Indicates that an SSH connection attempt was made to a Kubernetes pod, which is a security risk as it bypasses the intended container orchestration mechanisms.
It could suggest a potential security breach or unauthorized access attempt within the cluster.
Immediate investigation and remediation are necessary to ensure compliance with security best practices and prevent further unauthorized access.
To investigate further:
Check the specific pod and node where the SSH connection attempt was made:
kubectl get pods --all-namespaceskubectl describe pod <pod_name> -n <namespace>
Review the pod’s security context and network policies to identify any misconfigurations:
kubectl get pod <pod_name> -n <namespace> -o yaml
Monitor network traffic and access logs within the cluster to detect any other suspicious activities:
kubectl logs <network_policy_controller_pod> -n kube-system