How Can I Help Security Staff Understand Kubernetes Networking Without Port Monitoring?

It sounds like your security team is viewing Kubernetes through a traditional lens. Instead of relying on port numbers, they should consider using an eBPF agent deployed as a daemon set. This approach allows monitoring of all activities on nodes housing the workloads. Cilium can also help with networking logs. Here are some great resources to check out:
1. https://github.com/cilium/hubble
2. https://www.wiz.io/blog/unveiling-ebpf-harnessing-its-power-to-solve-real-world-issues
3. https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-6/
4. https://www.youtube.com/watch?v=JWCPufW91iY

Monitoring your services in Kubernetes should be done as if they're running in a traditional setup—by focusing on public endpoints, for example. If internal network issues arise or something seems overly restrictive, that's a separate concern to address.

Hey there! As someone from the local security team, I'd suggest discovering the security team's objectives first. Are they into vulnerability scanning, attack surface management, or just trying to get a better grasp of the applications? This will enable you to suggest Kubernetes-specific solutions that align with their goals.

It's a common misconception about not tracking port numbers. While Network Policies do set port numbers for auditing, tools like Calico Enterprise and Cilium Hubble can provide detailed logs of network traffic for all services. It might help to show them the capabilities of these tools so they see that we can still monitor effectively without traditional port tracking.

First things first, what exactly are they hoping to accomplish by tracking ports? Understanding their goals will help tailor your response and offer suitable solutions for a Kubernetes environment.