A Container in Prod Is Mining Crypto
A pod is pegging CPU running a crypto miner. A teammate wants to kubectl delete it and move on. Defend the real response.
the decision you defend
You discover a pod in your production cluster is running a crypto miner and making outbound connections to an unknown host. A teammate says just kubectl delete the pod and we are done. How do you actually respond?
the situation
Monitoring flags a pod pinning CPU. You exec in and find a crypto miner running, with steady outbound connections to an IP you do not recognize.
context
The pod runs a public-facing service and has a mounted service account token and access to a few secrets. You do not yet know how it was compromised. A teammate wants to simply kubectl delete the pod so CPU returns to normal and the alert clears.
How this challenge works
Take a position on the decision above and defend it. A senior-engineer AI will push back over up to 5 rounds. When you are done, you are scored against a verified rubric so you can see exactly what a complete answer covers - these are learning prompts, not gotchas.