Kubernetes Client Tool Launched in Container - Cloudanix

Event Information

Meaning

Indicates that a Kubernetes client tool was launched inside a container within the cluster, which could potentially be a security concern.
It is important to investigate the source and purpose of this tool to ensure it complies with security policies and standards.
To further analyze this event, you can use kubectl to inspect the pod where the tool was launched:
```
kubectl describe pod <pod_name>
```

Remediation

Create a Kubernetes Pod manifest file with a Python container that includes the necessary Python Kubernetes API library.
Use a Kubernetes ServiceAccount with appropriate RBAC permissions to interact with the Kubernetes API.
Write a Python script that uses the Kubernetes API to list and delete the offending Pod(s) based on the event criteria.

apiVersion: v1
kind: Pod
metadata:
  name: remediation-pod
spec:
  containers:
  - name: remediation-container
    image: python:latest
    command: ["python", "-c"]
    args:
    - |
      # Python script using Kubernetes API to list and delete Pods

kubectl apply -f remediation-pod.yaml
kubectl exec -it remediation-pod -- /bin/bash
# Execute the Python script inside the container
kubectl delete pod remediation-pod

On this page

Event Information
Meaning
Remediation