This message was deleted.

I guess I would try with /run/k3s and and /var/lib/kubelet. If that does not help look through /var/lib as there are dirs like 'rancher', 'cni' etc. Are you sure that the ugly symantec does not scan network traffic?

Hi @silly-furniture-26564 Thanks for the suggestion.. I have already whitelisted the following directories:

/etc/ceph \
       /etc/cni \
       /etc/kubernetes \
       /etc/rancher \
       /opt/cni \
       /opt/rke \
       /run/secrets/kubernetes.io \
       /run/calico \
       /run/flannel \
       /var/lib/calico \
       /var/lib/etcd \
       /var/lib/cni \
       /var/lib/kubelet \
       /var/lib/rancher\
       /var/log/containers \
       /var/log/kube-audit \
       /var/log/pods \
       /var/run/calico

But I'm still stuck with the same issue.

What about /run/k3s?

I have whitelisted the entire /run along with it's sub folders.

And you are sure that the thing does not also monitor network traffic in some way? Or plays around with iptables?

I'm not sure. I'll have to check on that. Bu I believe it does not monitor network traffic.

have you looked at lsof or strace output when the issue is occurring ?