Event Information

Meaning

  • The Unexpected K8s NodePort Connection event indicates that a connection has been made to a NodePort service in the Kubernetes cluster, which was not expected based on the defined network policies.
  • This event could potentially indicate a security breach or unauthorized access attempt, as it suggests that traffic is being directed to a service that should not be accessible from outside the cluster.
  • To investigate this event, you can use the following kubectl command to list all the NodePort services in the cluster: kubectl get services --field-selector type=NodePort. This will help identify the specific service that is receiving the unexpected connection.

Remediation

  1. Identify the affected Kubernetes service and its NodePort value.

    • Use the kubectl get services command to list all services in the cluster.
    • Look for the service with the NodePort value mentioned in the event.
    • Note down the service name and NodePort value.

  2. Create a Kubernetes manifest file to update the service.

    • Use the kubectl get service <service-name> -o yaml command to get the current service manifest.
    • Save the output to a file, e.g., service.yaml.
    • Open service.yaml in a text editor.

  3. Update the spec.type field in the manifest file.

    • Change the value of spec.type from NodePort to ClusterIP.
    • Save the changes to service.yaml.

  4. Apply the updated manifest file to the cluster.

    • Use the kubectl apply -f service.yaml command to apply the changes.
    • Verify that the service has been updated by running kubectl get services again.

Note: This remediation script assumes that the unexpected NodePort connection is not required and can be replaced with a ClusterIP service. Make sure to review the impact of this change on your application before applying it in a production environment.