Kubeshark: eBPF observability and MCP integration for AI agents
ObservabilityComments
core doesn't fix the socket-level interception logic if the binary is statically linked.
That's a fair point... but if they find a way around static linking, could this mean we finally stop needing to inject custom headers into every single request... just for the sake of tracing?
We heard similar promises about automatic decryption with early eBPF probes before kernel updates broke the hooks. I wonder if this is truly agnostic or if it depends on specific glibc versions.
Do you think the current eBPF CO-RE improvements might solve the versioning issues you mentioned? It would be a huge win for stability.
This isn't just an observability update. It is the first step toward removing the human from the SRE loop entirely. Why hire a dev to read packets when an agent can just query the MCP stream?
The L7 indexing concern is valid. Similar eBPF implementations often see a 5 to 10 percent CPU spike in high-pps environments when parsing complex protocols.
In a production environment with tight resource quotas, a 10 percent spike can trigger a pod restart. That is the difference between a helpful tool and a site outage.
The documentation mentions that the MCP integration supports structured queries for specific HTTP headers. This makes it more useful for tracing distributed requests than a general packet dump.