Event Information

Meaning

  • The Network Connection outside Local Subnet event in a Kubernetes cluster indicates that a pod or container within the cluster has established a network connection to an IP address outside of the defined local subnet range.
  • This event could potentially indicate unauthorized network communication from within the cluster, which may be a security concern.
  • To investigate this event, you can use the kubectl command to check the network policies applied to the pod or namespace in question, and review the pod’s logs for any suspicious activity or unauthorized network connections.

Remediation

To remediate the event “Network Connection outside Local Subnet” using the Python Kubernetes API, you can follow these steps:

  1. Identify the Pod(s) involved:

    • Use the Kubernetes API to list all Pods in the cluster: kubectl get pods -o wide
    • Identify the Pod(s) that triggered the event based on the Pod name and IP address.
  2. Update the Pod’s network policies:

    • Create or update a NetworkPolicy manifest file to restrict network traffic to the local subnet.
    • Define the desired ingress and egress rules in the NetworkPolicy manifest file.
    • Apply the NetworkPolicy to the Pod(s) using the Kubernetes API: kubectl apply -f network_policy.yaml
  3. Verify the remediation:

    • Monitor the network traffic of the affected Pod(s) to ensure that connections outside the local subnet are blocked.
    • Use tools like tcpdump or wireshark to capture and analyze network packets.
    • Validate that only the allowed network connections are established.

Note: Ensure that you have the necessary permissions to create/update NetworkPolicy objects in the cluster.