Runbook
Kubernetes - Unexpected Image Pulls Incident
Back to Runbooks
Overview
The Unexpected Image Pulls Incident refers to an alert triggered by unexpected pulls of container images, which can indicate a compromise in the supply chain. This type of incident can occur when a container image is downloaded from an untrusted or malicious source, or when a legitimate image has been tampered with and modified to include malicious code. Such incidents can pose a serious security risk, as they can allow attackers to gain unauthorized access to systems and steal sensitive data or compromise system integrity. Prompt detection and response to this type of incident is critical to prevent further compromise and protect the security of the system.
Parameters
Debug
List all pods in the cluster
Check the logs of a specific pod
Check which image a pod is using
Check if there are any image pull errors in the events for a pod
Check if there are any image pull errors in the events for the entire namespace
Check if there are any image pull errors in the events for the entire cluster
Repair
Learn more
Related Runbooks
Check out these related runbooks to help you debug and resolve similar issues.