Task weight: 4%
Use context: kubectl config use-context workload-prod
There are Pods in Namespace team-yellow. A security investigation noticed that some processes running in these Pods are using the Syscall kill, which is forbidden by a Team Yellow internal policy.
Find the offending Pod(s) and remove these by reducing the replicas of the parent Deployment to 0.
译文
任务权重:4%。
使用环境: kubectl config use-context workload-prod
名称空间 team-yellow 中有一些 Pod。一项安全调查发现,在这些 Pod 中运行的一些进程正在使用 Syscall kill ,这是 Team Yellow 的内部政策所禁止的。
找到违规的Pod,并通过将父部署的副本减少到0来删除这些Pod。
参考:
https://man7.org/linux/man-pages/man2/syscalls.2.html
解答
检查 ns team-yellow在哪个节点运行
k -n team-yellow get pod -owide
进入node1 找到第一个部署的进程, 流程: Pod name -> ContainerID -> processID -> strace跟踪
ssh cluster1-node1
crictl pods --name collector1
crictl ps --pod 21aacb8f4ca8d
crictl inspect 9ea02422f8660 | grep args -A1
ps aux | grep collector1-process
strace -p 35039
以此类推分别检查另外2个
ps aux | grep collector2-process
strace -p 35375
ps aux | grep collector3-process
strace -p 35155
2 和 3 都正常 ,collector1 有 syscall 记录, 缩容到0
k -n team-yellow scale deploy collector1 --replicas 0