Outbound or Inbound Traffic not to Authorized Server Process and Port - Cloudanix

Event Information

Meaning

This event indicates that there is unauthorized outbound or inbound traffic from a process in a Kubernetes cluster to a server on a port that is not whitelisted.
It could potentially signify a security breach or a misconfiguration in the network policies of the cluster.
To investigate further, you can use the following kubectl command to check the network policies and configurations: kubectl get networkpolicies

Remediation

Create a NetworkPolicy to restrict outbound or inbound traffic to unauthorized server process and port:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: restrict-traffic
spec:
  podSelector: {}
  policyTypes:
  - Egress
  - Ingress
  egress:
  - to:
    - podSelector:
        matchLabels:
          app: authorized-server
    ports:
    - port: 80
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: authorized-server
    ports:
    - port: 80

Apply the NetworkPolicy to the namespace where the unauthorized traffic is occurring:

kubectl apply -f networkpolicy.yaml -n <namespace>

Ensure that the pods in the namespace are labeled correctly to enforce the NetworkPolicy:

kubectl label pods -n <namespace> app=authorized-server

On this page

Event Information
Meaning
Remediation