Runbook

Kubernetes - Unexpected Image Pulls Incident

Back to Runbooks

Overview

The Unexpected Image Pulls Incident refers to an alert triggered by unexpected pulls of container images, which can indicate a compromise in the supply chain. This type of incident can occur when a container image is downloaded from an untrusted or malicious source, or when a legitimate image has been tampered with and modified to include malicious code. Such incidents can pose a serious security risk, as they can allow attackers to gain unauthorized access to systems and steal sensitive data or compromise system integrity. Prompt detection and response to this type of incident is critical to prevent further compromise and protect the security of the system.

Parameters

Debug

List all pods in the cluster

Check the logs of a specific pod

Check which image a pod is using

Check if there are any image pull errors in the events for a pod

Check if there are any image pull errors in the events for the entire namespace

Check if there are any image pull errors in the events for the entire cluster

Repair

Remove the compromised container images .

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.