatible clients to query real-time Kubernetes network traffic.
AI Skills
The MCP provides the tools — AI skills teach agents how to use them. Skills turn raw MCP capabilities into domain-specific workflows like root cause analysis, traffic filtering, and forensic investigation. See the skills README for installation and usage.
| Skill | Description |
|---|---|
network-rca | Network Root Cause Analysis — snapshot-based retrospective investigation with PCAP and dissection routes |
kfl | KFL2 filter expert — write, debug, and optimize traffic queries across all supported protocols |
Features
- L7 API Traffic Analysis: Query HTTP, gRPC, Redis, Kafka, DNS transactions
- L4 Network Flows: View TCP/UDP flows with traffic statistics
- Cluster Management: Start/stop Kubeshark deployments (with safety controls)
- PCAP Snapshots: Create and export network captures
- Built-in Prompts: Pre-configured prompts for common analysis tasks
Installation
1. Install Kubeshark CLI
# macOS
brew install kubeshark
# Linux
sh <(curl -Ls https://kubeshark.com/install)
# Windows (PowerShell)
choco install kubeshark
Or download from GitHub Releases.
2. Configure Claude Desktop
Add to your Claude Desktop configuration:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Default (requires kubectl access / kube context)
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp"]
}
}
}
With an explicit kubeconfig path:
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp", "--kubeconfig", "/path/to/.kube/config"]
}
}
}
URL Mode (no kubectl required)
Use this when the machine doesn't have kubectl access or a kube context. Connect directly to an existing Kubeshark deployment:
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp", "--url", "https://kubeshark.example.com"]
}
}
}
With Destructive Operations
{
"mcpServers": {
"kubeshark": {
"command": "kubeshark",
"args": ["mcp", "--allow-destructive", "--kubeconfig", "/path/to/.kube/config"]
}
}
}
3. Generate Configuration
Use the CLI to generate configuration:
kubeshark mcp --mcp-config --url https://kubeshark.example.com
Available Tools
Traffic Analysis (All Modes)
| Tool | Description |
|---|---|
list_workloads | List pods, services, namespaces with observed traffic |
list_api_calls | Query L7 API transactions with KFL filtering |
get_api_call | Get detailed info about a specific API call |
get_api_stats | Get aggregated API statistics |
list_l4_flows | List L4 (TCP/UDP) network flows |
get_l4_flow_summary | Get L4 connectivity summary |
list_snapshots | List all PCAP snapshots |
create_snapshot | Create a new PCAP snapshot |
get_dissection_status | Check L7 protocol parsing status |
enable_dissection | Enable L7 protocol dissection |
disable_dissection | Disable L7 protocol dissection |
Cluster Management (Proxy Mode Only)
| Tool | Description | Requires |
|---|---|---|
check_kubeshark_status | Check if Kubeshark is running | - |
start_kubeshark | Deploy Kubeshark to cluster | --allow-destructive |
stop_kubeshark | Remove Kubeshark from cluster | --allow-destructive |
Available Prompts
| Prompt | Description |
|---|---|
analyze_traffic | Analyze API traffic patterns and identify issues |
find_errors | Find and summarize API errors and failures |
trace_request | Trace a request path through microservices |
show_topology | Show service communication topology |
latency_analysis | Analyze latency patterns and identify slow endpoints |
security_audit | Audit traffic for security concerns |
compare_traffic | Compare traffic patterns between time periods |
debug_connection | Debug connectivity issues between services |
Example Conversations
User: Show me all HTTP 500 errors in the last hour
Claude: I'll query the API traffic for 500 errors.
[Calling list_api_calls with kfl="http and response.status == 500"]
Found 12 HTTP 500 errors:
1. POST /api/checkout -> payment-service (500)
Time: 10:23:45 | Latency: 2340ms
...
User: What services are communicating with the database?
Claude: Let me check the L4 flows to the database.
[Calling list_l4_flows with dst_filter="postgres"]
Found 5 services connecting to postgres:5432:
- orders-service: 456KB transferred
- users-service: 123KB transferred
...
CLI Options
| Option | Description |
|---|---|
--url | Direct URL to Kubeshark Hub |
--kubeconfig | Path to kubeconfig file |
--allow-destructive | Enable start/stop operations |
--list-tools | List available tools and exit |
--mcp-config | Print Claude Desktop config JSON |
KFL (Kubeshark Filter Language)
Query traffic using KFL syntax:
# HTTP requests to a specific path
http and request.path == "/api/users"
# Errors only
response.status >= 400
# Specific source pod
src.pod.name == "frontend-.*"
# Multiple conditions
http and src.namespace == "default" and response.status == 500
MCP Registry
Kubeshark is published to the MCP Registry automatically on each release.
The server.json in this directory is a reference file. The actual registry metadata (version, SHA256 hashes) is auto-generated during the release workflow. See .github/workflows/release.yml for details.
Links
License
Apache-2.0
関連サーバー
Alpha Vantage MCP Server
スポンサーAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
MCP Servers
A collection of reference implementations for the Model Context Protocol (MCP), demonstrating how to give LLMs secure access to tools and data using Typescript and Python SDKs.
Specifai
Integrate and automate Specifai projects with any MCP-compatible AI tool.
Chronos Protocol
A robust MCP server that eliminates temporal blindness in AI coding agents through intelligent time tracking, persistent memory, and complete session traceability.
Fossil MCP
The code quality toolkit for the vibe coding era.
Tecton
Feature engineering assistance using the Tecton platform, integrated with Cursor.
GoMCP
A Go library for building clients and servers using the Model Context Protocol (MCP).
DocsFetcher
Fetches package documentation from various language ecosystems without requiring API keys.
Buildable
Official MCP server for Buildable AI-powered development platform. Enables AI assistants to manage tasks, track progress, get project context, and collaborate with humans on software projects.
MCP-Logic
Provides automated reasoning for AI systems using the Prover9 and Mace4 theorem provers.
Vibe Check
The definitive Vibe Coder's sanity check MCP server: Prevents cascading errors by calling a "Vibe-check" agent to ensure alignment and prevent scope creep